Re: [gentoo-user] alternative kernels
On Thursday, October 30, 2014 06:31:25 AM Rich Freeman wrote: On Thu, Oct 30, 2014 at 3:56 AM, J. Roeleveld jo...@antarean.org wrote: On Sunday, October 26, 2014 02:16:24 PM Canek Peláez Valdés wrote: And with systemd, rebooting to a new kernel takes just a few seconds ;) And here I was thinking that the pro-systemd crowd doesn't care about the boot-time of systemd? (See the [OT} Linus Torvalds on systemd thread around 18 - 21 september) Please make up your mind on this. This might come as a bit of a shock, but people use Gentoo for different reasons, run different init systems, different udev implementations, and so on. Well, believe it or not, systemd users are exactly the same way and use different components of systemd for different reasons. People also drive different types of cars, for different reasons. I agree on this. But in the thread I mentioned, Mark David Dumlao was quite aggressive in his wording when the subject was brought up and he claimed systemd proponents don't care. Canek is the biggest proponent for systemd on this list. If you're waiting for everybody who uses systemd to come up with a single list of arguments to convince you to use systemd, well, then don't plan on using systemd. I'm not, actually. The only advantage I have heard so far that is of interest to me is it's supposedly faster boot-time. The only machine I have that takes a long time to boot spends 50% of the time to get to Grub. The rest is then used to bring up the host and a variety of VMs. That machine only gets a reboot when a new kernel is needed for the host. It isn't like the current versions of all the packages you use today are going to magically stop working. As long as this is true, I will be happy. -- Joost
Re: [gentoo-user] alternative kernels
On Fri, Oct 31, 2014 at 12:30 AM, J. Roeleveld jo...@antarean.org wrote: On Thursday, October 30, 2014 06:31:25 AM Rich Freeman wrote: On Thu, Oct 30, 2014 at 3:56 AM, J. Roeleveld jo...@antarean.org wrote: On Sunday, October 26, 2014 02:16:24 PM Canek Peláez Valdés wrote: And with systemd, rebooting to a new kernel takes just a few seconds ;) And here I was thinking that the pro-systemd crowd doesn't care about the boot-time of systemd? (See the [OT} Linus Torvalds on systemd thread around 18 - 21 september) Please make up your mind on this. This might come as a bit of a shock, but people use Gentoo for different reasons, run different init systems, different udev implementations, and so on. Well, believe it or not, systemd users are exactly the same way and use different components of systemd for different reasons. People also drive different types of cars, for different reasons. I agree on this. But in the thread I mentioned, Mark David Dumlao was quite aggressive in his wording when the subject was brought up and he claimed systemd proponents don't care. Canek is the biggest proponent for systemd on this list. You should have answered then to Mark, not to me, given that I did not said anything in that sub-thread. But if it makes you happy, I will try to take notes in the next Big SystemD Evil Conspiracy Meeting so in the future I do not contradict any statement from anyone in the Pure Evil Directorate. Regards. -- Canek Peláez Valdés Profesor de asignatura, Facultad de Ciencias Universidad Nacional Autónoma de México
Re: [gentoo-user] Strange behaviour of dhcpcd
On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: Am Tue, 28 Oct 2014 16:28:37 + schrieb Mick michaelkintz...@gmail.com: On Monday 27 Oct 2014 23:44:58 Marc Joliet wrote: Hi list First off: this is a fixed issue, in that I don't see the behaviour anymore, so time is not of the essence ;) . I'm only looking for an explanation, or for comments from other people who experienced this. So the issue was some really strange behaviour on the part of dhcpcd. I completed a move a few weeks ago and got an internet connection last Wednesday (using a local cable company, that is, using a cable modem connected to via ethernet). I reconfigured my system to use regular DHCP (a relief after the PPPoE mess in the dorm), but dhcpcd could not apply the default route; it *obtained* one, but failed with if_addroute: Invalid argument. I tried it manually, to no effect: ip route complained about invalid arguments, and I think plain route said file exists, but I'm not sure anymore (either way, the error messages were less than clear). The funny thing is, I *could* set the default route, just not to the one advertised via DHCP, but to the x.y.z.2+ instead of x.y.z.1, which even gave me access to the internet part of the time. Now the funny thing is what fixed it: *commenting out the entirety of /etc/dhcpcd.conf* Then dhcpcd ran with default settings and could apply the default route. Even more bizarre is the fact that it kept working after uncommenting it again (and I track it with git, so I'm 100% sure I got it back to its original state). This leads me to believe that there was some (corrupted?) persistent state somewhere that got overwritten by starting dhcpcd after I commented out the file, but I have no clue where. Has anyone seen this sort of behaviour before, or anything similar to it? I searched for the error messages I was seeing, but couldn't find anything. I was using gentoo-sources-3.15.9 (now I'm at 3.16.6) and dhcpcd 6.4.3 at the time, but also had the issue with dhcpcd 6.4.7, to which I could upgrade by using the aforementioned x.y.z.2 gateway. Perhaps it was a bug in the kernel? But that's just guessing. Regards, Since dhcpcd doesn't misbehave any more it would be difficult to check what was the cause of this problem. You didn't say if the cable modem is functioning as a router or as in a full or half bridge mode and if there is a router between your PC and the modem that distributes IP addresses. You also didn't say if the ISP has allocated an IP block or just a single IP address. First off: thanks for the response. Note that I have no clue about modems (other than that the modulate and demodulate signals), let alone cable modems and the wide variety of hardware out there. I also have no clue about the protocols involved (save for a tiny bit of IP and TCP/UDP). Just so you know what to expect. Anyway, in answer to your queries: - I do not know for sure how the modem is configured, and whether it hands out the addresses itself or whether these come from the other end of the cable connection. But from what I can observe it does *not* function as a router; it has *one* Ethernet connection, and that's it. I did not test it in a bridged network, to see if it hands out addresses to multiple clients. Our ISP refers to it as a LAN modem. Sounds similar to what I've been using for the past 10+ years. OK, I looked up more information: It's a Thomson THG571, and the manual (I found a copy here: http://www.kabelfernsehen.ch/dokumente/quicknet/HandbuchTHG570.pdf) refers to Transparent bridging for IP traffic, and AFAICT makes no mention of routing. It does explicitly say that it gets an IP address from the ISP, so I suspect that it acts as a bridge for all IP clients (like the IP Client Mode in Fritz!Box routers). So it sounds to me that the DHCP packets likely come from a server beyond the router. Is this the half bridge mode you alluded to? Not sure about half-bridge mode. But most cable-modems work in bridge-mode. (If they have more then 1 ethernet-port, they act as routers) Oh, and there are two powerline/dLAN adapters in between (the modem is in the room next door), but direct connections between my computer and my brother's always worked, and they've been reliable in general, so I assume that they're irrelevant here. Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you might keep getting a different result each time it tries to refresh. Furthermore, I found out the hard way that you *sometimes* need to reboot the modem when connect a different client for the new client to get a response from the DHCP server (I discovered this after wasting half a day trying to get our router to work, it would log timeouts during DHCPDISCOVER). I didn't think it was the modem
Re: [gentoo-user] alternative kernels
On Friday, October 31, 2014 12:37:35 AM Canek Peláez Valdés wrote: On Fri, Oct 31, 2014 at 12:30 AM, J. Roeleveld jo...@antarean.org wrote: On Thursday, October 30, 2014 06:31:25 AM Rich Freeman wrote: On Thu, Oct 30, 2014 at 3:56 AM, J. Roeleveld jo...@antarean.org wrote: On Sunday, October 26, 2014 02:16:24 PM Canek Peláez Valdés wrote: And with systemd, rebooting to a new kernel takes just a few seconds ;) And here I was thinking that the pro-systemd crowd doesn't care about the boot-time of systemd? (See the [OT} Linus Torvalds on systemd thread around 18 - 21 september) Please make up your mind on this. This might come as a bit of a shock, but people use Gentoo for different reasons, run different init systems, different udev implementations, and so on. Well, believe it or not, systemd users are exactly the same way and use different components of systemd for different reasons. People also drive different types of cars, for different reasons. I agree on this. But in the thread I mentioned, Mark David Dumlao was quite aggressive in his wording when the subject was brought up and he claimed systemd proponents don't care. Canek is the biggest proponent for systemd on this list. You should have answered then to Mark, not to me, given that I did not said anything in that sub-thread. My apologies. But if it makes you happy, I will try to take notes in the next Big SystemD Evil Conspiracy Meeting so in the future I do not contradict any statement from anyone in the Pure Evil Directorate. I knew it! There really is one! :) Thing is, I don't see any benefit, for myself, in systemd. If people want to use it, fine. But, if people are trying to force it upon everyone, then I will have a problem with it. Systemd is, in my opinion, suffering from the same feature-creep as Grub2 does. Grub1 was faster, because it was smaller. But it isn't working propery anymore and Grub2 does its job. I just don't see the point in all the multimedia stuff that was put into a bootloader. I just had a look at the use-flags for systemd, similarly to myself wondering about multimedia support in grub2, I wonder why there is an HTTP-server embedded in journald. I somehow doubt it has any real security on it and I have seen programs write usernames and passwords to stdout/syslog when running with the default log-levels. -- Joost
Re: [gentoo-user] alternative kernels
On Fri, Oct 31, 2014 at 1:11 AM, J. Roeleveld jo...@antarean.org wrote: On Friday, October 31, 2014 12:37:35 AM Canek Peláez Valdés wrote: On Fri, Oct 31, 2014 at 12:30 AM, J. Roeleveld jo...@antarean.org wrote: On Thursday, October 30, 2014 06:31:25 AM Rich Freeman wrote: On Thu, Oct 30, 2014 at 3:56 AM, J. Roeleveld jo...@antarean.org wrote: On Sunday, October 26, 2014 02:16:24 PM Canek Peláez Valdés wrote: And with systemd, rebooting to a new kernel takes just a few seconds ;) And here I was thinking that the pro-systemd crowd doesn't care about the boot-time of systemd? (See the [OT} Linus Torvalds on systemd thread around 18 - 21 september) Please make up your mind on this. This might come as a bit of a shock, but people use Gentoo for different reasons, run different init systems, different udev implementations, and so on. Well, believe it or not, systemd users are exactly the same way and use different components of systemd for different reasons. People also drive different types of cars, for different reasons. I agree on this. But in the thread I mentioned, Mark David Dumlao was quite aggressive in his wording when the subject was brought up and he claimed systemd proponents don't care. Canek is the biggest proponent for systemd on this list. You should have answered then to Mark, not to me, given that I did not said anything in that sub-thread. My apologies. No problem. But if it makes you happy, I will try to take notes in the next Big SystemD Evil Conspiracy Meeting so in the future I do not contradict any statement from anyone in the Pure Evil Directorate. I knew it! There really is one! :) Of course there is. We have a secret handshake and everything. Thing is, I don't see any benefit, for myself, in systemd. If people want to use it, fine. But, if people are trying to force it upon everyone, then I will have a problem with it. No one is forcing it on anyone, but several developers from different projects are happily using its (in their view) cool features. If enough able and willing *developers* don't want to rely on systemd, they need to provide the same functionality by other means, or ship versions of the software with less features. But most developers (it seems) are of the idea cool, someone else did the work for us. Systemd is, in my opinion, suffering from the same feature-creep as Grub2 does. Grub1 was faster, because it was smaller. But it isn't working propery anymore and Grub2 does its job. I just don't see the point in all the multimedia stuff that was put into a bootloader. I don't mind feature creep, as long as the *features* are useful and technically sound. Configuration that is an script generated by another script? I don't think that's really technically sound. In all my UEFI machines I'm using Gummiboot[1]; it's really small, really simple, and works great. I just had a look at the use-flags for systemd, similarly to myself wondering about multimedia support in grub2, I wonder why there is an HTTP-server embedded in journald. Well, first of all, as you noticed, it has an USE flag, so you can disable it if you do not want it. Second of all, it's an (optional) feature that allows you to synchronize data across a local network; no one in his right mind would open it up to the whole Internet. From the commit that introduced the (again, optional) feature [2]: journal: add minimal journal gateway daemon based on GNU libmicrohttpd This minimal HTTP server can serve journal data via HTTP. Its primary purpose is synchronization of journal data across the network. It serves journal data in three formats: text/plain: the text format known from /var/log/messages application/json: the journal entries formatted as JSON application/vnd.fdo.journal: the binary export format of the journal The HTTP server also serves a small HTML5 app that makes use of the JSON serialization to present the journal data to the user. Examples: This downloads the journal in text format: # systemctl start systemd-journal-gatewayd.service # wget http://localhost:19531/entries Same for JSON: # curl -HAccept: application/json http://localhost:19531/entries Access via web browser: $ firefox http://localhost:19531/ I somehow doubt it has any real security on it and I have seen programs write usernames and passwords to stdout/syslog when running with the default log-levels. Again, if you open it to the whole internet, you are either crazy, or you don't know what you are doing. That's why it's an optional feature, turned off by default in Gentoo (and every other distro), and even if you turn it on, you need to start the service manually (as the example in the commit message says) so you can use the feature. Since systemd is highly modular, systemd-journal-gatewayd is a completely different binary, and
Re: [gentoo-user] alternative kernels
TINC (There Is No Cabal!) -- G.Wolfe Woodbury redwo...@gmail.com
Re: [gentoo-user] Strange behaviour of dhcpcd
On Friday 31 Oct 2014 06:52:54 J. Roeleveld wrote: On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: Am Tue, 28 Oct 2014 16:28:37 + (I found a copy here: http://www.kabelfernsehen.ch/dokumente/quicknet/HandbuchTHG570.pdf) refers to Transparent bridging for IP traffic, and AFAICT makes no mention of routing. It does explicitly say that it gets an IP address from the ISP, so I suspect that it acts as a bridge for all IP clients (like the IP Client Mode in Fritz!Box routers). So it sounds to me that the DHCP packets likely come from a server beyond the router. Is this the half bridge mode you alluded to? Not sure about half-bridge mode. But most cable-modems work in bridge-mode. (If they have more then 1 ethernet-port, they act as routers) Yes, it seems to be a fully bridged modem. A PC or router behind it will be accessible from the Internet using your public IP address provided by the ISP. In a fully bridged mode the modem only manages encapsulation of your LAN hosts ethernet packets (using DOCSIS frames in the case of cable, or ATM frames in the case of ADSL). PPPoE or any other authentication method is undertaken by the PC or by the router behind it. There's no NAT'ing or routing performed by the modem - it is just a transparent bridge. In a typical half bridged mode the modem performs encapsulation of your packets AND authentication with the ISP's radius server. It also passes the public IP address over to the host in the LAN, but it doesn't just bridge - it routes it. The half bridged modem acts as an arp proxy. Some implementations advertise more addresses on the LAN side than the public ISP's address and offer the host a different IP address to the ISP's (usually public IP + 1 with 255.255.255.0 instead of 255.255.255.255). MSWindows machines work fine with this, but Linux won't work without setting a static route to the ISP's gateway and complains that the gateway is not on public-IP/32. Cisco routers barf at this problem too. Oh, and there are two powerline/dLAN adapters in between (the modem is in the room next door), but direct connections between my computer and my brother's always worked, and they've been reliable in general, so I assume that they're irrelevant here. Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you might keep getting a different result each time it tries to refresh. Furthermore, I found out the hard way that you *sometimes* need to reboot the modem when connect a different client for the new client to get a response from the DHCP server (I discovered this after wasting half a day trying to get our router to work, it would log timeouts during DHCPDISCOVER). I didn't think it was the modem because when we first got it, I could switch cables around between my computer and my brother's and they would get their IP addresses without trouble. *sigh* That's a common flaw. These modems are designed with the idea that people only have 1 computer. Or at the very least put a router between the modem and whatever else they have. Please note, there is NO firewall on these modems and your machine is fully exposed to the internet. Unless you have your machine secured and all unused services disabled, you might as well assume your machine compromised. Yes, the way these modems work you may need to reboot the modem so that it flushes its arp cache if you start reconnecting machines to it. I once connected a fresh install directly to the modem. Only took 20 seconds to get owned. (This was about 9 years ago and Bind was running) - At the time there was no router, just the modem. We now have a Fritz!Box 3270 with the most recent firmware, but we got it after I solved this problem. - I don't know whether we have an IP block or not; I suspect not. At the very least, we didn't make special arrangements to try and get one. Then assume not. Most, if not all, ISPs charge extra for this. (If they even offer it) You would typically have two IP addresses with a half bridged modem, but only one of these would be usable by the PC/router in your LAN. Personally I find all this a bothersome faff and only buy and set up modems in fully bridged mode, so that they get out of the way and let me route things using a router. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Strange behaviour of dhcpcd
Am Fri, 31 Oct 2014 07:52:54 +0100 schrieb J. Roeleveld jo...@antarean.org: On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: [...] Oh, and there are two powerline/dLAN adapters in between (the modem is in the room next door), but direct connections between my computer and my brother's always worked, and they've been reliable in general, so I assume that they're irrelevant here. Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you might keep getting a different result each time it tries to refresh. How so? You mean if the modem is directly connected to the powerline adapter? I would be surprised if this were a problem in general, since AFAIU they're ultimately just bridges as far as the network is concerned, not to mention that they explicitly target home networks with multiple devices. But in the end, it doesn't matter, since it's just for my desktop (which doesn't have WLAN built-in); all other clients connect via WLAN. FWIW, I chose poewrline because it seemed like a better (and driverless!) alternative to getting a WLAN USB-stick (or PCI(e) card), and so far I'm quite happy with it. Furthermore, I found out the hard way that you *sometimes* need to reboot the modem when connect a different client for the new client to get a response from the DHCP server (I discovered this after wasting half a day trying to get our router to work, it would log timeouts during DHCPDISCOVER). I didn't think it was the modem because when we first got it, I could switch cables around between my computer and my brother's and they would get their IP addresses without trouble. *sigh* That's a common flaw. These modems are designed with the idea that people only have 1 computer. Or at the very least put a router between the modem and whatever else they have. Please note, there is NO firewall on these modems and your machine is fully exposed to the internet. Unless you have your machine secured and all unused services disabled, you might as well assume your machine compromised. Yes, I wasn't explicitly aware of this, but it makes sense, since AFAIU the modem's job boils down to carrying the signal over the cable network and (on a higher level) dialing in to the ISP and forwarding packets. I would not really expect a firewall there. I once connected a fresh install directly to the modem. Only took 20 seconds to get owned. (This was about 9 years ago and Bind was running) Ouch. I just hope the Fritz!Box firewall is configured correctly, especially since there doesn't appear to be a UI for it. Well, OK, there is, but it's not very informative in that it doesn't tell me what rules (other than manually entered ones) are currently in effect; all it explicitly says is that it blocks NetBIOS packets. The only other thing that's bothered me about the router is the factory default (directly after flashing the firmware) of activating WPA2 *and* WPA (why?!). I turned off WPA as soon as I noticed. Out of curiosity, I looked through the exported configuration file (looks like JSON), and found entries that look like firewall rules, but don't really know how they apply. It's less the rules themselves, though, than the context, i.e., the rules are under pppoefw and dslifaces, even though the router uses neither PPPoE nor DSL (perhaps a sign that AVM's software grows just as organically as everybody else's ;-) ). The one thing I'm most curious about is what lowinput, highoutput, etc. mean, as Google only found me other people asking the same question. Anyway, it *looks* like it blocks everything from the internet by default (except for output-related and input-related, which I interpret to mean responses to outgoing packets and... whatever input-related means), and the manual seems to agree by implying that the firewall is for explicitly opening ports. Also, I used the Heise Netzwerk Check and it reports no problems, so I'm mostly relieved. - At the time there was no router, just the modem. We now have a Fritz!Box 3270 with the most recent firmware, but we got it after I solved this problem. - I don't know whether we have an IP block or not; I suspect not. At the very least, we didn't make special arrangements to try and get one. Then assume not. Most, if not all, ISPs charge extra for this. (If they even offer it) That's what I thought :) . Anyway, I think that I'll contact the dhcpcd maintainer (Roy Marples) directly and ask for his opinion. -- Marc Joliet -- People who think they know everything really annoy those of us who know we don't - Bjarne Stroustrup signature.asc Description: PGP signature
Re: [gentoo-user] alternative kernels
On 10/31/2014 3:11 AM, J. Roeleveld jo...@antarean.org wrote: Systemd is, in my opinion, suffering from the same feature-creep as Grub2 does. Grub1 was faster, because it was smaller. But it isn't working propery anymore and Grub2 does its job Eh?? Grub1 doesn't work properly any more? News to me, and my system that is still using it (properly as far as I can tell)...
Re: [gentoo-user] Strange behaviour of dhcpcd
On Fri, Oct 31, 2014 at 6:47 AM, Marc Joliet mar...@gmx.de wrote: Am Fri, 31 Oct 2014 07:52:54 +0100 schrieb J. Roeleveld jo...@antarean.org: On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: - I don't know whether we have an IP block or not; I suspect not. At the very least, we didn't make special arrangements to try and get one. Then assume not. Most, if not all, ISPs charge extra for this. (If they even offer it) That's what I thought :) . Generally speaking you can't just attach a modem to your LAN and have it act as a DHCP server. Your ISP probably will assign you dynamic IPs, but they will not as a matter of policy assign you more than one unless you pay for them. IPv4 address space is in short supply these days. I'm using FIOS and in my case the modem is in a box in the basement and the ISP provides a router with the service. Whatever you plug into the modem will obtain a DHCP lease for one routable IP. If you do plug more than one device into the modem then the first device to get the IP is the only one that will get an IP - the modem won't hand out another unless it gets a DHCPRelease from the MAC that was issued the original lease or until that lease expires, or until you call up the ISP on the phone and get them to release it manually. Another design would be to issue a new IP anytime a device asks for one, but to silently cancel the lease of the last IP that was issued and drop packets using it. For a single device being plugged in that won't have any impact, and if for some reason you buy a new router and plug it in you don't have to worry about your old router still having a lease. This is less standards-compliant, but perhaps more clueless-friendly. In general, though, you really shouldn't be plugging your ISP's modem into anything but a router for general use. In fact, I have the router provided by my ISP configured as a bridge and running into another router (FIOS uses MoCA over coax in the standard install and I'm too lazy to run CatV and beg Verizon to reconfigure the modem to use the RJ45 connection instead). Note that if you use an ISP-provided router there is a good chance that they can essentially VPN into your LAN. The last time I called up Verizon over a cablecard issue they helpfully turned on DHCP on my router so that it started competing with my DHCP server, and then I was wondering why PXE was randomly failing. Now all they can do is disable bridge mode, which will break my external connection and be a fairly obvious point to troubleshoot. -- Rich
Re: [gentoo-user] Strange behaviour of dhcpcd
On Friday, October 31, 2014 11:47:50 AM Marc Joliet wrote: Am Fri, 31 Oct 2014 07:52:54 +0100 schrieb J. Roeleveld jo...@antarean.org: On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: [...] Oh, and there are two powerline/dLAN adapters in between (the modem is in the room next door), but direct connections between my computer and my brother's always worked, and they've been reliable in general, so I assume that they're irrelevant here. Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you might keep getting a different result each time it tries to refresh. How so? You mean if the modem is directly connected to the powerline adapter? I would be surprised if this were a problem in general, since AFAIU they're ultimately just bridges as far as the network is concerned, not to mention that they explicitly target home networks with multiple devices. Actually, a HUB is a better comparison. All the powerline adapters all connect to the same network. Some you can set to a network-ID (think vlan) to limit this. The one time I played with one, I ended up seeing my neighbours NAS. But in the end, it doesn't matter, since it's just for my desktop (which doesn't have WLAN built-in); all other clients connect via WLAN. FWIW, I chose poewrline because it seemed like a better (and driverless!) alternative to getting a WLAN USB-stick (or PCI(e) card), and so far I'm quite happy with it. If you can ensure that only 2 devices communicate, it's a valid replacement for a dedicated network cable. (If you accept the reduction in line-speed) Furthermore, I found out the hard way that you *sometimes* need to reboot the modem when connect a different client for the new client to get a response from the DHCP server (I discovered this after wasting half a day trying to get our router to work, it would log timeouts during DHCPDISCOVER). I didn't think it was the modem because when we first got it, I could switch cables around between my computer and my brother's and they would get their IP addresses without trouble. *sigh* That's a common flaw. These modems are designed with the idea that people only have 1 computer. Or at the very least put a router between the modem and whatever else they have. Please note, there is NO firewall on these modems and your machine is fully exposed to the internet. Unless you have your machine secured and all unused services disabled, you might as well assume your machine compromised. Yes, I wasn't explicitly aware of this, but it makes sense, since AFAIU the modem's job boils down to carrying the signal over the cable network and (on a higher level) dialing in to the ISP and forwarding packets. I would not really expect a firewall there. There isn't, usually. I once connected a fresh install directly to the modem. Only took 20 seconds to get owned. (This was about 9 years ago and Bind was running) Ouch. I was, to be honest, expecting it to be owned. (Just not this quick). It was done on purpose to see how long it would take. I pulled the network cable when the root-kit was being installed. Was interesting to see. I just hope the Fritz!Box firewall is configured correctly, especially since there doesn't appear to be a UI for it. Well, OK, there is, but it's not very informative in that it doesn't tell me what rules (other than manually entered ones) are currently in effect; all it explicitly says is that it blocks NetBIOS packets. The only other thing that's bothered me about the router is the factory default (directly after flashing the firmware) of activating WPA2 *and* WPA (why?!). I turned off WPA as soon as I noticed. It will have NAT enabled, which blocks most incoming packets. As long as the router isn't owned, you should be ok. Out of curiosity, I looked through the exported configuration file (looks like JSON), and found entries that look like firewall rules, but don't really know how they apply. It's less the rules themselves, though, than the context, i.e., the rules are under pppoefw and dslifaces, even though the router uses neither PPPoE nor DSL (perhaps a sign that AVM's software grows just as organically as everybody else's ;-) ). The one thing I'm most curious about is what lowinput, highoutput, etc. mean, as Google only found me other people asking the same question. Not familiar with those routers. Maybe someone with more knowledge can have a look at the config and shed some light. I would do a find/replace on the username and password you use to ensure that is masked before sending it to someone to investigate. Anyway, it *looks* like it blocks everything from the internet by default (except for output-related and input-related, which I interpret to mean responses to outgoing packets and... whatever input-related means), and the manual seems to agree by implying that the firewall is
Re: [gentoo-user] alternative kernels
On Friday, October 31, 2014 07:05:58 AM Tanstaafl wrote: On 10/31/2014 3:11 AM, J. Roeleveld jo...@antarean.org wrote: Systemd is, in my opinion, suffering from the same feature-creep as Grub2 does. Grub1 was faster, because it was smaller. But it isn't working propery anymore and Grub2 does its job Eh?? Grub1 doesn't work properly any more? Please, also for future reference, unless stated otherwise, most people, including me, tend to forget to add for me, on my system(s) or similar to statements like this. News to me, and my system that is still using it (properly as far as I can tell)... I've got a few systems where grub1 doesn't work. This is more likely caused by some changes in used filesystems instead of any other cause. If I really wanted to, I might get it to work, but I don't see the point in spending time on this. Grub starts the boot process and then, afaik, disappears. Which is sufficient for me. -- Joost
Re: [gentoo-user] Strange behaviour of dhcpcd
Am Fri, 31 Oct 2014 12:16:04 +0100 schrieb J. Roeleveld jo...@antarean.org: On Friday, October 31, 2014 11:47:50 AM Marc Joliet wrote: Am Fri, 31 Oct 2014 07:52:54 +0100 schrieb J. Roeleveld jo...@antarean.org: On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: [...] Oh, and there are two powerline/dLAN adapters in between (the modem is in the room next door), but direct connections between my computer and my brother's always worked, and they've been reliable in general, so I assume that they're irrelevant here. Uh-oh... If you have multiple machines that can ask for a DHCP-lease, you might keep getting a different result each time it tries to refresh. How so? You mean if the modem is directly connected to the powerline adapter? I would be surprised if this were a problem in general, since AFAIU they're ultimately just bridges as far as the network is concerned, not to mention that they explicitly target home networks with multiple devices. Actually, a HUB is a better comparison. All the powerline adapters all connect to the same network. Some you can set to a network-ID (think vlan) to limit this. Also, AFAICS, all newer ones support encryption (AES128 in my case), where you pair the devices, for which you need physical access to press the necessary buttons. This can be used to similar effect IIUC. No clue on cross-vendor compatibility, though. However, encryption was mainly targeted at solving the next problem: The one time I played with one, I ended up seeing my neighbours NAS. Yeah, that problem gets mentioned a lot. You can access every other (compatible) powerline adapter on the same electric network. Adapters on different phases could have trouble communicating, I believe, and cross-talk between cables can lead to data leaking into another network (but my knowledge on things electric is reaching its end). In my case, our apartment has an electric meter that isolates our apartment from the others, so we're fine (plus, the adapters use encryption as mentioned above) But in the end, it doesn't matter, since it's just for my desktop (which doesn't have WLAN built-in); all other clients connect via WLAN. FWIW, I chose poewrline because it seemed like a better (and driverless!) alternative to getting a WLAN USB-stick (or PCI(e) card), and so far I'm quite happy with it. If you can ensure that only 2 devices communicate, it's a valid replacement for a dedicated network cable. I didn't explicitly mention this, but the problem is that the router and modem are in my brothers room (four room shared students apartment, plus bathroom and kitchen). Now, I'm not about to drag a cable out of my room, across the hall, and into my brother's room, never mind that neither of us could close our doors anymore without unplugging the cable and dragging it back. So the alternative would have been to teach my desktop WLAN, which would've been slower unless I could find something for PCI(e) or USB3 that works with Linux, *without* me having to check out some git repository and manually compile things in the hope that it works. The first USB3 WLAN adapter I found would've lead to that, so I made a snap decision in favour of powerline. It also didn't hurt that I was curious about it and wanted to try it out :) . (I actually had to (unexpectedly) to do that with my wireless keyboard. Now there's app-misc/solaar, thankfully, although why Logitech couldn't just stick with infrared...) (If you accept the reduction in line-speed) How long ago was this? I read that all modern devices incorporate various filters to mitigate disturbances coming from other devices and, thus, that they perform much better (or at least more robustly) than previous generations (they also *cause* less disturbances). Either way, I can saturate our 16 MiB/s internet connection with enough parallel downloads (or with a fast enough server, such as with speedtest.net), and LAN performance is satisfactory. I suspect one limiting factor is that the powerline adapters only have Fast Ethernet connections (of course, so does the router, so it doesn't matter). [...] I once connected a fresh install directly to the modem. Only took 20 seconds to get owned. (This was about 9 years ago and Bind was running) Ouch. I was, to be honest, expecting it to be owned. (Just not this quick). It was done on purpose to see how long it would take. I pulled the network cable when the root-kit was being installed. Was interesting to see. I bet :) ! I just hope the Fritz!Box firewall is configured correctly, especially since there doesn't appear to be a UI for it. Well, OK, there is, but it's not very informative in that it doesn't tell me what rules (other than manually entered ones) are currently in effect; all it explicitly says is that it blocks NetBIOS packets. The only other thing that's bothered me about the router is
Re: [gentoo-user] Strange behaviour of dhcpcd
Am Fri, 31 Oct 2014 07:09:08 -0400 schrieb Rich Freeman ri...@gentoo.org: On Fri, Oct 31, 2014 at 6:47 AM, Marc Joliet mar...@gmx.de wrote: Am Fri, 31 Oct 2014 07:52:54 +0100 schrieb J. Roeleveld jo...@antarean.org: On Tuesday, October 28, 2014 07:31:56 PM Marc Joliet wrote: - I don't know whether we have an IP block or not; I suspect not. At the very least, we didn't make special arrangements to try and get one. Then assume not. Most, if not all, ISPs charge extra for this. (If they even offer it) That's what I thought :) . Generally speaking you can't just attach a modem to your LAN and have it act as a DHCP server. Your ISP probably will assign you dynamic IPs, but they will not as a matter of policy assign you more than one unless you pay for them. IPv4 address space is in short supply these days. I'm using FIOS and in my case the modem is in a box in the basement and the ISP provides a router with the service. Whatever you plug into the modem will obtain a DHCP lease for one routable IP. If you do plug more than one device into the modem then the first device to get the IP is the only one that will get an IP - the modem won't hand out another unless it gets a DHCPRelease from the MAC that was issued the original lease or until that lease expires, or until you call up the ISP on the phone and get them to release it manually. Another design would be to issue a new IP anytime a device asks for one, but to silently cancel the lease of the last IP that was issued and drop packets using it. For a single device being plugged in that won't have any impact, and if for some reason you buy a new router and plug it in you don't have to worry about your old router still having a lease. This is less standards-compliant, but perhaps more clueless-friendly. In general, though, you really shouldn't be plugging your ISP's modem into anything but a router for general use. In fact, I have the router provided by my ISP configured as a bridge and running into another router (FIOS uses MoCA over coax in the standard install and I'm too lazy to run CatV and beg Verizon to reconfigure the modem to use the RJ45 connection instead). Note that if you use an ISP-provided router there is a good chance that they can essentially VPN into your LAN. The last time I called up Verizon over a cablecard issue they helpfully turned on DHCP on my router so that it started competing with my DHCP server, and then I was wondering why PXE was randomly failing. Now all they can do is disable bridge mode, which will break my external connection and be a fairly obvious point to troubleshoot. Right, thanks for the explanation :) . Thankfully, our ISP only gave us the modem (though they also offer modems with WLAN for 5€ a monthg :-/ ). The router we bought off eBay ourselves :) . -- Marc Joliet -- People who think they know everything really annoy those of us who know we don't - Bjarne Stroustrup signature.asc Description: PGP signature
[gentoo-user] OT Best way to compress files with digits
Hi, I have a lot of files with digits of PI. The digits are the characters of 0-9. Currently they are ZIPped, which I think is not the best way to do that. I read of 7zips PPMd which compresses natural text quite well...but my files are not natural text (as they are also no binary data). With what practical way of compression is it possible to compress the files (file by file) as much as possible? Thank you very much in advance for any help! Best regards, mcc
Re: [gentoo-user] OT Best way to compress files with digits
Well, you could just save the generating algorithm. *scnr* I think compressing pi is hardly possible, as the numbers are distributed pretty randomly. But why do you want to compress? You can't work on compressed data. And there are enough sites on the internet, where you can get your digits again. Pi is not supposed to change over the years :-) Cheers Ralf On 31.10.2014 17:36, meino.cra...@gmx.de wrote: Hi, I have a lot of files with digits of PI. The digits are the characters of 0-9. Currently they are ZIPped, which I think is not the best way to do that. I read of 7zips PPMd which compresses natural text quite well...but my files are not natural text (as they are also no binary data). With what practical way of compression is it possible to compress the files (file by file) as much as possible? Thank you very much in advance for any help! Best regards, mcc
Re: [gentoo-user] OT Best way to compress files with digits
Ralf ralf+gen...@ramses-pyramidenbau.de [14-10-31 16:48]: Well, you could just save the generating algorithm. *scnr* I think compressing pi is hardly possible, as the numbers are distributed pretty randomly. But why do you want to compress? You can't work on compressed data. And there are enough sites on the internet, where you can get your digits again. Pi is not supposed to change over the years :-) Cheers Ralf On 31.10.2014 17:36, meino.cra...@gmx.de wrote: Hi, I have a lot of files with digits of PI. The digits are the characters of 0-9. Currently they are ZIPped, which I think is not the best way to do that. I read of 7zips PPMd which compresses natural text quite well...but my files are not natural text (as they are also no binary data). With what practical way of compression is it possible to compress the files (file by file) as much as possible? Thank you very much in advance for any help! Best regards, mcc Hi Ralf, I have a damn slow Internet connection and searching through millions of digits is not always provided. Despite that: I want to do more with that digits, I have to download them again and again. Its better to get a copy of the 2014th version of PI for later reference local on my hd. I am currently checking the compression tools I know of for the best compression ration. But I will definitly miss those I dont know... And sometimes one can do magic with option and switches of that kind of tools I also dont know of. If someone has suggestionsalways appreciated! :) Best regards, mcc
Re: [gentoo-user] alternative kernels
On Friday 31 October 2014 15:09:26 J. Roeleveld wrote: I've got a few systems where grub1 doesn't work. This is more likely caused by some changes in used filesystems instead of any other cause. If I really wanted to, I might get it to work, but I don't see the point in spending time on this. Grub starts the boot process and then, afaik, disappears. Which is sufficient for me. My grub-0.99 lets me choose from four kernels and two or three run levels at boot time, and grub-2 can't handle this yet, or it couldn't the last time I checked. I don't suggest that everyone has a similar need, but at least in some cases the old grub does still have a place. -- Rgds Peter
Re: [gentoo-user] OT Best way to compress files with digits
On 10/31/2014 04:59:17 PM, meino.cra...@gmx.de wrote: If someone has suggestionsalways appreciated! :) It's best to ask on the news group comp.compression. There are top international specialists. Helmut
Re: [gentoo-user] alternative kernels
Am 31.10.2014 um 17:16 schrieb Peter Humphrey: On Friday 31 October 2014 15:09:26 J. Roeleveld wrote: I've got a few systems where grub1 doesn't work. This is more likely caused by some changes in used filesystems instead of any other cause. If I really wanted to, I might get it to work, but I don't see the point in spending time on this. Grub starts the boot process and then, afaik, disappears. Which is sufficient for me. My grub-0.99 lets me choose from four kernels and two or three run levels at boot time, and grub-2 can't handle this yet, or it couldn't the last time I checked. I don't suggest that everyone has a similar need, but at least in some cases the old grub does still have a place. grub2 best feature is the 'run mkconfig after each kernel update or you will boot something old and outdated' I really love that. Or its configs. Once grub's configs were nice, clean and easy. grub2 put away with those shenanigans. Seriously, I regularly ask myself what brain sickness infected those poor guys.
Re: [gentoo-user] Re: [~amd64] NFS server broken again :(
On Tue, Oct 28, 2014 at 9:50 PM, Rich Freeman ri...@gentoo.org wrote: On Tue, Oct 28, 2014 at 9:36 PM, Tom H tomh0...@gmail.com wrote: Since Gentoo's rpcbind.service has Wants=rpcbind.target and Before=rpcbind.target, having nfs-server.service depend on rpcbind.target rather than rpcbind.service should work as long as rpcbind.service is enabled. But having Requires=rpcbind.service and After=rpcbind.service, like nfsd.service has/had, means that you don't have to enable rpcbind.service. I was just looking at that and thinking the same thing. Nothing is really forcing rpcbind to load the way things are specified right now. If a service really requires another service to operate, it should say that. There is no problem doing that via a target, but then the target still needs to pull it in. Wouldn't the solution to this problem to have a news item to let the user know that rpcbind was being started as a dependency of nfsd.service but that it now needs to be enabled in order to be started by nfs-server.service? There seems a general tendency in systemd to express dependencies as after instead of requires. That is fine if the service doesn't really require something else, but if there really is a true dependency then it just causes problems when somebody doesn't notice and fails to enable the other unit. AFAIK they're completely different and you can have service1 have a Requires on service2 but have service2 start before service1. So if someone's using After and expecting Requires, he/she is bound to be surprised by the result. Is After really necessary as an option? I've never come across a service that uses After without a Requires or a Wants but I've never taken the time to look.
Re: [gentoo-user] alternative kernels
On Fri, Oct 31, 2014 at 12:16 PM, Peter Humphrey pe...@prh.myzen.co.uk wrote: My grub-0.99 lets me choose from four kernels and two or three run levels at boot time, and grub-2 can't handle this yet, or it couldn't the last time I checked. I don't suggest that everyone has a similar need, but at least in some cases the old grub does still have a place. I doubt that grub2-mkconfig can auto-generate configs with permutations on runlevels, but if you build a manual config for grub2 I can't see why this would not work. You're just changing your choice of kernel and kernel parameters. It certainly does let you pick from multiple kernels. Grub2-mkconfig also supports a recovery configuration for each kernel that can have different options, which might or might not meet your need. You could also create your own module for grub2-mkconfig which does whatever you want. Or just use manual config files. I was doing this at first with grub2. I ended up ditching it for the generic mkconfig script, since it plays well with make install on kernels and dracut. Before I used to make the config static and just name my kernels k/k1/k2 or some such, rotating through names as I updated. That works, but was a pain. The biggest issue I ran into with mkconfig so far was that it doesn't always handle mainline rc kernel sorting - you'll get an rc kernel sorted above the release version and therefore made the default. I did file a bug about that, so hopefully it will get fixed some day. -- Rich
Re: [gentoo-user] OT Best way to compress files with digits
On Fri, Oct 31, 2014 at 11:59 AM, meino.cra...@gmx.de wrote: I am currently checking the compression tools I know of for the best compression ration. But I will definitly miss those I dont know... And sometimes one can do magic with option and switches of that kind of tools I also dont know of. I can't imagine that any tool will do much better than something like lzo, gzip, xz, etc. You'll definitely benefit from compression though - your text files full of digits are encoding 3.3 bits of information in an 8-bit ascii character and even if the order of digits in pi can be treated as purely random just about any compression algorithm is going to get pretty close to that 3.3 bits per digit figure. -- Rich
Re: [gentoo-user] Re: [~amd64] NFS server broken again :(
On Fri, Oct 31, 2014 at 1:34 PM, Tom H tomh0...@gmail.com wrote: Is After really necessary as an option? I've never come across a service that uses After without a Requires or a Wants but I've never taken the time to look. Hmm, I found After more common that Wants, but maybe I only look at units that have problems. :) I think the intent is to handle optional dependencies, but in practice I don't know that it works well. It would almost be better to have some kind of cluster config file that specifies all the actual dependencies (possibly including cross-host) and have it spit out all the unit dependencies automatically. That is a bit much to ask for now, and probably a bit much for somebody who just wants their laptop to launch kde after all their mounts are ready. Specifying After vs Wants separately does make sense. Dependency doesn't have to imply sequential. -- Rich
Re: [gentoo-user] OT Best way to compress files with digits
Hello, On Fri, 31 Oct 2014, Rich Freeman wrote: On Fri, Oct 31, 2014 at 11:59 AM, meino.cra...@gmx.de wrote: I am currently checking the compression tools I know of for the best compression ration. But I will definitly miss those I dont know... And sometimes one can do magic with option and switches of that kind of tools I also dont know of. With 100k pseudo-random digits from bash's $RANDOM % 10 and a linebreak every 100 digits (in t.lst) I get this (each with --best / -9 / -m5 (rar) compression-level option): $ du -b * | sort -rn 101000 t.lst 61544 t.lzop 50733 t.zoo 49696 t.zip 49609 t.lha 49554 t.gz 48907 t.Z 44942 t.rar 44661 t.rzip 44638 t.7z 44592 t.xz 44572 t.bz2 44546 t.lzma 44543 t.lzip What I find remarkable is that both gzip and good old compress (.Z) are rather good ;) And above is probably a quite comprehensible list, and except .Z, .gz and .bz2 all are name as the binaries used to create them. I'd use bzip2/xz/lz as there are e.g. [blx]z(e)(grep|cat|less), but not e.g. 7zgrep, and I guess they can easy access to those archives quite a bit. I can't imagine that any tool will do much better than something like lzo, gzip, xz, etc. You'll definitely benefit from compression though - your text files full of digits are encoding 3.3 bits of information in an 8-bit ascii character and even if the order of digits in pi can be treated as purely random just about any compression algorithm is going to get pretty close to that 3.3 bits per digit figure. Good estimate: $ calc '101000/(8/3.3)' 41662.5 and I get from (lzip) $ calc 44543*8/101000 3.528...(bits/digit) to zip: $ calc 49696*8/101000 ~3.93 (bits/digit) HTH, -dnh -- Q: Hobbies? A: Hating music.-- Marvin
Re: [gentoo-user] OT Best way to compress files with digits
On Fri, Oct 31, 2014 at 2:55 PM, David Haller gen...@dhaller.de wrote: On Fri, 31 Oct 2014, Rich Freeman wrote: I can't imagine that any tool will do much better than something like lzo, gzip, xz, etc. You'll definitely benefit from compression though - your text files full of digits are encoding 3.3 bits of information in an 8-bit ascii character and even if the order of digits in pi can be treated as purely random just about any compression algorithm is going to get pretty close to that 3.3 bits per digit figure. Good estimate: $ calc '101000/(8/3.3)' 41662.5 and I get from (lzip) $ calc 44543*8/101000 3.528...(bits/digit) to zip: $ calc 49696*8/101000 ~3.93 (bits/digit) Actually, I'm surprised how far off of this the various methods are. I was expecting SOME overhead, but not this much. A fairly quick algorithm would be to encode every possible set of 96 digits into a 40 byte code (that is just a straight decimal-binary conversion). Then read a word at a time and translate it. This will only waste 0.011 bits per digit. -- Rich
[gentoo-user] Re: OT Best way to compress files with digits
On 2014-10-31, Rich Freeman ri...@gentoo.org wrote: On Fri, Oct 31, 2014 at 2:55 PM, David Haller gen...@dhaller.de wrote: On Fri, 31 Oct 2014, Rich Freeman wrote: I can't imagine that any tool will do much better than something like lzo, gzip, xz, etc. You'll definitely benefit from compression though - your text files full of digits are encoding 3.3 bits of information in an 8-bit ascii character and even if the order of digits in pi can be treated as purely random just about any compression algorithm is going to get pretty close to that 3.3 bits per digit figure. Good estimate: $ calc '101000/(8/3.3)' 41662.5 and I get from (lzip) $ calc 44543*8/101000 3.528...(bits/digit) to zip: $ calc 49696*8/101000 ~3.93 (bits/digit) Actually, I'm surprised how far off of this the various methods are. I was expecting SOME overhead, but not this much. A fairly quick algorithm would be to encode every possible set of 96 digits into a 40 byte code (that is just a straight decimal-binary conversion). Then read a word at a time and translate it. This will only waste 0.011 bits per digit. You're cheating. The algorithm you tested will compress strings of arbitrary 8-bit values. The algorithm you proposed will only compress strings of bytes where each byte can have only one of 10 values. -- Grant Edwards grant.b.edwardsYow! I want another at RE-WRITE on my CEASAR gmail.comSALAD!!
Re: [gentoo-user] alternative kernels
On 31 October 2014 16:16:33 WET, Peter Humphrey pe...@prh.myzen.co.uk wrote: On Friday 31 October 2014 15:09:26 J. Roeleveld wrote: I've got a few systems where grub1 doesn't work. This is more likely caused by some changes in used filesystems instead of any other cause. If I really wanted to, I might get it to work, but I don't see the point in spending time on this. Grub starts the boot process and then, afaik, disappears. Which is sufficient for me. My grub-0.99 lets me choose from four kernels and two or three run levels at boot time, and grub-2 can't handle this yet, or it couldn't the last time I checked. I don't suggest that everyone has a similar need, but at least in some cases the old grub does still have a place. -- Rgds Peter Grub2 can do that in at least three different ways. You can write a complete manual configuration, just like with 0.9,you can put a manual custom configuration in /etc/grub.d or you can put a simple she'll script in that directory that creates menu entries with each set of options for each kernel in /boot. None of these options are any more complex than creating a grub 0 configuration by hand. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: [gentoo-user] Re: cookie_monster
On Thu, Oct 30, 2014 at 05:37:06PM -0500, »Q« wrote On Thu, 30 Oct 2014 15:32:02 + (UTC) James wirel...@tampabay.rr.com wrote: Walter Dnes waltdnes at waltdnes.org writes: You also mentioned flash cookies in passing. They're a totally different animal. They're files that reside in directories ~/.adobe and ~/.macromedia. Only those (2) apps have flash cookies? I never find them in ~/.adobe, so I think only ~/.macromedia has them. It varies by OS and browser. See... http://en.wikipedia.org/wiki/Local_shared_object#File_locations for a list of locations. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] alternative kernels
On Fri, Oct 31, 2014 at 3:11 AM, J. Roeleveld jo...@antarean.org wrote: Thing is, I don't see any benefit, for myself, in systemd. If people want to use it, fine. But, if people are trying to force it upon everyone, then I will have a problem with it. It cuts both ways. Let's assume that you want to use polkit/policykit where the most recent version depends on logind and has dropped support for consolekit. You don't want to be forced into using systemd because of the deprecation of consolekit support but the developers of polkit don't want to be forced into maintaining support for consolekit. It's too bad that the systemd maintainers tied their login and cgroup managers into their /sbin/init; systemd would've been uncontroversial if they had. Ubuntu and Debian use systemd-shim (AFAIR/AFAIUI previously systemd-services) and cgmanager in order to use a standalone logind running without systemd as pid 1. I just had a look at the use-flags for systemd, similarly to myself wondering about multimedia support in grub2, I wonder why there is an HTTP-server embedded in journald. I somehow doubt it has any real security on it and I have seen programs write usernames and passwords to stdout/syslog when running with the default log-levels. I suspect that grub has multimedia support because there's an option to emit a beep when grub starts. It's not an option that I've used or that I'll ever use but someone must want/like it. :) The systemd line was always that if you wanted to ship your logs off to another box, use rsyslog. So I've never understood the embedding of an httpd in systemd. I guess that the httpd server's useful if if you want a basic send-the-logs-to-another-box-as-is, but that, if you want to filter or manipulate the journald output, you have to use rsyslog or syslog-ng.
Re: [gentoo-user] Re: OT Best way to compress files with digits
On Fri, Oct 31, 2014 at 4:25 PM, Grant Edwards grant.b.edwa...@gmail.com wrote: You're cheating. The algorithm you tested will compress strings of arbitrary 8-bit values. The algorithm you proposed will only compress strings of bytes where each byte can have only one of 10 values. Of course. I wasn't expecting the general-purpose algorithm to do as well. In some sense, part of the information that is being encoded is actually in the compression algorithm itself (the mapping), while in a general-purpose compression algorithm that information has to be part of the compressed data stream. I was just expecting gzip/etc to get much closer to the theoretical limit. I figured that it might be a few percent higher, but I wasn't expecting a 10+% difference. -- Rich
Re: [gentoo-user] alternative kernels
On Fri, Oct 31, 2014 at 6:09 PM, Tom H tomh0...@gmail.com wrote: The systemd line was always that if you wanted to ship your logs off to another box, use rsyslog. So I've never understood the embedding of an httpd in systemd. I guess that the httpd server's useful if if you want a basic send-the-logs-to-another-box-as-is, but that, if you want to filter or manipulate the journald output, you have to use rsyslog or syslog-ng. If you're going to implement a log manager there is no reason to not let it export logs to a central manager. As far as filtering/manipulating logs goes, you can do plenty of that with journalctl already, and it supports dumping your logs in json so you can do anything you want with them in another tool. There aren't really any such tools around yet, but I'm sure we'll see them come up. -- Rich
Re: [gentoo-user] Re: [~amd64] NFS server broken again :(
On Fri, Oct 31, 2014 at 2:27 PM, Rich Freeman ri...@gentoo.org wrote: On Fri, Oct 31, 2014 at 1:34 PM, Tom H tomh0...@gmail.com wrote: Is After really necessary as an option? I've never come across a service that uses After without a Requires or a Wants but I've never taken the time to look. Hmm, I found After more common that Wants, but maybe I only look at units that have problems. :) LOL. Which supports the thesis that After might not be a useful setting within a service unit. But it's just occured to me that target units use After without Requires or Wants, for example network-online.target has After=network.target. I think the intent is to handle optional dependencies, but in practice I don't know that it works well. It would almost be better to have some kind of cluster config file that specifies all the actual dependencies (possibly including cross-host) and have it spit out all the unit dependencies automatically. That is a bit much to ask for now, and probably a bit much for somebody who just wants their laptop to launch kde after all their mounts are ready. Optional dependencies are handled by Wants like openrc's use. IIUC you're referring to a BSD-like rc daemon config file. WOuldn't that have to be maintained by a sysadmin rather than by a package maintainer? Specifying After vs Wants separately does make sense. Dependency doesn't have to imply sequential. Do you have an example of a service that uses After= but doesn't need a Requires= or a Wants=? I'm either being unimaginative or plain dumb, but I can't think of any. I wonder whether, if Lennart and co removed After= from service units and turned Requires= into the equivakent of the current Requires= and After= setup, someone would raise a storm over the change because it would've broken something.
Re: [gentoo-user] Re: [~amd64] NFS server broken again :(
On Fri, Oct 31, 2014 at 7:01 PM, Tom H tomh0...@gmail.com wrote: Do you have an example of a service that uses After= but doesn't need a Requires= or a Wants=? I'm either being unimaginative or plain dumb, but I can't think of any. Some examples I found: smbd.service sshd.service mythbackend.service ntpd.service -- Rich
Re: [gentoo-user] alternative kernels
On 10/31/2014 06:30 PM, Rich Freeman wrote: On Fri, Oct 31, 2014 at 6:09 PM, Tom H tomh0...@gmail.com wrote: The systemd line was always that if you wanted to ship your logs off to another box, use rsyslog. So I've never understood the embedding of an httpd in systemd. I guess that the httpd server's useful if if you want a basic send-the-logs-to-another-box-as-is, but that, if you want to filter or manipulate the journald output, you have to use rsyslog or syslog-ng. If you're going to implement a log manager there is no reason to not let it export logs to a central manager. As far as filtering/manipulating logs goes, you can do plenty of that with journalctl already, and it supports dumping your logs in json so you can do anything you want with them in another tool. There aren't really any such tools around yet, but I'm sure we'll see them come up. You guys should check out the ELK stack: http://www.elasticsearch.org/overview/ Basically, transform logs to JSON with logstash, throw the JSON into elastic search, and make plots with Kibana. We use it at work; it's absolutely fantastic. You can save Kibana dashboards and have them auto-update every 5 or 10 seconds (plenty of other granularities as well), and have a real-time view of, let's say, job errors or running jobs or utilization. Alec
Re: [gentoo-user] Re: [~amd64] NFS server broken again :(
2014-10-31 17:01 GMT-06:00 Tom H tomh0...@gmail.com: On Fri, Oct 31, 2014 at 2:27 PM, Rich Freeman ri...@gentoo.org wrote: On Fri, Oct 31, 2014 at 1:34 PM, Tom H tomh0...@gmail.com wrote: Is After really necessary as an option? I've never come across a service that uses After without a Requires or a Wants but I've never taken the time to look. Hmm, I found After more common that Wants, but maybe I only look at units that have problems. :) LOL. Which supports the thesis that After might not be a useful setting within a service unit. But it's just occured to me that target units use After without Requires or Wants, for example network-online.target has After=network.target. I think the manuals are pretty clear about the working of these. From the systemd.unit manual: Requires= If a unit foo.service requires a unit bar.service as configured with Requires= and no ordering is configured with After= or Before=, then both units will be started simultaneously and without any delay between them if foo.service is activated. Before,After= ... Note that this setting is independent of and orthogonal to the requirement dependencies as configured by Requires=. If two units have no ordering dependencies between them, they are shut down or started up simultaneously, and no ordering takes place. From sytemd.service manual Unless DefaultDependencies= is set to false, service units will implicitly have dependencies of type Requires= and After= on basic.target as well as dependencies of type Conflicts= and Before= on shutdown.target. These ensure that normal service units pull in basic system initialization, and are terminated cleanly prior to system shutdown. I think it's about flexibility and the fact that systemd uses parallelization at boot, when having these options makes sense
