Re: how to (re-?)construct grub menu?

[Samuel Sieb]

On 02/20/2018 01:27 PM, Stephen Morris wrote:

On 20/2/18 7:39 pm, Samuel Sieb wrote:

On 02/12/2018 01:32 PM, Stephen Morris wrote:
Wouldn't grub2-install be used to install the boot sectors to the 
/boot partition? This question is coming from the days when I 
formatted an entire hard disk as GPT and tried to install an older 
Fedora system on it and had the install fail with the message that 
Fedora could not be booted from a GPT environment.


There are no boot sectors with EFI.  The necessary files that go in 
the EFI partition at /boot/efi are in the grub2-efi-x64 and shim-x64 
packages.


This question was not so much aimed at efi, but rather is it still the 
case that /boot cannot be placed in a GPT partition?


I don't understand the question.  There are no boot sectors in the /boot 
partition.  The boot sector is the MBR on a non-GPT drive.  Linux 
understands GPT partitions just as well as the old style, so if you 
really want to, you can put /boot on its own GPT partition.  On an EFI 
system, the kernel and initramfs are still in /boot which is not part of 
the EFI boot partition.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Samuel Sieb]

On 02/20/2018 01:24 PM, Stephen Morris wrote:

On 20/2/18 7:33 pm, Samuel Sieb wrote:
EFI systems have a special partition that contains as many bootloaders 
as you want.  It solves the problem of who gets to control the MBR 
bootloader location.


Are they the .efi files that are in /boot/efi/EFI/BOOT on a system that 
doesn't have the separate partition?


If the files are not on the right partition, then EFI won't boot from them.

Just on the separate partition front, if I boot between Win 10, Fedora 
27 and Ubuntu 17.10 on the one machine, do I need 3 separate partitions 
or can the 3 operating system share the one partition if I decide to 
activate efi on my machine?


Yes, the point is that there is one partition for all the operating 
systems to put their bootloaders in.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Samuel Sieb]

On 02/20/2018 03:41 AM, Tom H wrote:

Ubuntu's using an MS sig. The difference between Fedora and Ubuntu is
that the latter doesn't require that kernel modules be signed.


If that's true, then I think they're in violation of the secure boot 
rules.  And even if not, it makes secure boot ineffective anyway.



AFAIK, "shim" is signed by MS (and is validated by an MS-supplied and
-signed "thingy" in the firmware) and it embeds the Fedora sig with
which grub, the kernel, and the kernel modules are signed and
validated.


Correct.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Tim]

Allegedly, on or about 21 February 2018, Stephen Morris sent:
> Those packages are installed on my system even though, as far as I'm 
> aware I have never had efi active, and I have never used a
> motherboard that had SecureBoot enabled. I did not explicitly install
> those packages and my assumption is they were installed with the F27
> upgrade, but I can verify whether they were installed in F26 or not.

On my Fedora 26 installation, which was a 64-bit fresh install on a
blank drive, without using any secure boot options, I have these:

~]$ tree /boot/efi/
/boot/efi/
├── EFI
│   ├── BOOT
│   │   ├── BOOTX64.EFI
│   │   └── fallback.efi
│   └── fedora
│   ├── BOOT.CSV
│   ├── fonts
│   │   └── unicode.pf2
│   ├── gcdx64.efi
│   ├── grubenv
│   ├── grubx64.efi
│   ├── MokManager.efi
│   ├── shim.efi
│   └── shim-fedora.efi
├── mach_kernel
└── System
└── Library
└── CoreServices

And these:

 ~]$ tree /usr/lib/grub/
/usr/lib/grub/
└── i386-pc
├── acpi.mod
├── acpi.module
├── adler32.mod
├── adler32.module
├── affs.mod
├── affs.module
├── afs.mod
├── afs.module
├── ahci.mod
├── ahci.module
├── all_video.mod
├── all_video.module
├── aout.mod
├── aout.module
├── archelp.mod
├── archelp.module
├── ata.mod
├── ata.module
├── at_keyboard.mod
├── at_keyboard.module
├── backtrace.mod
├── backtrace.module
├── bfs.mod
├── bfs.module
├── biosdisk.mod
├── biosdisk.module
├── bitmap.mod
├── bitmap.module
├── bitmap_scale.mod
├── bitmap_scale.module
├── blocklist.mod
├── blocklist.module
├── blscfg.mod
├── blscfg.module
├── boot_hybrid.image
├── boot_hybrid.img
├── boot.image
├── boot.img
├── boot.mod
├── boot.module
├── bsd.mod
├── bsd.module
├── bswap_test.mod
├── bswap_test.module
├── btrfs.mod
├── btrfs.module
├── bufio.mod
├── bufio.module
├── cat.mod
├── cat.module
├── cbfs.mod
├── cbfs.module
├── cbls.mod
├── cbls.module
├── cbmemc.mod
├── cbmemc.module
├── cbtable.mod
├── cbtable.module
├── cbtime.mod
├── cbtime.module
├── cdboot.image
├── cdboot.img
├── chain.mod
├── chain.module
├── cmdline_cat_test.mod
├── cmdline_cat_test.module
├── cmosdump.mod
├── cmosdump.module
├── cmostest.mod
├── cmostest.module
├── cmp.mod
├── cmp.module
├── cmp_test.mod
├── cmp_test.module
├── command.lst
├── configfile.mod
├── configfile.module
├── config.h
├── cpio_be.mod
├── cpio_be.module
├── cpio.mod
├── cpio.module
├── cpuid.mod
├── cpuid.module
├── crc64.mod
├── crc64.module
├── cryptodisk.mod
├── cryptodisk.module
├── crypto.lst
├── crypto.mod
├── crypto.module
├── cs5536.mod
├── cs5536.module
├── ctz_test.mod
├── ctz_test.module
├── datehook.mod
├── datehook.module
├── date.mod
├── date.module
├── datetime.mod
├── datetime.module
├── diskboot.image
├── diskboot.img
├── diskfilter.mod
├── diskfilter.module
├── disk.mod
├── disk.module
├── div.mod
├── div.module
├── div_test.mod
├── div_test.module
├── dm_nv.mod
├── dm_nv.module
├── drivemap.mod
├── drivemap.module
├── echo.mod
├── echo.module
├── efiemu32.o
├── efiemu64.o
├── efiemu.mod
├── efiemu.module
├── ehci.mod
├── ehci.module
├── elf.mod
├── elf.module
├── eval.mod
├── eval.module
├── exfat.mod
├── exfat.module
├── exfctest.mod
├── exfctest.module
├── ext2.mod
├── ext2.module
├── extcmd.mod
├── extcmd.module
├── fat.mod
├── fat.module
├── file.mod
├── file.module
├── font.mod
├── font.module
├── freedos.mod
├── freedos.module
├── fshelp.mod
├── fshelp.module
├── fs.lst
├── functional_test.mod
├── functional_test.module
├── gcry_arcfour.mod
├── gcry_arcfour.module
├── gcry_blowfish.mod
├── gcry_blowfish.module
├── gcry_camellia.mod
├── gcry_camellia.module
├── gcry_cast5.mod
├── gcry_cast5.module
├── gcry_crc.mod
├── gcry_crc.module
├── gcry_des.mod
├── gcry_des.module
├── gcry_dsa.mod
├── gcry_dsa.module
├── gcry_idea.mod
├── gcry_idea.module
├── gcry_md4.mod
├── gcry_md4.module
├── gcry_md5.mod
├── gcry_md5.module
├── gcry_rfc2268.mod
├── gcry_rfc2268.module
├── gcry_rijndael.mod
├── gcry_rijndael.module
├── gcry_rmd160.mod
├── gcry_rmd160.module
├── gcry_rsa.mod
├── gcry_rsa.module
├── gcry_seed.mod
├── gcry_seed.module
├── gcry_serpent.mod
├── gcry_serpent.module
├── gcry_sha1.mod
├── gcry_sha1.module
├── gcry_sha256.mod
├── gcry_sha256.module
├── gcry_sha512.mod
├── gcry_sha512.module

Re: [Off-topic] Re: R as on Ubuntu and Fedora

[Ed Greshko]

On 02/21/18 11:14, Max Pyziur wrote:
> On Tue, 20 Feb 2018, Todd Zullinger wrote:
>
> [...]
>>
>> # Non-R packages:
>> fonts-KOI8-R.noarch
>> fonts-KOI8-R-100dpi.noarch
>> fonts-KOI8-R-75dpi.noarch
>
> Wow! Does someone still use KOI8-R in a universe of UTF8 and Unicode?
>
>

That might be like asking "Does anyone use big5 or GB2312 in the UTF8 and 
Unicode
world?"  And the answer would be Yes.

The Taiwan Government still uses big5 in some cases.  Some sites in Taiwan 
still use
big5.  And in the PRC the Government there still uses GB2312.


-- 
A motto of mine is: When in doubt, try it out



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[Off-topic] Re: R as on Ubuntu and Fedora

[Max Pyziur]

On Tue, 20 Feb 2018, Todd Zullinger wrote:

[...]


# Non-R packages:
fonts-KOI8-R.noarch
fonts-KOI8-R-100dpi.noarch
fonts-KOI8-R-75dpi.noarch


Wow! Does someone still use KOI8-R in a universe of UTF8 and Unicode?



perl-Tree-R.noarch

There's an R SIG for Fedora, which looks like it's been
quiet since October.  Perhaps some folks interested in R
packaging would be welcome there?

   https://stat.ethz.ch/mailman/listinfo/r-sig-fedora





MP
p...@brama.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[Max Pyziur]

On Tue, 20 Feb 2018, Matthew Miller wrote:


On Tue, Feb 20, 2018 at 06:28:57PM -0500, Max Pyziur wrote:

Greetings,
I've been learning R on both Fedora and Ubuntu.
I've noticed that Ubuntu has considerably greater support for R than
Fedora (more R deb packages than R rpm packages).
Is there a rationale for this?


I'm not sure about R in specific, but generally the rationale is "no
one did it". Are there particular packages that you're interested in?


ggplot2, tibble, tidyr dplyr. They seem to be popular and becoming more 
integral to R.


As for the point about 435 on Ubuntu vs the ~140 on Fedora: I assume those 
435 are reflective of popularity, frequency of usage, and maintenance. It 
would be ridiculous to put all 6,000 CRAN packages into the Fedora eco 
system.


But consider perl and the number of packages that have been rpm'd, even 
though some are close to stale. The benefit of having a package is that it 
is built with the whole distro in mind.


If you install packages local to a user, then they might not/probably are 
not available to other users (but to engage in self argument: how many 
other "users" have access to your own systems - desktop & laptop?)


Sure, there is little challenge to installing R packages using 
install.packages("SomePackageName"); my concern is more for the sake of 
consistency: if perl, python, php, etc., have their modules/function 
libraries built for Fedora, why not R?


Curious, not kvetching,

MP

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[Ranjan Maitra]

I have used R since 1997 (version 0.4) and Fedora since Fedora 1 (2003). Ubuntu 
which my wife used for 10-12 years (before she saw the light, as it were) can 
not even begin to match Fedora's support and user community.

With regard to R: I prefer installing the packages using install.packages() 
inside R and update them using update.packages(). I feel that that is a better 
option for me.

HTH,

Best wishes,
Ranjan


On Tue, 20 Feb 2018 19:21:40 -0500 Matthew Miller  
wrote:

> On Tue, Feb 20, 2018 at 06:28:57PM -0500, Max Pyziur wrote:
> > Greetings,
> > I've been learning R on both Fedora and Ubuntu.
> > I've noticed that Ubuntu has considerably greater support for R than
> > Fedora (more R deb packages than R rpm packages).
> > Is there a rationale for this?
> 
> I'm not sure about R in specific, but generally the rationale is "no
> one did it". Are there particular packages that you're interested in?
> 
> -- 
> Matthew Miller
> 
> Fedora Project Leader
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org


-- 
Important Notice: This mailbox is ignored: e-mails are set to be deleted on 
receipt. Please respond to the mailing list if appropriate. For those needing 
to send personal or professional e-mail, please use appropriate addresses.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

unable to bring up mediatek usb wifi dongle

[JD]

Tried to bring up a mediateck usb wifi stick with a built-in antenna.

$ dmesg | grep 'usb 1-1'
[ 3632.100121] usb 1-1: new high-speed USB device number 13 using xhci_hcd
[ 3633.314114] usb 1-1: new high-speed USB device number 14 using xhci_hcd
[ 3633.446949] usb 1-1: New USB device found, idVendor=0e8d, idProduct=7610
[ 3633.446954] usb 1-1: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3

[ 3633.446956] usb 1-1: Product: WiFi
[ 3633.446958] usb 1-1: Manufacturer: MediaTek
[ 3633.446960] usb 1-1: SerialNumber: 1.0

$ lsmod | grep 2800
rt2800usb  27189  0
rt2x00usb  19835  1 rt2800usb
rt2800lib  91269  1 rt2800usb
rt2x00lib  66983  3 rt2x00usb,rt2800lib,rt2800usb
crc_ccitt  12613  1 rt2800lib
mac80211  683564  4 rt2x00lib,rt2x00usb,rt2800lib,iwldvm

and
$ lshw
shows this:
.
   configuration: driver=hub slots=2 speed=5000Mbit/s
  *-usbhost:1
   product: xHCI Host Controller
   vendor: Linux 3.19.8-100.fc20.x86_64 xhci-hcd
   physical id: 1
   bus info: usb@1
   logical name: usb1
   version: 3.19
   capabilities: usb-2.00
   configuration: driver=hub slots=2 speed=480Mbit/s
 *-usb UNCLAIMED   << Notice This. No driver??? 
claimed it

  description: Generic USB device
  product: WiFi
  vendor: MediaTek
  physical id: 1
  bus info: usb@1:1
  version: 1.00
  serial: 1.0
  capabilities: usb-2.01
  configuration: maxpower=160mA speed=480Mbit/s

But, ifconfig only shows only these interfaces:
$ ifconfig
bond0: flags=5123  mtu 1500

em1: flags=4099  mtu 1500

lo: flags=73  mtu 65536

virbr0: flags=4099  mtu 1500

So, what is missing as far as drivers, or apps 
~
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[George N. White III]

On 20 February 2018 at 19:28, Max Pyziur  wrote:

>
> Greetings,
>
> I've been learning R on both Fedora and Ubuntu.
>
> I've noticed that Ubuntu has considerably greater support for R than
> Fedora (more R deb packages than R rpm packages).
>
> Is there a rationale for this?
>

Counting the number of packages isn't worth the effort.  R is used by many
different communities, e.g., pharma, academia, etc.  Within these
communities, linux users tend to gravitate to the same platform and
packages used in that community will get attention on that platform.  Many
R packages use external libraries, so user communities will insist that
these libraries are packaged and usable.  Ubuntu is a very popular
distribution, so can be expected to have a wider range of user communities.
You may, however, find that key libraries and R packages for your subject
area are not current or have unreported bugs (because they are not heavily
used).

While you are learning R, any distro should provide basic packages.   If
your ultimate interest is in a specialized subject area, you need to look
at the packages and support libraries being used in that field and check
for packages of current versions.   For advanced R users, the biggest issue
is not R packages, but the presence of workable support libraries.  If you
suitable supporting libraries, it is generally very simple to install
current R packages from the sources on CRAN.

My work is in remote sensing and uses spatial statistics and images.  A
"mission critical" package from a national space agency was developed on
Ubuntu, so I use Ubuntu but have often had to build some supporting
libraries (gdal, hdf5, netcdf4) because the distro packages for these
libraries were outdated or built with stripped own options that make them
unusable for my work.  This situation has improved over time, but just when
I think the distro has caught up with my needs a new feature is introduced
and I end up having to build support libraries from sources all over
again.   Building support libraries often gets into nitty gritty
distro-specific details figuring out how to ensure that your R packages use
the locally compiled libraires without creating conflicts with the
distro-supplied versions of the packages.

-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[Todd Zullinger]

Max Pyziur wrote:
> On Wed, 21 Feb 2018, Ed Greshko wrote:
>> On 02/21/18 07:28, Max Pyziur wrote:
>>> I've been learning R on both Fedora and Ubuntu.
>>>
>>> I've noticed that Ubuntu has considerably greater
>>> support for R than Fedora (more R deb packages than R
>>> rpm packages).
>>>
>>> Is there a rationale for this?

I'd presume that it's mostly that less folks have
contributed R-based packages to Fedora.  The only way to
change that is for more folks interested in R to maintain
packages in Fedora. :)

>> I don't use R or Ubuntu.  But I wonder if counting the number of packages is 
>> actually
>> reflective of the level of support.  Is there a one-to-one correspondence 
>> between deb
>> and rpm packages and the distributions?
>>
>> I count 140 rpm's (R-*) packages on Fedora.  This excludes the devel 
>> packages.  How
>> many more does Ubuntu have and what functionality do they provide that is 
>> missing
>> from Fedora?
>>
>> With that info, I would think one could write a BZ against R requesting the 
>> missing
>> pieces.  Probably would get a better, more definitive answer that way.

I'm not an R user either, so I could be wildly wrong here.
But I believe that most of the different packages are
extensions/modules/additional data files rather than than
missing pieces of the core R software.  Similar to CPAN for
Perl modules, R has CRAN for R packages.

(That's probably nothing new to either of you, but might be
useful to someone casually following this thread.)

There are 12,173 packages listed at
https://cloud.r-project.org/web/packages/available_packages_by_name.html

So I guess no distribution has much of it covered. ;)

> I count about 435 on Ubuntu.

To be fair, Ubuntu gets to build on top of the substantial
work of Debian.

For grins, I poked at the latest docker images from Debian,
Ubuntu, and Fedora and came up with these numbers:

# debian (docker.io/debian:latest)
$ apt-get update
$ apt-cache pkgnames | grep -ciw r
292

# ubuntu (docker.io/ubuntu:latest)
$ apt-get update
$ apt-cache pkgnames | grep -ciw r
365

# fedora (registry.fedoraproject.org/fedora:rawhide)
# (There are 42 '-devel' packages and 4 matches which are
# not R packages.)
$ dnf list available | grep -iw r | grep -cv -- -devel
167

# Non-R packages:
fonts-KOI8-R.noarch
fonts-KOI8-R-100dpi.noarch
fonts-KOI8-R-75dpi.noarch
perl-Tree-R.noarch

There's an R SIG for Fedora, which looks like it's been
quiet since October.  Perhaps some folks interested in R
packaging would be welcome there?

https://stat.ethz.ch/mailman/listinfo/r-sig-fedora

-- 
Todd
~~
Most of one's life is one prolonged effort to prevent oneself
thinking.
-- Aldous Huxley



signature.asc
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Nvidia Module Tainting Kernel

[Samuel Sieb]

On 02/20/2018 12:59 PM, Stephen Morris wrote:
Looking at dmesg again this morning, and searching for the work 'taints' 
I get the 2nd message listed above but not the first message (why?), and 
this search displays a message in the same format as the first message 
for my wifi driver which is also compiled, but I don't see any messages 
with the word 'taints' in them for the 6 compiled kernel modules 
provided by the vendor of my mouse that I am compiling via dkms. Of the 
6 modules I am compiling one and possibly two are being actively loaded 
and used by the kernel, so why are these not producing the messages?


If the license for the mouse drivers is GPL or similar, they most likely 
won't taint the kernel.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Nvidia Module Tainting Kernel

[Ed Greshko]

On 02/21/18 08:23, Tim wrote:
> Allegedly, on or about 21 February 2018, Stephen Morris sent:
>> I been in the situation of compiling kernel modules in other linux 
>> distributions where you could put statements in your source to stop 
>> these messages, but I have forgotten what they were.
> A install is tainted by having certain kinds of things installed (in
> this case, binary support files that are not open-source).
>
> It will still be tainted (i.e. not suitable for providing bug reports
> to sources that need the computer to be running in a defined state),
> even if you try and pretend that it is not (faking the flags).
>
> To untaint a a kernel (e.g. for the purposes of debugging something),
> you have to stop using the modules that cause the tainting (you'd
> unload the Nvidia graphics driver and use a generic one, in this case).
>  If, after doing that, the problem still occurs, you can make a bug
> report that can be used by the debugging team.  But, if after that, the
> fault goes away, it points rather firmly at your binary blob being the
> cause of the problem.  And since nobody here can debug closed source
> software, you're stuck.
>

BTW, one can determine if their kernel is tainted by doing a "cat
/proc/sys/kernel/tainted".  Anything other than 0 means "tainted".

The values are additive from this list(may be out of date).

1 – A module with a non-GPL license has been loaded, this includes modules with 
no
license. Set by modutils >= 2.4.9 and module-init-tools.
2 – A module was force loaded by insmod -f. Set by modutils >= 2.4.9 and
module-init-tools.
4 – Unsafe SMP processors: SMP with CPUs not designed for SMP.
8 – A module was forcibly unloaded from the system by rmmod -f.
16 – A hardware machine check error occurred on the system.
32 – A bad page was discovered on the system.
64 – The user has asked that the system be marked “tainted”. This could be 
because
they are running software that directly modifies the hardware, or for other 
reasons.
128 – The system has died.
256 – The ACPI DSDT has been overridden with one supplied by the user instead of
using the one provided by the hardware.
512 – A kernel warning has occurred.
1024 – A module from drivers/staging was loaded.
268435456 – Unsupported hardware
536870912 – Technology Preview code was loaded


-- 
A motto of mine is: When in doubt, try it out



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [EXT] Re: R as on Ubuntu and Fedora

[Weiner, Michael]

On Wed, 21 Feb 2018, Max Pyziur wrote:

I count about 435 on Ubuntu.

fyi,

MP
--
Out of over 6000 packages available from CRAN alone, 435 is nothing. I dont 
believe the number of packages available from a distribution's repository is 
reflective of the level of support. R makes it extremely easy to install 
packages. Who needs all of CRAN to be available in a repository? It is simple 
enough to do a 'install.packages("BLAH"). What is important is R core and devel 
support, and to that point, both OSs are basically the same
===


 Please consider the environment before printing this e-mail

Cleveland Clinic is currently ranked as the No. 2 hospital in the country by 
U.S. News & World Report (2017-2018). Visit us online at 
http://www.clevelandclinic.org for a complete listing of our services, staff 
and locations. Confidentiality Note: This message is intended for use only by 
the individual or entity to which it is addressed and may contain information 
that is privileged, confidential, and exempt from disclosure under applicable 
law. If the reader of this message is not the intended recipient or the 
employee or agent responsible for delivering the message to the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this 
communication in error, please contact the sender immediately and destroy the 
material in its entirety, whether electronic or hard copy. Thank you.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Nvidia Module Tainting Kernel

[Tim]

Allegedly, on or about 21 February 2018, Stephen Morris sent:
> I been in the situation of compiling kernel modules in other linux 
> distributions where you could put statements in your source to stop 
> these messages, but I have forgotten what they were.

A install is tainted by having certain kinds of things installed (in
this case, binary support files that are not open-source).

It will still be tainted (i.e. not suitable for providing bug reports
to sources that need the computer to be running in a defined state),
even if you try and pretend that it is not (faking the flags).

To untaint a a kernel (e.g. for the purposes of debugging something),
you have to stop using the modules that cause the tainting (you'd
unload the Nvidia graphics driver and use a generic one, in this case).
 If, after doing that, the problem still occurs, you can make a bug
report that can be used by the debugging team.  But, if after that, the
fault goes away, it points rather firmly at your binary blob being the
cause of the problem.  And since nobody here can debug closed source
software, you're stuck.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 4.14.16-200.fc26.x86_64 #1 SMP Wed Jan 31 19:34:52 UTC 2018 x86_64

Boilerplate:  All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.

If you are not the intended recipient, why are you reading their email?
You bastard!
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[Matthew Miller]

On Tue, Feb 20, 2018 at 06:28:57PM -0500, Max Pyziur wrote:
> Greetings,
> I've been learning R on both Fedora and Ubuntu.
> I've noticed that Ubuntu has considerably greater support for R than
> Fedora (more R deb packages than R rpm packages).
> Is there a rationale for this?

I'm not sure about R in specific, but generally the rationale is "no
one did it". Are there particular packages that you're interested in?

-- 
Matthew Miller

Fedora Project Leader
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: Replication Delay

[Mark Reynolds]

On 02/20/2018 06:53 PM, William Brown wrote:
> On Tue, 2018-02-20 at 23:36 +, Fong, Trevor wrote:
>> Hi William,
>>
>> Thanks a lot for your reply.
>>
>> That's correct - replication schedule is not enabled.
>> No - there are definitely changes to replicate - I know, I made the
>> change myself (
>> I changed the "description" attribute on an account, but it takes up
>> to 15 mins for the change to appear in the 1.3 master.
>> That master replicates to another master and a bunch of other hubs.
>> Those hubs replicate amongst themselves and a bunch of consumers.
> So to be correct in my understanding:
>
> 1.2 <-> 1.3 --> [ group of hubs/consumers ]
>
> Yes? 
>
>> The update can take up to 15 mins to make it from the 1.2 master,
>> into the 1.3 master; but once it hits the 1.3 master, it is
>> replicated around the 1.3 cluster within 1 sec.
>>
>> Only memberOf is disallowed for fractional replication.
>>
>> Can anyone give me any guidance as to the settings of the "backoff"
>> and other parameters?  Any doc links that may be useful?
> Mark? You wrote thisn, I can't remember what it's called 
Before we should adjust the back off min and max values, we need to
determine why 1.2.11 is having a hard time updating 1.3.6.  1.3.6 is
just receiving updates, so it's 1.2.11 that "seems" to be misbehaving. 
So... Is there anything in the errors log on 1.2.11?  It wouldn't hurt
to check 1.3.6, but I think 1.2.11 is where we will find our answer.

If there is noting in the log, then turn on replication logging and do
your test update.  Once the update hits 1.3.6 turn replication logging
off.  Then we can look at the logs and see what happens with your test
update.

But as requested here is the backoff min & max info:

http://www.port389.org/docs/389ds/design/replication-retry-settings.html

>
>> Thanks a lot,
>> Trev
>>
>>
>> On 2018-02-18, 3:32 PM, "William Brown" 
>> wrote:
>>
>> On Sat, 2018-02-17 at 01:49 +, Fong, Trevor wrote:
>> > Hi Everyone,
>> >  
>> > I’ve set up a new 389 DS cluster (389-Directory/1.3.6.1
>> > B2018.016.1710) and have set up a replication agreement from
>> our old
>> > cluster (389-Directory/1.2.11.15 B2014.300.2010) to a master
>> node in
>> > the new cluster.  Problem is that updates in the old cluster
>> take up
>> > to 15 mins to make it into the new cluster.  We need it to be
>> near
>> > instantaneous, like it normally is.  Any ideas what I can
>> check?
>> 
>> I am assuming you don't have a replication schedule enabled?
>> 
>> In LDAP replication is always "eventual". So a delay isn't
>> harmful.
>> 
>> But there are many things that can influence this. Ludwig is the
>> expert, and I expect he'll comment here. 
>> 
>> Only one master may be "replicating" to a server at a time. So if
>> your
>> 1.3 server is replicating with other servers, then your 1.2
>> server may
>> have to "wait it's turn".
>> 
>> There is a replication 'backoff' timer, that sets how long it
>> tries and
>> scales these attempts too. I'm not sure if 1.2 has this or not
>> though.
>> 
>> Another reason could be there are no changes to be replicated,
>> replication only runs when there is something to do. So your 1.2
>> server
>> may have no changes, or it could be eliminating the changes with
>> fractional replication.
>> 
>> Finally, it's very noisy but you could consider enabling
>> replication
>> logging to check what's happening. 
>> 
>> I hope that helps,
>> 
>> 
>> 
>> >  
>> > Thanks a lot,
>> > Trev  
>> >  
>> > _
>> > Trevor Fong
>> > Senior Programmer Analyst
>> > Information Technology | Engage. Envision. Enable.
>> > The University of British Columbia
>> > trevor.f...@ubc.ca | 1-604-827-5247 | it.ubc.ca
>> >  
>> > ___
>> > 389-users mailing list -- 389-users@lists.fedoraproject.org
>> > To unsubscribe send an email to 389-users-leave@lists.fedorapro
>> ject.o
>> > rg
>> -- 
>> Thanks,
>> 
>> William Brown
>> ___
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproje
>> ct.org
>> 
>>
>> ___
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
>> rg
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[Max Pyziur]

On Wed, 21 Feb 2018, Ed Greshko wrote:


On 02/21/18 07:28, Max Pyziur wrote:

I've been learning R on both Fedora and Ubuntu.

I've noticed that Ubuntu has considerably greater support for R than Fedora 
(more R
deb packages than R rpm packages).

Is there a rationale for this?



I don't use R or Ubuntu.  But I wonder if counting the number of packages is 
actually
reflective of the level of support.  Is there a one-to-one correspondence 
between deb
and rpm packages and the distributions?

I count 140 rpm's (R-*) packages on Fedora.  This excludes the devel packages.  
How
many more does Ubuntu have and what functionality do they provide that is 
missing
from Fedora?

With that info, I would think one could write a BZ against R requesting the 
missing
pieces.  Probably would get a better, more definitive answer that way.


I count about 435 on Ubuntu.

fyi,

MP___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: LDAPS certificates multimaster with haproxy

[William Brown]

On Tue, 2018-02-20 at 16:00 +0100, Francesco Marchesi wrote:
> Hi.
> We are in the process of renewing the certificates of our two 389DS
> servers which sync through multimaster replication.
> We are currently using a self-signed certificate shared between the
> two
> servers.
> Our topology is like this:
> 
> HAProxy : ldap.example.com for load balancing
> LDAP1 : ldap1.example.com
> LDAP2 : ldap2.example.com
> 
> Connections are made from clients to ldaps://ldap.example.com which
> sends requests to either ldap1 or ldap2
> Following the 'SSL howto' [1] we would like to have separate 'real'
> certificates for the two servers.
> If I'm not wrong, the certificate signing requests should be created
> in
> each of the two 'real' servers for their real name and adding
> ldap.example.com as subjectaltname.
> Is that correct?

That is correct!

Today you actually need ldap.example.com AND ldap1.example.com in the
subjectAltName, because that's the "definitive" field. I think the rule
is "if a SAN is present use it for hostnames instead of CN in the
subject".

> If yes, then I have another question: having the two certificates it
> is
> not important which one clients use, is it?

No, because the clients trust the CA that issues the two certs, not the
individual certs themselves.

Hope that helps! 

> Thanks,
> Francesco
> 
> [1] http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.htm
> l
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
> rg
-- 
Thanks,

William Brown
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: Replication Delay

[William Brown]

On Tue, 2018-02-20 at 23:36 +, Fong, Trevor wrote:
> Hi William,
> 
> Thanks a lot for your reply.
> 
> That's correct - replication schedule is not enabled.
> No - there are definitely changes to replicate - I know, I made the
> change myself (
> I changed the "description" attribute on an account, but it takes up
> to 15 mins for the change to appear in the 1.3 master.
> That master replicates to another master and a bunch of other hubs.
> Those hubs replicate amongst themselves and a bunch of consumers.

So to be correct in my understanding:

1.2 <-> 1.3 --> [ group of hubs/consumers ]

Yes? 

> 
> The update can take up to 15 mins to make it from the 1.2 master,
> into the 1.3 master; but once it hits the 1.3 master, it is
> replicated around the 1.3 cluster within 1 sec.
> 
> Only memberOf is disallowed for fractional replication.
> 
> Can anyone give me any guidance as to the settings of the "backoff"
> and other parameters?  Any doc links that may be useful?

Mark? You wrote thisn, I can't remember what it's called 

> 
> Thanks a lot,
> Trev
> 
> 
> On 2018-02-18, 3:32 PM, "William Brown" 
> wrote:
> 
> On Sat, 2018-02-17 at 01:49 +, Fong, Trevor wrote:
> > Hi Everyone,
> >  
> > I’ve set up a new 389 DS cluster (389-Directory/1.3.6.1
> > B2018.016.1710) and have set up a replication agreement from
> our old
> > cluster (389-Directory/1.2.11.15 B2014.300.2010) to a master
> node in
> > the new cluster.  Problem is that updates in the old cluster
> take up
> > to 15 mins to make it into the new cluster.  We need it to be
> near
> > instantaneous, like it normally is.  Any ideas what I can
> check?
> 
> I am assuming you don't have a replication schedule enabled?
> 
> In LDAP replication is always "eventual". So a delay isn't
> harmful.
> 
> But there are many things that can influence this. Ludwig is the
> expert, and I expect he'll comment here. 
> 
> Only one master may be "replicating" to a server at a time. So if
> your
> 1.3 server is replicating with other servers, then your 1.2
> server may
> have to "wait it's turn".
> 
> There is a replication 'backoff' timer, that sets how long it
> tries and
> scales these attempts too. I'm not sure if 1.2 has this or not
> though.
> 
> Another reason could be there are no changes to be replicated,
> replication only runs when there is something to do. So your 1.2
> server
> may have no changes, or it could be eliminating the changes with
> fractional replication.
> 
> Finally, it's very noisy but you could consider enabling
> replication
> logging to check what's happening. 
> 
> I hope that helps,
> 
> 
> 
> >  
> > Thanks a lot,
> > Trev  
> >  
> > _
> > Trevor Fong
> > Senior Programmer Analyst
> > Information Technology | Engage. Envision. Enable.
> > The University of British Columbia
> > trevor.f...@ubc.ca | 1-604-827-5247 | it.ubc.ca
> >  
> > ___
> > 389-users mailing list -- 389-users@lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-leave@lists.fedorapro
> ject.o
> > rg
> -- 
> Thanks,
> 
> William Brown
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproje
> ct.org
> 
> 
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
> rg
-- 
Thanks,

William Brown
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: R as on Ubuntu and Fedora

[Ed Greshko]

On 02/21/18 07:28, Max Pyziur wrote:
> I've been learning R on both Fedora and Ubuntu.
>
> I've noticed that Ubuntu has considerably greater support for R than Fedora 
> (more R
> deb packages than R rpm packages).
>
> Is there a rationale for this? 


I don't use R or Ubuntu.  But I wonder if counting the number of packages is 
actually
reflective of the level of support.  Is there a one-to-one correspondence 
between deb
and rpm packages and the distributions?

I count 140 rpm's (R-*) packages on Fedora.  This excludes the devel packages.  
How
many more does Ubuntu have and what functionality do they provide that is 
missing
from Fedora?

With that info, I would think one could write a BZ against R requesting the 
missing
pieces.  Probably would get a better, more definitive answer that way.

-- 
A motto of mine is: When in doubt, try it out



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: Replication Delay

[Fong, Trevor]

Hi William,

Thanks a lot for your reply.

That's correct - replication schedule is not enabled.
No - there are definitely changes to replicate - I know, I made the change 
myself (
I changed the "description" attribute on an account, but it takes up to 15 mins 
for the change to appear in the 1.3 master.
That master replicates to another master and a bunch of other hubs.
Those hubs replicate amongst themselves and a bunch of consumers.

The update can take up to 15 mins to make it from the 1.2 master, into the 1.3 
master; but once it hits the 1.3 master, it is replicated around the 1.3 
cluster within 1 sec.

Only memberOf is disallowed for fractional replication.

Can anyone give me any guidance as to the settings of the "backoff" and other 
parameters?  Any doc links that may be useful?

Thanks a lot,
Trev


On 2018-02-18, 3:32 PM, "William Brown"  wrote:

On Sat, 2018-02-17 at 01:49 +, Fong, Trevor wrote:
> Hi Everyone,
>  
> I’ve set up a new 389 DS cluster (389-Directory/1.3.6.1
> B2018.016.1710) and have set up a replication agreement from our old
> cluster (389-Directory/1.2.11.15 B2014.300.2010) to a master node in
> the new cluster.  Problem is that updates in the old cluster take up
> to 15 mins to make it into the new cluster.  We need it to be near
> instantaneous, like it normally is.  Any ideas what I can check?

I am assuming you don't have a replication schedule enabled?

In LDAP replication is always "eventual". So a delay isn't harmful.

But there are many things that can influence this. Ludwig is the
expert, and I expect he'll comment here. 

Only one master may be "replicating" to a server at a time. So if your
1.3 server is replicating with other servers, then your 1.2 server may
have to "wait it's turn".

There is a replication 'backoff' timer, that sets how long it tries and
scales these attempts too. I'm not sure if 1.2 has this or not though.

Another reason could be there are no changes to be replicated,
replication only runs when there is something to do. So your 1.2 server
may have no changes, or it could be eliminating the changes with
fractional replication.

Finally, it's very noisy but you could consider enabling replication
logging to check what's happening. 

I hope that helps,



>  
> Thanks a lot,
> Trev  
>  
> _
> Trevor Fong
> Senior Programmer Analyst
> Information Technology | Engage. Envision. Enable.
> The University of British Columbia
> trevor.f...@ubc.ca | 1-604-827-5247 | it.ubc.ca
>  
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
> rg
-- 
Thanks,

William Brown
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org


___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

R as on Ubuntu and Fedora

[Max Pyziur]

Greetings,

I've been learning R on both Fedora and Ubuntu.

I've noticed that Ubuntu has considerably greater support for R than 
Fedora (more R deb packages than R rpm packages).


Is there a rationale for this?

Much thanks,

Max Pyziur
p...@brama.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[Cameron Simpson]

On 20Feb2018 11:46, robert p. j. day  wrote:

On Tue, 20 Feb 2018, David King wrote:

On 02/20/2018 09:44 AM, Robert P. J. Day wrote:
> "Each user can create several user profiles for business or personal
> use."
>
>   i'm still reading but i've seen nothing yet that supports that
> interpretation.
>
That language isn't clear to me either.  The following things cross my
mind as possibilities:

  * Bash login profiles.  This doc is an example of describing these as
user profiles: http://linux-training.be/security/ch04.html
  * LDAP directory user entities, groups (roles) and profile/directory
metadata, assuming the *nix system tied to an LDAP for authentication
  * Mail client profiles (ex. I have separate business and personal
identities defined in Thunderbird)


 i finished the section ... it dealt only with customizing /etc/skel,
/etc profile, and so on and so on, all standard stuff ... completely
misleading reference to "user profiles." g ...


I think you're right - the courseware is only talking about the typical shell 
setup files.


Of course one _can_ make some additional scripts to source for special 
purposes. I've got a little command named "dev" which hacks my $PATH, 
$PYTHONPATH etc to have my current code directory parts mentioned at the front 
in order to run the code I'm hacking, versus the stable code installed in the 
usual places like ~/bin. One might consider such a thing an additional profile 
in the context you seem to describe.


Or, of course, the courseware might have been written by someone without proper 
understanding. That happens. Consider the basics written by an engineer or 
other specialist, later cleaned up/tweaked by a tech writer.


Personally I'd describe the shell login process to the students (/etc/profile, 
~/.profile etc), explain that this varies a little depending on the shell (eg 
~/.bash_profile), and explain that these are nothing more than scripts that are 
sourced to set up $PATH etc.


So while _these_ scripts constitute a profile in that they're run automatically 
for a login shell, in principle the "profile" (the current settings of $PATH 
and friends) can be further changed at any point as they see fit, and for 
common purposes one might keep a special purpose script around to do just that.


For myself, I sometimes keep a client/employer related script that hooks my 
shell into the environment I'm using to work on their stuff. Very handy to get 
predictable behaviour.


Cheers,
Cameron Simpson  (formerly c...@zip.com.au)
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Nvidia Module Tainting Kernel

[Ed Greshko]

On 02/21/18 04:59, Stephen Morris wrote:
> On 20/2/18 8:54 am, Ed Greshko wrote:
>> On 02/20/18 04:41, Stephen Morris wrote:
>>>     I'm using the nvidia drivers from negativo17. I have the nvidia source 
>>> module
>>> registered with dkms and it seems to be being compiled when I get a new 
>>> kernel, if
>>> that is the case what do I need to do to resolve the following messages 
>>> shown by
>>> "dmesg"?
>>>
>>>
>>> [   14.934074] nvidia: loading out-of-tree module taints kernel.
>>> [   14.934086] nvidia: module license 'NVIDIA' taints kernel.
>>> [   14.934087] Disabling lock debugging due to kernel taint
>>> [   14.943865] nvidia: module verification failed: signature and/or 
>>> required key
>>> missing - tainting kernel
>>
>> When you load a proprietary module into the kernel it becomes tainted.  
>> There is no
>> way to "fix" it.  It is like replacing the battery in your iPhone with a 
>> battery you
>> bought on the street corner.  You have voided the warranty.
>
> I been in the situation of compiling kernel modules in other linux 
> distributions
> where you could put statements in your source to stop these messages, but I 
> have
> forgotten what they were.
>
> Looking at dmesg again this morning, and searching for the work 'taints' I 
> get the
> 2nd message listed above but not the first message (why?), and this search 
> displays
> a message in the same format as the first message for my wifi driver which is 
> also
> compiled, but I don't see any messages with the word 'taints' in them for the 
> 6
> compiled kernel modules provided by the vendor of my mouse that I am 
> compiling via
> dkms. Of the 6 modules I am compiling one and possibly two are being actively
> loaded and used by the kernel, so why are these not producing the messages?
>
> Also given that this morning I am seeing the equivalent of the first message 
> for my
> wifi driver, but I am not seeing it for the nvidia driver, which makes it 
> look like
> these messages are random, are they actually random or is the lack of the 
> message
> and indication that the kernel is potentially not working correctly?

I'm confused as to what your goal is and what your understanding of what 
"taints" a
kernel.

The lack of a message in dmesg or the journal with the word "taint" doesn't 
guarantee
your kernel hasn't been tainted as there are several ways to have the kernel 
flagged
as "tainted".

Take this VM that I've just installed.

[egreshko@f27k-v ~]$ dmesg | grep -i taint
[egreshko@f27k-v ~]$ journalctl -b 0 | grep -i taint
[egreshko@f27k-v ~]$ ./tainted
Taint value: 1024
[bit] [bit value] [description] 
 
10    1024    A module from drivers/staging was loaded

As it happens, the VM is connected to a wireless usb device which loads a
drivers/staging module and thus the kernel is considered "tainted"

Now, take my desktop which is "seriously" tainted.

[egreshko@meimei tainted]$ dmesg | grep -i taint
[    6.508288] nvidia: loading out-of-tree module taints kernel.
[    6.508297] nvidia: module license 'NVIDIA' taints kernel.
[    6.508298] Disabling lock debugging due to kernel taint
[    6.515118] nvidia: module verification failed: signature and/or required key
missing - tainting kernel
[   11.598031] CPU: 1 PID: 0 Comm: swapper/1 Tainted: P C OE   
4.15.3-300.fc27.x86_64 #1

[egreshko@meimei tainted]$ journalctl -b 0 | grep -i taint
Feb 18 17:59:21 meimei.greshko.com kernel: nvidia: loading out-of-tree module 
taints
kernel.
Feb 18 17:59:21 meimei.greshko.com kernel: nvidia: module license 'NVIDIA' 
taints kernel.
Feb 18 17:59:21 meimei.greshko.com kernel: Disabling lock debugging due to 
kernel taint
Feb 18 17:59:21 meimei.greshko.com kernel: nvidia: module verification failed:
signature and/or required key missing - tainting kernel
Feb 18 17:59:26 meimei.greshko.com kernel: CPU: 1 PID: 0 Comm: swapper/1 
Tainted:
P C OE    4.15.3-300.fc27.x86_64 #1

[egreshko@meimei tainted]$ ./tainted
Taint value: 13313
[bit] [bit value] [description] 
 
0 1   A module with a non-GPL license has been loaded, this
  includes modules with no license.
  Set by modutils >= 2.4.9 and module-init-tools
10    1024    A module from drivers/staging was loaded  
 
12    4096    An out-of-tree module has been loaded 
 
13    8192    An unsigned module has been loaded in a kernel supporting
  module signature

So, do you just want to eliminate the messages to make yourself think your 
kernel
isn't tainted?  Or something else? 

-- 
A motto of mine is: When in doubt, try it out


signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Speech-dispatcher

[Rex Dieter]

Jonathan Ryshpan wrote:

> I never use it.  It gets in the way and uses computer resources. 

Any resources besides disk space?

> How can I get rid of it?

You can't at the moment.  I can look into implementing it if there is 
demand.

-- Rex
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Speech-dispatcher

[Jonathan Ryshpan]

I never use it.  It gets in the way and uses computer resources.  How
can I get rid of it?

System: Fedora-27
Platform: KDE___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Stephen Morris]

On 20/2/18 7:39 pm, Samuel Sieb wrote:

On 02/12/2018 01:32 PM, Stephen Morris wrote:
Wouldn't grub2-install be used to install the boot sectors to the 
/boot partition? This question is coming from the days when I 
formatted an entire hard disk as GPT and tried to install an older 
Fedora system on it and had the install fail with the message that 
Fedora could not be booted from a GPT environment.


There are no boot sectors with EFI.  The necessary files that go in 
the EFI partition at /boot/efi are in the grub2-efi-x64 and shim-x64 
packages.


This question was not so much aimed at efi, but rather is it still the 
case that /boot cannot be placed in a GPT partition?



regards,

Steve



___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Stephen Morris]

On 20/2/18 7:33 pm, Samuel Sieb wrote:

On 02/14/2018 01:51 PM, Stephen Morris wrote:
It could be. As I understand it the default functionality updates the 
mbr on the specified device, and from what I've read in other 
threads, I thought they said that to get the grub menu displayed at 
boot you don't update the mbr on an efi system any more, all that is 
necessary is to just run grub2-mkconfig.


EFI systems have a special partition that contains as many bootloaders 
as you want.  It solves the problem of who gets to control the MBR 
bootloader location.


Are they the .efi files that are in /boot/efi/EFI/BOOT on a system that 
doesn't have the separate partition?


Just on the separate partition front, if I boot between Win 10, Fedora 
27 and Ubuntu 17.10 on the one machine, do I need 3 separate partitions 
or can the 3 operating system share the one partition if I decide to 
activate efi on my machine?



regards.

Steve



___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Stephen Morris]

On 20/2/18 7:43 pm, Samuel Sieb wrote:

On 02/19/2018 12:13 PM, Stephen Morris wrote:
I thought that with SB all your drivers etc had to be signed to be 
able to boot from a SecureBoot system, and as such Fedora were using 
Microsoft certificates, whereas Ubuntu was going down the path of 
self signing. Given what you said around the 
/usrlib/grub/x86_64-efi-signed directory, which doesn't exist on my 
system, and if I understood you correctly doesn't exist in fedora 
anyway, where are fedora's certificates, and, if I enable SecureBoot 
in my bios do I have to also load the default certificates that the 
bios offers?


Each OS has to get their bootloader to be signed by Microsoft's 
certificate for the BIOS to accept it.  It is usually possible to add 
your own certificate to the BIOS store, but that is a somewhat 
convoluted process that most users would not want to try going 
through. Fedora's signed bootloader shim is in the shim-x64 package 
and the EFI grub executables are in the grub2-efi-x64 package.


Those packages are installed on my system even though, as far as I'm 
aware I have never had efi active, and I have never used a motherboard 
that had SecureBoot enabled. I did not explicitly install those packages 
and my assumption is they were installed with the F27 upgrade, but I can 
verify whether they were installed in F26 or not.



regards,

Steve



___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Nvidia Module Tainting Kernel

[Stephen Morris]

On 20/2/18 8:54 am, Ed Greshko wrote:

On 02/20/18 04:41, Stephen Morris wrote:

    I'm using the nvidia drivers from negativo17. I have the nvidia source 
module
registered with dkms and it seems to be being compiled when I get a new kernel, 
if
that is the case what do I need to do to resolve the following messages shown by
"dmesg"?


[   14.934074] nvidia: loading out-of-tree module taints kernel.
[   14.934086] nvidia: module license 'NVIDIA' taints kernel.
[   14.934087] Disabling lock debugging due to kernel taint
[   14.943865] nvidia: module verification failed: signature and/or required key
missing - tainting kernel


When you load a proprietary module into the kernel it becomes tainted.  There 
is no
way to "fix" it.  It is like replacing the battery in your iPhone with a 
battery you
bought on the street corner.  You have voided the warranty.


I been in the situation of compiling kernel modules in other linux 
distributions where you could put statements in your source to stop 
these messages, but I have forgotten what they were.


Looking at dmesg again this morning, and searching for the work 'taints' 
I get the 2nd message listed above but not the first message (why?), and 
this search displays a message in the same format as the first message 
for my wifi driver which is also compiled, but I don't see any messages 
with the word 'taints' in them for the 6 compiled kernel modules 
provided by the vendor of my mouse that I am compiling via dkms. Of the 
6 modules I am compiling one and possibly two are being actively loaded 
and used by the kernel, so why are these not producing the messages?


Also given that this morning I am seeing the equivalent of the first 
message for my wifi driver, but I am not seeing it for the nvidia 
driver, which makes it look like these messages are random, are they 
actually random or is the lack of the message and indication that the 
kernel is potentially not working correctly?



regards,

Steve




___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[fred roller]

[snip]
> "Each user can create several user profiles for business or personal
> use."
[snip]

Seems to me that it simply means you can have more than one account on the
system like multiple users.  I, myself, have usually created an admin user
and a day to day user for security reasons (two accounts owned by one
person).  The ambiguous part seams to lead one to thinking you can fork
post log in depending on purpose of session, which, excepting in a ldap or
some-such set up, doesn't quite fly.  Linux is built on simplicity and the
path of least resistance here would be that a user can create multiple
accounts each serving a specific perpose.  Sure, with a few tweaks the two
or more can be seamless short of purpose; but, at the core they are
separate accounts on the system.

my two bits, hih
Fred
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?

[Paul Allen Newell]

On 02/20/2018 12:39 AM, Ed Greshko wrote:

On 02/20/18 15:51, Paul Allen Newell wrote:

In earlier email in this thread, you stated:

 Yes.  As long as you don't have kernel modules which were built with a
 non-patched gcc.

 ls /sys/devices/system/cpu/vulnerabilities/*

 cat /sys/devices/system/cpu/vulnerabilities/*

This file is new to me ... do you happen to know about when it was introduced 
and
if there is any documentation on it (I couldn't find anything but I feel I was
grasping in the dark as I must be missing something).

Looking at the changelog for the kernel, my guess is that they were introduced 
around
Jan 10 of this year.  Maybe with the 4.14.13 kernel.  I don't happen to have an
earlier one running.  Except for a Live image which is at 4.13.9 and they 
aren't there.

I've not done, but probably should, look at the BZ reports noted in the 
changelog as
well as the CVE reports.

For example, the changelog has...

* Wed Jan 10 2018 Justin M. Forbes  - 4.14.13-300
- Linux v4.14.13
- Iniital retpoline fixes for Spectre v2


 From what I can tell in this thread, this is a good new addition


I would say so.





Ed:

Thanks for reply. Your answer is what I need to know ... it is a very 
recent addition (which helps explain why I haven't heard of it (smile)). 
I hadn't gotten far enough to figure out that the kernel is what I 
should be looking at


Best,
Paul
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: password administrator

[Mark Reynolds]

On 02/20/2018 12:44 PM, Alberto Viana wrote:
> Hi Guys,
>
> Can I set multiple groups in passwordAdminDN? 
>
> I know that I can set per policy (subtree or user), but  there is any
> other way to specify more than one group globally?
Not currently.  It is limited to a single static group.  Nested groups
also do not work. 

But feel free to file an RFE at https://pagure.io/389-ds-base/new_issue
>
>
> Thanks
>
>
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] password administrator

[Alberto Viana]

Hi Guys,

Can I set multiple groups in passwordAdminDN?

I know that I can set per policy (subtree or user), but  there is any other
way to specify more than one group globally?


Thanks
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[Robert P. J. Day]

On Tue, 20 Feb 2018, David King wrote:

> On 02/20/2018 09:44 AM, Robert P. J. Day wrote:
> > On Tue, 20 Feb 2018, chicago wrote:
> >
> >> You can configure multiple ssh keys but that's an ssh profile. Also
> >> you can have separate Firefox prprofiles but I doubt they mean that.
> >>
> >> I think a standard "profile" would be a great idea but it would need
> >> buy in from everyone.
> >   i would love to cut and paste from this PDF doc, but it's
> > security-protected to disallow that. however, here's the money quote:
> >
> > "Each user can create several user profiles for business or personal
> > use."
> >
> >   i'm still reading but i've seen nothing yet that supports that
> > interpretation.
> >
> > rday
> >
> That language isn't clear to me either.  The following things cross my
> mind as possibilities:
>
>   * Bash login profiles.  This doc is an example of describing these as
> user profiles: http://linux-training.be/security/ch04.html
>   * LDAP directory user entities, groups (roles) and profile/directory
> metadata, assuming the *nix system tied to an LDAP for authentication
>   * Mail client profiles (ex. I have separate business and personal
> identities defined in Thunderbird)

  i finished the section ... it dealt only with customizing /etc/skel,
/etc profile, and so on and so on, all standard stuff ... completely
misleading reference to "user profiles." g ...

rday___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Upgrade from FC 24 to FC 27 broke support for DisplayPort 1.2 three port adapter

[David]

I had a working Fedora 24 box for almost 2 years that I decided to
upgrade to FC 27.  I have 3 monitors and used a 3 way adapter from
StarTech to adapt the single display port from my Intel NUC to support
my 3 displays.  Again this worked fine for years. After the upgrade
this setup stopped working.

My system has an encrypted root and home partition, and an
un-encrypted boot partition.  When I power on the computer with the 3
way adapter I get bios screens and the grub menu.  If I select the old
FC24 kernel to boot, the system proceeds to the password screen where
I unlock my root partition, and then to the user login screen for
fedora.  But if I select one of the new FC 27 kernels on the grub menu
I get a black screen only, no password screen to un-encrypt.  If I use
a straight through DisplayPort cable to power only one screen, the new
Kernels work fine and I can unlock and login.

Also, adding *nomodeset* to the kernel boot options will allow the new
kernels to work with the adapter, but all 3 screens mirror and
performance is way down.  I think this option doesn't use Intel's
drivers?

I looked at Xorg vs Wayland as a possible cause, but the option to
select that is on the user login screen, would that have any effect on
the un-encrypt password screen just after grub?

My graphics are Intel Iris 6100. My hardware is an Intel NUC with i7
processor. Video card is on chip.

So I am stuck.  Please help?

*
I made sure my Intel drivers where fully updated =

$ sudo dnf install
https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm
-E %fedora).noarch.rpm
Last metadata expiration check: 0:59:03 ago on Tue 16 Jan 2018 09:22:40 PM CST.
rpmfusion-free-release-27.noarch.rpm 24 kB/s | 20 kB 00:00
Package rpmfusion-free-release-27-1.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!

$ sudo dnf install intel-gpu-tools libva-intel-driver libva-utils
libva mesa-libOSMesa cairo-gobject cairo mesa-dri-drivers
mesa-filesystem mesa-libEGL mesa-libGL mesa-libGLES mesa-libgbm
mesa-libglapi mesa-libwayland-egl mesa-libxatracker
Last metadata expiration check: 0:59:23 ago on Tue 16 Jan 2018 09:22:40 PM CST.
Package intel-gpu-tools-2.99.917-31.20171025.fc27.x86_64 is already
installed, skipping.
Package libva-intel-driver-1.8.3-2.fc27.x86_64 is already installed, skipping.
Package libva-intel-driver-1.8.3-2.fc27.i686 is already installed, skipping.
Package libva-utils-1.8.3-4.fc27.x86_64 is already installed, skipping.
Package libva-1.8.3-3.fc27.x86_64 is already installed, skipping.
Package libva-1.8.3-3.fc27.i686 is already installed, skipping.
Package mesa-libOSMesa-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libOSMesa-17.2.4-2.fc27.i686 is already installed, skipping.
Package cairo-gobject-1.15.10-1.fc27.x86_64 is already installed, skipping.
Package cairo-gobject-1.15.10-1.fc27.i686 is already installed, skipping.
Package cairo-1.15.10-1.fc27.x86_64 is already installed, skipping.
Package cairo-1.15.10-1.fc27.i686 is already installed, skipping.
Package mesa-dri-drivers-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-dri-drivers-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-filesystem-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-filesystem-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-libEGL-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libEGL-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-libGL-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libGL-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-libGLES-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libgbm-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libgbm-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-libglapi-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libglapi-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-libwayland-egl-17.2.4-2.fc27.x86_64 is already installed, skipping.
Package mesa-libwayland-egl-17.2.4-2.fc27.i686 is already installed, skipping.
Package mesa-libxatracker-17.2.4-2.fc27.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!

-- 
David
david...@gmail.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[David King]

On 02/20/2018 09:44 AM, Robert P. J. Day wrote:
> On Tue, 20 Feb 2018, chicago wrote:
>
>> You can configure multiple ssh keys but that's an ssh profile. Also
>> you can have separate Firefox prprofiles but I doubt they mean that.
>>
>> I think a standard "profile" would be a great idea but it would need
>> buy in from everyone.
>   i would love to cut and paste from this PDF doc, but it's
> security-protected to disallow that. however, here's the money quote:
>
> "Each user can create several user profiles for business or personal
> use."
>
>   i'm still reading but i've seen nothing yet that supports that
> interpretation.
>
> rday
>
That language isn't clear to me either.  The following things cross my
mind as possibilities:

  * Bash login profiles.  This doc is an example of describing these as
user profiles: http://linux-training.be/security/ch04.html
  * LDAP directory user entities, groups (roles) and profile/directory
metadata, assuming the *nix system tied to an LDAP for authentication
  * Mail client profiles (ex. I have separate business and personal
identities defined in Thunderbird)

-- 
David King
d...@daveking.com

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] LDAPS certificates multimaster with haproxy

[Francesco Marchesi]

Hi.
We are in the process of renewing the certificates of our two 389DS
servers which sync through multimaster replication.
We are currently using a self-signed certificate shared between the two
servers.
Our topology is like this:

HAProxy : ldap.example.com for load balancing
LDAP1 : ldap1.example.com
LDAP2 : ldap2.example.com

Connections are made from clients to ldaps://ldap.example.com which
sends requests to either ldap1 or ldap2
Following the 'SSL howto' [1] we would like to have separate 'real'
certificates for the two servers.
If I'm not wrong, the certificate signing requests should be created in
each of the two 'real' servers for their real name and adding
ldap.example.com as subjectaltname.
Is that correct?
If yes, then I have another question: having the two certificates it is
not important which one clients use, is it?
Thanks,
Francesco

[1] http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[Robert P. J. Day]

On Tue, 20 Feb 2018, chicago wrote:

> You can configure multiple ssh keys but that's an ssh profile. Also
> you can have separate Firefox prprofiles but I doubt they mean that.
>
> I think a standard "profile" would be a great idea but it would need
> buy in from everyone.

  i would love to cut and paste from this PDF doc, but it's
security-protected to disallow that. however, here's the money quote:

"Each user can create several user profiles for business or personal
use."

  i'm still reading but i've seen nothing yet that supports that
interpretation.

rday
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[chicago]

You can configure multiple ssh keys but that's an ssh profile. Also you can 
have separate Firefox prprofiles but I doubt they mean that. 

I think a standard "profile" would be a great idea but it would need buy in 
from everyone. 

Cheers! 



signature.asc
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: smartmontools still "monitoring" a replaced hard drive.

[Robert Nichols]

On 01/24/2018 10:45 PM, Samuel Sieb wrote:

On 01/24/2018 02:51 PM, William Mattison wrote:

The "smartctl" command with a parameter of "sda3" gives me this:


As has already been mentioned, smartctl works on the entire drive, not a 
partition.  I'm surprised it doesn't give an error in this case.


bash.7[~]: smartctl -a /dev/sda3
   1 Raw_Read_Error_Rate 0x000f   117   099   006    Pre-fail  Always   
-   162318392
   7 Seek_Error_Rate 0x000f   073   060   030    Pre-fail  Always   
-   24305368


This is somewhat concerning.  Is the drive somewhere where it gets a lot of 
vibration?


Almost certainly a Seagate disk drive. Do a Google search for "Seagate error 
rate". Those are _not_ simple error counts.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[Robert P. J. Day]

On Wed, 21 Feb 2018, Tim wrote:

> Allegedly, on or about 20 February 2018, Robert P. J. Day sent:
> > it all looks reasonable, until i get to a section in the user/group
> > administration chapter called "configure user profiles."
>
> Is it referring more to administrative controls placed on user
> accounts (quotas, permissions, etc)?
>
> It it simply referring to data about users (account names, real
> names, that kind of thing)?
>
> You'd need to provide some more insight into what that manual talks
> about to get a good answer to your question.

  still working my way through it, but i see nothing beyond exactly
what i expect -- references to /etc/profile, .profile, /etc/skel and
so on. i'm just wondering if there is actually a thing called a "user
profile" in linux, beyond just what i would call account configuration
or account customization or what have you.

rday
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: is there such a thing as a linux "user profile"?

[Tim]

Allegedly, on or about 20 February 2018, Robert P. J. Day sent:
> it all looks reasonable, until i get to a section in the user/group
> administration chapter called "configure user profiles."

Is it referring more to administrative controls placed on user accounts
(quotas, permissions, etc)?

It it simply referring to data about users (account names, real names,
that kind of thing)?

You'd need to provide some more insight into what that manual talks
about to get a good answer to your question.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 4.14.16-200.fc26.x86_64 #1 SMP Wed Jan 31 19:34:52 UTC 2018 x86_64

Boilerplate:  All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.

- Mwuu haha ha h, soon the world will be mine!
- Sir, you've got to take your finger off the intercom button.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

is there such a thing as a linux "user profile"?

[Robert P. J. Day]

  admittedly a weird question ... i have, on very short notice, been
handed a linux course to teach for a new client, and it's typically
taught in a centos 7 environment. perusing the manual, it all looks
reasonable, until i get to a section in the user/group administration
chapter called "configure user profiles."

  the section is weirdly written, and it may be nothing, but is there
such a thing as a "user profile" in linux, as opposed to just the
standard user/group/.profile configuration? that is, can a single
account have multiple "user profiles" configured for it in some way
that i've never been aware of?

  i suspect the term "user profile" here was simply badly chosen, but
i want to make sure i'm not misunderstanding something. thanks.

rday

-- 


Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca

Twitter:   http://twitter.com/rpjday
LinkedIn:   http://ca.linkedin.com/in/rpjday

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Tom H]

On Mon, Feb 19, 2018 at 3:13 PM, Stephen Morris
 wrote:
>
> I thought that with SB all your drivers etc had to be signed to be
> able to boot from a SecureBoot system, and as such Fedora were using
> Microsoft certificates, whereas Ubuntu was going down the path of self
> signing. Given what you said around the /usrlib/grub/x86_64-efi-signed
> directory, which doesn't exist on my system, and if I understood you
> correctly doesn't exist in fedora anyway, where are fedora's
> certificates, and, if I enable SecureBoot in my bios do I have to also
> load the default certificates that the bios offers?

Ubuntu's using an MS sig. The difference between Fedora and Ubuntu is
that the latter doesn't require that kernel modules be signed.

The "/usr/lib/grub/x86_64-efi-signed/" is an Ubuntu directory. So the
signed grub EFI executable is in "/boot/efi/EFI/ubuntu/" and
"/usr/lib/grub/x86_64-efi-signed/". Fedora only ships the grub EFI
executable in "/boot/efi/EFI/fedora/". So, if you run "grub-install"
it's recreated and unsigned (I assume!).

AFAIK, "shim" is signed by MS (and is validated by an MS-supplied and
-signed "thingy" in the firmware) and it embeds the Fedora sig with
which grub, the kernel, and the kernel modules are signed and
validated.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dual screen

[chicago]

I've found Gnome to handle low resolution televisions just fine. I tried it on 
a thirty something TV at 1360x768 or something and the text is crisp. 

signature.asc
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dual screen

[Tim]

Allegedly, on or about 20 February 2018, Ed Greshko sent:
> in my short lived experiment (my wife wanted the TV back) I found
> that while my laptop and TV were both 1920x1080 the fonts on the
> laptop were crisp and clear no matter how close I put my nose to the
> screen.  Not so the TV.  Even when I moved to where we'd normally be
> watching the TV the fonts looked "strange".

For TVs most video inputed will be processed.

In addition to my prior tweaking notes, if your signal isn't also
coming in at the scanning rates that's native to the set display
hardware (which you'll probably never know), it stands a good chance of
going through a conversion.  The input rates listed in specs will only
be whatever the processing accepts.

I considered myself lucky that my tv set did a good job of displaying
the computer, when I tried it.  I wasn't expecting it to be that good.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 4.14.16-200.fc26.x86_64 #1 SMP Wed Jan 31 19:34:52 UTC 2018 x86_64

Boilerplate:  All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.

Using Windows software is like coating all your handtools with sewage.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dual screen

[Patrick Dupre]

> Subject: Re: Dual screen
>
> On 02/20/18 09:25, Ed Greshko wrote:
> >  If I can only find the mini-HDMI cable that would connect
> > to my laptop.  I have never used a TV as a monitor so I don't know how well 
> > suited
> > they are for this purpose.
> 
> 
> I found my HDMI cable.  The TV is a 48 inch model.  It just so happens that 
> its
> preferred resolution is the same as my 11 inch laptop screen at 1920x1080.  
> The fonts
> on my laptop are very crisp and clear.  On the TV, not so much when viewed 
> close up. 
> Better when viewed from a distance but still not as good as a monitor.
> 
> However, I think I may have found your problem.
> 
> Looking at the specs for your TV/monitor we find that the screen size is 
> 23.5" with a
> pixel density of 66ppi at the native resolution. In searching for articles on 
> using
> TV as monitor they recommend a display with no less than 80dpi.  I could not 
> find the
> specs on my TV's display.  It is about 3 years old.
> 
> Now compare that with my Asus monitors.  They are 25" displays with a pixel 
> density
> of 117ppi at their native resolution of 2560x1440
> 
> (I think PPD, pixel per degree, may be a better measure but that seems harder 
> t come
> by or calculate)
> 
> Everything is sharp and clear on my Asus monitors.
> 
> I think you have HW which is never going to be satisfactory as a monitor.  
> Probably
> others with better understanding of display technology have their opinion.
> 
> -- 
Thank to every who tired to help my in installing this monitor.
I guess that I am going to try to return it to the seller.


> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dual screen

[Ed Greshko]

On 02/20/18 16:26, Tim wrote:
> I think the DPI issue is a bit of a red herring, in this instance.  If
> you take three different 1920 by 1080 sets, each with a different
> screensize, they'll each have a different DPI.  But they can each show
> the display as good as each other, though you'd use the bigger screens
> further away from you.  So-called high definition (1920 by 1080) isn't
> particularly *high* definition, and doesn't stand too much close
> scrutiny.


Yes.  That is sort of what I was getting to with the "Pixel Per Degree" being 
the
better measure.  I found a calculator for that and it has as part of the 
calculation
the viewing distance.

Anyway, in my short lived experiment (my wife wanted the TV back) I found that 
while
my laptop and TV were both 1920x1080 the fonts on the laptop were crisp and 
clear no
matter how close I put my nose to the screen.  Not so the TV.  Even when I 
moved to
where we'd normally be watching the TV the fonts looked "strange".

-- 
A motto of mine is: When in doubt, try it out



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Samuel Sieb]

On 02/19/2018 12:13 PM, Stephen Morris wrote:
I thought that with SB all your drivers etc had to be signed to be able 
to boot from a SecureBoot system, and as such Fedora were using 
Microsoft certificates, whereas Ubuntu was going down the path of self 
signing. Given what you said around the /usrlib/grub/x86_64-efi-signed 
directory, which doesn't exist on my system, and if I understood you 
correctly doesn't exist in fedora anyway, where are fedora's 
certificates, and, if I enable SecureBoot in my bios do I have to also 
load the default certificates that the bios offers?


Each OS has to get their bootloader to be signed by Microsoft's 
certificate for the BIOS to accept it.  It is usually possible to add 
your own certificate to the BIOS store, but that is a somewhat 
convoluted process that most users would not want to try going through. 
Fedora's signed bootloader shim is in the shim-x64 package and the EFI 
grub executables are in the grub2-efi-x64 package.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Is Fedora Linux protected against the Meltdown and Spectre security flaws?

[Ed Greshko]

On 02/20/18 15:51, Paul Allen Newell wrote:
> In earlier email in this thread, you stated:
>
> Yes.  As long as you don't have kernel modules which were built with a
> non-patched gcc.
>
> ls /sys/devices/system/cpu/vulnerabilities/*
>
> cat /sys/devices/system/cpu/vulnerabilities/*
>
> This file is new to me ... do you happen to know about when it was introduced 
> and
> if there is any documentation on it (I couldn't find anything but I feel I was
> grasping in the dark as I must be missing something).

Looking at the changelog for the kernel, my guess is that they were introduced 
around
Jan 10 of this year.  Maybe with the 4.14.13 kernel.  I don't happen to have an
earlier one running.  Except for a Live image which is at 4.13.9 and they 
aren't there.

I've not done, but probably should, look at the BZ reports noted in the 
changelog as
well as the CVE reports.

For example, the changelog has...

* Wed Jan 10 2018 Justin M. Forbes  - 4.14.13-300
- Linux v4.14.13
- Iniital retpoline fixes for Spectre v2

>
> From what I can tell in this thread, this is a good new addition


I would say so.

-- 
A motto of mine is: When in doubt, try it out



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Samuel Sieb]

On 02/12/2018 01:32 PM, Stephen Morris wrote:
Wouldn't grub2-install be used to install the boot sectors to the /boot 
partition? This question is coming from the days when I formatted an 
entire hard disk as GPT and tried to install an older Fedora system on 
it and had the install fail with the message that Fedora could not be 
booted from a GPT environment.


There are no boot sectors with EFI.  The necessary files that go in the 
EFI partition at /boot/efi are in the grub2-efi-x64 and shim-x64 packages.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: how to (re-?)construct grub menu?

[Samuel Sieb]

On 02/14/2018 01:51 PM, Stephen Morris wrote:
It could be. As I understand it the default functionality updates the 
mbr on the specified device, and from what I've read in other threads, I 
thought they said that to get the grub menu displayed at boot you don't 
update the mbr on an efi system any more, all that is necessary is to 
just run grub2-mkconfig.


EFI systems have a special partition that contains as many bootloaders 
as you want.  It solves the problem of who gets to control the MBR 
bootloader location.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Dual screen

[Tim]

Allegedly, on or about 20 February 2018, Ed Greshko sent:
> I think you have HW which is never going to be satisfactory as a
> monitor.  Probably others with better understanding of display
> technology have their opinion.

You'd expect one 1920 by 1080 screen to show something just as well as
another 1920 by 1080 screen.  And often that's the case, and it is with
my recently bought tv set, but...

Computer monitors are designed to show text, televisions are designed
for moving pictures.  Modern televisions do a lot of picture
processing, trying to hide noise and errors, sometimes trying to
enhance detail that's just not present in the signal, and will quite
often mess up a live picture in the process (even worse when it's
displaying a non-native resolution, such as standard defintion TV
signals being upscaled by the set to high definition).

The set may have some PC mode that puts the set into an optimal mode
for use with a computer.  On some sets, simply using PC as the name for
the input does the trick.  Otherwise, you may have to go through
turning off all the special features (noise reduction, enhancers,
motion effects, film modes, reality creation, overscan, etc).  

Overscanning is a particular issue with domestic sets (the picture is
rendered beyond the edges of the frame, by slightly magnifying it).  In
television this has been essential for decades.  Domestic TVs always
overscanned, studios took advantage of that and allowed things to get
into the camera frame that would never appear on the viewers set.  Turn
off overscanning, and you see the mike in shot, cameras filming off the
edges of sets, etc, on a hell of a lot of tv programs.  That's not
usuall a problem with analogue signals shown on old-school cathode ray
tubes, or even digital signals which don't use 1:1 pixel relationships.
 But with flat panel displays, overscanning destroys the 1:1 pixel
relationship of input signals to display rendering, and things that
require it (like small text), become smudgy.

You get sets that lie, too.  Saying that they're a certain resolution,
but the screen isn't that resolution.

I think the DPI issue is a bit of a red herring, in this instance.  If
you take three different 1920 by 1080 sets, each with a different
screensize, they'll each have a different DPI.  But they can each show
the display as good as each other, though you'd use the bigger screens
further away from you.  So-called high definition (1920 by 1080) isn't
particularly *high* definition, and doesn't stand too much close
scrutiny.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 4.14.16-200.fc26.x86_64 #1 SMP Wed Jan 31 19:34:52 UTC 2018 x86_64

Boilerplate:  All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.

This email brought to you by potato omelates:  
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org