Re: [DNG] Who remembers rootkit..
On 10/23/18 11:27 AM, Bastiaan van den Berg wrote: Is there any log of the actual issue? -- buZz I made a post with the log last night, but it's now missing, gone, caput, not even in my sent folder or my draft folder.. Here's the log: [ 213.706282] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 213.994776] e1000e: eth0 NIC Link is Down [ 214.238328] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 215.912089] e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: Rx/Tx [ 215.912095] e1000e :00:19.0 eth0: 10/100 speed: disabling TSO [ 215.912130] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready GLib-CRITICAL: Source ID 123 was not found when attempting to remove it What you see is I have brought eth0 down, when it gets to disabling TSO is where the kernel has now bound its self to the kernel via the intel driver e1000e and is trying to get HTTP, my system is using a controversial driver e1000e and it's been pointed out by both Linus and lwn.net where they prefer using the older e1000 but your redhat system will choose the e1000e over the e1000. I see the whole redhat system as being controversial myself, and people you think are trying to help, are just seeking info to make things more obscure, they don't want you to see this kind of stuff or people to talk about this kind of stuff. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/23/18 2:19 PM, eric wrote: On 10/23/18 9:24 AM, Jimmy Johnson wrote: On 10/21/18 2:13 PM, eric wrote: On 10/21/18 11:54 AM, Jimmy Johnson wrote: On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The smart tv has wifi, like all this smart stuff we have today, if First of all it was the Intel system that was giving me the problem, it's now a file server, it's using Trinity desktop on ASCII, the application is 'ksystemlog', and that laptop has 8 systems installed all some kind of KDE and somebody mentioned DRM, I don't know about that, but the behavior was unacceptable, I pulled that laptop and replaced it with another that is not Intel and my system seems normal now even while running the plasma5-desktop, so the problem was intel, driver, firmware, microcode, I don't know, still testing, always testing. Old stable systems like Ubuntu 14.4 + KDE4, Wheezy + KDE4, Devuan Jessie + KDE4 don't seem to have the problem with the Intel HDMI but none of them use kernel version 4.XXX, they are version 2 or 3. All those systems and more are installed on the Intel laptop. Thank you for the information. I downloaded ksystemlog and it is a nice graphical application for viewing many different logs. I think all the computers I work with now are all intel based. I don't run any servers and just support mine and my extended family's computers of whom I have convinced to run GNU/Linux on. My desktop computer uses HDMI to connect to the monitor and I use HDMI on my laptop when using it for presentations. Now have something more to look at to see what is going on "behind the curtain" even though I am sure I will not understand most of it and have to use web searches for messages that look interesting. Thank you, Eric I don't think you will see the audio/video blackout problem with a regular tv, but you may, I have that setup too but not using intel. What I see in the log you should still see, I think anybody using intel will see strange system log just by bringing down eth0 while having no wifi connected, you may have to remark-out hot-plug in /etc/network/interfaces or the device may reconnect whenever you disconnect. What anybody should see when they bring down eth0 is a attempt for the kernel to bring the internet connection back up and will probably succeed, maybe your firewall will stop it from getting outside, maybe not, leave the log open overnight while eth0 is disconnected and you sleep for more reading pleasure. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/23/18 2:19 PM, eric wrote: On 10/23/18 9:24 AM, Jimmy Johnson wrote: On 10/21/18 2:13 PM, eric wrote: On 10/21/18 11:54 AM, Jimmy Johnson wrote: On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The smart tv has wifi, like all this smart stuff we have today, if First of all it was the Intel system that was giving me the problem, it's now a file server, it's using Trinity desktop on ASCII, the application is 'ksystemlog', and that laptop has 8 systems installed all some kind of KDE and somebody mentioned DRM, I don't know about that, but the behavior was unacceptable, I pulled that laptop and replaced it with another that is not Intel and my system seems normal now even while running the plasma5-desktop, so the problem was intel, driver, firmware, microcode, I don't know, still testing, always testing. Old stable systems like Ubuntu 14.4 + KDE4, Wheezy + KDE4, Devuan Jessie + KDE4 don't seem to have the problem with the Intel HDMI but none of them use kernel version 4.XXX, they are version 2 or 3. All those systems and more are installed on the Intel laptop. Thank you for the information. I downloaded ksystemlog and it is a nice graphical application for viewing many different logs. I think all the computers I work with now are all intel based. I don't run any servers and just support mine and my extended family's computers of whom I have convinced to run GNU/Linux on. My desktop computer uses HDMI to connect to the monitor and I use HDMI on my laptop when using it for presentations. Now have something more to look at to see what is going on "behind the curtain" even though I am sure I will not understand most of it and have to use web searches for messages that look interesting. Thank you, Eric I don't think you will see the audio/video blackout problem with a regular tv, but you may, I have that setup too but not using intel. What I see in the log you should still see, I think anybody using intel will see strange system log just by bringing down eth0 while having no wifi connected, you may have to remark-out hot-plug in /eth/network/interfaces or the device may reconnect whenever you disconnect. What anybody should see when they bring down eth0 is a attempt for the kernel to bring the internet connection back up and will probably succeed, maybe your firewall will stop it from getting outside, maybe not, leave the log open overnight while eth0 is disconnected and you sleep for more reading pleasure. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/23/18 9:24 AM, Jimmy Johnson wrote: On 10/21/18 2:13 PM, eric wrote: On 10/21/18 11:54 AM, Jimmy Johnson wrote: On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The smart tv has wifi, like all this smart stuff we have today, if First of all it was the Intel system that was giving me the problem, it's now a file server, it's using Trinity desktop on ASCII, the application is 'ksystemlog', and that laptop has 8 systems installed all some kind of KDE and somebody mentioned DRM, I don't know about that, but the behavior was unacceptable, I pulled that laptop and replaced it with another that is not Intel and my system seems normal now even while running the plasma5-desktop, so the problem was intel, driver, firmware, microcode, I don't know, still testing, always testing. Old stable systems like Ubuntu 14.4 + KDE4, Wheezy + KDE4, Devuan Jessie + KDE4 don't seem to have the problem with the Intel HDMI but none of them use kernel version 4.XXX, they are version 2 or 3. All those systems and more are installed on the Intel laptop. Thank you for the information. I downloaded ksystemlog and it is a nice graphical application for viewing many different logs. I think all the computers I work with now are all intel based. I don't run any servers and just support mine and my extended family's computers of whom I have convinced to run GNU/Linux on. My desktop computer uses HDMI to connect to the monitor and I use HDMI on my laptop when using it for presentations. Now have something more to look at to see what is going on "behind the curtain" even though I am sure I will not understand most of it and have to use web searches for messages that look interesting. Thank you, Eric ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
Is there any log of the actual issue? -- buZz ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 11:54 AM, Jimmy Johnson wrote: On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/10/18 21:10, Jimmy Johnson wrote: I first noticed it while testing Stretch, I run a multimedia setup no problem with Jessie without systemd or wheezy, I was running a intel laptop HDMI to a big screen smart tv, the screen would go black and the audio would stop, I'm not the only on who has seen the problem as it's been mentioned on the Debian mailing list. Since then I have ran it on other systems, like Devuan, PCLinuxOS and Slackware too and have seen the the problem in real time while looking at the system log and I would see the kernel making calls to get a outside HTTP, I bring down my net connection and the kernel calls avahi daemon to bring it back up and make a HTTP connection, I stop avahi daemon and the kernel binds with the NIC and tries to get outside HTTP, that's where my firewall stops it. But the kernel keeps trying over and over and over endlessly to get outside HTTP and all this makes it imposable to watch my movie. Using the Intel laptop was convenient, but I got the idea to try my AMD nvidia desktop, I got the same kernel activity but no interference with audio/video, I'm now using ATI Radeon laptop, works the same as nvidia or maybe it's because their both AMD as I don't have nvidia or ATI running on a intel system that I can test. Questions? Is the cable perhaps 1.4 type with built-in Ethernet? Wonder if that might have something to do with it too. The SmartTV might be doing the communication attempts. Maybe it is trying to tattle on you for using video that it /thinks/ is breaking digital rights.. maybe something else entirely. If the kernel is making the HTTP calls, it might be under direction of the video driver that is able to network with the screen via the HDMI cable. Cheers The smart tv has wifi, like all this smart stuff we have today, if the HDMI cable has internet, I doubt it, just audio and video. Just so everybody knows the laptop for multimedia, amd radeon has a new from scratch install of ASCII, I've let it set overnight with a movie on pause and the log is open and running live and while I've had the net down the log says:eth0 link down, receive packet failed, dhclent failed to send 300 byte long packet over fallback interface(what fallback interface?), and last is send_packet: please consult README file regarding broadcast address. That was the last log, since I brought the net down and it's much, much quieter and seems to be behaving its self and my audio/video seem to be perfect. I have a computer to repair, a laptop with no power, as I suffer spine & nerve damage & constant pain it maybe a all day job. So I will be checking comments when I can. But for ASCII and it seems to be behaving its self, that is great, with the intel its behavior was crazy. Thanks, The whole Intel HDMI Laptop thing I don't think I would have ever seen if not using the HDMI connected to a smart tv, but I put the blame on the Intel system because the kernel activity continue even while HDMI is not in use. Apparently there is some controversy over intel driver e1000 or using e1000e noted by both lwn.net and Linus, apparently e1000e is used even when not needed or wanted. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 2:13 PM, eric wrote: On 10/21/18 11:54 AM, Jimmy Johnson wrote: On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The smart tv has wifi, like all this smart stuff we have today, if the HDMI cable has internet, I doubt it, just audio and video. Just so everybody knows the laptop for multimedia, amd radeon has a new from scratch install of ASCII, I've let it set overnight with a movie on pause and the log is open and running live and while I've had the net down the log says:eth0 link down, receive packet failed, dhclent failed to send 300 byte long packet over fallback interface(what fallback interface?), and last is send_packet: please consult README file regarding broadcast address. That was the last log, since I brought the net down and it's much, much quieter and seems to be behaving its self and my audio/video seem to be perfect. I have a computer to repair, a laptop with no power, as I suffer spine & nerve damage & constant pain it maybe a all day job. So I will be checking comments when I can. But for ASCII and it seems to be behaving its self, that is great, with the intel its behavior was crazy. Thanks, Hello Mr. Jimmy Johnson, I am just a casual GNU/Linux user who is very much interested in the Devuan project and I know next to nothing about networking and firewalls. I just use what the default is on installation. I just wanted to ask what log you are viewing and the method you are using to view the log file. I would like to check what kind of messages are being generated on my system. Thank you, Eric First of all it was the Intel system that was giving me the problem, it's now a file server, it's using Trinity desktop on ASCII, the application is 'ksystemlog', and that laptop has 8 systems installed all some kind of KDE and somebody mentioned DRM, I don't know about that, but the behavior was unacceptable, I pulled that laptop and replaced it with another that is not Intel and my system seems normal now even while running the plasma5-desktop, so the problem was intel, driver, firmware, microcode, I don't know, still testing, always testing. Old stable systems like Ubuntu 14.4 + KDE4, Wheezy + KDE4, Devuan Jessie + KDE4 don't seem to have the problem with the Intel HDMI but none of them use kernel version 4.XXX, they are version 2 or 3. All those systems and more are installed on the Intel laptop. The intel laptop log after bringing eth0 down, in this case it seems to be using(Binding with) e1000e(The NIC) to get outside, unless I'm reading this wrong, this is the end of the log: [ 213.706282] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 213.994776] e1000e: eth0 NIC Link is Down [ 214.238328] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 215.912089] e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: Rx/Tx [ 215.912095] e1000e :00:19.0 eth0: 10/100 speed: disabling TSO(Something to do with ethtool in the intel nic driver, the kernel is now using the NIC driver(ethtool) to get HTTP.) [ 215.912130] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready GLib-CRITICAL: Source ID 123 was not found when attempting to remove it --- Worth noting, I've seen the kernel also use avahi-daemon, but the avahi-daemon is not installed on my ASCII, I've also removed avahi-autopid, but I've also stopped avahi-daemon in the past and that's when the kernel did bind with the NIC and ask for a HTTP, and that's what it seems to be doing now, I expect to see bugs up stream, but the kernel binding with my NIC. Why? When I bring eth0 down that means I don't want a internet connection and I expect that choice to honored. Am I wrong? cron was making a lot of noise and I don't use it so I stopped cron in crontab, I don't think I have a reason to run cron? and HDMI is no longer in use, just using laptop speakers and analog output, but the strange kernel behavior still seems to persist. Also worth noting, you used to have to turn things on to get service, now it seems the opposite is the rule, why so much automation. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 11:54 AM, Jimmy Johnson wrote: On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The smart tv has wifi, like all this smart stuff we have today, if the HDMI cable has internet, I doubt it, just audio and video. Just so everybody knows the laptop for multimedia, amd radeon has a new from scratch install of ASCII, I've let it set overnight with a movie on pause and the log is open and running live and while I've had the net down the log says:eth0 link down, receive packet failed, dhclent failed to send 300 byte long packet over fallback interface(what fallback interface?), and last is send_packet: please consult README file regarding broadcast address. That was the last log, since I brought the net down and it's much, much quieter and seems to be behaving its self and my audio/video seem to be perfect. I have a computer to repair, a laptop with no power, as I suffer spine & nerve damage & constant pain it maybe a all day job. So I will be checking comments when I can. But for ASCII and it seems to be behaving its self, that is great, with the intel its behavior was crazy. Thanks, Hello Mr. Jimmy Johnson, I am just a casual GNU/Linux user who is very much interested in the Devuan project and I know next to nothing about networking and firewalls. I just use what the default is on installation. I just wanted to ask what log you are viewing and the method you are using to view the log file. I would like to check what kind of messages are being generated on my system. Thank you, Eric ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 6:24 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/10/18 21:10, Jimmy Johnson wrote: I first noticed it while testing Stretch, I run a multimedia setup no problem with Jessie without systemd or wheezy, I was running a intel laptop HDMI to a big screen smart tv, the screen would go black and the audio would stop, I'm not the only on who has seen the problem as it's been mentioned on the Debian mailing list. Since then I have ran it on other systems, like Devuan, PCLinuxOS and Slackware too and have seen the the problem in real time while looking at the system log and I would see the kernel making calls to get a outside HTTP, I bring down my net connection and the kernel calls avahi daemon to bring it back up and make a HTTP connection, I stop avahi daemon and the kernel binds with the NIC and tries to get outside HTTP, that's where my firewall stops it. But the kernel keeps trying over and over and over endlessly to get outside HTTP and all this makes it imposable to watch my movie. Using the Intel laptop was convenient, but I got the idea to try my AMD nvidia desktop, I got the same kernel activity but no interference with audio/video, I'm now using ATI Radeon laptop, works the same as nvidia or maybe it's because their both AMD as I don't have nvidia or ATI running on a intel system that I can test. Questions? Is the cable perhaps 1.4 type with built-in Ethernet? Wonder if that might have something to do with it too. The SmartTV might be doing the communication attempts. Maybe it is trying to tattle on you for using video that it /thinks/ is breaking digital rights.. maybe something else entirely. If the kernel is making the HTTP calls, it might be under direction of the video driver that is able to network with the screen via the HDMI cable. Cheers The smart tv has wifi, like all this smart stuff we have today, if the HDMI cable has internet, I doubt it, just audio and video. Just so everybody knows the laptop for multimedia, amd radeon has a new from scratch install of ASCII, I've let it set overnight with a movie on pause and the log is open and running live and while I've had the net down the log says:eth0 link down, receive packet failed, dhclent failed to send 300 byte long packet over fallback interface(what fallback interface?), and last is send_packet: please consult README file regarding broadcast address. That was the last log, since I brought the net down and it's much, much quieter and seems to be behaving its self and my audio/video seem to be perfect. I have a computer to repair, a laptop with no power, as I suffer spine & nerve damage & constant pain it maybe a all day job. So I will be checking comments when I can. But for ASCII and it seems to be behaving its self, that is great, with the intel its behavior was crazy. Thanks, -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/10/18 21:10, Jimmy Johnson wrote: > I first noticed it while testing Stretch, I run a multimedia setup > no problem with Jessie without systemd or wheezy, I was running a > intel laptop HDMI to a big screen smart tv, the screen would go > black and the audio would stop, I'm not the only on who has seen > the problem as it's been mentioned on the Debian mailing list. > Since then I have ran it on other systems, like Devuan, PCLinuxOS > and Slackware too and have seen the the problem in real time while > looking at the system log and I would see the kernel making calls > to get a outside HTTP, I bring down my net connection and the > kernel calls avahi daemon to bring it back up and make a HTTP > connection, I stop avahi daemon and the kernel binds with the NIC > and tries to get outside HTTP, that's where my firewall stops it. > But the kernel keeps trying over and over and over endlessly to > get outside HTTP and all this makes it imposable to watch my movie. > Using the Intel laptop was convenient, but I got the idea to try my > AMD nvidia desktop, I got the same kernel activity but no > interference with audio/video, I'm now using ATI Radeon laptop, > works the same as nvidia or maybe it's because their both AMD as I > don't have nvidia or ATI running on a intel system that I can > test. > > Questions? Is the cable perhaps 1.4 type with built-in Ethernet? Wonder if that might have something to do with it too. The SmartTV might be doing the communication attempts. Maybe it is trying to tattle on you for using video that it /thinks/ is breaking digital rights.. maybe something else entirely. If the kernel is making the HTTP calls, it might be under direction of the video driver that is able to network with the screen via the HDMI cable. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8x+CQAKCRCoFmvLt+/i +w1SAQDK1eXGm8fdtu7vmydvNeJzrLB3UCK/CKAX24xGGSX35QD9GLIqVQCJaoUw GsPPNGOYwpz0fw/tj6IZj576OYlTZ7I= =S3xz -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 4:15 AM, m712 wrote: This is not related to systemd. It sounds more like Xrandr and pulseaudio/alsa favoring your HDMI more than your laptop. The Linux kernel doesn't "know" about avahi daemon in the sense that there is no code for it in the Linux source tree. Did you ever log those HTTP requests by chance? Thanks for top posting. Yes they are logged and just as I wrote. What part is it that you don't believe? -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
This is not related to systemd. It sounds more like Xrandr and pulseaudio/alsa favoring your HDMI more than your laptop. The Linux kernel doesn't "know" about avahi daemon in the sense that there is no code for it in the Linux source tree. Did you ever log those HTTP requests by chance? On October 21, 2018 1:10:27 PM GMT+03:00, Jimmy Johnson wrote: >On 10/21/18 1:19 AM, Andrew McGlashan wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Hi Rick, >> >> On 21/10/18 14:42, Rick Moen wrote: >>> Quoting Jimmy Johnson (field.engin...@gmail.com): >>> Who remembers when rootkit hunter started showing problems and Debian said they where false positive problems? I think it was sometime during the development of Stretch. Well they fixed rootkit hunter to not show those problems any longer and so goes systemd, one BIG FAT security problem and has made security software pretty much useless. At lest with a firewall and no systemd you can stop kernel calls to get outside http or at lest I can. I think it's to bad we have to live with a kernel that's passing our activity to outside sources. I have this stuff logged, it can't be denied. >> >> I think he means the callout by some systemd setup that does a http >or >> some other test for "connenctivity" ... perhaps it is more than that, >> but that alone is a concern. It was suggested in /that/ thread to >> which I think he is talking about, that the test should be to the >> router or the first outside gateway from your local network. >> >> Anyways, I'm not too sure. >> >> Cheers > >Thanks for the post. > >I first noticed it while testing Stretch, I run a multimedia setup no >problem with Jessie without systemd or wheezy, I was running a intel >laptop HDMI to a big screen smart tv, the screen would go black and the > >audio would stop, I'm not the only on who has seen the problem as it's >been mentioned on the Debian mailing list. Since then I have ran it on >other systems, like Devuan, PCLinuxOS and Slackware too and have seen >the the problem in real time while looking at the system log and I >would >see the kernel making calls to get a outside HTTP, I bring down my net >connection and the kernel calls avahi daemon to bring it back up and >make a HTTP connection, I stop avahi daemon and the kernel binds with >the NIC and tries to get outside HTTP, that's where my firewall stops >it. But the kernel keeps trying over and over and over endlessly to >get >outside HTTP and all this makes it imposable to watch my movie. Using >the Intel laptop was convenient, but I got the idea to try my AMD >nvidia >desktop, I got the same kernel activity but no interference with >audio/video, I'm now using ATI Radeon laptop, works the same as nvidia >or maybe it's because their both AMD as I don't have nvidia or ATI >running on a intel system that I can test. > >Questions? >-- >Jimmy Johnson > >Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 >Registered Linux User #380263 > >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng m712 -- https://nextchan.org -- https://gitgud.io/blazechan/blazechan I am awake between 3AM-8PM UTC, HMU if the site's broken ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 2:50 AM, Arnt Karlsen wrote: On Sun, 21 Oct 2018 02:33:33 -0700, Jimmy wrote in message : On 10/21/18 2:16 AM, m712 wrote: Nobody can help you if you don't explain your point. The only thing we got so far is your conspiracy theory of rkhunter masking "false"-false-positives for systemd and an incoherent claim of the Linux kernel doing HTTP requests to somewhere. What makes your post helpful? ..to me, it helps ID you as a wannabe black flag systemd shill fishing with Fox "News" type "news" bait. Bye, felicia. Thanks, never thought of using Fox News, here where I live Fox and CBS are both the same station and location and I have them on twitter. But I'm not a shill and I don't lie. By the way, I know what MS Troll is but what's systemd shill? -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 21-10-18 12:10, Jimmy Johnson wrote: > > Thanks for the post. > > I first noticed it while testing Stretch, I run a multimedia setup no > problem with Jessie without systemd or wheezy, I was running a intel > laptop HDMI to a big screen smart tv, the screen would go black and > the audio would stop, I'm not the only on who has seen the problem as > it's been mentioned on the Debian mailing list. Since then I have ran > it on other systems, like Devuan, PCLinuxOS and Slackware too and have > seen the the problem in real time while looking at the system log and > I would see the kernel making calls to get a outside HTTP, I bring > down my net connection and the kernel calls avahi daemon to bring it > back up and make a HTTP connection, I stop avahi daemon and the kernel > binds with the NIC and tries to get outside HTTP, that's where my > firewall stops it. But the kernel keeps trying over and over and over > endlessly to get outside HTTP and all this makes it imposable to watch > my movie. Using the Intel laptop was convenient, but I got the idea > to try my AMD nvidia desktop, I got the same kernel activity but no > interference with audio/video, I'm now using ATI Radeon laptop, works > the same as nvidia or maybe it's because their both AMD as I don't > have nvidia or ATI running on a intel system that I can test. > > Questions? Sounds like you have DRM enabled in your system which phones home for a authorization check. You may be should avoid the non-free repos. Or compile your own kernel. Grtz. Nick signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 1:19 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Rick, On 21/10/18 14:42, Rick Moen wrote: Quoting Jimmy Johnson (field.engin...@gmail.com): Who remembers when rootkit hunter started showing problems and Debian said they where false positive problems? I think it was sometime during the development of Stretch. Well they fixed rootkit hunter to not show those problems any longer and so goes systemd, one BIG FAT security problem and has made security software pretty much useless. At lest with a firewall and no systemd you can stop kernel calls to get outside http or at lest I can. I think it's to bad we have to live with a kernel that's passing our activity to outside sources. I have this stuff logged, it can't be denied. I think he means the callout by some systemd setup that does a http or some other test for "connenctivity" ... perhaps it is more than that, but that alone is a concern. It was suggested in /that/ thread to which I think he is talking about, that the test should be to the router or the first outside gateway from your local network. Anyways, I'm not too sure. Cheers Thanks for the post. I first noticed it while testing Stretch, I run a multimedia setup no problem with Jessie without systemd or wheezy, I was running a intel laptop HDMI to a big screen smart tv, the screen would go black and the audio would stop, I'm not the only on who has seen the problem as it's been mentioned on the Debian mailing list. Since then I have ran it on other systems, like Devuan, PCLinuxOS and Slackware too and have seen the the problem in real time while looking at the system log and I would see the kernel making calls to get a outside HTTP, I bring down my net connection and the kernel calls avahi daemon to bring it back up and make a HTTP connection, I stop avahi daemon and the kernel binds with the NIC and tries to get outside HTTP, that's where my firewall stops it. But the kernel keeps trying over and over and over endlessly to get outside HTTP and all this makes it imposable to watch my movie. Using the Intel laptop was convenient, but I got the idea to try my AMD nvidia desktop, I got the same kernel activity but no interference with audio/video, I'm now using ATI Radeon laptop, works the same as nvidia or maybe it's because their both AMD as I don't have nvidia or ATI running on a intel system that I can test. Questions? -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On Sun, 21 Oct 2018 02:33:33 -0700, Jimmy wrote in message : > On 10/21/18 2:16 AM, m712 wrote: > > Nobody can help you if you don't explain your point. The only thing > > we got so far is your conspiracy theory of rkhunter masking > > "false"-false-positives for systemd and an incoherent claim of the > > Linux kernel doing HTTP requests to somewhere. > > What makes your post helpful? ..to me, it helps ID you as a wannabe black flag systemd shill fishing with Fox "News" type "news" bait. Bye, felicia. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 2:16 AM, m712 wrote: Nobody can help you if you don't explain your point. The only thing we got so far is your conspiracy theory of rkhunter masking "false"-false-positives for systemd and an incoherent claim of the Linux kernel doing HTTP requests to somewhere. What makes your post helpful? -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
Nobody can help you if you don't explain your point. The only thing we got so far is your conspiracy theory of rkhunter masking "false"-false-positives for systemd and an incoherent claim of the Linux kernel doing HTTP requests to somewhere. On October 21, 2018 11:46:07 AM GMT+03:00, Jimmy Johnson wrote: >On 10/21/18 1:00 AM, m712 wrote: >> Why do you think people will help you if you can't give any specifics >and keep shouting expletives at people? > >Let me know when someone is trying to help? :) >-- >Jimmy Johnson > >Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 >Registered Linux User #380263 > >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng m712 -- https://nextchan.org -- https://gitgud.io/blazechan/blazechan I am awake between 3AM-8PM UTC, HMU if the site's broken ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 1:00 AM, m712 wrote: Why do you think people will help you if you can't give any specifics and keep shouting expletives at people? Let me know when someone is trying to help? :) -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Rick, On 21/10/18 14:42, Rick Moen wrote: > Quoting Jimmy Johnson (field.engin...@gmail.com): > >> Who remembers when rootkit hunter started showing problems and >> Debian said they where false positive problems? I think it was >> sometime during the development of Stretch. Well they fixed >> rootkit hunter to not show those problems any longer and so goes >> systemd, one BIG FAT security problem and has made security >> software pretty much useless. At lest with a firewall and no >> systemd you can stop kernel calls to get outside http or at lest >> I can. I think it's to bad we have to live with a kernel that's >> passing our activity to outside sources. I have this stuff >> logged, it can't be denied. I think he means the callout by some systemd setup that does a http or some other test for "connenctivity" ... perhaps it is more than that, but that alone is a concern. It was suggested in /that/ thread to which I think he is talking about, that the test should be to the router or the first outside gateway from your local network. Anyways, I'm not too sure. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8w2nAAKCRCoFmvLt+/i ++iFAQC82Ew5AvLbmau+s0hMBK7CwZKTu2UMDWvr6e6EIYbZ1gD/f8PxCIXBNCq5 fRJIig7kLjUFY/RxwN/qACxg0dy6JBU= =A6fC -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
Why do you think people will help you if you can't give any specifics and keep shouting expletives at people? On October 21, 2018 10:55:18 AM GMT+03:00, Jimmy Johnson wrote: >On 10/21/18 12:35 AM, Rick Moen wrote: >> Quoting Jimmy Johnson (field.engin...@gmail.com): >> >>> Who says you have to read my post >> >> You know, never mind. Much is now clearer. > >What's clearer Rick, how you can save Linux or you've found someone you > >can't F*** with? Are you a good guy or a bad guy? >-- >Jimmy Johnson > >Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 >Registered Linux User #380263 > >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng m712 -- https://nextchan.org -- https://gitgud.io/blazechan/blazechan I am awake between 3AM-8PM UTC, HMU if the site's broken ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 12:35 AM, Rick Moen wrote: Quoting Jimmy Johnson (field.engin...@gmail.com): Who says you have to read my post You know, never mind. Much is now clearer. What's clearer Rick, how you can save Linux or you've found someone you can't F*** with? Are you a good guy or a bad guy? -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
Quoting Jimmy Johnson (field.engin...@gmail.com): > Who says you have to read my post You know, never mind. Much is now clearer. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/21/18 12:06 AM, Rick Moen wrote: Quoting Jimmy Johnson (field.engin...@gmail.com): Don't take this the wrong way but it sounds like you didn't read or recall the incident I remember. And you have nothing helpful to add? No, I really do not. And I'm not up for groping around in archives for an unspecified and apparently rather bizarre incident. One more time: Are you talking about a Devuan-provided kernel? If so, what 'kernel calls to get outside http' are you talking about it making? Please detail what you're talking about. If you're not talking about a Devuan-provided kernel, what is your point in vaguely handwaving about it here? Who says you have to read my post, what service do you provide to Devuan or Linux, you just here to make noise, you bigger and smarter than me? You mess with me and I'll put you in your place and I don't care who the F*** you think you are or how much money you make or how big your gun is or any other such crap. Does that help? Just encase, what service do you provide and I will apologize if I have miss judged you. :) -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
Quoting Jimmy Johnson (field.engin...@gmail.com): > Don't take this the wrong way but it sounds like you didn't read or > recall the incident I remember. And you have nothing helpful to add? No, I really do not. And I'm not up for groping around in archives for an unspecified and apparently rather bizarre incident. One more time: Are you talking about a Devuan-provided kernel? If so, what 'kernel calls to get outside http' are you talking about it making? Please detail what you're talking about. If you're not talking about a Devuan-provided kernel, what is your point in vaguely handwaving about it here? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
On 10/20/18 8:42 PM, Rick Moen wrote: Quoting Jimmy Johnson (field.engin...@gmail.com): Who remembers when rootkit hunter started showing problems and Debian said they where false positive problems? I think it was sometime during the development of Stretch. Well they fixed rootkit hunter to not show those problems any longer and so goes systemd, one BIG FAT security problem and has made security software pretty much useless. At lest with a firewall and no systemd you can stop kernel calls to get outside http or at lest I can. I think it's to bad we have to live with a kernel that's passing our activity to outside sources. I have this stuff logged, it can't be denied. I hope you won't take this the wrong way, but: What specifically are you talking about? The first 60% of that paragraph seems to be some sort of odd and rather elliptical complaint about systemd. The latter 40% appears to be a comment (one with no obvious segue from the first 60%) about some sort of bad behaviour by your kernel. Perhaps you wouldn't mind explaining. And perhaps switching to a more meaningful Subject header, while you're at it. (rkhunter throughout its history has had problems with Type I errors aka false positives, and probably that will remain an ongoing problem.) Don't take this the wrong way but it sounds like you didn't read or recall the incident I remember. And you have nothing helpful to add? Errors while testing upstream can tell tales, a lot of adjustments where made to Debian in order to accommodate systemd, I have a hard time seeing where the user received any accommodations. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
Quoting Jimmy Johnson (field.engin...@gmail.com): > Who remembers when rootkit hunter started showing problems and > Debian said they where false positive problems? I think it was > sometime during the development of Stretch. Well they fixed rootkit > hunter to not show those problems any longer and so goes systemd, > one BIG FAT security problem and has made security software pretty > much useless. At lest with a firewall and no systemd you can stop > kernel calls to get outside http or at lest I can. I think it's to > bad we have to live with a kernel that's passing our activity to > outside sources. I have this stuff logged, it can't be denied. I hope you won't take this the wrong way, but: What specifically are you talking about? The first 60% of that paragraph seems to be some sort of odd and rather elliptical complaint about systemd. The latter 40% appears to be a comment (one with no obvious segue from the first 60%) about some sort of bad behaviour by your kernel. Perhaps you wouldn't mind explaining. And perhaps switching to a more meaningful Subject header, while you're at it. (rkhunter throughout its history has had problems with Type I errors aka false positives, and probably that will remain an ongoing problem.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Who remembers rootkit..
Who remembers when rootkit hunter started showing problems and Debian said they where false positive problems? I think it was sometime during the development of Stretch. Well they fixed rootkit hunter to not show those problems any longer and so goes systemd, one BIG FAT security problem and has made security software pretty much useless. At lest with a firewall and no systemd you can stop kernel calls to get outside http or at lest I can. I think it's to bad we have to live with a kernel that's passing our activity to outside sources. I have this stuff logged, it can't be denied. -- Jimmy Johnson Slackware64 Current - KDE 4.14.38 - AMD A8-7600 - EXT4 at sda9 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
