Re: [gentoo-user] Re: {OT} Allow work from home?

[lee]

Kai Krakow  writes:

> Am Sat, 20 Feb 2016 10:48:57 +0100
> schrieb lee :
>
>> Kai Krakow  writes:
>> 
>> > Am Fri, 22 Jan 2016 00:52:30 +0100
>> > schrieb lee :
>> >
>> >> Is WSUS of any use without domains?  If it is, I should take a
>> >> look at it.
>> >
>> > You can use it with and without domains. What domains give you
>> > through GPO is just automatic deployment of the needed registry
>> > settings in the client.
>> >
>> > You can simply create a proper .reg file and deploy it to the
>> > clients however you like. They will connect to WSUS and receive
>> > updates you control.
>> >
>> > No magic here.
>> 
>> Sounds good :)  Does it also solve the problem of having to make
>> settings for all users, like when setting up a MUA or Libreoffice?
>> 
>> That means settings on the same machine for all users, like setting up
>> seamonkey so that when composing an email, it's in plain text rather
>> than html, a particular email account every user should have and a
>> number of other settings that need to be the same for all users.  For
>> Libreoffice, it would be the deployment of a macro for all users and
>> some making some settings.
>
> Well... Depends on the software. Some MUAs may store their settings to
> the registry, others to files. You'll have to figure out - it should
> work. Microsoft uses something like that to auto-deploy Outlook
> profiles to Windows domain users if an Exchange server is installed.
> Thunderbird uses a combination of registry and files. You could deploy
> a preconfigured Thunderbird profile to the users profile dir, then
> configure the proper profile path in the registry. Firefox works the
> same: Profile directory, reference to it in the registry.
>
> I think LibreOffice would work similar to MS Office: Just deploy proper
> files after figuring out its path. I once deployed OpenOffice macros
> that way to Linux X11 terminal users.

It's possible --- and tedious --- to copy a seamonkey profile to other
users.  Then you find you have a number of users who require a more or
less different setup, or you add more users later with a more or less
different profile, or you need to add something to the profile for all
users, and you're back to square one.

I'd find it very useful to be able to do settings for multiple users
with some sort of configuration software which allows me to make
settings for them from an administrative account: change a setting,
select the users it should apply to, apply it and be done with it.

The way it is now, I need to log in as every user that needs some change
of settings and do that for each of them over and over again.  This
already sucks with a handfull of users.  What do you do when you have
hundreds of users?

[gentoo-user] incremental ZFS backups

[lee]

Hi,

when you want to use zfs send/receive to make incremental backups, do
you need to keep all the snapshots you're making the backups from around
indefinitely?

I haven't found any documentation about how to deal with all the
snapshots which would be created over time.  Can they be destroyed once
the backup is finished?  A full backup took about 48 hours, so something
faster is needed, and I don't want to end up with hundreds or thousands
of snapshots by making new ones every day without being able to ever
destroy them.

The manpage is entirely confusing:


,
|-i snapshot|bookmark
| 
|Generate  an  incremental  send  stream.   The
|incremental

Incremental in which way?

|source must be an earlier snapshot  in  the  destination's
|history.  It  will  commonly be an earlier snapshot in the

I don't want to back up the destination, and I don't care about its
history.  It's not like I'd be modifying the backup in between the
increments.

|destination's filesystem, in which case it can  be  speci‐
|fied as the last component of the name (the # or @ charac‐
|ter and following).

Huh?

|If the incremental target  is  a  clone,  the  incremental
|source  can be the origin snapshot, or an earlier snapshot
|in the origin's filesystem, or the origin's origin, etc.
`

There is only one source, which is the current data I want to backup.
Should I make an incremental clone on the destination machine?


Basically, documentation says that such incremental backups are awesome
because you get a 1:1 copy and only need to transfer what has changed
after a previous backup as if you would use rsync, but that it's better
than that and you can do it in like no time.  It doesn't really say how
to actually do that and what to do with all the snapshots, though.

I also can only guess that enabling compression on the target FS won't
work unless compression is enabled at the source, though it would be
rather useful to have the backups compressed while the source is not.
You could do that with rsync, though, but I don't know how to access the
snapshot for that.

So how does this work?

Re: [gentoo-user] Re: {OT} Allow work from home?

[lee]

Kai Krakow  writes:

> Am Sat, 20 Feb 2016 11:24:56 +0100
> schrieb lee :
>
>> > It uses some very clever ideas to place files into groups and into
>> > proper order - other than using file mod and access times like other
>> > defrag tools do (which even make the problem worse by doing so
>> > because this destroys locality of data even more).  
>> 
>> I've never heard of MyDefrag, I might try it out.  Does it make
>> updating any faster?
>
> Ah well, difficult question... Short answer: It uses countermeasures
> against performance after updates decreasing too fast. It does this by
> using a "gapped" on-disk file layout - leaving some gaps for Windows to
> put temporary files. By this, files don't become a far spread as
> usually during updates. But yes, it improves installation time.

What difference would that make with an SSD?

> Apparently it's unmaintained since a few years but it still does a good
> job. It was built upon a theory by a student about how to properly
> reorganize file layout on a spinning disk to stay at high performance
> as best as possible.

For spinning disks, I can see how it can be beneficial.

>> > But even SSDs can use _proper_ defragmentation from time to time for
>> > increased lifetime and performance (this is due to how the FTL works
>> > and because erase blocks are huge, I won't get into detail unless
>> > someone asks). This is why mydefrag also supports flash
>> > optimization. It works by moving as few files as possible while
>> > coalescing free space into big chunks which in turn relaxes
>> > pressure on the FTL and allows to have more free and continuous
>> > erase blocks which reduces early flash chip wear. A filled SSD with
>> > long usage history can certainly gain back some performance from
>> > this.  
>> 
>> How does it improve performance?  It seems to me that, for practical
>> use, almost all of the better performance with SSDs is due to reduced
>> latency.  And IIUC, it doesn't matter for the latency where data is
>> stored on an SSD.  If its performance degrades over time when data is
>> written to it, the SSD sucks, and the manufacturer should have done a
>> better job.  Why else would I buy an SSD.  If it needs to reorganise
>> the data stored on it, the firmware should do that.
>
> There are different factors which have impact on performance, not just
> seek times (which, as you write, is the worst performance breaker):
>
>   * management overhead: the OS has to do more house keeping, which
> (a) introduces more IOPS (which is the only relevant limiting
> factor for SSD) and (b) introduces more CPU cycles and data
> structure locking within the OS routines during performing IO which
> comes down to more CPU cycles spend during IO

How would that be reduced by defragmenting an SSD?

>   * erasing a block is where SSDs really suck at performance wise, plus
> blocks are essentially read-only once written - that's how flash
> works, a flash data block needs to be erased prior to being
> rewritten - and that is (compared to the rest of its performance) a
> really REALLY HUGE time factor

So let the SSD do it when it's idle.  For applications in which it isn't
idle enough, an SSD won't be the best solution.

>   * erase blocks are huge compared to common filesystem block sizes
> (erase block = 1 or 2 MB vs. file system block being 4-64k usually)
> which happens to result in this effect:
>
> - OS replaces a file by writing a new, deleting the old
>   (common during updates), or the user deletes files
> - OS marks some blocks as free in its FS structures, it depends on
>   the file size and its fragmentation if this gives you a
>   continuous area of free blocks or many small blocks scattered
>   across the disk: it results in free space fragmentation
> - free space fragments happen to become small over time, much
>   smaller then the erase block size
> - if your system has TRIM/discard support it will tell the SSD
>   firmware: here, I no longer use those 4k blocks
> - as you already figured out: those small blocks marked as free do
>   not properly align with the erase block size - so actually, you
>   may end up with a lot of free space but essentially no complete
>   erase block is marked as free

Use smaller erase blocks.

> - this situation means: the SSD firmware cannot reclaim this free
>   space to do "free block erasure" in advance so if you write
>   another block of small data you may end up with the SSD going
>   into a direct "read/modify/erase/write" cycle instead of just
>   "read/modify/write" and deferring the erasing until later - ah
>   yes, that's probably becoming slow then
> - what do we learn: (a) defragment free space from time to time,
>   (b) enable TRIM/discard to reclaim blocks in advance, (c) you may
>   want to over-provision your SSD: just don't ever use 

Re: [gentoo-user] {OT} Allow work from home?

[lee]

Daniel Frey  writes:

> On 02/21/2016 04:36 PM, lee wrote:
>> Daniel Frey  writes:
>> 
>>> On 02/20/2016 02:27 AM, lee wrote:
 Daniel Frey  writes:
> I looked up x2go and rebuilt openssh on my home server as it suggested
> to try it out. 
>>>
>>> I should mention I undid the hpn USE-flag change (x2go suggested
>>> building without it) and it works fine, the newer versions have patches
>>> that don't require hpn to be disabled.
>>>
>>> Still using x2go, still works wonderfully.
>> 
>> IIRC, I wanted to try it, and it turned out to be incompatible with
>> current X servers --- perhaps they fixed that in the meantime ...
>> 
>
> What version are you using?

I'm not using it because I would have had to downgrade the X server to
be able to install it.  There was a bug report about something which
lead to mark the package as incompatible with current X servers.

> I'm using the most recent stable and it works for me:
>
> $ equery list xorg-server
>  * Searching for xorg-server ...
> [IP-] [  ] x11-base/xorg-server-1.17.4:0/1.17.4

Maybe the problem has been recently fixed entirely.

[gentoo-user] Need some help with switching KDE setup from i915 to radeon graphics

[Frank Steinmetzger]

Hello Fellows,

My PC had been running on Intel graphics for 1½ years. Finally, I got myself
an AMD R7 370 today and installed it (together with a second set of 16 Gigs
of RAM ^^).

I could use some help getting it working properly. Here is what I did:
yesterday I enabled VIDEO_CARDS=radeon in make.conf and rebuilt world with
--changed-use. I also reconfigured the kernel to build the Intel driver as
a module and to include the radeon module.

After installing the card, at first I only had a black screen and found out
(thanks to #gentoo) that I needed a firmware blob. Once that was installed,
I had a KMS-enabled VT on my AMD-connected monitor. Yay.

Now I'm stuck with a malfunctioning X (or more specifically, KDE, as it
seems). I can run AwesomeWM just fine. But when I try to start KDE, I see
the first of those fading-in progress icons and then the screen goes black.

I created a test account to have a clean setup of KDE. This starts KDE
partially, only up to a desktop with an empty panel. There is no mouse
cursor to move around and no reaction to shortcuts such as Alt+F2.

What else could I have missed in my migration from Intel to AMD? eselect
opengl only shows the xorg-x11 option. I had to comment out a modeline which
I set manually in xorg.conf.

See attached:
- /etc/X11/xorg.conf.d/gfx.conf
- /var/log/Xorg.0.log from running startx with .xinitrc containing startkde.
  You can see those three blocks of modelines at the end. At around or just
  before this point the screen goes dark.

Can anyone give me a nudge. Or maybe I should as in a KDE list.

-- 
Gruß | Greetings | Qapla’
Please do not share anything from, with or about me on any social network.

Faithfulness is a lack of opportunity.
Section "ServerLayout"
Identifier  "Layout"
Screen 0"Main" 0 0
EndSection

Section "Screen"
Identifier  "Main"
Device  "amd"
#Device "intel"
Monitor "Eizo EV2736W"
DefaultDepth24
SubSection "Display"
Viewport 0 0
Depth 24
Modes "2560x1440"
EndSubSection
EndSection

Section "Monitor"
Identifier  "Eizo EV2736W"
VendorName  "Eizo"
ModelName   "EV2736W"

# values taken from monitor's manual
HorizSync   31 - 89
VertRefresh 59 - 61
DisplaySize 597 336 # 16:9 27"
EndSection

Section "Device"
Identifier "amd"
Driver "radeon"
EndSection

Section "Device"
Identifier "intel"
Driver "intel"

Option "TearFree" "true"
Option "monitor-DP1" "Eizo EV2736W"
EndSection
[  3268.532] 
X.Org X Server 1.17.4
Release Date: 2015-10-28
[  3268.540] X Protocol Version 11, Revision 0
[  3268.543] Build Operating System: Linux 4.3.0-kern x86_64 Gentoo
[  3268.546] Current Operating System: Linux kern 4.4.1-kern #45 SMP Thu Mar 3 
21:20:33 CET 2016 x86_64
[  3268.546] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.4.1-kern 
root=/dev/sda3 ro quiet rootfstype=ext4
[  3268.551] Build Date: 02 December 2015  11:14:11PM
[  3268.553]  
[  3268.556] Current version of pixman: 0.32.8
[  3268.561]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[  3268.561] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[  3268.570] (==) Log file: "/var/log/Xorg.0.log", Time: Sat Mar  5 00:08:04 
2016
[  3268.573] (==) Using config directory: "/etc/X11/xorg.conf.d"
[  3268.575] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[  3268.575] (==) ServerLayout "Layout"
[  3268.575] (**) |-->Screen "Main" (0)
[  3268.575] (**) |   |-->Monitor "Eizo EV2736W"
[  3268.575] (**) |   |-->Device "amd"
[  3268.575] (==) Automatically adding devices
[  3268.575] (==) Automatically enabling devices
[  3268.575] (==) Automatically adding GPU devices
[  3268.575] (WW) `fonts.dir' not found (or not valid) in 
"/usr/share/fonts/100dpi".
[  3268.575]Entry deleted from font path.
[  3268.575](Run 'mkfontdir' on "/usr/share/fonts/100dpi").
[  3268.575] (WW) `fonts.dir' not found (or not valid) in 
"/usr/share/fonts/75dpi".
[  3268.575]Entry deleted from font path.
[  3268.575](Run 'mkfontdir' on "/usr/share/fonts/75dpi").
[  3268.575] (WW) The directory "/usr/share/fonts/TTF/" does not exist.
[  3268.575]Entry deleted from font path.
[  3268.575] (WW) The directory "/usr/share/fonts/OTF/" does not exist.
[  3268.575]Entry deleted from font path.
[  3268.575] (WW) The directory "/usr/share/fonts/Type1/" does not exist.
[  3268.575]Entry deleted from font path.
[  3268.575] (WW) `fonts.dir' not found (or not valid) in 
"/usr/share/fonts/100dpi/".
[  3268.575]Entry deleted from font path.
[  3268.575](Run 'mkfontdir' on 

[gentoo-user] Re: I don't understand version numbers in Gentoo security advisories

[Grant Edwards]

On 2016-03-04, Jonathan Callen  wrote:
> On 03/03/2016 04:00 PM, Grant Edwards wrote:
>
>> I'm sure I'm just being stupid, but I don't understand the lists of
>> affected and unaffected version numbers in Gentoo security 
>> advisories.
>> 
>> For example:
>> 
>> Package dev-libs/openssl on all architectures Affected 
>> versions< 1.0.2f
>> 
>> Unaffected versions >= 1.0.2f, revision >= 1.0.1r, revision >= 
>> 1.0.1s, revision >= 1.0.1t, revision >= 0.9.8z_p8, revision >= 
>> 0.9.8z_p9, revision >= 0.9.8z_p10, revision >= 0.9.8z_p11,
>> revision
>>> = 0.9.8z_p12, revision >= 0.9.8z_p13, revision >= 0.9.8z_p14,
>> revision >= 0.9.8z_p15
>> 
>> If it's true that versions >= 0.9.8z_p8 are unaffected, why is
>> there a need to list that versions >= 0.9.8z_p[9-15] are
>> unaffected?  Are <> relationships betwen version numbers within the
>> 0.9.8z_pNNN seriels not transitive?
>
> The "revision >=" operator in GLSAs indicates "any -r# revision of the
> version greater than or equal to the indicated revision", so this is
> saying that 0.9.8z_p15 isn't affected, nor is 0.9.8z_p15-r1, but 1.0.0
> *is* affected.

Doh! After all these years, I just now realized that some of those
expressions are about "version" and some are about "revision"!  I'd
always been reading them as the same thing.

I knew it I had to missing something basic...

Thanks for the clue!

-- 
Grant Edwards   grant.b.edwardsYow! I would like to
  at   urinate in an OVULAR,
  gmail.comporcelain pool --

Re: [gentoo-user] SSLv2 is back today (gone tomorrow?)

[Alan McKinnon]

On 04/03/2016 15:57, walt wrote:
> I notice that openssl-1.0.2g-r2 restores SSLv2 as a temporary fix
> for the breakage caused by r1 yesterday.
> 
> My machines are working just fine without SSLv2 so I'm going to skip
> the update to r2 and keep r1 while waiting for a permanent fix.  I'm
> not a security expert, so I'd like to hear opinions from people who are.
> 
> Should people who have already installed r1 and are not having any
> problems just stay with r1 for now?  Or not.
> 
> 


The relevant bug is here

https://bugs.gentoo.org/show_bug.cgi?id=576128

If you have sslv2 enabled, your choices are clear:

1. high likelihood of wholesale breakage, or
2. wait a little longer for a proper fix

Obviously -r1 is ideal as it disables sslv2. If you have it and it
works, leave it in place.

Everyone else is going to have to make up their own mind, and there's no
sane rational advice that can be given for all, considering what the
choices are above.

FreeBSD is also hit with the same issue for similar reasons, and Fedora
has it's own pain. Between them and Gentoo I have every confidence a
real fix will come out soon.

My choice is to sit tight for now. I can't afford to run the risk of
taking the company's vital FreeBSD servers of the air to fix a bug
unproven to be exploited in the wild. It's a tough choice.


-- 
Alan McKinnon
alan.mckin...@gmail.com

[gentoo-user] SSLv2 is back today (gone tomorrow?)

[walt]

I notice that openssl-1.0.2g-r2 restores SSLv2 as a temporary fix
for the breakage caused by r1 yesterday.

My machines are working just fine without SSLv2 so I'm going to skip
the update to r2 and keep r1 while waiting for a permanent fix.  I'm
not a security expert, so I'd like to hear opinions from people who are.

Should people who have already installed r1 and are not having any
problems just stay with r1 for now?  Or not.