Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
On 2015-04-17, Peter Lawler cen...@bleeter.id.au wrote: [OT ALERT] On 17/04/15 02:28, Valeri Galtsev wrote: clamav is a scanner that is designed to detect viruses (virii I should use for plural as it is Latin word) I believe this 'rule' in English is misunderstood by many and as a general rule of thumb... tl;dr: Words from Old English that came into modern English, use 'Old English' pluralisation: eg, sheep, fish etc. words adopted from other languages into English before and after modern English established, use 'modern' pluralisation eg, tsunamis, octopuses. rant As 'virus' was adopted into English for usage in relation to bugs, malwares etc. after the formation of modern English, the plural of computer virus is computer viruses. IMO, in a medical sense, the virus was first described in the 1890 - well after the formation of modern English so even then the plural of virus in English is viruses. I agree entirely. Also relevant is the fact that the Latin word 'virus' does not admit a plural form. Reasoning: If one had to learn the pluralisation of every word adopted into modern English, then an English speaker would have to learn the pluralisation rules for far more than just English (see above re tsunami, octopus but also consider other non old English words such as emoji alligator mannequin boulevard cookie umbrella alcohol nadir etc.) For old English words, the pluralisation rules for them was set before modern English evolved into what we know today so those old rules still apply. All in all, makes it a lot easier to know how to spell English plurals. Some think opctopi is the plural of octopuses, when it wouldn't be because it's Greek and not Latin anyway... To whit: the belief many have that the English plural of virus is virii, when in fact if anything it'd be afaik viri - which it isn't. The Latin word 'viri' translates as 'men', if I remember my school Latin correctly. :-) my 2c. Pete. [Authority: Platypuses, or Platypus - I believe the linguists are still out on that one - live near me ;) ] -- Liam ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 tls v1.2, v1.1
On 04/17/2015 11:20 PM, Eero Volotinen wrote: Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be cheapest solution. Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The only attack against 1.0 that I'm aware of is BEAST and that has been largely mitigated by browser-side fixes to the point where TLS 1.0 is now considered to be safe. No doubt there will in time be other attacks that necessitate an upgrade, but for now I would just stick with the version of openssl and apache that comes with CentOS 5 and focus on moving to CentOS 6 or 7 as a medium (not long) term goal. At the end of the day I think it's better to just go this route than have to deal with the hacky solutions for getting 1.1 and 1.2 out of CentOS 5. Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth james.hoga...@gmail.com wrote: It wasn't the bind package directly but rather an issue with the libkrb5 libraries. This is the specific bug that fixed the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1087068 I'll get the samba wiki updated to make this clear. Zoinks! I didn't realize I was corresponding with the fellow who actually maintains this section of the Samba Wiki. :-) Thanks for your expertise and synergy between the OS and the Samba software. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 122, Issue 9
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2015:0817 CentOS 6 kdelibs BugFix Update (Johnny Hughes) -- Message: 1 Date: Thu, 16 Apr 2015 17:46:06 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2015:0817 CentOS 6 kdelibs BugFix Update Message-ID: 20150416174606.ga12...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2015:0817 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0817.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c975b917bdae041e063e7c6e10feb945b75353d41a999128ac57a2afa8f219ce kdelibs-4.3.4-23.el6_6.i686.rpm 389b3427db0aa9c1ec190b68ebbeb96b1c5608226a7865c0ab10bbc4d541a4d9 kdelibs-apidocs-4.3.4-23.el6_6.noarch.rpm 0ca04fb3a946ebd75935d94dcc17be09cf98debc046d47ac5faca5ced067d477 kdelibs-common-4.3.4-23.el6_6.i686.rpm 85b1234aa3b4a233c8c8c72369e8bb07e37401387d5ef7c174e052ccec63f3da kdelibs-devel-4.3.4-23.el6_6.i686.rpm x86_64: c975b917bdae041e063e7c6e10feb945b75353d41a999128ac57a2afa8f219ce kdelibs-4.3.4-23.el6_6.i686.rpm ac4a090e2040bc0c86bb16d1202e8374003e31c26a83ccd01dfcd8f941deb818 kdelibs-4.3.4-23.el6_6.x86_64.rpm 389b3427db0aa9c1ec190b68ebbeb96b1c5608226a7865c0ab10bbc4d541a4d9 kdelibs-apidocs-4.3.4-23.el6_6.noarch.rpm 582cfb9cce3c4a34e021b63177c89201dcde6623cd424f560cc4a241e984d07b kdelibs-common-4.3.4-23.el6_6.x86_64.rpm 85b1234aa3b4a233c8c8c72369e8bb07e37401387d5ef7c174e052ccec63f3da kdelibs-devel-4.3.4-23.el6_6.i686.rpm dcca1c741d99e7a608b4a2bc21a06dcd1a3ce1c51e472f30a284a47696baea14 kdelibs-devel-4.3.4-23.el6_6.x86_64.rpm Source: cfa00bed58c19b65415066f6cecd188637af37c34ec9d5ef429850e6f87960c2 kdelibs-4.3.4-23.el6_6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 122, Issue 9 *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mailman, junk mail, DMARC and DKIM
https://bugzilla.redhat.com/show_bug.cgi?id=1095359 Jan Kalua jkal...@redhat.com changed: What|Removed |Added Fixed In Version|mailman-2.1.12-22.el6 |mailman-2.1.12-23.el6 Tadaaah! -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
On Fri, April 17, 2015 12:50 am, Peter Lawler wrote: On 17/04/15 12:31, Valeri Galtsev wrote: But being not native English speaker, I use it (not native English speaker) Figured as much, which is why I mentioned it ;) as an excuse for being unable to pronounce anything. Not as if most English speakers can pronounce many English words ... ttfn :) It is amazing how much one can cripple what another person said by scissoring his phrases ;-) Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 tls v1.2, v1.1
The cheapest sollution is probably compiling a private openssl somewhere on the system and then compiling apache using that private openssl version instead of the default system-wide one. Regards, Dennis On 17.04.2015 13:20, Eero Volotinen wrote: Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be cheapest solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes joh...@centos.org: On 04/16/2015 05:00 PM, Eero Volotinen wrote: in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero If you do that, then you are at the mercy of Mr. Bergmann to provide updates for all security issues for openssl. Has he updated his RPMs since 2014-11-19 23:57:58? Does his patch work on the latest RHEL/CentOS EL5 openssl-0.9.8 package? The answer right now for him providing newer packages is, I have no idea. His repo ( http://www.tuxad.de/blog/archives/2014/12/07/yum_repository_for_rhel__centos_5/index.html ) does not seem to be available: Attempted reposync: Error setting up repositories: failure: repodata/repomd.xml from tuxad: [Errno 256] No more mirrors to try. http://www.tuxad.com/repo/5/x86_64/tuxad/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Red Hat chose not to turn on those cyphers in RHEL-5 (the ones in his patches) .. doing so is not at all certified as safe, nor has it been tested by anyone that I can see (other than in that blog entry). It might be fine .. it might not be. People can make any choice that they want, but I would be looking to upgrade to at least CentOS-6 at this point if I wanted newer TLS support and not depending on one person to provide packages (or patches) of this importance for all my EL5 machines. But, that is just me. Please note, I have no idea who Mr. Bergmann is and I am not in any way being negative about those packages and patches .. they are extremely nice and seem to work. However, I can not see the rest of his repo right now and I would not trust MY production machines to a one person operation with something as important as openssl. Thanks, Johnny Hughes 2015-04-16 21:02 GMT+03:00 Eero Volotinen eero.voloti...@iki.fi: well. this hack solution might work: http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html -- Eero 2015-04-16 17:30 GMT+03:00 Leon Fauster leonfaus...@googlemail.com: Am 16.04.2015 um 11:46 schrieb Leon Fauster leonfaus...@googlemail.com: Am 16.04.2015 um 11:43 schrieb Eero Volotinen eero.voloti...@iki.fi : Is there any nice way to get tlsv1.2 support to centos 5? upgrading os to 6 is not option available. Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: It is amazing how much one can cripple what another person said by scissoring his phrases ;-) English people (excludes USA people) should always try to speak simple, jargon-free, easily understandable and logically expressed English especially when conversing with non-English people. I greatly admire the linguistic abilities of non-English people but deplore the dumbed-down abuses of my native language from the US of A. A military plan has become a road map even when aircraft are involved provoking the inevitable question of Do aircraft stop at traffic lights ! Back-up has become either reverse, a saved copy, re-enforcements etc. Precision in language expression is essential for good understanding. Comments off-list please. -- Regards, Paul. England, EU. Je suis Charlie. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
On 17 Apr 2015 13:04, Mike 1100...@gmail.com wrote: On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth james.hoga...@gmail.com wrote: It wasn't the bind package directly but rather an issue with the libkrb5 libraries. This is the specific bug that fixed the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1087068 I'll get the samba wiki updated to make this clear. Zoinks! I didn't realize I was corresponding with the fellow who actually maintains this section of the Samba Wiki. :-) Thanks for your expertise and synergy between the OS and the Samba software. Just to be clear I don't do that. However I have had a fair bit of my professional life in the realm of samba in an AD context on CentOS this past year. I happen to know someone who does maintain that wiki though so will give him the heads up over drinks in a few weeks ;) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
But being not native English speaker, I use it (not native English speaker) Figured as much, which is why I mentioned it ;) as an excuse for being unable to pronounce anything. Not as if most English speakers can pronounce many English words ... ttfn :) It is amazing how much one can cripple what another person said by scissoring his phrases ;-) bugger! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 tls v1.2, v1.1
On 04/16/2015 05:00 PM, Eero Volotinen wrote: in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero If you do that, then you are at the mercy of Mr. Bergmann to provide updates for all security issues for openssl. Has he updated his RPMs since 2014-11-19 23:57:58? Does his patch work on the latest RHEL/CentOS EL5 openssl-0.9.8 package? The answer right now for him providing newer packages is, I have no idea. His repo (http://www.tuxad.de/blog/archives/2014/12/07/yum_repository_for_rhel__centos_5/index.html) does not seem to be available: Attempted reposync: Error setting up repositories: failure: repodata/repomd.xml from tuxad: [Errno 256] No more mirrors to try. http://www.tuxad.com/repo/5/x86_64/tuxad/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Red Hat chose not to turn on those cyphers in RHEL-5 (the ones in his patches) .. doing so is not at all certified as safe, nor has it been tested by anyone that I can see (other than in that blog entry). It might be fine .. it might not be. People can make any choice that they want, but I would be looking to upgrade to at least CentOS-6 at this point if I wanted newer TLS support and not depending on one person to provide packages (or patches) of this importance for all my EL5 machines. But, that is just me. Please note, I have no idea who Mr. Bergmann is and I am not in any way being negative about those packages and patches .. they are extremely nice and seem to work. However, I can not see the rest of his repo right now and I would not trust MY production machines to a one person operation with something as important as openssl. Thanks, Johnny Hughes 2015-04-16 21:02 GMT+03:00 Eero Volotinen eero.voloti...@iki.fi: well. this hack solution might work: http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html -- Eero 2015-04-16 17:30 GMT+03:00 Leon Fauster leonfaus...@googlemail.com: Am 16.04.2015 um 11:46 schrieb Leon Fauster leonfaus...@googlemail.com: Am 16.04.2015 um 11:43 schrieb Eero Volotinen eero.voloti...@iki.fi: Is there any nice way to get tlsv1.2 support to centos 5? upgrading os to 6 is not option available. Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
On 17 Apr 2015 00:42, Mike 1100...@gmail.com wrote: On Thu, Apr 16, 2015 at 6:03 PM, James Hogarth james.hoga...@gmail.com wrote: This was required for kerberos secured updates prior to el7.1 and el6.6 ... The problem in the underlying kerberos libraries was resolved so that kerberos based updates worked with gss again and spnego doesn't need to be compiled in. ___ James, thank you for your reply. This sounds like good news for me; I can stay planted in the accepted CentOS repo. biosphere. | | | | | | | | | | | | | | | I installed bind-9.9.4 package from the CentOS repo. I've been reading the Changes and Readme file but don't see where this issue is addressed. Can you point me to the centOS announcements or release notes that deal with the bind package and gss-spnego. I'd like to try to understand and possibly aggregate the right info to send to the samba wiki maintainers. | | | | | | | | | | | | | | | | | | | | | | | | | It wasn't the bind package directly but rather an issue with the libkrb5 libraries. This is the specific bug that fixed the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1087068 I'll get the samba wiki updated to make this clear. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 tls v1.2, v1.1
Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be cheapest solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes joh...@centos.org: On 04/16/2015 05:00 PM, Eero Volotinen wrote: in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero If you do that, then you are at the mercy of Mr. Bergmann to provide updates for all security issues for openssl. Has he updated his RPMs since 2014-11-19 23:57:58? Does his patch work on the latest RHEL/CentOS EL5 openssl-0.9.8 package? The answer right now for him providing newer packages is, I have no idea. His repo ( http://www.tuxad.de/blog/archives/2014/12/07/yum_repository_for_rhel__centos_5/index.html ) does not seem to be available: Attempted reposync: Error setting up repositories: failure: repodata/repomd.xml from tuxad: [Errno 256] No more mirrors to try. http://www.tuxad.com/repo/5/x86_64/tuxad/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found Red Hat chose not to turn on those cyphers in RHEL-5 (the ones in his patches) .. doing so is not at all certified as safe, nor has it been tested by anyone that I can see (other than in that blog entry). It might be fine .. it might not be. People can make any choice that they want, but I would be looking to upgrade to at least CentOS-6 at this point if I wanted newer TLS support and not depending on one person to provide packages (or patches) of this importance for all my EL5 machines. But, that is just me. Please note, I have no idea who Mr. Bergmann is and I am not in any way being negative about those packages and patches .. they are extremely nice and seem to work. However, I can not see the rest of his repo right now and I would not trust MY production machines to a one person operation with something as important as openssl. Thanks, Johnny Hughes 2015-04-16 21:02 GMT+03:00 Eero Volotinen eero.voloti...@iki.fi: well. this hack solution might work: http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html -- Eero 2015-04-16 17:30 GMT+03:00 Leon Fauster leonfaus...@googlemail.com: Am 16.04.2015 um 11:46 schrieb Leon Fauster leonfaus...@googlemail.com: Am 16.04.2015 um 11:43 schrieb Eero Volotinen eero.voloti...@iki.fi : Is there any nice way to get tlsv1.2 support to centos 5? upgrading os to 6 is not option available. Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install Bind with gss-spnego enabled
K, clear. Still very much appreciative of your experience and insight. I'm a wannabe who never has enough time amongst my duties to get my sys-admin skills tight. Cheers, Mike On Fri, Apr 17, 2015 at 9:36 AM, James Hogarth james.hoga...@gmail.com wrote: On 17 Apr 2015 13:04, Mike 1100...@gmail.com wrote: On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth james.hoga...@gmail.com wrote: It wasn't the bind package directly but rather an issue with the libkrb5 libraries. This is the specific bug that fixed the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1087068 I'll get the samba wiki updated to make this clear. Zoinks! I didn't realize I was corresponding with the fellow who actually maintains this section of the Samba Wiki. :-) Thanks for your expertise and synergy between the OS and the Samba software. Just to be clear I don't do that. However I have had a fair bit of my professional life in the realm of samba in an AD context on CentOS this past year. I happen to know someone who does maintain that wiki though so will give him the heads up over drinks in a few weeks ;) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
On Fri, April 17, 2015 9:51 am, Always Learning wrote: On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: It is amazing how much one can cripple what another person said by scissoring his phrases ;-) English people (excludes USA people) The first thing I learned what US people (before became one myself) take English pronunciation for was... Well, I asked US person at the conference: does he know this person (and gave the name of English person). The answer was: that guy with accent Isn't it funny to call correct English pronunciation an accent? ;-) (adding lough track so who don't feel it's funny still can lough here taking it as a joke ;-) Valeri should always try to speak simple, jargon-free, easily understandable and logically expressed English especially when conversing with non-English people. I greatly admire the linguistic abilities of non-English people but deplore the dumbed-down abuses of my native language from the US of A. A military plan has become a road map even when aircraft are involved provoking the inevitable question of Do aircraft stop at traffic lights ! Back-up has become either reverse, a saved copy, re-enforcements etc. Precision in language expression is essential for good understanding. Comments off-list please. -- Regards, Paul. England, EU. Je suis Charlie. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] CentOS 7 AMI Building
Ok, thanks so much! That'll do fine. The only other bits mentioned on http://wiki.centos.org/Cloud/AWS in Image Builder Notes were the random root password, SELinux enabled, and relabel at first boot, which are easy enough. Thanks so much, Jason On Fri, Apr 17, 2015 at 12:20 PM, Karanbir Singh mail-li...@karan.org wrote: I highly recommend actually looking at the images :) its just a minimal install with cloud-init from extras/ added in ( for 7, the 6 ones dont have cloud-init ). the installed content delivered from the minimal.iso and the ami's should be identical in pretty much every respect. If you really want a kickstart for it, I can build one, but just run a minimal.iso install, add cloud-init to the %packages and bob's your uncle. On 16/04/15 17:48, Jason Antman wrote: Yes... we currently use Packer to achieve a repeatable build process, from scratch. We'd like to replicate that and be able to build from scratch without spinning up an EC2 instance, in an automated way. I don't know how to phrase this, so apologies if it comes across wrong, I have immense respect for you personally and for CentOS... but, is it really that difficult to post the kickstarts and/or build scripts somewhere? Or at least enough of them to replicate something similar? Thanks, Jason On Thu, Apr 16, 2015 at 3:56 AM, Karanbir Singh mail-li...@karan.org mailto:mail-li...@karan.org wrote: On 04/14/2015 12:48 PM, Jason Antman wrote: Hello, I'm new to this list, but I noticed a post from March 30th inquiring about the build scripts for the official CentOS7 AMIs. I'm also interested in this; I'm tasked with (unfortunately) spinning up some VMs in our corporate VMWare environment that are as close as possible to the official CentOS7 AMIs. I could attempt to reverse-engineer them and do you need to do much more than qemu-img convert -O vmdk centos-genericcloud.qcow2 ? -- Karanbir Singh +44-207-0999389 tel:%2B44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh http://twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org mailto:CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] CentOS 7 AMI Building
I highly recommend actually looking at the images :) its just a minimal install with cloud-init from extras/ added in ( for 7, the 6 ones dont have cloud-init ). the installed content delivered from the minimal.iso and the ami's should be identical in pretty much every respect. If you really want a kickstart for it, I can build one, but just run a minimal.iso install, add cloud-init to the %packages and bob's your uncle. On 16/04/15 17:48, Jason Antman wrote: Yes... we currently use Packer to achieve a repeatable build process, from scratch. We'd like to replicate that and be able to build from scratch without spinning up an EC2 instance, in an automated way. I don't know how to phrase this, so apologies if it comes across wrong, I have immense respect for you personally and for CentOS... but, is it really that difficult to post the kickstarts and/or build scripts somewhere? Or at least enough of them to replicate something similar? Thanks, Jason On Thu, Apr 16, 2015 at 3:56 AM, Karanbir Singh mail-li...@karan.org mailto:mail-li...@karan.org wrote: On 04/14/2015 12:48 PM, Jason Antman wrote: Hello, I'm new to this list, but I noticed a post from March 30th inquiring about the build scripts for the official CentOS7 AMIs. I'm also interested in this; I'm tasked with (unfortunately) spinning up some VMs in our corporate VMWare environment that are as close as possible to the official CentOS7 AMIs. I could attempt to reverse-engineer them and do you need to do much more than qemu-img convert -O vmdk centos-genericcloud.qcow2 ? -- Karanbir Singh +44-207-0999389 tel:%2B44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh http://twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org mailto:CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Centos 5 tls v1.2, v1.1
2015-04-17 14:26 GMT+03:00 Dennis Jacobfeuerborn denni...@conversis.de: The cheapest sollution is probably compiling a private openssl somewhere on the system and then compiling apache using that private openssl version instead of the default system-wide one.=== Well, not really. cheapest and working solution is to use apache on centos 6/7 with sslproxy engine to first decrypt traffic and then encrypt using tlsv1.0 -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Seeing dropped packets / tcp retrans on latest 4.4.1-10el6
Hi All, I've tracked this down... We do rate limiting of our vms with a mix of ebtables/tc. Running these commands (replace vif1.0 with the correct vif for your VM) will reproduce this: ebtables -A FORWARD -i vif1.0 -j mark --set-mark 990 --mark-target CONTINUE tc qdisc add dev bond0 root handle 1: htb default 2 tc class add dev bond0 parent 1: classid 1:0 htb rate 1mbit tc class add dev bond0 parent 1: classid 1:990 htb rate 1mbit tc filter add dev bond0 protocol ip parent 1:0 prio 990 handle 990 fw flowid 1:990 Note that the speed limits being applied here are 10gb and I'm testing this on a 1gb network, so TC shouldn't really be doing anything here except letting the packets through. These same commands worked fine on gentoo xen 4.1 / kernel 3.2.57, compared to this now not working on centos xen 4.4.1 / kernel 3.10.68. Easiest way to reproduce is simply generate a large file, scp it to a remote host and on the remote host run: tshark -Y tcp.analysis.duplicate_ack_num If you run the ssh in a loop + tshark in another window, you can see the Dup ACK's begin immediately after adding the last filter rule: 25790294 1752.756733 xxx.xxx.xxx.13 - xxx.xxx.xxx.205 TCP 78 [TCP Dup ACK 25790286#4] ssh 51515 [ACK] Seq=15994 Ack=50769840 Win=1544704 Len=0 TSval=738150929 TSecr=4294944346 SLE=50785768 SRE=50790596 25790296 1752.756742 xxx.xxx.xxx.13 - xxx.xxx.xxx.205 TCP 78 [TCP Dup ACK 25790286#5] ssh 51515 [ACK] Seq=15994 Ack=50769840 Win=1544704 Len=0 TSval=738150929 TSecr=4294944346 SLE=50785768 SRE=50792044 - Nathan ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Centos 5 tls v1.2, v1.1
2015-04-17 14:40 GMT+03:00 Peter pe...@pajamian.dhs.org: On 04/17/2015 11:20 PM, Eero Volotinen wrote: Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be cheapest solution. Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The only attack against 1.0 that I'm aware of is BEAST and that has been largely mitigated by browser-side fixes to the point where TLS 1.0 is now considered to be safe. No doubt there will in time be other attacks that necessitate an upgrade, but for now I would just stick with the Well, PCI DSS 3.1 standard soon denies use of sslv3 and early version of tls(v1.0) Also noted that is possible to do ssl termination and encryption again with mod_ssl sslproxyengine. -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/04/15 02:59, Peter Lawler wrote: [OT ALERT] On 17/04/15 02:28, Valeri Galtsev wrote: clamav is a scanner that is designed to detect viruses (virii I should use for plural as it is Latin word) I believe this 'rule' in English is misunderstood by many and as a general rule of thumb... tl;dr: Words from Old English that came into modern English, use 'Old English' pluralisation: eg, sheep, fish etc. words adopted from other languages into English before and after modern English established, use 'modern' pluralisation eg, tsunamis, octopuses. rant As 'virus' was adopted into English for usage in relation to bugs, malwares etc. after the formation of modern English, the plural of computer virus is computer viruses. IMO, in a medical sense, the virus was first described in the 1890 - well after the formation of modern English so even then the plural of virus in English is viruses. snip I know VAX computers are now a bit old fashioned, but why is the plural of VAX VAXen? I don't think DEC was founded before 1500 AD. :-o -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVMXScAAoJEAF3yXsqtyBl9S4QAISUQlTW2Trlg77rVAjh2ZU2 zBOPZ32L67cD7FdpL4qpyEtAn7obqns6t2MGbvL/JElWz8ZLV9JM3kp9MsdXGYU8 iHzH4lk/7Le1p6JXWLNUM/cFLLYbnaY14HluEc/crnGaM2hEteA+1lnsE0vD8YiT 8dcaYzEtKzBbrSQOVN5R5ZAkAvGeMXbrsoDcfh3RPKRjErgzf+7Sn592Kyx5b8YL TGxB9DfmYQaOvEBLTYu9Ud6xc9Zr3ZJ0iDGq/SUyAglz+VMFv6XH4861Gma/ZKop G3C0Mo4/PhLJPQuKQMZptHqTxgbAkHr5GEcvGp9q2oBWqYc5Pdx+7SZIqgQlPxTU GB/2xOQD137e6zZVhh2cIBgRLq2F9m1auAszgXBX9Td605ykS+KD7TW8azeG+DV/ Zz4gsD+rHbOyszsvsHq+CThlMRXWz3r9UMISIRrLkUCygcmbH5/9fkqvnQVPZMg0 x0iT98UQi9bSNBdxo1PcoDH97xrJb/qNxeMKNl2uZKfa9hV5eyRTOjGUelyXX2Hm fgJCEPoS0FZ1pfBCdWGGFr78ilX/+4S6STt2dtg/HRFWqzr/Ky02hlg/Yr/VHlGv lW3wAHBTODPfQ9e9evoeuY+Nxh/OEX4l0LImHprKjxZb1yvAlF5VfyTBEwg2zPWA bcLF1WN9qL18UqcV9cw4 =UQdI -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/04/15 16:04, Valeri Galtsev wrote: On Fri, April 17, 2015 9:51 am, Always Learning wrote: On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: It is amazing how much one can cripple what another person said by scissoring his phrases ;-) English people (excludes USA people) The first thing I learned what US people (before became one myself) take English pronunciation for was... Well, I asked US person at the conference: does he know this person (and gave the name of English person). The answer was: that guy with accent Isn't it funny to call correct English pronunciation an accent? ;-) (adding lough track so who don't feel it's funny still can lough here taking it as a joke ;-) Valeri snip Speaking as a Yorkshireman who has also lived on Tyneside: what is correct English pronunciation? There is probably a greater variation of accent within England than between standard English and standard American. Martin -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVMXVGAAoJEAF3yXsqtyBl8T4QAJMzZBHE5A6Jyr1fT/zEqJg+ jej1LXWo6hcKnIR9AnNCXEsjslgGYnRmPQ5yIUHVKa9ASE1TumS8fjt5Pzbc7726 ERuCaw5lwofxG7cfHiuIOiR51V8te6uMBkFNoz/hObSbjHSPfuuII05lA7qc4EOY sbAL0MsUjvtboOdebLxH8DuNFsA8hoFGQCYPkq7AwwIyPp0i4fEjg72VS6Hc8gZm PvFuPh0AdQjjG7USnwrot6oONpE9uLSOML+F0zNOde1raQvAAdiz6SjxOKh09z8e BxdqjuCbux3q4geSVf0FigB/nutRFpvsyvhNlxWy7APl3BoHPWV8bP/rRPt/5ffH 3JHdNanZMvo4Fa0E5G3GFuZPfslVQkGOkyus0EKxOUWtXukvQe1WacnKFw3g8mnJ vi5J5oF5aPsk/HLA41RTi1nrky6f3CLo5X65KcMqlZ0YyohfDLzYATSmpieeJBHu xG4LJm/iB9C52iOaP7YKjoesTEnVCC7nqMpnLD3e5mkcAiGpwN9OLrSK9ksBJsp1 qOdeFA+MGKDiuZW0SRWCX+ZwoqKB8qQvMT+Ks+W702iZ0F0CXpadbpXMXyGTCAbS 2y7jxIrqVHXfYav3Rqv9/NwtV4j1jhjD9sHfVc8eGoIn60Duvg9vHEqQsVWsUVaP gNzKNE4kcys5mKwoFiHA =rvcE -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-announce] CEEA-2015:0855 CentOS 6 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:0855 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: bb11ad2b0d763dc63ba347692f80597749c2e5d609c0a220773281cc646165d2 tzdata-2015c-2.el6.noarch.rpm 1cd31efa0e7c701059f2788a919edebffad88712cf14daa04b53ce5b181d77cf tzdata-java-2015c-2.el6.noarch.rpm x86_64: bb11ad2b0d763dc63ba347692f80597749c2e5d609c0a220773281cc646165d2 tzdata-2015c-2.el6.noarch.rpm 1cd31efa0e7c701059f2788a919edebffad88712cf14daa04b53ce5b181d77cf tzdata-java-2015c-2.el6.noarch.rpm Source: a8a236e0677ee108c9d3179b4358a3694c587e7904b44853a4ee9ef047b712a1 tzdata-2015c-2.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2015:0855 CentOS 7 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:0855 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 1bf3cd5dd8aee374357aa15a820aa14dfd5c23a5de3e33c48387cbddb8d15085 tzdata-2015c-1.el7.noarch.rpm f14b8c39cce479da2d529cc4e32499184ff1b9fe894389952599f18b83c6c84f tzdata-java-2015c-1.el7.noarch.rpm Source: 151b89b427d7db50d39c1bb038a680305e9c0ec3789e0c8931e2942cffb8255c tzdata-2015c-1.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2015:0855 CentOS 5 tzdata Enhancement Update
CentOS Errata and Enhancement Advisory 2015:0855 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 977bbb795cbd1777d0ac5dd68558905896f5c31a7717ab1737cdcf36408fcfc3 tzdata-2015c-1.el5.i386.rpm fae2f0b57d69a7974240b07974ccdb5336856d8d827a02f72c9dd71e17875d31 tzdata-java-2015c-1.el5.i386.rpm x86_64: d20ddd1890d3df6be0192c86b67a46684e32835f7a15b2200e03a44fd169a9d4 tzdata-2015c-1.el5.x86_64.rpm f4703acadb371aac5fc0a189c0c3c396fb12ace5b7ced929851a4a725b4b48ab tzdata-java-2015c-1.el5.x86_64.rpm Source: d791ea449383c825d38bc327e1fa60cd5c4a351fe5ae1e895f42682a5dadcfdc tzdata-2015c-1.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] Disable SSLv3 in sendmail in CentOS 5
On Thu, 16 Apr 2015, Paul Heinlein wrote: On Thu, 16 Apr 2015, Andrew Daviel wrote: RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes sendmail-8.13.8-ssl-opts.patch which adds support for disabling SSLv3 and SSLv2 in sendmail.cf But as far as I can see there is no support in sendmail.mc - I can't see how to compile sendmail.mc to get the required line ServerSSLOptions in sendmail.cf Does anyone know how to do this ? At the end of sendmail.mc, after the MAILER macros, add a LOCAL_CONFIG, e.g,, LOCAL_CONFIG O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE Thanks. That was too obvious; I should have read more documentation. The generic advisory said to add those lines to the LOCAL_CONFIG section of my sendmail.mc, but I didn't have a LOCAL_CONFIG section, so I assumed it was referring to a newer version of sendmail. Meanwhile, I made a patch for sendmail-cf and sendmail-doc back-ported from sendmail-8.15.1, if anyone's interested. Andrew ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Plurals in English (was Re: ClamAV reports a trojan)
On 2015-04-17, J Martin Rushton martinrushto...@btinternet.com wrote: On 17/04/15 16:04, Valeri Galtsev wrote: On Fri, April 17, 2015 9:51 am, Always Learning wrote: On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: It is amazing how much one can cripple what another person said by scissoring his phrases ;-) English people (excludes USA people) The first thing I learned what US people (before became one myself) take English pronunciation for was... Well, I asked US person at the conference: does he know this person (and gave the name of English person). The answer was: that guy with accent Isn't it funny to call correct English pronunciation an accent? ;-) (adding lough track so who don't feel it's funny still can lough here taking it as a joke ;-) Valeri snip Speaking as a Yorkshireman who has also lived on Tyneside: what is correct English pronunciation? There is probably a greater variation of accent within England than between standard English and standard American. Martin Sorry, what was that? ;-) -- Liam ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos