[gentoo-user] emerge --info

Does the output reflect; 1. What will be used for the next build 2. What was used on the last successful build 3. What was used on the last build attempt If its 1 or 3, then USE=custom-cflags does not work on firefox...

Re: [gentoo-user] Re: emerge --info

On Wed, Dec 6, 2017 at 11:42 PM, Martin Vaeth <mar...@mvath.de> wrote: > Adam Carter <adamcart...@gmail.com> wrote: > > so why have it if you force it off? > > One thing is the ebuild and the other is the profile: > It might be different in a different profi

Re: [gentoo-user] emerge --info

On Thu, Dec 7, 2017 at 2:36 AM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > On 06/12/2017 04:31, Adam Carter wrote: > > Does the output reflect; > > 1. What will be used for the next build > > 2. What was used on the last successful build > > 3. What w

Re: [gentoo-user] CFLAGs change but no filter/strip/replace in ebuild

On Sat, Dec 9, 2017 at 8:10 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > On 09/12/2017 11:10, Adam Carter wrote: > > # grep -ic flags yasm-1.3.0.ebuild > > 0 > > > > However, emerge --info yasm shows me that only -march -O2 -pipe make it > >

Re: [gentoo-user] CFLAGs change but no filter/strip/replace in ebuild

> > I would strongly advise against that, just on principle. > > yasm is an assembler, and as such it's right at the bottom of the stack. > It's not unreasonable for such a package to use different FLAGS etc as > it's not a userland app. It's an app that builds things you use to build > a

[gentoo-user] CFLAGs change but no filter/strip/replace in ebuild

# grep -ic flags yasm-1.3.0.ebuild 0 However, emerge --info yasm shows me that only -march -O2 -pipe make it through. Where is the code that strips the others?

Re: [gentoo-user] Re: systemd fails to mount nfs4 mounts

> I'm still having this issue, anyone have any ideas? I can see that > NetworkManager-Wait-Online finishes, and that the mounting starts > immediately after, but I don't think the network is quite up yet, resulting > an all nfs mounts to timeout. > > The computer is using a static IP, so it

Re: [gentoo-user] Python 3.5

On Sun, Oct 29, 2017 at 12:17 PM, Philip Webb wrote: > Python 3.5 has become stable : what are the pro/cons of updating to it ? > I have in make.conf : > > USE_PYTHON="2.7 3.4" > PYTHON_TARGETS="python2_7 python3_4" > PYTHON_SINGLE_TARGET="python3_4" > > Is it

Re: [gentoo-user] Python 3.5

> On my amd64 arch machine I; > emerged python 3.5 > eselected python 3.5 > edited make.conf to set PYTHON_TARGETS to "python2_7 python3_5" > running emerge -pv --depclean =python-3.4.5 to see what needs to be rebuilt > Then tryed to rebuild those packages to allow removal of 3.4, however, it >

Re: [gentoo-user] [OT] Extracting printer settings from a gcode file?

> > Would be nice, if it could be possible to extract them from the gcode > example > files in a way, that made it possible to feed them back into the slicer > software manually (not expecting to get a config file ready to be read > directly > with that certain slicer software I want to use...) >

Re: [gentoo-user] which microcode gets loaded?

On Mon, May 14, 2018 at 1:39 PM, wrote: > Hi, > > from a previous thread I learned which micorcode file needs > to be loaded for the "fight against Spectre and Melddown"... > > Now two question came up for me: > 1.) WIth this particular micorcode loaded: Do I need to activate >

Re: [gentoo-user] which microcode gets loaded?

> > Now two question came up for me: >> 1.) WIth this particular micorcode loaded: Do I need to activate >> the Spectre/Meldtown fix in the kernel itsself? >> > > AFAIK there are no fixes that rely on microcode in the kernel yet. The > non-microcode dependent fixes need to be enabled. > > To

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

Gentoo does have the newer microcode blobs stashed on a server ( > somewhere ). > > That does pull in the blobs for : > > Fam10h ( microcode_amd.bin ) > > Fam15h ( microcode_amd_fam15h.bin ) > > Fam16h ( microcode_amd_fam16h.bin ) > > Fam17h ( microcode_amd_fam17h.bin ) These files haven't

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

> > > This has indeed been pretty frustrating. > > As far as I can tell there is no official AMD microcode update page, or any > kind of official release notes. I'm not sure where linux-firmware actually > gets the microcode files from (I'm sure they wouldn't load if they weren't > genuine

Re: [gentoo-user] [Maybe OT]: Instability of system

On Mon, May 21, 2018 at 8:35 AM, Dale wrote: > Alan Mackenzie wrote: > > Hello, Gentoo. > > > > I'm having problems with my machine hanging or rebooting spontaneously. > > It's doing this, perhaps, every three or four weeks. I think that when > > I'm in X, the system

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

How often does the linux-firmware package update? On a schedule or as > needed? > There's a version bump request bug in for these and new AMDGPU firmware. Hopefully it will get processed quickly. https://bugs.gentoo.org/656136

[gentoo-user] new spectre v4 info in /sys/devices/system/cpu/vulnerabilities/ in 4.16.11

AMD fam10/barcelona; /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization

Re: [gentoo-user] [Maybe OT]: Instability of system

> > > Could be. I bought CPU only a month or so after release. > > Initially thought it was an enlightenment desktop issue but have > > reproduced on KDE and xfce. It happens usually when doing something > > quite simple like clicking on a Window to minimise or just in a > > terminal. Nothing

Re: [gentoo-user] AMD microcode problem - Fam15h ( FYI )

> > > For me dmesg says; > > [1.538275] microcode: CPU0: patch_level=0x06000852 > > > > but i still have lwp in /proc/cpuinfo. Are you at 0x06000852 ? > . > This is my dmesg output : > . > [1.111448] microcode: microcode updated early to new > patch_level=0x06000852 > Ok then it looks

Re: [gentoo-user] AMD microcode problem - Fam15h ( FYI )

On Thu, May 24, 2018 at 12:31 PM, Corbin Bird wrote: > FYI : > > Did the microcode update, compiled and installed the 4.9.101 kernel with > it. > After rebooting, I started having kernel hard lock problems. > > Before compiling / installing kernel 4.9.102, I made an

Re: [gentoo-user] Where are the AMD microcode updates for spectre?

On Tue, May 22, 2018 at 2:47 PM, taii...@gmx.com wrote: > The fam15h microcode update adds IBPB > > * Indirect Branch Prediction Barrier (IBPB) > * PRED_CMD MSR is available: YES > * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit) > My fam15 with

Re: [gentoo-user] AMD microcode problem - Fam15h ( FYI )

> > I should have clarified ... the '-mno-lwp' was added as a result of the > comparison of the two /proc/cpuinfo files. I was very curious about WHAT > exactly the microcode update did. > > The CPU I am using is a FX-9590. > > Question : Is there a PSP in your CPU? > According to libreboot, only

Re: [gentoo-user] Change keyserver used by portage?

> > > Anyone one know how I can change the keyserver address used by > portage? I > > > keep getting "no route to host" for hkps.pool.sks-keyservers.net when > I > > > sync. > > What are you trying to do? Find the command being run and run it > > manually while specifying --keyserver. Also file a

[gentoo-user] Using kconfig-hardened-check.py - no sound

I have used the kernel config checking script from https://github.com/a13xp0p0v/kconfig-hardened-check/blob/master/kconfig-hardened-check.py on three systems. Two are fine, but one has lost audio. The driver is loaded, but aplay -L and /dev/snd are missing devices. Here's the changes in the new,

Re: [gentoo-user] Kernel 4.9.95

On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <pe...@prh.myzen.co.uk> wrote: > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote: > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything? > > # grep . /sys/devices/system/cpu/vulnerabilities/* >

Re: [gentoo-user] Kernel 4.9.95

On Thu, Apr 26, 2018 at 7:57 PM, John Covici wrote: > On Thu, 26 Apr 2018 05:52:30 -0400, > Helmut Jarausch wrote: > > > > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote: > > > As this version of gentoo-sources has now hit the stable > > > mirrors, would anyone > > > like

Re: [gentoo-user] Conflicts

On Sun, Apr 29, 2018 at 6:37 PM, Klaus Ethgen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > on all machines, I have installed now with gentoo, I get the following > conflict: >dev-libs/libsodium:0 > >

Re: [gentoo-user] Change keyserver used by portage?

> > Since you know the server IPs, and there's only a small number so you > could try connection to each of them and see which one(s) fail. > > Or tcpdump, or netstat etc. > FWIW i can route to all the v4 addresses; # for i in 18.9.60.141 18.191.65.131 37.191.226.104 92.43.111.21 193.164.133.100

Re: [gentoo-user] Change keyserver used by portage?

Yes. That is how the pool URL works. It does some sort of load-balancing via > DNS resolution. That's why it has so many addresses. I am well aware of the /etc/hosts hack, but it's an ugly work-around. I'd > rather be able to configure portage itself to use a different pool or a > specific >

Re: [gentoo-user] syncing via via git and signature failure

On Wed, Jul 4, 2018 at 1:16 PM, Bill Kenworthy wrote: > I am using git to sync portage and have added the enabling line to > repos.conf: > > "sync-git-verify-commit-signature = true" > > but only ever get (been enabled for a week now): > > * Using keys from

Re: [gentoo-user] Troubleshooting mounting local filesystems

On Sun, Dec 31, 2017 at 2:22 PM, Daniel Frey wrote: > Some background: > > A little while back I had a drive drop out of my hardware RAID. I don't > think this has anything to do with the problem I'm having, but I thought I > should mention it. The RAID health is fine and I

Re: [gentoo-user] segfault in gedit / glib

* Install gdb if it isn't already installed > > * Make sure a core file is presend in coredumpd, coredumpctl should > show; if not, have it crash again so it's fresh and saved in there > > * coredumpctl gdb gedit > > * bt full > > Post output of that "bt full" > > (gdb) bt full #0

Re: [gentoo-user] segfault in gedit / glib

> > The segfault message would exist in the dmesg/journalctl. Please open a > user shell in Gnome and type "gedit ",​ substituting a text file for > . Press enter. Does this segfault and if so is there anything else > printed? > ​ ​ > The journalctl message is; Dec 29 12:17:32 phat kernel:

Re: [gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

On Fri, Jan 5, 2018 at 8:39 AM, Nikos Chantziaras wrote: > On 04/01/18 18:18, Rich Freeman wrote: > >> For variant 1 the only known vulnerability is BPF which probably >> next to nobody uses >> > > I had to enable various BPF settings in the kernel because systemd > wouldn't

Re: [gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

> > > So, HAVE_EBPF_JIT=y just means that BPF JIT _can_ be done on x86. There > > is a separate BPF_JIT setting to actually enable it. > > Well, that doesn't seem to be present here. Just the HAVE_ symbol. Careful, there's BPF and EBPF. $ zgrep BPF /proc/config.gz CONFIG_CGROUP_BPF=y

Re: [gentoo-user] Re: Spectre and Meltdown summary

Here's a nice non-expert explanation of Meltdown https://medium.com/@pwnallthethings/time-travelling-exploits-with-meltdown-1189548f1e1d

Re: [gentoo-user] Radeon RV730 blobs changed

On Thu, Dec 21, 2017 at 7:20 AM, Mick wrote: > On Wednesday, 20 December 2017 19:55:40 GMT Mick wrote: > > On Wednesday, 20 December 2017 18:31:03 GMT Mike Gilbert wrote: > > > On Wed, Dec 20, 2017 at 12:39 PM, Mick > wrote: > > > > [

Re: [gentoo-user] after finally doing my emerge -e world successfully, my regular world update fails

On Sun, Dec 24, 2017 at 7:04 AM, Neil Bothwick <n...@digimed.co.uk> wrote: > On Sat, 23 Dec 2017 11:32:16 +1100, Adam Carter wrote: > > > But virtual/service-manager is using openrc. How do i point this to > > systemd? > > By having systemd installed. A virt

Re: [gentoo-user] after finally doing my emerge -e world successfully, my regular world update fails

> > Ok, thanks. The system profile warning below had me worried, but from what > you're said it appears that the warning is generated on an unsophisticated > check, and in this case is a false positive. > > # emerge -pv --depclean sys-apps/openrc net-misc/netifrc sys-apps/sysvinit > > FYI the

Re: [gentoo-user] 'firmware_install' won't on 4.14.7-gentoo

> > Comparing firmware between kernels 4.12.12 and 4.14.7 I see: > > $ ls -l /usr/src/linux-4.12.12-gentoo/firmware/radeon/RV730* > -rw-r--r-- 1 root root 5440 Dec 7 09:02 /usr/src/linux-4.12.12-gentoo/ > firmware/radeon/RV730_me.bin > -rw-r--r-- 1 root root 454 Dec 7 09:02

Re: [gentoo-user] How to harden a system

On Sun, Dec 24, 2017 at 1:09 AM, Peter Humphrey wrote: > Hello list, > > Now that grsecurity is off-limits, I'm left wondering how to go about > hardening a no-multilib box that will be exposed to the Big Bad World. > > To start with, it's not obvious which profile to use:

Re: [gentoo-user] How to harden a system

> > Lastly, this in /etc/sysctl.conf. SYN cookies is kernel option. The fin > timeout cut was to clear out tens of thousands of TIME_WAIT sessions. > net.ipv4.tcp_fin_timeout = 20 > net.ipv4.tcp_syncookies = 1 > Oh I just noticed that vtv is now default enabled for gcc, so you could try;

Re: [gentoo-user] microcode applied?

> > The easiest way to check whether the microcode update was applied > correctly would be to check the microcode version in /proc/cpuinfo > The contents of cpuinfo is the same as the messages in dmesg. What does that imply?

[gentoo-user] microcode applied?

Does the absence of a "microcode updated" message in dmesg imply that the microcode was not updated? I believe my fam10/barcelona AMD CPU will use amd-ucode/microcode_amd.bin but there's no update message. I've checked the config against another system that works and cant see any errors. Is

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

On Mon, Jan 8, 2018 at 7:46 AM, taii...@gmx.com wrote: > I have several sandy/ivybridge CPU's and I was wondering if anyone knows > as to if intel is releasing microcode updates for them. > Its been reported they said they will "provide firmware updates by the end of next week

Re: [gentoo-user] microcode applied?

On Mon, Jan 8, 2018 at 3:55 PM, Max Zettlmeißl wrote: > > The contents of cpuinfo is the same as the messages in dmesg. What does > that > > imply? > > Your BIOS or EFI might already install the same version or a later > version than what the microcode package provides.

Re: [gentoo-user] Is sys-firmware/intel-microcode-20180108 complete?

> It looks as though my CPU hasn't been fixed yet. Is that right? >> > > That's odd - i wonder why the checksum of the file changed; > > # grep 06-3f-02 intel-firmware-md5s-9jan2018.txt > intel-firmware-md5s-10jan2018.txt > intel-firmware-md5s-9jan2018.txt:194c362f2c45d8a45e2ab58d5f2c9749 >

Re: [gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

> > The settings relevant to Spectre are: > CONFIG_BPF_JIT - this being set to y is enough to make Intel > processors vulnerable to variant 1/2. This being set to y is > necessary, but not sufficient, for making AMD vulnerable to variant 1. > net.core.bpf_jit_enable - this being set to 1 along

Re: [gentoo-user] Is sys-firmware/intel-microcode-20180108 complete?

On Wed, Jan 10, 2018 at 10:01 PM, Peter Humphrey wrote: > I've just gone through the procedure to update the microcode on this > haswell > i7 box, but the version is the same now as before today's portage update. > On > looking again at the output of 'emerge

Re: [gentoo-user] microcode applied?

> > Hopefully there's an equivalent for AMD. > Here's what I came up with. This is very hacky and unreliable, but get the CPUID with; cpuid -r | grep "0x0001 0x00" | awk '{ print $3}' | uniq | cut -d x -f 3 then grab MCE (thanks Max for the suggestion) from

Re: [gentoo-user] microcode applied?

> > > The Device Drivers section is exactly where the microcode is included. > > CONFIG_EXTRA_FIRMWARE is the relevant symbol. > > Right. So which of the 95 files under /lib/firmware/intel-ucode do I > specify? That's in addition to the 14 files I have for my amdgpu. > > For intel; iucode_tool -L

Re: [gentoo-user] microcode applied?

On Mon, Jan 8, 2018 at 9:14 PM, Peter Humphrey wrote: > On Monday, 8 January 2018 04:55:58 GMT Max Zettlmeißl wrote: > > > You can either use an initrd or build the microcode into your kernel > > image. I prefer the latter. > > I'm confused now. How do you build the

Re: [gentoo-user] Re: Kernel 4.14.14 has meltdown / spectre info in /sys

On Fri, Jan 19, 2018 at 9:17 AM, Ian Zimmerman wrote: > > matica!13 linux$ dmesg | fgrep -i phenom > [0.603608] smpboot: CPU0: AMD Phenom(tm) II X4 955 Processor > (family: 0x10, model: 0x4, stepping: 0x3) > > Looking at the kernel source (for 4.9.77), the flag is

Re: [gentoo-user] Re: Kernel 4.14.14 has meltdown / spectre info in /sys

> So has 4.9.77, but it's dumb: > > > > matica!3 ~$ cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Vulnerable > > matica!4 ~$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 > > Vulnerable > > matica!5 ~$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > > Vulnerable:

Re: [gentoo-user] Re: Kernel 4.14.14 has meltdown / spectre info in /sys

> > On my fam10/barcelona; > cat /sys/devices/system/cpu/vulnerabilities/meltdown > Not affected > > Ian. which CPU do you have?

Re: [gentoo-user] OT awk question

On Wed, Jan 17, 2018 at 6:16 PM, Alexander Kapshuk < alexander.kaps...@gmail.com> wrote: > On Wed, Jan 17, 2018 at 3:49 AM, Adam Carter <adamcart...@gmail.com> > wrote: > > I'm using this to grab a section of text across multiple lines, how do i > get > >

Re: [gentoo-user] udisks doesn't find libblockdev

On Sun, Jan 21, 2018 at 2:40 PM, wrote: > I read the oracle as follows: > > udisks wants libblockdev version egual or greater 2.14 with "crypt" > USE flag set. > > libblockdev itsself is installed with version 2.15, which is "equal or > greater 2.14" and with cryptsetup

[gentoo-user] OT awk question

I'm using this to grab a section of text across multiple lines, how do i get it to exit after the first match? awk '/foo/,/bar/'

[gentoo-user] Kernel 4.14.14 has meltdown / spectre info in /sys

Nice; $ ls /sys/devices/system/cpu/vulnerabilities/ meltdown spectre_v1 spectre_v2 $ cat /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: PTI $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Vulnerable $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Vulnerable:

Re: [gentoo-user] OT: cleanup after USB backup drive unplugged?

> > I replaced it with a USB3 drive, so I needed to update the udev rules > that automatically mount it and then "umount" it when it's removed. > Pretty sure you'd risk filesystem corruption by not umounting before you remove the device. Did it used for force an fsck on each mount because the

Re: [gentoo-user] Re: Kernel 4.14.14 has meltdown / spectre info in /sys

> > > $ cat /sys/devices/system/cpu/vulnerabilities/meltdown > > Not affected > > Aha. > > matica!1 ~$ cat /sys/devices/system/cpu/vulnerabilities/meltdown > Not affected > matica!2 ~$ uname -r > 4.9.78 > > I guess these patches will be trickling down for a long time yet. > Good to see. Seems

[gentoo-user] FYI new sys-firmware/intel-microcode

On ~amd64 sys-firmware/intel-microcode-20180108 just came through. The checksum on every file in /lib/firmware/intel-ucode/ has changed with this update. My skylake system went from; microcode: sig=0x406e3, pf=0x80, revision=0xba to microcode: sig=0x406e3, pf=0x80, revision=0xc2

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

> They're new in general - they first appeared last week and they're > being treated as if they're related to Spectre. I've yet to see any > kind of official release of them, but that seems to be par for the > course for AMD the more I hunt around for documentation. It seems > like Suse first

Re: [gentoo-user] Microcode updates for "old" Intel CPU's

> > If somebody actually sees anything official from AMD clearly giving a > checklist for Spectre remediation I'm all ears. To its credit, Intel > at least published one of those (even if it amounts to "pound sand" > for older CPUs). > AMD have revised their guidance on Variant 2 from "near zero

[gentoo-user] gcc 7.3 + kernel 4.15 = spectre_v2 fixed

Comparing the contents of /sys/devices/system/cpu/vulnerabilities/spectre_v2 With gcc 7.2 + kernel 4.14.15; Intel system shows; Vulnerable: Minimal generic ASM retpoline AMD system shows: Vulnerable: Minimal AMD ASM retpoline With gcc 7.3 + kernel 4.15.0; Intel system shows; Mitigation: Full

Re: [gentoo-user] rust 1.23.0 fails to install

> > > Maybe a resync for dev-lang/rust-1.23.0-r1::gentoo helps. But > > before you emerge, be aware of bug #646092 [1] (where I also ran > > into). For me [2] solves the described issue. > > > > > > References: > > - [1] > > - [2]

[gentoo-user] some spectre v1 code in 4.15.2

$ grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline

Re: [gentoo-user] segfault in gedit / glib

On Fri, Dec 29, 2017 at 4:59 PM, P Levine <plevine...@gmail.com> wrote: > On Thu, Dec 28, 2017 at 9:01 PM, Adam Carter <adamcart...@gmail.com> > wrote: > >> System is ~amd64. If i try to open a text file in gnome via double click, >> i get; >> $ journalctl

[gentoo-user] segfault in gedit / glib

System is ~amd64. If i try to open a text file in gnome via double click, i get; $ journalctl -b | grep segf Dec 29 12:17:32 phat kernel: gedit[1177]: segfault at 7f7c0d36e880 ip 7f7c2550ba74 sp 7fff66834850 error 4 in libglib-2.0.so.0.5200.3[7f7c254c+114000] The following work; Open

Re: [gentoo-user] [OT?]: In search of a program to do different b/w dithering methods

> > I am looking for a command line tool... > I want to do 'mass dithering' and want neither a gui nor a > heavy program like The Gimp. > > I checked pbmplus and found no useful part for that porpuse... > Does this do what you want? Its installed by default with imagemagick

Re: [gentoo-user] after finally doing my emerge -e world successfully, my regular world update fails

> > sys-apps/openrc is probably in your world file. Either remove it, or > disable the "sysv-utils" USE flag on sys-apps/systemd. > > I'd like to trying going the other way. so i'll first; quickpkg sys-apps/openrc net-misc/netifrc sys-apps/sysvinit But virtual/service-manager is using openrc. How

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 2:15 PM, P Levine wrote: > I'm not sure if it's been mentioned here before but there apparently is a > bug affecting all Intel CPUs manufactured in the last 10 years or so, in > which protected kernel memory is leaked to userspace. It can't be

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

> > Project Zero (Google) found it; > https://googleprojectzero.blogspot.com.au/2018/01/ > reading-privileged-memory-with-side.html > > Phoronix has done some benchmarks on the impact of the kernel based > workaround ([Kernel] Page Table Isolation (PSI) nee Kaiser) >

[gentoo-user] vmware + ext4 issue

When i run a vmware workstation windows 10 guest on an ext4 nvme drive, I get a kernel crash. The same guest seems stable on an ext4 filesystem on a spinning disk. Should i report this to kernel devs, and if so, how? Dec 31 17:20:39 sysname kernel: [ cut here ] Dec 31

Re: [gentoo-user] Troubleshooting mounting local filesystems

> > > Can you cut and paste the terminal session of the post boot fixes? > > What are you asking for here? > Just fishing for more info because I cant think of any circumstance that would cause the issue you're seeing. If it were me i'd force an fsck on next reboot, then reboot. I just had a

Re: [gentoo-user] Re: old kernels are installed during the upgrade

> > And on that note I see that upstream just released 4.14.11 containing > what is widely speculated as a fix for an Intel CPU security > vulnerability. I noticed that it doesn't disable the > performance-impacting setting on AMD CPUs. Though, right now only AMD > could say whether this is

[gentoo-user] Spectre and Meltdown summary

No guarantees on accuracy... Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel 4.14.11, Security Options -> Remove the kernel mapping in user mode (CONFIG_PAGE_TABLE_ISOLATION), on by default for all

[gentoo-user] Re: Spectre and Meltdown summary

Browser stuff I'm guessing this relates to Variant1; @hackerfantastic "Blackhats will be weaponizing spectre to steal session cookies from additional websites opened in the browser, especially financial sites. Enable site isolation in Chrome now.

Re: [gentoo-user] Firefox crashes on some www-pages on a newer Gentoo system

> > > It even more strengthens my impression than I should first > > play with reconfiguring the kernel. > > I have loaded the new Gentoo system using the kernel from the old one > with no change in Firefox behaviour on https://www.privat24.ua/#login > page: it crashed as was described before. > >

Re: [gentoo-user] Firefox crashes on some www-pages on a newer Gentoo system

> > > I would do something like 'emerge -1 xorg-server xorg-drivers > > @x11-module-rebuild mesa llvm clang' then restart X and try again. > > Thank you for your reply. > > Initially, I understood the above recomendation as the suggestion to > rebuild the packages mentioned above with different

Re: [gentoo-user] Thunderbird 60

> > Anyone early tested Thunderbird-60? > Yes, the mozilla overlay has it. Works.

Re: [gentoo-user] x86.c:(.text+0xb2): undefined reference to `l1tf_vmx_mitigation' with linux kernel 4.18.1

On Fri, Aug 17, 2018 at 1:15 PM, wrote: > Hi, > > CPU bugs seem to be more and more common: > https://www.heise.de/security/meldung/Linux-Kernel-und- > Distributionen-schuetzen-vor-Prozessorluecke-Foreshadow-L1TF-4137264.html > https://www.heise.de/security/meldung/Spectre-NG-Foreshadow- >

Re: [gentoo-user] Thunderbird 60

> > Is this the access you refer to? > > > https://gitweb.gentoo.org/proj/mozilla.git > > Yep, that's it. If you want to try it you'll want to emerge layman https://wiki.gentoo.org/wiki/Ebuild_repository#Layman More bleeding edge than ~arch, so keep that in mind.

Re: [gentoo-user] python-3.6.5 rebuild fails on new install

> > I just tried with MAKEOPTS="-j1" and got the same failure output at > the same place. I normally run with the number equal to the number of > cores. On this notebook MAKEOPTS="-j2". Are there any other > memory-conserving tweaks available? > I guess you've stopped all the non-essential

[gentoo-user] /boot filesystem, SSDs, TRIM

For a long time people recommended ext2 for /boot. The Gentoo wiki still does. Is there any compelling reason to use ext2 for /boot (on a system whose other filesystems are ext4) these days? AFAIK for systems that have /boot on an SSD, ext4 makes more sense due to discard support, and for non-SSD

Re: [gentoo-user] Re: Update circle

> > The machine is actually a server, which just sat in a corner doing its > job perfectly. That's one of the reasons it wasn't updated: if it ain't > broken, don't fix it. > Any system that is not getting software updates is broken to some degree, just in a subtle way. Trimming your

Re: [gentoo-user] /boot filesystem, SSDs, TRIM

> > How often are you writing to /boot anyways? Journalling is of little > benefit in that case, and imposes more wear+tear on SSD drives. Or is > it possible to turn off journaling for one partition under ext4? > I review the Changlog on every point release and update the kernel if there's

Re: [gentoo-user] /boot filesystem, SSDs, TRIM

> > The other question is why use GRUB on a modern system? UEFI boot managers > are far simpler to work with than GRUBs monster configuration file and in > that case it makes sense to combine /boot with the ESP and use VFAT for > it. > I couldn't grok the Gentoo UEFI setup instructions before

Re: [gentoo-user] Firefox & ALSA

> > Does anyone know of a reason why this would happen? > Is firefox built with pulseaudio? If so, check the pavucontrol settings too (media-sound/pavucontrol) Perhaps VLC is talking directly to ALSA, but firefox is talking to pulseaudio to get to ALSA, and there's an issue with pulse

Re: [gentoo-user] kernel 4.9.77 error segfault in compile.

On Tue, Jan 23, 2018 at 2:51 AM, Corbin Bird wrote: > Anyone else getting this error? ( kernel 4.9.77 ) > > > CC fs/ext4/mballoc.o > > CC fs/ext4/block_validity.o > > CC fs/ext4/move_extent.o > > CC fs/ext4/mmp.o > > CC

Re: [gentoo-user] A new AMD CPU weakness?

On Wed, Mar 14, 2018 at 3:16 PM, Adam Carter <adamcart...@gmail.com> wrote: > On Wed, Mar 14, 2018 at 12:32 PM, Philip Webb <purs...@ca.inter.net> > wrote: > >> 180313 Ian Zimmerman wrote: >> > https://v.gd/PZkiuR >> > Does anyone know more details? &g

Re: [gentoo-user] A new AMD CPU weakness?

On Wed, Mar 14, 2018 at 12:32 PM, Philip Webb wrote: > 180313 Ian Zimmerman wrote: > > https://v.gd/PZkiuR > > Does anyone know more details? > > See LWN. It is being described as a scam by people shorting AMD stock. Dan Guido / Trail of Bits was paid to review the

Re: [gentoo-user] Re: repair FAT-fs

> > > [10930894.488038] sd 8:0:0:0: [sdb] tag#0 FAILED Result: > hostbyte=DID_ERROR driverbyte=DRIVER_SENSE > > [10930894.488041] sd 8:0:0:0: [sdb] tag#0 Sense Key : Hardware Error > [current] > > [10930894.488043] sd 8:0:0:0: [sdb] tag#0 Add. Sense: No additional > sense information > >

[gentoo-user] List of Intel CPUs that wont get Meltdown/Spectre fixes

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf From https://www.theregister.co.uk/2018/04/04/intel_spectre_microcode_updates/ "The new guidance , issued

Re: [gentoo-user] Re: x11-drivers/nvidia-drivers-391+ does not support latest GPU?

> I think of security incidents like meltdown/spectre for example... > LTS kernels are maintained, so they get all the required patches.

Re: [gentoo-user] Dell Precision Workstation Overheating

On Fri, Apr 20, 2018 at 11:22 AM, R0b0t1 wrote: > I was compiling Gentoo, as is custom, but found my old new server to > be thermal cycling wildly. The fans will turn on full blast and > machine check errors will be generated if I use approximately more > than one third to half

Re: [gentoo-user] Gentoo Hardened vs Kali Linux

> > I want to learn from scratch securing Linux and ethical hacking. Should I >> do as the most people so install Kali Linux on virtual machine or install >> Gentoo Hardened with Pentoo overlay on my PC? I heard a lot of negative >> opinions about Kali Linux. >> > If you haven't installed and

Re: [gentoo-user] Gentoo Hardened vs Kali Linux

Do people actually dual boot with pentesting distros? I was always > under the impression you were supposed to load it from removable > storage Blackhats would load from removable storage, but I imagine whitehats would prefer a stable setup with easy retention of info.

Re: [gentoo-user] Firefox and addons no longer supported question

On Sat, Mar 31, 2018 at 9:28 AM, Dale wrote: > Howdy, > > I been holding off on upgrading Firefox. Basically, it breaks addons > that I just can't go without. Tab groups and some other tab utilities > are among them. I recently updated temporarily to see just what was >

Re: [gentoo-user] Re: A new AMD CPU weakness?

https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research tl:dr bios updates to come

<    3   4   5   6   7   8   9   10   11   >