Re: [gentoo-user] [OT] Retro ...

[Meino . Cramer]

Alexander Kapshuk  [16-02-17 20:52]:
> On Wed, Feb 17, 2016 at 9:29 PM,   wrote:
> > Alexander Kapshuk  [16-02-17 20:24]:
> >> On Wed, Feb 17, 2016 at 8:21 PM,   wrote:
> >> > Hi,
> >> >
> >> > curious about how that had felt in ancient times, when hardware
> >> > and software were limited, I tried 'ed' - the one and only
> >> > editor ;)
> >> >
> >> > One feature I cant figure out (and the reason for that may be, that it
> >> > is not there... :) is:
> >> >
> >> > One has to specify the line, which s/he wants to edit. This is
> >> > possible via regexp (which matches more than one line and may be
> >> > not, what you want) and via line numbers.
> >> >
> >> > In case one wants to use line numbers:
> >> > One can list the whole text to the console...but the line numbers
> >> > are missing.
> >> > The "visual version of ed" called 'vi' is able to preceed any line
> >> > with a line number.
> >> >
> >> > Is this possible with ed?
> >> > How does one know the number of a specific line?
> >> >
> >> > Or do I miss something very fundamental here ???
> >> >
> >> > Thanks for any help in advance!
> >> > Best regards,
> >> > Meino
> >> >
> >> >
> >> >
> >>
> >> You may find this manual, https://9p.io/7thEdMan/v7vol2a.pdf, for
> >> research UNIX 7th edition of interest.
> >> Amongst other things, it has a section called 'A Tutorial Introduction
> >> to the UNIX Text Editor' written by Brian W. Kernighan of Bell Labs at
> >> the time. You may then find a section called 'Advanced Editing on
> >> UNIX' of further interest.
> >>
> >
> > Hi Alexander,
> >
> > THANKS A LOT! 8)
> > That seems to be the "definitive guide to ed" because Brian Kernigham
> > is the author...
> > Looks like you linked me the "Programing C" by Dennis Ritchie - but
> > for the ed and by Brian Kerningham. ;)
> > Best!
> >
> > Best regards,
> > Meino
> >
> > PS: Do you know TUHS??? ;)
> >
> 
> You're welcome. I find the Bell Labs manuals and papers of top
> technical quality.
> No, I haven't heard of The Unix Heritage Society before. Thanks for
> pointing it out.
> 

Hi Alexander,

:) If you are interested in the TUHS then this may be interesting too:
http://simh.trailing-edge.com/
:)
(The needed UNIX-tapes are all archived by the TUHS and the majority of
them are free for private use)

On the mailing list of the tuhs you will find often links to very
interesting docs. May be g/re/p-ping through archived posting of
the newer past will reveal more interesting docs.
One teaser:
http://wiki.tuhs.org/doku.php?id=publications:quarter_century_of_unix

Have a lot of fun!
Best regards,
Meino

Re: [gentoo-user] which kernels are not vulnerable?

[Daniel Frey]

On 02/17/2016 04:22 PM, Grant wrote:
> Does anyone know which versions of hardened-sources and gentoo-sources
> are not vulnerable to this:
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
> 
> - Grant
> 

Oops, forgot this one for hardened:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b8a35c2c3062e33184be5b8a2ef0da3fba07f7

Dan

Re: [gentoo-user] which kernels are not vulnerable?

[Daniel Frey]

On 02/17/2016 04:22 PM, Grant wrote:
> Does anyone know which versions of hardened-sources and gentoo-sources
> are not vulnerable to this:
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
> 
> - Grant
> 

A quick google led me to these:

https://gitweb.gentoo.org/repo/gentoo.git/commit/sys-kernel/gentoo-sources?id=4423f27cbe43b8331a00cd5d58d78591971f3321

https://gitweb.gentoo.org/repo/gentoo.git/commit/sys-kernel/gentoo-sources?id=6dbbbc14d8e1bf47bee1b367d8b14ab7d7b706bd

https://gitweb.gentoo.org/repo/gentoo.git/commit/sys-kernel/gentoo-sources?id=99cc2564263fc34920d62ce693fd3d9b313b5828

Dan

Re: [gentoo-user] Modern Docker?

[Alec Ten Harmsel]

On Wed, Feb 17, 2016 at 11:25:56PM +, Daniel Quinn wrote:
> I tried to run a docker-compose.yaml file and it exploded with a version
> error.  When I asked around about what I did wrong, it turns out that it
> requires docker-compose version 1.6.x and Gentoo doesn't have anything
> newer than 1.5.2.  Is there an official overlay for this sort of thing,
> or do Gentooers do something else with Docker typically?
> 

Until the new version gets added to the tree, I would run docker-compose
out of a virtualenv:

virtualenv ~/docker-compose
source ~/docker-compose/bin/activate
pip install docker-compose

This is not a great solution, but it'll do for the mean time.

Alec

[gentoo-user] which kernels are not vulnerable?

[Grant]

Does anyone know which versions of hardened-sources and gentoo-sources
are not vulnerable to this:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728

- Grant

[gentoo-user] Modern Docker?

[Daniel Quinn]

I tried to run a docker-compose.yaml file and it exploded with a version
error.  When I asked around about what I did wrong, it turns out that it
requires docker-compose version 1.6.x and Gentoo doesn't have anything
newer than 1.5.2.  Is there an official overlay for this sort of thing,
or do Gentooers do something else with Docker typically?

Re: [gentoo-user] Can I install/admin a bootmanager from USB stick?

[waltdnes]

On Wed, Feb 17, 2016 at 07:08:52PM +, Neil Bothwick wrote

> Or this?
> https://www.plop.at/en/bootmanagers.html

  Thanks, it looks interesting.  Separate from that, I've stumbled
across one lone passing reference to "extended boot code" on the minix3
wiki.  Need more research.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] Can I install/admin a bootmanager from USB stick?

[waltdnes]

On Wed, Feb 17, 2016 at 01:56:01PM -0500, Rich Freeman wrote
> On Wed, Feb 17, 2016 at 1:39 PM,   wrote:
> >   I'm ordered a new system for use for experimentation.  Right now, I'm
> > looking at putting ReactOS and Minix3.3 on it.  Problem... I don't think
> > either one is capable of booting the other.  I suppose I could do a
> > basic install of linux, and use its bootloader.  But that's overkill.  Is
> > there a tool that'll install/admin a bootmanager from a USB stick?  I'd
> > settle for installing LILO from a Gentoo minimal install USB or
> > something similar.
> >
> 
> Would this fit the bill?
> http://www.supergrubdisk.org/

  There are complaints on the forum that the current version is hard to
use.  It also looks like English is not the first language there.  The
following looks like someone took templates, and slapped them together.
Can you make sense of the following?

http://www.supergrubdisk.org/wizard-step-put-super-grub2-disk-into-a-media/

> Put Super Grub2 Disk into an usb pendrive as an ISO image from
> Gnu/Linux
> 
> No info how to Super Grub2 Disk into an usb pendrive as an ISO image
> from Gnu/Linux yet. Sorry.
> 
> Put Super Grub2 Disk raw image into an usb
> 
> This is the method that it should always work. Unfortunately it wipes
> all the pendrive contents. It's only recommended if you don't mind
> having unused space in your pendrive.
> 
> No info on how to put Super Grub2 Disk raw image into an usb
> yet. Sorry.  Put Super Grub2 Disk raw image into an usb and use it
> as an storage too
> 
> This is the method that it should always work. Unfortunately it
> initially wipes all the pendrive contents. After an additional steps
> the pendrive can be reused to store any data and Super Grub2 Disk
> is also there ready to be used.
> 
> No info on ow to put Super Grub2 Disk raw image into an usb and use
> it as an storage too yet. Sorry.
> 
> Put Super Grub2 Disk into a CDROM (or dvd)
> 
> No info on how to put Super Grub2 Disk into a CDROM (or dvd)
> yet. Sorry.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] [OT] Retro ...

[Alexander Kapshuk]

On Wed, Feb 17, 2016 at 9:29 PM,   wrote:
> Alexander Kapshuk  [16-02-17 20:24]:
>> On Wed, Feb 17, 2016 at 8:21 PM,   wrote:
>> > Hi,
>> >
>> > curious about how that had felt in ancient times, when hardware
>> > and software were limited, I tried 'ed' - the one and only
>> > editor ;)
>> >
>> > One feature I cant figure out (and the reason for that may be, that it
>> > is not there... :) is:
>> >
>> > One has to specify the line, which s/he wants to edit. This is
>> > possible via regexp (which matches more than one line and may be
>> > not, what you want) and via line numbers.
>> >
>> > In case one wants to use line numbers:
>> > One can list the whole text to the console...but the line numbers
>> > are missing.
>> > The "visual version of ed" called 'vi' is able to preceed any line
>> > with a line number.
>> >
>> > Is this possible with ed?
>> > How does one know the number of a specific line?
>> >
>> > Or do I miss something very fundamental here ???
>> >
>> > Thanks for any help in advance!
>> > Best regards,
>> > Meino
>> >
>> >
>> >
>>
>> You may find this manual, https://9p.io/7thEdMan/v7vol2a.pdf, for
>> research UNIX 7th edition of interest.
>> Amongst other things, it has a section called 'A Tutorial Introduction
>> to the UNIX Text Editor' written by Brian W. Kernighan of Bell Labs at
>> the time. You may then find a section called 'Advanced Editing on
>> UNIX' of further interest.
>>
>
> Hi Alexander,
>
> THANKS A LOT! 8)
> That seems to be the "definitive guide to ed" because Brian Kernigham
> is the author...
> Looks like you linked me the "Programing C" by Dennis Ritchie - but
> for the ed and by Brian Kerningham. ;)
> Best!
>
> Best regards,
> Meino
>
> PS: Do you know TUHS??? ;)
>

You're welcome. I find the Bell Labs manuals and papers of top
technical quality.
No, I haven't heard of The Unix Heritage Society before. Thanks for
pointing it out.

Re: [gentoo-user] Kernel parameters for VirtualBox

[J. Roeleveld]

On Wednesday, February 17, 2016 05:01:51 PM Peter Humphrey wrote:
> On Wednesday 17 February 2016 15:11:50 J. Roeleveld wrote:
> > On Wednesday, February 17, 2016 01:32:56 PM Peter Humphrey wrote:

[]

> > This is ONLY for guests, NOT the host.
> 
> As I thought. However, some BOINC projects download a .vdi file and present
> it to VirtualBox as a guest. I wasn't sure (while going round in circles)
> whether that required me to set some kernel options to suit.

Shouldn't be necessary on the host.

> > > I assume I'm missing something in my kernel config, but I can't see
> > > what.
> > > 
> > > linux # grep -i virt .config
> > > # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> > > CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> > > CONFIG_VIRT_TO_BUS=y
> > > # CONFIG_FB_VIRTUAL is not set
> > > # CONFIG_SND_VIRTUOSO is not set
> > > CONFIG_VIRT_DRIVERS=y
> > > # Virtio drivers
> > > # CONFIG_VIRTIO_PCI is not set
> > > # CONFIG_VIRTIO_MMIO is not set
> > > # CONFIG_DEBUG_VIRTUAL is not set
> > > CONFIG_VIRTUALIZATION=y
> > 
> > VirtualBox does NOT use these.
> > I only have the following set:
> > # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> > CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> > CONFIG_VIRT_TO_BUS=y
> 
> Okay. I've tried that and I still get the pop-up notice "VBoxClient: the
> VirtualBox kernel service is not running." This is with version 4.3.32. I'll
> try later versions and see what happens. Thanks for the info.

I actually run 4.3.28 myself at the moment.


> > > Most of those unset values are for when this kernel is running as a
> > > guest
> > > of another OS, so I assume I don't need them when running as the host
> > > OS.
> > > Others I can't set because they're hidden until I set the values to be a
> > > guest.
> > > 
> > > I can find lots of other people struggling with this and similar
> > > problems,
> > > but no fix.
> > > 
> > > Any ideas here?
> > 
> > Yes, for the host, make sure you load the virtualbox modules:
> > 
> > % lsmod | grep vbox
> > vboxpci12760  0
> > vboxnetflt 16280  0
> > vboxnetadp 17808  0
> > vboxdrv   347894  3 vboxnetadp,vboxnetflt,vboxpci
> > 
> > 
> > I achieve this with the following:
> > 
> > % cat /etc/conf.d/modules | grep vbox
> > modules="vboxdrv vboxnetadp vboxnetflt vboxpci"
> > 
> > These can be found in " app-emulation/virtualbox-modules "
> > 
> > It tells you to do this in the post-emerge:
> >  * If you are using sys-apps/openrc, please add "vboxdrv", "vboxnetflt"
> >  * and "vboxnetadp" to:
> >  *   /etc/conf.d/modules
> 
> Yes, of course I did that long ago. I also found that it's important to
> specify vboxnetadp before vboxnetflt, otherwise adp doesn't get loaded.

I use the order listed above and all modules actually get loaded.

One other thing, are you in the "vboxusers" group?
My user is and I have the following devices:

% ls -lsa /dev/vbox*
0 crw--- 1 root root  10, 56 Feb  7 13:16 /dev/vboxdrv
0 crw--- 1 root root  10, 55 Feb  7 13:16 /dev/vboxdrvu
0 crw--- 1 root root  10, 54 Feb  7 13:16 /dev/vboxnetctl

/dev/vboxusb:
total 0
0 drwxr-x---  3 root vboxusers   60 Feb  7 15:24 .
0 drwxr-xr-x 18 root root  6360 Feb 17 18:13 ..
0 drwxr-x---  2 root vboxusers  100 Feb 17 18:13 001

What do you get for the following:

% ls -lsa /dev/vbox*
% lsmod | grep vbox


--
Joost

Re: [gentoo-user] [OT] Retro ...

[Meino . Cramer]

Alexander Kapshuk  [16-02-17 20:24]:
> On Wed, Feb 17, 2016 at 8:21 PM,   wrote:
> > Hi,
> >
> > curious about how that had felt in ancient times, when hardware
> > and software were limited, I tried 'ed' - the one and only
> > editor ;)
> >
> > One feature I cant figure out (and the reason for that may be, that it
> > is not there... :) is:
> >
> > One has to specify the line, which s/he wants to edit. This is
> > possible via regexp (which matches more than one line and may be
> > not, what you want) and via line numbers.
> >
> > In case one wants to use line numbers:
> > One can list the whole text to the console...but the line numbers
> > are missing.
> > The "visual version of ed" called 'vi' is able to preceed any line
> > with a line number.
> >
> > Is this possible with ed?
> > How does one know the number of a specific line?
> >
> > Or do I miss something very fundamental here ???
> >
> > Thanks for any help in advance!
> > Best regards,
> > Meino
> >
> >
> >
> 
> You may find this manual, https://9p.io/7thEdMan/v7vol2a.pdf, for
> research UNIX 7th edition of interest.
> Amongst other things, it has a section called 'A Tutorial Introduction
> to the UNIX Text Editor' written by Brian W. Kernighan of Bell Labs at
> the time. You may then find a section called 'Advanced Editing on
> UNIX' of further interest.
> 

Hi Alexander,

THANKS A LOT! 8)
That seems to be the "definitive guide to ed" because Brian Kernigham
is the author...
Looks like you linked me the "Programing C" by Dennis Ritchie - but
for the ed and by Brian Kerningham. ;)
Best!

Best regards,
Meino

PS: Do you know TUHS??? ;)

Re: [gentoo-user] [OT] Retro ...

[Alexander Kapshuk]

On Wed, Feb 17, 2016 at 8:21 PM,   wrote:
> Hi,
>
> curious about how that had felt in ancient times, when hardware
> and software were limited, I tried 'ed' - the one and only
> editor ;)
>
> One feature I cant figure out (and the reason for that may be, that it
> is not there... :) is:
>
> One has to specify the line, which s/he wants to edit. This is
> possible via regexp (which matches more than one line and may be
> not, what you want) and via line numbers.
>
> In case one wants to use line numbers:
> One can list the whole text to the console...but the line numbers
> are missing.
> The "visual version of ed" called 'vi' is able to preceed any line
> with a line number.
>
> Is this possible with ed?
> How does one know the number of a specific line?
>
> Or do I miss something very fundamental here ???
>
> Thanks for any help in advance!
> Best regards,
> Meino
>
>
>

You may find this manual, https://9p.io/7thEdMan/v7vol2a.pdf, for
research UNIX 7th edition of interest.
Amongst other things, it has a section called 'A Tutorial Introduction
to the UNIX Text Editor' written by Brian W. Kernighan of Bell Labs at
the time. You may then find a section called 'Advanced Editing on
UNIX' of further interest.

Re: [gentoo-user] Can I install/admin a bootmanager from USB stick?

[Neil Bothwick]

On Wed, 17 Feb 2016 13:56:01 -0500, Rich Freeman wrote:

> >   I'm ordered a new system for use for experimentation.  Right now,
> > I'm looking at putting ReactOS and Minix3.3 on it.  Problem... I
> > don't think either one is capable of booting the other.  I suppose I
> > could do a basic install of linux, and use its bootloader.  But
> > that's overkill.  Is there a tool that'll install/admin a bootmanager
> > from a USB stick?  I'd settle for installing LILO from a Gentoo
> > minimal install USB or something similar.
> 
> Would this fit the bill?
> http://www.supergrubdisk.org/
 
Or this?
https://www.plop.at/en/bootmanagers.html


-- 
Neil Bothwick

I thought the 10 commandments were multiple choice.


pgpKlfDBDyec3.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Can I install/admin a bootmanager from USB stick?

[Rich Freeman]

On Wed, Feb 17, 2016 at 1:39 PM,   wrote:
>   I'm ordered a new system for use for experimentation.  Right now, I'm
> looking at putting ReactOS and Minix3.3 on it.  Problem... I don't think
> either one is capable of booting the other.  I suppose I could do a
> basic install of linux, and use its bootloader.  But that's overkill.  Is
> there a tool that'll install/admin a bootmanager from a USB stick?  I'd
> settle for installing LILO from a Gentoo minimal install USB or
> something similar.
>

Would this fit the bill?
http://www.supergrubdisk.org/

-- 
Rich

[gentoo-user] Can I install/admin a bootmanager from USB stick?

[waltdnes]

  I'm ordered a new system for use for experimentation.  Right now, I'm
looking at putting ReactOS and Minix3.3 on it.  Problem... I don't think
either one is capable of booting the other.  I suppose I could do a
basic install of linux, and use its bootloader.  But that's overkill.  Is
there a tool that'll install/admin a bootmanager from a USB stick?  I'd
settle for installing LILO from a Gentoo minimal install USB or
something similar.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] [OT] Retro ...

[Meino . Cramer]

gentoo-u...@c-14.de  [16-02-17 19:32]:
> On 16-02-17 at 19:21, meino.cra...@gmx.de wrote:
> > Hi,
> > 
> > curious about how that had felt in ancient times, when hardware
> > and software were limited, I tried 'ed' - the one and only
> > editor ;)
> >
> > One feature I cant figure out (and the reason for that may be, that it
> > is not there... :) is:
> > 
> > One has to specify the line, which s/he wants to edit. This is
> > possible via regexp (which matches more than one line and may be
> > not, what you want) and via line numbers.
> > 
> > In case one wants to use line numbers:
> > One can list the whole text to the console...but the line numbers
> > are missing.
> > The "visual version of ed" called 'vi' is able to preceed any line 
> > with a line number.
> > 
> > Is this possible with ed?
> > How does one know the number of a specific line?
> Use %n instead of %p
> 
> `info ed' is your friend
> 
> -- 
> Simon Thelen
> 

Hi Simon,

OH! Flat-hand-against-my-fronthead-effect...

YES! ...info... I forget that completly.

Thanks a lot for refreshing my brain ;)

Best regards,
Meino

Re: [gentoo-user] [OT] Retro ...

[gentoo-user]

On 16-02-17 at 19:21, meino.cra...@gmx.de wrote:
> Hi,
> 
> curious about how that had felt in ancient times, when hardware
> and software were limited, I tried 'ed' - the one and only
> editor ;)
>
> One feature I cant figure out (and the reason for that may be, that it
> is not there... :) is:
> 
> One has to specify the line, which s/he wants to edit. This is
> possible via regexp (which matches more than one line and may be
> not, what you want) and via line numbers.
> 
> In case one wants to use line numbers:
> One can list the whole text to the console...but the line numbers
> are missing.
> The "visual version of ed" called 'vi' is able to preceed any line 
> with a line number.
> 
> Is this possible with ed?
> How does one know the number of a specific line?
Use %n instead of %p

`info ed' is your friend

-- 
Simon Thelen

[gentoo-user] [OT] Retro ...

[Meino . Cramer]

Hi,

curious about how that had felt in ancient times, when hardware
and software were limited, I tried 'ed' - the one and only
editor ;)

One feature I cant figure out (and the reason for that may be, that it
is not there... :) is:

One has to specify the line, which s/he wants to edit. This is
possible via regexp (which matches more than one line and may be
not, what you want) and via line numbers.

In case one wants to use line numbers:
One can list the whole text to the console...but the line numbers
are missing.
The "visual version of ed" called 'vi' is able to preceed any line 
with a line number.

Is this possible with ed?
How does one know the number of a specific line?

Or do I miss something very fundamental here ???

Thanks for any help in advance!
Best regards,
Meino

Re: [gentoo-user] glibc security issue

[Meino . Cramer]

Max R.D. Parmer  [16-02-17 18:04]:
> Yes, looks like it is:
> https://security.gentoo.org/glsa/201602-02
> 
> -- 
> 0x7D964D3361142ACF
> 
> On Wed, Feb 17, 2016, at 08:48, meino.cra...@gmx.de wrote:
> > Hi,
> > 
> > I found this
> > http://www.heise.de/newsticker/meldung/glibc-Dramatische-Sicherheitsluecke-in-Linux-Netzwerkfunktionen-3107621.html
> > 
> > and the daily update contains an update to glibc.
> > Is this the patch, which fixes that problem?
> > 
> > Best regards,
> > Meino
> > 
> > 
> > 
>
Hi Max,

THANKS A LOT FOR THE LINK ! :)

Yes, it seeems to include the patch which is described on the page I
linked (www.heise.de/...)

Best regards,
Meino

[gentoo-user] Re: Tails security implemetation

[James]

Nils Gillmann  grrlz.net> writes:


> >> > So I just read about how Tails is now available on Debian [1].
> >> > [1] https://bits.debian.org/2016/02/tails-installer-in-debian.html
> >> > [2] https://tails.boum.org/blueprint/bootstrapping/installer/
> > Trimmed down per gmane posting rules.
> Could you provide a link, so I could look into the rules, as the
> gentoo.org pages dealing with the lists show no difference to
> what I am used to on other lists.

http://news.gmane.org/gmane.linux.gentoo.user

gmane.org is a front end to this and other lists that I use. I complains
loudly if you post is shorter than what you respond to as included text.
Just use it a bit and you'll see.


> >> There are gentoo based systems with security in mind, but I am not  
>  >> very positive about re-creating Tails on current state of Gentoo.

> I have to rephrase this. It is possible, but I personaly don't
> see a benefit in reinventing the 10th generation of wheels (a
> widespread issue). For research, well, why not.

No harm in using debian, to me. I just like to keep the things I do
in the gentoo family, as opposed to running all sorts of other linux
distros. For a person working alone, there are only so many hours 
in the day.


> > H. LikeWhoa, one of the gentoo devs, put together a gentoo install
> > system from usb, that includes persistence, quite some time ago. [B]
> >> Tails and/or Whonix have tried and shifted focus away from Gentoo
> >> for reasons which can be read on their github repo wiki and with
> >> good websearches.
> See next reply.
> > Tails is the tor-node on a usb, with persistence, or did I miss some of
> > the deeper capabilities? Having a debian and gentoo similar (anonymous)
> > device does seem a bit enticing to me. For sure it'd be a great 
> > additional protection for credit card usage over the net, in addition 
> > to the existing pathetic protections folks currently have.
> > I certainly appreciate your candor. However, I cannot find the listing of
> > issues with these aforementioned codes(packages) on gentoo. All I think I
> > really need it the software (packages) listings and some guidelines and
> > gotchas. Also you should look at Anthony's excellent works [C]. I'd
> > ceratainly appreciate a bit more detail (private email is ok too), or a
> > 'data dump' on exactly what problems exist.  My interest is to master a
> > similar device for stealth usage, that is gentoo centric. Most of the pieces
> > seem to be present, so it's mostly an integration and testing effort?

> Okay, I think I was wrong. I got mixed up with Whonix and Tails
> coming together, what whonix did run into is listed here:
> https://github.com/Whonix/Gentoo-Port/issues

Excellent!

> Back then I did not look very closely. It might be that some of
> the 1 - 1.5 year old issues are closed now.

LikeWhoa's work did not get disseminated widely for quit a while, so
you are not alone in missing persistence with usb and live installs.
I'm not sure he is the first, but, his work here at gentoo is always
appreciated and top-notch.
 

tinhat and Blueness's other works beccame very close to what I was looking
for. It did not have a ebtables/iptables/nftables frontend so I have
struggled to put that together on one tinhat system. I think the whonix
gateway mostly solves that issue, or at least provides a similarly
functioning codebase to start with, for what I'm looking for.


> I only did stop because I became sceptical on some parts of the
> Gentoo project and looked for better solutions to topic unrelated
> issues. Currently I am interested in doing the same thing with
> GuixSD or with Gentoo running Guix, although that's a rather long
> term project and not my primary focus of interest.

I'm challenged enough trying to build something like Tails+Whonix
on a usb-stick for now, gentoo centric. Sure after that I'd also be
interested in it's VM modifications, so it can be easily installed in a
variety of server (cluster) situations.

Thanks for all of your help and insight.

James

Re: [gentoo-user] Kernel parameters for VirtualBox

[Mick]

On Wednesday 17 Feb 2016 17:01:51 Peter Humphrey wrote:
> On Wednesday 17 February 2016 15:11:50 J. Roeleveld wrote:
> > On Wednesday, February 17, 2016 01:32:56 PM Peter Humphrey wrote:
> > > I'm going round in circles here. I've been running VirtualBox and
> > > BOINC for years with no problems to speak of.
> > > 
> > > Over the last year or more I've experienced mysterious failures in many
> > > programs, some of them real nuisances, and recently I decided to replace
> > > my RAM modules with a single matched set, which seems to have done the
> > > trick - so far! It's required complete recompilation of everything, and
> > > throwing away quite a lot of data that seemed to have been damaged at
> > > some time (hello KMail).
> > 
> > Corruption due to bad memory can't be blamed on the actual software.
> 
> No, of course not. It's just that KMail can't cope with whatever kind of
> damage was caused. Archiving and importing the 30,000 mails didn't cure it
> either.
> 
> > > Now however I can't get VirtualBox running properly. I've tried the
> > > latest
> > > stable version and two testing versions, but at every login via KDM I
> > > get
> > > a
> > > pop-up notice "VBoxClient: the VirtualBox kernel service is not
> > > running."
> > > That's without any clients active or trying to be. If I then start
> > > virtualbox- guest-additions I get this:
> > > 
> > > # /etc/init.d/virtualbox-guest-additions start
> > > 
> > >  * Loading kernel modules
> > > 
> > > modprobe: ERROR: could not insert 'vboxguest': No such device
> > > modprobe: ERROR: could not insert 'vboxsf': No such device
> > > 
> > >  * ERROR: virtualbox-guest-additions failed to start
> > 
> > This is ONLY for guests, NOT the host.
> 
> As I thought. However, some BOINC projects download a .vdi file and present
> it to VirtualBox as a guest. I wasn't sure (while going round in circles)
> whether that required me to set some kernel options to suit.
> 
> > > I assume I'm missing something in my kernel config, but I can't see
> > > what.
> > > 
> > > linux # grep -i virt .config
> > > # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> > > CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> > > CONFIG_VIRT_TO_BUS=y
> > > # CONFIG_FB_VIRTUAL is not set
> > > # CONFIG_SND_VIRTUOSO is not set
> > > CONFIG_VIRT_DRIVERS=y
> > > # Virtio drivers
> > > # CONFIG_VIRTIO_PCI is not set
> > > # CONFIG_VIRTIO_MMIO is not set
> > > # CONFIG_DEBUG_VIRTUAL is not set
> > > CONFIG_VIRTUALIZATION=y
> > 
> > VirtualBox does NOT use these.
> > I only have the following set:
> > # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> > CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> > CONFIG_VIRT_TO_BUS=y
> 
> Okay. I've tried that and I still get the pop-up notice "VBoxClient: the
> VirtualBox kernel service is not running." This is with version 4.3.32. I'll
> try later versions and see what happens. Thanks for the info.
> 
> > > Most of those unset values are for when this kernel is running as a
> > > guest
> > > of another OS, so I assume I don't need them when running as the host
> > > OS.
> > > Others I can't set because they're hidden until I set the values to be a
> > > guest.
> > > 
> > > I can find lots of other people struggling with this and similar
> > > problems,
> > > but no fix.
> > > 
> > > Any ideas here?
> > 
> > Yes, for the host, make sure you load the virtualbox modules:
> > 
> > % lsmod | grep vbox
> > vboxpci12760  0
> > vboxnetflt 16280  0
> > vboxnetadp 17808  0
> > vboxdrv   347894  3 vboxnetadp,vboxnetflt,vboxpci
> > 
> > 
> > I achieve this with the following:
> > 
> > % cat /etc/conf.d/modules | grep vbox
> > modules="vboxdrv vboxnetadp vboxnetflt vboxpci"
> > 
> > These can be found in " app-emulation/virtualbox-modules "
> > 
> > It tells you to do this in the post-emerge:
> >  * If you are using sys-apps/openrc, please add "vboxdrv", "vboxnetflt"
> >  * and "vboxnetadp" to:
> >  *   /etc/conf.d/modules
> 
> Yes, of course I did that long ago. I also found that it's important to
> specify vboxnetadp before vboxnetflt, otherwise adp doesn't get loaded.

Hmm ... it loads up here.  However, I've now set it up as you suggest.
-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Kernel parameters for VirtualBox

[Peter Humphrey]

On Wednesday 17 February 2016 15:11:50 J. Roeleveld wrote:
> On Wednesday, February 17, 2016 01:32:56 PM Peter Humphrey wrote:
> > I'm going round in circles here. I've been running VirtualBox and
> > BOINC for years with no problems to speak of.
> > 
> > Over the last year or more I've experienced mysterious failures in many
> > programs, some of them real nuisances, and recently I decided to replace
> > my RAM modules with a single matched set, which seems to have done the
> > trick - so far! It's required complete recompilation of everything, and
> > throwing away quite a lot of data that seemed to have been damaged at
> > some time (hello KMail).
> 
> Corruption due to bad memory can't be blamed on the actual software.

No, of course not. It's just that KMail can't cope with whatever kind of 
damage was caused. Archiving and importing the 30,000 mails didn't cure it 
either.

> > Now however I can't get VirtualBox running properly. I've tried the latest
> > stable version and two testing versions, but at every login via KDM I get
> > a
> > pop-up notice "VBoxClient: the VirtualBox kernel service is not running."
> > That's without any clients active or trying to be. If I then start
> > virtualbox- guest-additions I get this:
> > 
> > # /etc/init.d/virtualbox-guest-additions start
> > 
> >  * Loading kernel modules
> > 
> > modprobe: ERROR: could not insert 'vboxguest': No such device
> > modprobe: ERROR: could not insert 'vboxsf': No such device
> > 
> >  * ERROR: virtualbox-guest-additions failed to start
> 
> This is ONLY for guests, NOT the host.

As I thought. However, some BOINC projects download a .vdi file and present it 
to VirtualBox as a guest. I wasn't sure (while going round in circles) whether 
that required me to set some kernel options to suit.

> > I assume I'm missing something in my kernel config, but I can't see what.
> > 
> > linux # grep -i virt .config
> > # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> > CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> > CONFIG_VIRT_TO_BUS=y
> > # CONFIG_FB_VIRTUAL is not set
> > # CONFIG_SND_VIRTUOSO is not set
> > CONFIG_VIRT_DRIVERS=y
> > # Virtio drivers
> > # CONFIG_VIRTIO_PCI is not set
> > # CONFIG_VIRTIO_MMIO is not set
> > # CONFIG_DEBUG_VIRTUAL is not set
> > CONFIG_VIRTUALIZATION=y
> 
> VirtualBox does NOT use these.
> I only have the following set:
> # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> CONFIG_VIRT_TO_BUS=y

Okay. I've tried that and I still get the pop-up notice "VBoxClient: the 
VirtualBox kernel service is not running." This is with version 4.3.32. I'll 
try later versions and see what happens. Thanks for the info.

> > Most of those unset values are for when this kernel is running as a guest
> > of another OS, so I assume I don't need them when running as the host OS.
> > Others I can't set because they're hidden until I set the values to be a
> > guest.
> > 
> > I can find lots of other people struggling with this and similar problems,
> > but no fix.
> > 
> > Any ideas here?
> 
> Yes, for the host, make sure you load the virtualbox modules:
> 
> % lsmod | grep vbox
> vboxpci12760  0
> vboxnetflt 16280  0
> vboxnetadp 17808  0
> vboxdrv   347894  3 vboxnetadp,vboxnetflt,vboxpci
> 
> 
> I achieve this with the following:
> 
> % cat /etc/conf.d/modules | grep vbox
> modules="vboxdrv vboxnetadp vboxnetflt vboxpci"
> 
> These can be found in " app-emulation/virtualbox-modules "
> 
> It tells you to do this in the post-emerge:
> 
>  * If you are using sys-apps/openrc, please add "vboxdrv", "vboxnetflt"
>  * and "vboxnetadp" to:
>  *   /etc/conf.d/modules

Yes, of course I did that long ago. I also found that it's important to 
specify vboxnetadp before vboxnetflt, otherwise adp doesn't get loaded.

-- 
Rgds
Peter

Re: [gentoo-user] glibc security issue

[Max R.D. Parmer]

Yes, looks like it is:
https://security.gentoo.org/glsa/201602-02

-- 
0x7D964D3361142ACF

On Wed, Feb 17, 2016, at 08:48, meino.cra...@gmx.de wrote:
> Hi,
> 
> I found this
> http://www.heise.de/newsticker/meldung/glibc-Dramatische-Sicherheitsluecke-in-Linux-Netzwerkfunktionen-3107621.html
> 
> and the daily update contains an update to glibc.
> Is this the patch, which fixes that problem?
> 
> Best regards,
> Meino
> 
> 
> 

[gentoo-user] glibc security issue

[Meino . Cramer]

Hi,

I found this
http://www.heise.de/newsticker/meldung/glibc-Dramatische-Sicherheitsluecke-in-Linux-Netzwerkfunktionen-3107621.html

and the daily update contains an update to glibc.
Is this the patch, which fixes that problem?

Best regards,
Meino

Re: [gentoo-user] Re: Tails security implemetation

[Nils Gillmann]

James  writes:

> Nils Gillmann  grrlz.net> writes:
>
>
>> > So I just read about how Tails is now available on Debian [1].
>
>> > [1] https://bits.debian.org/2016/02/tails-installer-in-debian.html
>
>> > [2] https://tails.boum.org/blueprint/bootstrapping/installer/
>
> Trimmed down per gmane posting rules.
Could you provide a link, so I could look into the rules, as the
gentoo.org pages dealing with the lists show no difference to
what I am used to on other lists.

--snip--

>> There are gentoo based systems with security in mind, but I am not very 
>> positive about re-creating Tails on current state of Gentoo.

I have to rephrase this. It is possible, but I personaly don't
see a benefit in reinventing the 10th generation of wheels (a
widespread issue). For research, well, why not.

> H. LikeWhoa, one of the gentoo devs, put together a gentoo install
> system from usb, that includes persistence, quite some time ago. [B]
>
>
>> Tails and/or Whonix have tried and shifted focus away from Gentoo
>> for reasons which can be read on their github repo wiki and with
>> good websearches.
See next reply.
> Tails is the tor-node on a usb, with persistence, or did I miss some of
> the deeper capabilities? Having a debian and gentoo similar (anonymous)
> device does seem a bit enticing to me. For sure it'd be a great additional
> protection for credit card usage over the net, in addition to the existing
> pathetic protections folks currently have.
>
> I certainly appreciate your candor. However, I cannot find the listing of
> issues with these aforementioned codes(packages) on gentoo. All I think I
> really need it the software (packages) listings and some guidelines and
> gotchas. Also you should look at Anthony's excellent works [C]. I'd
> ceratainly appreciate a bit more detail (private email is ok too), or a
> 'data dump' on exactly what problems exist.  My interest is to master a
> similar device for stealth usage, that is gentoo centric. Most of the pieces
> seem to be present, so it's mostly an integration and testing effort?

Okay, I think I was wrong. I got mixed up with Whonix and Tails
coming together, what whonix did run into is listed here:
https://github.com/Whonix/Gentoo-Port/issues

Back then I did not look very closely. It might be that some of
the 1 - 1.5 year old issues are closed now.

I only did stop because I became sceptical on some parts of the
Gentoo project and looked for better solutions to topic unrelated
issues. Currently I am interested in doing the same thing with
GuixSD or with Gentoo running Guix, although that's a rather long
term project and not my primary focus of interest.

> James
>
>
> [A] https://www.whonix.org/wiki/HardenedGentooTG
>
> [B] https://forums.gentoo.org/viewtopic-t-995118.html
> https://wiki.gentoo.org/wiki/Install_Gentoo_on_a_bootable_USB_stick
>
> [C] http://opensource.dyc.edu/tinhat-howtocook
>
>
>

-- 
ng

Re: [gentoo-user] Kernel parameters for VirtualBox

[J. Roeleveld]

On Wednesday, February 17, 2016 01:32:56 PM Peter Humphrey wrote:
> Hello list,
> 
> I'm going round in circles here. I've been running VirtualBox and
> BOINC  for
> years with no problems to speak of.
> 
> Over the last year or more I've experienced mysterious failures in many
> programs, some of them real nuisances, and recently I decided to replace my
> RAM modules with a single matched set, which seems to have done the trick -
> so far! It's required complete recompilation of everything, and throwing
> away quite a lot of data that seemed to have been damaged at some time
> (hello KMail).

Corruption due to bad memory can't be blamed on the actual software.

> Now however I can't get VirtualBox running properly. I've tried the latest
> stable version and two testing versions, but at every login via KDM I get a
> pop-up notice "VBoxClient: the VirtualBox kernel service is not running."
> That's without any clients active or trying to be. If I then start
> virtualbox- guest-additions I get this:
> 
> # /etc/init.d/virtualbox-guest-additions start
>  * Loading kernel modules
> modprobe: ERROR: could not insert 'vboxguest': No such device
> modprobe: ERROR: could not insert 'vboxsf': No such device
>  * ERROR: virtualbox-guest-additions failed to start

This is ONLY for guests, NOT the host.

> I assume I'm missing something in my kernel config, but I can't see what.
> 
> linux # grep -i virt .config
> # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
> CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
> CONFIG_VIRT_TO_BUS=y
> # CONFIG_FB_VIRTUAL is not set
> # CONFIG_SND_VIRTUOSO is not set
> CONFIG_VIRT_DRIVERS=y
> # Virtio drivers
> # CONFIG_VIRTIO_PCI is not set
> # CONFIG_VIRTIO_MMIO is not set
> # CONFIG_DEBUG_VIRTUAL is not set
> CONFIG_VIRTUALIZATION=y

VirtualBox does NOT use these.
I only have the following set:
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_VIRT_TO_BUS=y


> Most of those unset values are for when this kernel is running as a guest of
> another OS, so I assume I don't need them when running as the host OS.
> Others I can't set because they're hidden until I set the values to be a
> guest.
> 
> I can find lots of other people struggling with this and similar problems,
> but no fix.
> 
> Any ideas here?

Yes, for the host, make sure you load the virtualbox modules:

% lsmod | grep vbox
vboxpci12760  0
vboxnetflt 16280  0
vboxnetadp 17808  0
vboxdrv   347894  3 vboxnetadp,vboxnetflt,vboxpci


I achieve this with the following:

% cat /etc/conf.d/modules | grep vbox
modules="vboxdrv vboxnetadp vboxnetflt vboxpci"

These can be found in " app-emulation/virtualbox-modules "

It tells you to do this in the post-emerge:

 * If you are using sys-apps/openrc, please add "vboxdrv", "vboxnetflt"
 * and "vboxnetadp" to:
 *   /etc/conf.d/modules

--
Joost

[gentoo-user] Re: Tails security implemetation

[James]

Nils Gillmann  grrlz.net> writes:


> > So I just read about how Tails is now available on Debian [1].

> > [1] https://bits.debian.org/2016/02/tails-installer-in-debian.html

> > [2] https://tails.boum.org/blueprint/bootstrapping/installer/

Trimmed down per gmane posting rules.


> I did dig into this when I had the idea to rebuild a Whonix +
> Tails on the basis of Gentoo before I realized the brokeness of
> virtualization (as in: insecure the better virtualization works),
> asked the whonix devs about a statement, got none, asked contacts
> and eventually got enough info over the last year to consider it
> something I wouldn't try. 

Hmmm. Well I usually use a minimal gentoo (profile -1) amd64 system to first
build things, only installing packages requisite for the intended target.
That avoids VM issues. I guess there is the Whonix gateway, and that looks
pretty straightforward here [A].


> There are gentoo based systems with security in mind, but I am not very 
> positive about re-creating Tails on current state of Gentoo.

H. LikeWhoa, one of the gentoo devs, put together a gentoo install
system from usb, that includes persistence, quite some time ago. [B]


> Tails and/or Whonix have tried and shifted focus away from Gentoo
> for reasons which can be read on their github repo wiki and with
> good websearches.

Tails is the tor-node on a usb, with persistence, or did I miss some of
the deeper capabilities? Having a debian and gentoo similar (anonymous)
device does seem a bit enticing to me. For sure it'd be a great additional
protection for credit card usage over the net, in addition to the existing
pathetic protections folks currently have.


I certainly appreciate your candor. However, I cannot find the listing of
issues with these aforementioned codes(packages) on gentoo. All I think I
really need it the software (packages) listings and some guidelines and
gotchas. Also you should look at Anthony's excellent works [C]. I'd
ceratainly appreciate a bit more detail (private email is ok too), or a
'data dump' on exactly what problems exist.  My interest is to master a
similar device for stealth usage, that is gentoo centric. Most of the pieces
seem to be present, so it's mostly an integration and testing effort?

James


[A] https://www.whonix.org/wiki/HardenedGentooTG

[B] https://forums.gentoo.org/viewtopic-t-995118.html
https://wiki.gentoo.org/wiki/Install_Gentoo_on_a_bootable_USB_stick

[C] http://opensource.dyc.edu/tinhat-howtocook

[gentoo-user] Kernel parameters for VirtualBox

[Peter Humphrey]

Hello list,

I'm going round in circles here. I've been running VirtualBox and BOINC  for 
years with no problems to speak of.

Over the last year or more I've experienced mysterious failures in many 
programs, some of them real nuisances, and recently I decided to replace my 
RAM modules with a single matched set, which seems to have done the trick - so 
far! It's required complete recompilation of everything, and throwing away 
quite a lot of data that seemed to have been damaged at some time (hello 
KMail).

Now however I can't get VirtualBox running properly. I've tried the latest 
stable version and two testing versions, but at every login via KDM I get a 
pop-up notice "VBoxClient: the VirtualBox kernel service is not running." 
That's without any clients active or trying to be. If I then start virtualbox-
guest-additions I get this:

# /etc/init.d/virtualbox-guest-additions start
 * Loading kernel modules
modprobe: ERROR: could not insert 'vboxguest': No such device
modprobe: ERROR: could not insert 'vboxsf': No such device
 * ERROR: virtualbox-guest-additions failed to start

I assume I'm missing something in my kernel config, but I can't see what.

linux # grep -i virt .config
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_VIRT_TO_BUS=y
# CONFIG_FB_VIRTUAL is not set
# CONFIG_SND_VIRTUOSO is not set
CONFIG_VIRT_DRIVERS=y
# Virtio drivers
# CONFIG_VIRTIO_PCI is not set
# CONFIG_VIRTIO_MMIO is not set
# CONFIG_DEBUG_VIRTUAL is not set
CONFIG_VIRTUALIZATION=y

Most of those unset values are for when this kernel is running as a guest of 
another OS, so I assume I don't need them when running as the host OS. Others 
I can't set because they're hidden until I set the values to be a guest.

I can find lots of other people struggling with this and similar problems, but 
no fix.

Any ideas here?

-- 
Rgds
Peter