Re: [gentoo-user] Re: HTML editor WYSIWYG
On Tuesday 19 Mar 2013 01:14:23 Peter Humphrey wrote: On Monday 18 March 2013 14:10:40 Grant Edwards wrote: There's no such thing as a WYSIWYG HTML editor Depends. Kompozer is built on the Firefox tree, so if Firefox gives you what you want to see, Kompozer will be WYSIWYG.. On the other hand, its HTML is not pure, the application is buggy and it hasn't been updated for a year or two. I made extensive use of it while developing my choir's website, but mostly for its very useful help with CSS. If I were starting out again, which I may do soon, I'd want both Kompozer and Bluefish to hand. Anyone knows what happened to Quanta+ and it was ever ported to KDE4? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: AMD64, Firefox = Java Plugin?
On 2013-03-17, walt wrote: On 03/16/2013 06:15 AM, meino.cra...@gmx.de wrote: Hi, I am looking for a useable howto/tutorial which describes howto install the java plugin for the current fireox. I see your question is already answered, but I'll add that there are a zillion open security bugs for java and many are actively being exploited in the wild recently. If you must use java in Firefox (as I do) then make sure that your version of Firefox is the latest one (19-something) because it will ask your permission before running any java applets. Firefox will allow you to override the warnings for selected websites so it won't become irritating at sites you trust. IIUC there are exploitable bugs in java7 that don't exist in java6, so I'm sticking to java6 for now, though 6 isn't perfect either. Or use NoScript or some other extension that lets you block embedded content by default, like some people have been doing for years now. -- Nuno Silva (aka njsg) http://njsg.sdf-eu.org/
Re: [gentoo-user] I guess it is time to update udev from 171-r10 to 197-r8...
On 2013-03-18 7:15 AM, Tanstaafl tansta...@libertytrek.org wrote: The above reference to 'might need packages like sys-apps/kbd', which is now *required* by udev, suggests that now I again do need an initramsf? That was silly - I saw kbd and read it as kmod... ok, this one is no problem either... One new concern - I just confirmed that I do *not* have CONFIG_DEVTMPFS enabled in my current running kernel. I also am running an older kernel that is no longer in portage (I know, I know), so I want to recompile my existing kernel and get it booting with the new/updated u dev before upgrading it (will do that immediately once the udev update is done). I've never recompiled and replaced a running kernel before, so... I'm just going to recompile it with everything enabled, copy the new kernel over to /boot with a slightly different name, then reboot to the new kernel. But looking at: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1chap=7 It says to enable the following: Device Drivers --- Generic Driver Options --- [*] Maintain a devtmpfs filesystem to mount at /dev [ ] Automount devtmpfs at /dev, after the kernel mounted the rootfs ... File systems --- (Select one or more of the following options as needed by your system) ... Pseudo Filesystems --- [*] /proc file system support [*] Virtual memory file system support (former shm fs) (In my current kernel the option is 'Tmpfs virtual memory file system support (former shm fs) ... (Enable GPT partition label support if you used that previously) -*- Enable the block layer --- ... Partition Types --- [*] Advanced partition selection ... [*] EFI GUID Partition support Now, when exiting menuconfig I get the following warnings: # make menuconfig scripts/kconfig/mconf Kconfig warning: (HAVE_TEXT_POKE_SMP) selects STOP_MACHINE which has unmet direct dependencies (SMP MODULE_UNLOAD || HOTPLUG_CPU) warning: (HAVE_TEXT_POKE_SMP) selects STOP_MACHINE which has unmet direct dependencies (SMP MODULE_UNLOAD || HOTPLUG_CPU) # # configuration written to .config Is this something I need to fix? Lastly, doing the actual updates once I have a supported kernel ready... Neil suggested just unmerging module-init-tools and then letting emerge world install kmod, but I like doing things in smaller steps. An emerge world wants to update a number of other non udev related things (like apache), so what I'd like to do is get udev updated first, reboot, then finish updating world, so what I'm thinking of doing (after fixing my kernel issue) is: emerge -C module-init-tools emerge -1 kmod then emerge -C sysvinit emerge -1 util-linux then emerge -vuDN udev reboot emerge -vuDN world My question is, is the above any 'safer' than just doing: emerge -C module-init-tools emerge -C sysvinit emerge -vuDN udev reboot ? Thanks
[gentoo-user] Did an emerge world, now display customisations all gone
Hi all, I have an nvidia powered twin head display config that has things such as, KDE, the wallpaper is the slideshow thingy, the taskbar is on the top of the LHS monitor and autohides etc etc. I've just done an emerge -NuD world and all of that has now disappeared. I think I'm back to the default config. Does anyone have any idea as to what happened to my custom display config? Is this going to be an ongoing affair every time I update KDE? Any thoughts, greatly appreciated, Andrew
Re: [gentoo-user] Did an emerge world, now display customisations all gone
On 19 March 2013, at 15:13, Andrew Lowe wrote: ... I have an nvidia powered twin head display config that has things such as, KDE, the wallpaper is the slideshow thingy, the taskbar is on the top of the LHS monitor and autohides etc etc. I've just done an emerge -NuD world and all of that has now disappeared. I think I'm back to the default config. Does anyone have any idea as to what happened to my custom display config? Is this going to be an ongoing affair every time I update KDE? Use genlop to list for us what packages you updated today. Stroller.
Re: [gentoo-user] Did an emerge world, now display customisations all gone
On 03/19/13 23:42, Stroller wrote: On 19 March 2013, at 15:13, Andrew Lowe wrote: ... I have an nvidia powered twin head display config that has things such as, KDE, the wallpaper is the slideshow thingy, the taskbar is on the top of the LHS monitor and autohides etc etc. I've just done an emerge -NuD world and all of that has now disappeared. I think I'm back to the default config. Does anyone have any idea as to what happened to my custom display config? Is this going to be an ongoing affair every time I update KDE? Use genlop to list for us what packages you updated today. Stroller. Never used that beasty before. Is genlop -l what you're after? If so: Sun Mar 17 13:04:09 2013 dev-python/python-exec-0.3.1 Sun Mar 17 13:04:28 2013 sys-libs/timezone-data-2013b Sun Mar 17 13:04:52 2013 media-libs/libdvdcss-1.2.13 Sun Mar 17 13:05:03 2013 dev-libs/libaio-0.3.109-r4 Sun Mar 17 13:08:49 2013 app-emulation/virtualbox-additions-4.2.10 Sun Mar 17 13:09:11 2013 sys-power/acpid-2.0.18 Sun Mar 17 13:09:20 2013 sys-fs/dosfstools-3.0.16 Sun Mar 17 13:11:02 2013 dev-libs/mpfr-3.1.2 Sun Mar 17 13:21:35 2013 dev-libs/boost-1.52.0-r6 Sun Mar 17 13:22:18 2013 media-libs/libjpeg-turbo-1.2.90 Sun Mar 17 13:22:47 2013 app-emulation/emul-linux-x86-baselibs-20130224 Sun Mar 17 13:23:28 2013 sys-power/iasl-20130117-r1 Sun Mar 17 13:23:35 2013 dev-util/mdds-0.7.1 Sun Mar 17 13:23:40 2013 app-emulation/emul-linux-x86-db-20130224 Sun Mar 17 13:23:54 2013 kde-base/kde-env-4.10.1 Sun Mar 17 13:28:26 2013 dev-lang/perl-5.16.3 Sun Mar 17 13:28:51 2013 sys-kernel/linux-headers-3.8 Sun Mar 17 13:29:13 2013 dev-libs/libIDL-0.8.14 Sun Mar 17 13:29:58 2013 media-gfx/sane-backends-1.0.23-r1 Sun Mar 17 13:32:50 2013 dev-libs/openssl-1.0.1e Sun Mar 17 13:33:48 2013 dev-libs/botan-1.10.3-r1 Sun Mar 17 13:35:09 2013 dev-qt/qtscript-4.8.4 Sun Mar 17 13:35:14 2013 x11-base/xorg-drivers-1.14 Sun Mar 17 13:35:41 2013 sys-process/procps-3.3.6 Sun Mar 17 13:36:39 2013 app-shells/bash-4.2_p45 Sun Mar 17 13:38:23 2013 dev-db/unixODBC-2.3.1-r1 Sun Mar 17 13:38:31 2013 app-office/libreoffice-l10n-4.0.1.2 Sun Mar 17 13:38:41 2013 x11-proto/xf86vidmodeproto-2.3.1-r1 Sun Mar 17 13:38:54 2013 x11-proto/xproto-7.0.23-r2 Sun Mar 17 13:39:07 2013 x11-proto/xextproto-7.2.1-r1 Sun Mar 17 13:39:50 2013 media-libs/alsa-lib-1.0.26-r1 Sun Mar 17 13:40:00 2013 x11-proto/renderproto-0.11.1-r1 Sun Mar 17 13:40:11 2013 x11-proto/kbproto-1.0.6-r1 Sun Mar 17 13:42:06 2013 dev-libs/icu-50.1.2 Sun Mar 17 13:42:17 2013 x11-proto/randrproto-1.4.0-r1 Sun Mar 17 13:42:28 2013 x11-proto/inputproto-2.3 Sun Mar 17 13:42:46 2013 dev-libs/nspr-4.9.5-r2 Sun Mar 17 13:42:56 2013 x11-proto/xineramaproto-1.2.1-r1 Sun Mar 17 13:43:06 2013 x11-proto/damageproto-1.2.1-r1 Sun Mar 17 13:43:15 2013 x11-proto/compositeproto-0.4.2-r1 Sun Mar 17 13:43:27 2013 x11-proto/videoproto-2.3.1-r1 Sun Mar 17 13:43:39 2013 x11-proto/scrnsaverproto-1.2.2-r1 Sun Mar 17 13:43:50 2013 dev-libs/libpthread-stubs-0.3-r1 Sun Mar 17 13:44:02 2013 x11-proto/recordproto-1.14.2-r1 Sun Mar 17 13:44:10 2013 x11-proto/xf86bigfontproto-1.2.0-r1 Sun Mar 17 13:44:46 2013 media-libs/audiofile-0.3.6 Sun Mar 17 13:44:58 2013 media-fonts/font-util-1.3.0 Sun Mar 17 13:45:08 2013 x11-proto/xf86dgaproto-2.1-r2 Sun Mar 17 13:45:16 2013 x11-misc/util-macros-1.17 Sun Mar 17 13:45:25 2013 x11-proto/printproto-1.0.5-r1 Sun Mar 17 13:45:45 2013 x11-libs/libICE-1.0.8-r1 Sun Mar 17 13:46:00 2013 x11-libs/libXau-1.0.7-r1 Sun Mar 17 13:46:14 2013 x11-libs/libXdmcp-1.1.1-r1 Sun Mar 17 13:46:25 2013 x11-proto/fixesproto-5.0-r1 Sun Mar 17 13:46:51 2013 app-text/libmspub-0.0.5 Sun Mar 17 13:47:11 2013 media-libs/libcdr-0.0.11 Sun Mar 17 13:48:20 2013 dev-libs/libxml2-2.9.0-r2 Sun Mar 17 13:48:31 2013 x11-proto/xcb-proto-1.8-r1 Sun Mar 17 13:48:59 2013 net-libs/neon-0.29.6-r5 Sun Mar 17 13:49:41 2013 media-libs/libvisio-0.0.25 Sun Mar 17 13:49:55 2013 dev-libs/libgpg-error-1.11 Sun Mar 17 13:50:19 2013 sys-libs/e2fsprogs-libs-1.42.7 Sun Mar 17 14:13:50 2013 sys-devel/gcc-4.7.2-r1 Sun Mar 17 14:15:31 2013 app-cdr/cdrtools-3.01_alpha13 Sun Mar 17 14:15:50 2013 dev-libs/libassuan-2.1.0 Sun Mar 17 14:15:54 2013 app-admin/eselect-xvmc-0.4 Sun Mar 17 14:19:08 2013 net-libs/gnutls-3.1.9-r1 Sun Mar 17 14:19:49 2013 x11-libs/libxcb-1.9-r1 Sun Mar 17 14:21:55 2013 x11-libs/libX11-1.5.0-r1 Sun Mar 17 14:22:13 2013 x11-libs/xpyb-1.3.1-r1 Sun Mar 17 14:22:32 2013 x11-libs/libXext-1.3.1-r1 Sun Mar 17 14:23:03 2013 media-libs/freetype-2.4.11-r2 Sun Mar 17 14:23:19 2013
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
If you're going to call me out for ignoring things, missing things or simply not knowing things, please highlight what it is. the quote isn't very enlightening in this context. You have a nasty habit of referencing things without inlining them or referencing them directly, and this has gotten in the way of clear communication *multiple* times over the last week. I only wrote two lines and you still missed it I respond to what's written in the email I'm replying to, because that's what I've just read, and that's the context of the email. never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. Honestly, I never expected you to be up in arms over being exposed to HTML syntax. I presumed you were concerned about libpng, libjpeg, swf and gif. As I clearly said both, but actually less so html. You seem to be under the impression Androids mail clients let you avoid all that but they do not. Talk about hitting your head against a brick wall. I presumed you were concerned about privacy concerns. Those are what most people who gripe about HTML email security are concerned with. That would be to do with scripts and remote content. Remote content Is as you have said almost always switchable and so was not a concern/thought of mine but yes, what people shout about. Scripts, well with Googles love of javascript (for obvious tracking reasons) I wouldn't be too surprised if that is enabled without recourse on android email. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
Either you ignored what I said about being able to disable loading remote content and being able to disable showing inline rich content, or you're seriously concerned about HTML parser vulnerabilities. You can't disable incoming rich content (which is the important one) like jpg logos on Android and which was the whole point. Considering most phones run Gingerbread it should be noted that this practice is actually rather dangerous. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/19/2013 05:09 PM, Kevin Chadwick wrote: If you're going to call me out for ignoring things, missing things or simply not knowing things, please highlight what it is. the quote isn't very enlightening in this context. You have a nasty habit of referencing things without inlining them or referencing them directly, and this has gotten in the way of clear communication *multiple* times over the last week. I only wrote two lines and you still missed it I respond to what's written in the email I'm replying to, because that's what I've just read, and that's the context of the email. never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. Honestly, I never expected you to be up in arms over being exposed to HTML syntax. I presumed you were concerned about libpng, libjpeg, swf and gif. As I clearly said both, but actually less so html. You seem to be under the impression Androids mail clients let you avoid all that but they do not. Talk about hitting your head against a brick wall. I can't tell any more whether you're complaining about people sending HTML, whether you're complaining about receiving HTML emails without being able to avoid parsing them, or whether you're complaining about other people receiving HTML emails and their being placed at risk of parsing bugs as a result. If you're complaining about other people sending HTML emails: OK, fine. Politely point out to them that it's common courtesy not to send HTML emails. PLONK them if you need to. But make it clear this is what you're complaining about. I don't see the relevance of most of your arguments if your complaint is with other people sending HTML messages. If you're complaining about receiving HTML emails without being able to avoid parsing them: You're clearly technical enough to implement some solution to avoid it. One solution would be to grab the source of an existing mail client and patch it to not handle the HTML parts. Another solution would be to have your mail pass through a server which strips messages of those parts, or modifies them in some way to make them safe. Yet another solution would be to find a mail client which does this for you. I see no reason to continue raging about the state of the mail clients you use, if this is your argument. If you're complaining about other people receiving HTML emails and their being placed at risk of parsing bugs, then provide a solution (I detailed a few in the above paragraph) and allow them to adopt it if they wish. If what you're complaining about isn't enumerated above, please try to state it simply and clearly. I presumed you were concerned about privacy concerns. Those are what most people who gripe about HTML email security are concerned with. That would be to do with scripts and remote content. Remote content Is as you have said almost always switchable and so was not a concern/thought of mine but yes, what people shout about. Scripts, well with Googles love of javascript (for obvious tracking reasons) I wouldn't be too surprised if that is enabled without recourse on android email. I'm pretty sure I've never seen JS in email. Traditionally, tracking is done with image bugs. There's little to no point in using scripting in emails. And given Google is pushing as fast as they can away from RSS and toward Google+, I'm rather expecting them to look for ways to get away from email and XMPP, too. Further, most GMail users use the web interface; there's No Way In Hell Google would allow mail-delivered code to be executed from within that security context. That would be the fastlane to account hijacking. This argument boils down to: I don't trust Google, so I'd like to suggest they would use JS in emails, because that's scary, too. signature.asc Description: OpenPGP digital signature
[gentoo-user] [OT] Time-lock USB stick
Does anybody know of time lock flash drives? The scenario I'm looking at is to have a drive that's only accessible for a certain amount of time after being powered on. It would hold crypto keys in a server context. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] [OT] Time-lock USB stick
On 20/03/13 10:58, Michael Mol wrote: Does anybody know of time lock flash drives? The scenario I'm looking at is to have a drive that's only accessible for a certain amount of time after being powered on. It would hold crypto keys in a server context. Something like this? http://www.tomshardware.com/reviews/USB-Flash-Drives,2003-6.html It does sound like you want a dongle like autocad used (?) to use. I think the real solution though would be some kind of check with a remote site that would expire the keys BillK
Re: [gentoo-user] [OT] Time-lock USB stick
On 03/19/2013 11:18 PM, William Kenworthy wrote: On 20/03/13 10:58, Michael Mol wrote: Does anybody know of time lock flash drives? The scenario I'm looking at is to have a drive that's only accessible for a certain amount of time after being powered on. It would hold crypto keys in a server context. Something like this? http://www.tomshardware.com/reviews/USB-Flash-Drives,2003-6.html It does sound like you want a dongle like autocad used (?) to use. I think the real solution though would be some kind of check with a remote site that would expire the keys Not so much. The idea would be that you could power cycle the device to get access to it again. The device would be read for the keys at system bootup, but then would shut itself off after a few minutes to prevent the keys from being read from disk. (There's still the risk of them being read from the memory of the process using them, but that's slightly more difficult, and security is all about raising the bar.) signature.asc Description: OpenPGP digital signature
[gentoo-user] screen tearing when moving windows...
Hi all, I'm suffering screen tearing when moving windows around, watching videos, and some other situations. I've tried almost all popular desktop environments, including KDE, gnome(both traditional gnome 2 and new gnome 3), and xfce, the issue always exists except in gnome 3. For the main difference between these window managers, is gnome 3's window manager (mutter) is based on opengl, I think there may be some problems with my card's 2D acceleration. But'cat /proc/mtrr' shows everything is well. My graphical card is Nvidia Geforce GT240M, and I'm using the official Nvidia drivers. Does anyone have any suggestions on how to troubleshoot this issue? Any help much appreciated!
Re: [gentoo-user] [OT] Time-lock USB stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2013 11:28 PM, Michael Mol wrote: Not so much. The idea would be that you could power cycle the device to get access to it again. The device would be read for the keys at system bootup, but then would shut itself off after a few minutes to prevent the keys from being read from disk. (There's still the risk of them being read from the memory of the process using them, but that's slightly more difficult, and security is all about raising the bar.) Eject the USB drive after five minutes? This raises the bar significantly, to has tried to send the 'close CD tray' command to a USB stick before. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJRSTmpAAoJEBxJck0inpOiKusP/1sVI0A5hbT1pE8yRu+Ydn5W j+O6o9j+r2Tqzkay0/tXPWs8HJlM7c8yQcaRvQoCiau2mQzitSk+nLxCPh/GLpis 2d49ihFKmVFk7qrIzMkrHoV4XRc2jVfgiEq+n8W5dYpODPCX9N4MQidgiYePnZ52 YEtxijEkfPk73j5jPoJh6SNWtzrdLUC6DH4mmghqgmZcn4glkhWpqIU6U/tj4hJT iN67F5g0g8YSIQNTBsTO/TLrQmrHdb/iT2v9hTxeL+Ly+xjHKJmSikP+f0rOOrQn vXbJHGk2IAgajDHcdG3jDJvoQDgA0vl+uJ/i4tj++rwMNNXxX7MmFq9qGqGGjBp4 nwFVJn9QGMHq2boDXISXlz+zNcjLWcaxNrXQiqSB5sqnbvjg27/NCDaQG8+ZgWzX a/JGLqu3l7LoribH54E51PGdpKiiooDgYjgQkB9ZrSM6/X14JftqWavEALrLQXfM ud32XTgMGiBVqyjtGQ4VDS2KtQnZAWhORMQJvOx3nwApUiXOlyX8xoyazYetnTaC pZFgYRgmNYQodweJNrpz28EekEhwr1A/HHYhe5ANqUSO44xZBhsfEhtz0ycVd0ok 2JnCC4WwmQtqifD4S3hEsn4BN1XvxCH8YhXV6S+ApD9bo22ybZFw7f54tMSV0L/d brkafk2u3Bhnh2yFr+6k =pX91 -END PGP SIGNATURE-
Re: [gentoo-user] [OT] Time-lock USB stick
On 03/20/2013 12:23 AM, Michael Orlitzky wrote: On 03/19/2013 11:28 PM, Michael Mol wrote: Not so much. The idea would be that you could power cycle the device to get access to it again. The device would be read for the keys at system bootup, but then would shut itself off after a few minutes to prevent the keys from being read from disk. (There's still the risk of them being read from the memory of the process using them, but that's slightly more difficult, and security is all about raising the bar.) Eject the USB drive after five minutes? This raises the bar significantly, to has tried to send the 'close CD tray' command to a USB stick before. That's sick, wrong and beautiful. I love it. :) signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] [OT] Time-lock USB stick
Michael Orlitzky mich...@orlitzky.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2013 11:28 PM, Michael Mol wrote: Not so much. The idea would be that you could power cycle the device to get access to it again. The device would be read for the keys at system bootup, but then would shut itself off after a few minutes to prevent the keys from being read from disk. (There's still the risk of them being read from the memory of the process using them, but that's slightly more difficult, and security is all about raising the bar.) Eject the USB drive after five minutes? This raises the bar significantly, to has tried to send the 'close CD tray' command to a USB stick before. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJRSTmpAAoJEBxJck0inpOiKusP/1sVI0A5hbT1pE8yRu+Ydn5W j+O6o9j+r2Tqzkay0/tXPWs8HJlM7c8yQcaRvQoCiau2mQzitSk+nLxCPh/GLpis 2d49ihFKmVFk7qrIzMkrHoV4XRc2jVfgiEq+n8W5dYpODPCX9N4MQidgiYePnZ52 YEtxijEkfPk73j5jPoJh6SNWtzrdLUC6DH4mmghqgmZcn4glkhWpqIU6U/tj4hJT iN67F5g0g8YSIQNTBsTO/TLrQmrHdb/iT2v9hTxeL+Ly+xjHKJmSikP+f0rOOrQn vXbJHGk2IAgajDHcdG3jDJvoQDgA0vl+uJ/i4tj++rwMNNXxX7MmFq9qGqGGjBp4 nwFVJn9QGMHq2boDXISXlz+zNcjLWcaxNrXQiqSB5sqnbvjg27/NCDaQG8+ZgWzX a/JGLqu3l7LoribH54E51PGdpKiiooDgYjgQkB9ZrSM6/X14JftqWavEALrLQXfM ud32XTgMGiBVqyjtGQ4VDS2KtQnZAWhORMQJvOx3nwApUiXOlyX8xoyazYetnTaC pZFgYRgmNYQodweJNrpz28EekEhwr1A/HHYhe5ANqUSO44xZBhsfEhtz0ycVd0ok 2JnCC4WwmQtqifD4S3hEsn4BN1XvxCH8YhXV6S+ApD9bo22ybZFw7f54tMSV0L/d brkafk2u3Bhnh2yFr+6k =pX91 -END PGP SIGNATURE- I don't think it is possible to un-eject a usb-drive without powercycling it. And why wait 5 minutes to eject it? Simply do that as soon as the keys are read? Extra option: Stick the usbdisk driver as a module in a ramdisk and then rmmod it. Remove the module from disk And use module signing. From what I understand. The keys for that are generated at compile time? And you can delete them from the kernel sources after compiling. -- Joost -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
[gentoo-user] System freezes during compiles
Hello, For last few weeks or so, I've been getting intermittent hard lock-ups during the emerge of various packages. It appears the more compile intensive the package, the more likely the lock-up. These lock-ups have occurred under kernels 3.4.9 and 3.7.10 with gcc 4.5.4 and 4.6.3. Once the machine is in a frozen state, the only thing that responds is the soft power reset button. Some times the machine lock-ups again after the button is pressed (this is because the compile resumes once the system comes out of it's frozen state). If the system subsequently lock-ups because I wasn't able to cancel the compile fast enough only a only option left is a hard power reset (10sec + hold power button). If I cancel the compile, the system is perfectly responsive and functions normally. There are kernel stack traces in /var/log/messages which I'm unable to decipher and diagnose as to what caused the lock-up. If I had to guess, I'd blame an incorrect setting in the .config, but since I'm stuck in the diagnostic of what part of the kernel might be experiencing the problem, I need a bit of help to pin point the issue. I believe it to be a kernel configuration issue because when I booted the machine using a system rescue Live CD, I was able to chroot into the system and emerge packages like gcc without the lock-up problem occurring. That's by no means conclusive, however, I've also run a complete pass of memcheck for over an hour without any issues reported. I'd like to completely rule out hardware failure, what diagnostic tools tools are recommend to try identify potential hardware issue of this type? The various kernel stack traces are attached in case someone wants to take a look. I can provide more information should it be needed. Any help or advice would be appreciated. Regards, Carlos Mar 12 23:42:03 hydra kernel: [58066.564110] [ cut here ] Mar 12 23:42:03 hydra kernel: [58068.663176] WARNING: at kernel/watchdog.c:241 watchdog_overflow_callback+0x93/0x9e() Mar 12 23:42:03 hydra kernel: [58068.673235] Hardware name: GA-990FXA-D3 Mar 12 23:42:03 hydra kernel: [58068.673303] Watchdog detected hard LOCKUP on cpu 2 Mar 12 23:42:03 hydra kernel: [58068.751056] Modules linked in: usb_storage uas ipv6 it87 hwmon_vid fglrx(PO) uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core joydev radeon i2c_al go_bit ttm drm_kms_helper drm r8169 xhci_hcd ata_generic pata_acpi i2c_piix4 mii i2c_core pata_atiixp wmi serio_raw k10temp powernow_k8 pcspkr mperf freq_table Mar 12 23:42:03 hydra kernel: [58068.945979] Pid: 720, comm: cc1 Tainted: P O 3.4.9-gentoo #2 Mar 12 23:42:03 hydra kernel: [58068.946053] Call Trace: Mar 12 23:42:03 hydra kernel: [58069.054704] NMI [81030050] ? warn_slowpath_common+0x78/0x8c Mar 12 23:42:03 hydra kernel: [58069.231277] [810300fc] ? warn_slowpath_fmt+0x45/0x4a Mar 12 23:42:03 hydra kernel: [58069.271020] [8107bf89] ? watchdog_overflow_callback+0x93/0x9e Mar 12 23:42:03 hydra kernel: [58069.271135] [8107bef6] ? touch_nmi_watchdog+0x62/0x62 Mar 12 23:42:03 hydra kernel: [58069.293566] [8108c002] ? __perf_event_overflow+0x12c/0x1ae Mar 12 23:42:03 hydra kernel: [58069.293689] [8108a0a1] ? perf_event_update_userpage+0x13/0xbf Mar 12 23:42:03 hydra kernel: [58069.293811] [8100db25] ? x86_pmu_handle_irq+0xbe/0xf3 Mar 12 23:42:03 hydra kernel: [58069.293939] [8151ff39] ? nmi_handle.isra.4+0x3e/0x61 Mar 12 23:42:03 hydra kernel: [58069.294038] [8151fffb] ? do_nmi+0x9f/0x287 Mar 12 23:42:03 hydra kernel: [58069.294139] [8151f7e2] ? end_repeat_nmi+0x1a/0x1e Mar 12 23:42:03 hydra kernel: [58069.294253] [8151f084] ? _raw_spin_lock_irq+0x6/0x6 Mar 12 23:42:03 hydra kernel: [58069.294357] [8151f084] ? _raw_spin_lock_irq+0x6/0x6 Mar 12 23:42:03 hydra kernel: [58069.314699] [8151f084] ? _raw_spin_lock_irq+0x6/0x6 Mar 12 23:42:03 hydra kernel: [58069.318869] EOE IRQ [81059da5] ? ntp_tick_length+0x23/0x28 Mar 12 23:42:03 hydra kernel: [58069.319051] [8105972a] ? do_timer+0x89/0x465 Mar 12 23:42:03 hydra kernel: [58069.319185] [8105e881] ? tick_do_update_jiffies64+0x74/0x98 Mar 12 23:42:03 hydra kernel: [58069.319300] [8105e9b1] ? tick_sched_timer+0x3f/0x8d Mar 12 23:42:03 hydra kernel: [58069.319424] [810476b7] ? __run_hrtimer.isra.27+0x4b/0xa3 Mar 12 23:42:03 hydra kernel: [58069.319547] [81047ca9] ? hrtimer_interrupt+0xd9/0x1c9 Mar 12 23:42:03 hydra kernel: [58069.319655] [81017b71] ? smp_apic_timer_interrupt+0x6e/0x80 Mar 12 23:42:03 hydra kernel: [58069.319750] [81524907] ? apic_timer_interrupt+0x67/0x70 Mar 12 23:42:03 hydra kernel: [58069.319810] EOI Mar 12 23:42:03 hydra kernel: [58069.324331] ---[ end trace b1a58589d91a0dec ]--- Mar 12 23:58:02 hydra kernel: [59023.803433] [ cut here ] Mar 12 23:58:02 hydra
Re: [gentoo-user] [OT] Time-lock USB stick
J. Roeleveld jo...@antarean.org wrote: Michael Orlitzky mich...@orlitzky.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2013 11:28 PM, Michael Mol wrote: Not so much. The idea would be that you could power cycle the device to get access to it again. The device would be read for the keys at system bootup, but then would shut itself off after a few minutes to prevent the keys from being read from disk. (There's still the risk of them being read from the memory of the process using them, but that's slightly more difficult, and security is all about raising the bar.) Eject the USB drive after five minutes? This raises the bar significantly, to has tried to send the 'close CD tray' command to a USB stick before. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJRSTmpAAoJEBxJck0inpOiKusP/1sVI0A5hbT1pE8yRu+Ydn5W j+O6o9j+r2Tqzkay0/tXPWs8HJlM7c8yQcaRvQoCiau2mQzitSk+nLxCPh/GLpis 2d49ihFKmVFk7qrIzMkrHoV4XRc2jVfgiEq+n8W5dYpODPCX9N4MQidgiYePnZ52 YEtxijEkfPk73j5jPoJh6SNWtzrdLUC6DH4mmghqgmZcn4glkhWpqIU6U/tj4hJT iN67F5g0g8YSIQNTBsTO/TLrQmrHdb/iT2v9hTxeL+Ly+xjHKJmSikP+f0rOOrQn vXbJHGk2IAgajDHcdG3jDJvoQDgA0vl+uJ/i4tj++rwMNNXxX7MmFq9qGqGGjBp4 nwFVJn9QGMHq2boDXISXlz+zNcjLWcaxNrXQiqSB5sqnbvjg27/NCDaQG8+ZgWzX a/JGLqu3l7LoribH54E51PGdpKiiooDgYjgQkB9ZrSM6/X14JftqWavEALrLQXfM ud32XTgMGiBVqyjtGQ4VDS2KtQnZAWhORMQJvOx3nwApUiXOlyX8xoyazYetnTaC pZFgYRgmNYQodweJNrpz28EekEhwr1A/HHYhe5ANqUSO44xZBhsfEhtz0ycVd0ok 2JnCC4WwmQtqifD4S3hEsn4BN1XvxCH8YhXV6S+ApD9bo22ybZFw7f54tMSV0L/d brkafk2u3Bhnh2yFr+6k =pX91 -END PGP SIGNATURE- I don't think it is possible to un-eject a usb-drive without powercycling it. And why wait 5 minutes to eject it? Simply do that as soon as the keys are read? Extra option: Stick the usbdisk driver as a module in a ramdisk and then rmmod it. Remove the module from disk And use module signing. From what I understand. The keys for that are generated at compile time? And you can delete them from the kernel sources after compiling. -- Joost -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. One more idea: Boot from the same usbdisk. This moves the kernel and ramdisk away from the disk and into a location where, after rmmodding the drivers, the system no longer knows how to read from even if someone did figure out how to uneject a usbdisk. -- Joost -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
