Re: dnf workstation collection

[Wolfgang S. Rupprecht]

"  sixpack13"  writes:
> sudo dnf groupinstall "Fedora Workstation" 

I was wondering about that.  I did it (without typing "y") on both and
upgraded and a system with a fresh install.  In the upgraded case I got
a large list as expected.  The unexpected part was that I had a shorter,
but still unexpectedly long list on the freshly installed system too.
It also came up with some errors that made me wonder if the option had
gotten tested.

#  dnf groupinstall "Fedora Workstation"  --skip-broken
Last metadata expiration check: 0:00:31 ago on Sat 01 Jun 2019 01:34:06 PM PDT.
No match for group package "libva-vaapi-driver"
No match for group package "xorg-x11-drv-omap"
No match for group package "totem-nautilus"
No match for group package "xorg-x11-drv-armsoc"
No match for group package "powerpc-utils"
No match for group package "lsvpd"
Dependencies resolved.

 Problem: problem with installed package 
fedora-chromium-config-1.1-2.fc30.noarch
  - installed package fedora-chromium-config-1.1-2.fc30.noarch obsoletes 
fedora-user-agent-chrome < 0.0.0.5 provided by 
fedora-user-agent-chrome-0.0.0.4-6.fc30.noarch
  - package fedora-chromium-config-1.1-2.fc30.noarch obsoletes 
fedora-user-agent-chrome < 0.0.0.5 provided by 
fedora-user-agent-chrome-0.0.0.4-6.fc30.noarch
  - conflicting requests

 PackageArch   VersionRepo Size

Installing group/module packages:
 podman x86_64 2:1.3.1-1.git7210727.fc30  updates  11 M
Installing dependencies:
 containers-common  x86_64 1:0.1.36-9.dev.gitd93a581.fc30 updates  35 k
 fuse3-libs x86_64 3.5.0-1.fc30   updates  83 k
 runc   x86_64 2:1.0.0-93.dev.gitb9b6cc6.fc30 updates 2.5 M
 containernetworking-plugins
x86_64 0.7.4-2.fc30   fedora   14 M
 libnet x86_64 1.1.6-17.fc30  fedora   61 k
Installing weak dependencies:
 container-selinux  noarch 2:2.101-1.gitb0061dc.fc30  updates  47 k
 criu   x86_64 3.12-11.fc30   updates 476 k
 fuse-overlayfs x86_64 0.3-10.dev.gita7c8295.fc30 updates  50 k
 podman-manpagesnoarch 2:1.3.1-1.git7210727.fc30  updates 172 k
 slirp4netnsx86_64 0.3.0-2.git4992082.fc30updates  82 k
Installing Environment Groups:
 Fedora Workstation
Installing Groups:
 base-x
 Container Management  
 Core  
 Firefox Web Browser   
 Fonts 
 GNOME Desktop Environment 
 Guest Desktop Agents  
 Hardware Support  
 LibreOffice   
 Multimedia
 Common NetworkManager Submodules
   
 Printing Support  
 Fedora Workstation product core
   

Transaction Summary

Install  11 Packages

Total download size: 28 M
Installed size: 111 M
Is this ok [y/N]: n
Operation aborted.
#
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

dnf workstation collection

[Wolfgang S Rupprecht]

Is there a way to make sure a system that was upgraded multiple times
instead of installed from scratch has all the rpm packages that the
current workstation collection has?   I notice some things like the
login screen wallpaper program that is present on fresh installs is
missing from an upgraded system.  Is there an @something dnf collection
that I can install to bring that aspect of an old system up to date?

-wolfgang
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

booting and NVME on older motherboards

[Wolfgang S. Rupprecht]

Has anyone gone through the exercise of setting up the boot environment
for booting fedora on a system with an NVME drive where the motherboard
UEFI code doesn't understand NVME disks?

I did a clean install of fedora to the nvme and let anacondia do its
thing.  The only non-default item was using real partitions instead of
LVM.

Rebooting after the installation showed me the problem.  The
motherboard's UEFI firmware didn't see the NVME disk at all.  Clearly I
need to have the early stages of booting grab files from a sata drive.
Is copying the /boot and /boot/efi partitions to the sata drive and
editing /boot/efi/EFI/fedora/grub.cfg to point the /dev/sda instead of
/dev/nvme0n1 all that needs doing?  No hidden firmare on the bootable
drive like in the bios days?  Is there any other file that had the
drive's pathname embedded?

-wolfgang
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: vt's enable screen blanking

[Wolfgang S. Rupprecht]

stan <stanl-fedorau...@vfemail.net> writes:
> On Mon, 09 Apr 2018 12:56:43 -0700
> Wolfgang S Rupprecht <wolfgang.ruppre...@gmail.com> wrote:
>
>> That looks like a fine solution if you are logged in on a terminal and
>> you want to change it for your current terminal.  I'm not sure how
>> that would work from rc.local.  How would I tell it to do that to all
>> the vt's?  (I tried the stdin and stdout as redirection targets but it
>> didn't seem to work.)
>
> A quick search turned up these pages, which should get you a little
> further on your journey.
>
> https://superuser.com/questions/152347/change-linux-console-screen-blanking-behavior
>
> https://unix.stackexchange.com/questions/8056/disable-screen-blanking-on-text-console

Thanks.   Those are both 7 years old and things appear to have changed
much.

[wolfgang@arbol ~]$ setterm -blank 600
setterm: argument error: 600

Not only is the "-blank" missing but I believe it applies to the current
tty.  That would make it difficult to slip into /etc/rc.local .

-wolfgang
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: vt's enable screen blanking

[Wolfgang S Rupprecht]

stan <stanl-fedorau...@vfemail.net> writes:
> On Mon, 09 Apr 2018 08:57:12 -0700
> Wolfgang S Rupprecht <wolfgang.ruppre...@gmail.com> wrote:
>
>> How does one activate screen blanking on the vt's these days?
>
> I use setterm --blank=60 to prevent the screens from blanking after
> whatever the default is (10 minutes?).  I don't know where the actual
> setting is, though.  But you could put it in an rc.local file with
> whatever value you want to use so it is set on startup.

Thanks.

That looks like a fine solution if you are logged in on a terminal and
you want to change it for your current terminal.  I'm not sure how that
would work from rc.local.  How would I tell it to do that to all the
vt's?  (I tried the stdin and stdout as redirection targets but it
didn't seem to work.)

-wolfgang
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

vt's enable screen blanking

[Wolfgang S Rupprecht]

How does one activate screen blanking on the vt's these days?

I have an ancient 32-bit x86 Acer mini laptop running as a server where
the X11 greeter just started crashing in a tight loop.  I've turned the
graphical login off but that leaves me with the first vt's login prompt
displaying.  Whatever is responsible for blanking the screen seems not
to be doing its thing.  Where is the screen blank timer configuration
these days?  It has been so long and things have changed so much that
google is useless.   I assume systemd has absorbed that function by now
but I can't find it.   /etc/systemd/logind.conf doesn't seem to have a
screenblank setting even though it seems to have everything else.

-wolfgang
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Meet PoisonTap, the $5 tool that ransacks password-protected computers

[Wolfgang S. Rupprecht]

"George N. White III"  writes:
> I assume the OP's intent was for the system to ignore devices newly
> connected when the screen is locked, so existing devices such as the
> keyboard used to unlock the screen remain available for use. Apple
> systems do something like this.  If you connect a USB storage device
> to a macOS box while the screen is locked, nothing happens. After the
> screen is unlocked, the device must be unplugged and plugged in again
> before it can be used. You can, however, connect a USB mouse or
> keyboard to a macOS system that is locked and use the new USB device
> to unlock the system.

Delaying the discovery seems superior in another way too.

Whitelisting certain classes of devices has another security problem.
If usb keyboards are whitelisted (as they probably will need to be if
the person uses a dock for their laptop) then someone could connect a
small computer that imitates a keyboard.  That phony usb keyboard can
hammer the victim computer with rapid-fire password guesses.  It makes
breaking the lockscreen a lot less painful than the alternative of
typing a large number of password guesses.

-wolfgang
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Monitor / graphics card recommendation

[Wolfgang S. Rupprecht]

Mark  writes:
> One of my new year's resolutions is to upgrade the monitor on my Fedora
> 23 Desktop.
>
> I've been looking at a 34" curved 3440 x 1440 monitor. But first I want
> to make sure it actually makes sense to get such a large monitor for
> Linux and that there's a graphics card on the market that works well
> with Fedora and that can drive such a large monitor. I would prefer an
> open source driver, but I'm prepared to install a blob if I have to.
> I'm not interested in gaming so that's not an issue, it's the real
> estate I'm after. 

Have a look at the ASUS R7360-OC-2GD5 or the same ATI/Radeon R7-360 card
by any of a half dozen companies.  I have one attached to a cheap 4k
Seiki HDMI monitor (8M pixels) which is 3M pixels more than you need to shift
(5M pixels).  Xorg works with it out of the box.  No mystery binaries
needed.

The downside is this card has a fan, but it runs very slowly under Xorg
and normal use.  Modern framebuffers just don't come fanless any more.
The GPU's at idle all seem to use just a touch too much power.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Cannot access my phone storage from fc22

[Wolfgang S. Rupprecht]

Will W  writes:
> On Tue, 5 Jan 2016, Tim wrote:
>
>> Date: Tue, 05 Jan 2016 16:45:18 +1030
>> From: Tim 
>> Reply-To: Community support for Fedora users 
>> To: users@lists.fedoraproject.org
>> Subject: Re: Cannot access my phone storage from fc22
>>
>> Allegedly, on or about 04 January 2016, Will W sent:
>>> I know a lot of people mentioned about the cable, the only one that
>>> seems to work for me is the cable that came with the phone 
>>
>> With something like that, it makes me wonder whether there's a problem
>> with the contacts in the phone's socket, and some cables just make poor
>> connections.
>
> I agree there but with genernic cables it works sometimes for me. It
> is weird tho.

There are "charging-only" cables that intentionally leave out the data
wires.  These are a good idea when you don't want some random charger at
a coffee shop or airport to download all your pictures and other data
while your phone is charging.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: 802.11n WIFI speeds

[Wolfgang S. Rupprecht]

Stephen Morris  writes:
>> As always, YMMV. I find 802.11n fine for what I need wifi for, although
>> I do have 802.11ac available as well. If I need higher speed, my house
>> is fully CAT6-ified with an Extreme Summit 400-48T 48-port switch in the
>> middle, so I can "go copper" if I need higher speed (sorta gilding the
>> lily since my Internet link is only 100Mbps upload (download is faster,
>> but I do a lot of uploading due to my job).

Thanks Rick and Steve.  I was just curious as to whether my new laptop
could get the claimed speeds over wifi.  I too have gigabit ethernet
around the house and plug into that normally.

As far as I can tell 802.11ac still has little support on open-source /
linux-based routers, so I'll hold off upgrading my router.  Besides, 'ac
probably has the same 2x overstatement of advertised speed vs actual
measured speed. ;-)

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: 802.11n WIFI speeds

[Wolfgang S. Rupprecht]

Jack Craig  writes:
> how due you calculate throughput? i have a wireless config for 54
> Mbit/sec 
> but never measured...

I used one of the web-based speed tests such as
http://speedtest.comcast.net/ .  That test is flash-based but there are
others that use straight html such as
http://www.dslreports.com/speedtest .

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

802.11n WIFI speeds

[Wolfgang S. Rupprecht]

Does Fedora/Linux support the faster than 54 Mbit/sec 802.11n speeds?

My OpenWRT AP has a status page that claims that the 5 Ghz radio is
configured for a 150 Mbits/sec 40Mhz (double-wide) channel.  I'm only
seeing a 54 Mbit/sec throughput over WIFI though.  (Over ethernet to the
same router I'm seeing the expected 180 Mbits/sec to the internet.)

This is what lshw(1) has to say about the wifi card:

  *-network
description: Wireless interface
product: RTL8821AE 802.11ac PCIe Wireless Network Adapter
vendor: Realtek Semiconductor Co., Ltd.
physical id: 0
bus info: pci@:03:00.0
logical name: wlp3s0
version: 00
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress bus_master cap_list ethernet 
physical wireless
configuration: broadcast=yes driver=rtl8821ae 
driverversion=4.2.8-300.fc23.x86_64 firmware=N/A ip=192.168.75.107 latency=0 
link=yes multicast=yes wireless=IEEE 802.11abgn
resources: irq:52 ioport:3000(size=256) memory:b200-b2003fff

Does this ring any bells?  I can easily believe that the faster speeds
are proprietary extensions but figured I'd check.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Change ip address -

[Wolfgang S. Rupprecht]

Bob Goodwin  writes:
> I have a device that when reset requires I set my Fedora-22 computer
> to the address 1.1.1.2 in order that I can access it at 1.1.1.1. with
> my Firefox browser.

# allow us to talk to our zoom modem at 192.168.100.1/24
/usr/sbin/ip addr add 192.168.100.2/24 dev eth0.2

Hacking routes as one of the other replies suggested will only solve
half the problem.  The packet gets flung in the right direction.  The
problem is that the return packet won't be accepted.  In fact the arp
reply won't even happen.   Assigning the appropriate interface a second
address will take care of both the outgoing and incoming packet.   

Ignore the funny name of the ethernet dev.  This is actually on an
OpenWRT router.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Change ip address -

[Wolfgang S. Rupprecht]

Gordon Messmer <gordon.mess...@gmail.com> writes:
> On 10/08/2015 11:21 PM, Wolfgang S. Rupprecht wrote:
>> Hacking routes as one of the other replies suggested will only solve
>> half the problem.  The packet gets flung in the right direction.  The
>> problem is that the return packet won't be accepted.  In fact the arp
>> reply won't even happen.
>
> That's not quite correct.  The problem is not that the packets
> wouldn't be accepted by your client, or that your client would not
> reply to ARP requests.  The Buffalo device at 1.1.1.1 would accept
> packets from your client (unless rp_filter is enabled and it had no
> default route, but let's ignore that), but it would lack a route back
> to the client.  The Buffalo device would never send an ARP request,
> nor would it send packets in return.

Yea, I realized that after sending off the msg.  It would never even
send that arp request because it wouldn't see the src address as a local
network hence no arp.

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: journalctl --follow

[Wolfgang S. Rupprecht]

Chris Murphy li...@colorremedies.com writes:
 Yeah I don't know any details about this hook; but basically
 systemd-journald is the single source for logging now, but it provides
 a socket for rsyslog (and other conventional loggers that have been
 updated) can grab the stream and do their own thing like they have in
 the past. But there is only one such socket, and no two loggers can
 share it, as I understand things.

Thanks for the background.

I think I have a handle on what was happening.  The delay wasn't in the
input side of things but in my using the stdout/stderr to do a quick and
dirty logging via systemd's redirection of stdout/stderr into the logs.
Systemd seems to delay things a bit more as time goes on.  Maybe a delay
based on the total byte-count as some auto-adjusting efficiency hack?

In any case this shell script with the output to a gnome terminal showed
only 3 or 4 milliseconds delay over a 24+ hr period.

journalctl -f -o short-precise -u apcupsd | \
while read line
do
date=$(date '+%b %d %H:%M:%S.%N')
echo $date -- $line
done

Feb 12 17:32:50.127051639 -- Feb 12 17:32:50.124113 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,29.0,00.0,000.0,000.0,119.0,100.0,1
Feb 12 17:33:50.615503948 -- Feb 12 17:33:50.610058 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,29.0,00.0,000.0,000.0,119.0,100.0,0
Feb 12 17:35:04.240717368 -- Feb 12 17:35:04.237443 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,29.0,00.0,000.0,000.0,119.0,100.0,1
Feb 12 17:36:57.216696271 -- Feb 12 17:36:57.213388 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,0
Feb 12 17:37:57.702263685 -- Feb 12 17:37:57.699308 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,1
Feb 12 17:38:58.198243702 -- Feb 12 17:38:58.185059 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,0
Feb 12 17:39:58.669490321 -- Feb 12 17:39:58.666990 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,1
Feb 12 17:40:59.152423114 -- Feb 12 17:40:59.148905 arbol.wsrcc.com 
apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,0

That ultra-low delay compared to what I was seeing got me wondering
about the delay in the output of my perl program.

Thanks for the ideas.   Now that I replace the lazy logging in my perl
script with perl calls to syslog(), things are logging so rapidly that
the scripts log entries and sshd's log entries are interleaved.  That's
never happened before.

 I think I have a below average handle on most Linux internals. I
 mostly just have a vivid imagination!

;-)

A good imagination is the most valuable debugging skill.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: journalctl --follow

[Wolfgang S. Rupprecht]

Chris Murphy li...@colorremedies.com writes:
 On Mon, Feb 9, 2015 at 11:59 PM, Wolfgang S. Rupprecht
 wolfgang.ruppre...@gmail.com wrote:

 Is journalctl in the tail -f mode called follow supposed to be
 realtime?  I'm seeing it more or less output log lines in realtime for
 many hours and then eventually it falls behind with half an hour or one
 hour delay.
 I haven't seen this. If you quit and then issue a new journalctl -f,
 do you see a bunch of things that previously weren't there with
 (approximately) current time? It might be a bug worth inquiring about
 on systemd-devel@.

I do see journalctl output the delayed lines when I run either
journalctl by itself or with -f.

(with slight editing, just to toy with the script kiddies probing the
system. ;-))

# journalctl -o short-precise -u ssh-ban -u sshd --lines 73
...
Feb 10 09:30:12.267795 xxx.example.com sshd[10846]: Set 
/proc/self/oom_score_adj to 0
Feb 10 09:30:12.278631 xxx.example.com sshd[10846]: Connection from 
104.236.247.20 port 59270 on 192.168.35.32 port 22
Feb 10 09:49:22.061551 xxx.example.com sshd[10952]: Set 
/proc/self/oom_score_adj to 0
Feb 10 09:49:22.069974 xxx.example.com sshd[10952]: Connection from 
219.153.36.198 port 41053 on 192.168.35.32 port 22
Feb 10 09:55:47.553083 xxx.example.com sshd[10966]: Set 
/proc/self/oom_score_adj to 0
Feb 10 09:55:47.556836 xxx.example.com sshd[10966]: Connection from 
103.41.124.32 port 51058 on 192.168.35.32 port 22
Feb 10 09:55:47.560852 xxx.example.com ssh-ban[764]: Connection 104.236.247.20 
Count: 1
Feb 10 09:55:47.561618 xxx.example.com ssh-ban[764]: Connection 219.153.36.198 
Count: 2
Feb 10 09:55:47.562250 xxx.example.com ssh-ban[764]: Connection 103.41.124.32 
Count: 4
Feb 10 09:55:47.562861 xxx.example.com ssh-ban[764]: SSHBANNED: 103.41.124.32

My script will print significant events to its output which systemd
will then throw into the logs.  This lets me see the original sshd
printf timestamp and the time that my script (ssh-ban) saw it at.

In this case the first connection, from  104.236.247.20 was logged at
09:30:12.278631 but the script saw it at 09:55:47.560852 .  That's a
delay of 25 minutes.

Thanks for the tip on systemd-devel@ mailing list.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: journalctl --follow

[Wolfgang S. Rupprecht]

Chris Murphy li...@colorremedies.com writes:
 Is this delayed behavior reproducible in a shell running journalctl -f
 ? Or only happens with the script log?

I guess I need to get off my duff and run that test.

 If you aren't using rsyslog, I wonder if you can use the single socket
 designed for this instead, if that's more reliable for something like
 this?

I didn't know about this.  Thanks! I'll look into it and give it a shot.

 Anyway, feel free to ignore all of the above. I think you'll get
 better help from systemd-devel@. 

Your outlook is always appreciated.  It is clear to me that you have a
very good handle on the Linux internals.  Thanks for thinking about this
and speaking up!

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

journalctl --follow

[Wolfgang S. Rupprecht]

Is journalctl in the tail -f mode called follow supposed to be
realtime?  I'm seeing it more or less output log lines in realtime for
many hours and then eventually it falls behind with half an hour or one
hour delay.

The (simplified) lines are from a perl sshd tracker are:

open( LOG, journalctl -o short-precise -u sshd --follow |);
while (LOG) {
...
}

I suppose, it is possible that the delay is in perl, but journalctl
seems more likely to be the culprit, hence the subject line.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: wireless is strange

[Wolfgang S. Rupprecht]

Dave Ihnat dih...@dminet.com writes:
 On Tue, Dec 30, 2014 at 05:32:03PM +0100, antonio wrote:
 as network is a an extension of an office network, I do not want
 anybody even see that network is extended

 With all due respect, it doesn't matter.  The Bad Guys(Tm) *will* see it,
 SSID or not.  WiFi scanning tools return all channels, with or without a
 SSID.  So why obfuscate your network to no advantage?  It just gets in the
 way of legitimate administration and users.

And even more importantly, laptops and phones need to search for hidden
SSID's, so they are constantly broadcasting the fact that they are
looking for a certain SSID, even when they aren't anywhere near that
SSID.  People with hidden SSID's are effectively letting people track
them wherever they go. ;-)

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: MTU breakage in f20 (solved)

[Wolfgang S. Rupprecht]

Ed Greshko ed.gres...@greshko.com writes:
 As I mentioned in a previous message, I would have suggested rebooting
 the GWwhich may also solve it as it may not be an actual port
 problem just that it got into a condition.  :-)

It would be nice if it were that simple.  That switch was only a year
and change old.  Just enough to take it out of the 1 year warranty.

Rebooting all around is the first thing I did.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

MTU breakage in f20

[Wolfgang S. Rupprecht]

It looks like something broke recently that severely limits the MTU in
Fedora 20 when running under NM.  Are other people seeing this too?
Here I'm pinging my upstream lan-to-wan gateway.  A 1200 byte ping fails
while a 500 byte one succeeds.  I see the same thing when pinging
between two identical, fully up-to-date f20 systems.

   wolfgang@arbol ~]$ ping -s 1200 gw
   PING gw.wsrcc.com (192.168.35.1) 1200(1228) bytes of data.
   ^C
   --- gw.wsrcc.com ping statistics ---
   3 packets transmitted, 0 received, 100% packet loss, time 2000ms

   [wolfgang@arbol ~]$ ping -s 500 gw
   PING gw.wsrcc.com (192.168.35.1) 500(528) bytes of data.
   508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=1 ttl=64 time=0.503 ms
   508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=2 ttl=64 time=0.460 ms
   508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=3 ttl=64 time=0.456 ms
   508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=4 ttl=64 time=0.454 ms
   ^C
   --- gw.wsrcc.com ping statistics ---
   4 packets transmitted, 4 received, 0% packet loss, time 3001ms
   rtt min/avg/max/mdev = 0.454/0.468/0.503/0.025 ms
   [wolfgang@arbol ~]$ 

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: MTU breakage in f20

[Wolfgang S. Rupprecht]

Ed Greshko ed.gres...@greshko.com writes:
 [egreshko@meimei ~]$ ping -s 1200 wifi   (my gw)
 PING wifi.greshko.com (192.168.1.1) 1200(1228) bytes of data.
 1208 bytes from wifi.greshko.com (192.168.1.1): icmp_seq=1 ttl=64 time=0.487 
 ms
 1208 bytes from wifi.greshko.com (192.168.1.1): icmp_seq=2 ttl=64 time=0.501 
 ms
 So, no trouble here.  Fully updated F20 system.

Hmm. I didn't really believe it could be an across the board problem
without anyone else noticing, but that leaves me with the question as to
what is going on here.  I've got a similar claimed mtu of 1500.   

[wolfgang@arbol ~]$ ip link show p34p1
3: p34p1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state 
UP mode DEFAULT group default qlen 1000
link/ether 08:60:6e:74:6f:e2 brd ff:ff:ff:ff:ff:ff

Using a bit of binary search it turns out my largest working ping is 512
bytes.  That is a very suspicious number because it is power of two and
the actual packet still has a handful of bytes slapped onto the front
making it a non power of two.   

[wolfgang@arbol ~]$ ping -s 512 gw
PING gw.wsrcc.com (192.168.35.1) 512(540) bytes of data.
520 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=1 ttl=64 time=0.538 ms
520 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=2 ttl=64 time=0.521 ms
520 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=3 ttl=64 time=0.453 ms
^C
--- gw.wsrcc.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.453/0.504/0.538/0.036 ms
[wolfgang@arbol ~]$ ping -s 513 gw
PING gw.wsrcc.com (192.168.35.1) 513(541) bytes of data.
^C
--- gw.wsrcc.com ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 7999ms

[wolfgang@arbol ~]$ 

I've turned off all the hardware accelerators that ethtool knows about.
No change.

[wolfgang@arbol ~]$ ethtool -k p34p1
Features for p34p1:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off
tx-checksum-ip-generic: off [fixed]
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: off
tx-scatter-gather: off
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-ipip-segmentation: off [fixed]
tx-sit-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
tx-mpls-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off
rx-all: off
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
busy-poll: off [fixed]
[wolfgang@arbol ~]$ 

What is left?  Some weirdness caused by my router announcing a low MTU
but Fedora not reporting it?  I'm grasping at straws here.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: MTU breakage in f20 (solved)

[Wolfgang S. Rupprecht]

The problem turned out to be my switch dying in a funny way.  When I
moved the computer's ethernet from the switch (Netgear GS108E-100NAS) to
a spare port on the gateway, large pings started working.  

Thanks for everyone helping to reason through this.  The observation
that it wasn't a general fedora problem helped a lot.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

dram showing up as scsi

[Wolfgang S. Rupprecht]

Anyone know what is going on here?  My 4 DRAM sticks are showing up as
scsi devices.  Strange.

kernel: 3.15.8-200.fc20.x86_64


Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:0: Direct-Access 
Kingston FCR-HS219/1  9745 PQ: 0 ANSI: 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:1: Direct-Access 
Kingston FCR-HS219/1  9745 PQ: 0 ANSI: 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:2: Direct-Access 
Kingston FCR-HS219/1  9745 PQ: 0 ANSI: 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:3: Direct-Access 
Kingston FCR-HS219/1  9745 PQ: 0 ANSI: 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:0: Attached scsi generic sg4 
type 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:0: [sdd] Attached SCSI 
removable disk
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:1: Attached scsi generic sg5 
type 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:2: Attached scsi generic sg6 
type 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:3: Attached scsi generic sg7 
type 0
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:1: [sde] Attached SCSI 
removable disk
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:2: [sdf] Attached SCSI 
removable disk
Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:3: [sdg] Attached SCSI 
removable disk

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: dram showing up as scsi

[Wolfgang S. Rupprecht]

Digimer li...@alteeve.ca writes:
 On 09/08/14 04:46 PM, Wolfgang S. Rupprecht wrote:
 Anyone know what is going on here?  My 4 DRAM sticks are showing up as
 scsi devices.  Strange.
 Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:0: Direct-Access
 Kingston FCR-HS219/1 9745 PQ: 0 ANSI: 0
 That part number is for a card reader, not RAM.

 http://www.kingston.com/en/support/technical/products?model=fcr-hs219

Ah!  Thanks.  Now that you mention it, that card reader does say
Kingston on it.  Sheesh.

(I still think of Kingston as the aftermarket DRAM guys.)

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: cloned sd card is not booting

[Wolfgang S. Rupprecht]

Robert Moskowitz r...@htt-consult.com writes:
 I suspect that although they are marketed as 16GB, they vary due to
 manufacturing quality by a block or so.

The other thing to consider if it is a bargain bin drive is that the
drive might be a counterfeit with mismarked capacity.
http://www.ebay.com/gds/All-About-Fake-Flash-Drives-2013-/1000177553258/g.html

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: cloned sd card is not booting

[Wolfgang S. Rupprecht]

Robert Moskowitz r...@htt-consult.com writes:
 On 08/06/2014 09:58 AM, Wolfgang S. Rupprecht wrote:
 Robert Moskowitz r...@htt-consult.com writes:
 I suspect that although they are marketed as 16GB, they vary due to
 manufacturing quality by a block or so.
 The other thing to consider if it is a bargain bin drive is that the
 drive might be a counterfeit with mismarked capacity.
 http://www.ebay.com/gds/All-About-Fake-Flash-Drives-2013-/1000177553258/g.html

 These are not sold under any name.  They are 'blank' packaged.

 So I figured that whatever that whatever is 'wrong' with them in
 perhaps malware, would get blown away by Linux.  I once DID buy a usb
 drive from an online store that had a hidden partition with some
 strange looking stuff

The above URL uses counterfeit to mean drives are sold as large capacity
drives that really don't have large flash chips inside.  The upstream
sellers buy small drives and reprogram the controllers to advertise a
larger size that the drive really can't deliver.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: cloned sd card is not booting

[Wolfgang S. Rupprecht]

Robert Moskowitz r...@htt-consult.com writes:
 On 08/06/2014 03:55 PM, Wolfgang S. Rupprecht wrote:
 Robert Moskowitz r...@htt-consult.com writes:
 On 08/06/2014 09:58 AM, Wolfgang S. Rupprecht wrote:
 Robert Moskowitz r...@htt-consult.com writes:
 I suspect that although they are marketed as 16GB, they vary due to
 manufacturing quality by a block or so.
 The other thing to consider if it is a bargain bin drive is that the
 drive might be a counterfeit with mismarked capacity.
 http://www.ebay.com/gds/All-About-Fake-Flash-Drives-2013-/1000177553258/g.html
 These are not sold under any name.  They are 'blank' packaged.

 So I figured that whatever that whatever is 'wrong' with them in
 perhaps malware, would get blown away by Linux.  I once DID buy a usb
 drive from an online store that had a hidden partition with some
 strange looking stuff
 The above URL uses counterfeit to mean drives are sold as large capacity
 drives that really don't have large flash chips inside.  The upstream
 sellers buy small drives and reprogram the controllers to advertise a
 larger size that the drive really can't deliver.

 Well these are marketed as 16Gb.  parted is showing one to be 15.6Gb.
 And I have put over 8Gb on a couple of them.  I think if MicroCenter
 was seriously mismarketing them, their customers would be complaining
 in droves.  Being off by .4Gb would not be noticed and as in my cases
 tossed off as low quality that needed to mark parts of it as not to be
 used and thus the smaller size.

 # parted /dev/sdb print
 Model: Generic- Multi-Card (scsi)
 Disk /dev/sdb: 15.6GB
 Sector size (logical/physical): 512B/512B
 Partition Table: msdos
 Disk Flags:

 Number  Start   End SizeType File system Flags
  1  1000kB  513MB   512MB   primary  ext3
  2  513MB   1025MB  512MB   primary  linux-swap(v1)
  3  1025MB  15.6GB  14.5GB  primary  ext4

You do realize that whatever parted is showing is whatever the USB's
controller is telling it?   If you have having problems writing the full
drive's worth of information (as your previous message indicated) my
first sanity check would be to write the full *raw* drive with unique
data and see if the expected data was still there on read.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Somewhat OT, but possibly useful to all Fedorites

[Wolfgang S. Rupprecht]

g gel...@bellsouth.net writes:
 a 6gbps drive connected to a 3gbps controller is not going to
 have a 6gbps throughput.

And just to hammer that point home, any good modern SSD is going to have
a capacity of 550 MBytes/sec or more.  It is going to mostly saturate
that 6 Gbit/sec SATA channel.  Putting the drive on a 3 Gbit/sec channel
is going to limit you to the 280 MByte/sec range.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: OpenSSL package updates coming shortly to mirrors

[Wolfgang S. Rupprecht]

 yum -y install koji
 koji download-build --arch=x86_64 openssl-1.0.1e-38.fc20

   yum localupdate openssl*-1.0.1e-38.fc20.x86_64.rpm

A while ago someone posted this method which seems to work well enough
and takes care of the dependencies without installing needless *-dev
options.  Basically you need to create the koji repo file and then use
yum to download the needed rpms automatically.

/etc/yum.repos.d/koji.repo:

[koji]
name=Koji Repo
baseurl=http://koji.fedoraproject.org/repos/f$releasever-build/latest/$basearch/
enabled=0
skip_if_unavailable=1
gpgcheck=0

and then run:

yum install openssl --enablerepo=updates-testing,koji

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: mailinglist issues

[Wolfgang S. Rupprecht]

David dgbo...@gmail.com writes:
 The only mailing list emails that Gmail sends to spam, for me, are those
 that come from Linux users that have their own email server(s). And all
 of those come from post to Linux mailing lists.

Yahoo and AOL both have similar DMARC, DKIM, SPF settings and senders
from those domains should also go to spam (unless Gmail is special
casing them).   Although, I can't imagine there is much overlap between
AOL users and those that post to linux mailing lists.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

mailing list errors (was: Fedora-like Linux for 1.99GB RAM?)

[Wolfgang S. Rupprecht]

Sudhir Khanger sud...@sudhirkhanger.com writes:
 Off topic. Is this email sent from your personal email server? I am
 asking because Google shows a warning that they can't verify if this
 message was sent by the wsrcc.com.

Sudhir, thanks for noticing and speaking up!

Not totally off topic.   The issue is that the mailing list software
that fedora uses is an old version that still re-writes the body and
subject yet keeps the From: address.   Modern mailers that receive
mail can verify this tampering and will mark the message as such.

The magic is done via the DKIM header in the message as well as the SPF
and DMARC records I publish for wsrcc.com .   Yes I know that will cause
problems for my posts to this mailinglist.   Hopefully when the mailman
software is updated on lists.fedoraproject.org this problem will go away.

(The wsrcc.com domain is 24 years old and is on many spam email lists as
a potential source of forged From: addresses.  I see a small, but to
me, annoying 40 messages per day forged with my address.  I want it to
stop and this setting is doing wonders and dissuading spammers from using
my address.)

Probably more than you wanted to know.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

mailinglist issues (Was: Fedora-like Linux for 1.99GB RAM?)

[Wolfgang S. Rupprecht]

Ed Greshko ed.gres...@greshko.com writes:
 On 06/01/14 10:14, Sudhir Khanger wrote:

 
 Off topic. Is this email sent from your personal email server?
 I am asking because Google shows a warning that they can't verify
 if this message was sent by the wsrcc.com.

 You get this warning because of this header in the email.

 Authentication-Results: mx.google.com;
spf=pass (google.com: domain of users-boun...@lists.fedoraproject.org 
 designates 209.132.181.2 as permitted sender) 
 smtp.mail=users-boun...@lists.fedoraproject.org;
dkim=neutral (body hash did not verify) header.i=@;
dmarc=fail (p=REJECT dis=NONE) header.from=wsrcc.com

Bingo.  Right on the money.

 I've not looked into itbut I don't think dkim/dmarc works very
 well with mailing lists.

It can.  Mailman has already been changed to take ownership of the
From: line pointing it to some list-owned address and injecting a
reply-to optionally to allow unicast msgs to work too.

The problem is that mailing lists forging From addresses looks the same
to software as a spammer forging the same.  No progress is going to be
made till mailing lists stop doing that.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Fedora-like Linux for 1.99GB RAM?

[Wolfgang S. Rupprecht]

Oliver Ruebenacker cur...@gmail.com writes:
 I need a new OS for an old computer, an about 10 years old x86. I
 upgraded RAM from 500MB to 2GB, though Windows XP reports 1.99 GB.
 I would have installed Fedora, but they say the requirements are at
 least 4GB RAM.

My trusty laptop which I have been updating since FC4 max's out at 2GB.
Once booted, Cinammon logins work just fine as long as one doesn't run
any memory pig (like Google Chrome with Adblock active).  That pushes
things over the edge by a small amount of memory.  Closing Chrome gets
me back under the magic 2GB boundry and things run at normal speed
again.

Booting does rattle the disk quite a bit.  I assume it is swapping, but
I've learned to turn the laptop on before going to the kitchen to make
coffee.  The laptop is always up and running by the time coffee is
done. ;-)

Why not try installing F20 and see if it works for you?

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: stopping cinnamon-started apps at logout

[Wolfgang S. Rupprecht]

Ahmad Samir ahmadsamir3...@gmail.com writes:
 On 11/05/14 18:52, Wolfgang S. Rupprecht wrote:
 I'd assumed that the apps started by cinnamon when I logged in would
 also be killed when I logged out.  That doesn't seem to be the case for
 non-X11 programs that hang around forever and watch files.  Those
 programs just get passed off to PID 1 when one logs out and continue on
 their merry way till the system reboots.  If one logs in again, another
 instance of the program is started.
 I am not sure but it could be systemd-logind; try editing
 /etc/systemd/logind.conf and change:

 #KillUserProcesses=no

 to
 KillUserProcesses=yes

Thanks!  That is a great find.  I'll try. 

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

stopping cinnamon-started apps at logout

[Wolfgang S. Rupprecht]

I'd assumed that the apps started by cinnamon when I logged in would
also be killed when I logged out.  That doesn't seem to be the case for
non-X11 programs that hang around forever and watch files.  Those
programs just get passed off to PID 1 when one logs out and continue on
their merry way till the system reboots.  If one logs in again, another
instance of the program is started.

The exact program I'm running is a IMAP watcher that watches my remote
INBOX and grabs the new mail as soon as it arrives.   It would be good
if it stopped when I logged out.

  /usr/bin/getmail --idle=INBOX

Any ideas?  Do I have to keep track of the PID myself and find a logout
hook to hang a kill -HUP onto?  Does .bash_logout or .logout even get
called?

 -wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: stopping cinnamon-started apps at logout

[Wolfgang S. Rupprecht]

Ed Greshko ed.gres...@greshko.com writes:
 In your .bash_logout file you could place a killall statement and
 name the process you want to kill off.  See the killall man page.

Are you seeing .bash_logout called when you exit a desktop session?  I
don't, but then our setups might differ a bit. (I'm using f20
w. cinnamon)

As an aside, doing it cleanly from .bash_logout would be a bit tricky
because I wouldn't want it run when any ssh or tty based logout
happened, only when the logout was from the GUI session that started the
apps.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: stopping cinnamon-started apps at logout

[Wolfgang S. Rupprecht]

Ed Greshko ed.gres...@greshko.com writes:
 I found this for gnome/gdm.   Maybe it will be useful for you if you use gdm?

 http://www.linuxquestions.org/questions/linux-desktop-74/gnome-run-script-on-logout-724453/

I may have to do that.  Thanks.

Strikes me as an oversight that one has to hack a file together and
install that with root privs.  Whatever is starting the apps really
should kill it too.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: UEFI Big Drive question

[Wolfgang S. Rupprecht]

Stephen Morris samor...@netspace.net.au writes:
 The one limitation with GPT as I understand it is that in order to use
 GPT you must also have UEFI active in the Bios.

I use GPT on all my single-boot Fedora machines. All but one has the
traditional BIOS.  The traditional BIOS works just fine with GPT
formatted disks.

Furthermore, I use just two partitions.  Linux swap and ext4 / fs.  It
works just fine that way.  There is no need to make your life more
difficult with juggling a bunch of partitions that will need re-sizing
down the road.

 From experience I have also found that you can't install the
 windows system partition on a GPT device and I thought I read
 somewhere that you also can't put Linux /boot on GPT either.

This is true.  My laptop's MS Windows XP doesn't seem to like GPT.  Not
sure about anything more recent.  I only use the XP partition to load
updated firmware on consumer devices, so I'm not about to spend money to
upgrade an OS I use perhaps once a year.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: rkhunter sshd warning

[Wolfgang S. Rupprecht]

Patrick O'Callaghan pocallag...@gmail.com writes:
 On Sun, 2014-03-16 at 15:04 -0700, Wolfgang S. Rupprecht wrote:
 A clever intruder is just going to wait until a batch of changes goe
 out and then add their trojan. 

 Of course you check the hash signatures on those downloads, right?

Yes, but in a haphazard, infrequent manner.  The whole point of
me installing rkhunter was to automate detection of trojans.   If I'm
going to have to check the hashes myself, what is rkhunter bringing to
the party?

The more I think about it the more --propupd bothers me.  rkhunter emits
warnings that turn into regular mailbox clutter and sooner or later one
is going to ignore them.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

rkhunter sshd warning

[Wolfgang S. Rupprecht]

Things that make you go 'hmmm' (see sshd, ssh, telnet mention):

From: root (root)
To: root
Subject: rkhunter Daily Run on [redacted]
Date: Sun, 16 Mar 2014 07:51:04 -0700


- Start Rootkit Hunter Update -
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat  [ No update ]
  Checking file programs_bad.dat [ No update ]
  Checking file backdoorports.dat[ No update ]
  Checking file suspscan.dat [ No update ]
  Checking file i18n/cn  [ No update ]
  Checking file i18n/de  [ No update ]
  Checking file i18n/en  [ No update ]
  Checking file i18n/tr  [ No update ]
  Checking file i18n/tr.utf8 [ No update ]
  Checking file i18n/zh  [ No update ]
  Checking file i18n/zh.utf8 [ No update ]

-- Start Rootkit Hunter Scan --
Warning: The file '/usr/sbin/sshd' exists on the system, but it is not 
present in the 'rkhunter.dat' file.
Warning: The file '/usr/bin/ssh' exists on the system, but it is not 
present in the 'rkhunter.dat' file.
Warning: The file '/usr/bin/telnet' exists on the system, but it is not 
present in the 'rkhunter.dat' file.
Warning: GasKit Rootkit   [ Warning ]
 Directory '/dev/dev' found

--- End Rootkit Hunter Scan ---

In the famous words of the Three Miles Island operators Ignore those
gauges. They are clearly wrong.

Every one of my systems here is showing some subset of this error.  Some
only show sshd, others all three.  Disconcerting to say the least.

Are other people seeing this?  I'm not looking forward to a full scrub
and clean installation.

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: rkhunter sshd warning

[Wolfgang S. Rupprecht]

Kevin Fenzi ke...@scrye.com writes:
 On Sun, 16 Mar 2014 12:59:29 -0700
 Wolfgang S. Rupprecht wolfgang.ruppre...@gmail.com wrote:
 Are other people seeing this?  I'm not looking forward to a full scrub
 and clean installation.

 Did you recently install or update openssh-server, openssh or
 telnet-server ? When you update packages you need to re-run
 'rkhunter --propupd' to update it's db. 

 The /dev/dev/ thing is a dracut bug from a while back. You can safely
 remove that /dev/dev/ directory and it's contents. 

$ grep ssh /var/log/yum.log 
Jan 06 19:27:53 Updated: openssh-6.4p1-3.fc20.x86_64
Jan 06 19:28:23 Updated: openssh-server-6.4p1-3.fc20.x86_64
Jan 06 19:28:23 Updated: openssh-clients-6.4p1-3.fc20.x86_64
Jan 06 19:28:23 Installed: openssh-askpass-6.4p1-3.fc20.x86_64

I do nightly yum updates but ssh* hasn't updated in a long while.  I
also recall the file updated messages are a bit different, complaining
that an inode changed.

I also did an 'rpm -Va' to see if the hash changed, but it hadn't.
While it is possible that rpm was replaced with a version that lies, I
honestly can't believe the rabbit hole goes that deep.  I'm leaning
towards something bad having happened to upstream's rkhunter.

I guess I should check with a fedora live usb just to be sure.  (Again,
I have to trust that the tools aren't doctored so much that burning a
live image is still doable without inserting a trojan.)

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: rkhunter sshd warning

[Wolfgang S. Rupprecht]

John Horne john.ho...@plymouth.ac.uk writes:
 On Sun, 2014-03-16 at 12:59 -0700, Wolfgang S. Rupprecht wrote:
 -- Start Rootkit Hunter Scan
 --
 Warning: The file '/usr/sbin/sshd' exists on the system, but it is
 not present in the 'rkhunter.dat' file.
 Warning: The file '/usr/bin/ssh' exists on the system, but it is
 not present in the 'rkhunter.dat' file.
 Warning: The file '/usr/bin/telnet' exists on the system, but it
 is not present in the 'rkhunter.dat' file.
  
 You should have run 'rkhunter --propupd' after installing the new
 release of RKH.

 From the RKH CHANGELOG file for release 1.4.2:

  - The 'ssh', 'sshd' and 'telnet' commands are now checked as part of
the file properties test.


 So these commands are now being checked automatically.
 Run 'rkhunter --propupd'.

Thanks!  I'm beginning to wonder if rkhunter is ever going to find any
real intrusions for me if I keep on having to run 'rkhunter --propupd'.
A clever intruder is just going to wait until a batch of changes goe out
and then add their trojan.  The --propupd is going to approve it in the
sweep and it will have succeeded in coming in under the wire.  To be
useful rkhunter really needs to know how to identify changed files by
knowing the hashes, sizes etc without grabbing them from the local
system.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: F19: Is this an httpd attack attempt?

[Wolfgang S. Rupprecht]

Tim ignored_mail...@yahoo.com.au writes:
 I've always configured all domains separately, and left the default
 service showing that pre-configuration Apache page that tells you that
 the service is alive, or just a basic page.  That way, non-matching
 connections don't connect to /some/ virtual host, as if by accident.

While I don't use apache (I use lighttpd) I configure it the same way.
Non-matching vhosts get a bland you lose, now move along page.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: F19: Is this an httpd attack attempt?

[Wolfgang S. Rupprecht]

lee l...@yun.yagibdah.de writes:
 Wolfgang S. Rupprecht wolfgang.ruppre...@gmail.com writes:

 lee l...@yun.yagibdah.de writes:
 Could someone please explain why/how this may be considered as an attack
 or at least as something bad?  Someone requesting an URL from a web
 server that doesn´t serve this URL --- or doesn´t serve the specified
 domain at all --- could be caused by incorrect responses from name
 servers, couldn´t it?

 What is it in particular that would distinguish the request in question
 from others?

 This is not an attack, but someone fishing for information.  I
 understand that apache in some modes give you the first configured vhost
 when encountering a query like that.   Someone wanted to see if there
 was something juicy lying around.  The server served the URL
 http://vhost0/
 which was the index.{html,htm,php,etc} file in the vhost0 root directory.

 Sorry, I still don´t understand.  You seem to imply that any request to
 a web server which, for whatever reason, doesn´t serve the request or
 doesn´t serve for the domain given in the request --- I´m not sure which
 is in question here: the domain or the request --- can be considered as
 an attempt to obtain information the requester is not supposed to have.

 So far, my understanding has been that the requester is supposed to
 receive a 4xx or 5xx error message/code when the server does not want to
 or can not serve the request.

 For instances when the web server gives a wrong answer to a request it
 does not serve --- like sending the index page used with requests for a
 different domain instead of indicating an error --- someone has
 misconfigured the server, or there is a bug in the server.  Neither has
 anything to do with the sender of the request, other than that they
 receive a wrong answer.  It´s not the fault of the sender of the request
 when the web server sends the wrong answer.

I don't know how to say it more precisely.  

1) this is not an exploit.

2) apache has (to my mind) a minor bug where it serves pages from the
   first vhost if you ask for an unknown vhost.

3) the request in the initial post was for the page at the root of the
   directory tree often called /index.html .

4) the request was successfully served hence the 200 return code.

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

hardware TPM module - install?

[Wolfgang S. Rupprecht]

What is the current feeling on installing an optional hardware TPM
module on a motherboard that has a header for it?  My most recent Asus
motherboard has a header for a $20 TPM module.  From what I understand
this module has a hardware random number generator that can spit out
10's of kbits/sec of entropy and has several different modes for storing
user-loadable crypto keys.  On the surface, both of these sound like
useful things.  Is there a downside?  Can a flawed RNG pollute the
entropy pool in a way that lowers the security?

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: F19: Is this an httpd attack attempt?

[Wolfgang S. Rupprecht]

lee l...@yun.yagibdah.de writes:
 Could someone please explain why/how this may be considered as an attack
 or at least as something bad?  Someone requesting an URL from a web
 server that doesn´t serve this URL --- or doesn´t serve the specified
 domain at all --- could be caused by incorrect responses from name
 servers, couldn´t it?

 What is it in particular that would distinguish the request in question
 from others?

This is not an attack, but someone fishing for information.  I
understand that apache in some modes give you the first configured vhost
when encountering a query like that.   Someone wanted to see if there
was something juicy lying around.  The server served the URL http://vhost0/
which was the index.{html,htm,php,etc} file in the vhost0 root directory.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Good Fedora-compatible multi-monitor video card recommendation

[Wolfgang S. Rupprecht]

 Digimer li...@alteeve.ca writes:
 What would be a good (as in, relatively painless) video card for
 driving as many 1080p monitors as possible? I'm not concerned about 3D
 performance at all... It will be to display terminals/rarely-changing
 web pages only.

ATI FirePro 2460 512MB DDR3 4x Mini-DisplayPort Low Profile PCI-Express
Video Card ~$240 from Amazon.

Back when I looked this was the only game in town that allowed 4 DP or 4
(single-link) DVI.  The price is pretty much a rip-off, but what can you
do when there aren't any cheaper choices?

One caveat if you ever want to put higher res monitors on this, the
virtual framebuffer on that card is only 8k x 8k.  You can only put 3
2560x1440 monitors on it horizontally (or 2 4k monitors).

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: IPv6 breakage in NetworkManager

[Wolfgang S. Rupprecht]

Dan Irwin rummymob...@gmail.com writes:
 Seeing significant issues with IPv6. After some time, IPv6 completely
 seems to stop working. IPv4 is unaffected.

I'm seeing an IPv6 breakage in NetworkManager/dhclient6 too.  At first
it looked like an Selinux problem (there was an avc), but fixing that
didn't stop the problem with NM not getting a working IPv6 address via
dhclient6.  BZ#1055226 https://bugzilla.redhat.com/show_bug.cgi?id=1055226

 Re-connecting to wifi seems to restore IPv6 connectivity.

Mine is via an ethernet connection to my cable modem which connects to
Comcast.  I can do a systemctl restart NetworkManager in order to get
an ipv6 address.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: dns/dhcp client - hooks??

[Wolfgang S. Rupprecht]

Tim ignored_mail...@yahoo.com.au writes:
 You really don't want some
 client to be able to log in and claim to be the printserver, or any
 other vital machine name, when something else really does that role.

You don't have to allow this.  Bind will let you issue keys for doing
nsupdates.  The keys can restrict the client to be permitted to edit one
hostname and no more.

I actually have both client-side and dhcpd-side dynamic dns in place.
Both have their advantages and disadvantages.  The biggest advantage to
client-side dynamic dns is that I can take a laptop to a different
location and still get its current ipv4 and ipv6 addresses registered in
DNS.  With working ipv6 I can even log in to the laptop and perform
remote maintenance.

The advantage to dhcpd based updates is that it catches all the
riff-raff that one can't instrument with the client code needed for the
nsupdates.   In practice, it only gets the ipv4 addresses and the ipv6
hosts use slaac to silently assign themselves an ipv6 address.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: dns/dhcp client - hooks??

[Wolfgang S. Rupprecht]

bruce badoug...@gmail.com writes:
 As I understand it, there's a process/way to use dhclient-scripts to
 generate hook functions that can be called, which can then dynamically
 update the dns using nsupdate...

Just add a routine to do an nsupdate to /sbin/dhclient-script or if you
are using NetworkManager add an nsupdate script to
/etc/NetworkManager/dispatcher.d/ .  That's essentially what I do here.

-wolfgang


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

creating unreachable routes with NetworkManager

[Wolfgang S. Rupprecht]

Back when I ran my server with the networking scripts instead of
NetworkManager it was easy to add unreachable routes.  I'd put lines
like the following:

/etc/sysconfig/network-scripts/route-lo:
unreachable 10.0.0.0/8
unreachable 172.16.0.0/16
unreachable 192.168.0.0/16

/etc/sysconfig/network-scripts/route6-lo:
unreachable fc00::/7

When lo was enabled, I'd get those unreachable routes loaded (and a few
others that the networking scripts added for me.)  Now with
NetworkMisManager I don't get either my unreachalbes or the formerly
built-in ones.

Is there a trick I'm missing?  Obviously I could do an ip route add
from a private systemd service, but that seems a bit heavy handed.

(The reason I need to add the unreachables is that my ISP doesn't send
me network unreachables for private addresses.  For laptops on the go,
they sometimes get routable IPv6 addresses as well as unroutable IPv4
addresses.  I use nsupdate to register my laptop's current addresses in
DNS and when private addresses show up it would be nice for things like
ssh laptop to quickly move on from the private addresses without a
very long timeout.)

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: SELinux RPM scriptlet issue cleanup

[Wolfgang S. Rupprecht]

Markus Lindholm markus.lindh...@gmail.com writes:
 -- Finished Dependency Resolution
 Error:  Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:
 ...

I found that removing just the old firefox wouldn't work due to multilib
issues.  'yum erase firefox' to remove both did work. Then you can just
add firefox back.

Does anyone know if /var/log/yum.log is accurate in the face of these
scriptlet failures?  After updating the selinux policies, is
reinstalling everything mentioned in /var/log/yum.log for that day
sufficient to get everything back on track without any lasting damage?

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: ssh sessions hang F19/20

[Wolfgang S. Rupprecht]

Mark Haney mha...@practichem.com writes:
 This might be a simple question, but I'm having trouble with my ssh
 sessions hanging.  I have a server at home that I normally connect to
 via SSH on a pretty regular basis while I'm at work for pen-testing as
 well as checking network latency and other things.

Are you behind a NAT box by any chance?  It is probably timing out your
state after 10 minutes or so of no packets on that tcp connection.

add this to /etc/ssh/sshd_config:

# Set the keep-alive for a heartbeat every 60 seconds and a connection
# close after 30 minutes. -wsr 2003/11/26
ClientAliveInterval  60
ClientAliveCountMax  30

add this to /etc/ssh/ssh_config:

Host *
# set the keep-alive for a heartbeat every 60 seconds and a connection
# close after 30 minutes. -wsr 2003/11/26
ServerAliveInterval60
ServerAliveCountMax30

This adds a heartbeat for both incoming and outgoing connections.  It
should keep your NAT mappings from timing out.

 Keep-alive is set as far as I can tell.  Any ideas?

It is acting like they are not.  What settings do you have?

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: how to set up my fetchmail on f20 without sendmail?

[Wolfgang S. Rupprecht]

Robert P. J. Day rpj...@crashcourse.ca writes:
 since (obviously), without sendmail, nothing is listening on port
 25. so what's the solution these days? a pointer to a web page
 somewhere would work just fine. thanks.

Since mail at your ISP is most likely going to all go to one user,
piping it into a full-blown MTA is overkill.  I just have ISP imaps mail
placed into the user's mbox directly with getmail(1).  I run getmail out
of the user's own crontab twice an hour.

   yum install getmail

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Security/Hacked System - Now what?!!

[Wolfgang S. Rupprecht]

bruce badoug...@gmail.com writes:
 And regarding the ssh/remote access, you specify public/private keys,
 and you have the key process run from the key file. This allows a user
 to be able to ssh into the box without having to use the ssh passwd,
 but only from the corresponding box that has the associated public
 (master/client) passwd/key setup to permit the login access.

You should set up the RSA or ECDHE private keys with a password.
ssh-keygen prompts you for a password when it cranks out the key for
you.

 But in this situation, if a user hacks into the 1st system, then they
 have access to the 2nd system, assuming they know the 2nd system's
 username. This would happen as the private/public key access file has
 been setup!

Without the decryption password for the RSA or ECDHE keys, they are
going nowhere.

On the other hand, you want *all* of your systems up to snuff with
all forms of unix password logins turned off.  Seems like you are
implying that some systems are easier to break into than others.  That's
not good.

/etc/ssh/sshd_config:

Protocol 2

# reset the host keys to only rsa or ecdsa
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

# rekey every hour or default data (1G - 4G depending on cipher)
RekeyLimit default 1h

SyslogFacility AUTHPRIV

# We use RSA/ECDSA.  If it hasn't completed in 10 seconds, there is a
# big problem.
LoginGraceTime 10

# Unlike what this looks like, it says that root may not use the unix
# password for authentication.  Root *must* use public-key. -wsr 
PermitRootLogin without-password

AuthorizedKeysFile  .ssh/authorized_keys

# no unix passwords any more.  RSA or ECDSA only.
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
UsePAM no

X11Forwarding yes
UsePrivilegeSeparation sandbox  # Default for new installations.

# Set the keep-alive for a heartbeat every 60 seconds and a connection
# close after 30 minutes. -wsr 2003/11/26
ClientAliveInterval  60
ClientAliveCountMax  30

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# Cut down on the number of user accounts that can ssh in just in case
# some bug allows .ssh/authorized_keys files to be written.
AllowUsers root user1 user2 usern

# --- end 


-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Security/Hacked System - Now what?!!

[Wolfgang S. Rupprecht]

bruce badoug...@gmail.com writes:
 However you can also mod the ssh_config (i believe) to have it auto
 use the keyFile with the pub/private key to negotiate the user/passwd
 process for the ssh cmd. This is useful when remotely/programatically
 accessing the ssh cmdline process for running remote apps, xferring
 files, etc.

Programatic password-less access can be done if you carefully limit the
user to be powerless and the commands that that user is allowed to
execute are limited to the one command you want to run over ssh.
Search for 'command=command' in the sshd man page.

 But, and in my case, once all of this is setup, and working. If hacker
 guy gets in Sys1, (where Sys1/Sys2 have been setup to do pub/private
 key, and the underlying Sys1/Sys2 keyfiles have been created) then
 hacker guy can easily get into/access Sys2, provided they know the
 username.

That is why you generally don't want the remote systems to have access
to the main server.  More secure would be if you push information from
the main server to the remote systems.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

ipv6 breakage

[Wolfgang S. Rupprecht]

IPv6 under f20, f19 and f18 has been rock solid for me this past year.
Now in, the last few days, yum updates have brought some lossage that
requires a periodic reboot to get IPv6 connections to the internet back.

I can't immediately see what the problem is.  The outward-facing
interface still has the same IPv6 address it has had for many months.
The ipv6 default route still points out internet-facing interface.

ip -6 neigh show shows only STALE and FAILED transactions.  Seems like
one of the latest yum updates pooched the neighbor discovery stuff.

 [wolfgang@arbol ~]$ ip -6 neigh show
 fe80::201:5cff:fe32:7741 dev p32p1 lladdr 00:01:5c:32:77:41 router
 REACHABLE
 fe80::a60:6eff:fe74:6fe2 dev p34p1 lladdr 08:60:6e:74:6f:e2 router STALE
 fe80::20a:cdff:fe21:7513 dev p32p1  router FAILED
 fe80::1 dev p34p1 lladdr 44:94:fc:73:cf:43 router STALE
 2001:558:6045:22:4c99:1c47:4456:b031 dev p32p1  FAILED
 2601:9:a00:1f:9221:55ff:fe66:1b5 dev p34p1 lladdr 90:21:55:66:01:b5
 STALE
 fe80::4694:fcff:fe73:cf44 dev p34p1  FAILED
 fe80::9221:55ff:fe66:1b5 dev p34p1 lladdr 90:21:55:66:01:b5 STALE

(p32p1 is the outside, internet-facing interface, p34p1 is the inside
local lan-facing interface)

Is anyone else seeing this?  Surely I'm not the only one running f20 on
ipv6.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Security/Hacked System - Now what?!!

[Wolfgang S. Rupprecht]

bruce badouglas@gma il.com writes:
 You then mod SSH as required to disable root login
 OK, what else should you do?

Root login isn't a bad idea in and of itself.  More important is to not
allow anything but public key logins (eg. ECDSA, RSA).  For people
logging in with root credentials, give everyone a different public key
and keep a secure copy of /var/log/secure on a secure system for
backtracking breakins.   Each login (including root) will show which key
was used to log in.  You can easily see who lost control of their key.

I'm a firm believer in never allowing passwords logins over the net.
Users will hardly ever use random-letter-upper-lower-number passwords.
They always think they are oh so clever with easily guessed strung
together words, with or without a punctuation char.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

hardware full disk encryption

[Wolfgang S. Rupprecht]

I've got a standard consumer Intel 520 SSD, which claims to do hardware
based AES disk encryption with no speed penalty.  It sounds like a
useful way to protect laptop data if the laptop is ever stolen.  Has
anyone tried to do hardware-based full disk encryption with Fedora?
Does one need to boot from a live usb or something in order to get to an
environment where one can even enter the AES key for the disk
decryption?  

Google is failing me here due to search spam for LUKS which doesn't
appear to be capable of *full* *disk* encryption.  It only seems to
encrypt individual partitions.

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: hardware full disk encryption

[Wolfgang S. Rupprecht]

Bruno Wolff III br...@wolff.to writes:
 On Thu, Dec 12, 2013 at 11:32:41 -0800,
   Wolfgang S. Rupprecht wolfgang.ruppre...@gmail.com wrote:
Google is failing me here due to search spam for LUKS which doesn't
appear to be capable of *full* *disk* encryption.  It only seems to
encrypt individual partitions.
 It can do full encryption of block devices. If you aren't booting of
 the SSD you could encrypt the whole drive. The luks header will still
 be on the SSD. If you didn't want that either, you could do some
 trickiness with dm to have the header on a different physical
 device. This is all going to need manual setup, as it isn't the normal
 case. (For most people leaking the partition information isn't a
 significant risk and encrypting by partition is simpler.)

No, leaking the partition info for the bootstrap isn't a worry for me
either.  ;-) It's just that LUKS shows up and dominates searches for
FDE.  If I didn't have always on, hardware FDE for free in the SSD, I'm
sure I'd be happy with LUKS.

After a bit more research it appears that the SSD FDE machinery is
always on, even with a blank password protecting the internally
generated random AES key.  It is impressive that the disk does ~ 480
MBytes/sec (actual measured speed) even when squeezing all the data
through AES-128.

Of course, with the Snowden revelations, one has to wonder how random
the randomly chosen internal AES key is.  If it is from an intentionally
crippled RNG, it may be easy for someone in the know to do a brute-force
search for it.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: install fedora via usb stick

[Wolfgang S. Rupprecht]

Jared K. Smith jsm...@fedoraproject.org writes:
 Check out the instructions at
 https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB

Anyone know why there are so many complicated ways listed?  Does the
obvious dd not work for some people?  I've been doing the following for
my clean installs for ages.  As far as I know that live iso's are
structured in a way that they can be used as both a disk image with
embedded partition table and a straight iso.

  dd if=Fedora-Live-Desktop-x86_64-20-XX.iso of=/dev/sde bs=1M

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: failed updates

[Wolfgang S. Rupprecht]

Tim ignored_mail...@yahoo.com.au writes:
 Allegedly, on or about 07 December 2013, Wolfgang S. Rupprecht sent:
 I do see that on my IPv6 systems whenever the stupid Netgear 3700v4
 router craps out after 2-4 days uptime and needs a reboot.  The Fedora
 machinery thinks IPv6 still works, but the packets never make it past
 the router 

 Ever tried getting Netgear to replace the faulty product?  Just
 wondering what their response would be...

I do like the hardware (128 MByte Dram, 128 MByte Flash).  That's the
highest by far that I've been able to find in a cheap $80 router.  It
should allow for some pretty elaborate features.  I was hoping that one
of the open-source firmwares (dd-wrt, open-wrt, etc) would be available
for it soon.

As to getting the Netgear firmware fixed, I understand that the
technical people behind the Comcast IPv6 setup are looking into the
problem with Netgears.  It spans the whole product line.  Something goes
wrong with the dhclient asking for a prefix delegation.  The first one
happens just fine but the renewal never happens.  I suspect that Netgear
is going to listen to Comcast with their millions of customers much more
closely than little ol' me.  

http://www.dslreports.com/forum/r28719812-IPv6-ipv6-stops-working-after-a-few-days

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: SD card slot

[Wolfgang S. Rupprecht]

Richard Vickery richard.vicker...@gmail.com writes:
 I made the error of pulling the card out before unmounting it, and now
 the computer won't read a card -which may be obvious. Is there any way
 to fix this?

If the computer won't read *any* SD card even after a reboot, then it
sounds like you may have broken the SD card controller in the computer
by pulling the SD card while power was still applied to it. Sorry.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: failed updates

[Wolfgang S. Rupprecht]

Ed Greshko ed.gres...@greshko.com writes:
 On 12/08/13 08:03, Frank wrote:
 Just tried to update my Fedora 19 with yum check-update. It seems
 every mirror has a problem:

 http://mirror.csclub.uwaterloo.ca/fedora/linux/updates/19/i386/repodata/repomd.xml:
 [Errno -1] repomd.xml does not match metalink for updates
 Trying other mirror.
 ftp://mirror.nexicom.net/pub/fedora/linux/updates/19/i386/repodata/repomd.xml:
 [Errno 14] curl#7 - Failed to connect to 2607:f1f0:1:3::2: Network
 is unreachable

 Just updated my F19 system without incident.  But, I am on a IPv4 only
 system and you're system seems to be using IPv6.  2607:f1f0:1:3::2:
 Network is unreachable.

I do see that on my IPv6 systems whenever the stupid Netgear 3700v4
router craps out after 2-4 days uptime and needs a reboot.  The Fedora
machinery thinks IPv6 still works, but the packets never make it past
the router, so every repo that advertises IPv6 connectivity fails.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: netflix

[Wolfgang S. Rupprecht]

Mike Wright mike.wri...@mailinator.com writes:
 Anybody know how to get Netflix to play on a fedora box???

Until Netflix wants you to play netflix on Linux, you won't be able to.
There are a few hacks like installing wine and silverlight that work for
some people, but none worked for me when I last tried it in Jan 2013.  I
ended up buying a roku box, which just worked.  It was also lower power
than my desktop by far, so it wasn't exactly a lose all the way around.

If you have some time to kill, you might try working down this list of
methods:

http://how-to.wikia.com/wiki/How_to_watch_Netflix_(Watch_Instantly)_in_Linux

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: rsync errors (selinux?)

[Wolfgang S. Rupprecht]

Daniel J Walsh dwa...@redhat.com writes:
 ausearch -m avc -ts recent

local host (source of rsync):

[root@arbol audit]# ausearch -m avc -ts recent
no matches
[root@arbol audit]# 

remote host (destination or rsync):

[root@capsicum audit]# ausearch -m avc -ts recent
no matches
[root@capsicum audit]# 

also a tail -f on /var/log/audit/audit.log on both machines while the
errors were spewing on the screen showed no corresponding errors (or
other output for that matter) in audit.log.

-wolfgang

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: rsync errors (selinux?)

[Wolfgang S. Rupprecht]

Daniel J Walsh dwa...@redhat.com writes:
 service auditd status

[wolfgang@arbol ~]$ service auditd status
Redirecting to /bin/systemctl status  auditd.service
auditd.service - Security Auditing Service
   Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled)
   Active: active (running) since Mon 2013-11-25 03:54:01 PST; 12h ago
 Main PID: 308 (auditd)
   CGroup: /system.slice/auditd.service
   ├─308 /sbin/auditd -n
   ├─313 /sbin/audispd
   └─315 /usr/sbin/sedispatch

Nov 25 03:54:01 arbol.wsrcc.com systemd[1]: Starting Security Auditing Servi
Nov 25 03:54:01 arbol.wsrcc.com auditd[308]: Started dispatcher: /sbin/audis...3
Nov 25 03:54:01 arbol.wsrcc.com audispd[313]: priority_boost_parser called w...4
Nov 25 03:54:01 arbol.wsrcc.com audispd[313]: max_restarts_parser called wit...0
Nov 25 03:54:01 arbol.wsrcc.com audispd[313]: audispd initialized with q_dep...s
Nov 25 03:54:01 arbol.wsrcc.com systemd[1]: Started Security Auditing Service.
Nov 25 03:54:01 arbol.wsrcc.com auditd[308]: Init complete, auditd 2.3.2 lis...)
Hint: Some lines were ellipsized, use -l to show in full.
[wolfgang@arbol ~]$ 

I'm beginning to think that this is an internal rsync problem where it
can't set the destination file contexts.

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: rsync errors (selinux?)

[Wolfgang S. Rupprecht]

ok, I think I see what happened. 

[root@arbol wolfgang]# ll -Z 
/home/wolfgang/.config/google-chrome-unstable/Default/Extensions/_hidden_/0.0.5.0_0/_locales/lt/messages.json
-rw-rw-r-- wolfgang wolfgang ?
/home/wolfgang/.config/google-chrome-unstable/Default/Extensions/_hidden_/0.0.5.0_0/_locales/lt/messages.json

The contexts on the source machine are messed up.  I recall when I did a
yum distro-sync that I got an error message between the rpm's for
selinux-policy and selinux-policy-targeted about the policy file build
failing.  I yum erased both rpms (not knowing which caused the error
msg) and re-installed them both.  I didn't get an error that second time
so I figured all went well.  Subsequent restorecon -rv /home completed
without error, so I figured all was well.

Off to google as to how to rebuild the policy file...

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

rsync errors (selinux?)

[Wolfgang S. Rupprecht]

For several years I've been doing an rsync across-the-lan backup for
home directories.  All has worked well until recently (well, since the
fedup to f20 last night).  Now backups are failing with an inscrutable
rsync error.  While the errors mention selinux, I don't see any errors
in either the sending or receiving machines /var/log/secure logfiles.

exclude=
--exclude=.gvfs
--exclude=simplelock
--exclude=.popmail.lock
--exclude=SingletonLock
--exclude=SingletonCookie
--exclude=SingletonSocket


rsync -axHAX  --log-file=/var/log/rsync.log --log-file-format=%t [%p] 
$host %o %f %l --delete --delete-excluded $exclude /home/ $host:/home/

/var/log/rsync.log:
...
2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: 
lremovexattr(/home/wolfgang/dotfiles-f19/.local/share/zeitgeist/fts.index/record.baseB,security.selinux)
 failed: Permission denied (13)
2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: 
lremovexattr(/home/wolfgang/dotfiles-f19/.local/share/zeitgeist/fts.index/termlist.baseA,security.selinux)
 failed: Permission denied (13)
2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: 
lremovexattr(/home/wolfgang/dotfiles-f19/.local/share/zeitgeist/fts.index/termlist.baseB,security.selinux)
 failed: Permission denied (13)
2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: 
lremovexattr(/home/wolfgang/hackbin/monitor-layout,security.selinux) 
failed: Permission denied (13)
2013/11/24 09:35:23 [15417] rsync error: unexplained error (code 255) at 
rsync.c(634) [sender=3.1.0pre1]

Any ideas what's up and what I need to do to get this working again?

-wolfgang
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Chron curiosity

[Wolfgang S. Rupprecht]

Geoffrey Leach ge...@hughes.net writes:
 I have this line in /etc/crontab:

   30 23 * * * geoff /usr/local/bin/fp.pl

 which executes the program every day at 2330.  The script terminates by 
 executing system 'sudo systemctl start poweroff.target';

 Generally this works as expected.

 However, when I realize that the shutdown happened too soon, and I 
 restart the system, it re-executes the script.  

 Any suggestions as to where I've gone wrong?

You didn't wait a minute for before restarting the computer? ;-)

Look at the top of /etc/cron.hourly/0anacron and add logic just like
this to your script.  Cron is stateless across reboots (as far as I
know) and has no way to tell if it already ran.  You have to record that
fact yourself.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: OT: Hard drive warning at boot time

[Wolfgang S. Rupprecht]

Paul Smith phh...@gmail.com writes:
   5 Reallocated_Sector_Ct   0x0033   013   013   036Pre-fail
 Always   FAILING_NOW 3587

What the other respondents missed is that this is the *reallocated*
sector count.  It is a count of the sectors that have already been
replaced by spares.  There are no unreadable files currently.  The
replacement only happens on writes, so you are probably seeing freshly
written, pristine files.

As to the haste you should replace the disk with, that all depends on
how the sectors got trashed in the first place.  If you moved the
computer while it was up and writing to the disk the arm could have been
jiggled onto the next track during the write.  I know that happens with
3-1/2 drives.  I was seeing an ever increasing reallocated sectors on
my desktop machine until I traced the lossage back to me tilting the
case forward in order to get easier access to the connectors on the
back.

Another computer, my laptop has had 6 reallocated sectors since the
first few weeks after I got it.  That was 7+ years ago.  The disk is
still going strong with no increase in reallocated sector count (or
pending reallocation sector count) in all those years.  Stable
reallocated counts shouldn't bother you too much.  It is when they go up
that you should be concerned.

On the other hand, I do nightly rsync backups to a spare disk.
According to google, which probably has more disks that the NSA, only
half of the disk drive deaths are preceded by smartmon saying anything.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: no audio with HDMI

[Wolfgang S. Rupprecht]

Mike Wright mike.wri...@mailinator.com writes:
 I've connected the HDMI output from a PC to an HDTV's HDMI port.  The
 TV reports HDMI no audio.

 On the PC, PulseAudio Volume Control-Output Devices shows:

   HDA ATI HDMI Digital Stereo (HDMI)
   Port: HDMI/Display Port

Same problem here on an Asus M3A78T with AMD chipset.  In addition to no
audio, the videos play at ~10x speed over HDMI.  Over DVI to a computer
monitor they play normal speed and audio over the analog 1/8 jacks
works too.  HDMI support seems kind of rough all around.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: 3840x2160 resolution?

[Wolfgang S. Rupprecht]

Tom Horsley horsley1...@gmail.com writes:
 I am fascinated by the idea of having a Sharp PN-K321 monitor
 (but it will remain a fantasy till the price gets much lower :-).

There are bugs that high resolution monitors trigger.  
  https://bugzilla.redhat.com/show_bug.cgi?id=896170

Most current AMD/Radeon are limited to 8k x 8k.  The horizontal limit
will probably be the first one you hit.  You can do two landscape
3840x2160 or three landscape 2560x1600 monitors.

You can run the Sharp monitor from a displayport and AMD/Radeon
displayports are easy to find.  You can even get a fan-less quad
displayport card (ATI Firepro 2460).

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: disk spindown

[Wolfgang S. Rupprecht]

poma pomidorabelis...@gmail.com writes:
 grep -w sdc /proc/diskstats dstat.1st
 sleep 60
 grep -w sdc /proc/diskstats dstat.2nd
 if cmp dstat.1st dstat.2nd /dev/null 21
 then
 echo Stopping disk, spinning down…
 sdparm -f -r -q -v -C stop /dev/sdc
 exit 0
 else
 echo Disk busy.
 exit 1
 fi
 EOF

Thanks!  I had forgotten about sdparm. (Boy do I miss the days when I
just installed everything and then could do something like man -k disk
to find likely candidates.

Monitoring /proc/diskstats might also give me a clue as to what is
touching the disks.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Who? Me?? Attacked???

[Wolfgang S. Rupprecht]

Junk j...@therobinsonfamily.net writes:
 It also might be something much more mundane such as a bug in the
 browser which occurs when you have 100+ tabs open and tries to write to
 a misaddressed memory region.

It may well be some malloc()-like routine returning 0, saying no more
memory for you buddy and the code blindly dereferencing that value and
causing a write to the 0-page.  It is a common error with sloppy coders.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: disk spindown

[Wolfgang S. Rupprecht]

Bill Davidsen david...@tmr.com writes:
 Wolfgang S. Rupprecht wrote:
 I've done the following and the hdparm -C does show the disk spun
 down, but the next time I look it is spun up, and it stays up.  The disk

 One thing wrong might be jumpers, Other than that, I suspect something
 is still accessing it. udev?

Thanks for the good ideas.  

This is a WD Caviar Green and the jumpers are only documented to slow
down the SATA by one notch and add spread spectrum clocking for rf noise
reduction.

I'll have to try to check for udev.  Maybe running lsof in a loop will
catch it.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

disk spindown

[Wolfgang S. Rupprecht]

Has anyone succeeded in spinning down disks under Fedora?

I've done the following and the hdparm -C does show the disk spun
down, but the next time I look it is spun up, and it stays up.  The disk
is unmounted and I've stopped and disabled smartd, so it isn't accessing
the disks.  I don't think anything else is either.  I'm probably missing
a trick somewhere, but what???

disk=/dev/sdc

hdparm -S 120 $disk
hdparm -y $disk
hdparm -C $disk

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Optimization Start Up of Fedora

[Wolfgang S. Rupprecht]

carachi diego carach...@gmail.com writes:
 Yes the SSD is a possible solution to reduce the boot time, but I am
 in doubt for the writng circle of the SSD because it is very few than
 a magnetic HDD...

Just get an Intel 520 series at least twice the size you need and wear
out won't be a problem.  

The biggest problem is when people fill the SSD to near capacity and the
SSD firmware has to do excessive juggling because there aren't enough
free blocks.  The SSD has to clean a whole write block (~ 1MByte or
more) and juggle things around.  (keyword: write amplification).

 What about load the kernel and operating system on RAM? I see that it
 is possible load with grub all in memory and if I understand well
 after the operating system became very faster. Someone try to do that?
 Maybe increase the time of booting but after you have a very faster
 computer...
 What do you thing about this?

Sounds useful.  You'll have to write it though.  Slapping in an SSD is
simple and doesn't require you to write any home-grown code.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

F18 Xorg/drm/kernel - Failed to find memory space for buffer 0xXXX eviction

[Wolfgang S. Rupprecht]

On most of my systems the F17 to F18 upgrade went well.  On the main
one, my desktop, I'm seeing a string of failures that leaves the display
in various states of unusable depending on the positions of the stars
and planets.  The file /var/log/messages contains the following and the
displays have messed up icons and background images.  It looks like the
frame buffer is just displaying random snippets of past items in some
mosaic-ed pattern.

2013-01-27T20:06:10.077567-08:00 arbol kernel: [   28.832592] [TTM] Failed to 
find memory space for buffer 0x88021ceda848 eviction
2013-01-27T20:06:10.077590-08:00 arbol kernel: [   28.832604] [TTM] No space 
for 88021ceda848 (9660 pages, 38640K, 37M)
2013-01-27T20:06:10.077592-08:00 arbol kernel: [   28.832609] [TTM]   
placement[0]=0x00070002 (1)
2013-01-27T20:06:10.077593-08:00 arbol kernel: [   28.832613] [TTM] 
has_type: 1
2013-01-27T20:06:10.077595-08:00 arbol kernel: [   28.832616] [TTM] 
use_type: 1
2013-01-27T20:06:10.077596-08:00 arbol kernel: [   28.832619] [TTM] flags: 
0x000A
2013-01-27T20:06:10.077597-08:00 arbol kernel: [   28.832621] [TTM] 
gpu_offset: 0x2000
2013-01-27T20:06:10.077599-08:00 arbol kernel: [   28.832624] [TTM] size: 
131072
2013-01-27T20:06:10.077600-08:00 arbol kernel: [   28.832627] [TTM] 
available_caching: 0x0007
2013-01-27T20:06:10.077601-08:00 arbol kernel: [   28.832629] [TTM] 
default_caching: 0x0001

Does this ring a bell with anyone?  Is there something I can turn off
(perhaps in Xorg.conf) to stop this lossage perhaps at some cost in CPU
time or speed?  It feels like it must be some video acceleration hack
gone awry.  Why else would the kernel get involved in this level of xorg
userland drawing to the framebuffer?

I put in a bugzilla for this a dozen days ago, but so far, not even a
peep from anyone.  I figured I'd try for a larger audience.

https://bugzilla.redhat.com/show_bug.cgi?id=896170

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Optimization Start Up of Fedora

[Wolfgang S. Rupprecht]

carachi diego carach...@gmail.com writes:
 I would like to know if someone knows where I can find some guide,
 tutorial  that can help me to improve the performance of Fedora on my
 laptop in start up.

The biggest change you can make to your laptop to get it to boot faster
is throw out the rotating disk and buy an SSD (Solid State Disk).  A
120GB disk can be had for under $120.  You can cut your boot time from
1+ minute to 15 sec (from the time grub loads to the time the login
screen appears).  No other change you can make will be anywhere close to
that dramatic.

The one fly in the ointment is that you need to have a modern enough
laptop for the disk to be a SATA disk.  Anything newer than ~2007 should
be ok (but check your disk first before ordering an SSD).

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: network-scripts documentation

[Wolfgang S. Rupprecht]

Sam Varshavchik mr...@courier-mta.com writes:
 My old router, that was running DD-WRT firmware, bit the dust. The
 stock brand router that replaced it doesn't have the ability to send
 NTP for clients via DHCP. I'm trying to figure out if I had drop
 something into /etc/sysconfig/network-scripts/ifcfg-*, that'll have
 the effect of doing that.

Seems like overkill.  Why not just add it to /etc/ntp.conf and/or
/etc/chrony.conf ?  If you are off-net and if the server has a
non-routable address that ntp host simply won't be used. 

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: How to set enforcing to 0?

[Wolfgang S. Rupprecht]

Daniel J Walsh dwa...@redhat.com writes:
 touch /.autorelabel; reboot

 Will cause a relabel at boot, although not necessary now.

One thing that has always bothered me about the first restorecon -rv /
run after a fresh install is how many files are relabeled because the
restorecon database and the rpm that the file came from disagree on the
context.  Should we put in a bug report for these?  Are these things
benign enough to ignore?

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: disable IPv6?

[Wolfgang S. Rupprecht]

Robert Moskowitz r...@htt-consult.com writes:
 On 01/24/2013 10:22 PM, Chris Adams wrote:
 Once upon a time, Tom Horsley horsley1...@gmail.com said:
 My system at work seems to take a long time to start
 the network. I have this suspicion it is waiting for
 an IPv6 DHCP server to respond (which won't happen).
 It looks like the F18 install writes out ifcfg-* files with
 DHCPV6C=yes, which should probably not be set by default, especially
 since so few environments (even IPv6 environments) will have a IPv6 DHCP
 server.  Comment out that line or set it to no and it should fix the
 slowdown.

 RA will be more common.  That is what I have.

+1

Belts and suspenders: check both.

The ISP's that give you IPv6 addresses (Comcast for one) will also use
dhcp to give you a whole 64-bit network of addresses via DHCP-PD.

I'm curious how many of the people that are disabling their IPv6
actually have painless access to IPv6 and are ignoring it.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: R graphics in F18 (x86_64, Huge blocker for me)

[Wolfgang S. Rupprecht]

Ranjan Maitra maitra.mbox.igno...@inbox.com writes:
 So, has anyone tried this out in F18, on x86_64?
 sudo yum install R-core 
...
 graphics window shows up but no graphics get displayed for me. No
 messages also, anywhere.

I don't know about R-core, but X.org output for me took a big hit with
the upgrade to f18.  I'm getting long waits for simple operations to
complete and things like this are showing up in /var/log/messages.
Might this be your problem too?

2013-01-16T04:46:38.463444-08:00 arbol kernel: [4.483876] [drm] Initialized 
radeon 2.24.0 20080528 for :01:00.0 on minor 0
2013-01-16T04:46:50.883021-08:00 arbol kernel: [   19.909046] [TTM] Failed to 
find memory space for buffer 0x8802034b2c48 eviction
2013-01-16T04:46:50.883041-08:00 arbol kernel: [   19.909053] [TTM] No space 
for 8802034b2c48 (9660 pages, 38640K, 37M)
2013-01-16T04:46:50.883043-08:00 arbol kernel: [   19.909056] [TTM]   
placement[0]=0x00070002 (1)
2013-01-16T04:46:50.883044-08:00 arbol kernel: [   19.909058] [TTM] 
has_type: 1
2013-01-16T04:46:50.883046-08:00 arbol kernel: [   19.909060] [TTM] 
use_type: 1
2013-01-16T04:46:50.883047-08:00 arbol kernel: [   19.909061] [TTM] flags: 
0x000A
2013-01-16T04:46:50.883049-08:00 arbol kernel: [   19.909062] [TTM] 
gpu_offset: 0x2000
2013-01-16T04:46:50.883050-08:00 arbol kernel: [   19.909064] [TTM] size: 
131072
2013-01-16T04:46:50.883051-08:00 arbol kernel: [   19.909065] [TTM] 
available_caching: 0x0007
2013-01-16T04:46:50.883080-08:00 arbol kernel: [   19.909066] [TTM] 
default_caching: 0x0001
2013-01-16T04:46:50.883164-08:00 arbol kernel: [   19.909187] [TTM] Failed to 
find memory space for buffer 0x8802034b2c48 eviction

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: disable IPv6?

[Wolfgang S. Rupprecht]

Tom Horsley horsley1...@gmail.com writes:
 On Fri, 25 Jan 2013 14:45:29 -0800
 Wolfgang S. Rupprecht wrote:
 The ISP's that give you IPv6 addresses (Comcast for one) will also use
 dhcp to give you a whole 64-bit network of addresses via DHCP-PD.

 Yea, but unless the router you have comcast's cable modem
 plugged into supports v6, it doesn't really matter what comcast does.

Many routers can be updated with firmware from openwrt / ddwrt etc. 

I've never felt the need for one of these routers to be between my
internal ethernet and the dsl or cable modem.  The software on them
usually sucks and the CPU is usually underpowered compared to a desktop
machine running with two ethernets.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: recommendations for SSD drive as first disk for fedora 18?

[Wolfgang S. Rupprecht]

Rick Stevens ri...@alldigital.com writes:
 And please, PLEASE make sure you have a reliable and consistent backup
 procedure. I like SSDs, but when they die they generally die
 catastrophically and completely (at least in my experience) and you may
 not be able to recover anything from them.

You can do rsyncs from /etc/cron.daily onto a spare, normally unmounted
and spun-down, disk.  That way if your SSD ever goes south, you lose at
most a day's work.  When I got my ssd I wasn't sure what to expect, so I
figured I'd play it safe.  The only time I needed the daily backup was a
goof that did involve the ssd, but was the result of confusion as to
which directory I was in.  The incredible speed of the SSD allowed me to
delete a few thousand pictures in approximately a second. SSD's:
allowing you to make mistakes faster than ever before.  ;-)

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: fedup: it's full of stars

[Wolfgang S. Rupprecht]

Phil Meyer pme...@themeyerfarm.com writes:
 Its a Plymouth bug, I think.  Caused by hitting
 ESC before Plymouth is ready for you to. :)

It is confirmed.  That is all it was for me too.  I just hit esc too
early.  The second time around I just let it be and it upgraded all by
itself.

I suppose there is a wise saying in there about watched computers never
upgrading.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: fedup: it's full of stars

[Wolfgang S. Rupprecht]

Reindl Harald h.rei...@thelounge.net writes:
 and that is why in my opinion rhgb quiet is a dumb default

 you should never hit anything to see what is
 going on with a proper free operating system

I hate them too, but we probably aren't the intended audience.

I assume that there is a human-factors study that indicates that
non-technical users don't like to be reminded of how complicated things
really are under the hood.  At least that is why I thought such cover-up
screens exist.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: any foss bitmap editor which can do this?

[Wolfgang S. Rupprecht]

Fernando Cassia fcas...@gmail.com writes:
 Is there any FOSS bitmap editor with a command line, allowing me to
 experiment with, for instance, the circle drawing function and specify
 the circle´s position on screen, and size (radius)?.

I've used xfig to draw bitmaps in the past.  It isn't command-line, but
it is fairly simple to pick up and figure out (unlike gimp).  The native
internal xfig format is vector graphics, but you can output to bitmaps.
It is fairly easy to bang out 16x16 icons for web sites using it.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

fedup: it's full of stars

[Wolfgang S. Rupprecht]

One of the laptops I'm trying to upgrade to f18/x86_64 from f17/x86_64
is printing row after row of asterisks after it rebooted into the fedup
boot environment.

Has anyone seen this before?  Is there a fix or do I have to do a
wipe/reinstall from some other source? 

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: fedup: it's full of stars

[Wolfgang S. Rupprecht]

Joe Zeff j...@zeff.us writes:
 I must admit that your subject line gave me a major Stanley Kubrick
 moment. 

;-)

I had to get people to read the msg.

 Are there any signs of disk activity or is this all that happens?

Not in the long run.  There was some initially, but after a few seconds
it stopped.  I let the installer run for half an hour or so, but all it
did was print stars and run the fan at high speed doing its best
hairdryer imitation.

I'm running fedup from f17 again.  The fedup directory in /var/tmp seems
to be gone now.  There is a small chance that a local shell script which
cleans /var/tmp was to blame.  (It didn't effect the other 4 machines I
updated with fedup, so I'm not entirely sure what was going on.)  I'll
report back whenever the fedup install gets to the point of trying a
reboot again.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: fedup: it's full of stars

[Wolfgang S. Rupprecht]

Phil Meyer pme...@themeyerfarm.com writes:
 On 01/17/2013 02:06 PM, Wolfgang S. Rupprecht wrote:
 One of the laptops I'm trying to upgrade to f18/x86_64 from f17/x86_64
 is printing row after row of asterisks after it rebooted into the fedup
 boot environment.

 Has anyone seen this before?  Is there a fix or do I have to do a
 wipe/reinstall from some other source?

 -wolfgang


 Yes, happened to me.  Its a Plymouth bug, I think.  Caused by hitting
 ESC before Plymouth is ready for you to. :)

Ah.  That make sense.  Thanks!  That laptop is one of the two computers
here that still have rhgb quiet appended to the boot lines.  I did hit
esc to see what is going on.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: UPS monitoring software and APC and Tripp lite UPSs

[Wolfgang S. Rupprecht]

Robert Moskowitz r...@htt-consult.com writes:
 Well my APC smart1400 has died, shorted battery.  So I am in the
 market for a new unit.

THe other problem you have with your UPS is that it doesn't take
standard size batteries.  The more modern units take standard 9ah 12v
cells that can be had mail order for around $25 per cell.  My APC
Backups RS-1500 takes two of them.

 I could get another APC 1400, but part of the reason it died was I was
 not monitoring it to note a battery had failed.  And I was not
 monitoring it because it uses serial connection for the monitoring
 system.

 So I am looking at what I might get with a USB monitoring port, either
 APC or TrippLite and what software would work on Fedora.

I'm happy with my unit.  It has a USB connection and it works well with
Fedora and BSD using apcupsd.  The ~865 watts is 3x more than I need,
but it is nice not to beat on the batteries too much.  At 1/3 load the
unit runs like 10x longer.

The modern version of what looks like the same product is APC Backups
Pro 1500.  Just like my version, if you need more runtime you can add an
external battery pack (BR24BPG) which triples your battery capacity for
an ungodly amount of run time.  (I have this unit and it is a blast to
continue to work for close to two hours after a power failure.)

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: UPS monitoring software and APC and Tripp lite UPSs

[Wolfgang S. Rupprecht]

Fernando Cassia fcas...@gmail.com writes:
 On Mon, Nov 12, 2012 at 10:31 PM, Robert Moskowitz
 r...@htt-consult.com wrote:

 Well my APC smart1400 has died, shorted battery.  So I am in the
 market for a new unit.


 And replacing the battery is impossible because?

I was about to suggest a replacement battery too.  The problem is those
old APC units used weird batteries and the replacement cost of that
battery is ~$150.  It is cheaper to just get a more modern unit that
uses 2x $25 replacement batteries.  The difference between a USB unit
and a serial unit is significant.  The serial control is very limited
and a controlled automatic shutdown with an automatic reboot is
problematic.  I used to have a serial unit and unattended use was
problematic.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

ahci sata data overruns

[Wolfgang S. Rupprecht]

Can someone familiar with how the AHCI driver works confirm that data
overruns on a SATA link can cause the driver to down-shift the SATA
speed 6-3-1.5 Gbits/sec.  I don't see any kprintf's but I notice that
a high speed SSD acting as if the SATA were running at 1.5 Gbits/sec.

This looks like it could be a bug.  I can see down-shifting as a
response to noise on the SATA link, but downshifting for data overrun
reasons is only going to make the problem worse.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: ahci sata data overruns

[Wolfgang S. Rupprecht]

Alan Cox a...@lxorguk.ukuu.org.uk writes:
 On Thu, 08 Nov 2012 09:43:29 -0800
 Wolfgang S. Rupprecht wolfgang.ruppre...@gmail.com wrote:
 Can someone familiar with how the AHCI driver works confirm that data
 overruns on a SATA link can cause the driver to down-shift the SATA
 speed 6-3-1.5 Gbits/sec.  I don't see any kprintf's but I notice that
 a high speed SSD acting as if the SATA were running at 1.5 Gbits/sec.

 It has a set of heuristics based upon error rate over time.

 I'm not sure what you mean by data overruns however

The SSD in question is capable of 550 MByte/sec (Intel 520 SSD), while
the PCIE controller is only an x1 single lane controller which probbly
saturates the single lane at 480 MByte/sec.  I'm assuming (perhaps
incorrectly) that the controller is choking when it receives more data
from the SATA than it can transmit on the PCIE.

The bootup kprintf's show a 6Mbit/sec negotiation, but later when I try
a transfer I see 130 MByte/sec transfers for a raw partition dd, hinting
strongly that it is now talking at 1.5Mbit/sec on the SATA.  I'm
wondering if it is silently downshifting the SATA speed.  In comparison,
a slower SSD rated at 250MBytes/sec (which can stay within the PCIE x1
lane budget) runs at full speed, of slightly over 250MBytes/sec on the
same controller.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: ahci sata data overruns

[Wolfgang S. Rupprecht]

lee l...@yun.yagibdah.de writes:
 Wolfgang S. Rupprecht wolfgang.ruppre...@gmail.com writes:
 The SSD in question is capable of 550 MByte/sec (Intel 520 SSD), while
 the PCIE controller is only an x1 single lane controller which probbly
 saturates the single lane at 480 MByte/sec.  I'm assuming (perhaps
 incorrectly) that the controller is choking when it receives more data
 from the SATA than it can transmit on the PCIE.

 The bootup kprintf's show a 6Mbit/sec negotiation, but later when I try
 a transfer I see 130 MByte/sec transfers for a raw partition dd, hinting
 strongly that it is now talking at 1.5Mbit/sec on the SATA.  I'm
 wondering if it is silently downshifting the SATA speed.  In comparison,
 a slower SSD rated at 250MBytes/sec (which can stay within the PCIE x1
 lane budget) runs at full speed, of slightly over 250MBytes/sec on the
 same controller.

 Have you tried to change the SATA cable?  You could switch them over and
 see what happens ...

Yes.  I've even swapped cables and SATA port between the good SSD that
runs at 250MBytes/sec and this one.  Same results and the other SSD
still ran at its 250MBytes/sec on the cable and port the mis-behaving
SSD was on.

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

upgraded faster SSD, slower reads

[Wolfgang S. Rupprecht]

I just bought a fast Intel series 520 SSD (240 GB, 550 MBytes/sec) to
replace my slower series 320 SSD (120 GB, 250MBytes/sec).  I was
expecting the speed when reading the ssd to jump from my current read
speeds of around 250 MBytes/sec to (hopefully) something at least twice
that speed.  The specs say the 520 does 550 MBytes/sec for read and
almost that for write.  To my surprise the series 520 was only ~130
MBytes/sec.  This is observed under Fedora-17 using dd if=/dev/sdb2
of=/dev/null bs=64k count=1000.  The board is an older Asus M3A78T and
has been happily running the 320 at full rated speed for 1.5 years.
 
Intel series 320:
 
dd if=/dev/sda2 of=/dev/null bs=64K count=1000
1000+0 records in
1000+0 records out
65536000 bytes (66 MB) copied, 0.254144 s, 258 MB/s
 
Intel series 520:
 
dd if=/dev/sdb2 of=/dev/null bs=64K count=1000
1000+0 records in
1000+0 records out
65536000 bytes (66 MB) copied, 0.494915 s, 132 MB/s
 
These number stay relatively constant, no matter how many seconds of
transfer I do.  Ditto for changing block size (bs=...) up to 1MByte.  I
see these numbers for the 520 when I attach it on the same SATA
3Gbit/sec link as the 320 or if I attach it on a new SATA 6Gbit/sec
controller (Highpoint Rocket 620, a Marvel 88SE9125 PCIe SATA 6.0 Gb/s
controller).  I do see it attach at 3 Gbit/sec on the old controller and
6 Gbit/sec on the new controller.  (So it isn't going down to SATA-1
speeds as far as the printf's I can see indicate.)
 
Is the 520 defective?  Ideas?  The reviews of the 520 all show it
really truly doing  500MBytes/sec.  These suckers can really fly.
Just not for me...

Google searches show that some folks running MS software have had
similar problems and they managed to fix things by downgrading their
BIOS setting to use IDE settings for the SSD.  Other hits mentioned
something about power management on the SATA being the culprit and IDE
drivers nailed the power on instead of letting it flap in the wind.  Is
this something I can turn off from userland without recompiling the
kernel?

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Fixing a crashed disk

[Wolfgang S. Rupprecht]

Alan Cox a...@lxorguk.ukuu.org.uk writes:
 What really matters is whether the drive itself thinks on its smart test
 whether it is likely to be failing not some joke heuristic.

And even then, if the 5-year old Google numbers are still valid, you have
a 1/3 chance of being surprised.

The Google team found that 36% of the failed drives did not exhibit
a single SMART-monitored failure. They concluded that SMART data is
almost useless for predicting the failure of a single drive.

ref: http://storagemojo.com/2007/02/19/googles-disk-failure-experience/

-wolfgang
-- 
g+:  https://plus.google.com/114566345864337108516/about
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org