Re: [gentoo-user] Re: Horribly off-topic linux distro question...
Hi, On Thu, 07 Feb 2008 13:05:00 -0500 7v5w7go9ub0o [EMAIL PROTECTED] wrote: - The SSL connection is established within the Linux VM, so all the host sees is an encrypted connection to your bank. Wrong: It will also see all the virtual memory the virtualized machine is using, including those parts containing your precious unencrypted data. All you win by using a VM is that you don't need to boot into the OS (which might be impossible on some public terminals while running qemu might work). -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: grub chainloader
Hi, On Thu, 19 Jul 2007 09:55:58 +0930 Iain Buchanan [EMAIL PROTECTED] wrote: I'm happy to leave the info vs man flamewar for someone else, but what I _don't_ like is when you have both man and info, and one of them is very deficient (in grub's case, man). The description is different, less informative, and quite misleading. Instead, is should say either nothing but refer to info pages; or it should be the same as the info pages... Yeah, like a short synopsis and then a clear reference, let's say along the lines of snip The full documentation for grub is maintained as a Texinfo manual. If the info and grub programs are properly installed at your site, the command info grub should give you access to the complete manual. snip But looking at grub(8), it seems someone was faster. SCNR. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need to add gd and mysql to PHP.
Hi, On Sun, 22 Jul 2007 21:37:58 -0600 Mike Diehl [EMAIL PROTECTED] wrote: I'm needing to update php to include both the gd and mysql extensions. I believe I have both packages installed. I emerged php with both extensions in my USE flag. [...] Looks alright. How do I get these to be recognized by php applications? They should be configured in /etc/php/php*/php.ini if you want to load them automatically (extension=mysql.so, extension=gd.so) -- maybe you just need to run etc-update? (and restart the webserver) OTOH, you can have your PHP scripts load the extension themselves using dl() in PHP. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need to add gd and mysql to PHP.
Hi, On Mon, 23 Jul 2007 18:50:52 -0600 Mike Diehl [EMAIL PROTECTED] wrote: On Monday 23 July 2007 06:32:53 pm Norberto Bensa wrote: Mike Diehl wrote: drwxr-xr-x 4 root root 4096 Jul 23 17:59 apache2-php5 There you have it ;-) Look inside... Well, I'm getting closer, then. Errm, yes, sorry, I didn't really look before writing php*. I looked inside the php.ini file in the apache2-php5 directory. It has an extension_dir line: extension_dir = /usr/lib/php5/lib/php/extensions/no-debug-non-zts-20041030 I looked at the contents of this directory: # ls -la /usr/lib/php5/lib/php/extensions/no-debug-non-zts-20041030 And this is all I saw: -rwxr-xr-x 1 root root 12744 Jun 23 2006 phpcups.so So, how do I install the php mysql extension? Hm, is this an old extension dir? My Zend-ABI-version for PHP (5.2.1) is 20060613. But it should not matter -- you emerged PHP with the sharedext USE flag unset. In that case, those extensions should be compiled into the PHP binary, rather than being shared objects in the mentioned extension path. So first do as Noberto sugested and check if the extension really is not enabled (what is it that makes you think so?). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] insert text onto a PDF
Hi, On Wed, 25 Jul 2007 09:29:52 + Thufir [EMAIL PROTECTED] wrote: I just want to add text on top of a PDF, resulting in a new file. I'm not concerned with encryption, authorization, nor really editing the PDF itself -- just ending up with a new PDF with my text on top. I read something about a java app to do this in a magazine a few months, but didn't keep the article :( iText would be a programming library (Java/.NET) that could be used to do that. See http://lowagie.com/iText -- start with the Tutorials in order to see how you can modify existing PDFs. There's also pdftk, which can stamp PDFs onto each others. It uses iText internally and provides a CLI. Also, there's the Multivalent Tools. Quite nice stuff, too. If you were more specific about what kind of texts you want to add, there might be other suggestions. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Excessive processor usage
Hi, On Mon, 06 Aug 2007 14:30:01 +0200 Xav' [EMAIL PROTECTED] wrote: If you want to check there is no such program on your system, I advice you to try chkrootkit, to check there is no such rootkit on your system... To put it correctly, since there is _NO_ way to assure that there isn't a rootkit: chkrootkit can be used to check whether there _are_ _known_ rootkits. BTW, there are other, similar programs that do the same. But my point is: You can never be sure, since a hypothesis can't be proven correct, just invalid. If there are indications a rootkit might be present, there's no secure way to remove it but to reinstall. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Excessive processor usage
Hi, On Mon, 6 Aug 2007 17:36:36 + (UTC) James [EMAIL PROTECTED] wrote: To put it correctly, since there is _NO_ way to assure that there isn't a rootkit: chkrootkit can be used to check whether there _are_ _known_ rootkits. BTW, there are other, similar programs that do the same. But my point is: You can never be sure, since a hypothesis can't be proven correct, just invalid. You are right for noobs. Sheesh! That's an universal scientific concept. Read a bit on Falsifiability of theories to grab the basics. Don't, if you're a religious hardliner. If the person has a second system and sets up a flat hub and the ethernet in stealth mode, you can sniff the ethernet I/O all day long and use a variety of tools to discern if nefarious activities abound on a given system. Sure it's a bit of work, but all hacked systems I've ever seen use the system to ethernet I/O. And there's your assumption that you can't prove correct. They can encrypt that traffic, but if you know what should/not be traversing the ethernet, there is no way to hide an actively compromised system. Wrong. You might be practically right since most rootkits use means to communicate, but they might just collect data instead or even just encrypt all your documents and display the bank account number to deposit money for getting the private key for decryption. BTW, this is not about scaring people, but to make them aware that there is no absolute fail-prove solution to any problem -- since 100% fail-prove is an logically invalid concept. But I'm pretty confident that the OP isn't dealing with a hacked machine. I just jumped on the rootkit discussions, cause many people talking about rootkits neither know how rootkits work, nor do they grasp the theories behind rootkit detection. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Unknown Tool hd
Hi, On Mon, 6 Aug 2007 20:13:58 +0100 Linux [EMAIL PROTECTED] wrote: I have a problem with a script refering to several tools, one is hd -snip- TESTECHO=$($ECHO -e '\061\062' \ | hd \ | grep -Eom1 '^[[digit:]]+[[:space:]]+[[digit:]]+[[:space:]] | +[[digit:]]+' \ tr -s '\t ' ' ' -snip- Searching has proved fruitless, I *think* it may be a Debian tool/script. Any pointers ? Please !!! It's a symlink to hexdump on debian machines. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Native Language Support
Hi, On Tue, 7 Aug 2007 09:47:41 +0300 Sergey A. Kobzar [EMAIL PROTECTED] wrote: I have a mail server with UK/US locales support only. Access to console have limited number of users only. Do I need NLS support? What are consequences if I switch off NLS flag in installed packages? As I understand NLS gives man pages and docs in few languages. Correct? For most packages that's true. However, it mainly influences the availability of programs' frontends' languages (libintl/gettext). Switching it off shouldn't do any harm. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Mathematica 6 Gentoo amd64
Hi, On Thu, 9 Aug 2007 15:19:31 +0300 Aleksey V. Kunitskiy [EMAIL PROTECTED] wrote: Version 6 tells me that it can't find libstdc++.so.5. I tried to create this symlink manualy(pointing to the libstdc++ 6.0.8 ) but it didn't give me any results Emerge libcompat to get libstdc++ 5. (and undo that symlink attempt) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Internet bridge
Hi, On Mon, 13 Aug 2007 19:38:18 + (UTC) Mateus Interciso [EMAIL PROTECTED] wrote: Hi, basically, I want to share the internet using a Bridge on a pc with two NICS, one for internet, the other for Internal Network. Uhm, yeah, I'd like a bridge to the internet, too. To bad the internet is a routed infrastructure and that's technically impossible. But you mixed up a lot of concepts and terms, so I'd suggest reading a book about how it all fits together some day. Now, I know a easiest approuch would be to use NAT, which is how I'm doing now, but since I really need Level 2 Routing, I can't afford doing this with nat. [...] Now comes the tricky part, since the internet I recieve is via DHCP, and on eth1, if I make: dhcpcd eth1, it timesout, but if I use dhclient eth1, it works, almost, I can get an IP at least, so I've sticked with this Hm. And what's the bridge supposed to do then? I would agree that using the bridge, other computers should be able to get IPs assigned using DHCP (as long as your ISP is issuing IPs for those computers). But that has nothing to do with the bridge and whether the bridging computer is able to get an IP assigned. Somehow I have the feeling that your ISP wouldn't ever issue more than one IP, but since you're that sure... 11)dhclient eth1 is unnecessary, except if the bridging PC should have connectivity, too. 12)ifconfig eth0 10.0.0.1 netmask 255.255.255.0 is unnecessary, except for internal LAN connectivity. Now, you would have to excuse me, because I really don't remember if that worked, but I think it didn't, what I made (that at least didn't put the whole network down), was all of this, but on step 10 forward: 10)ifconfig br0 10.0.0.1 netmask 255.255.255.0 up Hm, that would for sure collide with the step 12 mentioned above. And by this, I can actually browse the internal network, but not the internet, in none of the machines, neither the bridge, with/without a iptables firewall enabled. You have to use DHCP on all the machines that should have Internet connectivity. Remember that you have just bridged your ISP link to your LAN, and so now have level-2 access up to your ISP on all the LANs computers. Can anyone please help me? In fact, I don't think answering your questions help a lot since I really doubt your approach makes sense. In order to find that out, please just tell a bit about your Internet Connection. What you are trying to archieve only makes sense under the following circumstances: - your ISP only provides one physical link, - but the possibility to get more than one IP issued (either fixed, or DHCP, from what you told, the latter) - what basically means that there is _no_ point-to-point link involved. - for whatever reason you don't want to use a switch (which I would understand for firewalling issues to keep the ISP from getting your internal traffic running through their machines). All of that is perfectly fine, I use such a setup for my virtual servers, for example (although there that internal LAN is just a software emulation). So please describe your internet connection and we can tell if your plan is flawed from the beginning. I'd somehow bet a beer on that. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Internet bridge
Hi, On Tue, 14 Aug 2007 13:53:51 + (UTC) Mateus Interciso [EMAIL PROTECTED] wrote: Ok, so my ISP gives my just one IP, as it you have already guessed, and yes, probably I did mixed up a lot of stuff, and I'm terrible sorry for this. Oh, that's just fine for me, it's probably yourself you've caused some troubles and headaches. I really don't need a bridge, as long as I can find a way to fix the VoIP, I tought of the bridge because the win2k3 had it enabled for routing the packages, it picked up on one side the internet connection with a valid ip 200.*.*.* and on another NIC it had the internal network (in that time 192.168.0.1/28), and it built a bridge (if I remember right, using the 192.168.0.1 IP) and we connected to the bridge, and the bridge was routing the packages from internal, to external. Hm, I'd really wonder if that's what's called a bridge in Windows. That sounds like simple routing, easy to set up in Windows using the Internet Sharing options (which basically adds forwarding to the Internet interface -- you could do that with a registry hack, too) and add a simple DHCP server on the LAN side. Windows also has regular bridges and under certain circumstances sets up those automatically. But that's enough OT talk, this is Gentoo :-) Of course I could be wrong, since I wasn't the guy who made this, and since we needed a firewall, bether then the w2k3, we putted the gentoo box, and I NATed the connection. So, basically, this is it. You'll have to continue using NAT. Drop all bridge-related configuration (i.e. keep away from brctl), configure the external interface to forward connections. Then you have to care for incoming connections. For a good SIP setup with more than one SIP client, I'd highly suggest looking at SIP proxies like siproxd. For one SIP client in the internal LAN you basically need to map a incoming connections on the relevant port (5060, I think) on the Router/Firewall PC to that internal client. If extensions or other protocols come into play, you should absolutely look for proxies for those protocols. Since there's only one IP, you have no bridging options and all your computers in the LAN have to look like one machine to the outside. You _have_ to use port forwarding or proxying. Feel free to ask further specific questions! -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Internet bridge
Hi, On Tue, 14 Aug 2007 14:48:30 + (UTC) Mateus Interciso [EMAIL PROTECTED] wrote: Ok, thanks a lot, this for sure cleared a lot of troubles I was having on my head. :-) The thing is, the more deeper you look into things, the more you get aware that they are more simple than you thought. But for the SIP stuff, I have just one client, built the firewall using fwbuilder (sometimes is more easier), and for instance here's the SIP part on the nat table: 0 0 DNAT udp -- anyany anywhere 200.*.*.* udp dpt:5060 to:10.0.0.112 Is this wrong? Looks right... (actually, I'm unsure about that 200.*.*.*) but... see below... Because the strange thing, is that it works for someplaces, but not for others, and we really didn't had this issues with w2k3 routing stuff. Yeah, not having done a lot with SIP, I had another look into that matter. SIP seems to have the IP addresses of the clients that come into play inside the SIP messages. I.e., if your SIP phone or SIP client isn't aware of your _external_ IP, it will inform the other end about a private IP on your end, since that's all the SIP phone/client has. There is an information protocol that can make the SIP phone/client make aware of the real address (obviously, the gateway must support this, and the SIP phone/client too). I would start to try the netfilter modules, which claim (I didn't check) that they mangle SIP packages accordingly. A short introduction is here: http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html If that doesn't work and if your phone supports specifying a proxy, I would go that road instead. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] pendrive mounting problem
Hi, On Wed, 15 Aug 2007 11:34:31 -0400 Matthew R. Lee [EMAIL PROTECTED] wrote: A friend of mine recently put a pdf on my pendrive using windows vista. When I plugged it into my laptop it wouldn't mount. I got the following output from dmesg: [...] How is it mounted? fstab entry? CLI? please provide the options you're using. BTW, it's not all that common that those media types are NTFS. In most cases, VFAT is in use (is that compiled into your kernel? NLS support is currently missing from your kernel -- or not loaded automatically if compiled as a module). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] pendrive mounting problem
Hi, On Wed, 15 Aug 2007 12:06:50 -0400 Matthew R. Lee [EMAIL PROTECTED] wrote: I'm using udev-104-r13 Hm, but udev doesn't do the mount, does it? I would really be interested whether there is a fstab entry (and what it is) and what mount command you use, if any. Some software actually must be responsible for the mount, right? The output you have cited was from the kernel log and it looks as if Said pendrive worked fine prior to being inserted into the vista laptop I recently compiled a new kernel 2.6.22-gentoo-r2 with all the same support for file systems as the previous kernel, with the exception that I compiled in support for ntfs. So I guess the stick, or at least the card, is not NTFS but FAT (since it worked before), right? What would be interesting is the output of file -s /dev/sdb1. It should print some details about the partition (you need to run it as root). I've just checked the kernel config and all the NLS support is compiled in Do you have automatic module loading enabled? Otherwise you might need to probe the NLS module for cp437 manually before mounting (I really think it is just a warning in the kernel log, but I'm not sure -- especially, if you have autofs in the action, which it also looks like, since the probing of all the file systems). Try modprobe nls_cp437. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] phpMyAdmin
Hi, On Wed, 15 Aug 2007 17:15:17 + (UTC) Thufir [EMAIL PROTECTED] wrote: I thought I'd seen a phpmyadmin configuration gui at gentoo.org, but can't seem to locate it again. http://localhost/phpmyadmin gives a list of files. If those files you see actually are the phpMyAdmin files: Web server not properly configured to search for an index.php? Or no PHP at all? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] pendrive mounting problem
Hi, On Wed, 15 Aug 2007 14:30:08 -0400 Matthew R. Lee [EMAIL PROTECTED] wrote: fstab doesn't mention /dev/sdb1 normally I just plug the pendrive in, the icon pops up in media:/ in konqueror, I click on it and do what I need to do Hm, OK, then other daemons come into action. Unfortunately, I'm not using KDE, so I've got no idea where that may make a difference. So I guess the stick, or at least the card, is not NTFS but FAT (since it worked before), right? Correct it is, was, FAT Yep: /dev/sdb1: x86 boot sector, code offset 0x3c, OEM-ID MSDOS5.0, sectors/cluster 16, root entries 512, Media descriptor 0xf8, sectors/FAT 248, heads 255, hidden sectors 32, sectors 1015776 (volumes 32 MB) , serial number 0xb465569d, unlabeled, FAT (16 bit) I've just checked the kernel config and all the NLS support is compiled in Ah, then that might be why there's no nls_cp437 module. Since I got no idea how to debug the KDE part, all I can suggest is issuing the following as root: mount -t vfat /dev/sdb1 /mnt and see if it gets mounted beneath /mnt. That way, you can exclude media and kernel issues. If errors show up, post them and the new lines in the kernel log. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: phpMyAdmin
Hi, On Thu, 16 Aug 2007 08:24:10 + (UTC) Thufir [EMAIL PROTECTED] wrote: It seems that Apache needs configuration? specifically the documentroot? Is that required? No, in that case you wouldn't even see the directory listing. Your probably just not running the PHP module. Check your /etc/conf.d/apache2 and set APACHE2_OPTS accordingly (i.e. add -D PHP4 or -D PHP5). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] pendrive mounting problem
Hi, On Wed, 15 Aug 2007 17:45:59 -0400 Matthew R. Lee [EMAIL PROTECTED] wrote: trying to mount it from the command line didn't work, here's the output from dmesg Hm, did you really use -t vfat? Your kernel log has other filesystems complaining after the FAT errors... Unable to identify CD-ROM format. Unable to load NLS charset cp437 FAT: codepage cp437 not found NTFS-fs warning (device sdb1): is_boot_sector_ntfs(): Invalid boot sector checksum. NTFS-fs error (device sdb1): read_ntfs_boot_sector(): Primary boot sector is invalid. NTFS-fs error (device sdb1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. NTFS-fs error (device sdb1): ntfs_fill_super(): Not an NTFS volume. VFS: Can't find ext3 filesystem on dev sdb1. VFS: Can't find an ext2 filesystem on dev sdb1. It really looks like the autofs-mount sequence. The last error is not a FAT error. Please give us the output of grep NLS /lib/modules/$(uname -r)/source/.config in order to verify that you really have cp437 support compiled into your kernel. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] pendrive mounting problem
Hi, On Thu, 16 Aug 2007 16:03:46 -0400 Matthew R. Lee [EMAIL PROTECTED] wrote: Add: The recompile worked. Sometimes you can't see what's wrong for looking Thanks again for all the help Fine! You're welcome, of course! (I somehow doubted that NLS support is required for FAT, too. But it seems it is.) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: phpMyAdmin
Hi, On Fri, 17 Aug 2007 06:45:28 + (UTC) Thufir [EMAIL PROTECTED] wrote: Here's some more data, if it helps: [...] localhost ~ # cat /etc/conf.d/apache2 [...] APACHE2_OPTS=-D DEFAULT_VHOST #APACHE2_OPTS=-D PHP5.2.2 Did you read my earlier post? rewrite that line to APACHE2_OPTS=-D DEFAULT_VHOST -D PHP5 and restart apache. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ALSA hell : master channel permanently at zero volume, no sound
Hi, On Mon, 20 Aug 2007 14:37:27 +0200 b.n. [EMAIL PROTECTED] wrote: Hm, is there a switch for analog vs. digital audio output? The screenshot only shows a few controls. Yes. Just tried to switch them but nothing changes. Hm. That would include playing with those settings: Master switch, as you can see, digital output (Playback) is enabled, digital input (Capture) is disabled: Simple mixer control 'IEC958',0 Capabilities: pswitch pswitch-joined cswitch cswitch-joined Playback channels: Mono Capture channels: Mono Mono: Playback [on] Capture [off] I think those two relate to input/capture only: Simple mixer control 'IEC958 Capture Monitor',0 Capabilities: pswitch pswitch-joined Playback channels: Mono Mono: Playback [on] Simple mixer control 'IEC958 Capture Valid',0 Capabilities: pswitch pswitch-joined Playback channels: Mono Mono: Playback [on] I'm not sure about the next two items, maybe playing with them is a good idea, too: Simple mixer control 'IEC958 Playback AC97-SPSA',0 Capabilities: volume volume-joined Playback channels: Mono Capture channels: Mono Limits: 0 - 3 Mono: 3 [100%] Simple mixer control 'IEC958 Playback Source',0 Capabilities: enum Items: 'Analog' 'Digital' Item0: 'Digital' If alsamixer doesn't provide the according settings, you might want to use amixer sset control value, see man amixer for synopsis and examples. I really guess it's due to one of the IEC958 (i.e. digital in/out) settings. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ALSA hell : master channel permanently at zero volume, no sound
Hi, On Mon, 20 Aug 2007 17:33:49 +0200 b.n. [EMAIL PROTECTED] wrote: Simple mixer control 'IEC958',0 Capabilities: pswitch pswitch-joined cswitch cswitch-joined Playback channels: Mono Capture channels: Mono Mono: Playback [on] Capture [off] Where do you see that? Last line specifies the current settings. The mixer control IEC958 (which is the digital audio standard in use in the western world) is set to on for the Playback stream direction, and to off for the Capture stream direction. If alsamixer doesn't provide the according settings, you might want to use amixer sset control value, see man amixer for synopsis and examples. I really guess it's due to one of the IEC958 (i.e. digital in/out) settings. I am extremly confused. How should those be set? I'm not that able to parse the amixer output, probably, so let me know more deeply. first try setting the control 'IEC958' to off for the Playback direction: $ amixer sset 'IEC958',0 playback off if that doesn't work out well, try the settings - 'IEC958 Playback AC97-SPSA',0 (can be set to values ranging between 0-3) - 'IEC958 Playback Source',0 (can be set to values 'Analog' or 'Digital') for those two, the option playback is optional, since according to the output you have given, those controls are only present for the playback direction. I think those controls might be in alsamixer, too, but amixer tends to be the most reliable and supportable method -- the output you have given is complete, so that I can at least tell that all the usual settings seem to be correct. I think the problem is hidden in those extended settings. I might be wrong and it might just be a bug in the driver, but somehow I doubt that -- although my doubts are not supported by any obvious hints, yet. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: phpMyAdmin
Hi, On Tue, 21 Aug 2007 06:09:48 + (UTC) Thufir [EMAIL PROTECTED] wrote: Did you read my earlier post? rewrite that line to APACHE2_OPTS=-D DEFAULT_VHOST -D PHP5 and restart apache. Pardon, I may have been distracted, but I think I changed that entry several times. I tried a couple variations, and restarted apache and for good measure mysql. The above variation still shows text files for .php files. Does /etc/apache2/httpd.conf still contain the line Include /etc/apache2/modules.d/*.conf ? Is /etc/apache2/modules.d/*_mod_php.conf present? In that file you can see the exact flag you have to specify. If you decided to drop the Gentoo configuration style for apache, then you'll have to provide a *lot* more information about your Apache's configuration than you did. BTW, the errors you cited indicate you might be running suexec. What for? How configured? Did you follow a certain guide? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ALSA hell : master channel permanently at zero volume, no sound
Hi, On Tue, 21 Aug 2007 01:09:39 +0200 b.n. [EMAIL PROTECTED] wrote: b.n. ha scritto: I think I have to try with the Portage alsa drivers. Ok, alsa-driver does not compile. Now I feel really lost. But the error isn't I won't compile., isn't it? With the information you provided (not), I'm currently lost, too :-) If you decide to compile external ALSA drivers, you have to make sure that your kernel isn't configured for internal ALSA drivers. It has, however, to be configured for basic sound support. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ALSA hell : master channel permanently at zero volume, no sound
Hi, On Mon, 20 Aug 2007 19:03:55 +0200 b.n. [EMAIL PROTECTED] wrote: What concerns me is that alsamixer nevers shows a volume control on Master anymore, and amixer says: Simple mixer control 'Master',0 Capabilities: pswitch pswitch-joined *--- no volume/pvolume* Playback channels: Mono Mono: Playback [on] Also in alsamixer the IEC958 controls show no volume bar. Because they are no volume controls. Did you really modify them using amixer? It will output the new settings after successfully applying them. No master volume *does* make some sense for digital out... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ALSA hell : master channel permanently at zero volume, no sound
Hi, On Wed, 22 Aug 2007 01:05:59 +0200 b.n. [EMAIL PROTECTED] wrote: Managed to install alsa-driver (the unstable ones were needed). Nothing changes, except that now PCM has no volume bar, too. Sorry, I'm now left to some shots in the dark: Re-emerge alsa-libs and alsa-utils, too? There's not much that I could suggest otherwise at this point... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Treason uncloaked! solution?
Hi, On Wed, 22 Aug 2007 12:18:16 -0700 Grant [EMAIL PROTECTED] wrote: Sometimes I get Treason uncloaked! in dmesg when running bittorrent. The solution here: http://www.linuxquestions.org/questions/showthread.php?t=127984 is: You'd best set iptables to block all packets from BOGON networks (nets that shouldn't exist) so you can avoid this type of attack. You may find a list of bogon nets here. Note: unallocated nets change from time to time! Just in November IANA allocated two more blocks to RIPE, so you really need to pay attention if you're blocking all bogon IPs. Which doesn't sound great. What would you guys recommend I do? I use a Gentoo router. Hm, I don't think that those attacks (which do no harm to Linux systems since some 1.x version of the kernel -- the warning is a reminiscence) will always come from wrong nets. I have those occasionally on all my larger server installs and never really bothered about them. It usually means that the other side of the TCP connection reduced the window to zero size, thus leading stupid TCP stacks to save information on a basically starved connection. The kernel just sends an information to the log, so in case if you recognize the IP and are in charge of the sender, you'll know that it has a very broken TCP stack. Essentially: Just ignore it, if the sender IP doesn't belong to one of your own networks. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Treason uncloaked! solution?
Hi, On Thu, 23 Aug 2007 12:55:06 -0500 Dan Farrell [EMAIL PROTECTED] wrote: It usually means that the other side of the TCP connection reduced the window to zero size, thus leading stupid TCP stacks to save information on a basically starved connection. The kernel just sends an information to the log, so in case if you recognize the IP and are in charge of the sender, you'll know that it has a very broken TCP stack. Essentially: Just ignore it, if the sender IP doesn't belong to one of your own networks. I found a line in my Treason-related output that pointed to an internal IP on a distcc port. Should I be worried about this computer? It's running a brand new gentoo install and is solely for the purpose of distcc. Hm. I don't think so, but I'm not that deep into TCP that I could easily tell some circumstances when such things can happen and if it indicates a bug by all means. There might be a slight possibility that the packet sender was forged. It depends on your uplink whether such packets can get through. Additionally, when inside a potentially hostile LAN, you can't trust any IP adresses. If it's just a single line, I'd ignore it, I think. But there's no good reason I could give for that proposal, except of some absent feeling that anything would be wrong. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Can't install Gentoo on Dell Inspiron 530
Hi, On Sun, 26 Aug 2007 23:22:56 -0400 Walter Dnes [EMAIL PROTECTED] wrote: Now that I have a working keyboard and a busybox shell, I'm trying to mount a USB key. I did... mknod /dev/sda b 8 0 mknod /dev/sda1 b 8 1 ...inserted a USB key, and tried mounting it. dmesg indicates that the USB driver did find sda and sda1. However, the mount command always fails with a cryptic, and useless, error message. Is there an example somewhere of how busybox's mount command works? Or does it not support msdos or vfat filesystem types? FS support has got to be inside the kernel. When module autoloading doesn't work, you'll have to make sure that everything needed is present. While the mount error message might be useless, is there any reasonable error report in dmesg? BTW, you can mount /proc and then look for PCI dev information and partitioning information there. $ mount -t proc none /proc $ cat /proc/bus/pci/devices (vendor/device string is on position 2) $ cat /proc/partitions and $ cat /proc/filesystems are your friends. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] IMAP server for localhost
Hi, On Thu, 30 Aug 2007 16:16:53 +0200 Alan McKinnon [EMAIL PROTECTED] wrote: I use a setup like this - kmail connecting to dovecot @ localhost. I pop my mail off the various mail servers I use with net-mail/getmail, the docs are quite clear. Performance is slower than local mailboxes especially if you have lots of mail, and if you need to move 30,000 lkml mails form over her to over there, then it's gonna take a while :-) +1 for getmail/fetchmail. The most important point for me is that no mail is lost when my local machine goes down, a case in which forwarding would have its difficulties and can be basically controlled only by the company you have your usual mailbox at. Also, it's pretty easy to integrate spamassassin co into the getmail/fetchmail pipe. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need help with routing
Hi, On Mon, 10 Sep 2007 20:59:03 +0200 Florian Philipp [EMAIL PROTECTED] wrote: I'll attach relevant ifconfig, route and iptables -L output. Hm, OK. This: snip Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.8.0.1 anywhere ACCEPT all -- anywhere 10.8.0.1 DROP all -- !10.8.0.1 anywhere snip is on what computer? On the server (I guess it's the router) the last line would effectively prevent routing for the client (but I don't know why ICMP works...). I would suggest starting without it and then setting up proper rules -- and then setting the chain's policy to DROP (plus some REJECT rules for proper answers). Dan's hint is also worth investigating. BTW: use route/ifconfig/netstat/iptables' -n switch to make analysis easier! -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH won't restart
Hi, On Mon, 10 Sep 2007 14:28:41 -0500 Dan Farrell [EMAIL PROTECTED] wrote: You can always start a seperate ssh server on a different port, to test the new server and the config files. Then you can get in on a different port and fix it if your upgrade of the usual ssh server gets borked. And you can always leave one session open. Plus: It's already configured. Plus: It's pretty secure. Plus: You know exactly whether the new binary works. It's as easy as /usr/sbin/sshd -p 2. (or whatever free port there is) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need help with routing
Hi, On Tue, 11 Sep 2007 17:30:51 +0200 Florian Philipp [EMAIL PROTECTED] wrote: Hm, OK. This: snip Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.8.0.1 anywhere ACCEPT all -- anywhere 10.8.0.1 DROP all -- !10.8.0.1 anywhere snip is on what computer? On the server (I guess it's the router) the last line would effectively prevent routing for the client (but I don't know why ICMP works...). I would suggest starting without it and then setting up proper rules -- and then setting the chain's policy to DROP (plus some REJECT rules for proper answers). I followed the howto's nomenclature of server and client. I'm a bit puzzled right now. Is there anything essentially wrong with the howto ( http://gentoo-wiki.com/HOWTO_quick_routing )? I followed it word by word. The drop rule is explained as #prevent others ip from conecting to my eth0 Hm, judging from that the article on Routing uses a Client and Server nomenclature, I consider the article being at least partly crap ;-) And yes, that guide really seems to be a bunch of BS (sorry, but that's the way it seems to be). It is outright horrible. Personally I hate discussing on Wikis' Discussion Pages, so, no, I won't correct it (but looking at its discussion page, others considered it bad, too, and are planning to correct/delete it). That iptables setup is absolutely stupid. It accepts packets from and to the machine itself (note that 10.8.0.1 is the router's IP), but will drop any packet not originating from 10.8.0.1. The latter should be true for all packets originating from the client (since it has the address 10.8.0.2). So all the client's communication is dropped, and that's it, end of story. Better have a look at netfilter's set of HOWTOs, especially the NAT howto. Better learn what you're doing... Otherwise, just take the hints from my previous posting. My suggestion for a proper setup would be $ iptables -F FORWARD $ iptables -P FORWARD DROP $ iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT ...plus rules allowing for forwarding designated ports, if any You'll certainly want to keep this: $ iptables -A POSTROUTING -o ppp0 -j MASQUERADE in place, too. Note that this trusts any box connecting via eth0, not just a single client. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need help with routing
Hi, On Tue, 11 Sep 2007 18:50:52 +0200 Florian Philipp [EMAIL PROTECTED] wrote: My suggestion for a proper setup would be $ iptables -F FORWARD $ iptables -P FORWARD DROP $ iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT ...plus rules allowing for forwarding designated ports, if any You'll certainly want to keep this: $ iptables -A POSTROUTING -o ppp0 -j MASQUERADE in place, too. Note that this trusts any box connecting via eth0, not just a single client. [...] When I try to apply the rules you've posted I get: $ iptables -A FORWARD -i eth0 -o ppp0 -m state --state \ NEW,ESTABLISHED,RELATED -j ACCEPT iptables: No chain/target/match by that name Hm, you do not seem to have your kernel configured for connection state matching. Just start with basic rules: $ iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT $ iptables -A FORWARD -o eth0 -i ppp0 -j ACCEPT (instead of the iptables -A settings mentioned before) But note that those would potentially allow inbound connections to get routed to any desired machine (desired by the party outside your network, that is). So make sure that either such requests aren't getting forwarded to your router (and this is most probably already the case for your setup -- DSL or cable, I guess?) or your LAN doesn't care (i.e. is secured). Most PPP endpoints, however, would drop such traffic anyway, so you should be secure if you trust your provider. Basically I think this is what the Gentoo wiki guide *intended* to do. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need help with routing
Hi, On Tue, 11 Sep 2007 21:38:26 +0200 Florian Philipp [EMAIL PROTECTED] wrote: Now the kernel can handle connection state matching :) I can apply your rules with one exception: iptables -A POSTROUTING -o ppp0 -j MASQUERADE The same error message as before. But a different cause: My brain ;-) That should rather read $ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE (I forgot the -t nat) There is, however, a kernel configuration needed for masquerading, too (CONFIG_IP_NF_TARGET_MASQUERADE on newer kernels, you can search for it -- or just MASQUERADE on older kernels -- using the / key in the kernel's menuconfig). So if iptables keeps complaining, check that too. BTW: I'm starting to really hate the HOWTO that much that I might even consider editing it. The HOWTO got this command wrong as well: It MASQUERADEs the connections going out to the LAN interface... For a proper durable setup, after performing all steps manually until you have iptables in the way, you should issue $ /etc/init.d/iptables save and have iptables fire up using rc-update, if not yet done. Also put the sysctl setting in /etc/sysctl.conf. Then routing/masquerading will be set up right on each boot. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] SSH won't restart
Hi, On Tue, 11 Sep 2007 12:30:56 -0700 Grant [EMAIL PROTECTED] wrote: How does my host get root access like that? Different possibilities, but hardware access in most cases means root access (although maybe only to encrypted partitions...). Easiest: Reboot (CTRL-ALT-DEL, no password needed), change kernel command line in boot loader to /boot/mykernel root=/dev/whatever init=/bin/bash And that's it, basically. The admin could have made a backup of /etc/shadow, resetted root password, rebooted into normal system, restored /etc/shadow. If it is a virtual server, this might be even easier. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Need help with routing [OT: Issues with an article on the wiki]
Hi, On Wed, 12 Sep 2007 18:35:41 +0200 Florian Philipp [EMAIL PROTECTED] wrote: Thank you for your patience, it's finally working! OK, that's good news :-) If you don't edit the wiki, I'll do it (sooner or later). Just tell me if you don't want to see your name when I give you credit for the settings. Reading through it, it'll need a general rewrite. The more I look at it, the less it makes sense. Though on the discussion site, the last comment gives a valuable hint to what the main culprit is: The article doesn't clarify on its focus (and I guess that's why it hasn't got that much attention yet). Based on the title, there are many ways to conclude what task is described there. I guess it was really about routing an internet connection to some clients, but the general concept of Routing is broader. So I think the article should - clarify what it's about (introduction) - introduce routing and the route command (and/or ip route) - introduce masquerading (what you wanted and the original article intended to describe, I think) I'll take a try on rewriting it this evening (CEST). Feel free to further rewrite it or start doing it, but I really think the aspects noted above are worth following. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] [OT] Problems with USB subsystem after upgrading to 2.6.22
Hi, On Wed, 12 Sep 2007 18:44:23 +0200 Dan Johansson [EMAIL PROTECTED] wrote: I found myself a solution to this problem (I don't know if it's the best way to do it but it works for me). I added the following two files to my system: # cat /etc/udev/rules.d/00-local.rules SUBSYSTEM==usb, DRIVERS==usb, ATTRS{serial}==2f11211b-0e00-0106-6800-0050bf7a660c, RUN+=/usr/local/bin/loox.udev # cat /usr/local/bin/loox.udev #!/bin/bash if [ ${ACTION} == add ] then     echo 1 /sys/${DEVPATH}/bConfigurationValue fi I still admire your solution. I think it's exactly as the inventors intended, so to speak. (/me makes note in brain on that bConfigurationValue thingy) -hwh PS: Sorry for the noise, but since the OT was already in the subject line ;-) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Problem mounting USB Drive/MP3 PLayer
Hi, On Wed, 12 Sep 2007 14:01:10 -0500 forgottenwizard [EMAIL PROTECTED] wrote: Alright, I did that. I tried to enable a few other options within SCSI, and none of them did anything. Dmesg still says it sees the device, knows it is USB, gives is an address, and designates it a configuration. I'm going to look at the USB options and see if there is anything there I missed. You could start by sending the dmesg output that occurs when you (re-)plug the device... It should be easier to see what's wrong then... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] root can't login on console, but can ssh...
Hi, On Thu, 13 Sep 2007 16:07:02 -0400 Philip Webb [EMAIL PROTECTED] wrote: 070913 Daevid Vincent wrote: I simply want root to be able to login from console (tty[1-6]) or ssh (pts/[0-9]) without a password. Currently ssh does work fine. It's only the physical console that doesn't. There is a provision somewhere to disallow root logins, so that mb your problem rather than anything to do with passwords: have a look in such places as /etc/login*/etc/security/* . Just a quick suggestion in the absence of more informative help. /etc/pam.d if using PAM. Special attention to the nullok option to pam_unix. Also see the man page for pam_unix. Exceptionally stupid idea to do this but since the OP insists... (Free tip: sudo is better in most cases) -hwh -- [EMAIL PROTECTED] mailing list
Re: [ot] Re: [gentoo-user] Re: Re: [gentoo]Block certain websites
Hi, On Sun, 16 Sep 2007 12:19:06 -0300 Arturo 'Buanzo' Busleiman [EMAIL PROTECTED] wrote: The other day something quite funny happened to me. I was with my Laptop trying to find an open AP. I found one, but couldn't browser the internet nor get my OpenVPN (against a USA-based server) up and running. I started making some tests... and I finally tried sshing into one of my local (i.e in argentina) servers. It worked. So, they were filtering (or the internet link didn't have) international access. I quickly set-up an openvpn server on the argentinian (i.e national) server, a 3proxy-proxy (fast enough), and told firefox to use it (over the vpn). Quite funny :) I just use ssh for this. Using the -D flag gives a SOCKS5 proxy, listening locally, making/accepting connections on the ssh remote end. You can use it directly in Firefox, no need for full-fledged VPN. (and for that, there would be the new -w option -- when IP-via-TCP is an option) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Re: SSH won't restart
Hi, On Sun, 16 Sep 2007 22:25:07 +0200 Alexander Skwar [EMAIL PROTECTED] wrote: A /etc/init.d/sshd stop won't kill any SSH sessions. It'll simply the sshd master process. Because of that, additional logins won't be possible. An /etc/init.d/sshd stop/restart can very well fail. Depending on in what state this happens, it might stop accepting connections. Typical conditions might be that relevant changes on-disk occurred, e.g. PAM libraries, libc or similar libs that might dl() things. OTOH, if signal handling is broken, the KILL might traverse to the connection handling forked child. And that's enough to kick you out. So I would definately prefer to always have a guaranteed working sshd running (I find OpenVPN/telnet a bit strange and an unnecessary potential security hole). Your absolutely right in that restarting immediately or delayed after logging out of all sessions doesn't matter at all. But it's wrong that it *can't* occur that you kill your current session as well. So the delay doesn't make any specific sense here. It might reduce the risk of a zombie master process of sshd, but I don't see much evidence. OTOH, you lose the possibility of fixing restart problems within the running session. So you have to weight the risks. The real problem, however, can only be overcome by another way to login. Firing up another instance of sshd (on a different port) is just a matter of one simple command, so I definately prefer that. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Re: Re: SSH won't restart
Hi, On Mon, 17 Sep 2007 11:15:24 -0300 Arturo 'Buanzo' Busleiman [EMAIL PROTECTED] wrote: Alexander Skwar wrote: Well, I also found myself being unable to start sshd, but these most often were due to some configuration changes. And exactly for this is why test-restart was proposed by me. I would propose to change the restart option (i.e. introduce a corresponding handler in /etc/init.d/sshd) to actually do checkconfig() before stopping, not just before starting sshd. I created a bug for this issue, patch attached: http://bugs.gentoo.org/show_bug.cgi?id=192825 -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Re: SSH won't restart
Hi, On Mon, 17 Sep 2007 12:56:16 -0300 Arturo 'Buanzo' Busleiman [EMAIL PROTECTED] wrote: So I would definately prefer to always have a guaranteed working sshd running (I find OpenVPN/telnet a bit strange and an unnecessary potential security hole). If running permanently, then I agree, but I do not see the potential security hole if using a correctly designed/configured tunnel. I just prefer manual opening of access means above manual securing them. It's just about what happens if you fail -- when the task was securing, you might have a security leak, but if it was openiung access, it is still secured. It's relatively moot, since opening access is also often error prone in the sense of opening to much. I think it's personal taste :-) session. So you have to weight the risks. The real problem, however, can only be overcome by another way to login. Firing up another instance of sshd (on a different port) is just a matter of one simple command, so I definately prefer that. As long as there is no issue with the sshd binary, of course :) Yeah, but in that case you'd know it at that point, and it caused no other harm than preventing you to setting up that fallback sshd. You can then still fix it (or set up OpenVPN/telnet ;-)) using the old sshd that's still listening. Just remember not to do a killall sshd. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Hacked by association?
Hi, On Wed, 19 Sep 2007 16:16:09 -0700 Grant [EMAIL PROTECTED] wrote: With netstat -lp it looks like *:snpp is associated with apache2 and is using the same pid as *:http and *:https. I've never set up anything having to do with a pager. I've never had a pager. What can I do to investigate that further? Do you by chance run a PHP debugger or similar stuff, i.e. some specialized apache modules with other interfaces than HTTP(S)? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Is this drive toast--addendum
Hi, On Wed, 26 Sep 2007 15:06:00 -0700 (PDT) maxim wexler [EMAIL PROTECTED] wrote: If you wouldn't mind satisfying my curiosity, what does the jumper do? Determines if the drive is master or slave in the BIOS. But perhaps you're thinking of something else. I'm astonished that someone doesn't know that. If you ever put a IDE drive in a PC you would have to know what the jumper is for. There are often much more jumper settings on HDs. Many HDs e.g. have different geometry settings they can work with. Some of them need this geometry information to be set by a jumper setting. Others have special monitoring capabilities that are being used for factory checks or even interfacing the controller. It's not just Master/Slave... In fact, if you change the geometry setting on the HD, this might cause major trouble and look a bit like disk errors, I guess. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Help finding a tv tuner card's chipset
Hi, On Thu, 27 Sep 2007 08:59:18 +0100 Neil Bothwick [EMAIL PROTECTED] wrote: On Thu, 27 Sep 2007 01:00:33 -0500, forgottenwizard wrote: BTW, if anyone knows of a cheap tuner card (50US preferably) that is decent and works with either PCI/USB/AGP, I would love to know. Analogue or DVB? I've used a Freecom DVB dongle with Gentoo (amd64 and ppc) and it worked well. For a cheap PCI card, the KWorld cards are decent. Just a short warning: The US standards are a bit different... (but KWorld has ATSC equipment, too, not just DVB). And if commercial HDTV is to be received, special care has to be taken that everything is HDMI compliant -- I think there are only hardware based solutions to this problem, and it certainly won't be cheap -- at least not 50USD, I think... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Gentoo User Guide XML error : solved ?
Hi, On Sat, 29 Sep 2007 16:34:19 -0400 Philip Webb [EMAIL PROTECTED] wrote: On Thu, Sep 27, 2007 at 12:10:17AM -0400, Philip Webb wrote Following the usual procedure in such cases of trying simple changes, I changed the file extension to '.html' Epiphany now has no problem. Does anyone have any comment on this strange sequence of events ? With HTML, the philosophy is that the parser tries to carry on, even with lots of errors in the HTML code. XML is much stricter and an error is much more likely to be treated as fatal. Well in that case (raises eyebrows), one has to ask (1) why does Gentoo offer its docs in such a strict format It offers it in text/html (MIME type as transmitted by the web server) (2) why there is a bug in the XML sufficient to stall the browsers. It's not XML (there's no real file name extension concept in URI-land). You probably saved it under a file name resembling the URI, thus leading your browser to the assumption it might be XML - and it has to make assumptions for file:// requests, since there's no Content-Type on plain file systems. The conceptual failure is the part that circumvents this (unreliable) detection algorithm by saving that file by a name ending in .xml (my browser doesn't even offer .xml as a preset for the file format when trying to save the HTML page of the user guide). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: Lilo ReiserFS on 64 bits
Hi, On Wed, 3 Oct 2007 12:42:58 -0500 Dan Farrell [EMAIL PROTECTED] wrote: another great thing about grub is that it has a limited command mode that you can enter at boot time. If your grub config contains a typo or error, you can still boot the computer without reaching for a CD. And, OTOH, it can install itself to other devices (but only the stage1, stage 1.5 and/or stage 2 have to be already present on the target device). So you can take a grub-enabled CD, boot it and restore your system's hosed boot loader (say you just installed Windows or similar) from the grub prompt. Also, I prefer grub's savedefault features to the -R switch for lilo (e.g. test boots w/ new kernels -- don't forget the panic=... kernel parameter then!). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?
Hi, On Thu, 4 Oct 2007 15:47:53 +0200 Alan McKinnon [EMAIL PROTECTED] wrote: On Thursday 04 October 2007, Liviu Andronic wrote: And later on: Now one problem is left. Even with normal RAM a well funded organisation can get the contents after the system is powered off. With the modern SDRAM it's even worse, where the data stays on the RAM permanently until new data is written. Pray tell, how does RAM manage to retain data when the power is off? It's either six transistors or one transistor and a cap per cell = not persistent. In theory, for the one transistor and one cap case, you have a loaded cap that will take forever losing its load, won't it? But in practice, I think, that's not realistic. I don't know of any magic persistent RAM that's fast enough for use as main RAM. Flash disks are of course another story but you do appear to be talking about system RAM There actually are new RAM types being made for solid-state storage. But this is in a proof-of-concept stage, I think. Maybe Liviu's professor had those magnetic drum memory units in mind when saying that? Anyway, cleaning memory on a power-off shut down doesn't make much sense. However, it makes sense to clean up memory after having critical data in it -- e.g. a reboot doesn't necessarily clean up RAM. And I'm not sure if some mainboards even keep the RAM powered in certain situations -- at least, they can as long as the power is not really switched off (e.g. machine only in ATX soft-off mode). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Standby
Hi, On Thu, 4 Oct 2007 21:26:28 +0100 Paul Gibbons [EMAIL PROTECTED] wrote: Now when I press the soft power button the system suspends ( all processes appear to stop and the screen goes blank but for a flashing cursor in the top left of the 2 screens of my dual headed system) but after a few minutes the system resumes. It seems that either a wakeup message is being received or the hibernate script cannot actually power off the computer and so after a timeout period it resumes. Sounds as if your BIOS is set to wake up on events that get triggered when in standby. Things to check would be: - Interrupts in general, there might be some spurious ones, - Mouse/Keyboard (at least with a sensitive optical mouse...) - Network ...but look for all these in the BIOS setup. Otherwise set up hibernate-script to really shut off the computer. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?
Hi, On Thu, 4 Oct 2007 20:33:40 +0200 Liviu Andronic [EMAIL PROTECTED] wrote: On 10/4/07, Alan McKinnon [EMAIL PROTECTED] wrote: On Thursday 04 October 2007, Hans-Werner Hilse wrote: However, it makes sense to clean up memory after having critical data in it -- e.g. a reboot doesn't necessarily clean up RAM. Yes, this is very true BUT On 10/4/07, Alan McKinnon [EMAIL PROTECTED] wrote: Pray tell, how does RAM manage to retain data when the power is off? ...and... On 10/4/07, Volker Armin Hemmann [EMAIL PROTECTED] wrote: In practice, after power is cut, everything in ram is lost. So, my eternal question, is it realistic for the lost RAM data to be recovered? That is, after system shutdown, does the data still physically reside on the RAM and can someone with a decent technology and know-how recover it? In other words, is this a serious breach in any encrypted system? No, it isn't. Well, I didn't had the full circuit design of today's DRAMs in mind, and yes, since there's the resistor, the capacitor will lose its load (very) soon (/me scratches his head, wasn't there something asymptotically in that graph? But in any way, it would be a difference of very few electrons on the sides of the capacitor) -- that's not a security breach. But: We are talking about _powering_ _off_ the DRAM. You are talking about shutting down. That might be two different things and completely depend on hardware design. Make shure that RAM's gonna get powered off and you're save. So pulling the plug should give you a warm good feeling in that regard. Doing a sudo halt, however, _might_ have other consequences and we cannot make a general assumption on that. Even pulling the plug might have problems: There's such thing as battery-buffered RAM (although I think they've used it mainly in the pre-Flash era). The thing is: You never can guarantee security, that's absolutely impossible (well, of course you can, but you would automatically be wrong). You can do all your best, but that's about it. Having security is a thing you can falsify, but never verify, since theorys can't be verified without dogmas (and there are no accepted dogmas that would help here). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] loopback into gentoo iptables
Hi, On Fri, 5 Oct 2007 10:42:42 -0500 Walter Willis [EMAIL PROTECTED] wrote: I have modem asdl zyxel 660 and activate loopback with command: ip nat loopback on Where do you enter that and why? What is the thing _you_ call a loopback? On what device or machine does it exist? You don't seem to be talking about the ifup tool (since you talk about ip, which however does not know the nat mode?!?), and you don't seem to be talking about the lo device either. the ask is: it is into gentoo linux with iptables ? Errm, again: What? Setting up you loopback device on gentoo is done automatically by /etc/init.d/net.lo. Should be run on bootup by rc, check rc-update show. Setting up NAT works using a sysctl (or the procfs). Restricting the NAT works using iptables. the compiler module especial for function? E Again, not sure what you are asking here... Yes, you need kernel modules for both NAT to work and as well netfilter modules for the chains and targets and matches you want to use with iptables. They don't really have to be modules, you can compile them statically into the kernel as well. If unsure, rephrase your question -- and be a bit more verbose on what you intend to do... A bit more information might as well cure lack of proper vocabulary... Give examples, try to describe the setting. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] loopback into gentoo iptables
Hi, On Fri, 5 Oct 2007 17:23:38 -0500 Dan Farrell [EMAIL PROTECTED] wrote: Setting up NAT works using a sysctl (or the procfs). Restricting the NAT works using iptables. I don't think that's quite right. Correct me if i'm wrong (please) but this should read, Setting up forwarding works using a sysctl... and configuring and restricting the NAT works using iptables Network Address Translation is taken care of by iptables itself, not just firewalled that way. Thanks, I missed that, of course you're right! NAT would be masquerading, and that's in fact netfilter/iptables' job. I was probably just thinking about routing/forwarding in general... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] linux-headers
Hi, On Sat, 6 Oct 2007 23:38:33 -0700 Hex Star [EMAIL PROTECTED] wrote: There is no harm in doing so :) If you say such things, please add a short explanation what makes you think that. After all this isn't IRC. In fact, I would not suggest doing that. While kernel developers do their best not to break existing interfaces unless they have real urge, the picture also might get bigger, i.e. more or different APIs. So I would not suggest running a userland based on headers with higher version than the actual kernel. Although I have to admit that I don't know if there candidates for unexpected behaviour and what those might be. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] linux-headers
Hi, On Mon, 8 Oct 2007 00:44:21 +0200 Volker Armin Hemmann [EMAIL PROTECTED] wrote: ok, example. I might be totally wrong, so don't believe me: The splice system call was added with 2.6.17 and corresponding headers. If you build an application that has optinal (on compile time) support for this, but downgrade the headers after that to say... 2.6.10 you might see funny stuff happening. Nah, you won't. Nothing depends on the headers on runtime, they just matter on compile time. After downgrading, when you compile new stuff, it will use the now older headers, i.e. it will probably rely on older feature sets. Whether the software compiled against newer headers will still work depends solely on the kernel. In your example, when you also decide to run a 2.6.10 kernel, then the software relying on newer features (due to the newer headers on compile time) will have problems. Headers are backward compatible, not forward compatible. That's not true how you have put it. But it is a misleading thing, all this. The _kernel_ has a backward compatible interface to userland (most of the time, and almost definitely regarding the syscalls). That's why you can still run that old statically compiled binary from 19-you-know-what. The _headers_ on the opposite belong more to the userland software camp. They are what userland knows about the kernel at compile time. So _if_ the kernel keeps backward compatibility, the _headers_ are forward compatible. (The underscoring is meant as emphasis, but not to be harsh) glibc is similar - just try to downgrade glibc. You can't, portage won't allow it. That's the same for downgrading the kernel and it works the same: Userland is compiled against newer glibc headers. -hwh (It's all somewhat complicated, that's why I thought the short one-liner wasn't a definite answer...) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] apache: Directory index forbidden by Options directive
Hi, On Mon, 8 Oct 2007 15:25:23 +0200 Arnau Bria [EMAIL PROTECTED] wrote: You're right, I needed index.php... but now php does not work!!! I'm looking for some info in gentoo wiki and I think I have all fine: APACHE2_OPTS=-D DEFAULT_VHOST -D SSL -D PHP5 in conf.d/apache And you have Apache config files that actually still uses those Defines? (i.e. those that were installed with the new Apache) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] linux-headers
Hi, On Mon, 08 Oct 2007 18:50:56 -0400 Allan Gottlieb [EMAIL PROTECTED] wrote: Does that mean I am at some risk with headers at a higher version than the kernel? I followed the advice at the end of the headers emerge and remerged glibc. Most probably no danger here. The interfaces of the kernel seldom change that radical that a John Doe user would have to care. Also, most software is supposed to leave the kernel headers alone anyway. And you took care of glibc, so that's probably not going to cause headaches. Since that was a re-emerge, it won't produce a new interface for userland. I just explained why I found the first answer to your question somewhat lacking of argumentation and the further answers to my post then were just plain wrong. The moral is to never believe people who just claim stuff without giving a good reasoning. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] cyrus-imapd: DBERROR db4: Database handles still open at env
Hi, On Wed, 10 Oct 2007 11:52:25 +0200 Arnau Bria [EMAIL PROTECTED] wrote: Error occurred while processing mail: -ERR [SYS/PERM] Error initializing TLS and I see this in log files: Oct 5 18:22:21 afrodita pop3[14410]: DBERROR db4: Database handles still open at environment close Oct 5 18:22:21 afrodita pop3[14410]: DBERROR db4: Open database handle: /var/imap/tls_sessions.db Did you try to remove that file? It should probably get recreated on next start. (Don't kill it now, just move it away for testing and then try starting Cyrus) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Wed, 10 Oct 2007 11:04:11 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: I just setup a gentoo in my dell1400 laptop,and until now,the sound problem is not solved yet. Here is the problem: $ aplay 01.mp3 ALSA lib pcm_dmix.c:864:(snd_pcm_dmix_open) unable to open slave aplay: main:545: audio open error: No such file or directory This indicates that the dmix module (NOT kernel, but alsa-lib!) might be missing. I ran into some similar problems, I think they modified the way alsa-lib is configured and made it more fine-grained. Missing an ALSA_PCM_PLUGINS setting in my /etc/make.conf, I had no plugins at all. So I suggest to check your /etc/make.conf, and if not present and you want minimum hassle, append that line to /etc/make.conf: ---snip ALSA_PCM_PLUGINS=adpcm alaw copy dshare dsnoop extplug file hooks ladspa lfloat linear meter mulaw multi null rate route share shm ---snip (works for me) then re-emerge alsa-lib. And here is my hardware: [...] looks OK. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Easy way to know its public IP address
Hi, On Thu, 11 Oct 2007 14:43:15 +0200 Marc LEURENT [EMAIL PROTECTED] wrote: I would like to know how is it possible to quickly know its public IP address behind a NAT from the console... I'm using links + a My IP search but it sucks You can craft a similar service that just reports the querying IP. You can e.g. do without the HTTP protocol and just setup a simple server, e.g. using ucspi-tcp, which sets the TCPREMOTEIP environment variable. Then you can just use netcat. Of course, for all this you'll need a server on the net. OTOH, you could just ask your gateway, if there are means to that (you didn't tell us anything about it). And what different methods of NAT are you talking about in this context? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Thu, 11 Oct 2007 23:53:42 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: I can't find the /dev/dsp : # ls /dev/dsp ls: cannot access /dev/dsp: No such file or directory My os is a 64bit gentoo, so may it be the problem? No, /dev/dsp is OSS stuff. Aplay shouldn't use that. But it makes me wonder whether snd_pcm_oss is loaded? Anyway, that shouldn't bother us here, that's not used by aplay. (BTW: For me, aplay will play noise when trying to play an MP3, but at least it *does* play something) Do you by chance have some older /etc/asound.* files around? Did you try re-running alsaconf? If all this doesn't work, try running strace on the aplay process (call strace aplay) and post back some output. Also, the contents of /proc/asound/cards and /proc/asound/devices might be interesting. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Fri, 12 Oct 2007 09:50:16 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: No, /dev/dsp is OSS stuff. Aplay shouldn't use that. But it makes me wonder whether snd_pcm_oss is loaded? Yes,have loaded it: $ lsmod | grep snd_pcm_oss snd_pcm_oss39648 0 snd_mixer_oss 14912 1 snd_pcm_oss snd_pcm73800 2 snd_pcm_oss,snd_hda_intel snd50216 6 snd_seq,snd_pcm_oss,snd_mixer_oss,snd_hda_intel,snd_pcm,snd_timer Odd. /dev/dsp should be present under these circumstances. But the other things below explain that: I am sure I have re-run alsaconf and both the /etc/asound.state and /var/lib/alsa/asound.state 's content are: # cat /var/lib/alsa/asound.state state.Intel { control { } } Hm, so it seems there were problems with the mixer at that stage, too. That file should contain settings for the various controls. $ cat /proc/asound/cards 0 [Intel ]: HDA-Intel - HDA Intel HDA Intel at 0xfe9fc000 irq 21 So the kernel is interfacing it correctly, but only in parts: $ cat /proc/asound/devices 0: [ 0] : control 1:: sequencer 33:: timer Here is the output of strace aplay and I hope it dose not bother you and I also attach it as a annex. [...] open(/dev/snd/pcmC0D0p, O_RDWR|O_NONBLOCK) = -1 ENOENT (No such file or directory) The playback and capture devices are completely missing, and udev therefore didn't create /dev/snd/pcmC0D0p (PCM, card 0, device 0, playback channel). The only explanation I can suggest is broken/incomplete kernel/alsa-drivers support for your device. Does the machine have BIOS settings for sound? What about the audio related kernel log output? In any case, you should probably use the separate alsa-driver from portage, preferably the newest (unstable in portage) version. There were many changes (some of them adding support for more devices for the hda driver) that are not yet in the kernel ALSA tree. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Fri, 12 Oct 2007 22:59:28 -0400 Walter Dnes [EMAIL PROTECTED] wrote: After this sequence, my ALSA sound finally started working again. I don't know what happened. A wild guess is that make was trying to be efficient and kept some code from a previous version, that doesn't work with the current version. Pretty unlikely, make doesn't do these things. I'm more thinking of stale modules lingerin' around, but we will never know. In this thread's case, however, I had the impression that sound on this machine never worked at all? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Sat, 13 Oct 2007 22:23:35 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: Yes,both my Windows XP and another linux os Redflag have sound. Is there anyway that I can use the Redflag's modules to driver my gentoo? Only by using its kernel, too. Then you would just copy the kernel (and initrd, if needed, but this might be a bag of problems if the initrd depends on stuff from the base system) from /boot and the according module tree from /lib/modules. I think it would at least be interesting what /proc/asound/version is like on the redflag distro. Also it would be interesting if they use in-kernel ALSA or separate drivers and if the latter is the case, then they might provide source packages -- which potentially include patches that add support for your device. Before trying all that: Did you had a look at the kernel log (use dmesg)? Were there errors or warnings around the lines that were printed when the ALSA driver was loaded? When you emerge alsa-drivers, also make sure that there are no stale in-kernel modules in /lib/modules/$(uname -r)/kernel/sound/*. You can delete them manually, just run depmod -ae afterwards. Where can I get the audio related kernel log output? look at the output of dmesg (e.g. piping it to less: dmesg|less). However, for me (different card and all works well), there is zero output. You might change that by enabling ALSA debug output in kernel configuration, though... But I'm not sure whether that's worth it. In any case, you should probably use the separate alsa-driver from portage, preferably the newest (unstable in portage) version. There were many changes (some of them adding support for more devices for the hda driver) that are not yet in the kernel ALSA tree. I have tried the version (~)1.0.15_rc2,which I heard from someone in some webpages that it could drive my hda sound card,but it still can't in my machine. The newer ALSA versions are at least supposed to handle the hda better w/ regard to supported hardware configurations. Doing a little recherche for the little I know about your laptop, I came across this thread: http://www.mail-archive.com/[EMAIL PROTECTED]/msg20707.html which seems to indicate similar problems which were partly solved by a newer version of alsa-driver. When experimenting with out-of-kernel drivers, always keep an eye on potential conflicts in /lib/modules/$(uname -r), and compare /proc/asound/version against what you think it should be. The thread also indicates that problems with HDA based audio is not a seldom thing to see. You can download newer versions of alsa-driver from their homepage and experiment with it in /usr/local/src. Currently they offer -1.0.15rc3, you might want to try it, it lists changes w/ regard to the hda driver. http://www.alsa-project.org/ And the one of version , I think I can never emerge it: Emerging (1 of 2) media-sound/alsa-headers- to / * checking ebuild checksums ;-) ... [ ok ] * checking auxfile checksums ;-) ...[ ok ] * checking miscfile checksums ;-) ... [ ok ] Unpacking source... * hg clone http://hg.alsa-project.org/alsa-kernel ... real URL is http://hg.alsa-project.org/alsa-kernel/ requesting all changes adding changesets The network is so slow and this status has already keep couples of hours. Yes, that's the culprit with distributed versioning systems. You have to download the full change history. I've not used mercurial recently, so I don't have a suggestion how to only download HEAD or something like that, if that's possible at all. I think at the moment there is no point in using a current Mercurial checkout. From what I see on http://hg-mirror.alsa-project.org/alsa-driver/ the last changes after 1.0.15rc3 don't matter in your case, so start trying that (as said, you can download it from their homepage). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Sun, 14 Oct 2007 15:25:12 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: Yes,both my Windows XP and another linux os Redflag have sound. Is there anyway that I can use the Redflag's modules to driver my gentoo? Only by using its kernel, too. Then you would just copy the kernel (and initrd, if needed, but this might be a bag of problems if the initrd depends on stuff from the base system) from /boot and the according module tree from /lib/modules. Oh, I just forgot that the Redflag is a i386 OS but the gentoo is amd64 OS. So gentoo can't use the Redflag's modules and kernel(vice versa). Hm, I see. I think the different IRQs are not really worth mentioning, since they get automatically assigned. All that fooling around with different versions of ALSA didn't help much, so it boils down to - either it's a modified kernel what Redflag uses (I agree they use in-kernel ALSA), or - it's really an AMD64 vs. i386 matter. When I do #modprobe snd_hda_intel(or #alsaconf), I can see the message below appending to the ouput of dmesg: ACPI: PCI Interrupt :00:1b.0[A] - GSI 21 (level, low) - IRQ 21 PCI: Setting latency timer of device :00:1b.0 to 64 stac92xx_auto_fill_dac_nids: No available DAC for pin 0x0 I had a really deep look into /usr/src/linux/sound/pci/hda/patch_sigmatel.c, but nothing really rings a bell. I think this indicates the problem (since nothing will get routed correctly when it fails on the first pin, 0). But I don't think the problem is located in the function that prints this error. In any case, after printing that error, the initialization of the pin routing fails with an error. So it's definately a driver issue, not something about machine configuration. In any case, I think you should report to the alsa mailinglist. FWIW, I can't currently access www.alsa-project.org either. You can find the subscription interface here: https://lists.sourceforge.net/lists/listinfo/alsa-user I'm sorry that after all this there isn't really much success. One could certainly do more debugging by comparing a 32bit vs a 64bit kernel with the exact same config otherwise. That might actually prove that there's something fishy. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Emerging java with gcj
Hi, On Thu, 11 Oct 2007 13:59:23 +0200 Florian Philipp [EMAIL PROTECTED] wrote: I've noticed that the gcj use flag is not enabled by default and therefore all java code is compiled to byte code instead of native binaries, am I correct? I think the gcj flag toggles if java support is added at all. gcj itself can compile to bytecode (class files) or native binary code. In order to generate java bytecode, the flag -C has to be specified. I wonder how I can change that. Just re-emerge gcc with USE=gcj and all packages containing java code? Is it even a good idea? It will take a lot more time when emerging gcc. Whether you need it depends on what you are planning to do with it... If you just need a full blown JDK, the gcj might not be exactly what you want. Gcj also brings the gij interpreter, which can be used to run java bytecode. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] alsa problem
Hi, On Mon, 15 Oct 2007 21:33:17 +0800 Chuanwen Wu [EMAIL PROTECTED] wrote: The problem is fixed now! I tried the alsa-driver-1.0.14_rc3, which is used by the Redflag os, and everything is fine, now. It's very weird. Just as what I mentioned above, the 1.0.14_rc3 version one is a unstable one. I have tried both version 1.0.14,the stable one that come out after 1.0.14_r3, and the 1.0.15_rc2 one, but both of them can't drive my sound card. But now, the 1.0.14_rc3 fixed it! It's a big surprise. I'm very happy to hear that. And I don't have a good explanation, either. Some regression must have crept into newer versions -- or some kind of sanity check that now triggers for newer versions. In any case: Good to hear it's working! (and of course, you were very welcome, thanks for the thanks!) -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] kernel compilation
Hi, On Wed, 17 Oct 2007 12:10:19 +0200 (CEST) Helmut Jarausch [EMAIL PROTECTED] wrote: 2.) If I have to run make modules_install, can I do this before I run make to compile the kernel image? No. I was under the impression that the modules_install target will include the all target? So it should work, and do the make automatically, I think... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] emerge update problem
Hi, On Wed, 17 Oct 2007 15:15:33 +0200 (CEST) Helmut Jarausch [EMAIL PROTECTED] wrote: [...] For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. (dependency required by www-client/epiphany-2.18.3 [ebuild]) !!! Depgraph creation failed. --- BUT www-client/epiphany is no more installed on that machine. What can I do about this? Hm, did you try running w/ -t in order to see if something's trying to pull in epiphany? Maybe some stale old binary packages w/ old dependencies? -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Network Monitoring
Hi, On Wed, 17 Oct 2007 10:38:10 -0400 James Colby [EMAIL PROTECTED] wrote: I am looking for some advice. We have a user on our network that we belive may be making inappropriate forum posts, violating our TOS for internet usage. I am looking for some recommendations of software that I can install on Gentoo server to help us monitor these posts. Can anyone recommend a proxy package that could help me to monitor this. I would prefer to do this transparently but we do have access to configure a proxies on the users browser. Is this something that Squid can do? You won't get HTTPS traffic without spoofing certificates, which might not get trough unnoticed. But HTTP is just plain text, so probably you can just run $ tcpdump -w - -i ethN -s 1600 port 80 and src 192.168.your.enemy | tee fulldump | strings for one or two days and be done with it. Note that the traffic you're interested in the most is outgoing traffic (HTTP POST) if you're looking for offensive communication originating from that user. Of course, all of this is probably illegal if that user hasn't agreed on monitoring measures (which means you'll probably not be able to use it as a proof before court) -- and even that might be prevented by local law. Also have a look at the dsniff package, especially at urlsnarf. But this would just give you the URLs... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] kernel compilation
Hi, On Wed, 17 Oct 2007 12:19:07 -0500 Dan Farrell [EMAIL PROTECTED] wrote: FYI, although this is somewhat popular and seen as a performance enhancement to many, ...I don't think dynamic linking has *that* big overhead. I think most people do this in order to secure the kernel/userland border. But nowadays, good rootkits are not dependent on module loading facilities but rather put direct hooks on memory addresses they can detect reliably. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} preforking mysqld?
Hi, On Sat, 27 Oct 2007 07:52:48 -0700 Grant [EMAIL PROTECTED] wrote: I have apache2 preforking and another important daemon preforking, and after looking at my top process list, I'm wondering if I can get mysqld preforking. It looks like there's only one mysqld process running and it's working hard. I rather think it is threading... At least on my servers, it does. With NPTL you won't see those threads in the normal top view. In order to check if it's already multi-threaded, look at the output of ps -fejL instead. There's probably no forking involved, so preforking doesn't make sense. That the database consumes considerable resources is only natural with dynamic web content serving... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Problem using the pppoe plugin
Hi, On Sat, 27 Oct 2007 11:35:05 -0400 John covici [EMAIL PROTECTED] wrote: What happens is that when I use this a computer on my local network has intermittent connection problems -- it connects to google just fine, but not to Microsoft sites and other places. Does this computer use the computer you're running pppd on as a router? It really sounds like an MTU issue ATM... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Problem using the pppoe plugin
Hi, On Sat, 27 Oct 2007 13:23:44 -0400 John covici [EMAIL PROTECTED] wrote: on Saturday 10/27/2007 Hans-Werner Hilse([EMAIL PROTECTED]) wrote Hi, On Sat, 27 Oct 2007 11:35:05 -0400 John covici [EMAIL PROTECTED] wrote: What happens is that when I use this a computer on my local network has intermittent connection problems -- it connects to google just fine, but not to Microsoft sites and other places. Does this computer use the computer you're running pppd on as a router? It really sounds like an MTU issue ATM... Yep, exactly the gentoo box is a router for the computer having the problem, anyway to adjust the mtu using the plugin? For me, mtu 1492 in my pppd config script is sufficient. If that's not the case for you, you should try MSS-Clamping. You can do that using iptables, I could search for a proper iptables rule, but I don't have one at hand right now... -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} method for graphing server stuff?
Hi, On Wed, 7 Nov 2007 09:24:35 -0800 Grant [EMAIL PROTECTED] wrote: I was thinking it would be pretty handy to generate a series of transposed (or not) graphs for data like cpu usage, mysql usage, memory usage, external monitoring response times, http traffic, etc. My external monitoring service has an API I can hook into and http traffic is logged to mysql so I'm thinking I have good access to the data, but I need a way to tie it all together into a useful presentation. Is there a good package for this? I think net-analyzer/rrdtool will probably come close to this. It's used by many other solutions, so you'll find a lot of examples on the Web. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} method for graphing server stuff?
Hi, On Thu, 8 Nov 2007 08:02:58 -0800 Grant [EMAIL PROTECTED] wrote: I was thinking it would be pretty handy to generate a series of transposed (or not) graphs for data like cpu usage, mysql usage, memory usage, external monitoring response times, http traffic, etc. My external monitoring service has an API I can hook into and http traffic is logged to mysql so I'm thinking I have good access to the data, but I need a way to tie it all together into a useful presentation. Is there a good package for this? I think net-analyzer/rrdtool will probably come close to this. It's used by many other solutions, so you'll find a lot of examples on the Web. +1 to rrdtool. At my company, we set up rrdtool to graph 100's of graphs per day on all sorts of data from different sources. It's very customisable, if you want to spend the time on it. I also found the creator and forum very supportive. Is it difficult to plug in data from sources different sources? That depends on the difficulty to aquire this data. rrdtool is basically a database which allows round-robin storage (old data times out) combined with some statistical abilities -- and also has a graphing component. It's your job to e.g. set up cron jobs or daemons which feed the data into it. You would create databases for each monitored entity (or group of entities for the same concept) and then write data into it. Then, on the other side, you could e.g. call it to create graphs that are being served via CGI, written to the desktop, whatever. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] grub hell
Hi, On Wed, 14 Nov 2007 08:25:50 + Mick [EMAIL PROTECTED] wrote: I know the drive is OK cause it boots when the boot order in the BIOS starts with the first drive. Grub *should* be able to see what BIOS sees, but clearly this is not the case here. Have you tried reinstalling Grub in the MBR? That most likely won't help since what's installed there only stages the real grub binaries which will be most likely the same ones. From what maxim wrote so far it really looks like the BIOS moves the entry for the HD on the first controller out of sight somehow. So probably the BIOS feature of booting off the second controller is the problem here. We can't solve this on the level of grub or the OS, so the only option seems to be to properly install grub to the first HD. I would start with a grub floppy disk or boot CD(-RW) and look what devices that sees when booting. In order to have grub list disks, you enter root ( and press TAB. The same goes for partitions after the setting device and a comma (e.g. (hd0, + TAB). If all devices are seen, then set root (as indicated above) to the partition holding the grub stages (i.e. partition of /boot in Gentoo or /lib/grub/i386-pc/). Then have grub write the MBR using setup (hd0). Note that this will overwrite the Windows MBR, which will make it unbootable at that point. So better before doing that -- from Linux -- backup the MBR: dd if=/dev/hda of=/backup-mbr-hda bs=512 count=1 so you can write it back later. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] grub hell
Hi, On Wed, 14 Nov 2007 13:27:49 -0800 (PST) maxim wexler [EMAIL PROTECTED] wrote: the only option seems to be to properly install grub to the first HD. grub-install /dev/hda renders the PC completely unusable Hm, yeah, that's why I generally distrust running grub from within an booted OS: You can't be sure that the setting is anywhere near what happens before the OS got loaded (e.g. no ACPI kicking in yet, BIOS disk drivers...). I would start with a grub floppy disk or boot CD(-RW) and look what Both drives are bootable provided I make a detour to the BIOS and change the boot order. Somehow I suspect that the BIOS gets something wrong when you change the boot order. But that's just a suspicion. So my suggestion was to change it to default (first HD first). Then check from a grub running from floppy or CDRW what that can see. So you can try if my suspicion is wrong, what might well be the case: That grub (from floppy or CD) will only see one drive, too, if I'm wrong. Otherwise you know that I was probably right and your only option then is to leave the BIOS boot order untouched. devices that sees when booting. In order to have grub list disks, you dmesg reports ALL drives and appropriate partitions. But that is what _Linux_ sees. Linux has its own drivers, working completely independent from what the BIOS was doing before -- and that's what a grub (at boot stage) has to rely on. So Linux' output only tells us that generally: - your drives are OK, the cabling too. - your controllers are working. But we need to make sure the BIOS initializes everything right. It might not do so if boot order is changed (and from a certain point of view, that might actually be a feature). enter root ( and press TAB. The same goes for partitions after the setting device and a comma (e.g. (hd0, + TAB). Now this is really wierd. When I'm at the prompt using the grub that appears when the PC boots, ie when the second drive is given preference in BIOS, tab completion reports only a string of fdn's followed by hd0. But, when having booted and logged in, I issue the grub command, tab completion reports possible disks as hd0 and hd1 as it should. And it correctly sees the unknown partition on /dev/hda and the four linux partitions on /dev/hdc. But that's with device.map like so: (fd0) /dev/fd0 (hd0) /dev/hda (hd2) /dev/hdc ^!?!? It might be that the second HD is just (hd1). Grub doesn't necessarily follow the kernel way of enumeration. But then again, don't rely on what grub tells when run with an loaded OS. If all devices are seen, then set root (as indicated above) to the partition holding the grub stages (i.e. partition of /boot in Gentoo or /lib/grub/i386-pc/). Then have grub write the MBR using setup (hd0). Note that this will overwrite the Windows MBR, which will make it unbootable at that point. So better OK, this throws me. Isn't it supposed to be bootable? Oh, the Windows MBR is just giving control to the boot block of the partition holding Windows, which itself then stages ntldr. So when I said it'll make it unbootable, I was talking about the Windows MBR. Grub should run anyway nevertheless, and then it should be able to give control to the Windows partition boot block -- but I was just giving a warning that what definately happens is that the Windows MBR is gone. There's more... I followed the instructions here: http://gentoo-wiki.com/HOWTO_Dual_Boot_from_Windows_Bootloader_(NTLDR)_and_why And, provided I'm booting from /dev/hda, I'm presented with two choices, Gentoo and XP. XP boots OK but gentoo halts at: GRUB Loading stage1.5 GRUB loading, please wait... Error 21 even though the boot routine is identical to the one that WORKS when the second drive is given boot preference. Personally, I don't see much difference, this approach shares similar problems. Apropos problem, error 21 is Selected disk does not exist. I think it might have happened because you probably switched drive order again when doing the Linux based steps descibed in the link you've give. When the MBR is written, it stores references to the stage files. They might point to an invalid location if you change the boot order back again. That's what I think why you're seeing this error. Grub can perfectly from a floppy disk. See info grub (the full grub documentation, the man page is crap) in order to learn how to create a grub floppy disk (or CD/R(W)). You will then be able to set the BIOS boot order to default and see what a freshly booted grub sees then. From within the grub booted this way, you can order grub to setup itself to an MBR or boot block. Basically, you have to set root, then issue setup. The first takes the device of the stage files as argument, the latter the target disk (or partition). After being through this grub hell, at least will have learnt a lot about broken BIOSes and different boot stages of today's PC
Re: [gentoo-user] Re: ruby gems
Hi, On Thu, 22 Nov 2007 03:20:42 + (UTC) Thufir [EMAIL PROTECTED] wrote: arrakis ~ # eix rails [I] dev-ruby/rails Available versions: (1.1) 1.1.6 ~1.1.6-r1 (1.2) ~1.2.0 ~1.2.1 ~1.2.2 ~1.2.3 Installed versions: 1.1.6(1.1)(18:31:16 11/21/07)(doc fastcgi mysql -postgres sqlite -sqlite3) Besides what you were told already (sync portage to see 1.2.5), you can see above that rails is slotted. So as long as you don't explicitly emerge it, it will keep the 1.1 and 1.2 slots separate and will only update within each of the slots. So if you want 1.2.x, emerge it (and then remove the 1.1 version, if you need/want to). -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Ghostscript - font path
Hi, On Wed, 21 Nov 2007 19:25:48 -0700 Joseph [EMAIL PROTECTED] wrote: gs -h gives me the following font path for Ghostscript Search path: [...] Where these paths are coming from? Compiled into the binary? According to documentation: /usr/share/doc/ghostscript-esp-8.15.3/html/Use.htm The documentation only mention Xfree86 display servers but I would imagine is it is applicable to Xorg as well. So, the fonts path from xorg.conf should be searchable by Ghostscript as well but they are not. Hm? What makes you think so? BTW, X11 output is just one driver in Ghostscript. It doesn't have to be present at all. So the connection between GS and X is only a thin line... Ghostscript doesn't know anything about them; as one of the pdf document was giving me an error, I couldn't convert from pdf2ps it was looking for: gbsn00lp.ttf font I have this font in /usr/share/fonts/arphicfonts/ Only when I created a link in: /usr/share/fonts/default/ghostscript/ ln -s /usr/share/fonts/arphicfonts/gbsn00lp.ttf gbsn00lp.ttf to this font it converted from pdf2ps Yes, might happen. But it is common sense that you should embed all needed fonts into the PDF anyway. For older versions of PDFs there was an exception for the Base14 fonts, and those are (by means of replacement versions) accessible from GS' own font store (the path you said is present and works). You never know at a later point in time whether you have the right font, with the right encoding: even if the name matches you can't be sure. Shouldn't gs -h show list of path fonts from xorg.conf file? No. If you run it that way, there's no X needed anyway. And gs -h should just show what is configured. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Ghostscript - font path
Hi, On Thu, 22 Nov 2007 10:13:50 -0700 Joseph [EMAIL PROTECTED] wrote: gs -h gives me the following font path for Ghostscript Search path: [...] Where these paths are coming from? Compiled into the binary? Not a good solution but, it would be better if we input the path via a config file. Of course, this is only the basic configuration. You can override this by configuration file or even environment variable (so you can set it up in your .bashrc). The environment variable is GS_FONTPATH. See the use.html document you've already found, it should be explained there. Also have a look at /usr/share/ghostcript/ver/lib/Fontmap.GS, but I don't suggest editing it as it will get overwritten by updates. I'm not sure ATM if there's a standard path for overrides in GS, maybe someone else can comment about this. By the way: the X server probably doesn't know of all fonts either. Take into account that a lot of programs nowadays use fontconfig, which is configured in /etc/fonts. Yes, this is a bit convoluted. Yes, might happen. But it is common sense that you should embed all needed fonts into the PDF anyway. For older versions of PDFs there was an exception for the Base14 fonts, and those are (by means of replacement versions) accessible from GS' own font store (the path you said is present and works). You never know at a later point in time whether you have the right font, with the right encoding: even if the name matches you can't be sure. I think this is the clue. Well, if I generate the PDF file on Linux the fonts are embedded in every PDF document when I received the file from somebody else the fonts most of the time are not embedded. Yeah, that's the culprit if you have to use other peoples' documents... I have one document I received (pdf file) it printed fine two weeks ago; when I try to re-printed it I can not, and I know it is a font problem: egsample when I run pdf2ps file.pdf I get: Warning: Fonts with Subtype = /TrueType should be embedded. But TimesNewRomanPSMT is not embedded. Warning: Fonts with Subtype = /TrueType should be embedded. But TimesNewRomanPS-BoldMT is not embedded. Warning: Fonts with Subtype = /TrueType should be embedded. But ArialMT is not embedded. Ghostscript should mostly be able to recover from those warnings and use replacement fonts here. You might also want to give acroread a try (it has command line options to generate Postscript, IIRC) or pdftops (from poppler/Xpdf). How can they configure their system on Windows so the fonts are embedded? That's hard to tell, and certainly depends on the production chain. For most ways of generating PDF on Windows, there is a configuration option where it is to be expected. I.e. in the printer settings for a PDF-printer style generator, in the save as options for programs saving to PDF natively and so on. What puzzle me is that this document printed fine two weeks ago and all of a sudden I'm getting an error so I'm looking for a fault on my end. Did you do an emerge -u by chance? (Of course, this isn't a fault, but might be the cause, and then, I'd consider it a bug) OTOH, I think most ESP specific code is now in the main development line (ghostscript-gpl). You might want to try this out... The newest release is 8.61 -- released yesterday -- and is not yet in portage. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Ghostscript - font path
Hi, oops, wrote too long. So here's the follow-up: On Thu, 22 Nov 2007 10:42:54 -0700 Joseph [EMAIL PROTECTED] wrote: Where do you put GS_FONTPATH= I was trying to put it in .bashrc (re-log) didn't work; in /etc/profile env-update source /etc/profile export GS_FONTPATH=/usr/share/fonts/misc:/usr/share/fonts/75dpi:/usr/share/fonts/100dpi:/usr/share/fonts/Speedo No difference, gs -h doesn't show these paths. I don't think it will ever do. It is supposed to just show compiled-in paths, so that you can see what the defaults are. I would set that variable just like you did -- and then give pdf2ps a try. BTW, all paths you have specified are related to bitmap fonts, which Ghostscript will most probably not be able to make any sense of. You should probably rather focus on the corefonts (Microsoft fonts) and TrueType/TTF/Type1 folders. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Binhost integrity questions
Hi, On Tue, 27 Nov 2007 10:46:02 +0100 Aniruddha [EMAIL PROTECTED] wrote: Thank you for your answer. I am afraid you go a little to fast for me. What does $ dd if=/dev/urandom of=/tmp/md5src count=512 exactly do? Put 512 blocks of pseudo-random stuff in /tmp/md5src. I think Dan just did just misinterpret your question for something much more basic. In fact, you're specifically asking for portage's binhost configuration, i.e. binary package generation and distribution. I don't think that portage is currently very good at that, especially regarding the configurability of the binary package fetching. If I were you, I'd rather use sshfs or similar in order to give access to the main binary repository and then use emerge -K instead of emerge -g. That way you're somewhat on the safe side. Another option would be to setup the binhost for HTTPS and make the clients aware of the correct cert's public representation. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] realtek 8197 wireless card setup
Hi, I cannot really go into details, but maybe I'm competent enough to make some notes on this: On Wed, 19 Dec 2007 21:47:55 -0500 Jeff Cranmer [EMAIL PROTECTED] wrote: I manually edited the file /usr/src/linux/drivers/net/wireless/rtl8187_dev.c [...] I added the line {USB_DEVICE(0x0bda, 0x8197)}, in the /* Realtek */ area of the structure, then ran make clean, then make make modules_install etc. After rebooting into the modified kernel, I now have iwmaster0 and iwlan0 lines showing up when I type iwconfig. Although that's a good sign, it does not guarantee that the driver fully supports your device. However, the kernel log should now have changed significantly and the driver might now tell you there if it's fully operable. ifconfig showing the correct MAC is also a good sign. As a side note: My suggestion would be to play with the different drivers of wpa_supplicant. DHCP won't work if there's no correct WPA setup anyway. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] realtek 8197 wireless card setup
Hi, On Thu, 20 Dec 2007 18:45:26 -0500 Jeff Cranmer [EMAIL PROTECTED] wrote: The card I have is an 8197, not an 8187. I wonder if this is part of the problem. Could it be that the kernel driver does not support the 8197? [...] At the moment, I think the key line in dmesg is . phy0: RF calibration failed! 0 If I could figure out what this line meant, and what I could do to fix it, I might be on my way to a potential solution. Well, although you managed to bring it to a point where at least the driver recognized the device, there is still the possibility it won't work anyway. My guess here is that the driver does not fully support your device. Probably, some back end mechanics is different. WLAN cards often consist of separate modules, some of them even being small computers running a firmware. I guess at that point your hardware differs from what the driver supports. Did you find indications on the Web that the 8187 driver should work for the 8197? Or did you chose to try based on the similarity of the two numbers? you might also want to try asking on the driver's mailing list. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] realtek 8197 wireless card setup
Hi, On Sat, 22 Dec 2007 00:08:26 -0500 Jeff Cranmer [EMAIL PROTECTED] wrote: I think I'm getting closer now. I removed the driver from the kernel, and installed ndiswrapper. I got the inf driver from a guy from realtek, and used ndiswrapper -i drivername.inf to install it. Now, when I run iwlist wlan0 scanning, I can actually see my access point listed, plus lots of other local wireless networks. That's good. It actually receives. connecting to it is a different matter, however, as the connection always appears to time out. I'm using iwconfig to manually set the ESSID, wep key etc. at the moment, and have tried the trick of setting the speed manually to 5.5M to avoid timeouts. When I try to run dhcpcd wlan0 the first time, I get Error, wlan0: timed out The second time I try to run it, I get an error because dhcpcd is already running. Try the minimal approach first and configure it manually using ifconfig/route and ping some host on your network (or the AP if it does IP). If that does not work, there's something wrong with the driver, if it does, the culprit is dhcpcd (vram USE flag?). Start with WEP, if that works switch to WPA. -hwh -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] I can't send attachments
Hi, On Sun, 6 Jan 2008 08:12:10 -0600 (CST) Michael Sullivan [EMAIL PROTECTED] wrote: I own espersunited.com, so it is on my end. ...and so should be exim's logs, right? I usually find it easier to read actual error reports than (stripped) configurations for complex software that is claimed to be responsible for the error... Also, I have a hard time trying to understand the problem. A mailbox unavailable shouldn't occur after SMTP's DATA command, it should happen after the RCPT TO (answer code 450). At that point, no data has been transmitted, so the error does not make sense except if it is wrongly phrased by the MUA or (sorry) you. SMTP doesn't allow it at that point. There's only the possibility for much more general error codes. BTW, what's the MUA? You just introduced the MTA. Did you try another one? -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] I can't send attachments
Hi, On Sun, 06 Jan 2008 11:09:15 -0600 Michael Sullivan [EMAIL PROTECTED] wrote: We use evolution. I tried using Squirrelmail and got this: Message not sent. Server replied: Requested action not taken: mailbox unavailable 550 Rejected: spam score 6.5 Ah, I see. Exim does output a 550 anyway (and it makes some sense, I guess the SMTP protocol definition is impractical w/ regard to the allowed errors). But reading the full error report, it seems it's your spam detection software that leads exim to deny the mail. Your exim config seems to indicate that everything with a spam score 6.0 is to be denied (those numbers in the config are given with a factor of ten, I guess?). Depending on whether the full spam check report is available on the logs, you might want to temporarly disable that mail denial and check the mail headers for the protocol of which certain spam checks leads your spam filter to the conclusion it is spam, then adjust that. -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] How to find USE flags of a tbz2?
Hi, On Sun, 6 Jan 2008 19:05:18 + (UTC) Konstantinos Agouros [EMAIL PROTECTED] wrote: if an ebuild was executed with --buildpkg, is there an easy way to extract the USE-flags that were in place from the resulting .tbz2? qtbz2 -xO your.tbz2 | qxpak -xO - USE -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Routing problem ?
Hi, On Sun, 13 Jan 2008 16:42:56 +0530 Holla [EMAIL PROTECTED] wrote: One thing, I cannot understand is the difference in traceroute results. What does this say in plain english ? :-) At PC2 # traceroute 218.248.240.46 (ISP's DNS server) traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.2.43 (192.168.2.43) 1.730 ms 0.840 ms 0.920 ms 2 192.168.1.1 (192.168.1.1) 1.440 ms 1.469 ms 1.287 ms 3 * * * 4 * * * At PC1 # traceroute 218.248.240.46 traceroute to 218.248.240.46 (218.248.240.46), 30 hops max, 40 byte packets 1 192.168.1.1 (192.168.1.1) 0.848 ms 0.706 ms 0.681 ms 2 117.192.128.1 (117.192.128.1) 19.712 ms 18.878 ms 19.920 ms 3 218.248.160.134 (218.248.160.134) 19.292 ms 19.796 ms 19.190 ms I'd say your router (Router1) isn't doing NAT for packets from other subnets than it's LAN interface is configured for -- regardless of the (correctly) configured internal additional route. So your option would be to set up PC1 for doing NAT, not necessarily for packets 192.168.2/24-192.168.1/24, but for all packets from 192.168.2/24 going to the internet. Your provider most likely does not have anything to do with all this. -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Create mutli-file .zip archives from the command line?
Hi, On Sun, 13 Jan 2008 16:34:01 + Stroller [EMAIL PROTECTED] wrote: The file is the same size in bytes (8056211212) on the destination XP machine as it is on the Samba host, but the md5sums (using Sumemr Properties under XP) don't match. There is also the slight possibility that your md5sum util in Windows isn't dealing well with file offsets 4GB. Re-check using a different one, I'd say. -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] RANT: WTF does a *SPREADSHEET* need SVG and unicode?
Hi, On Mon, 14 Jan 2008 08:13:33 +0100 Renat Golubchyk [EMAIL PROTECTED] wrote: There is nothing basic about a spreadsheet program. It is a very advanced piece of software. From a developer's perspective unicode is an obvious requirement, if he tries to write a program for many different locales without too much hassle. And I can well see myself e.g. inserting greek chars that have some mathematical meaning in my spreadsheets... After all, this isn't Lotus-123 and I don't use a 9-pin-printer anymore... And FWIW, SVG (or parts of it and lots of referring definitions) is integrated in the Open Document Format for Office Applications. -hwh -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fetchmail
Hi, I run fetchmail to poll 3 servers every minute... and while this has worked fine for weeks, last night it froze at 2am and stopped polling. When I killed the fetchmail process and ran fetchmail again this afternoon, things jumped to life again and appear back to normal... but I wished I didn't have to make the manual intervention. Fetchmail is version 6.2.5.2+RPA+NTLM+SDPS+SSL+INET6+NLS from portage and has the following in ~/.fetchmailrc [...] -- Can anyone tell me why this happened? Hard to say. There's no evidence in the cited log. I think you may want to increase verbosity of the logs... Hm, and next time don't just kill the running instance but check what it's actually doing using strace and ltrace (or even a debugger, but this won't help much if debug symbols are stripped...). You've compiled in a lot of auth mechs, so it may well be due to a related library (hence I suggested ltrace, too). -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] IMAP Server - authenticating off a Windows Domain?
Hi, That's the problem I'm getting at the moment - the user authenticates ok (using Samba's winbind PAM) but the IMAP server exits because it can't chdir into the user's home directory (which doesn't exist). I'm told I can use `pam_mkhomedir` to solve this, but I'm beginning to wonder if I've gone up the wrong path with winbind. Hm, why not just use a IMAP server that doesn't depend on existing Unix accounts for its users? Cyrus comes to my mind... -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Berkeley DB patch required (I think)
Hi, On Tue, 13 Dec 2005 18:04:56 +0200 Mike Kenny [EMAIL PROTECTED] wrote: Dec 13 15:56:00 getafix slapd[7156]: bdb(dc=inzanix,dc=com): illegal flag specified to txn_begin Dec 13 15:56:00 getafix slapd[7156]: bdb_txn_get: BerkeleyDB 4.2.52 library needs TXN patch! Dec 13 15:56:00 getafix slapd[7156]: conn=0 op=1 RESULT tag=97 err=49 text= I know this is not specifically a gentoo issue, more LDAP or OX, but I then followed the reference to a required patch on the second last line of messages. I wanted to check what versions of bdb were available, but [... only found one...] As it's clearly LDAP which is complaining here, it would be interesting - if that's actually the OpenLDAP compiled on your Gentoo, and if yes, - what a re-emerge of OpenLDAP causes and - what USE flags you're using for OpenLDAP -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] data base program
Hi, On Tue, 20 Dec 2005 13:45:19 +0100 capsel [EMAIL PROTECTED] wrote: OpenBase is part of OpenOffice... and is really slow on my laptop. OK, please don't try to enforce your own name... it's OpenOffice Base, not OpenBase, as you've been told... Do you know any replacement of OpenOffice for my laptop ? :) koffice, probably. Or a combination of gnumeric/abiword, possibly. BTW. Is there a tool to convert mysql (and possible other) databases to and from ms-access *.mdb's ? There's an ODBC connector for MySQL, yes. You can use mysql tables in MS Access this way. -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] SIOCADDRT: No such device
Hi, On Wed, 21 Dec 2005 21:50:05 +0200 Ryan Viljoen [EMAIL PROTECTED] wrote: - * Adding routes - * default ... - * via ... - gw: Unknown host - * 192.168.4.1 ... Your /etc/conf.d/net is broken in this regard. Read the example (net.example) for correct syntax. It's probably using /sbin/ip, thus different syntax from /sbin/route. Okay I tried the following: - ziig conf.d # route add 192.168.4.1 - SIOCADDRT: No such device Well, you should tell where you want your route going to... This however did not give an error: - ziig conf.d # route add 192.168.4.1 gw 192.168.4.1 But should not be needed as 192.168.0.0/255.255.255.0 should automatically route through dev eth0 after ifconfig. Hint: What you maybe want to issue is route add default gw 192.168.4.1 or ip route add default via 192.168.4.1? This should route all non-local traffic through that machine. -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Improving SpamAssassin's accuracy...
Hi, On Sun, 15 Jan 2006 03:08:38 + Stroller [EMAIL PROTECTED] wrote: I emerged SpamAssasin on a mailserver the other day, added the appropriate line to /etc/postfix/master.cf and it all seems to be working ok. But it doesn't seem to be very accurate in the default configuration - I have a mailbox with about 4,000 messages, approximately 98% of which are spam and it gets only about 1/3 of them. The statement in `perldoc Mail::SpamAssassin::Conf`that 5.0 is the default setting, is quite aggressive does not seem true here. I'd strongly suggest using the Bayesian filters, per-user, that is. For a mail setup at my company for about 20 people with high mail traffic I'm running a nightly cron job to archieve that. Basically it works like this: - All incoming mail is scanned by Spamassassin, Bayes enabled - Users have virtual homedirs for Spamassassin - A nightly cron job learns all mail in users' INBOX.Spam.LearnSpam and INBOX.Spam.LearnHam folders (it's a simple shell script) That way all users can put mails they'd like to be learned as being spam in the respective IMAP folder and have them automatically learned overnight. Simple setup, highly effective, simple for my users. In order to give more hints to setup this, it would be helpful to know which mail storage is being used (IMAP? What server? What storage?). -hwh -- gentoo-user@gentoo.org mailing list