Re: [gentoo-user] Re: OT: Is EVMS dead?
Alexander Skwar wrote: Eric S. Johansson [EMAIL PROTECTED] wrote: What VGA scan? sorry, speech recognition error. WFM. You must be doing something strange. no, I'm what speech recognition researchers call a goat. I take your bright shiny toys, and just by holding them in my hands, you can watch them crumble into shit. it's a talent and a curse. -- Speech-recognition in use. It makes mistakes, I correct some. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Re: OT: Is EVMS dead?
Alexander Skwar wrote: Eric S. Johansson [EMAIL PROTECTED] wrote: Dirk Heinrichs wrote: heap. It's a classic example of second system syndrome as defined by the mythical Man month. Errh, what? rtfb it was published in 1972, is still in print and the first five chapters are as relevant today as they were when it was first published. It explains why software projects fail. I think it's pretty sad when failings in an industry recognized 35 years ago are still happening today. Brooks says write one system to throw away because you are going to anyway. The first time you implement, you don't understand the problem and you frequently leave out functionality or implement things in a clumsy or incorrect way. This next implementation you, in theory, understand the problem and can do a better job which leads us to... second system syndrome. when you implement a system for the second time you think you have the problem fully understood, add lots of features and capabilities and end up with a disaster on your hands because you over estimated your capabilities. which is really Fred Brooks's way of saying write two system to throw away because you're going to anyway. a great example of this is Microsoft. They rarely get anything right until the third version (implementation). Other examples are easily found if you just look. It's overly complicated, poorly documented, and has a terrible user interface that only a geek would even consider using. What's wrong with the excelent user guide on the project's site? Which of the three UIs exactly do you think is horrible? could never get the containers nesting right. What container nesting? Oh, you're talking about EVMS? I too never got the hang of it. I'm perfectly fine with using plain LVM. If the instructions on how to use an LVM can't be explained on a postcard, you don't understand how to communicate pvcreate /dev/hda vgcreate data /dev/hda lvcreate -L42g data mkfs /dev/data/lvol0 What's so hard about that? Does that fit on a postcard? it needs a little more detail so a user can extrapolate to what they need but, yeah that's basically what I'm looking for. I guess it's time to start the postcard series of documentation. :-) What is hard however is developing the postcard level documentation for disaster recovery. Again, that's something I'll work on when I have the time. -v: pvcreate /dev/hda: Intialize the device as a physical volume (pv), so that it can be used by LVM. One time job. would need reference physical volume, physical device associations (i.e. single disc or hardware raid). is there any way to display/enumerate them independent of non-LVM devices? (note: don't need an answer on this, it's just illustrating the kind of follow-on questions that come up.) vgcreate data /dev/hda: Create a container called data which will hold the different sub-containers. The data container is made up of the /dev/hda physical volume. what is a sub container? why is it needed? when do you need it? do/can you create a container spanning multiple devices? When, how, why? lvcreate -L42g data: Create a logical volume (lv) on the data volume group (vg). It's sized 42g (42GiB). again, is a logical volume a single physical volume? If the volume group called data (how did it get from container to volume group) is the same as the physical volume, why not just use the physical volume? mkfs /dev/data/lvol0: Create a file system on the newly created lv. in other words, the logical volume is treated by the system in exactly the same way as a physical volume. It's a logical disk. these are just some of the naïve user questions that come to mind. They aren't answers concisely in most of the documentation I have seen. Part of the reason I say explain it on a postcard is because the format forces you to focus your thoughts and explain the system concisely. the same technique as used in communicating with the busy suit although it's usually explaining your idea in 13 words or less. with your users or the implementation is really off. Nope. Some things simply *ARE* complicated. Richard Feynman, a great physicist, once stated that if you can not explain a (physics) problem at a freshman level then you don't understand the problem. Edward Tufte has a series of books on information design simplifying complicated things so that you can communicate clearly. Either of these men are smarter than you and I put together. I highly recommend reading Tufte's books or watch Feynman's testimony at the Challenger committee hearing where he shows with a glass of ice water the most likely explanation for the disaster. Clear, simple and easily understood by most people. If these men successfully live/lived by the guideline that complex explanations means you don't understand, I'm willing to accept it as true to make that one of my guiding principles. -- Speech-recognition in use. It makes mistakes, I correct some. -- [EMAIL
Re: [gentoo-user] OT: Is EVMS dead?
Dirk Heinrichs wrote: heap. It's a classic example of second system syndrome as defined by the mythical Man month. Errh, what? rtfb it was published in 1972, is still in print and the first five chapters are as relevant today as they were when it was first published. It explains why software projects fail. I think it's pretty sad when failings in an industry recognized 35 years ago are still happening today. Brooks says write one system to throw away because you are going to anyway. The first time you implement, you don't understand the problem and you frequently leave out functionality or implement things in a clumsy or incorrect way. This next implementation you, in theory, understand the problem and can do a better job which leads us to... second system syndrome. when you implement a system for the second time you think you have the problem fully understood, add lots of features and capabilities and end up with a disaster on your hands because you over estimated your capabilities. which is really Fred Brooks's way of saying write two system to throw away because you're going to anyway. a great example of this is Microsoft. They rarely get anything right until the third version (implementation). Other examples are easily found if you just look. It's overly complicated, poorly documented, and has a terrible user interface that only a geek would even consider using. What's wrong with the excelent user guide on the project's site? Which of the three UIs exactly do you think is horrible? could never get the containers nesting right. If the instructions on how to use an LVM can't be explained on a postcard, you don't understand how to communicate with your users or the implementation is really off. I spent lots of time on the mailing list talking to developers about various problems and a consistent problem was communicating the terminology to users. Simple things like how do you set up your physical disk was not documented well enough to be useful. the GUI tools did not lead you to a correct solution. It was just a bunch of menu items that you could choose a random. Hell, tinyca does a better job at guiding you in creating a small certificates hierarchy which is a task of similar complexity. -- Speech-recognition in use. It makes mistakes, I correct some. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: Is EVMS dead?
Albert Hopkins wrote: On Mon, 2007-11-05 at 17:29 +, James wrote: Hello, I do not read as much as I should, but, I stumbled across this page [1] that suggests that EVMS is dead. I see it is in portage, but is it slated for the trash, as time moves forward? Sure it's Ubuntu site, but they claim EVMS is unmaintained, if you read further down the page. From evms.sf.net: The current stable version of EVMS is 2.5.5. It was released on February 26, 2006. That's 3 months shy of 2 years. Also read the following thread from their -dev ML: http://marc.info/?l=evms-develm=119078823017821w=2 given that I frequently play the role of the heretic (complete with burn scars all over my body and various bits of damage from the weapons of true believers) I think it's a good thing that EVMS is slated for the trash heap. It's a classic example of second system syndrome as defined by the mythical Man month. It's overly complicated, poorly documented, and has a terrible user interface that only a geek would even consider using. Having said that, I also think LVMS suffers from many if not all of the same problems that plagued EVMS. it is been around for years and still the documentation on how to perform common operations is lacking. It's a chicken and egg problem. You need to understand LVMS in order to understand the documentation and then you can't explain it to anyone else. Every time I've used LVMS, it takes me the same number of hours to relearn the same old pieces of obscure command syntax and become comfortable that I'm not going to trash my disk. As a result, I don't use LVMS either. I don't see a compelling case for using LVMS and it kin unless you're running a multiple disk array with different segments mounted as raid arrays. Then you can justify the expense of your labor in understanding how to use LVMS. Using it on a small system like a laptop or desktop with only a couple drives, not worth it. Even if you're just using simple mirroring, it's still not worth it. Here's a simple example why not. If you machine dies and your backups are inadequate, you may want to try and recover the disc by putting it into another system. How? If you didn't back up a bunch of magic information from the original system's /etc directory, you're well and truly screwed. But even if you have the information, you may still be screwed if you can't find the documentation which tells you how to incorporate the LVMS configuration data into the new system. this is the kind of high risk error prone thing that a command should do, not a human. This situation really sucks. LVMS can be really nice when you need it but unfortunately a lack of documentation, use examples written for people who don't live with LVMS but once or twice a year, and a nice GUI for translating what the user wants to do into LVMS commands keep LVMS inaccessible and frustrating to use by many ---eric (heretic by thought, deed, and graffiti) -- Speech-recognition in use. It makes mistakes, I correct some. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] OT: Is EVMS dead?
Neil Bothwick wrote: On Mon, 05 Nov 2007 18:01:28 -0500, Eric S. Johansson wrote: If you machine dies and your backups are inadequate, you may want to try and recover the disc by putting it into another system. How? If you didn't back up a bunch of magic information from the original system's /etc directory, you're well and truly screwed. Or you could run vgscan, provided everything is not auto-detected before you get the chance. if I remember correctly, and it has been quite a while, vgscan only works if your lvm.conf is intact. Merging one lvm.conf with one from another machine is tricky and is not always successful unless you are living with LVM and then it is only mostly successful. if you don't have your original lvm.conf, again if memory serves, you need to go rooting through the first fewsectors of your disk to find what looks like it might be perhaps, possibly the data you need. in looking for examples for this kind of recovery process, I came across a rather nice page from our friends at Novell. http://www.novell.com/coolsolutions/appnote/19386.html -- Speech-recognition in use. It makes mistakes, I correct some. -- [EMAIL PROTECTED] mailing list
[gentoo-user] curious thing with net.eth0
updated a couple of machines to 2005.1+ sometime in the past month. Everything went fine or so I thought. Had to reboot one of the machines today. It wouldn't boot. Everything started okay or so it seemed except eth0 wasn't present. The module was compiled in the kernel, the configuration was the same as it had been for a long time. The problem was /etc/init.d/net.eth0 and /etc/init.d/net.lo were the same. The net.eth0 code was overwritten with the lo code. This happened on two machines and I'm wondering how it happened? Did something go wrong in the emerge process? There's no sign of any attackers. ideas? --- eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] curious thing with net.eth0
Renat Golubchyk wrote:
On Mon, 24 Oct 2005 15:06:26 -0400 Eric S. Johansson [EMAIL PROTECTED]
wrote:
The problem was /etc/init.d/net.eth0 and /etc/init.d/net.lo were the
same. The net.eth0 code was overwritten with the lo code.
This happened on two machines and I'm wondering how it happened? Did
something go wrong in the emerge process? There's no sign of any
attackers.
They are always the same since net.eth0 (and all other net.interface)
is a symlink to net.lo.
then that's what broke. net.lo looks like it should and my net.eth0
looks like:
relay2 ~ # more /etc/init.d/net.eth0
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-src/rc-scripts/init.d/net.lo,v 1.10
2004/04/21 17:09:18 vapier Exp $
start() {
ebegin Bringing ${IFACE} up
/sbin/ifconfig lo 127.0.0.1 up 2/dev/null
/sbin/route add -net 127.0.0.0 netmask 255.0.0.0 \
gw 127.0.0.1 dev lo 2 /dev/null
eend 0
}
stop() {
ebegin Bringing ${IFACE} down
/sbin/ifconfig ${IFACE} down /dev/null
eend 0
}
I thought they were the same because I was debugging one machine over
the telephone and looking at a couple of different machines for examples
and things got a mite confused. In other words, it's wrong just not the
wrong way I thought it was.
--- eric
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] curious thing with net.eth0
Willie Wong wrote: Is net.eth0 a symlink to net.lo? If not, remove net.eth0 and symlink it to net.lo. wasn't and did. now fighting with squirrelmail upgrade and apache ssl not fun day. -- gentoo-user@gentoo.org mailing list
[gentoo-user] daemon monitoring programs
for some reason I've got a couple of daemons that keep going out to lunch on me. Are there any good tools for monitoring daemons and possibly restarting them when they go away? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Eclass 'portability' does not exist for 'gnome-base/gconf-2.10.1-r1'
Holly Bostick wrote: Eric S. Johansson schreef: trying to upgrade the system and I'm getting this error. Eclass 'portability' does not exist for 'gnome-base/gconf-2.10.1-r1' suggestions for how to fix would be most welcome thanks in advance --- eric I just had that error with howl; a sync fixed it. weird. I sync at 2-3 am every night to refresh my cache. I'm trying the sync now and will let you know what happens --- eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] updating mostly identical systems
Michael Crute wrote: Hmm not to be insulting but: no, it is not insulting at all. One must always make sure that the devices plugged into the wall. * Is NFS Running on the server and, yes showmount and mounting devices loopback work * Is there a firewall on either host (and if so are the ports for NFS opened) no firewall on either host. If all is good there then my last think would be why not just put your mount in fstab and skip the automounter jazz? not a bad idea. I was merely following the instructions in the build host tutorial. I've often thought automounter was a good idea and a decent way to deal with server or client's bouncing up and down. I'd hope in the past few years, folks would have fixed its unreliability. thank you for your suggestions. ---eric -- gentoo-user@gentoo.org mailing list
bad howto warning: Re: [gentoo-user] updating mostly identical systems
Michael Crute wrote: Have you seen the build host tutorial on the wiki? http://gentoo-wiki.com/HOWTO_Create_A_Build_Host to put it politely, this how-to is misleading. It should be removed. problem 1: assumes automounter works. I was not able to get automounter to function and had to resort to normal NFS mounts. I verified with a few people outside of the Linux community that automounter is problematic no matter who's you use. problem 2: does not tell you which directories to create. I've had to determine that experimentally as I've gone along. I'll probably document on the second machine install. Problem 3: inadequate chroot environment set up. As a result, Shell scripts that should run chrooted don't. In fact, they just don't run. that is as far as I've gotten. Until I solved the chroot problem, I'm pretty well stopped. I think this how-to is a good example of a really bad how to. Yes it is perfectly acceptable to say go look here when dealing with something essential to the how-to that was previously documented. But you must put the reference to other documentation in context including context specific debugging sequences. That would have saved me hours with the automounter because I would have known to to quit far earlier and gone to a more reliable system (assuming NFS is reliable). as I solve problems, I will probably post the documentation here. ---eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
Colin wrote: On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote: Hi there, I was wondering what tools should I use to detect security flaws to my server and a few tips on how to use them. What are the most common forms of attack and how do I avoid being attacked by one of them? The services avaliable are only Apache - SSL and SSH. I've installed an firewall, iptables and firestarter to control it, and blocked all ports except 443 and 8080, where the SSH is listening. Apache has PHP installed as a module. Want to know how secure your server is? Try and hack it! a better place to start would be a simple inventory of what you are running, its version, configuration and what you want to run. If there's a delta, justify or fix. no need to do any sort of Port scanning or penetration testing 80% of the time. a simple inventory most of your security questions right off the bat. Of course it's not as sexy or ego inflating as running penetration tools but it gives you one thing the others don't. And audit trail. Something you can show to your lawyers and insurance people that you practiced due diligence in knowing your system vulnerabilities. if you are running Apache however you do need to run some form of attack because it is trivially easy to write an Apache configuration which leaves you butt naked to the world and not know it until you've been had. there are similarly complex services (i.e. Samba) that leave you easily vulnerable. so my advice would be to use more secure and easily secured alternatives whenever possible. A good port scanner like nmap should be a basic check of your firewall. I would also set nmap (if it can do this) to perform a SYN flood as it scans, to see if your server can withstand that basic DoS attack. (Adding --syn to your TCP rules in iptables can prevent SYN flooding when used with SYN cookies.) When you break in, find out why it worked and how it can be patched. Some things I would advise (I'm currently working on a server at the moment as well): - If the server is really important (or if you're paranoid), use the hardened-sources with PIE/SSP to prevent badly-written programs from arbitrarily executing code. you should run this no matter what. There is no excuse to leaving yourself vulnerable to these kinds of attacks if there is a method of catching them. Security is not just a single layer. It's multiple layers of good coding, language used, and operating system provided barriers. Since developers insist on using languages like C, C++ providing features behind most security problems, you really need PIE/SSP in place for when the inevitable mistake happens. - Enable SYN flood protection. There's a kernel option somewhere about IPv4 SYN cookies, enable that, and couple it with --syn attached to your TCP rules in iptables. It's a very popular denial- of-service attack. again, never run without it. That way you don't need to do any testing because the problem is handled. - Whenever you need to login or authenticate yourself, make the system delay five seconds after a bad password is entered. This will make a brute-force attack much much slower (0.2 passwords/sec as opposed to millions passwords/sec without a delay, depending on your server's speed). again should be built-in to system services. Why do it yourself and risk error? - Make sure iptables is set to deny all traffic that isn't explicitly allowed. apparently good statement but let's look at the implications. if the services aren't on and there is nothing listening on the port, this isn't really necessary. if the services are on but not needed, see recommendation above about turning them off. if services are needed on one interface but not the other, bind to the right interface. It would make sense to use a deny rule in case something goes wrong. if you are providing services to the net at large, deny rules are not practical. If you're providing services to a limited number of people on the net at large, you need to worry more about authentication and communications confidentiality. If you are providing services internally, may be practical in some cases, but more likely to bite you in the butt when things change on the internal network. that's all the cases I can think of, any others? - Read through your logs every now and then. I highly advise having the server burn them to a CD/floppy every now and then for an instant backup. Get a log reader/parser, too. very good advice. I personally like the idea of storing logs on another machine. But a log reader/parser to bring out the highlights. Also be prepared to spend hours every day verifying each log quirk. Whenever possible, try to eliminate noise from the logs so you can pull out the real information necessary to detect problems. Naturally, hide the server in the attic or basement. Chain it to
Re: [gentoo-user] Testing how secure a server is...
Raphael Melo de Oliveira Bastos Sales wrote: He claims that if someone invades my machine, it will have direct access to all data. That I have to distribute the database, put it in another machine and have the web application access that database over the network. I feel this is a bit overkill. Not only it would force the data travel through the network, slowing it down, but would also increase the complexity of the security layout, forcing to make the two machines very secure, unstead of just one of them. Besides, I might be wrong, but I feel that a Local Socket is faster and safer than Corba trasmitting data over the internal network. If anybody has any comments, I'd be more than happy to hear it. first, on the issue of distributing, yes, you will have a nominally more secure application. This assumes of course that the attacker cannot take any part of your application and use it against you by accessing the database themselves. the interesting paradox is that by moving your application to another machine and using a network between them for communicating data, the application usually runs faster. Think carefully about the RPC mechanism. Don't try to reinvent the wheel with your own socket connection because you will spend a lot of time getting it right and validating it when you could be doing other things that are more fun, productive, and impressing your boss with your lack of not invented here attitude. corba is complex to get started but it is one of the faster RPC mechanisms available (if memory serves). XML RPC is trivially easy to use but is much slower because of XML. Sun RPC. Well, it's a gray beard. Try not to use it. On the security profile, don't sweat it. The best you can do is set out the local machine firewalls to deny access from each other except for the database connection. ssh should only be permitted from your green network. Everything else really depends on what you need exposed and where. connection security can be handled with SSL. Many database engines support this (if memory serves). ---eric -- gentoo-user@gentoo.org mailing list
[gentoo-user] updating mostly identical systems
I need feedback on this cunning plan. I have five (virtual machine) systems which are mostly identical. Originally I customized each one with a different set of use flags. Each one has a different set of applications with a common core. I started updating them last night and woke up this morning to three of them building xorg-x11 (and they're still at it, pity my poor CPUs). Needless to say this pushed my Mr. grumpy hot button and I want to change how I do things. I'm beginning to think what I should do is create a unified make.conf which is as common as possible. Only difference being maybe the references to the cache (which is one of the five machines). after creating a unified make.conf, I believe I should set up a build process on one machine to create binary packages as well as managing its disk space cleaning up the temporary directory, and expiring old or redundant packages. Then the four other machines should install the binary packages in preference to building their own. But after the binary packages are installed, they should go through a source update for their own individual packages. make sense? what would be the best way for the four other machines to access the binary packages? NFS? File copy? suggestions for managing disk space and expiring old packages? I've found one which I'm trying out (distmaint) but it takes so long, it's definitely a candidate for cron. suggestions are most appreciated. I want to make this process of updating a faster one requiring less attention. thank you ---eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] updating mostly identical systems
Michael Crute wrote: Have you seen the build host tutorial on the wiki? http://gentoo-wiki.com/HOWTO_Create_A_Build_Host -Mike no I had not. look like just what I need. also looks like putting it in place would be faster than waiting for the current set of updates to finish. thanks!!! --- eric -- gentoo-user@gentoo.org mailing list
[gentoo-user] question about files as disks
I'm helping some people using gentoo and one of the tasks is the production of flash memory updates for the firewall. The script for producing flash images contains calculations determining sector offsets so that the disk image can be treated as a partitioned disk. Is there anyway to treat a file as if it were a physical disk from the partitioning through mounting of each individual partition and its unmounting? I can keep doing it the clumsy error-prone way if I need to him but I was just trying to find out if there was an option that reduced the opportunity for mistakes. ---eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] question about files as disks
Richard Fish wrote: Maybe user-mode linux or vmware could be useful for this... I'm using qemu to run the firewall which in turn creates a self flash memory image of itself. Maybe you are right though I should look into the virtual machine as the framework from which I generate the flash image. I will say though it's all a royal pain in the butt. ;-) ---eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] QEMU firewall
Willie Wong wrote: On Thu, Jul 28, 2005 at 02:48:04PM -0400, Eric S. Johansson wrote: I'm using qemu to run the firewall which in turn creates a self flash memory image of itself. Maybe you are right though I should look into the virtual machine as the framework from which I generate the flash image. I am actually quite interested in the details. What system do you run on the guest system? OpenBSD? And can you give a brief description of your network schematics? it's not what you imagine. That will need to wait for me to spend time with xen. all I'm doing right now is running IPCop in qemu. then using ssh, copy over configuration files, run the build flash image process, copy it back and then iterate to the next configuration. I'm trying to eliminate the /boot partition and the process of building a bootable flash image is so fragile that I'm having trouble making all the pieces lined up. This is why I was hoping there was some way to create a multi-partition disk out of a file and be able to read and write them in the same way we do multi-partition hard drives. I am about 30 pico seconds away from finding out if I can mount up the disk image with qemu as a separate drive without spending the 60 seconds+ it takes to start up or shut down qemu.hopefully I can make the build process work that way. It might be less pain although making grub work...oh bother, said Pooh bear. ---eric -- gentoo-user@gentoo.org mailing list
[gentoo-user] suggestions needed for migration away from active directory
I'm trying to migrate some people away from active directory and I'm trying to figure out if there is anything better than NIS for directory service. I know folks are using LDAP but my last encounter with LDAP left me with flashbacks of the carnage especially in the area of replication and backup. Pointers of where to look would be most welcome. Thanks in advance ---eric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mailman group id
Tim Igoe wrote: try this instead ebuild mailman-2.1.6_rc4.ebuild digest thank you that helped. Now I am fighting problems that are my own dammed fault. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] public time server
Ivan Lucian Aron wrote: i have no idea, they stopped working for me 2 days ago. and they all timeout. https://fortytwo.ch/mailman/pipermail/timekeepers-bulletin/2005/000569.html may be of interest. maybe the gentoo project could contribute a server or two to the project? --- eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] magic shifting sdX associations
in playing with USB flash drives on systems with SCSI disks, every time I boot with the flagstick installed, it gets assigned to /dev/sda and the SCSI drives are assigned to subsequent /dev/sdX device names. But when I remove the USB drive, all assignments shift down and things like mount points get royally screwed up. is there any way I can assign the usb flash drive to some guaranteed to be unused sdX device name and let the SCSI devices be allocated normally or force the USB flash device to be detected after the SCSI disks so that it is assigned to the end of the list of SCSI devices? my goal is to get the SCSI disk device name assignments to be the same whether or not the flash drive is present. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] magic shifting sdX associations
Matan Peled wrote: Better idea: Write a udev rule so that you'll get symlinks, such as: /dev/usbkey /dev/camera /dev/widget /dev/foo /dev/bar ... should have pointed out that I am doing this from live CD. Looks like I'm going to need a custom live CD version no matter what I do. hmmm yet another thing for my overflowing to learn RSN list. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] magic shifting sdX associations
Matan Peled wrote: Better idea: Write a udev rule so that you'll get symlinks, such as: /dev/usbkey /dev/camera /dev/widget /dev/foo /dev/bar ... I hate it when a thought occurs to me just after I hit to send button. this means I would need to write udev rules to create symbolic links for every potential SCSI disk drive as well as a number of flash drives. In my context, this becomes unmanageable because the changes ripple out into fstab not just in the live CD context but in the final system configuration. in a one shot system yeah, this would work but if you're trying to make a general tool to simplify installation, I don't think it will fly. It would actually easier overall to manually control the sequence by plugging in unplugging the flash drive. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] stuck mount points
I'm running into a problem while testing my install scripts on the minimal CD. as I try to fix failures, and unmount disks to restart installation process, reasonably frequently, I cannot unmount my target drive even though there is nothing on the drive that I can see. unfortunately lsof isn't on the minimal CD so I can't see what it thinks is using the partition. any ideas? Anyway as I can force an unmount without rebooting? ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] stuck mount points
A. Khattri wrote: Check you dont have /proc mounted on that drive (you should see that by running mount). Im assuming you dont have a shell open using a dir on that drive? Also check what else is running that might be using something on that drive. /mnt/gentoo/proc was the sticking point. I also had a corrupted fat12 fs on the flash drive which didn't help.. :-) thanks --- eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] libtoolize hoseage
any pointers on how to fix the emerge update based hoseage ?? *** Gentoo sanity check failed! *** *** libtool.m4 and ltmain.sh have a version mismatch! *** *** (libtool.m4 = 1.5.16, ltmain.sh = 1.5) *** Please run: libtoolize --copy --force if appropriate, please contact the maintainer of this package (or your distribution) for help. !!! Please attach the config.log to your bug report: !!! /var/tmp/portage/lcms-1.13/work/lcms-1.13/config.log ... relay2 root # libtoolize --copy --force libtoolize: `configure.ac' does not exist Try `libtoolize --help' for more information. relay2 root # -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] libtoolize hoseage
Edward Catmur wrote: libtoolize needs to be run within the ebuild (at the end of src_unpack). Check bugs.gentoo.org. thanks I see the problems listed there -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] looking for alternatives to Apache
I have spent a way too much time in the past week screwing around with Apache configurations. The final straw was when I took a working configuration, change the domain name and it failed without telling me why or where. so I'm looking for an alternative. What I need is something that has the following characteristics: Virtual hosts virtual hosts server name aliases 404 handler for different URLs (ie. http://www.demo.com/ and http://www.demo.com/sub/ should be able to have different handlers) REDIRECT_URL properly set during a 404 events CGI directory level access control works with mailman there are probably other things that would be nice but I'll probably find them out when I try to use it. I have already tried and failed with lighttpd. it fails on the REDIRECT_URL test as well as rather difficult workarounds for server name aliases. so I would welcome suggestions about alternative Web servers that are reasonably alive. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] looking for alternatives to Apache
Panos Laganakos wrote: Eric S. Johansson wrote: I've heard that roxen has a nice http server. Give it a try and give some feedback if it turns out to be good. having looked at it, it strikes me is being almost as complex as Apache and it's not something I feel comfortable with. I will look further but I'm not feeling hopeful about this one. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] looking for alternatives to Apache
Ciaran McCreesh wrote: On Fri, 06 May 2005 14:15:03 -0400 Eric S. Johansson [EMAIL PROTECTED] .. | the web site and the documentation | isn't apparently there. Uh, yeah, the docs aren't one of cherokee's strong points :) the same is true Apache except they have lots of documentation that doesn't really say a whole lot. ;-) ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] getting hard nmasked packages
http://packages.gentoo.org/search/?sstring=xorg how can I get the hard masked Xorg. notes indicate it has the ati patches i need. --- eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] laptop ati problems
trying to put gentoo on a dell 5000 with an ATI Rage Mobility P/M AGP 2x chipset. Xorg native ati drivers gives me a blank screen, the ati drivers don't support this chip, and the workaround driver (vesa) gives me garbarge display. any suggestions or am I hosed till some future Xorg release? --- eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] What is the recommended order of maintenance updates?
Bastian Balthazar Bux wrote: This is not totally true, default useflag changes because emerge --sync update profiles or because you 've installed a particular package. This mean that after an emerge --sync sometimes run emerge --update --deep --newuse world is needed *twice* not only one time (this to be on the safer side) would something like this give you the same effect? emerge -F --deep --newuse world emerge --update --deep --newuse world -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] installation automation scripts
Eric S. Johansson wrote:
if I haven't forgotten something...
famous last words... I forgot a few things. but this version puts you
much closer to having a working system in 90 minutes or less. All you
need to do is:
boot off of life CD
mkdir /mnt/flash
mount /dev/sda1 /mnt/flash #(don't forget -t vfat if necessary)
edit /mnt/flash/gentoo/config #(to meet your requirements)
bash /mnt/flash/gentoo/phase1.sh #( to start everything off)
when it comes time, menuconfig will come up and let you configure the
kernel.
current problems are getting modules to automatically load and
automatically setting the password. I may just used to make the root
password go away at login so you can get in without first putting single
user mode but I'm not really comfortable with that for obvious reasons.
on the module loading problem, I'm coming to the opinion that if you
need a module at boot time, it should just be built into the kernel. YKMV.
I think this will be the last posting of this code, eventually I will
put up Web accessible page or two on these pieces and I will post a
notice at that point.
---eric
--
http://www.wired.com/wired/archive/13.03/view.html?pg=5
The result of the duopoly that currently defines competition is that
prices and service suck. We're the world's leader in Internet
technology - except that we're not.
# config variables
HOST_NAME=rufus
DOMAIN_NAME=harvee.org
DRIVE=/dev/hda
# CPUTYPE=i686
CPUTYPE=pentium3
MKFS2=mke2fs
MKFS3=mke2fs -j
MKFSR=mkreiserfs -q
MKSWP=mkswap
PART_ROOT=3
DRIVE_ROOT=/dev/hda
# format of the filesystem list is:
# partition number:filesystem command
# create the entries in the order in which they will be created and
# mounted.
PART_ORDER=(1 2 3)
# order of the elements in each entry:
# partition number: mount point: file system format command
PART_LIST[1]=3:/mnt/gentoo:${MKFSR}
PART_LIST[2]=1:/mnt/gentoo/boot:${MKFS3}
PART_LIST[3]=2::${MKSWP}
# proxy configurations to say to wear and tear gentoo servers
# replicated below in constructing make.conf
SYNC=rsync://192.168.25.11/gentoo-portage
http_proxy=http://192.168.25.11:8080
RESUMECOMMAND= /usr/bin/wget -t 5 --passive-ftp \${URI} -O
\${DISTDIR}/\${FILE}
# if ethernet module is not detected automatically, list module here
ETHERMODULE=
# DHCP usually requires nothing but if module is manually loaded.
# activate command here
DHCPCD_CMD=dhcpcd
#otherwise enter static IP information. Note, DHCP takes priority
#over static information
# static IP address
IP_ADDR=192.168.25.11
BROADCAST=192.168.25.0
NETMASK=255.255.255.0
GATEWAY=192.168.25.254
NAMESERVER=192.168.25.1
# PCMCIA?? Y to turn on to turn off
PCMCIA=y
# bail if config only
if [ -z $1 ] ; then
# partitions
# describe your partitions here in sfdisk format
PARTITIONS=`mktemp `|| exit 1
cat $PARTITIONS EOF
0,200,L
,1000,S
,,L
;
EOF
# your default make.conf
MAKE_CONF=`mktemp `|| exit 1
cat $MAKE_CONF EOF
MAKEOPTS=-j3
AUTOCLEAN=yes
PORTDIR_OVERLAY=/usr/local/portage
USE=mmx sse alsa oss aim emacs fastcgi gphoto2 imap maildir mozilla pcmcia
python usb gdbm pam png berkdb apache2 perl qt readline gif gtk gtk2 ldap mbox
mcal ncurses ssl wxwindows zlib
SYNC=rsync://xeno/gentoo-portage
http_proxy=http://xeno:8080
RESUMECOMMAND= /usr/bin/wget -t 5 --passive-ftp \${URI} -O \${DISTDIR}/\${FILE
}
EOF
# stage grub.conf and any other needed data
GRUB_CONF=`mktemp `|| exit 1
cat $GRUB_CONF EOF
PCMCIA=${PCMCIA}
DRIVE_ROOT=${DRIVE_ROOT}
PART_ROOT=${PART_ROOT}
cat /boot/grub/grub.conf PHASE2
# Which listing to boot as default. 0 is the first, 1 the second etc.
default 0
# How many seconds to wait before the default listing is booted.
timeout 30
# Nice, fat splash-image to spice things up :)
# Comment out if you don't have a graphics card installed
#splashimage=(hd0,0)/grub/splash.xpm.gz
title=Gentoo \${KERNEL_VERSION}
# Partition where the kernel image (or operating system) is located
root (hd0,0)
kernel /\${KERNEL_VERSION} root=${DRIVE_ROOT}${PART_ROOT}
PHASE2
EOF
FSTAB=`mktemp `|| exit 1
cat $FSTAB EOF
# /etc/fstab: static file system information.
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/fstab,v 1.14 2003/10/13
20:03:38 azarah Exp $
#
# noatime turns off atimes for increased performance (atimes normally aren't
# needed; notail increases performance of ReiserFS (at the expense of storage
# efficiency). It's safe to drop the noatime options if you want and to
# switch between notail and tail freely.
# fs mountpointtype opts
dump/pass
# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
/dev/hda3 / reiserfsnoatime
0 0
/dev/hda1 /boot ext3noatime
1 1
/dev/hda2 noneswapsw
0 0
/dev/cdroms/cdrom0 /mnt/cdrom iso9660 noauto,ro
0 0
#/dev/fd0 /mnt/floppy
[gentoo-user] installation automation scripts
since it is taking me forever to get around to writing these up in
putting them on a web page (web sites are so 1990s) I figured I would
cast these bits upon the electronic waters and accept any bug fixes that
may return.
I present for your amusement, a series of scripts which will, if I
haven't forgotten something, completely install gentoo with a minimum of
human involvement. while these components are atrocious from a
usability standpoint, the addition of a user interface with appropriate
checking on top of these scripts could take the sharp knives and missing
fingers gentoo install into something you can engage in and still count
to 10 afterwards. Still need to do something about Xorg however.
at the very least, it would be a really cool hack to the install CD to
detect a usb flash with these programs and do the install based on them
with a single command.
component summary:
config: configuration data for the entire operation (in theory) you
should be able to control most important installation things you need
from here.
phase1.sh: everything that happens outside of the chroot environment as
defined by the installation manual. ID network setup, ssh, disk
partition name, disk formatting setting up various configuration files,
stage install, etc.
phase2.sh: everything that happens inside the chroot environment as
defined by the installation manual. portage update, installing base
packages, Grub
phase3.sh: (user-defined) whatever you want to script after phase 3 that
takes place inside of the chroot environment.
go_chroot.sh: handy little script which places you into the chroot
environment and leaves you in a shell so you can do your dastardly deeds.
execution environment:
I run all these programs out of a usb flash big enough to hold these
programs plus one stage 3 install tarball. the flash is mounted on
/mnt/flash. the content should be located in the flash relative
directory gentoo and the stage 3 tarball is in gentoo/stages so that
the final path is /mnt/flash/gentoo/...
invoke as /mnt/flash/gentoo/phase1.sh and stand back. **It does not
wait for you to give permission to do anything.** It assumes that if
you haven't, you will and without reservation.
this tool has lots of really sharp edges that has cut me on more than
one occasion. But no problem, I reboot, fix the problem, and start over.
if folks feel adventurous and want to experiment with this, please I
would truly welcome feedback and bug fixes. hope this is useful to others.
---eric (I really should get some sleep one of these days)
--
http://www.wired.com/wired/archive/13.03/view.html?pg=5
The result of the duopoly that currently defines competition is that
prices and service suck. We're the world's leader in Internet
technology - except that we're not.
# config variables
HOST_NAME=rufus
DOMAIN_NAME=harvee.org
DRIVE=/dev/hda
# CPUTYPE=i686
CPUTYPE=pentium3
MKFS2=mke2fs
MKFS3=mke2fs -j
MKFSR=mkreiserfs -q
MKSWP=mkswap
#PART_SWAP=2
# format of the filesystem list is:
# partition number:filesystem command
# create the entries in the order in which they will be created and
# mounted.
PART_ORDER=(1 2 3)
PART_LIST[1]=3:/mnt/gentoo:${MKFSR}
PART_LIST[2]=1:/mnt/gentoo/boot:${MKFS3}
PART_LIST[3]=2::${MKSWP}
# proxy configurations to say to wear and tear gentoo servers
# replicated below in constructing make.conf
SYNC=rsync://192.168.25.11/gentoo-portage
http_proxy=http://192.168.25.11:8080
RESUMECOMMAND= /usr/bin/wget -t 5 --passive-ftp \${URI} -O
\${DISTDIR}/\${FILE}
# if ethernet module is not detected automatically, list module here
ETHERMODULE=
# DHCP usually requires nothing but if module is manually loaded.
# activate command here
DHCPCD_CMD=dhcp
#otherwise enter static IP information. Note, DHCP takes priority
#over static information
# static IP address
IP_ADDR=192.168.25.11
BROADCAST=192.168.25.0
NETMASK=255.255.255.0
GATEWAY=192.168.25.254
NAMESERVER=192.168.25.1
# partitions
# describe your partitions here in sfdisk format
PARTITIONS=`mktemp `|| exit 1
cat $PARTITIONS EOF
0,200,L
,1000,S
,,L
;
EOF
# your default make.conf
MAKE_CONF=`mktemp `|| exit 1
cat $MAKE_CONF EOF
MAKEOPTS=-j3
AUTOCLEAN=yes
PORTDIR_OVERLAY=/usr/local/portage
USE=mmx sse alsa oss aim emacs fastcgi gphoto2 imap maildir mozilla pcmcia
python usb gdbm pam png berkdb apache2 perl qt readline gif gtk gtk2 ldap mbox
mcal ncurses ssl wxwindows zlib
SYNC=rsync://xeno/gentoo-portage
http_proxy=http://xeno:8080
RESUMECOMMAND= /usr/bin/wget -t 5 --passive-ftp \${URI} -O \${DISTDIR}/\${FILE
}
EOF
#!/bin/bash
#phase one of gentoo install
. /mnt/flash/gentoo/config
# changes passwd
#passwd
### place network configuration set up here
# if ethernet module is not detected automatically, load it here
# modprobe your Ethernet module here
if [ -n $ETHERMODULE ] ; then
modprobe $ETHERMODULE
fi
if [ -n $DHCPCD_CMD ] ; then
eval $DHCPCD_CMD
else
ifconfig eth0 ${IP_ADDR} broadcast ${BROADCAST}
[gentoo-user] 100% disk full again
this is all portage's fault.. ;-) my 300+ package upgrade is almost done. but OO died because of no disk space on the laptop (yes, I will go with a binary for this one after I clean up the mess) what is the best way to keep the portage files down to a reasonable set? I clean but that never seems to remove anything from the portage env. This seems like a common problem (esp for laptops) so what is a good solution? single dsktops; laptops o per machine portage cleaner small (3-4) networks o http-replicator cache o rsync cache o per machine portage cleaner larger networks o http-replicator cache o rsync cache o shared /usr/portage;/var/cache/edb/??? o cach machine portage cleaner right? wrong? what does a portage cleaner look like? --- eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
[gentoo-user] fetch then build
I frequently find myself fetching packages then building. Reading through the emerged documentation that does not seem to be any way to do both in one step fetch first, and then if successful, fetch second? I tried: emerge -fDva world emerge -uDv world which only mostly prefetched files (misssed a bunch). tried F instead of F and it missed more and changed what it installed. ideas? --- eric ps. updating laptop that was idle for 6+ months: 320 packages... a good test of my gentoo skills. so far so good. you can bet your ass I'm backing up /etc before running dispatch-conf... -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] fetch then build
Jason Stubbs wrote: On Saturday 16 April 2005 21:47, Eric S. Johansson wrote: I frequently find myself fetching packages then building. Reading through the emerged documentation that does not seem to be any way to do both in one step fetch first, and then if successful, fetch second? I tried: emerge -fDva world emerge -uDv world which only mostly prefetched files (misssed a bunch). tried F instead of F and it missed more and changed what it installed. ideas? There's no way to quit a fetch run if a single fetch fails. The main problem was that I did not fetch all the record packages for either -f or -F. As for quitting a fetch run, I only need to know that the fetch failed somehow because if it did, that's when the human should pay attention. It would be nice to capture the output and send it on etc. etc. but that's just simple scripting. But the detection of any failure even if the rest of the process completes is sufficient in this case. Wait a couple of weeks and there'll be a couple of dispatch-conf releases that should make a little bit safer. in two weeks I'm going to a conference on open source speech recognition and hopefully streaming audio from presenters with that laptop. I'm the first presenter on Friday morning. Dark ice, here I come. PS to the audience: if you can help with setting up the streaming audio or provide an icecast 2.x relay fore about 10-20 listeners, it would be most welcome. Also suggestions on how to make dark ice capture the stream as well as stream so we can make this audio available for later playback. my second laptop will be demonstrating speech recognition on Windows dictating to (gentoo) Linux via coLinux. warning: this will be a critical commentary because of the major shortfall links in the HCI space as well as positive statement of how to fix things. -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] boot with serial console
Ciaran McCreesh wrote: On Thu, 14 Apr 2005 15:50:30 -0400 Eric S. Johansson [EMAIL PROTECTED] wrote: | I have a system with an apparently dead keyboard interface. is there | any chance I could use the standard (or near standard) minimal boot CD | and install everything via serial console? What arch? It's supported on sparc, mips, hppa and arm at least and should work automatically. sorry, x86 -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Knoppix twice as fast as Gentoo?
Mike Williams wrote: On Monday 11 April 2005 23:18, Eric S. Johansson wrote: ;);) (I've started to mount it read only so at least an error came up) I always leave it mounted since it makes little real difference security wise. seriously, what does it protects you against when a compromise can probably also mount it then unmount it again as a courtesy mount it read-only, seriously, you can't accidentally delete/edit stuff, or format it by accident (*cough*), plus genkernel supports read-only /boot's since I fixed it and submitted my patches. I must admit I have never done that although I have created a whole new /boot hierarchy when I screwed up... I mean suffered at the hands of a bad user interface. ;-) If there was a way to specify what goes into my initrd with genkernel, I would go back to it in a heartbeat. h, usable genkernel. crunchy.. ---eric -- http://www.wired.com/wired/archive/13.03/view.html?pg=5 The result of the duopoly that currently defines competition is that prices and service suck. We're the world's leader in Internet technology - except that we're not. -- gentoo-user@gentoo.org mailing list
