Re: [gentoo-user] OT: Red jack and white jack on a pair of headphones

[Poison BL.]

On Sun, Oct 18, 2020 at 1:35 PM Alan Mackenzie  wrote:
>
> Hello, Gentoo.
>
> I've recently found a pair of headphones with a microphone.  I've no idea
> where it came from, but I'd like to try it out.  I've got no manual for
> it.  I'm not even sure it's functional.
>
> It has a red (stereo) 3.5mm jack plug and a white (stereo) 3.5mm jack
> plug.  I'm assuming that one of these is for the headphones and the other
> for the microphone, and that they plug into the pale green and pink jack
> sockets on my PC.
>
> But which is which?  I don't want to destoy anything by connecting them
> the wrong way around.
>
> Help would be appreciated.
>
> Thanks!
>
> --
> Alan Mackenzie (Nuremberg, Germany).
>

It shouldn't damage anything to get it backwards. It's *very* likely
that one of those is mono, not stereo, on the plug, which is the quick
way to find the microphone at a glance, though (unless they were just
too cheap to manage 2 styles of plug in manufacturing)

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?

[Poison BL.]

On Mon, Aug 17, 2020 at 12:51 AM Caveman Al Toraboran
 wrote:
>
> hi.  context:
>
> 1. tinfoil hat is on.
> 2. i feel disrespected when someone does things to
>my stuff without getting my approval.
> 3. vps admin is not trusty and their sys admin may
>read my emails, and laugh at me!
> 4. whole thing is not worth much money.  so not
>welling to pay more than the price of a cheap
>vps.  moving to dedicated hardware for me is
>not worth it.  my goal is to make it annoying
>enough that cheap-vps's admins find it a bad
>idea for them to allocate their time to mingle
>with my stuff.
>
> thoughts on how to maximally satisfy these
> requirements?
>
> rgrds,
> cm.
>

I'm rather late to the game with this, but at the end of the day, mail
coming *into* a mail server isn't typically encrypted (and even that
is only the body, the headers can still reveal a great deal, and are
necessary for the server to work with it). A packet dump at the switch
will turn over every piece of mail you receive along the way. Email's
not designed for end to end security by default. Secondly, any hosting
on hardware you don't control is impossible to fully secure, if the
services on that end have to operate on the data at all. You can
encrypt the drive, encrypt the mail stores themselves, etc, but all of
those things will result in the encryption key being loaded into ram
while the VPS is running, and dumping ram from the hypervisor layer
destroys every illusion of security you had. Dedicated hardware in a
locked cabinet is as close as you get to preventing physical attacks
when you're hosting in someone else's DC, and that's not nearly in the
same market segment, price-wise, as a cheap VPS. At best, if you have
sensitive email that you're sending or receiving, work with the other
end of the communication and then encrypt the contents properly. Even
better, go with a larger scale, paid, solution in which your email
isn't even remotely worth the effort to tamper with for the hosting
company's employees, and hope the contractual obligations are
sufficient to protect you. If you have any sort of controlled data
going in and out of your email, step up to a plan that adheres to the
regulatory frameworks you're required to adhere to and make very sure
the contracts for it obligate the vendor to secure things properly on
their end (aws, azure/o365/etc mostly all have offerings for, at
least, US Gov level requirements).

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] links that behave differently per calling app?

[Poison BL.]

On Sun, Nov 10, 2019 at 11:37 PM Caveman Al Toraboran
 wrote:
>
> hi - is it possible to have some kind of fancy links that
> know the name of the process that is trying to access
> it, and based on its name, it links it to a file?

Yes, and that's used pretty extensively in busybox. Symlinks named any
of its tools that point to it directly call into *that* tool.

> i think if we have this, we can solve slotting in a simpler
> way.  e.g. we install libs in their own non-conflicting
> locations, and then install for them such fancy sym links
> with access that routes accessing processes to the right
> version of the lib.

I'm not entirely sure about the library level. Your goal sounds like
one link to many library versions instead of many links to one
library. A symlink itself can only point at one thing, so the
filesystem level can't do that. So you would have to have a shim
library that gets loaded, then loads the version the calling process
needs... based on either an exhaustive table of the mappings of every
binary to the versions they need, or some other magic.You wouldn't be
able to just pick any version of a library and hand it back to a
process, since major versions on libraries tend to break the
interfaces they present, so you would end up having a 1:1 mapping of
any particular binary calling a singular library version. That already
happens based on the linker, and even works for less specific
versioning in many cases with symlinks from, say, libc.so.6 and
libc.so.6.2 pointing to libc.so.6.2.13 (which is actually a many links
to one library technique that's already used). To change what
interface a calling process *can* work with will require rebuilding it
against the new major version of the library, and if it's one of those
circular situations where it's part of the build process, you have to
have both the old and new library available (one of the reason slots
exist). The binary itself should contain enough detail to load the
version *it* needs already, and then should be requesting that from
the dynamic linker already...

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] requirement: ssh v1

[Poison BL.]

On Thu, May 16, 2019 at 6:45 AM Stefan G. Weichinger  wrote:
>
>
> At a customer we still have to keep up an ancient Suse 6.x VM, it has a
> legacy and proprietary software in it which has to be kept alive.
>
> No way to move that sw to another OS, don't ask ...
>

Any chance to just attach to the VM console, or a serial console on
that VM tied it back to a serial console on another host that runs
modern tools, taking the SSHv1 offline? It's providing more
vulnerability than it is security.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Ethernet-over-USB confusion

[Poison BL.]

On Tue, Jun 26, 2018 at 1:47 PM,  wrote:

> Hi,
>
> short question:
>
> I want to access my Raspberry Pi Zero W via Ethernet-over-USB
> via ssh.
> On the Raspberry I have to include a module called g_ether.
> After rebooting I can see a new interface whith an IP assigned
> via ifconfig.
> On my PC I see a new inteface and dmesg tells me, that
> usb0 was renamed to a hillarious cryoted other name
> and this  also shows up when using ifconfig.
> But it has a complete different IP assigned,
>
> But I cannot ssh into the SoC even if the IP
> address is corrected manually.
>
> What modules do I need loaded exactlu on the PC
> and on the SoC?
>
>
> Thanks for any help in advance!
> Cheers
> Meino
>

I haven't poked a pi zero yet with the usb ethernet gadget stuff, but I
know the beaglebone side sets up its own dhcp server for the process, as
per this in their getting started docs:

"If connected via USB, a network adapter should show up on your computer.
Your Beagle should be running a DHCP server that will provide your computer
with an IP address of either 192.168.7.1 or 192.168.6.1, depending on the
type of USB network adapter supported by your computer's operating system.
Your Beagle will reserve 192.168.7.2 or 192.168.6.2 for itself."

What IP/subnet are you seeing on the pi and your desktop/laptop it's
connected to for the USB interfaces?

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Gentoo Hardened vs Kali Linux

[Poison BL.]

On Sat, Mar 31, 2018 at 11:37 AM, Hubert Hauser  wrote:

> Hello!
>
> I want to learn from scratch securing Linux and ethical hacking. Should I
> do as the most people so install Kali Linux on virtual machine or install
> Gentoo Hardened with Pentoo overlay on my PC? I heard a lot of negative
> opinions about Kali Linux.
>
> --
> Best regards, Hubert Hauser.
>

Kali's spectacular, but I don't recommend it for "everyday" use. It's
designed to stand-up quick, do a pentest, and tear it back down when you're
done. I ran a subset of the pentoo overlay on a laptop for a while, and
while it was nifty to have some of those tools on hand, it wasn't enough
for me to justify having them installed 24/7, and it never felt as complete
as Kali does for the job.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] [OT] Calculating power consumption of a running program?

[Poison BL.]

On Wed, Aug 23, 2017 at 7:07 PM, Poison BL. <poiso...@gmail.com> wrote:

> On Wed, Aug 23, 2017 at 6:29 PM, R0b0t1 <r03...@gmail.com> wrote:
>
>> As an example, I am interested in characterizing the power consumption
>> of rendering a PDF document. I would hopefully only need to run the
>> renderer once.
>
>
> ... That's potentially useful for profiling during
> optimization of a very specific workflow in controlled conditions, but it's
> really of questionable usefulness beyond that.
>
> --
> Joshua M. Murphy
>

Also, I meant to note, the same issues that apply to power profiling of
rendering PDFs really also apply to nearly everything we tend to use
desktop systems for on a regular basis. Our datasets change in complexity
too much, many of the processes working with them are heavily impacted by
user interactivity, and background tasks and other variable factors further
complicate things so much that, aside from the extreme anomalies (like the
pidgin issue Alan noted), it's rare that a coherent power usage can be
accurately attributed to any one process.

-- 
Joshua M. Murphy

Re: [gentoo-user] [OT] Calculating power consumption of a running program?

[Poison BL.]

On Wed, Aug 23, 2017 at 6:29 PM, R0b0t1  wrote:

> As an example, I am interested in characterizing the power consumption
> of rendering a PDF document. I would hopefully only need to run the
> renderer once.


The catch with that goal is that a) rendering a PDF is likely as much of a
ram and disk intensive process as it is cpu intensive, b) the computational
complexity of it is *completely* dependent on the source's complexity, and
c) the actual power draw of the system will even vary based on external
environmental factors. For a specific document, you could measure it by
pre-loading everything into ram (so disk and ram i/o for the executable and
data to process aren't factors), ensure the system is truly idle (i.e. no
background processes, including scheduled tasks), take a power usage
measurement (preferably with an external, physical, power meter) as a
baseline, then run the process N times in a loop, and take a measurement of
both the total run time and the change in power draw. From there, you can
divide the run time by N, the multiply by the change in power draw, to get
the result. That'll tell you roughly how much power you would draw every
time you rendered that particular document, from ram, on that system, with
those exact settings, in a room at roughly that temperature and humidity.
That's potentially useful for profiling during optimization of a very
specific workflow in controlled conditions, but it's really of questionable
usefulness beyond that.

-- 
Joshua M. Murphy

Re: [gentoo-user] Somehow offtopic: KRITA documentation 'mobile version'

[Poison BL.]

On Wed, May 3, 2017 at 2:50 PM, R0b0t1  wrote:

> On Wed, May 3, 2017 at 12:19 PM,   wrote:
> > Hi,
> >
> > sorry for being offtopic somehow...
> >
>
> If it's in portage (and in most cases even if it isn't) I don't
> suppose it's really offtopic.
>
> > I am looking for a documentation for the KRITA image software
> > to put onto my tablet. I want to read/learn on my way to and
> > back from work. My tablet has no internet connection then...
> >
> > Any (legal of course!) source for that docs -- I only
> > found the "read online stuff"... ???
> >
>
> Per https://packages.gentoo.org/packages/media-gfx/krita there doesn't
> seem to be a documentation useflag, which is generally what you want
> to look for for local documentation. I'm slightly confused as to how
> the documentation is maintained: on one hand it isn't formatted like a
> Wiki (which would only be accessible online), but on the other it
> seems to have enough user-contributed content to be online only. It
> seems to be tied in to KDE's identity system and might function as a
> Wiki.
>
> In which case, I suggest perusing the following:
> https://www.gnu.org/software/wget/manual/html_node/
> Recursive-Retrieval-Options.html
> http://stackoverflow.com/questions/273743/using-wget-
> to-recursively-fetch-a-directory-with-arbitrary-files-in-it
> https://unix.stackexchange.com/questions/25340/download-
> recursively-with-wget
> http://www.linuxjournal.com/content/downloading-entire-web-site-wget
>
>
> If you have time to answer, why Krita?
>
>
Looks like their primary documentation (under the 'Learn' section of their
site) is a wiki, based on:

https://docs.krita.org/Contributors_Readme

And, a glance at the source looks suspiciously like mediawiki on the
backend of it. Short of them adding in an extension to do it on the server
side, I don't know a quick way to pull that out to PDF (or any other ebook
format)...

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: replacement for ftp?

[Poison BL.]

On Tue, May 2, 2017 at 12:01 PM, Ian Zimmerman  wrote:

> On 2017-05-02 09:05, Neil Bothwick wrote:
>
> >> miles per hour, internet almost always won lately. :-)
>
> > But tapes also hold a lot more than they did in 1981
>
> And so do trucks :-(
>
> --
> Please *no* private Cc: on mailing lists and newsgroups
> Personal signed mail: please _encrypt_ and sign
> Don't clear-text sign:
> http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html
>
>
Not just trucks loaded with tapes... trucks loaded full of MicroSD cards
are getting downright silly, density-wise... and the bandwidth of that
running down a highway still wins.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] replacement for ftp?

[Poison BL.]

On Sat, Apr 29, 2017 at 9:11 PM, lee <l...@yagibdah.de> wrote:
>
> "Poison BL." <poiso...@gmail.com> writes:
> > Half petabyte datasets aren't really something I'd personally *ever*
trust
> > ftp with in the first place.
>
> Why not?  (12GB are nowhere close to half a petabyte ...)

Ah... I completely misread that "or over 50k files in 12GB" as 50k files
*at* 12GB each... which works out to 0.6 PB, incidentally.

> The data would come in from suppliers.  There isn't really anything
> going on atm but fetching data once a month which can be like 100MB or
> 12GB or more.  That's because ppl don't use ftp ...

Really, if you're pulling it in from third party suppliers, you tend to be
tied to what they offer as a method of pulling it from them (or them
pushing it out to you), unless you're in the unique position to dictate the
decision for them. From there, assuming you can push your choice of product
on them, it becomes a question of how often the same dataset will need
updated from the same sources, how much it changes between updates, how
secure it needs to be in transit, how much you need to be able to trust
that the source is still legitimately who you think it is, and how much
verification that there wasn't any corruption during the transfer. Generic
FTP has been losing favor over time because it was built in a time that
many of those questions weren't really at the top of the list for concerns.

SFTP (or SCP) (as long as keys are handled properly) allows for pretty
solid certainty that a) both ends of the connection are who they say they
are, b) those two ends are the only ones reading the data in transit, and
c) the data that was sent is the same that was received (simply as a side
benefit of the encryption/decryption). Rsync over SSH gives the same set of
benefits, reduces the bandwidth used for updating the dataset (when it's
the same dataset, at least), and will also verify the data on both ends (as
it exists on disk) matches. If you're particularly lucky, the data might
even hit just the right mark that benefits from the in-line compression you
can turn on with SSH, too, cutting down the actual amount of bandwidth you
burn through for each transfer.

If your suppliers all have *nix based systems available, those are also
standard tools that they'll have on hand. If they're strictly Windows
shops, SCP/SFTP are still readily available, though they aren't built into
the OS... rsync gets a bit trickier.

> > How often does it need moved in/out of your facility, and is there no
way
> > to break up the processing into smaller chunks than a 0.6PB mass of
files?
> > Distribute out the smaller pieces with rsync, scp, or the like, operate
on
> > them, and pull back in the results, rather than trying to shift around
the
> > entire set. There's a reason Amazon will send a physical truck to a
site to
> > import large datasets into glacier... ;)
>
> Amazon has trucks?  Perhaps they do in other countries.  Here, amazon is
> just another web shop.  They might have some delivery vans, but I've
> never seen one, so I doubt it.  And why would anyone give them their
> data?  There's no telling what they would do with it.

Amazon's also one of the best known cloud computing suppliers on the planet
(AWS = Amazon Web Services). They have everything from pure compute
offerings to cloud storage geared towards *large* data archival. The latter
offering is named "glacier", and they offer a service for the import of
data into it (usually the "first pass", incremental changes are generally
done over the wire) that consists of a shipping truck with a rather nifty
storage system in the back of it that they hook right into your network.
You fill it with data, and then they drive it back to one of their data
centers to load it into place.

--
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] replacement for ftp?

[Poison BL.]

On Sat, Apr 29, 2017 at 3:24 PM, lee  wrote:

> Mick  writes:
>
> > On Tuesday 25 Apr 2017 16:45:37 Alan McKinnon wrote:
> >> On 25/04/2017 16:29, lee wrote:
> >> > Hi,
> >> >
> >> > since the usage of FTP seems to be declining, what is a replacement
> >> > which is at least as good as FTP?
> >> >
> >> > I'm aware that there's webdav, but that's very awkward to use and
> >> > missing features.
> >>
> >> Why not stick with ftp?
> >> Or, put another way, why do you feel you need to use something else?
> >>
> >> There's always dropbox
> >
> >
> > Invariably all web hosting ISPs offer ftp(s) for file upload/download.
> If you
> > pay a bit more you should be able to get ssh/scp/sftp too.  Indeed, many
> ISPs
> > throw in scp/sftp access as part of their basic package.
> >
> > Webdav(s) offers the same basic upload/download functionality, so I am
> not
> > sure what you find awkward about it, although I'd rather use lftp
> instead of
> > cadaver any day. ;-)
> >
> > As Alan mentioned, with JavaScript'ed web pages these days there are many
> > webapp'ed ISP offerings like Dropbox and friends.
> >
> > What is the use case you have in mind?
>
> transferring large amounts of data and automatization in processing at
> least some of it, without involving a 3rd party
>
> "Large amounts" can be "small" like 100MB --- or over 50k files in 12GB,
> or even more.  The mirror feature of lftp is extremely useful for such
> things.
>
> I wouldn't ever want having to mess around with web pages to figure out
> how to do this.  Ftp is plain and simple.  So you see why I'm explicitly
> asking for a replacement which is at least as good as ftp.
>
>
> --
> "Didn't work" is an error.
>
>
Half petabyte datasets aren't really something I'd personally *ever* trust
ftp with in the first place. That said, it depends entirely on the network
you're working with. Are you pushing this data in/out of the network your
machines live in, or are you working primarily internally? If internal,
what're the network side capabilities you have? Since you're likely already
using something on the order of CEPH or Gluster to back the datasets where
they sit, just working with it all across network from that storage would
be my first instinct.

How often does it need moved in/out of your facility, and is there no way
to break up the processing into smaller chunks than a 0.6PB mass of files?
Distribute out the smaller pieces with rsync, scp, or the like, operate on
them, and pull back in the results, rather than trying to shift around the
entire set. There's a reason Amazon will send a physical truck to a site to
import large datasets into glacier... ;)

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] replacement for ftp?

[Poison BL.]

On Tue, Apr 25, 2017 at 10:29 AM, lee  wrote:

>
> Hi,
>
> since the usage of FTP seems to be declining, what is a replacement
> which is at least as good as FTP?
>
> I'm aware that there's webdav, but that's very awkward to use and
> missing features.
>
>
> --
> "Didn't work" is an error.
>
>
The one issue I have with all the answers I've seen is that they all lack
the most important question. You're asking for alternatives for an old tool
that was used for many use cases that, these days, have evolved to have
very different requirements for security, integration of access methods,
and general workflows for use. FTP used to be the go-to for long distance
file sharing for *all* use cases, one to one (user managing a website's
content), many to one (upload site), one to many (download site), etc.
What's your use case?

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] broadwell for kaby lake?

[Poison BL.]

On Sat, Apr 22, 2017 at 5:24 PM, Jorge Almeida  wrote:
>
> I have a new computer, assembled piece by piece, and the cpu is
> supposed to be an intel i5-7600 LGA1151. The original box says "7th
> generation".
>
> However:
>
> $  gcc -### -E - -march=native 2>&1 | sed -r '/cc1/!d;s/(")|(^.* - )//g'
> -march=broadwell -mmmx -mno-3dnow -msse -msse2 -msse3 -mssse3
> -mno-sse4a -mcx16 -msahf -mmovbe -maes -mno-sha -mpclmul -mpopcnt
> -mabm -mno-lwp -mfma -mno-fma4 -mno-xop -mbmi -mbmi2 -mno-tbm -mavx
> -mavx2 -msse4.2 -msse4.1 -mlzcnt -mrtm -mhle -mrdrnd -mf16c -mfsgsbase
> -mrdseed -mprfchw -madx -mfxsr -mxsave -mxsaveopt -mno-avx512f
> -mno-avx512er -mno-avx512cd -mno-avx512pf -mno-prefetchwt1 --param
> l1-cache-size=32 --param l1-cache-line-size=64 --param
> l2-cache-size=6144 -mtune=generic -fstack-protector-strong
>
>
> ?!
>
>
> $ cat /proc/cpuinfo
> processor   : 0
> vendor_id   : GenuineIntel
> cpu family  : 6
> model   : 158
> model name  : Intel(R) Core(TM) i5-7600 CPU @ 3.50GHz
> stepping: 9
> microcode   : 0x42
> cpu MHz : 900.207
> cache size  : 6144 KB
> physical id : 0
> siblings: 4
> core id : 0
> cpu cores   : 4
> apicid  : 0
> initial apicid  : 0
> fpu : yes
> fpu_exception   : yes
> cpuid level : 22
> wp  : yes
> flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
> mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe
> syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts
> rep_good nopl xtopology nonstop_tsc aperfmperf tsc_known_freq pni
> pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16
> xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer
> aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch intel_pt
> tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle
> avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt
> xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify
> hwp_act_window hwp_epp
> bugs:
> bogomips: 7008.00
> clflush size: 64
> cache_alignment : 64
> address sizes   : 39 bits physical, 48 bits virtual
> power management:
>
>
>
> $ lshw
>
> (...)
>  *-cpu
>   description: CPU
>   product: Intel(R) Core(TM) i5-7600 CPU @ 3.50GHz
>   vendor: Intel Corp.
>   physical id: 52
>   bus info: cpu@0
>   version: Intel(R) Core(TM) i5-7600 CPU @ 3.50GHz
>   serial: To Be Filled By O.E.M.
>   slot: LGA1151
>   size: 3792MHz
>   capacity: 4005MHz
>   width: 64 bits
>   clock: 100MHz
>   capabilities: x86-64 fpu fpu_exception wp vme de pse tsc msr
> pae mce cx8 apic sep mtrr pge mca cm
> ov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall
> nx pdpe1gb rdtscp constant_tsc art arc
> h_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf
> tsc_known_freq pni pclmulqdq dtes64 monit
> or ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1
> sse4_2 x2apic movbe popcnt tsc_deadline
> _timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch intel_pt
> tpr_shadow vnmi flexpriority ept vpid f
> sgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed
> adx smap clflushopt xsaveopt xsavec
> xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window
> hwp_epp cpufreq
>   configuration: cores=4 enabledcores=4 threads=4
>
>
> (...)
>
> Was I ripped off?
>
> Can someone with the same cpu check the output of the above commands?
>
> Thanks...
>
>
> Jorge Almeida
>

While I don't have anything that new handy, the 6MB cache checks out
against intel's specs for the i5-7600. The broadwell i5-5675 lists off at a
4MB cache (not including the eDRAM). GCC seems to like going with a
slightly more tried & true feature set when faced with a fancy, new, chip,
in my experience. Especially if the version of GCC in use isn't the
absolute bleeding edge latest and greatest.

--
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] switching adapter - power supply

[Poison BL.]

On Mon, Mar 20, 2017 at 1:36 PM,  wrote:

> Or take one of the old PS from an old case and solder the tip to 12V
> line is better solution?
>

One point that should be noted on this idea... as long as it cooperates, it
should last pretty much forever, but your draw at the wall will likely be
much, much, higher than it is now since the ~50-60W max you're drawing from
it is so much lower than an older PSU is designed for (and efficiency drops
the further from the load it's designed for you go, in either direction).
The other issue I'm aware of is that a PC's PSU is designed with a minimum
load, and they can have unstable/incorrect output if that load's not met. I
would expect any PSU made in the past several years (where actual power
draw of a basic desktop has dropped significantly) to be fine with the load
you're throwing at it, but it's something to verify, especially if it's a
meaningfully older PSU. Typically, the place you see that problem crop up
is using a PSU for bench power, and running small embedded, very low power
(i.e. Arduino and the like) hardware off of it.

Whichever way you go, good luck!

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: WARNING: Crucial MX300 drives SUUUUUCK!!!!

[Poison BL.]

On Mon, Mar 6, 2017 at 2:23 AM, Kai Krakow <hurikha...@gmail.com> wrote:

> Am Tue, 14 Feb 2017 16:14:23 -0500
> schrieb "Poison BL." <poiso...@gmail.com>:
> > I actually see both sides of it... as nice as it is to have a chance
> > to recover the information from between the last backup and the death
> > of the drive, the reduced chance of corrupt data from a silently
> > failing (spinning) disk making it into backups is a bit of a good
> > balancing point for me.
>
> I've seen bordbackup giving me good protection to this. First, it
> doesn't backup files which are already in the backup. So if data
> silently changed, it won't make it into the backup. Second, it does
> incremental backups. Even if something broke and made it into the
> backup, you can eventually go back weeks or months to get back the
> file. The algorithm is very efficient. And every incremental backup is
> a full backup at the same time - so you thin out backup history by
> deleting any backup at any time (so it's not like traditional
> incremental backup which always needs the parent backup).
>
> OTOH, this means that every data block is only stored once. If silent
> data corruption is hitting here, you loose the complete history of this
> file (and maybe others using the same deduplicated block).
>
> For the numbers, I'm storing my 1.7 TB system into a 3 TB disk which is
> 2.2 TB full now. But the backup history is almost 1 year now (daily
> backups).
>
> As a sort of protection against silent data corruption, you could rsync
> borgbackup to a remote location. The differences are usually small, so
> that should be a fast operation. Maybe to some cloud storage or RAID
> protected NAS which can detect and correct silent data corruption (like
> ZFS or btrfs based systems).
>
>
> --
> Regards,
> Kai
>
> Replies to list-only preferred.
>

That's some impressive backup density... and I haven't looked into
borgbackup, but it sounds like it runs on the same principles as the
rsync+hardlink based scripts I've seen, though those will back up files
that've silently changed, since the checksums won't match any more, but
that won't blow away previous copies of the file either. I'll have to give
it a try!

As for protecting against the backup set itself getting silent corruption,
an rsync to a remote location would help, but you would have to ensure it
doesn't overwrite anything already there that may've changed, only create
new. Also, making the initial clone would take ages, I suspect, since it
would have to rebuild the hardlink set for everything (again, assuming
that's the trick borgbackup's using). One of the best options is to house
the base backup set itself on something like zfs or btrfs on a system with
ecc ram, and maintain checksums of everything on the side (crc32 would
likely suffice, but sha1's fast enough these days there's almost no excuse
not to use it). It might be possible to task tripwire to keep tabs on that
side of it, now that I consider it. While the filesystem itself in that
case is trying its best to prevent issues, there's always that slim risk
that there's a bug in the filesystem code itself that eats something, hence
the added layer of paranoia. Also, with ZFS for the base data set, you gain
in-place compression, dedup if you're feeling adventurous (not really worth
it unless you have multiple very similar backup sets for different
systems), block level checksums, redundancy across physical disks, in place
snapshots, and the ability to use zfs send/receive to do snapshot backups
of the backup set itself.

I managed to corrupt some data with zfs (w/ dedup, on gentoo) shared out
over nfs a while back on a box with way too little ram a while back
(nothing important, throwaway VM images), hence the paranoia of secondary
checksum auditing and still replicating the backup set for things that
might be important.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] WARNING: Crucial MX300 drives SUUUUUCK!!!!

[Poison BL.]

On Tue, Feb 14, 2017 at 6:29 PM, Alan Grimes  wrote:

> All this raises an interesting question: How much effort is it
> reasonable to expect a user to undertake just to use one of these
> drives? I mean it's going to be very tough to argue that it should
> require more than "plug in -> add partitions > boogie"  I mean half of
> what I'm hearing about how to set these up sounds like superstition
> based on how flash was 10 years ago. =\ I mean there needs to be a
> protocol where the drive communicates with the operating system what it
> needs, and the OS should just do it, and the user shouldn't know about
> it prior to running utilities on the volume/drive...
>
> It is really not reasonable to expect the user to know, understand, and
> actively administrate delicate tuning parameters for specific makes and
> models of drives and evolving tools to use these drives. Right now my
> drive is set up as if it were a black box that contains bits. I don't
> think it's reasonable for me to do anything more than that. =\


And, on the range of OSes that cater to users who don't care to know,
understand, or actively administer their systems they tend to detect that
it's an SSD, enable trim, and then let the user suffer with the defaults,
getting better performance than a spinning disk, even if they're not
getting the *most* out of their drive. For the users that *do* wish to,
there's options, whether via a different OS, third party software (like
Samsung Magician for their drives on Windows), or manually adjusting the
settings for the drive in their OS. They do tend to 'just work', but like
anything else, you don't get the best performance out of them by expecting
them to just plug in and go. Even spinning disks benefit from some tweaking
of filesystem parameters away from the defaults for best performance under
specific workloads.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] WARNING: Crucial MX300 drives SUUUUUCK!!!!

[Poison BL.]

On Tue, Feb 14, 2017 at 3:46 PM, Daniel Frey <djqf...@gmail.com> wrote:

> On 02/13/2017 10:17 AM, Poison BL. wrote:
> >
> > I've had more than one spinning rust drive fail hard over the years as
> > well, though yes, you do usually have some chance of recovery from
> > those. Gambling on that chance by leaving a given disk as a single point
> > of failure is still a bad idea, spinning disk or not. The point that you
> > went from single-disk SSD back to raid10 makes me question why, if your
> > uptime requirements (even if only for your own desires on a personal
> > machine) justify raid10, you weren't on at least raid1 with the SSD
> setup.
>
> I finally got tired and replaced my old laptop with a ThinkPad P70, and
> boy is it so much faster than anything else I own. Compile times are
> crazy fast on this new laptop of mine, but it came equipped with an i7
> with 8 threads and 16GB of RAM, which I'm sure helps A LOT.
>
> I'm going to get an SSD (or maybe an NVMe drive) for the new laptop and
> leave /home on ol' reliable rust disks.
>
> I do have backups. That's not the concern - the concern for me was
> turning on the PC and having it completely crap out.
>
> I used to have an SSD on my mythtv backend server, and it started
> behaving strangely one day. I could not log in to the console. X froze.
> Logged in via ssh and files appeared to be missing on the root
> partition. Rebooted the backend server and it was completely dead, no
> warnings or anything.
>
> Dan
>
>
>
>
I actually see both sides of it... as nice as it is to have a chance to
recover the information from between the last backup and the death of the
drive, the reduced chance of corrupt data from a silently failing
(spinning) disk making it into backups is a bit of a good balancing point
for me.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] WARNING: Crucial MX300 drives SUUUUUCK!!!!

[Poison BL.]

On Mon, Feb 13, 2017 at 4:49 PM, Mick <michaelkintz...@gmail.com> wrote:

> On Monday 13 Feb 2017 13:17:14 Poison BL. wrote:
> > On Mon, Feb 13, 2017 at 11:44 AM, Daniel Frey <djqf...@gmail.com> wrote:
> > > On 02/12/2017 02:40 PM, Alan Grimes wrote:
> > > > So does anyone have any evidence of a current generation SSD lasting
> > > > more than 20 days?
> > >
> > > I have tried various SSDs (multiple brands and generations) over the
> > > last maybe five years and found that they're very unreliable (multiple
> > > brands too.)
> > >
> > > I know everyone's saying these things are reliable but out of four SSDs
> > > I own, I've had to replace three, some more than once.
> > >
> > > I just don't use them for anything I want to stay working. Right now I
> > > keep them in my mythtv frontends as I can restore the OS easily. One
> one
> > > of them the company involved (Kingston) even sent me a newer
> drive/model
> > > as it was replaced more than once.
> > >
> > > I know they're fast. But what's the point of going 500 MPH and crashing
> > > into a mountain with no chance of repair/recovery. I went back to a
> > > (relatively) slower rust raid10, and it's been reliable for the last
> > > four years. At least with a hard drive failure, you stand /some/ chance
> > > at recovery, not zero.
> > >
> > > The one SSD that hasn't had to have been replaced under warranty is in
> > > my laptop which I generally use maybe a dozen times a year. I fully
> > > expect it to die one of these times when I boot the laptop (it's one of
> > > the old models.)
> > >
> > > My experiences are with Samsung, Kingston, Intel, Crucial and AData
> > > SSDs. The last one I bought because these things I view as throwaway
> > > devices (the warranty expired on the original Crucial) and don't want
> to
> > > spend big money on them. I have noticed the AData SSD's performance is
> > > not as fast now as it was new (maybe 1.5 years ago?) So it'll probably
> > > pack it in soon too.
> > >
> > > Dan
> >
> > I've had more than one spinning rust drive fail hard over the years as
> > well, though yes, you do usually have some chance of recovery from those.
> > Gambling on that chance by leaving a given disk as a single point of
> > failure is still a bad idea, spinning disk or not. The point that you
> went
> > from single-disk SSD back to raid10 makes me question why, if your uptime
> > requirements (even if only for your own desires on a personal machine)
> > justify raid10, you weren't on at least raid1 with the SSD setup.
> >
> > As for performance degredation on SSDs, that I've definitely seen on
> pretty
> > much every brand, though I've had good luck doing clean reloads on
> samsungs
> > once or twice to get speeds back up some (somehow, even trim doesn't seem
> > to keep things at their best).
> >
> > I can't say they're more or less reliable than spinning disks, though
> they
> > do have the benefit of no moving parts to wear out over time (thermal
> > cycles can still cause a physical failure on them, though).
>
> Have you noticed a difference between mounting partitions on them with the
> discard option, Vs running fstrim on a cron job?
> --
> Regards,
> Mick


I actually only have one (exceptionally cheap, and little used) in a linux
box at all, and haven't tested with anything other than having discard set.
I sadly have to live the windows life on all my work machines :(

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] WARNING: Crucial MX300 drives SUUUUUCK!!!!

[Poison BL.]

On Mon, Feb 13, 2017 at 11:44 AM, Daniel Frey  wrote:

> On 02/12/2017 02:40 PM, Alan Grimes wrote:
> > So does anyone have any evidence of a current generation SSD lasting
> > more than 20 days?
> >
>
> I have tried various SSDs (multiple brands and generations) over the
> last maybe five years and found that they're very unreliable (multiple
> brands too.)
>
> I know everyone's saying these things are reliable but out of four SSDs
> I own, I've had to replace three, some more than once.
>
> I just don't use them for anything I want to stay working. Right now I
> keep them in my mythtv frontends as I can restore the OS easily. One one
> of them the company involved (Kingston) even sent me a newer drive/model
> as it was replaced more than once.
>
> I know they're fast. But what's the point of going 500 MPH and crashing
> into a mountain with no chance of repair/recovery. I went back to a
> (relatively) slower rust raid10, and it's been reliable for the last
> four years. At least with a hard drive failure, you stand /some/ chance
> at recovery, not zero.
>
> The one SSD that hasn't had to have been replaced under warranty is in
> my laptop which I generally use maybe a dozen times a year. I fully
> expect it to die one of these times when I boot the laptop (it's one of
> the old models.)
>
> My experiences are with Samsung, Kingston, Intel, Crucial and AData
> SSDs. The last one I bought because these things I view as throwaway
> devices (the warranty expired on the original Crucial) and don't want to
> spend big money on them. I have noticed the AData SSD's performance is
> not as fast now as it was new (maybe 1.5 years ago?) So it'll probably
> pack it in soon too.
>
> Dan
>
>
I've had more than one spinning rust drive fail hard over the years as
well, though yes, you do usually have some chance of recovery from those.
Gambling on that chance by leaving a given disk as a single point of
failure is still a bad idea, spinning disk or not. The point that you went
from single-disk SSD back to raid10 makes me question why, if your uptime
requirements (even if only for your own desires on a personal machine)
justify raid10, you weren't on at least raid1 with the SSD setup.

As for performance degredation on SSDs, that I've definitely seen on pretty
much every brand, though I've had good luck doing clean reloads on samsungs
once or twice to get speeds back up some (somehow, even trim doesn't seem
to keep things at their best).

I can't say they're more or less reliable than spinning disks, though they
do have the benefit of no moving parts to wear out over time (thermal
cycles can still cause a physical failure on them, though).

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] WARNING: Crucial MX300 drives SUUUUUCK!!!!

[Poison BL.]

On Sun, Feb 12, 2017 at 5:40 PM, Alan Grimes  wrote:

> Dear god, I think I have come in contact with one of the suckiest things
> in the universe!
>
> I mean first there are supermassive black holes... OK... Then there's
> Crucial MX300 SSDs, and in a distant third there's Justin Beiber.
>
> I mean the absolute suckyness of MX300 SSDs defy human comprehension. I
> mean you could connect one of these:
> http://www.zmescience.com/science/biggest-most-poweful-engine-world/ to
> a suction pump and it couldn't possibly suck one quintillionth as much
> as this SSD...
>
> I mean if the power goes out, and you want to do some vacuuming, just
> put your MX300 behind the bag in your vacuum and it'll work better than
> normal.
>
> Seriously, what could possibly suck harder than a SSD which dies stone
> cold dead after only 20 days?!?!?! Thank god I had done nothing worse
> than store my rusty old Velociraptor on a shelf, and by good fortune it
> only took about two days to get it updated... I really hadn't intended
> to ever use it again. =\
>
> I'm not sure what lesson I should take away from this except that
> Crucial does not have any business selling SSDs. =\
>
> I'm not sure where to go from here. My 'raptor is very close to
> exceeding it's reliable lifespan, by some standards it already has...
> But now the QC of these SSDs has been shown to be outrageously bad. =(
>
> So does anyone have any evidence of a current generation SSD lasting
> more than 20 days?
>
> --
> Strange Game.
> The only winning move is not to play.
>
> Powers are not rights.
>


I've had all manner of drives fall on the leading edge of the failure rate
'bathtub curve', both SSDs and spinning rust (including hybrid drives), and
many more of each last far past what should typically be the tail end
'spike' that occurs on that curve (including a few of WD's raptor drives of
various vintage). A single drive failure is an anecdote, not an indicator
of a systemic failure of the entire production line (let alone brand),
especially if it lasted 20 days past install... which is well outside
anything a quick, every Nth drive, QA test on the production line is going
to pick up unless they happened to grab that single, specific, drive. As 20
days is also well inside the warranty they give on that drive, a
replacement's not likely to be difficult to get from the manufacturer (and
if you purchased it within the past 30 days, from typical vendors if you
prefer).

I don't *think* I have any of the MX series, but I have had good luck with
the one BX200 I have in my work desktop, and I've heard good things on the
handfull of BX series drives my boss's deployed in various desktops and
laptops. I haven't done any deliberate performance testing on them, but I
can attest to much better speeds out of my BX200 than the spinning 500GB
sitting under it in the same machine.

As for the failure *mode* of your drive, simply, completely, dead... that's
been my experience on every failed SSD I've seen, be it a samsung 850 pro,
an early crucial drive, corsair, and even intels. I suspect either the
controller itself is the point of failure on them, or it's simply incapable
of working around a failure of some other component.

Lastly, while drive failures do, very much, suck... they happen. That's why
backups are essential, and also exactly why raid levels outside of raid0
exist (one is not a replacement for the other, 'course).

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] How often do you reboot?

[Poison BL.]

On Mon, Jan 30, 2017 at 5:30 PM, Alan McKinnon 
wrote:

> On 30/01/2017 23:46, Grant Edwards wrote:
> > I've got a couple Gentoo machines that normally run 24/7.  I've
> > learned over the years that it's a good idea to reboot them
> > occasionally (when I have some spare time and I know they're idle)
> > just to make they still can.
> >
> > I've settled on roughly once a month or so.
> >
> > What seems to happen if I don't do this is that some update (or
> > perhaps just a stupid configuration mistake on my part) will render
> > the machine non-bootable, and I won't discover it until several months
> > later at the worst possible moment when I'm in the middle of something
> > urgent and the power fails, or I type "reboot" into the wrong xterm,
> > or whatever.  Or maybe those things don't happen to other people...
> >
>
> I'll wager the majority of experienced folks here do much the same as
> you, I know I do on my own boxes.
>
> One thing I've been trying to ram in at work is regular monthly reboots
> of all systems. You know how it goes - machine has 1000+ days uptime[1]
> w00t! w00t!
>
> and then the power goes off
> and then you find the drives won't spin up because the bearings are
> rumbling and the psu just can't deliver the oomph anymore to spin up all
> 8 drives at once
> and then the shit really hits the fan for real!
>
> So far I can't get agreement to do it (inertia? fear of loss of street
> cred? idiotic product owners? I dunno...)
> Maybe I'll sneak a monthly repeating change control in and just do it
>
> [1] 1000 days uptime these days is stupid. All it proves is that the
> admin is not doing kernel updates and the host probably leaks security
> holes like a sieve
>
>
> --
> Alan McKinnon
> alan.mckin...@gmail.com
>
>
>
I ran into the same at work, though it's set in for the others that it
*needs* done (thank goodness for heartbleed & shellshock, actually, to
finally force it as policy), after we've had not just drives, but drive
controllers fail more than once. The one thing that I have grown to love is
a raid controller that staggers drive spinup... that does wonders for
making things last just a little longer... and if they're not actively
failing, just a little less eager to spin up, they've got another year in
'em ;)

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] The Tao of Portage ... again

[Poison BL.]

On Sat, Dec 31, 2016 at 11:11 AM,  wrote:

> Corbin Bird  [16-12-31 16:52]:
> >
> > On 12/31/2016 09:23 AM, meino.cra...@gmx.de wrote:
> > > Hi,
> > >
> > > and the novice asked:
> > > "Is there the Tao in rpm?"
> > > The master replied: "...ues, there is the Tao in rpm."
> > > "And is there the Tao in yum?"
> > > "Yes, there is Tao in yym also...in every package manager
> > > is the Tao...humble and silent they do all their work..."
> > > The master added:
> > > "...and Tao is in portage/emerge also...but of an higher order,
> > > so dont try to understand, what it says..."
> > >
> > > This time the novice was who shifted slightly and coughed...
> > >
> > > Hmmm...
> > >
> > > This time portage reached down from its ebony tower and spake to the
> > > novice claiming:
> > >
> > > emerge sci-electronics/pulseview sci-electronics/sigrok-cli
> sci-libs/libsigrok sci-libs/libsigrokdecode
> > >
> > > Calculating dependencies  [ ok ]
> -
> > >
> > > !!! Problem resolving dependencies for sci-electronics/pulseview
> ... done!
> > >
> > > !!! The ebuild selected to satisfy "sci-electronics/pulseview" has
> unmet requirements.
> > > - sci-electronics/pulseview-0.3.0::gentoo USE="decode qt5 -qt4
> -static" ABI_X86="64" PYTHON_TARGETS="-python3_4"
> > >
> > >   The following REQUIRED_USE flag constraints are unsatisfied:
> > > decode? ( python_targets_python3_4 )
> > >
> > >   The above constraints are a subset of the following complete
> expression:
> > > decode? ( python_targets_python3_4 ) exactly-one-of ( qt4 qt5 )
> > >
> > >
> > > What is missing what by what ?
> > > Is it possible to make these kind of output a little more readable...?
> > > I am only a simple human being and my ideas for more and more clones
> > > of "The Tao of Programming" just to add some humor are limited...
> > > :)
> > >
> > > Ah! By the way: Happy new year! :) :) :)
> > >
> > > Cheers
> > > Meino
> > > (slightly shifting and coughing)
> > >
> > in "package.use" for "sci-electronics/pulseview" put :
> >
> > python_targets_python3_4
> >
> > That is what it is asking for.
> >
> > >   The following REQUIRED_USE flag constraints are unsatisfied:
> > > decode? ( python_targets_python3_4 )
> >
> > you have the qt requirements met correctly :
> >
> > > exactly-one-of ( qt4 qt5 )
> >
> > Humor always helps.
> >
> >
> >
>
>
> and as the masters spake again, the novice took
> his pencil writing down on the flag of usage the letters:
>
> /root>cat package.use/pulseview
> sci-electronics/pulseview python_targets_python3_4
>
> and did, what he did before
> emerge sci-electronics/pulseview
>
> And again, thunder could be heard and lightning was
> blinding the very eyes of the novice:
>
> Calculating dependencies |
>
> !!! Problem resolving dependencies for sci-electronics/pulseview
> ... done!
>
> !!! The ebuild selected to satisfy "sci-electronics/pulseview" has unmet
> requirements.
> - sci-electronics/pulseview-0.3.0::gentoo USE="decode -qt4 -qt5 -static"
> ABI_X86="64" PYTHON_TARGETS="python3_4"
>
>   The following REQUIRED_USE flag constraints are unsatisfied:
> exactly-one-of ( qt4 qt5 )
>
>   The above constraints are a subset of the following complete expression:
> decode? ( python_targets_python3_4 ) exactly-one-of ( qt4 qt5 )
>
> [1]10614 exit 1 emerge sci-electronics/pulseview
>
> Irritated and somehow frustrated he stared up to the
> dark clouds of portaged darkness...and wants to emerge
> from this place...but the strong spell of the Linux environment
> was holding him firmly and prevent him to jump through the open windows
> of hell.
>
> Oh how micro he felt and how soft his previously strong believe
> became...
>
> ...and from the distance he could hear the penguins laughing...
>
> --
>
> Only my understanding of portage seems to be limited right now...
> still haveing enough silly ideas for the next round of Taos I have..
>
> ;)
>
> Cheers
> Meino
>
>
>
>
Originally, you had the use flags "qt5 -qt4", and somewhere in your
addition of python_targets_python3_4, you changed it to "-qt4 -qt5", so now
portage wants you to have "exactly-one-of" qt4 or qt5. Toss the one you
prefer in on the end of package.use/pulseview and it should fix that.

I'd risk guessing you had qt5 in there before, and replaced it with
python_targets_python3_4 rather than simply adding python_targets_python3_4
to the list of flags.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] OT: Can QEMU emulate cpu instructions the host cpu doesn't have?

[Poison BL.]

On Tue, Dec 20, 2016 at 8:12 PM, Walter Dnes  wrote:

>   I have "Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz" on a physical host
> machine.  I'd like to emulate a cpu with the "movbe" instruction set.
> Doing some testing, I tried, as root stuff like...
>
> qemu-system-x86_64 -enable-kvm -cpu Broadwell
>
> ...and got the following warnings
> warning: host doesn't support requested feature: CPUID.01H:ECX.fma [bit 12]
> warning: host doesn't support requested feature: CPUID.01H:ECX.movbe [bit
> 22]
> warning: host doesn't support requested feature: CPUID.07H:EBX.bmi1 [bit 3]
> warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
> warning: host doesn't support requested feature: CPUID.07H:EBX.avx2 [bit 5]
> warning: host doesn't support requested feature: CPUID.07H:EBX.bmi2 [bit 8]
> warning: host doesn't support requested feature: CPUID.07H:EBX.invpcid
> [bit 10]
> warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
> warning: host doesn't support requested feature: CPUID.07H:EBX.rdseed [bit
> 18]
> warning: host doesn't support requested feature: CPUID.07H:EBX.adx [bit 19]
> warning: host doesn't support requested feature: CPUID.07H:EBX.smap [bit
> 20]
> warning: host doesn't support requested feature: CPUID.8001H:ECX.abm
> [bit 5]
> warning: host doesn't support requested feature: 
> CPUID.8001H:ECX.3dnowprefetch
> [bit 8]
>
>   On real qemu sessions "grep movbe /proc/cpuinfo" doesn't get any hits.
> I hope I'm doing something wrong here, rather than qemu not being able
> to emulate a newer cpu.  Any ideas?
>
> --
> Walter Dnes 
> I don't run "desktop environments"; I run useful applications
>
>
I think the issue is using KVM there. When you're emulating something
feature-different from the host cpu (or at least something that requires an
added feature), I suspect you're stuck with non-accelerated emulation (I'm
pretty sure the *old* acceleration kernel module is no longer maintained).
I know qemu can do full emulation of instruction sets that the host cpu
lacks because I've used it for arm... but I've never really toyed with
other x86 series features like that personally.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] [O/T] netstat security puzzle

[Poison BL.]

On Fri, Dec 16, 2016 at 7:14 PM, Mick  wrote:

> I am looking at a Mint 18 installation and noticed when running netstat
> that
> all tcp connections are showing not the PC name, but "Knoppix":.
>
> What might be the cause of this?  The installation was performed using a
> Mint
> LiveCD iso.
> --
> Regards,
> Mick


My first check would be /etc/hosts for an entry there. That, or lazily
grepping all of /etc for Knoppix.

It is strange that it's not using either the hostname as given during
setup, or an auto-generated potentially unique one, wherever it's pulling
that from.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] How to get nginx serving pages?

[Poison BL.]

On Mon, Nov 7, 2016 at 11:20 AM, Peter Humphrey  wrote:
> Hello list,
>
> Several years ago I set up an apache2 web server to host a development site,
> and I had quite a struggle to get it all set up. Now I want to do it again,
> but I decided to try nginx instead. I've followed the instructions here:
>
> https://wiki.gentoo.org/wiki/Nginx
>
> ...but I get Connection Refused in www-client/links running on the same
> machine, or in Firefox over the LAN. I can run links as myself or as root,
> with the same result. But:
>
> $ curl http://localhost
> Hello, world!
>
> # netstat -tulpen | grep :80
> tcp  0  0 127.0.0.1:80  0.0.0.0:*  LISTEN  0  60680  19196/nginx: master
>
> # cat /var/log/nginx/error_log
> 2016/11/07 16:06:19 [notice] 19195#0: using the "epoll" event method
> 2016/11/07 16:06:19 [notice] 19195#0: nginx/1.10.1
> 2016/11/07 16:06:19 [notice] 19195#0: OS: Linux 4.4.26-gentoo
> 2016/11/07 16:06:19 [notice] 19195#0: getrlimit(RLIMIT_NOFILE): 1024:4096
> 2016/11/07 16:06:19 [notice] 19196#0: start worker processes
> 2016/11/07 16:06:19 [notice] 19196#0: start worker process 19197
>
> /etc/nginx/nginx.conf is untouched since installation.
>
> Shorewall isn't logging anything.
>
> What have I overlooked?
>
> --
> Regards
> Peter
>
>

>From the configuration in the aforementioned guide:

server {
listen 127.0.0.1;
server_name localhost;

access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;

root /var/www/localhost/htdocs;
}

This specifically instructs nginx to listen only on 127.0.0.1, so even
connections from the same machine to its hostname or external IP
address will not hit nginx there. You'll need to change the 'listen'
value to determine what connections it should be answering. See the
nginx documetation on that here:

http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

I would suspect for your internal network use-case, you'll want:

listen *:80;

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] SOLVED: NVMe drive and grub

[Poison BL.]

On Mon, Apr 11, 2016 at 8:56 PM, Adam Carter  wrote:
>
>> The problem was sys-boot/grub-2.02_beta2-r9, which UEFI never ran.
>>
>> The fix was to get rid of grub altogether and instead use
>> sys-boot/gummiboot.
>> Not only was it fully functional, it was a welcome relief not to have to
>> grapple with grub's baroque complexity and to be able to return to the
>> simple
>> booting I remember from years ago.
>>
>> I'd spent five long days wrestling with grub, going round in circles and
>> getting nowhere, before I was pointed to gummiboot.
>
>
> I also failed to get grub2 + UEFI working. So either;
> 1. We're both dummies
> 2. The handbook instructions are incorrect and/or inadequate
>
> Can anyone else that is familiar comment on the grub2 + UEFI doc quality?

Well, the uefi related commands in the kernel build section appears to
gloss over the potential issues that having a misconfigured kernel
(notably, one lacking either a builtin root= command line or an
initramfs that will handle that) directly uefi-stub booted will bring,
and installing the kernel as bootx64.efi might be contributing to grub
itself not being loaded.

The other potential source of an issue I see is that, while the kernel
build section of the handbook appears to point towards using
/boot/efi/ for the fat32 EFI partition (presumably based on earlier
usage/recommendations/commands), the grub2 part of the bootloaders
page in the handbook gives "--efi-directory=/boot". That would cause
grub to be on the wrong partition, completely out of reach of the uefi
firmware's boot process.

If it's in the right place despite that (such as, the user noticing
the discrepancy and adjusting for it, or me assuming the effect of
that flag all wrong), it's still potentially being overridden by the
bootx64.efi file put in place in the earlier chapter, unless grub
auto-adds itself to the efi boot list with a higher priority than the
generic quasi-bios-style 'disk' boot entry (with, say, efibootmgr).

The file 'bootx64.efi' is the default that uefi looks for when booting
a 'disk' in a quasi-bios-style fallback (if there's not a real 'boot
this particular thing' like the windows boot manager adds), which also
makes the efibootmgr example that sets up a boot entry for it a little
redundant (though using efibootmgr, one could add an entry for grub to
fix the whole mess).

Of course, using efibootmgr, you could also just add entries for your
kernels, having copied them to files named something sensible in the
efi filesystem, each built with an embedded command line and/or
initramfs that's sufficient to boot, and cut out the middleman. It's a
little more 'hands on' than running grub2-mkconfig when you're
changing things around for a new kernel, though.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] NVMe drive and grub

[Poison BL.]

On Fri, Apr 8, 2016 at 11:32 AM,  <pe...@prh.myzen.co.uk> wrote:
> Poison BL. <poiso...@gmail.com> wrote :
>
>> On Fri, Apr 8, 2016 at 8:21 AM, Peter Humphrey pe...@prh.myzen.co.uk>
>> wrote:
>> > On Thursday 07 April 2016 17:56:55 Jeremi Piotrowski wrote:
>> >>   What is in your grub.conf? Have you thought about adding an
>> >> initramfs and letting it drop you to its rescue shell so that you can
>> >> investigate?
>> >
>> > Grub.cfg looks all right to me: at least, it does include a sensible root=
>> > value.
>> >
>> > I never see a grub screen - it just starts the current kernel. I did
>> wonder
>> > about an initramfs and I'm trying it now. I've also followed Remy's advice
>> > and used gentoo-sources-4.4.6.
>> >
>> > So far I've spent about 30 hours scratching my head, clutching at straws
>> and
>> > going round in circles. I'm getting dizzy.  :-)
>> >
>> > --
>> > Rgds
>> > Peter
>>
>> So, you have Grub setup to give a menu, pause, or at least do
>> something visible, and it's skipping right past that? That makes me
>> suspect that Grub's not running at all, and that the kernel's being
>> loaded by UEFI directly.
>
> Ah! Now why didn't I think of that?
>
>> What files are in /boot/ on your efi partition (preferably identified
>> with the file command)?
>
> # file /boot/*
>  /boot/config-4.4.6-gentoo: Linux make config build file, 
> ASCII text
> /boot/efi: directory
> /boot/grub:directory
> /boot/initramfs-genkernel-x86_64-4.4.6-gentoo: XZ compressed data
> /boot/System.map-4.4.6-gentoo: ASCII text
> /boot/vmlinuz-4.4.6-gentoo:Linux kernel x86 boot 
> executable bzImage, version 4.4.6-gentoo (root@sysresccd) #7 SMP Fri Apr 8 
> 15:51:24 BST 201, RO-rootFS, swap_dev 0x5, Normal VGA
>
> # file /boot/efi/boot/*
> /boot/efi/boot/bootx64.efi: Linux kernel x86 boot executable bzImage, version 
> 4.4.6-gentoo (root@sysresccd) #7 SMP Fri Apr 8 15:51:24 BST 201, RO-rootFS, 
> swap_dev 0x5, Normal VGA
>
>> If you have a kernel in there named bootx64.efi, that's likely the culprit.
>
> That's what it's supposed to look like, isn't it?
>
> (I'm using web-mail after booting sysresccd.)

--> /boot/efi/boot/bootx64.efi <--

This one is what your UEFI's loading at boot. The lack of any other
files in /boot/efi/boot/ makes me suspect Grub's not actually
installed in quite the right spot for the UEFI layer to load it. If
you pointed grub2-install at the right place (the second command line
at [1]), I believe you should have grubx64.efi there as well. If you
want to play with getting it working with the uefi stub in the kernel
(the way it's booting now), you will need to add in the kernel command
line options you need to boot into the kernel itself, which you can do
when you configure it. That's how I have the couple uefi systems I've
built running, but it comes with the downside that you can't have two
available, in parallel, at boot to test the new one without locking
yourself out if it's broken (requiring the same external media boot
you're already doing to fix it this time around).

[1]: 
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Bootloader#Configuring_GRUB2

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] NVMe drive and grub

[Poison BL.]

On Fri, Apr 8, 2016 at 8:21 AM, Peter Humphrey  wrote:
> On Thursday 07 April 2016 17:56:55 Jeremi Piotrowski wrote:
>>   What is in your grub.conf? Have you thought about adding an
>> initramfs and letting it drop you to its rescue shell so that you can
>> investigate?
>
> Grub.cfg looks all right to me: at least, it does include a sensible root=
> value.
>
> I never see a grub screen - it just starts the current kernel. I did wonder
> about an initramfs and I'm trying it now. I've also followed Remy's advice
> and used gentoo-sources-4.4.6.
>
> So far I've spent about 30 hours scratching my head, clutching at straws and
> going round in circles. I'm getting dizzy.  :-)
>
> --
> Rgds
> Peter

So, you have Grub setup to give a menu, pause, or at least do
something visible, and it's skipping right past that? That makes me
suspect that Grub's not running at all, and that the kernel's being
loaded by UEFI directly.

What files are in /boot/ on your efi partition (preferably identified
with the file command)?

If you have a kernel in there named bootx64.efi, that's likely the culprit.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] /dev/shm in a Linux container

[Poison BL.]

On Sun, Sep 27, 2015 at 11:06 AM, Mike Gilbert  wrote:
> On Sun, Sep 27, 2015 at 10:38 AM, lee  wrote:
>> Hi,
>>
>> when updating a guest in an LXC, emerging python pointed out a problem
>> with a broken /dev/shm.  So I found out how to mount /dev/shm in the
>> container and updated.
>>
>> However, I'm wondering how secure that is, and I wonder if I should
>> leave it mounted or disable the mount.  It might be a very bad idea to
>> leave it mounted, and there's probably good reasons not to have it
>> mounted by default, yet I don't know if anything in the container might
>> use or need this mount after updating.
>
> There are a few glibc functions that require it:
>
> - Shared memory
> - Semaphores
>
> As a developer, I consider your system to be mis-configured if it is
> not mounted properly, and I would immediately close any related bug
> reports. I don't see how it could possibly be a security problem.
>

By itself it's not, but there are a number of off the shelf exploits
in other code (primarily webapps) that tend to depend on it being a
trusty, reliable, writable path, even for processes running under
accounts with very low privileges. Making it noexec narrows down the
list a little, but it's far from foolproof. Avoiding it is less a
proper security measure, and more a bandaid to try to cover real
security issues you don't (yet) know you have, but the effectiveness
is really up there with obfuscation (like making your lamp stack look
like IIS to the casual passer-by).

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: why --noclear not set on tty1 in default /etc/inittab?

[Poison BL.]

On Sat, Aug 8, 2015 at 1:28 PM, Mick michaelkintz...@gmail.com wrote:

 On Saturday 08 Aug 2015 18:02:00 Neil Bothwick wrote:
  On Sat, 8 Aug 2015 16:00:29 + (UTC), Grant Edwards wrote:
   Yep, I find it infuriating that by default all distros seem to go to
   great effort to hide as much information about the boot/startup
   process as possible.  WTF?  Do they think that stuff is top secret or
   something?  Are they afraid they'll lose their jobs if that info gets
   out?
 
  No, they think that the type of user they are trying to attract is likely
  to be scared off by all that cryptic text scrolling by. They are probably
  right.
 
  Gentoo doesn't hide it, it merely clears the screen once the boot has
  completed successfully. If the boot halts, you can see where and,
  usually, why it stopped. Try that with openUbundora.


 Also on a server console you may not want anyone walking by to see what
 services you're running, what your IP address is, what NFS it's connecting
 to,
 etc.

 Of course, for a home PC with a single user these concerns do not apply.
 --
 Regards,
 Mick


There's no viable security benefit from not having it visible. On a server
console, there shouldn't be anyone with physical access to the display, the
rack it's mounted in, and for that matter, the data center itself, that
can't be trusted with being aware of a general sense of what a given server
runs. If someone can stand and read your server console without garnering
any notice, they can plug a USB in, reboot to it, and have half your files
before you figure out why your web server stopped answering. For that
matter, all they *have* to do is plug that in, reboot to it, and have it
built to load *their* kernel and *your* user space, with patched kernel
that slowly siphons off data at a rate you don't notice, from within the
kernel. If you don't trust the people who have physical access to your
systems, you cannot trust your systems, period. Yes, there are ways to
prevent even that attack, but the most viable one is a locked door,
requiring more authentication than a simple mechanical lock, between them
and the system.

If it's shared hosting, lock your rack when you're not in front of it,
padlock the server case itself closed (and buy a server that has a proper,
functional, user-space watchable chassis intrusion switch), run
uefi/secureboot with only your key white-listed, lock down booting to only
your privately signed kernel, and for the sake of paranoia... turn off your
monitor when you're not in front of it. Hiding warnings and errors from
yourself during boot that might tip you off to a real security issue does
more to cause risk than mitigate it. Since shared hosting means the network
itself (unless you have a completely captive network within your, locked,
rack) is uncontrolled, details like what services you're running and what
NFS shares you're connecting to are as good as public knowledge anyhow.

As for when/where/why it was introduced, it showed up in agetty in the
util-linux github in May 2011 [1], and included in the release of agetty
2.20 or so, and there's a mention of it in a mailing list [2], to which the
reasoning is given as:

 I've backported this from our mingetty due to several bug reports from
data protection officers of our customers. - Dr. Werner Fink | 2 Sep 12:43
2011

So it was prompted by a perceived security issue, but I would happily sit
down with any of the DPOs involved in that to hear just how that little
bandaid fixes any of the real security issues involved ;)


[1]
https://github.com/karelzak/util-linux/commit/e85281a8ac887a35a78f4b43e4755a44aecc2fb7
[2] http://comments.gmane.org/gmane.linux.utilities.util-linux-ng/4685

-- 
Joshua M. Murphy

Re: [gentoo-user] Re: why --noclear not set on tty1 in default /etc/inittab?

[Poison BL.]

On Sat, Aug 8, 2015 at 2:36 PM, Poison BL. poiso...@gmail.com wrote:

 So it was prompted by a perceived security issue, but I would happily sit
 down with any of the DPOs involved in that to hear just how that little
 bandaid fixes any of the real security issues involved ;)

 --
 Joshua M. Murphy


Actually, now I recall what the actual issue is/was that prompted it. While
there's no reasonable security issue from the information left over by the
startup script output, the change was (if I recall from reading about it
back then) addressing the data left on screen after a user session, which
very much would fall under the scope of the data protection officers
mentioned above. When launched from init, as agetty is, there's no sensible
way to track whether it's being launched the first time after boot, or
relaunched after the end of a previous session, hence the terminal clear by
default.

-- 
Joshua M. Murphy

Re: [gentoo-user] Dual OS clock issues

[Poison BL.]

On Fri, Jun 5, 2015 at 4:28 AM, Fernando Rodriguez 
frodriguez.develo...@outlook.com wrote:

 On Thursday, June 04, 2015 12:06:51 PM Derek Ellison wrote:
  I have two HDD in a UEFI system. Windows 8 on one and Gentoo on the
 other.
  Currently I have to update the clock everytime I boot to the other OS and
  I'm wondering if there is a way I can avoid this? It's just starting to
 get
  to be a pain to have to update it everytime.
 
  Any information would be most welcome.
 
  Thanks!

 Set Windows to use utc. See
 https://wiki.archlinux.org/index.php/Time#UTC_in_Windows

 --
 Fernando Rodriguez


Given the fact that the builtin network time sync windows does ignores that
feature altogether, it's generally a lot more sensible to configure the OS
that actually cooperates rather than the one that only listens to settings
when it suits it. That said, when there's some reason that's not an option
(in my case, I'm not the admin on the linux OS some of my machines are
stuck dual booting with, and I need reliable time sync in windows for
licensing), a secondary tool like NetTime, alongside disabling the W32Time
and setting RealTimeIsUniversal in the registry seems to work well so far.

-- 
Joshua M. Murphy

Re: [gentoo-user] low risk network bridge

[Poison BL.]

On Wed, May 6, 2015 at 3:59 PM, Stefan G. Weichinger li...@xunil.at wrote:


 My task is to enable a (remote) server to run VMs via qemu/KVM.

 The server is configured to set up its eth0 via openrc but this isn't
 enough to run the VMs network.

 I tried macvtap but something didn't work, either libvirt (yes, with
 USE-flag macvtap) or something else (the kernel supports mavtap).

 So bridging.

 I'd like to keep the risk of losing connectivity as low as possible ... I
 can visit the place in a few weeks to iron out things but I would like to
 set up a bridge now without failure, just to get that VM running asap.

 Could anyone advise me in doing this?

 I have only ssh-access now ... its openrc-driven, and I might use a second
 IPv4-IP if that helps ...

 anyone?

 (editing the conf.d-files to remove eth0 and setup br0 is too scary right
 now. One mistake and the box is offline)


If you need the VMs outwardly visible, I can't think of a way to do it
without losing connection upon switching to the bridge (granted, I'm far
from an expert on bridging under linux). If you're fine with the VMs being
behind a NAT, and your kernel has the support for it, add the vm interfaces
to a bridge, enable net.ipv4.ip_forward and set up the NAT like any other
dual homed linux router... iptables-apply being your best friend for
testing changes without permanently losing access and/or having to reboot
to restore access.

-- 
Joshua M. Murphy

Re: [gentoo-user] automatic network connection between eth and wifi

[Poison BL.]

On Wed, Feb 11, 2015 at 6:59 PM, Joseph syscon...@gmail.com wrote:
 I've noticed that on the newer distribution (binary, xubuntu fedora) the
 network connection is automatic whenever someone connects the cable or if
 cable is disconnected it switches to wife.
 Is it the function of the new systemd or it is a new program?

 I'm still using rc

 --
 Joseph


NetworkManager is likely the backend that's handling that for those
particular distros, unless networkd got a massive overhaul since I
last saw anything on it. I recall wicd filled that role seamlessly
enough last I used it as well, but it's fallen a bit by the wayside.
Even the basic init-script/openrc configured networking is capable of
the job with the right settings, though. If I recall, sys-apps/netplug
or sys-apps/ifplugd will provide 'hotplug' style configuration on
dis/reconnect of a wire, and grouping that with 'disable/enable wifi'
calls when the wired interface goes up/down will make it behave that
way.

From a quick search, this page should give more details on the
slightly less auto-magic approach:
http://wiki.gentoo.org/wiki/OpenRC_notebook_roaming_How-To

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Huge downloads approx. every 2 minutes

[Poison BL.]

On Fri, Feb 6, 2015 at 12:11 AM, Hartmut Figge h.fi...@gmx.de wrote:
 Greetings,

 after noticing huge downloads circa ever 2 minutes naturally I wanted to
 stop that. :) After a reboot followed by startx which opened icewm I
 issued the command
 sudo ngrep -t -d net0 | tee system-ngrep_log.txt
 in a xterm and waited for one occurrence.

 Full log: www.triffids.de/pub/tmp/system-ngrep_log.txt.gz (5,6MB)

 How to determine the culprit?

 Hartmut


Port 995 there indicates SSL POP mail. If you don't know/recall what
process is polling for that, a run of netstat -p while it's active
should give the pid and name for it. If I recall, netstat -p might
need root.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep

[Poison BL.]

On Mon, Jan 26, 2015 at 11:21 AM, Tanstaafl tansta...@libertytrek.org wrote:
 Hello all,

 Been on rkhunter 1.4.2 for a while, no changes made to its config file,
 been running nightly for years without these warnings...

 I recently did some Gentoo updates after almost 2 months of no updates
 (was out of town), and now, even after running --propupd, I continue to
 get these warnings:

  # grep Warning /var/log/rkhunter.log
 [03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
 -s [rkhunter] Warnings found for ${HOST_NAME}'
 [03:10:45]   /bin/egrep  [ Warning ]
 [03:10:45] Warning: The command '/bin/egrep' has been replaced by a
 script: /bin/egrep: POSIX shell script, ASCII text executable
 [03:10:45]   /bin/fgrep  [ Warning ]
 [03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
 script: /bin/fgrep: POSIX shell script, ASCII text executable

 Anyone know if this is due to something changing in Gentoo?


Well, for the 'not updated recently enough' baseline:

 ~ $ eix grep -I
[I] sys-apps/grep
 Available versions:  2.16 ~2.20 ~2.20-r1 ~2.21 {nls pcre static}
 Installed versions:  2.16(20:37:55 04/11/14)(nls pcre -static)
 Homepage:http://www.gnu.org/software/grep/
 Description: GNU regular expression matcher

 ~ $ file /bin/*grep
/bin/egrep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
/bin/fgrep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
/bin/grep:  ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped

 ~ $ ls -l /bin/*grep
-rwxr-xr-x 1 root root 208096 Apr 11  2014 /bin/egrep
-rwxr-xr-x 1 root root 105472 Apr 11  2014 /bin/fgrep
-rwxr-xr-x 1 root root 212256 Apr 11  2014 /bin/grep

-

And after a quick update:

 ~ $ eix grep -I
[I] sys-apps/grep
 Available versions:  2.16 ~2.20 ~2.20-r1 ~2.21 2.21-r1 {nls pcre static}
 Installed versions:  2.21-r1(11:28:57 01/26/15)(nls pcre -static)
 Homepage:http://www.gnu.org/software/grep/
 Description: GNU regular expression matcher

 ~ $ file /bin/*grep
/bin/egrep: POSIX shell script, ASCII text executable
/bin/fgrep: POSIX shell script, ASCII text executable
/bin/grep:  ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped

 ~ $ ls -l /bin/*grep
-rwxr-xr-x 1 root root158 Jan 26 11:28 /bin/egrep
-rwxr-xr-x 1 root root158 Jan 26 11:28 /bin/fgrep
-rwxr-xr-x 1 root root 154856 Jan 26 11:28 /bin/grep


-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Is lshw reporting correctly?

[Poison BL.]

On Tue, Dec 23, 2014 at 1:53 PM, Mick michaelkintz...@gmail.com wrote:
 This is what I see when I plugged in two memory modules:
 ===
  *-memory
   description: System Memory
   physical id: 2f
   slot: System board or motherboard
   size: 16GiB
 *-bank:0
  description: DIMM DDR3 Synchronous 1333 MHz (0.8 ns)
  product: Array1_PartNumber1
  vendor: A1_Manufacturer1
  physical id: 0
  serial: A1_SerNum1
  slot: DIMM_A1
  size: 8GiB
  width: 64 bits
  clock: 1333MHz (0.8ns)
 *-bank:1
  description: [empty]
  product: Array1_PartNumber0
  vendor: A1_Manufacturer0
  physical id: 1
  serial: A1_SerNum0
  slot: DIMM_A2
 *-bank:2
  description: DIMM DDR3 Synchronous 1333 MHz (0.8 ns)
  product: F3-2133C9-8GXH
  vendor: Undefined
  physical id: 2
  serial: 
  slot: DIMM_B1
  size: 8GiB
  width: 64 bits
  clock: 1333MHz (0.8ns)
 *-bank:3
  description: [empty]
  product: Array1_PartNumber3
  vendor: A1_Manufacturer3
  physical id: 3
  serial: A1_SerNum3
  slot: DIMM_B2
 

 These were bought as a set from Amazon:

 http://www.amazon.co.uk/Ripjaws-PC17000-2133MHz-Memory-Platforms/dp/B007COT274/

 but as you can see above only the second module reports a product code
 (product: F3-2133C9-8GXH), while the first module shows Array1_PartNumber1.

 Is this normal?  Is there something wrong with the memory module(s), the MoBo,
 or even the lshw command?

 --
 Regards,
 Mick

Primarily, I suspect that anything over about 1600MHz is going to
require poking the bios (or uefi) to actually run it at its spec'd
clock (enabling following the XMP profile defined by the ram, if the
mobo directly supports doing so, is usually all it takes), otherwise
it down-steps to either 1333 or 1600 as 'standard' defined speeds for
ddr3. As for why it's not reporting the product, vendor, and s/n's
properly, I'm not sure. I'd try swapping them to see if the issue
moves with them, but as long as they're actually able to run stable
(and reliably) at their spec'd rates, and they really are the sizes
they claim, I'd be inclined not to care whether the nvram values
beyond the speed profiles are read properly.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] XFCE setting sound input from USB, playback from motherboard chip.

[Poison BL.]

On Mon, Dec 22, 2014 at 2:17 PM, Joseph syscon...@gmail.com wrote:
 Yes, alsamixer -c0
 But I want 0 to be default.  When I type alsamixer it should
 automatically pop us as default. Which file do I modify?

 --
 Joseph


I believe that's a side effect of alsa-lib being set to something
other than card 0 as the default device (which pulse likes to do), you
can either look for the relevant lines in /etc/asound.conf for the
system wide settings, or handle it on the user level in
$HOME/.asoundrc ... and the Alsa project themselves have the best docs
on those files here:
http://www.alsa-project.org/main/index.php/Asoundrc

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: Fresh gen too install - unsuccesful

[Poison BL.]

On Sat, Dec 20, 2014 at 10:34 AM, German gentger...@gmail.com wrote:
 That's where I think the problem lies Mick. My system is uefi. Too bad that 
 gen too officially doesn't support it. I just wish gentoo developers take a 
 closer look at the issue and come out with uefi capable minimal installation 
 CD and clear uefi installation documentation

Well, while it's not covered in the official side of the install docs,
this wiki page was how I handled my system when I first ended up with
a UEFI laptop here (Win8 didn't even make it 12hrs for me ;) --

http://wiki.gentoo.org/wiki/UEFI_Gentoo_Quick_Install_Guide

It only has one minor issue, and that's the lack of mentioning first
and foremost that, to configure UEFI, you have to be UEFI booted
already (it does get around to noting it about the halfway mark). Any
UEFI compatible linux livecd/usb will work, though.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] How to install a pkg without all dependencies?

[Poison BL.]

On Thu, Dec 18, 2014 at 1:18 PM, Harry Putnam rea...@newsguy.com wrote:
 Setup: very new install of gentoo

 I want to install emacs-w3m without most of the dependencies:


 Calculating dependencies... done!
 [ebuild  N ] app-admin/eselect-emacs-1.17  0 KiB
 [ebuild  N ] virtual/w3m-0  0 KiB
 [ebuild  N ] app-emacs/emacs-common-gentoo-1.4-r1  USE=X -games 40 KiB
 [ebuild  N ] app-editors/emacs-24.4-r1:24  USE=X acl alsa dbus gif gpm 
 gtk gtk3 inotify jpeg png svg tiff xpm zlib -Xaw3d (-aqua) -athena -games 
 -gconf -gfile -gnutls -gsettings -gzip-el -hesiod -imagemagick -kerberos 
 -libxml2 -livecd -m17n-lib -motif -pax_kernel (-selinux) -sound -source 
 -toolkit-scroll-bars -wide-int -xft 38804 KiB
 [ebuild  N ] virtual/emacs-24  0 KiB
 [ebuild  N ] app-emacs/emacs-w3m-1.4.528_pre20140213  LINGUAS=-ja 734 
 KiB

 I don't want to install another (older) version of emacs.

 I installed emacs outside portage from bzr sources.  I'd sooner track
 emacs development my way.

 I vaguely remember some way to tell portage about that... but not
 enough to do it...




With the understanding that changes between the version it's asking
for and what you've built on your end (which probably should be done
with a custom ebuild when it impacts as many things as emacs tends to)
might well break whatever's trying to use it, you can use
package.provided to convince portage that whatever dependency it's
looking for is already in place.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Identifying a file by a block number...how?

[Poison BL.]

On Thu, Dec 18, 2014 at 3:24 PM,  meino.cra...@gmx.de wrote:
 Hi,

 with

 sysctl vm.block_dump=1

 one can enable the logging of IO to the harddisk/flashmem/...
 into dmesg.
 The logs report the block number of the file in question...
 but not the filename itsself.

 Is there any other way as examine each single file of the
 filesystem to find the file to which a certain block number
 is assigned?

 Thank you  very mcuh for any help!
 Best regards,
 Meino




That depends entirely on the filesystem being used. In the case of
ext2/3/4, I believe /sbin/debugfs will do the trick with its icheck
command to get the inode, and once you have the inode, you can get the
filename via find. What I'm not 100% certain of is whether the block
numbers involved map 1:1 with physical sectors, and how that plays
with the 512B vs 4KB sectors, etc. With NTFS it's a hair quicker with
ntfscluster and ntfsinfo doing the trick fairly trivially (I use a
tool centered around that combo to identify files lost when I recover
peoples windows drives with ddrescue).

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] question/feature request: First fetch, then compile...

[Poison BL.]

On Wed, Dec 17, 2014 at 9:31 AM,  meino.cra...@gmx.de wrote:
 Matti Nykyri matti.nyk...@iki.fi [14-12-17 15:00]:
  On Dec 17, 2014, at 14:13, Neil Bothwick n...@digimed.co.uk wrote:
 
  On Wed, 17 Dec 2014 10:52:44 +0100, meino.cra...@gmx.de wrote:
 
  Yes, thats it: First download all stuff THEN start compiling.

 If I were you, I would setup your pc to do cross-compiling of your arietta's 
 packages and build them into binpkg's. This could be all stored on the pc 
 and accessed via nfs for example. Then the first dependency calculation 
 would be done on the pc to build the packages and the second on arietta 
 using only binary packages.

 You should keep /etc/portage, /var/lib/portage and /usr/portage on the PC 
 and not modifiable from the arietta. This way you only need to install the 
 run time dependencies to the aritte. And install from bin pkg is really fast.

  Another alternative would be to use a USB to ethernet adaptor on the
  embedded board and connect it directory to your router.

 This also sounds good. Or setup server which has the usb and is always on.

 --
 -Matti

 Hi Matti,

 thanks for your reply! :)

 crosscompiling is a pain. I tried several ways to do that (distcc was
 among them) and it fails too often, for two reasons: Often the sources
 are not prepared to be crosscompiled an include headers of my PC
 (64bit) into the build of my ARM boards (32bit). Second reason: If the
 crosscompilation needs meta-tools like moc for qt it fails too. The
 time to fiddle out that mess is nothing what I have... ;)

 Ethernet over USB:
 1.) For each update I have to rearrange my setup here then. Back and
 forth. Back and forth...
 2.) The DSL modem is running longer than needed. I dont like the idea
 to have my internet connection running over such a long time
 unattended.

 The problem must be solved in software.

 Best regards,
 Meino

The more common fix when dealing with that range of hardware is to
build the packages on a more powerful system, then transfer them as
binary packages. Doing so for arm board's a touch less trivial, but
doable. This also solves the problem of fetching the same source
packages repeatedly, if you share Distfiles between the build
environments. I set up similar some time back based on these
instructions:

https://www.gentoo.org/proj/en/base/embedded/handbook/?part=1chap=5

for a RasPI I was playing with and it worked pretty well.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] firefox.bin vs firefox

[Poison BL.]

On Wed, Dec 17, 2014 at 9:45 PM, Harry Putnam rea...@newsguy.com wrote:
 Is there any advantage one way or the other emerging firefox.bin vs firefox?



There are advantages to both, really, since firefox-bin uses a
pre-built executable (with a pre-defined set of compile-time options),
while firefox builds from source, using the options defined by the
list of applicable USE flags. The tradeoff is time, heat, and
electricity in return for more options in what is (or isn't) included
and enabled.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: another headless device-question: In search of the LAN

[Poison BL.]

On Tue, Sep 30, 2014 at 8:34 AM,  meino.cra...@gmx.de wrote:
 James wirel...@tampabay.rr.com [14-09-30 14:24]:
 Meino,


 Make sure your system time (hwclock) is properly set upon bootup.
 Since you are running on an embedded hardware board, I'd look at
 those docs and find a forum as to the specifics of how the hardware
 clock is set and maintained on the board. Once you get it close,
 then ntp should be configuration.

 man hwclock

 hth,
 James



 Hi James,

 ...the system has no built-in RTC which still runs if the system is
 powered off.
 After power is up and eth0 is alive, the time/date has to be set via
 ntp-client. The rest already working.
 I called
 /etc/init.d/ntp-client start
 after booting the little beast and plugging in the RJ45 and everything
 else was fine.
 Currently I am experimenting with chrony (emerging).
 Will see, if this will make a difference ;)

 Best
 mcc


The trick for bringing the clock into the right era after boot on a
system like that one (and what's used in raspbian for the pi) is to,
at shutdown, write the current date/time into a file. Then, on boot,
set the date/time to what that file has, meaning it won't be perfectly
accurate, but it will be considerably closer until ntp's available to
it again. The most important thing that accomplishes for me is, while
it doesn't keep the wall clock times accurate, maintaining the right
order of times on log messages, etc. It also prevents a lot of issues
with log and backup rotations that depend on 'which file is newer?',
etc.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] bloated by gcc

[Poison BL.]

On Mon, Sep 29, 2014 at 12:02 PM, Jorge Almeida jjalme...@gmail.com wrote:
 On Mon, Sep 29, 2014 at 4:25 PM, Kerin Millar kerfra...@fastmail.co.uk 
 wrote:
 On 29/09/2014 16:10, Jorge Almeida wrote:


 I'm having a somewhat disgusting issue on my Gentoo: binaries are
 unaccountably large.



 You might consider making contact with the toolchain herd at gentoo or
 filing a bug. I, for one, would be interested to know the outcome.

 Well, I suppose this one is the list every gentooer subscribes to, and
 I would like to be sure I'm not making something silly before filing a
 bug...

 Meanwhile, I tried compiling with clang. It produces similar sizes in
 Gentoo and in LFS (same i3 computer), although about 200B larger than
 in Slackware/atom. So, it really seems to be a gcc issue.

 thanks

 Jorge


Just the off the top of my head thoughts on how I'd approach this. GCC
has the option to not clean up its temp files used during the build,
as well as outputting annotated assembly mid-build. The latter might
be the most enlightening on what's being treated differently in the
output of the various systems. I don't use those tricks often enough
to remember what flags are what off the top of my head, since I only
really dig that deep when playing with my avr based toys, but just a
couple ideas I thought I'd pass along.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] clone XP-Virtual to a file

[Poison BL.]

On Wed, Sep 10, 2014 at 10:37 PM, Joseph syscon...@gmail.com wrote:
 How to close virtualbox machine (windows xp) to a file?
 I need to transfer it to another box.

 I made some notes but they are old so I'm not sure if they are applicable or
 there is an easier way.

 ===
 1) Shut down the virtual machine you would like to copy
 2) In File  Virtual Media Manager, select the virtual machine disk image
 you would like to copy, and press the Release button
 3) In a terminal window, issue following command (see virtualbox user
 manual):

 VBoxManage clonehd (complete-path)/directory/image1.vdi
 (complete_path)/directory/image2.vdi
 VBoxManage clonehd /home/thelma/.VirtualBox/HardDisk/xp-clinic.vdi
 /home/thelma/xp-clinic.vdi

 4) In File  Virtualdiskmanager, add the new disk image you've created in
 step 3.
 5) In the main virtualbox window, press the New button to create a new
 virtual machine, and link it to the new disk image you've created.

 To re-attache the vdi:
 Next we have to undo the Release we did before so that we can continue using
 our Virtual Machine. In VirtualBox main Window select the Virtual Machine
 (1) and press the Settings button (2). Go to Storage (3) IDE Controller
 (left window - empty); right click on IDE Controller and press the Add
 Hard Disk button (in the left window (4). Here select your initial .vdi file
 (5) and your Virtual Machine will be ok.
 

 I've noticed there is a Clone menu.  Do I use it and just tar.gz entire
 folder to a new machine?

 --
 Joseph


File - Export Appliance
copy to the new system
File - Import Appliance
verify that settings carried over right

It should carry the configuration over fairly completely, though it's
been a long while since I last used it, and I've not tested it between
overly diverse host hardware.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] why you've chosen your desktop environment? (no war !)

[Poison BL.]

On Sat, Aug 16, 2014 at 12:13 PM, behrouz khosravi
bz.khosr...@gmail.com wrote:
 Hi. I have been using the gnome for some time(in other distro's) and I
 had no complaint. However after switching to gentoo I installed i3 and
 it is very great.
 I really love it, but I was considering to install a DE too.
 Before jumping to gnome I wanted to evaluate my options.
 I have heard that  It is a matter of taste but think it is not all
 of the story.
 I have heard that the gentoo community is more inclined toward KDE
 too. So KDE must have some advantage that makes people like it's
 taste!
 So can you please tell me why you have chosen a specific DE and not
 the other options ?
 thanks.

I've bounced between quite a few, both straight WMs and full featured
DEs over the years. I liked Gnome pre-3, mostly due to the fact that
it typically 'just worked' and the bulkiest programs I ran being
primarily GTK based. While I liked Gnome Shell when it was in early
development, there were quite a few decisions made (*notably the
distinct aversion to allowing meaningful customization) on that end on
the way to Gnome 3 that I don't find it very appealing as it stands. I
ran and enjoyed KDE about a decade ago, but hadn't really touched it
since until recently, and it's just too heavy to suit my needs (most
of my systems are lightweight laptops/netbooks anymore). In the end,
once I ran across Blackbox, then Fluxbox, my interest in 'full
featured' DEs was pretty much killed. My favorite WM when I'm running
a truly stripped down system is actually ratpoison, while I tend to
run LXDE (and toying with LXQT now) on most of my systems for the sake
of giving a more 'normal' usage paradigm (primarily if I need other
people to be able to use the system). LXDE gives just enough trinkets
for things like battery status, multiple desktop management, coherent
configuration interfaces for themes and such, and a proper menu while
otherwise staying out of the way. I've never really used xfce or e17
much, but both seem to be pretty well loved by their users. I still
bounce between LXDE, Ratpoison, and Fluxbox fairly often (and as proof
of how much I liked Blackbox and Fluxbox, I run an offshoot of those
on Windows as a shell replacement).

I have friends that vary between liking and tolerating Gnome 3, KDE,
etc. and I can honestly say the only meaningful factor in deciding
what they run has always boiled down to taste. Sit down with each for
a week or three (as your main system, you won't get a real feel for
them if you're not trying to get real work done through them), get
them working as close to your preferences as you can, then judge which
a) took the least work to get there and b) most closely match what you
actually want from them. As an added bonus, poke around for a third
thing to score based on... which gives you the best set of features
you *weren't* looking for but *will* use.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Debian just voted in systemd for default init system in jessie

[Poison BL.]

On Fri, Mar 21, 2014 at 8:49 AM, Tom Wijsman tom...@gentoo.org wrote:
 On Fri, 21 Mar 2014 12:27:09 +
 Neil Bothwick n...@digimed.co.uk wrote:

 On Fri, 21 Mar 2014 12:13:28 +0100, Tom Wijsman wrote:

   Use 'Reply-To-List' function (or equivalent - or worst case,
   delete my direct email manually yourself) in your email program.
 
  Like everyone else, use the 'Filter duplicates' function in your
  email program or procmail; these requests aren't remembered, given
  that email programs don't provide a function to do this selectively.

 Don't they? Then why did you only get one copy of this reply, via the
 list? Most posters here do not have this problem,

 Did I receive a reply? Who says I am even subscribed to the list?

 Of course, if you don't want people to bother reading your mails,
 continue to piss them off.

 All I'm doing is making sure this message gets to you; every notion you
 give to it beyond that, is what that 0.1% thinks of it. Not my problem.

 --
 With kind regards,

 Tom Wijsman (TomWij)
 Gentoo Developer

 E-mail address  : tom...@gentoo.org
 GPG Public Key  : 6D34E57D
 GPG Fingerprint : C165 AF18 AB4C 400B C3D2  ABF0 95B2 1FCD 6D34 E57D

Just my 2c as one of the others who doesn't generally reply to what,
at face value, seemed an awful lot more combative/trolling of a tone
than actually useful (disregard != compliance on the internet),
fighting on the topic of 'proper use of mailing lists' when you're
standing in stark contrast to the configuration of the mailing list
you're using to do it, and in the process, telling everyone (many of
which have been around here helping other users for many, many, years)
that they're wrong for using the list they've been using in the manner
they've been using it... when I see your name appear the first time as
long ago as last Dec., is rather on the arrogant side at the least
(I'm not certain if you've been around -dev or another longer, as I
don't believe I'm subscribed on that one). If you're really hellbent
on getting the configuration of the list changed, feel free to take it
up with the person who configures the list, rather than approaching it
by being condescending to the people who consistently use it.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] vmware-server is gone?

[Poison BL.]

On Mon, Mar 17, 2014 at 3:52 PM, Stefan G. Weichinger li...@xunil.at wrote:
 Am 17.03.2014 20:30, schrieb J. Roeleveld:

 I've been planning to try KVM as well, but am wondering how snapshots work
 with KVM. Not been able to find anything about that apart from
 disk-snapshots. No info if it's possible to take a copy of the memory as
 well.

 I run KVM in combo with LVM snapshots for backups. RAM snapshots? Not
 sure ...

 I am right before installing Qemu and configuring the network bridge etc
 ... the vmdks are already converted. Maybe it doesn't take that long.

 I don't think it should take very long. :)
 But, do check that the vmware tools get uninstalled from the guests and
 replaced by KVM equivalents.

 I have the VMs now, but both are XP guests and therefore crashing
 because the weren't prepared with something like MergeIDE ... :-(

 *sigh*

 Does anyone know if there is a trick applying these drivers *without*
 having a running VMware-Server?

 S

I suspect you don't have a WinPE bootable handy (UBCD in particular
has the tools handy for this, Hiren's as well), but if you happened to
magic one up, there's a quick script called Fix IDE (or Fix HDC
which does similar) that reverts to the generic catch-all driver that
usually works to get XP booting on new 'hardware' (whether real or
otherwise).

One thing I absolutely love about AHCI, while Windows 7 still binds to
hardware specific drivers in the long run, only having to change 2
registry values (start values in iastorv and msahci) is far, far,
easier than the mess XP had for hardware migrations ;)

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Modifying Suspend Script?

[Poison BL.]

On Wed, Feb 26, 2014 at 9:35 PM, Lee ny6...@gmail.com wrote:
 Hi, I always need to reconnect my laptop pcmcia wireless card to my WAP when
 awaking from suspend. It would be nice if I could add two commands, ifconfig
 and dhpcd, to the script which controls awaking from suspend. Anyone know
 which file I can edit?

Assuming you're using pm-utils [1], inside /etc/pm/suspend add a script with:

#!/bin/bash
case $1 in
   thaw|resume)
  ifconfig args
  dhcp args
esac

and it should do the trick.

[1]: http://www.gentoo-wiki.info/Pm-utils

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Peeve - finding kernel config options

[Poison BL.]

On Thu, Feb 27, 2014 at 12:34 PM, Tanstaafl tansta...@libertytrek.org wrote:
 On 2/27/2014 12:24 PM, Dan Johansson d...@dmj.nu wrote:

 On 26.02.2014 22:24, Poison BL. wrote:

 When I search FHANDLE in menuconfig I get:

│ Symbol: FHANDLE [=y]
│ Type  : boolean
│ Prompt: open by fhandle syscalls
│   Location:
│ (1) - General setup
│   Defined at init/Kconfig:235
│   Selects: EXPORTFS [=y]
│   Selected by: GENTOO_LINUX_INIT_SYSTEMD [=y]  GENTOO_LINUX [=y]
  GENTOO_LINUX_UDEV [=y]

 This clearly states that the prompt you're looking for is a line that
 says open by fhandle syscalls under General setup

 Sure, it's not the absolute simplest interface (i.e. it doesn't give a
 'enable this' in the search results) but it does give all the
 necessary information about a given option to find it (as well as
 dependencies and their current states, etc). The most likely reason
 the news item doesn't list the specific prompt text (or even the
 category) is that, across even sub release versions of the kernel
 those are prone to change (and, at times, drastically) while the
 actual CONFIG_name option tends to be fairly static through time
 once it exists (even when superseded by new toys, i.e. older
 IDE/ATA/ATAPI options vs newer PATA options).


 But if you press 1 in the example above you will jump directly to
 the menu item. Clue -- (1)


 And that is by far the HANDIEST tip from this thread... awesome! Thx Dan!


That.. really is the most useful thing I've learned in a fair while.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

[Poison BL.]

On Wed, Feb 26, 2014 at 5:55 AM, Nicolas Sebrecht nsebre...@piing.fr wrote:
 The 21/02/14, hasufell wrote:

 So you are saying compiling a minimal kernel to minimize exposure to
 subsystem bugs is only obscurity? (I really wonder what Greg would say
 to this)

 Developers made the kernel to rely on modules. Distributions relies on
 them. Since they are almost always loaded on demand, Gentoo does not
 make things better in this area, either.

 --
 Nicolas Sebrecht


Actually, they're loaded on demand when they:
a) Are enabled (the kernel doesn't rely on modules, it offers them for
versatility, though some user space code does rely on them, i.e.
virtualbox, a few drivers for X, etc)
b) Are built for that particular kernel
c) That kernel has all the dependencies in place to support them
d) The tools to load them exist in user space
e) They're not specifically blacklisted in user space (assuming a
loading mechanism that honors that)

Unless it's changed when I wasn't looking, it's entirely possible to
build a kernel with module loading disabled entirely and restrict the
set of code to be run in kernel space to an explicitly defined series
of kernel options. I say when I wasn't looking because I use modules
to trim down how much of iptables is constantly loaded on my router
for rules there I don't use and the only other places I have Gentoo
are my multitude of laptops, where the versatility of building and
loading a module to test out yet another toy someone has on hand
around me, without a reboot in many cases, is incredibly handy.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Peeve - finding kernel config options

[Poison BL.]

On Wed, Feb 26, 2014 at 2:58 PM, Tanstaafl tansta...@libertytrek.org wrote:
 Hello all,

 This is for those of use who to choose to roll our kernels by hand...

 So, am I missing something?

 Given the most recent gentoo news item:

  # eselect news read 10
 2014-02-25-udev-upgrade
   Title Upgrade to =sys-fs/udev-210
   AuthorSamuli Suominen ssuomi...@gentoo.org
   Posted2014-02-25
   Revision  1

 The options CONFIG_FHANDLE and CONFIG_NET are now required in the kernel.


 Whenever kernel config options are provided like this, it would be nice if
 time was taken to provide the path to where they are found.

 I had to find the first one (CONFIG_FHANDLE) by:

 1. grepping .config, seeing it wasn't enabled,
 2. running make menuconfig and searching for 'FHANDLE',
 3. seeing it is located in 'General setup',
 4. scouring the General setup options, finding no 'FHANLDE' anywhere,
 5. finding something in all lowercase named 'open by fhanlde syscalls',
 6. enabling this option, saving the modified config,
 7. confirming it is now enabled by grepping .config again

 Sheesh. Really?

 Would be nice if the news item had something like
 CONFIG_FHANDLE (General setup  'open by fhandle syscalls')
 and
 CONFIG_NET (still don't know which one this is??)

 Wackadoo...


When I search FHANDLE in menuconfig I get:

  │ Symbol: FHANDLE [=y]
  │ Type  : boolean
  │ Prompt: open by fhandle syscalls
  │   Location:
  │ (1) - General setup
  │   Defined at init/Kconfig:235
  │   Selects: EXPORTFS [=y]
  │   Selected by: GENTOO_LINUX_INIT_SYSTEMD [=y]  GENTOO_LINUX [=y]
 GENTOO_LINUX_UDEV [=y]

This clearly states that the prompt you're looking for is a line that
says open by fhandle syscalls under General setup

Sure, it's not the absolute simplest interface (i.e. it doesn't give a
'enable this' in the search results) but it does give all the
necessary information about a given option to find it (as well as
dependencies and their current states, etc). The most likely reason
the news item doesn't list the specific prompt text (or even the
category) is that, across even sub release versions of the kernel
those are prone to change (and, at times, drastically) while the
actual CONFIG_name option tends to be fairly static through time
once it exists (even when superseded by new toys, i.e. older
IDE/ATA/ATAPI options vs newer PATA options).

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Debian just voted in systemd for default init system in jessie

[Poison BL.]

On Sun, Feb 23, 2014 at 9:20 PM, Canek Peláez Valdés can...@gmail.com wrote:

 On Sun, Feb 23, 2014 at 8:10 PM, Walter Dnes waltd...@waltdnes.org wrote:
  On Mon, Feb 24, 2014 at 03:07:09AM +0200, Alan McKinnon wrote
 
  We don't do error handling. We don't even try and deal with it at the
  point it occurred, we just chuck it back up the stack, essentially
  giving them message stuff it, I'm not dealing with this. You called me,
  you fix it.
 
The developer is not going to be psychic to the point of knowing what
  the user *WANTED* to do, years after the code was written... or which
  different users were expecting which different outcomes.  E.g. if
  portage encounters a problem during a build, do you *REALLY* want it to
  jump in and randomly patch source code and/or makefiles to get it
  working?  NO!!! You want it to halt, with an informative error message,
  possibly including suggestions for corrective action.

 But in Unix you usually don't halt, you set errno and go on your merry way.


Actually, from everything I've seen (and it's at least true throughout
what I've worked with in glibc) you *do* stop dead in your tracks, set
errno, and return some (hopefully indicative of a possible error)
value. In the case of standalone executables rather than library
calls, you stop where you are, if you're feeling generous you output
something to stderr on the way out the door, then exit(errno). The
process that called *you* then goes on its merry way, handling your
response of Hey, something went wrong. Good luck. however it
chooses, if it chooses to.

   If I mistakenly
  tell a system to do B, really meaning do A, that's my fault.  If I tell
  it to do A, and it decides to do B, I will be extremely p'd off.

 I don't see what does that have to do with any of Alan's points.

 Regards.
 --
 Canek Peláez Valdés
 Posgrado en Ciencia e Ingeniería de la Computación
 Universidad Nacional Autónoma de México


It ties a bit into the above, really. Concise, job specific tools that
do one thing and do them well, and don't try to magic up a guess of
what they think the user *wants* when it can't give what the user
*specifically* asked for are going to be a lot less destructive than
tools that *do* try to guess and go on their merry way (when they're
wrong) than simply handing the situation back to the user (not
necessarily the end user, just the user that asked for that tool, and
asked it to do that one job), who knows their particular
circumstances, as well as what they want in that instance.

I'll add in a very specific note that I'm not chiming in on the topic
of systemd itself, as I've yet to play with it anywhere. I'm just
chiming in on the go on your merry way part. The caller goes on
their merry way, not the called.

All that aside, your side of the discussions on systemd have, at
least, made me curious enough to throw together a vm to play with
sometime this week when I get time.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Re: EFI-based bootloader for BIOS-based computers (?)

[Poison BL.]

On Sat, Feb 22, 2014 at 8:00 AM, Mick michaelkintz...@gmail.com wrote:

 On Thursday 20 Feb 2014 01:22:24 eroen wrote:
  On Wed, 19 Feb 2014 15:39:51 -0800, walt w41...@gmail.com wrote:
   I just spotted that phrase in the sourceforge newsletter:
  
   http://sourceforge.net/projects/cloverefiboot/
  
   and it seems to me like an oxymoron.  If that phrase makes
   logical sense then my definitions of 'BIOS' and 'EFI' need
   the latest updates :)
  
   Until now I thought that EFI is a recent replacement for
   BIOS based machines.
  
   Can anyone clarify the linguistics involved here?
 
  The scope of UEFI is somewhat greater than that of traditional BIOSes.
  Both do various hardware initialization and such, but UEFIs (can) have
  a number of additional features, including more flexibility in what it
  can launch from where (eg. network booting without iPXE) and even an
  interactive shell. See [1] for a less organized list of features.
 
  I'm unfamiliar with this project in specific, but I'm going by the line
 
  This is EFI-based bootloader for BIOS-based computers created as a
  replacement to EDK2/Duet bootloader http://www.tianocore.org.
 
  I have a box running Duet, which is an UEFI implementation that can be
  launched by (eg.) the extlinux boot loader on a legacy BIOS system.
  Once Duet is launched, the system is mostly indistinguishable from a
  native UEFI system that has booted into it's UEFI firmware.
 
  From here, Duet can let the user go through menus to select an EFI
  executable to launch (a EFI-stub enabled kernel or some sort of boot
  loader), or it can automatically launch something based on existing
  configuration.
 
  1: https://en.wikipedia.org/wiki/UEFI#Features

 I guess this can be seen as a BIOS chainloaded UEFI?

 BTW, has anyone tried hackintosh in a VM?  I am thinking of using
 AppleMac's
 Mail program, when I can no longer run the legacy kmail application.  A bit
 drastic to have to load a whole VM just for mail, but I can't find another
 client that suits.

 --
 Regards,
 Mick


Last I did much research on it, the only semi-working implementation of OSX
in a VM required VMware Workstation as the host, involved booting a hacked
together boot cd image, and crashed and burned hard on updates. It was
interesting, but not very viable for anything that's of any measurable
importance at all. I tested it out for a couple days to compile a little
pice of code a mac user friend wanted to play with... it was dog slow on my
system otherwise (but that was likely my system's fault, old E8400 @4GB ram
at the time + Win7)

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Managing multiple systems with identical hardware

[Poison BL.]

On Thu, Dec 12, 2013 at 6:54 PM, Grant emailgr...@gmail.com wrote:
 I'm about to embark on this (perilous?) journey and I'm wondering if
 anyone would make a comment on any of the questions in the last
 paragraph below.  This is basically my plan for setting up a bunch of
 systems (laptops) in an office which are hardware-identical to my own
 laptop and creating a framework to manage them all with a bare minimum
 of time and effort.

 Thanks,
 Grant


 I see what you desire now - essentially you want to clone your laptop
 (or big chunks of it) over to your other workstations.

 I've been working on this and I think I have a good and simple plan.

 My laptop roams around with me and is the master system.  The office
 router is the submaster system.  All of the other office systems are
 minion systems.  All of the systems are 100% hardware-identical
 laptops.  All of the minions are 100% software-identical.

 I install every package that any system needs on the master and create
 an SSH keypair.  The only config files that change from their state on
 the master are: /etc/conf.d/hostname, /etc/conf.d/net,
 /etc/ssh/sshd_config, /etc/shorewall/*.  I write comments in those
 files which serve as flags for scripted changes.

 I write a script that is run from the master to the submaster, or from
 the submaster to a minion.  If it's the former, rsync / is run with
 exceptions (/usr/portage, /usr/local/portage, /var/log, /tmp, /home,
 /root but /root/.ssh/id_rsa_script* is included), my personal user is
 removed, a series of workstation users are created with useradd -m,
 services are added or removed from /etc/runlevels/default, and config
 files are changed according to comment flags.  If it's the latter,
 rsync / is run without exceptions, services are added or removed from
 /etc/runlevels/default, and config files are changed according to
 comment flags.

 All user info on the submaster and minions would be effectively reset
 whenever the script is run and that's fine.  Root logins would have to
 be allowed on the submaster and minions but only with the SSH key.
 There are probably more paths to exclude when rsyncing master to
 submaster.

 That's it.  No matter how numerous the minions become, this should
 allow me to keep everything running by administrating only my own
 system, pushing that to the submaster, and having the submaster push
 to the minions.  I've been going over the nitty-gritty and everything
 looks good.

 What do you think?  Is there anything inherently wrong with rsyncing /
 onto a running system?  If there are little or no changes to make,
 about how much data would actually be transferred?  Is there a better
 tool for this than rsync?  I know Funtoo uses git for syncing with
 their portage tree.

 - Grant


Only thing that comes immediately to mind in rsyncing an overwrite of
/ is that any process that's running that goes looking for libraries
or other data after the rsync pulls the rug out from beneath it might
behave erratically, crash, kick a puppy, write arbitrary data all over
your drive. Also, it's somewhat important to be careful about the
various not-really-there mounts, /dev, /sys, /proc... /run's probably
touchy too, and /var has a few pieces that might be in use mid-sync
and choke something along the way. My idea on that would be... build
an initramfs that:

1) boots to a script
  a) warns the user that it's hungry and that feeding it will be
dangerous to any non-backed-up data, with prompt
  b) warns the user again, with prompt ('cause watching an rsync roll
by that eats that document you just spent 3 weeks on isn't fun)
2) mounts / in a working directory
3) rsyncs the new data from the sub-master
4) kicks off a script to update a hardware keyed (mac address is good
for this) set of settings (hostname, etc)
5) reboots into the new system.

For extra credit... sync /home back to the sub-master to prevent
overfeeding the beast.

-- 
Poison [BLX]
Joshua M. Murphy

Re: [gentoo-user] Merging separate /usr back into / - one last time...

[Poison BL.]

An alternative to booting to external media, etc, would be a bind
mount of / and /usr on separate temporary mount points, then dumping
the data between them, leaving the existing system chugging along. A
re-mount of the current /usr in -o ro mode might not be a terrible
idea in that case. I had a good bit of luck going that route. A simple
cp -a did the trick on the one system I've bothered with it on so
far. I have a couple laptops that're rushing headlong into unsupported
land right now though, so I'll be revisiting this soon enough.

As for specifics:

# Make the temporary working areas
mkdir /tmp/a; mkdir /tmp/b
# Make sure nothing changes in /usr while the copy is done
mount -o remount,ro /usr
# Mount a mirror of the source and destination filesystems
mount --bind /usr/ /tmp/a
mount --bind / /tmp/b
# And now, copy.
cd /tmp/a
cp -a ./ /tmp/b/usr/

The one big point of what not to do would be mount --rbind. Very
important (recursive bind would have the current /usr still visible in
/tmp/b/usr/).

After all that, comment out /usr in fstab and reboot. You *could* even
just drop to a minimal runlevel that doesn't require /usr, unmount the
old one and then jump back to your standard runlevel, but due to the
reasons this is required now, I'm not entirely sure that option exists
anymore (i.e. too much is dependent on /usr).

That said, if you are booting to a LiveDVD --

On Mon, Dec 2, 2013 at 1:58 PM, Tanstaafl tansta...@libertytrek.org wrote:
 On 2013-12-02 1:47 PM, Thanasis thana...@asyr.hopto.org wrote:

 on 12/02/2013 04:02 PM Tanstaafl wrote the following:


 So, here's the plan, please check me...

 1. Boot off of the latest gentoo LiveDVD


 If you boot a different system to do the rsync, or, if you do it over
 ssh, add the option --numeric-ids


 Thanks, but no, like I said, I'll just boot that system to a LiveDVD and do
 it from there...

That actually does fall under boot a different system since the
users won't line up between a LiveDVD and your actual system.

-- 
Poison [BLX]
Joshua M. Murphy