Re: [gentoo-user] Multi monitor and fullscreen games
Am 02.01.2013 06:25, schrieb Sebastian Beßler: On 01.01.2013 16:13, Florian Philipp wrote: With that, fullscreen applications work for me. Some still deactivate the second display or change the resolution but otherwise it works just fine. I tried it and it does not help at all, nothing changed. The games still stretch over both screens when in fullscreen. Someone else any idea? Greetings Sebastian Beßler Make sure all direct and indirect dependencies have USE=xinerama. Specifically: x11-libs/qt-gui x11-libs/gtk+ media-libs/libsdl app-emulation/wine Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Ethernet Machination
On 2013-01-01 7:55 PM, Canek Peláez Valdés can...@gmail.com wrote: On Tue, Jan 1, 2013 at 6:50 PM, James wirel...@tampabay.rr.com wrote: So now that only one ethernet shows up, how do I prevent udev from renaming eth0 to eth3? Check /etc/udev/rules.d/70-persistent-net.rules. Probably the old (fried) ethernet card is listed there (along with other stuff). Leave out everything except your PCI card (the MAC address is how you tell them appart). Worst case, delete the file (after saving a copy), and see if udev automagically solves everything by itself. Also, be sure that you have completely disabled the integrated ethernet in the BIOS, otherwise gentoo/udev may still 'see' it even if it isn't working...
Re: [gentoo-user] Good/better/best filesystem for large, static video library?
On Thu, 27 Dec 2012 02:18:00 +0200, Alan McKinnon wrote: There is no more weird partitions from the days of DOS, no PV/VG/LV to remember the details of. There is only storage and ZFS knows what I want to happen with each chunk of it. A chunk (my term) in this context is a directory and everything below it. ZFS doesn't have partitions and filesystems. It has volumes. A volume is sort of a cross between a filesystem (you mount it and can assign quotas to it) and a directory (you assign permissions and ownerships to it). You can overcommit storage space and quotas - you do not get disk full errors and three days of nightmares while you figure out how to deal with this. the FS just tells you it used more than the allocated space and keeps telling you till you get it under the limit. I've been looking at zfsonlinux and it looks a lot simpler than the layers of RAID and LVM, but what about encryption. Can I encrypt directories within ZFS or do I have to use something like ecryptfs on top of it? -- Neil Bothwick A clean desk is a sign of a cluttered desk drawer. signature.asc Description: PGP signature
Re: [gentoo-user] Heads up if you start X with startx; xorg-server suid flag
On Mon, 31 Dec 2012 07:40:29 +0100, Volker Armin Hemmann wrote: * According to /usr/portage/x11-base/xorg-server/ChangeLog USE=suid has been enabled as of December 20, 2012. If you do not enable it, you will not be able to run startx as a regular user. xdm and other X login managers will still work. what do we learn? always use -v That makes it harder to spot the changes and the new falgs are buried in the noise of the unchanged ones. always read the output always check the meaning of changed/added flags. And don't use USE=-* unless you want to spend time fixing things like this. -- Neil Bothwick WinErr 012: Window closed - Do not look inside signature.asc Description: PGP signature
[gentoo-user] Some fonts missing?
Hi, I am not able to see the characters in certain emoji like flip table, etc. It used to be visible earlier before I did a completely fresh install. Does anyone know which font to install? These are the fonts presently installed on my machine - media-fonts/corefonts media-fonts/freefont-ttf media-fonts/liberation-fonts media-fonts/lohit-fonts media-fonts/ttf-bitstream-vera media-fonts/ubuntu-font-family -- Nilesh Govindarajan http://nileshgr.com
[gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?
Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but nothing that really explains what this table is or does, and when or why I would want/need it. Currently, I have this in my rules (since forever, honestly don't even remember where it came from): *mangle :PREROUTING ACCEPT [1378800222:449528056411] :INPUT ACCEPT [1363738727:447358082301] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1221121261:1103241097263] :POSTROUTING ACCEPT [1221116979:1103240864155] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP COMMIT # Completed on Sun Dec 11 14:11:01 2011 This is on a mail/web server with a static IP, it does not do any NAT and does not act as a perimeter firewall, it only protects itself... Thanks for any pointers to tfm that explains this if there is one, or just for a simple explanation if not...
Re: [gentoo-user] Good/better/best filesystem for large, static video library?
On Wed, 2 Jan 2013 13:04:50 + Neil Bothwick n...@digimed.co.uk wrote: On Thu, 27 Dec 2012 02:18:00 +0200, Alan McKinnon wrote: There is no more weird partitions from the days of DOS, no PV/VG/LV to remember the details of. There is only storage and ZFS knows what I want to happen with each chunk of it. A chunk (my term) in this context is a directory and everything below it. ZFS doesn't have partitions and filesystems. It has volumes. A volume is sort of a cross between a filesystem (you mount it and can assign quotas to it) and a directory (you assign permissions and ownerships to it). You can overcommit storage space and quotas - you do not get disk full errors and three days of nightmares while you figure out how to deal with this. the FS just tells you it used more than the allocated space and keeps telling you till you get it under the limit. I've been looking at zfsonlinux and it looks a lot simpler than the layers of RAID and LVM, but what about encryption. Can I encrypt directories within ZFS or do I have to use something like ecryptfs on top of it? AFAIK, Oracle included encryption in ZFS v30 but this has not been released as opensource. The last OSS version released was 28. What this means to me is that devs could include disk-encryption but they probably won't have a standard to code to, and that implies a whole lotta YMMV. You'd have to use ecryptfs or friends for now. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Good/better/best filesystem for large, static video library?
Am Mittwoch, 2. Januar 2013, 15:38:01 schrieb Alan McKinnon: AFAIK, Oracle included encryption in ZFS v30 but this has not been released as opensource. The last OSS version released was 28. What this means to me is that devs could include disk-encryption but they probably won't have a standard to code to, and that implies a whole lotta YMMV. You'd have to use ecryptfs or friends for now. ecryptfs looks easy to use with zfs: http://pthree.org/2012/08/21/encrypted-zfs-filesystems-on-linux/ -- #163933
[gentoo-user] Re: gentoo netheck
On 2013-01-02, Philip Webb wrote: 130102 Nuno J. Silva wrote: On 2013-01-01, Bryan Gardiner wrote: Today I wanted to install nethack and found it is masked: If you're the only user of your computer, you could also just unmask the version in Portage. The bug is that any user in the games group can edit all save files, so if you want to hack your own saves, go ahead. The main problem is not the cheating, but that nethack does not employ any kind of checks on the scores file when reading it, this effectively enables an attack vector where anyone with access to the scores file can exploit vulnerabilities in nethack simply by writing a specially-crafted score file. Nethack just relies on being setgid to a group and installing the scores file as writeable by that group. Unfortunately, that happens to be the very same games group Gentoo uses to group users who are allowed to play games, therefore rendering nethack's protection useless. Does the insecurity extend beyond Nethack itself ? -- if not, hard-masking it seems a bit draconian: it sb quite safe on a single-user system. It's an attack vector. If it is exploited, it extends to your whole account, plus any system/service whose passwords/credentials are stored in your files. Now if it's a single-user system, the attacker would need to already have access to a user in the games group in your system, and the only account in that group is likely yours, so I doubt there would be a big issue. -- Nuno Silva (aka njsg) http://njsg.sdf-eu.org/
[gentoo-user] Re: Some fonts missing?
On 2013-01-02, Nilesh Govindrajan wrote: Hi, I am not able to see the characters in certain emoji like flip table, etc. It used to be visible earlier before I did a completely fresh install. Does anyone know which font to install? These are the fonts presently installed on my machine - media-fonts/corefonts media-fonts/freefont-ttf media-fonts/liberation-fonts media-fonts/lohit-fonts media-fonts/ttf-bitstream-vera media-fonts/ubuntu-font-family *Where* are you trying to view these characters? I think the dejavu fonts have wider UCS coverage than Bitstream Vera, so you may want to try that. I doubt corefonts offer that much UCS coverage. -- Nuno Silva (aka njsg) http://njsg.sdf-eu.org/
Re: [gentoo-user] Good/better/best filesystem for large, static video library?
On Wed, 02 Jan 2013 15:08:57 +0100, Volker Armin Hemmann wrote: ecryptfs looks easy to use with zfs: http://pthree.org/2012/08/21/encrypted-zfs-filesystems-on-linux/ I found that one on subsequent googling. I had hoped that it would be included in ZFS, meaning I could replace four layers; RAID, LVM, encryption and filesystem, with one. Still, 4-2 is still good. -- Neil Bothwick Top Oxymorons Number 5: Twelve-ounce pound cake signature.asc Description: PGP signature
Re: [gentoo-user] Some fonts missing?
On Wed, Jan 2, 2013 at 5:26 AM, Nilesh Govindrajan m...@nileshgr.com wrote: Hi, I am not able to see the characters in certain emoji like flip table, etc. It used to be visible earlier before I did a completely fresh install. Does anyone know which font to install? These are the fonts presently installed on my machine - media-fonts/corefonts media-fonts/freefont-ttf media-fonts/liberation-fonts media-fonts/lohit-fonts media-fonts/ttf-bitstream-vera media-fonts/ubuntu-font-family -- Nilesh Govindarajan http://nileshgr.com OK, I don't have a clue what a certain emjoi like flip table is, but take a look at the Gentoo Wiki for configuring fonts and then use eselect fontconfig. Not sure if it will help with whatever this thing is you want to see but this has worked pretty well in normal usage for me. HTH, Mark c2stable ~ # eselect fontconfig list Available fontconfig .conf files (* is enabled): [1] 10-autohint.conf * [2] 10-no-sub-pixel.conf [3] 10-sub-pixel-bgr.conf [4] 10-sub-pixel-rgb.conf * [5] 10-sub-pixel-vbgr.conf [6] 10-sub-pixel-vrgb.conf [7] 10-unhinted.conf [8] 20-fix-globaladvance.conf * [9] 20-unhint-small-dejavu-sans-mono.conf * [10] 20-unhint-small-dejavu-sans.conf * [11] 20-unhint-small-dejavu-serif.conf * [12] 20-unhint-small-vera.conf * [13] 25-ttf-arphic-ukai-render.conf * [14] 25-ttf-arphic-uming-bitmaps.conf * [15] 25-ttf-arphic-uming-render.conf * [16] 25-unhint-nonlatin.conf * [17] 30-metric-aliases.conf * [18] 30-urw-aliases.conf * [19] 35-ttf-arphic-ukai-aliases.conf * [20] 35-ttf-arphic-uming-aliases.conf * [21] 40-nonlatin.conf * [22] 41-ttf-arphic-ukai.conf * [23] 41-ttf-arphic-uming.conf * [24] 44-wqy-zenhei.conf * [25] 45-latin.conf * [26] 49-sansserif.conf * [27] 50-user.conf * [28] 51-local.conf * [29] 57-dejavu-sans-mono.conf * [30] 57-dejavu-sans.conf * [31] 57-dejavu-serif.conf * [32] 59-google-droid-sans-mono.conf [33] 59-google-droid-sans.conf [34] 59-google-droid-serif.conf [35] 60-latin.conf * [36] 60-liberation.conf * [37] 64-ttf-arphic-uming.conf * [38] 65-fonts-persian.conf * [39] 65-khmer.conf * [40] 65-nonlatin.conf * [41] 66-ja-ipafonts.conf * [42] 66-takao-fonts.conf [43] 66-wqy-zenhei-sharp-no13px.conf * [44] 66-wqy-zenhei-sharp.conf * [45] 69-unifont.conf * [46] 70-no-bitmaps.conf * [47] 70-yes-bitmaps.conf * [48] 75-ttf-arphic-ukai-select.conf * [49] 80-delicious.conf * [50] 90-synthetic.conf * [51] 90-ttf-arphic-ukai-embolden.conf * [52] 90-ttf-arphic-uming-embolden.conf * c2stable ~ # c2stable ~ # eix -Ic font [I] app-admin/eselect-fontconfig (1.1{tbz2}@02/25/2012): An eselect module to manage /etc/fonts/conf.d symlinks. [I] media-fonts/arphicfonts (0.2.20080216.1{tbz2}@06/07/2012): Chinese TrueType Arphic Fonts [I] media-fonts/corefonts (1-r4{tbz2}@02/25/2012): Microsoft's TrueType core fonts [I] media-fonts/font-alias (1.0.3{tbz2}@02/25/2012): X.Org font aliases [I] media-fonts/font-bitstream-100dpi (1.0.3{tbz2}@02/25/2012): X.Org Bitstream bitmap fonts [I] media-fonts/font-bitstream-75dpi (1.0.3{tbz2}@02/25/2012): X.Org Bitstream bitmap fonts [I] media-fonts/font-bitstream-speedo (1.0.2{tbz2}@02/25/2012): Bitstream Speedo fonts [I] media-fonts/font-bitstream-type1 (1.0.3{tbz2}@02/25/2012): X.Org Bitstream Type 1 fonts [I] media-fonts/font-schumacher-misc (1.1.2{tbz2}@02/25/2012): X.Org Schumacher fonts [I] media-fonts/font-util (1.3.0{tbz2}@06/24/2012): X.Org font utilities [I] media-fonts/freefont-ttf (20090104{tbz2}@02/25/2012): TrueType Unicode fonts from the Free UCS Outline Fonts Project [I] media-fonts/freefonts (0.10-r3{tbz2}@02/25/2012): A Collection of Free Type1 Fonts [I] media-fonts/ipamonafont (1.0.8{tbz2}@06/07/2012): Hacked version of IPA fonts, which is suitable for browsing 2ch [I] media-fonts/ja-ipafonts (003.02-r1{tbz2}@06/07/2012): Japanese TrueType fonts developed by IPA (Information-technology Promotion Agency, Japan) [I] media-fonts/liberation-fonts (2.00.0-r1{tbz2}@08/25/2012): A Helvetica/Times/Courier replacement TrueType font set, courtesy of Red Hat [I] media-fonts/takao-fonts (003.02.01{tbz2}@09/09/2012): A community developed derivatives of IPA Fonts [I] media-fonts/urw-fonts (2.4.9{tbz2}@02/25/2012): free good quality fonts gpl'd by URW++ [I] media-libs/fontconfig (2.8.0-r1(1.0){tbz2}@02/25/2012): A library for configuring and customizing font access [I] virtual/ttf-fonts (1{tbz2}@02/25/2012): Virtual for Serif/Sans/Monospace font packages [I] x11-apps/mkfontdir (1.0.7{tbz2}@06/24/2012): create an index of X font files in a directory [I] x11-apps/mkfontscale (1.1.0{tbz2}@06/24/2012): create an index of scalable font files for X [I] x11-libs/libXfont (1.4.5-r1{tbz2}@11/17/2012): X.Org Xfont library [I] x11-libs/libfontenc (1.1.1{tbz2}@06/24/2012): X.Org fontenc library [I] x11-proto/fontsproto (2.1.2{tbz2}@06/24/2012): X.Org Fonts protocol
Re: [gentoo-user] Some fonts missing?
On Wednesday 02 January 2013 08:15:45 PM IST, Mark Knecht wrote: On Wed, Jan 2, 2013 at 5:26 AM, Nilesh Govindrajan m...@nileshgr.com wrote: Hi, I am not able to see the characters in certain emoji like flip table, etc. It used to be visible earlier before I did a completely fresh install. Does anyone know which font to install? These are the fonts presently installed on my machine - media-fonts/corefonts media-fonts/freefont-ttf media-fonts/liberation-fonts media-fonts/lohit-fonts media-fonts/ttf-bitstream-vera media-fonts/ubuntu-font-family -- Nilesh Govindarajan http://nileshgr.com OK, I don't have a clue what a certain emjoi like flip table is, but take a look at the Gentoo Wiki for configuring fonts and then use eselect fontconfig. Not sure if it will help with whatever this thing is you want to see but this has worked pretty well in normal usage for me. HTH, Mark c2stable ~ # eselect fontconfig list Available fontconfig .conf files (* is enabled): [1] 10-autohint.conf * [2] 10-no-sub-pixel.conf [3] 10-sub-pixel-bgr.conf [4] 10-sub-pixel-rgb.conf * [5] 10-sub-pixel-vbgr.conf [6] 10-sub-pixel-vrgb.conf [7] 10-unhinted.conf [8] 20-fix-globaladvance.conf * [9] 20-unhint-small-dejavu-sans-mono.conf * [10] 20-unhint-small-dejavu-sans.conf * [11] 20-unhint-small-dejavu-serif.conf * [12] 20-unhint-small-vera.conf * [13] 25-ttf-arphic-ukai-render.conf * [14] 25-ttf-arphic-uming-bitmaps.conf * [15] 25-ttf-arphic-uming-render.conf * [16] 25-unhint-nonlatin.conf * [17] 30-metric-aliases.conf * [18] 30-urw-aliases.conf * [19] 35-ttf-arphic-ukai-aliases.conf * [20] 35-ttf-arphic-uming-aliases.conf * [21] 40-nonlatin.conf * [22] 41-ttf-arphic-ukai.conf * [23] 41-ttf-arphic-uming.conf * [24] 44-wqy-zenhei.conf * [25] 45-latin.conf * [26] 49-sansserif.conf * [27] 50-user.conf * [28] 51-local.conf * [29] 57-dejavu-sans-mono.conf * [30] 57-dejavu-sans.conf * [31] 57-dejavu-serif.conf * [32] 59-google-droid-sans-mono.conf [33] 59-google-droid-sans.conf [34] 59-google-droid-serif.conf [35] 60-latin.conf * [36] 60-liberation.conf * [37] 64-ttf-arphic-uming.conf * [38] 65-fonts-persian.conf * [39] 65-khmer.conf * [40] 65-nonlatin.conf * [41] 66-ja-ipafonts.conf * [42] 66-takao-fonts.conf [43] 66-wqy-zenhei-sharp-no13px.conf * [44] 66-wqy-zenhei-sharp.conf * [45] 69-unifont.conf * [46] 70-no-bitmaps.conf * [47] 70-yes-bitmaps.conf * [48] 75-ttf-arphic-ukai-select.conf * [49] 80-delicious.conf * [50] 90-synthetic.conf * [51] 90-ttf-arphic-ukai-embolden.conf * [52] 90-ttf-arphic-uming-embolden.conf * c2stable ~ # c2stable ~ # eix -Ic font [I] app-admin/eselect-fontconfig (1.1{tbz2}@02/25/2012): An eselect module to manage /etc/fonts/conf.d symlinks. [I] media-fonts/arphicfonts (0.2.20080216.1{tbz2}@06/07/2012): Chinese TrueType Arphic Fonts [I] media-fonts/corefonts (1-r4{tbz2}@02/25/2012): Microsoft's TrueType core fonts [I] media-fonts/font-alias (1.0.3{tbz2}@02/25/2012): X.Org font aliases [I] media-fonts/font-bitstream-100dpi (1.0.3{tbz2}@02/25/2012): X.Org Bitstream bitmap fonts [I] media-fonts/font-bitstream-75dpi (1.0.3{tbz2}@02/25/2012): X.Org Bitstream bitmap fonts [I] media-fonts/font-bitstream-speedo (1.0.2{tbz2}@02/25/2012): Bitstream Speedo fonts [I] media-fonts/font-bitstream-type1 (1.0.3{tbz2}@02/25/2012): X.Org Bitstream Type 1 fonts [I] media-fonts/font-schumacher-misc (1.1.2{tbz2}@02/25/2012): X.Org Schumacher fonts [I] media-fonts/font-util (1.3.0{tbz2}@06/24/2012): X.Org font utilities [I] media-fonts/freefont-ttf (20090104{tbz2}@02/25/2012): TrueType Unicode fonts from the Free UCS Outline Fonts Project [I] media-fonts/freefonts (0.10-r3{tbz2}@02/25/2012): A Collection of Free Type1 Fonts [I] media-fonts/ipamonafont (1.0.8{tbz2}@06/07/2012): Hacked version of IPA fonts, which is suitable for browsing 2ch [I] media-fonts/ja-ipafonts (003.02-r1{tbz2}@06/07/2012): Japanese TrueType fonts developed by IPA (Information-technology Promotion Agency, Japan) [I] media-fonts/liberation-fonts (2.00.0-r1{tbz2}@08/25/2012): A Helvetica/Times/Courier replacement TrueType font set, courtesy of Red Hat [I] media-fonts/takao-fonts (003.02.01{tbz2}@09/09/2012): A community developed derivatives of IPA Fonts [I] media-fonts/urw-fonts (2.4.9{tbz2}@02/25/2012): free good quality fonts gpl'd by URW++ [I] media-libs/fontconfig (2.8.0-r1(1.0){tbz2}@02/25/2012): A library for configuring and customizing font access [I] virtual/ttf-fonts (1{tbz2}@02/25/2012): Virtual for Serif/Sans/Monospace font packages [I] x11-apps/mkfontdir (1.0.7{tbz2}@06/24/2012): create an index of X font files in a directory [I] x11-apps/mkfontscale (1.1.0{tbz2}@06/24/2012): create an index of scalable font files for X [I] x11-libs/libXfont
Re: [gentoo-user] Some fonts missing?
On Wed, Jan 2, 2013 at 7:01 AM, Nilesh Govindrajan m...@nileshgr.com wrote: SNIP Turns out that it's a character in CJK. https://bbs.archlinux.org/viewtopic.php?id=126012 Installed bitstream-cyberbit. -- Nilesh Govindarajan http://nileshgr.com Glad it worked. PLEASE - trim your responses when possible. Cheers, Mark
Re: [gentoo-user] Ethernet Machination
On Wed, Jan 2, 2013 at 7:53 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2013-01-01 7:55 PM, Canek Peláez Valdés can...@gmail.com wrote: On Tue, Jan 1, 2013 at 6:50 PM, James wirel...@tampabay.rr.com wrote: So now that only one ethernet shows up, how do I prevent udev from renaming eth0 to eth3? Check /etc/udev/rules.d/70-persistent-net.rules. Probably the old (fried) ethernet card is listed there (along with other stuff). Leave out everything except your PCI card (the MAC address is how you tell them appart). Worst case, delete the file (after saving a copy), and see if udev automagically solves everything by itself. Also, be sure that you have completely disabled the integrated ethernet in the BIOS, otherwise gentoo/udev may still 'see' it even if it isn't working... I once had an onboard NIC go bad, and the PCI NIC I substituted for it wouldn't work unless the onboard NIC was disabled. So disabling onboard hardware may or may not be a net positive. So long as there are no drivers available for the onboard NIC, it won't show up in the net subsystem, so udev won't tie it in under net rules. -- :wq
Re: [gentoo-user] Ethernet Machination
On 2013-01-02 10:24 AM, Michael Mol mike...@gmail.com wrote: I once had an onboard NIC go bad, and the PCI NIC I substituted for it wouldn't work unless the onboard NIC was disabled. So disabling onboard hardware may or may not be a net positive. ? That was confusing - unless you actually meant that the new PCI NIC you substituted for it wouldn't work unless the onboard NIC was ENabled... ? So long as there are no drivers available for the onboard NIC, it won't show up in the net subsystem, so udev won't tie it in under net rules. Ok, good to know, thanks...
Re: [gentoo-user] Ethernet Machination
On Wed, Jan 2, 2013 at 10:35 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2013-01-02 10:24 AM, Michael Mol mike...@gmail.com wrote: I once had an onboard NIC go bad, and the PCI NIC I substituted for it wouldn't work unless the onboard NIC was disabled. So disabling onboard hardware may or may not be a net positive. ? That was confusing - unless you actually meant that the new PCI NIC you substituted for it wouldn't work unless the onboard NIC was ENabled... ? I found your query confusing, and had to read my own text three times to catch it. Very strange how sometimes what we write can come out exactly the opposite of what we think we're writing. So long as there are no drivers available for the onboard NIC, it won't show up in the net subsystem, so udev won't tie it in under net rules. Ok, good to know, thanks... -- :wq
Re: [gentoo-user] Some fonts missing?
On Wed, Jan 02, 2013 at 08:31:36PM +0530, Nilesh Govindrajan wrote: Turns out that it's a character in CJK. https://bbs.archlinux.org/viewtopic.php?id=126012 Installed bitstream-cyberbit. -- Nilesh Govindarajan http://nileshgr.com Try media-fonts/wqy-zenhei for great display of CJK fonts. If you have a dual boot system, and don't have a proclivity towards using your own Windows fonts, then SimSun will be the best. You can simply cp/rsync the desired fonts from the other partition to /usr/share/fonts/TTF/. -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] Re: [OT] codec for video embedded in presentation
2013/1/1 Michael Mol mike...@gmail.com On Tue, Jan 1, 2013 at 5:19 PM, Nuno J. Silva nunojsi...@ist.utl.pt wrote: On 2013-01-01, Stroller wrote: On 30 December 2012, at 11:39, Nuno J. Silva wrote: ... The AVI container has been used by windows for a long time, so I'd say chances are that it will work on more systems, but I can't say for sure. But h264 in an AVI is invalid. AVI is dated and just plain nasty. You should use something else (like h264 in an MP4) if you possibly can. AVI is old, AVI has issues. AVI is not compatible with some codecs. *But* AVI has been around for long enough to be supported by many versions of Windows and Office, and what we're looking for here is whatever offers the broadest support. I don't even think Windows (at least up to 7) has a builtin h264 decoder. At least I remember having to install codecs in Vista and 7 machines in order to view h264 Youtube videos. Did a bit of googling. Windows 7 includes h264 support. In any case, there's something *critically* important missing in most of this discussion about AVI vs something else. Just because Windows supports AVI doesn't mean that Windows includes all possible codecs you might stuff in an AVI. There's h264, there's MPEG, MPEG2, Theora, RLE Windows Media and hundreds of codecs I've forgotten. And that's just video. For audio, there's more variation than there is for WAV[1]. In addition to anything WAVE files might contain, you might find just about anything. There's FLAC, AAC, Speex, MP2a, MP3, Vorbis and thousands more. AVI is just a container. Nothing more. Containers are like ZIP files or tar files, but instead of containing a filesystem, they contain a variable number of audio and video streams in such a way that the audio and video data for a moment in time are close together and easily accessible. The meat is in the audio and video streams, the format of which we call codecs. The big question is what *codecs* are available on the target systems. If you're looking for the absolute widest degree of support, you're looking at DIB encoding for video with uLaw PCM for audio. But that's going to be a *huge* file, because there's no compression at all! The best compression that's going to be available on the widest variety of systems is probably going to be MPEG2 video with MPEG2 layer 3 audio. The best compression that might be available, period, would be h.264, combined with MP4 audio, in an MP4 container. Almost as good results can be had with h.264 video, MP4 audio in an AVI container.[2] So, Francisco, what version of Windows will your slideshow be played on? [1] Yeah, WAVE files aren't exactly simple, either. They can contain different PCM encodings. There's aLaw, uLaw, float... [2] For full effectiveness, h.264 requires features that the AVI container doesn't have. -- :wq Wow, what a class! Thank you a lot, that explained much of my doubts. I had no problems with audio, I use several programs and several codecs for messing around with different audio file formats. But video was still a mystery to me. As a matter of fact, I am not sure on what windows version this presentation will be played, it is a training presentation, so I suppose we can only expect at least XP. I will bring a free MS office player, so that part should not be a problem. And also a K-Lite or any other codecs package installer. Thanks -- Francisco If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have one idea and we exchange these ideas, then each of us will have two ideas. - George Bernard Shaw
Re: [gentoo-user] Multi monitor and fullscreen games
On 02.01.2013 11:55, Florian Philipp wrote: Hello, Make sure all direct and indirect dependencies have USE=xinerama. Specifically: x11-libs/qt-gui x11-libs/gtk+ media-libs/libsdl app-emulation/wine xinerama is enabled global in make.conf so everything and the kitchensink should be build with it. Kind regards Sebastian Beßler signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Multi monitor and fullscreen games
On Wed, Jan 2, 2013 at 9:49 AM, Sebastian Beßler sebast...@darkmetatron.de wrote: SNIP... I don't think I have this problem here but I'd need to emerge a specific game that runs full screen to test. Could you please provide the name of something easy to emerge and test. I ran a game called 0ad a couple of months ago and I was able to make it full screen on one monitor at that time. Also, whereas I think you have two monitors, I have 3 hooked to 2 _different_ Nvidia cards. (a GTX465 driving 2 monitors and an 8400GS driving 1) Since installing the second VGA _none_ of the KDE OpenGL effects have worked. However a friend has two 8400GS cards installed driving 3 monitors and OpenGL works fine for him on all 3 monitors so I figure that's an Nvidia driver issue when the cards are different types. Anyway, I'm attaching my xorg.conf file in case there's something of value there for you. I don't claim it's a very good xorg.conf file but it seems to mostly work for this machine. Please trim responses. HTH, Mark mark@c2stable ~ $ cat /etc/X11/xorg.conf # nvidia-settings: X configuration file generated by nvidia-settings # nvidia-settings: version 275.09.07 (buildmeis...@swio-display-x86-rhel47-03.nvidia.com) Wed Jun 8 14:38:19 PDT 2011 #FontPath/usr/share/fonts/100dpi/ #FontPath/usr/share/fonts/75dpi/ #FontPath/usr/share/fonts/Speedo/ #FontPath/usr/share/fonts/Type1/ #FontPath/usr/share/fonts/corefonts/ #FontPath/usr/share/fonts/cyrillic/ #FontPath/usr/share/fonts/default/ #FontPath/usr/share/fonts/encodings/ #FontPath/usr/share/fonts/freefonts-ttf/ #FontPath/usr/share/fonts/freefonts/ #FontPath/usr/share/fonts/kanjistrokeorders/ #FontPath/usr/share/fonts/misc/ #FontPath/usr/share/fonts/ttf-bitstream-vera/ #FontPath/usr/share/fonts/urw-fonts/ #FontPath/usr/share/fonts/util/ Section ServerLayout Identifier Layout0 Screen 0 Screen0 0 0 Screen 1 Screen1 RightOf Screen0 Screen 2 Screen2 RightOf Screen1 InputDeviceKeyboard0 CoreKeyboard InputDeviceMouse0 CorePointer Option Xinerama 1 Option BlankTime 30 Option StandbyTime 0 Option SuspendTime 0 Option OffTime 240 EndSection Section Files EndSection Section InputDevice # generated from data in /etc/conf.d/gpm Identifier Mouse0 Driver mouse Option Protocol Option Device /dev/input/mice Option Emulate3Buttons no Option ZAxisMapping 4 5 EndSection Section InputDevice # generated from default Identifier Keyboard0 Driver kbd EndSection Section Monitor # HorizSync source: edid, VertRefresh source: edid Identifier Monitor1 VendorName Unknown ModelName Samsung SyncMaster HorizSync 30.0 - 75.0 VertRefresh 56.0 - 61.0 Option DPMS EndSection Section Monitor # HorizSync source: edid, VertRefresh source: edid Identifier Monitor0 VendorName Unknown ModelName Samsung SyncMaster HorizSync 30.0 - 75.0 VertRefresh 56.0 - 61.0 Option DPMS EndSection Section Monitor # HorizSync source: edid, VertRefresh source: edid Identifier Monitor2 VendorName Unknown ModelName Samsung SyncMaster HorizSync 30.0 - 81.0 VertRefresh 56.0 - 75.0 Option DPMS EndSection Section Device Identifier Device1 Driver nvidia VendorName NVIDIA Corporation BoardName GeForce GTX 465 BusID PCI:2:0:0 Screen 1 EndSection Section Device Identifier Device0 Driver nvidia VendorName NVIDIA Corporation BoardName GeForce GTX 465 BusID PCI:2:0:0 Screen 0 EndSection Section Device Identifier Device2 Driver nvidia VendorName NVIDIA Corporation BoardName GeForce 8400GS BusID PCI:4:0:0 EndSection Section Screen Identifier Screen1 Device Device1 MonitorMonitor1 DefaultDepth24 Option TwinView 0 Option metamodes DFP-2: 1920x1080 +0+0 SubSection Display Depth 24 EndSubSection EndSection Section Screen Identifier Screen0 Device Device0 MonitorMonitor0 DefaultDepth24 Option TwinView 0 Option metamodes DFP-0: 1920x1080 +0+0 SubSection Display Depth 24 EndSubSection EndSection Section Screen Identifier Screen2 Device Device2 MonitorMonitor2 DefaultDepth24 Option TwinView 0 Option metamodes 1280x1024 +0+0 SubSection Display Depth 24 EndSubSection EndSection mark@c2stable ~ $
Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?
On 01/02/13 08:38, Tanstaafl wrote: Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but nothing that really explains what this table is or does, and when or why I would want/need it. It allows you to mangle the low level bits of a packet. You only need it for routing gymnastics. Currently, I have this in my rules (since forever, honestly don't even remember where it came from): *mangle :PREROUTING ACCEPT [1378800222:449528056411] :INPUT ACCEPT [1363738727:447358082301] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1221121261:1103241097263] :POSTROUTING ACCEPT [1221116979:1103240864155] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP COMMIT # Completed on Sun Dec 11 14:11:01 2011 The PREROUTING table happens before the routing decision is made. So those rules happen before the network stack decides what to do with a packet. Suppose, for example, that you forward all packets from your LAN to wherever they're supposed to go. You might want to alter the source IP of VPN traffic (which a priori is not from the LAN interface) so that it appears to come from the LAN before you decide whether or not to forward it. The POSTROUTING table is similar, only it happens after the packet's destination is set in stone. So you can, say, change the source IP address in the packet and still have it routed wherever it was going to go originally. This is on a mail/web server with a static IP, it does not do any NAT and does not act as a perimeter firewall, it only protects itself... Thanks for any pointers to tfm that explains this if there is one, or just for a simple explanation if not... I don't know what you were trying to do there, but it doesn't sound like you need it. You might have been trying to block packets in an invalid state. If so, consider using conntrack's --ctstate INVALID to drop them instead.
Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?
On Wednesday 02 Jan 2013 13:38:27 Tanstaafl wrote: Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but nothing that really explains what this table is or does, and when or why I would want/need it. Currently, I have this in my rules (since forever, honestly don't even remember where it came from): *mangle :PREROUTING ACCEPT [1378800222:449528056411] :INPUT ACCEPT [1363738727:447358082301] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1221121261:1103241097263] :POSTROUTING ACCEPT [1221116979:1103240864155] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP COMMIT # Completed on Sun Dec 11 14:11:01 2011 This is on a mail/web server with a static IP, it does not do any NAT and does not act as a perimeter firewall, it only protects itself... Thanks for any pointers to tfm that explains this if there is one, or just for a simple explanation if not... The rules you show above do not do any mangling. They just filter out packets during prerouting with certain tcp flags. You would mangle packets if you needed to change some headers, e.g. ToS field and TTL. You could also set a MARK value so that you can thereafter process the MARK'ed packet accordingly (e.g. limit bandwidth for such packets, or do some fancy routing for them) If you have a look at 'man iptables-extensions' it gives some examples of using -t mangle. I haven't looked in Google recently, but there should be some examples there too. -- Regards, Mick smime.p7s Description: S/MIME cryptographic signature
[gentoo-user] Re: Some fonts missing?
On Wed, 02 Jan 2013 18:56:33 +0530 Nilesh Govindrajan m...@nileshgr.com wrote: I am not able to see the characters in certain emoji like flip table, etc. It used to be visible earlier before I did a completely fresh install. Does anyone know which font to install? Try media-fonts/symbola
Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?
On 2013-01-02 2:01 PM, Mick michaelkintz...@gmail.com wrote: If you have a look at 'man iptables-extensions' it gives some examples of using -t mangle. I haven't looked in Google recently, but there should be some examples there too. Oh, ok - so, if I don't have any rules that use the 'mangle' command, then I can safely remove mangle support from my kernel and lose the mangle table altogether? Thanks guys...
[gentoo-user] Re: Ethernet Machination
Mark Knecht markknecht at gmail.com writes: So now that only one ethernet shows up, how do I prevent udev from renaming eth0 to eth3? Probably remove any net-persistent rules that are hanging around. That should free up udev to do more of what you suspect. Yep, I did this to see if udev would build the new rules.. mark at c2stable ~ $ ls -al /etc/udev/rules.d/ total 24 drwxr-xr-x 2 root root 4096 Jan 1 14:40 . drwxr-xr-x 3 root root 4096 Nov 26 17:33 .. -rw-r--r-- 1 root root0 Nov 26 17:31 .keep_sys-fs_udev-0 -rw-r--r-- 1 root root 79 Sep 26 06:19 51-android.rules -rw-r--r-- 1 root root 166 Nov 3 2011 60-ipod.rules -rw-r--r-- 1 root root 1196 May 5 2012 70-persistent-cd.rules -rw-r--r-- 1 root root 627 Nov 26 17:33 70-persistent-net.rules Well is all works automatically, but udev did not create the files I thought it would upon reboot: rules.d # ls -alg total 12 drwxr-xr-x 2 root 192 Jan 2 14:37 . drwxr-xr-x 4 root 152 Dec 9 23:26 .. -rw-r--r-- 1 root 1896 Sep 30 08:13 70-persistent-cd.rules -rw-r--r-- 1 root 2652 Aug 20 2010 70-persistent-cd.rules.old -rw-r--r-- 1 root 948 Dec 3 03:52 70-persistent-net.rules.31dec2012.old After deleting the 70-persistent-net.rule file udev does not re-create it. All is now fine with rc-status only showing net.eth0 which is set up how I like it per /etc/conf.d/net. All services are fine Move on, or hand edit the '70-persistent-net.rules' file? TIA, James
Re: [gentoo-user] Re: Ethernet Machination
On Wed, Jan 02, 2013 at 08:57:07PM +, james wrote: Well is all works automatically, but udev did not create the files I thought it would upon reboot: rules.d # ls -alg total 12 drwxr-xr-x 2 root 192 Jan 2 14:37 . drwxr-xr-x 4 root 152 Dec 9 23:26 .. -rw-r--r-- 1 root 1896 Sep 30 08:13 70-persistent-cd.rules -rw-r--r-- 1 root 2652 Aug 20 2010 70-persistent-cd.rules.old -rw-r--r-- 1 root 948 Dec 3 03:52 70-persistent-net.rules.31dec2012.old After deleting the 70-persistent-net.rule file udev does not re-create it. All is now fine with rc-status only showing net.eth0 which is set up how I like it per /etc/conf.d/net. All services are fine Move on, or hand edit the '70-persistent-net.rules' file? run dispatch-conf and see what it offers -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] [OT] codec for video embedded in presentation
On 1 January 2013, at 15:22, Francisco Ares wrote: ... I've heard (or read) that before, to me it seems quite strange that one of the main products from MS to be so outdated in this area. AVI has been around a long time. It is inevitably prone to bitrot, then. AIUI the AVI specification states a number of valid codecs that can be used; AIUI h264 (for example) is not amongst them. It will work on some systems (particularly open source) to put h264 / AAC into an AVI - that's not supported on others. So if you need to play the video on a Mac, a games console or a set-top box then you may be in trouble. As a rule of thumb, most new video-playing devices have hardware h264 support; use .mp4 or .mkv for h264. I tried an MP4 renamed as AVI, and it worked. If you merely renamed the file then you didn't change the container. http://html5.xoofoo.org/video.html A Linux video player will probably ignore the file extension - it'll figure out what kind of container you used based on the file's header bytes and on the file structure. The default video player installed on Windows or Mac may not be so clever. Stroller.
Re: [gentoo-user] Re: Ethernet Machination
On Wed, Jan 2, 2013 at 12:57 PM, james wirel...@tampabay.rr.com wrote: Mark Knecht markknecht at gmail.com writes: So now that only one ethernet shows up, how do I prevent udev from renaming eth0 to eth3? Probably remove any net-persistent rules that are hanging around. That should free up udev to do more of what you suspect. SNIP After deleting the 70-persistent-net.rule file udev does not re-create it. All is now fine with rc-status only showing net.eth0 which is set up how I like it per /etc/conf.d/net. All services are fine Move on, or hand edit the '70-persistent-net.rules' file? TIA, James Well, I think I'd hand edit myself. That's what I've done in the past. As Bruce say, dispatch-conf (or etc-update is what I use) might pick something up if it's waiting, but looking at the comments in my file I don't think so: mark@c2stable ~ $ cat /etc/udev/rules.d/70-persistent-net.rules # This file was automatically generated by the /lib64/udev/write_net_rules # program, run by the persistent-net-generator.rules rules file. # # You can modify it, as long as you keep each rule on a single # line, and change only the value of the NAME= key. # PCI device 0x11ab:0x4364 (sky2) SUBSYSTEM==net, ACTION==add, DRIVERS==?*, ATTR{address}==e0:cb:4e:97:80:fd, ATTR{dev_id}==0x0, ATTR{type}==1, KERNEL==eth*, NAME=eth1 # PCI device 0x11ab:0x4364 (sky2) SUBSYSTEM==net, ACTION==add, DRIVERS==?*, ATTR{address}==e0:cb:4e:97:7a:09, ATTR{dev_id}==0x0, ATTR{type}==1, KERNEL==eth*, NAME=eth0 mark@c2stable ~ $ Really, as long as you don't mess up the format it's really just a matter of matching the macID. Save your old file in a copy somewhere and then edit and make it work. ifconfig will show you the macID. I, like so many others I think, really don't understand how udev manages all this stuff. I'm really not sure udev knows how udev works... HTH, Mark
Re: [gentoo-user] Re: Ethernet Machination
* james wirel...@tampabay.rr.com [130102 16:02]: [..] Well is all works automatically, but udev did not create the files I thought it would upon reboot: rules.d # ls -alg total 12 drwxr-xr-x 2 root 192 Jan 2 14:37 . drwxr-xr-x 4 root 152 Dec 9 23:26 .. -rw-r--r-- 1 root 1896 Sep 30 08:13 70-persistent-cd.rules -rw-r--r-- 1 root 2652 Aug 20 2010 70-persistent-cd.rules.old -rw-r--r-- 1 root 948 Dec 3 03:52 70-persistent-net.rules.31dec2012.old After deleting the 70-persistent-net.rule file udev does not re-create it. All is now fine with rc-status only showing net.eth0 which is set up how I like it per /etc/conf.d/net. All services are fine Move on, or hand edit the '70-persistent-net.rules' file? TIA, James I don't know what version of udev you're running (sorry if I missed it,) but the udev-186 elog says: Upstream has removed the persistent-net and persistent-cd rules generator. If you need persistent names for these devices, place udev rules for them in /etc/udev/rules.d. That doesn't explain why you got the 70-persistent-cd.rules re-created and not 70-persistent-net.rules, but maybe one of the udev releases I didn't install and that you're running just stopped recreating the 70-persistent-net.rules file but still re-created the 70-persistent-cd.rules file? I went from udev-182-r3 to udev-186 it looks like. Personally if it works without the 70-persistent-net.rules file and you don't plug and unplug Ethernet interfaces (like with USB dongles) then I wouldn't create one myself. Regards, Todd
Re: [gentoo-user] IPTABLES syntax change?
On 12/30/12 22:21, Walter Dnes wrote: OK, here is version 2. I had an excellent adventure along the way. I'm doing the upgrade on our servers right now, and there's another possible gotcha: the newer iptables (requiring conntrack) requires NETFILTER_XT_MATCH_CONNTRACK support in the kernel. This is in contrast to the state matches which used NETFILTER_XT_MATCH_STATE. To minimize downtime during the switch, I'm doing, 1. Rebuild the kernel, enable conntrack and disable state. 2. Fix my iptables-config script to use the conntrack stuff 3. Create a dummy set of rules that allows me to SSH in (without state matching) 4. Run and save those rules 5. Reboot to new kernel 6. SSH in and run iptables-config 7. Save the rules [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT [0:0] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED [0:0] -A INPUT -p tcp -m multiport --dports 0:1023,6000:6063 -j BAD_DPORT [0:0] -A INPUT -p udp -m multiport --dports 0:1023,6000:6063 -j BAD_DPORT [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK [0:0] -A INPUT -s 10.0.0.0/8 -j PRIVATE_LOG [0:0] -A INPUT -s 127.0.0.0/8 -j PRIVATE_LOG [0:0] -A INPUT -s 172.16.0.0/12 -j PRIVATE_LOG [0:0] -A INPUT -s 192.168.0.0/16 -j PRIVATE_LOG [0:0] -A INPUT -p icmp -j ICMP_IN [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT These rules will be evaluated in order. I have no evidence for this, but I suspect you're better off accepting the ESTABLISHED,RELATED stuff earlier in the chain so you don't slow down the packets that you want.
[gentoo-user] Re: [OT] codec for video embedded in presentation
On 2013-01-02, Stroller wrote: On 1 January 2013, at 15:22, Francisco Ares wrote: ... I've heard (or read) that before, to me it seems quite strange that one of the main products from MS to be so outdated in this area. AVI has been around a long time. It is inevitably prone to bitrot, then. AIUI the AVI specification states a number of valid codecs that can be used; AIUI h264 (for example) is not amongst them. It will work on some systems (particularly open source) to put h264 / AAC into an AVI - that's not supported on others. So if you need to play the video on a Mac, a games console or a set-top box then you may be in trouble. As a rule of thumb, most new video-playing devices have hardware h264 support; use .mp4 or .mkv for h264. IIRC, h264 is actually one of the codecs that has issues with AVI. See http://en.wikipedia.org/wiki/Comparison_of_container_formats. I tried an MP4 renamed as AVI, and it worked. If you merely renamed the file then you didn't change the container. http://html5.xoofoo.org/video.html A Linux video player will probably ignore the file extension - it'll figure out what kind of container you used based on the file's header bytes and on the file structure. The default video player installed on Windows or Mac may not be so clever. This is probably more about Microsoft Powerpoint being actually able to deal with other containers (it probably merely passes the video file (container and everything) to the Video for Windows or DirectShow subsystem, which may or may not have handlers for other containers). I guess that, although Powerpoint does not need to care about the container, it does enforce some extension. -- Nuno Silva (aka njsg) http://njsg.sdf-eu.org/
Re: [gentoo-user] Re: Ethernet Machination
On Wed, Jan 2, 2013 at 2:57 PM, james wirel...@tampabay.rr.com wrote: Mark Knecht markknecht at gmail.com writes: So now that only one ethernet shows up, how do I prevent udev from renaming eth0 to eth3? Probably remove any net-persistent rules that are hanging around. That should free up udev to do more of what you suspect. Yep, I did this to see if udev would build the new rules.. mark at c2stable ~ $ ls -al /etc/udev/rules.d/ total 24 drwxr-xr-x 2 root root 4096 Jan 1 14:40 . drwxr-xr-x 3 root root 4096 Nov 26 17:33 .. -rw-r--r-- 1 root root0 Nov 26 17:31 .keep_sys-fs_udev-0 -rw-r--r-- 1 root root 79 Sep 26 06:19 51-android.rules -rw-r--r-- 1 root root 166 Nov 3 2011 60-ipod.rules -rw-r--r-- 1 root root 1196 May 5 2012 70-persistent-cd.rules -rw-r--r-- 1 root root 627 Nov 26 17:33 70-persistent-net.rules Well is all works automatically, but udev did not create the files I thought it would upon reboot: rules.d # ls -alg total 12 drwxr-xr-x 2 root 192 Jan 2 14:37 . drwxr-xr-x 4 root 152 Dec 9 23:26 .. -rw-r--r-- 1 root 1896 Sep 30 08:13 70-persistent-cd.rules -rw-r--r-- 1 root 2652 Aug 20 2010 70-persistent-cd.rules.old -rw-r--r-- 1 root 948 Dec 3 03:52 70-persistent-net.rules.31dec2012.old After deleting the 70-persistent-net.rule file udev does not re-create it. All is now fine with rc-status only showing net.eth0 which is set up how I like it per /etc/conf.d/net. All services are fine Move on, or hand edit the '70-persistent-net.rules' file? I would move on. The idea is that everything just works. Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] Re: Ethernet Machination
On 03/01/13 06:04, Canek Peláez Valdés wrote: On Wed, Jan 2, 2013 at 2:57 PM, james wirel...@tampabay.rr.com wrote: Mark Knecht markknecht at gmail.com writes: ... Also check /lib/udev/rules.d/ BillK
Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?
On Wednesday 02 Jan 2013 19:47:11 Tanstaafl wrote: On 2013-01-02 2:01 PM, Mick michaelkintz...@gmail.com wrote: If you have a look at 'man iptables-extensions' it gives some examples of using -t mangle. I haven't looked in Google recently, but there should be some examples there too. Oh, ok - so, if I don't have any rules that use the 'mangle' command, then I can safely remove mangle support from my kernel and lose the mangle table altogether? Thanks guys... Yes, I would think so. You can build it as a module anyway and un/not load it to see if iptables starts up without errors. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Breakage from recent updates to gnome-3.6 on ~amd64
I use mostly the cinnamon fork of gnome-shell but I also give gnome-shell a try occasionally just to annoy myself :) The gnome updates from Jan 1-2 caused me a bit of trouble, but I'm making progress that might help some of you: First, the addition of gstreamer-1.0 is now installed along side the old gstreamer-0.10, which apparently has broken rhythmbox. At first I thought that sound support was broken completely but after a few hours of frustration I found the breakage is confined to rhythmbox and a bug report is already filed. Second, when I use gnome in fallback mode, I found that the multiload panelapplet kept closing and refused to restart. I worked around that headache by turning off background transparency in the gnome panel settings menu. Third, the cinnamon clone of the gnome multiload panel applet was also broken, but the workaround is to update the applet from the 'Get new applets' link on the cinnamon panel settings menu. The new version is ignoring its own settings, but at least it works again. (The version you want is the one by Orcus, which replaces the older one by Ebbes.) I expect all of these bugs will be fixed when more gnome packages are updated by the gentoo devs. (BTW, I've switched to cinnamon because the upstream gnome devs are soon dropping support for the fallback compatibility mode.)
Re: [gentoo-user] Some fonts missing?
On Wednesday 02 January 2013 08:52 PM, Mark Knecht wrote: On Wed, Jan 2, 2013 at 7:01 AM, Nilesh Govindrajan m...@nileshgr.com wrote: SNIP Turns out that it's a character in CJK. https://bbs.archlinux.org/viewtopic.php?id=126012 Installed bitstream-cyberbit. -- Nilesh Govindarajan http://nileshgr.com Glad it worked. PLEASE - trim your responses when possible. Cheers, Mark Oops, sure from next time. -- Nilesh Govindarajan http://nileshgr.com
Re: [gentoo-user] IPtables - Mangle table - when/why do I need it (or do I need it)?
On Jan 3, 2013 1:57 AM, Michael Orlitzky mich...@orlitzky.com wrote: On 01/02/13 08:38, Tanstaafl wrote: Hi all, This has been bugging me for a while... I've googled, and can't seem to find a definitive answer to this question... Lots of references to the Mangle table, but nothing that really explains what this table is or does, and when or why I would want/need it. It allows you to mangle the low level bits of a packet. You only need it for routing gymnastics. Currently, I have this in my rules (since forever, honestly don't even remember where it came from): *mangle :PREROUTING ACCEPT [1378800222:449528056411] :INPUT ACCEPT [1363738727:447358082301] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1221121261:1103241097263] :POSTROUTING ACCEPT [1221116979:1103240864155] -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP COMMIT # Completed on Sun Dec 11 14:11:01 2011 The PREROUTING table happens before the routing decision is made. So those rules happen before the network stack decides what to do with a packet. Suppose, for example, that you forward all packets from your LAN to wherever they're supposed to go. You might want to alter the source IP of VPN traffic (which a priori is not from the LAN interface) so that it appears to come from the LAN before you decide whether or not to forward it. The POSTROUTING table is similar, only it happens after the packet's destination is set in stone. So you can, say, change the source IP address in the packet and still have it routed wherever it was going to go originally. This is on a mail/web server with a static IP, it does not do any NAT and does not act as a perimeter firewall, it only protects itself... Thanks for any pointers to tfm that explains this if there is one, or just for a simple explanation if not... I don't know what you were trying to do there, but it doesn't sound like you need it. You might have been trying to block packets in an invalid state. If so, consider using conntrack's --ctstate INVALID to drop them instead. Just to add some references... When dealing with iptables (and its kissing cousin, ebtables), I always find these diagrams to be most helpful: Definitive: http://www.wenzk.net/bbs/attachments/PacketFlow_BTgdX6im2Scu.png Complementary: http://linux-ip.net/nf/nfk-traversal.png Rgds, --
Re: [gentoo-user] IPTABLES syntax change?
On Jan 3, 2013 4:40 AM, Michael Orlitzky mich...@orlitzky.com wrote: On 12/30/12 22:21, Walter Dnes wrote: OK, here is version 2. I had an excellent adventure along the way. I'm doing the upgrade on our servers right now, and there's another possible gotcha: the newer iptables (requiring conntrack) requires NETFILTER_XT_MATCH_CONNTRACK support in the kernel. This is in contrast to the state matches which used NETFILTER_XT_MATCH_STATE. To minimize downtime during the switch, I'm doing, 1. Rebuild the kernel, enable conntrack and disable state. 2. Fix my iptables-config script to use the conntrack stuff 3. Create a dummy set of rules that allows me to SSH in (without state matching) 4. Run and save those rules 5. Reboot to new kernel 6. SSH in and run iptables-config 7. Save the rules [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT [0:0] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED [0:0] -A INPUT -p tcp -m multiport --dports 0:1023,6000:6063 -j BAD_DPORT [0:0] -A INPUT -p udp -m multiport --dports 0:1023,6000:6063 -j BAD_DPORT [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK [0:0] -A INPUT -s 10.0.0.0/8 -j PRIVATE_LOG [0:0] -A INPUT -s 127.0.0.0/8 -j PRIVATE_LOG [0:0] -A INPUT -s 172.16.0.0/12 -j PRIVATE_LOG [0:0] -A INPUT -s 192.168.0.0/16 -j PRIVATE_LOG [0:0] -A INPUT -p icmp -j ICMP_IN [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT These rules will be evaluated in order. I have no evidence for this, but I suspect you're better off accepting the ESTABLISHED,RELATED stuff earlier in the chain so you don't slow down the packets that you want. True. But you will want to filter out 'suspicious' packets beforehand. In my previous employment, I had a Gentoo-based firewall with more than 100 lines of rules. Plus I also employ 'ipset' to allow on-the-fly manipulation of blocking/routing. If you want to see the whole nine yards, I can try asking my replacement to send me the whole deal. Rgds, --
Re: [gentoo-user] IPTABLES syntax change?
On 12/30/2012 10:21 PM, Walter Dnes wrote: [0:0] -A FECESBOOK -j LOG --log-prefix FECESBOOK: --log-level 6 [0:0] -A FECESBOOK -j DROP [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT [0:0] -A INPUT -i lo -j ACCEPT [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED In fact, since you're blocking all outgoing packets to facebook, the only state that a packet from facebook can have here is INVALID or NEW. So traffic from facebook will be sent to the UNSOLICITED chain and DROPped. [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK ...making these pointless =) [0:0] -A INPUT -s 10.0.0.0/8 -j PRIVATE_LOG [0:0] -A INPUT -s 127.0.0.0/8 -j PRIVATE_LOG [0:0] -A INPUT -s 172.16.0.0/12 -j PRIVATE_LOG [0:0] -A INPUT -s 192.168.0.0/16 -j PRIVATE_LOG I believe the same applies here, since you already accepted your legitimate LAN traffic above. For this to catch anything, you'd first have to send a packet to one of those subnets and something would have to respond to it. [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT So it makes even more sense to move this above the rest. If you still want to log facebook and other private traffic, the INVALID,NEW rule should come after those, otherwise the facebook/private stuff will just be dropped as UNSOLICITED.