[gentoo-user] can genkernel install files with different names?
specifically, i want to install kernel + initramfs without version numbers. this way, i will not need to update my boot loader every time i update the kernel. rgrds, cm.
Re: [gentoo-user] can genkernel install files with different names?
what one doesn't use grub? rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Friday, October 18, 2019 3:36 PM, Rich Freeman wrote: > On Fri, Oct 18, 2019 at 6:51 AM Alexander Openkowski > opn...@googlemail.com wrote: > > > I struggle with the naming of genkernel generated kernels for quite a while > > now and have written a small wapper script for this purpose... > > Somebody else shared the same problem and wrote a fairly complex > wrapper, and it is installed on most reader's systems already. It is > called grub-mkconfig. :) > > Hey, I get it. I used to do it exactly they way you do. However, the > kernel's make install, and the default behavior of both dracut and > genkernel, all use a consistent naming convention that is compatible > with grub-mkconfig, and I found that it was way easier to join them > then to try to beat them. As a bonus it is easier to keep a library > of past kernel versions in my boot menu. > > Now, what I could use is a script/tool that will clean up those > versions using some kind of rotation strategy like: > > 1. Keep the last 5 versions of the current series. > 2. Keep the last version of each of the last two longterm series. > 3. Keep one version of every stable series between the current and > the last longterm series. > > And this would apply to everything in /boot except config files, and > to modules as well. Config files outside this range would get moved > into some archive directory of old configs. > > -- > Rich >
[gentoo-user] how did i get ~/26H1MJ8.txt?
today, i did `ls -a ~` and found the file in title. its content is here: https://gist.github.com/2eb82a8e31a3e560abd28a2c8102865f any idea what is this? and how did i get it? (i started to worry that it might be related to the sks key server poisoning. specially that i get no gpg warnings. could it be that i am poisoning real good?) rgrds, cm. Sent with [ProtonMail](https://protonmail.com) Secure Email.
Re: [gentoo-user] Re: how did i get ~/26H1MJ8.txt?
thanks. that's it probably (gcc upgrade). (didn't record the date, deleted it on spot, but i did a gcc upgrade recently) rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Sunday, October 20, 2019 9:10 PM, Nikos Chantziaras wrote: > On 20/10/2019 12:57, Caveman Al Toraboran wrote: > > > today, i did `ls -a ~` and found the file in title. > > its content is here: > > https://gist.github.com/2eb82a8e31a3e560abd28a2c8102865f > > any idea what is this? and how did i get it? > > (i started to worry that it might be related to the > > sks key server poisoning. specially that i get no > > gpg warnings. could it be that i am poisoning real > > good?) > > That's an automated GCC upgrade and full system rebuild script. I'd > expect something like this to be used on a managed server by automated > tooling. The filename looks like a typical random temporary filename. > > What's the date of the file?
Re: [gentoo-user] can genkernel install files with different names?
you are just wrongly assuming that they are mutually exclusive... seriously, one could have kernels named, without versions, as: vmlinuz vmlinuz-older vmlinuz-older2 . . . vmlinuz-olderN this way, new kernel installation, and rotation, will be decoupled from the boot loader's configs, effectively removing any housekeeping for the boot loader. rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Monday, October 21, 2019 7:07 PM, Wols Lists wrote: > > You just want a nasty recovery job if the update screws up ... > > Seriously, I always just add new kernels as the new default option, > precisely so as I can go back to a working one if things go wrogn ... > > Cheers, > Wol
[gentoo-user] missing patch in latest notmuch (0.29.2)
any thoughts? https://gist.github.com/Al-Caveman/2a72bba8c331fc40ebceca9d32de285c rgrds, cm.
Re: [gentoo-user] missing patch in latest notmuch (0.29.2)
yep. works now. ty. rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Tuesday, October 29, 2019 3:51 AM, Jack wrote: > On 2019.10.28 19:13, Caveman Al Toraboran wrote: > > > any thoughts? > > https://gist.github.com/Al-Caveman/2a72bba8c331fc40ebceca9d32de285c > > rgrds, > > cm. > > Works fine for me. Perhaps you synced after the new ebuild was > present, but before the new patch did? Try syncing again and see if it > works. > > Jack
[gentoo-user] almost free launch: an idea to lower build time, and rice, at the same time
DISCLAIMER: I am not claiming that this idea is new. It is probably not new. --- Even though some of its details might be new for a Linux distribution, it's all based on boring well-established bits of known science. But regardless of its newness, I think it's worth sharing with the hope that it may re-kindle the fire in a nerd's heart (or a group of nerds) so that they develop this for me (or us). GOAL: - Reduce compile time, rice (e.g. fancy USE, make.conf, etc), and yet not increase dev overhead. CURRENT SITUATION: -- If you use *-bin packages, you cannot rice, and must compile on your own. THE APPROACH: - 1. Some nerd (or a group of nerds) makes (or make) a package, maybe call it `almostfreelunch.ebuild`. 2. Say you want to compile qtwebengine. You do: `almostfreelunch -aqvDuNt --backbrack=1000 qtwebengine`. 3. The app, `almostfreelunch`, will lookup your build setup (e.g. USE flags, make.conf settings, etc) for all packages that you are about to build on your system as you are about to install that qtwebengine. 4. The app will upload that info to a central server, which looks up the popularity of certain configurations. E.g. see the distribution of compile-time configurations for a given package. The central server will then figure out things like, qtwebengine is commonly compiled for x86-64 with certain USE flags and other settings in make.conf. 5. If the server figures out that the package that `almostfreelunch` is about to compile is popular enough with the specific build settings that is about to happen, the server will reply to the app and tell it "hi, upload to me your bins when cooked, plz". But if the build setting is not popular enough, it will reply "nothx". This way, the central server will not end up with too much undesired binaries with uncommon build-time settings. 6. The central server will also collect multiple binary packages from multiple people who use `almostfreelunch` for the same packages and the same build-time options. I.e. multiple qtwebengine with identical build-time settings (e.g. same USE flags, make.conf, etc). 7. The central server will perform statistical analysis against all of the uploaded binaries, of the same packages and the same claimed build-time settings, to cross-check those binaries to obtain a statistical confidence in identifying which of the binaries is the good one, and which ones are outliers outlier. Outliers might exist because of users with buggy compilers, or malicious users that intentionally try to inject malware/bugs into their binaries. 8. Thanks to information theory, we will be able to figure out how much redundancy is needed in order to numerically calculate confidence value that shows how trusty a given binary is. E.g. if a package, with specific build-time options, as a very large number of binary submissions that are also extremely similar (i.e. only differ in trivial aspects due to certain randomness in how compilers work), then the central server can calculate a high confidence value for it. Else, the confidence value drops. 9. If a user invokes `almostfreelunch -aqvDuNt --backbrack=1000 qtwebengine` and the central server tells the user that there is an already compiled package with the same settings, then the server simply tells the user, and shows him the confidence associated with the fitness of the binary (based on calculations in stepss (6) to (8)). By default, bins with too-low confidence values will be masked and proper colours will be used to adequately scare the users from low-confidence packages. 10. If at step (9) the user likes the confidence of the pre-compiled binary package, the user can simply download the binary package, blazing fast, with all the nice UES and make.conf flags that he has. Else, the user is free to compile his own version, and upload his own binary, to help the server enhance its confidence as calculated in steps (6) to (8). NOTES: -- * The statistical analysis in step (5) can also consider the compile time of packages. So the minimum popularity required for a specific package build is weighted while considering the total build time. This way, too slow-to-build packages will end up getting a lower minimum popularity than those small packages. Choosing the sweet-spot trade-off is a matter of optimizing resources of the central server. * The statistical analysis in steps (6) to (8) could also be further enhanced by ranking individual users who upload the binaries. Users, who upload bins, could optionally also sign their packages, and henceforth be identified by the central server. Eventually, statistics can be used to also calculate a confidence measure on how trusty a user is. This can eventually help the server more accu
Re: [gentoo-user] The Full Story.
hi - not related to ur email, but i think it may help u fix ur email setup. just to let u know that protonmail has classified ur email as spam. it says that ur email has failed the domain authentication requirements. it says it might be spoofed or something. it gives this link for further info: https://protonmail.com/support/knowledge-base/email-has-failed-its-domains-authentication-requirements-warning/ rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Friday, November 1, 2019 1:44 AM, Alan Grimes wrote: > Ok, it's about 2:45 AM, I thoughtlessly did something absurdly risky, > resize a chromium browser pane by clicking on the edge of the window and > dragging it a few pixels, so naturally X11 goes down taking my number > theory code with it. Reminder: I had run that code from May 1 through > last week and only voluntarily rebooted my machine > > ## > GAH > dev-util/meson:0 > > (dev-util/meson-0.52.0:0/0::gentoo, ebuild scheduled for merge) > conflicts with > (gnome-base/dconf-0.32.0-r1:0/0::gentoo, installed) > ^ > # > > So I decided to do an emergency system update and reboot the damn thing > completely and hopefully things would get a little better. > > In this state, my frame of mind was to just keep hitting the damn thing > with the heaviest, bluntest object I could get my hands on until I got > it to work and I could go to bed... I gave up at 4:15 am... My goal is a > 3 AM bed time... Basically I was being fast and ruthless with emerge > --unmerge, clearing useflags, masking crap, etc... I did not do anything > I regret today but still... > > (also, the goddamned fake indian recruiters who only try to get you to > agree to let them represent you in your job negotiations with some > random company in some random state had called me ten times that day, > and another 7 times today for that matter... I found that if I emphasize > that I'm on the virge of a nervous breakdown they might, reluctantly > remove me from their database but usually they just laugh...) > > I've spent a whole day wrestling with it at this point. > > CHROMIUM WILL NOT LOAD AT ALL. It fails a good 30 minutes into the > build, the packages involved are quite archane... Ninja?!?!?! V8?!?!?!? > > My theory about chromium is that the release frequency seems to be > faster than the time it actually takes to build the thing. I think they > do this to avoid bug reports as they will be ten versions further on by > the time any actual bug reports make it back upstream... The only way > this could be possible is to run builds across maybe a dozen machines > in a datacenter, starting a new build every 30 minutes and then > releasing the ones that complete... > > KDE is similar, in that the releases are much more frequent than any > conceivable development cycle for that number of packages. Many of which > are probably being version bumped just for grins and giggles... Damnit > guys, give it a rest until you've made stuff like Akregator actually > work without crashing... > > (Nuno Silva) wrote: > > > Alan Grimes' e-mail address seems to be from Verizon, which is, if I > > understand correctly, Yahoo Mail. > > Worse, AOL mail. > > > > > Clowns feed off of funny money; > Funny money comes from the FED > so NO FED -> NO CLOWNS!!! > > Powers are not rights.
Re: [gentoo-user] almost free launch: an idea to lower build time, and rice, at the same time
On Tuesday, November 5, 2019 7:05 PM, Mickaël Bucas wrote: > Hi Caveman > > The Portage tree contains a few binary packages prepared by Gentoo > developers, like Firefox, Rust, LibreOffice... > "ls -d /usr/portage//-bin" shows about 90 packages prepared in this > way, some of them because they are non-free like Oracle JDK > > This means that there is no necessary changes to Gentoo to accomplish > what you describe : compile the packages, write the ebuilds for the > binary packages, publish ebuilds in an overlay. Some qt-related packages are really slow to compile, yet still not listed. A problem with this approach is that IMO it's too manual and doesn't react dynamically to user changes. IMO we can consider this an automated community-driven bin-host that uses statistics in order to tell which packages are reliable. In case of hardware mismatches, I think we can find a binary that's compiled with the desired, say, USE flags, but compiled on an older CPU model that's backward compatible with the newer rare one that one might be using. > But the really short list above shows that it's a really complex task > because of all dependencies and configurable elements in Gentoo. If > you just have a look at the output of "emerge --info" you can imagine > all the moving parts, like compiler versions and compile options, > Bash, Perl, Python, Init system, USE flags (combinatorial), even human > languages. And that is just the easily visible parts ! True, however a few points: * If we look at that info, from the perspective of individual packages, it is has much less degrees of variations in practice. E.g. if we look at the USE flags dimension, dev-qt/qtwebengine has 12 of them, so worst case for this aspect we get about: nchoosek(12,1) + nchoosek(12,2) + ... + nchoosek(12,12) = 4095 possible combinations with those 12 flags. But, most people are only interested in 2 sets of potential USE flag configurations, one with ALSA, or another with PA. So in practice, that 4095 is probably reduced to just 2 or 3 clusters of configurations (not 4095). * For hardware details, such as the exact CPU model and the kinds of features actually enabled by the compiler when using `-march=native`. I don't know the actual distribution of this in practice, but is it not possible that users can be given the choice to simply pick a binary that's compiled on an older backwards compatible CPU? E.g. the system could prompt the user the nearest (e.g. in selection of USE flags) to his query, by presenting the user with a binary compiled with an older x86-64 CPU model than his newer x86-64 CPU. This way, this could become simply an automated bin-host that blurs as necessary, and forks variations of specific configurations as demand raises, all without needing manual dev time to package *-bin manually. > I remember reading an article about a man trying to reproduce binary > packages of a binary distribution and failing to do so, because there > are so many parts involved. I've read later that distributions have > done some work to have reproducible builds, but I'm not sure how > successful they are, even when all choices are predefined. > > Given that Gentoo has taken a whole different road by having more > choices available to the user, I don't think the compilation results > of one configuration would be easily used on another. Is it possible to collect statistics of such configurations from Gentoo users? I don't know what would the outcome be, but I think it's worth exploring. E.g. what if it turned out that there is not much diversity in our settings? E.g. we can find a few really popular clusters of USE, langauge, license, flags? As for hardware, what would be the latest backwards compatible CPU that has compiled a binary for me with enough statistical confidence in its reliability? > To go even further, pushing your compiled packages to a public server > may create a security risk by exposing many parts of your > configuration that could be analyzed by malicious people. Any example of such sensitive information that might be in the binaries? Just curious, as I don't know much about this. I could be wrong, but so far my thought is that I don't think we get much bits of entropy for our security by hiding our package lists, because I think an adversary can probably already use statistics to predict common clusters of package lists that we might use.s. So I personally doubt that attackers would face much difficulty by not knowing our packages, because our packages are probably already predictable since our distribution of packages is not that diverse. > So far I don't see a really big advantage in building this kind of > infrastructure compared to either a binary distribution or Gentoo with > home compilation. IMO the real value is that it will be some kind of an automated community-driven bin-host that uses statistics to quantify the reliability of its bins, and to automatica
[gentoo-user] links that behave differently per calling app?
hi - is it possible to have some kind of fancy links that know the name of the process that is trying to access it, and based on its name, it links it to a file? e.g. `ln -s X Y` will create link Y that always refers to X whenever anyone tries to access Y. but is it possible to have a fancier linking that creates a linking file that contains some kind of access list, that specifies things like: - if accessing process is named P1, then direct it to X1. - if accessing process is named P2, then direct it to X2. - ... - if accessing process is named Pn, then direct it to Xn. - else, default to X0. i think if we have this, we can solve slotting in a simpler way. e.g. we install libs in their own non-conflicting locations, and then install for them such fancy sym links with access that routes accessing processes to the right version of the lib. thoughts? rgrds, cm. Sent with [ProtonMail](https://protonmail.com) Secure Email.
Re: [gentoo-user] Re: gentoo robot vacuum
i think with raspies u can install gentoo, and control the pins/motors/sensors via a python script. i think it's also more fun this way as u'll play around experimenting with ur own designs and algorithms for navigation. imo it should be easy to make one using raspies. all wat's needed is a fan to suck air into a bucket, some motors to control wheels, and some sensors to look around. i think it might be a good idea to also design ur own custom power sockets which makes it more friendly for the vacuum cleaner to plug itself when its battery gets low enough. or even extend it so that it also automatically empties its trash tank by itself. disclaimer: i never used raspies or fancy vacuum cleaners. rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Thursday, November 21, 2019 11:15 AM, Michael Haubenwallner wrote: > On 10/4/19 2:13 AM, james wrote: > > > Gentoo community, > > Robotic vacuum cleaners are all the rage nowadays. > > I'd like to buy/build one, that also has remote camera (so I can see what > > troubles it is having by reviewing stored video) find it easy, and make > > sure it's not just banging against the wall. I'm not so interested in a > > slick, massively miniturized model, as much as I am > > something where I can get to the firmware, or is completely open sourced; > > so I can fix/enhance the thing. > > If it's already done, then my searches have missed it, or a community work > > on such linux centric solutions to automating home/small-office flooring. > > Anyone know of such a robotic vacuum that is basically very open, if not > > completely open source? > > Gentoo friendly vaccuum? > > Not sure about their Gentoo friendlyness, maturity or current activity, > but here are some search results: > https://github.com/wpietri/sucks > https://en.wikipedia.org/wiki/IRobot_Create > https://hackaday.io/project/165537-the-diyson-an-open-source-cyclone-vacuum-cleaner > https://github.com/unknowndomain/Open-Source-Vacuum-Cleaner > https://awesomeopensource.com/project/dgiese/dustcloud > https://github.com/ioBroker/AdapterRequests/issues/76 > > HTH, > /haubi/
[gentoo-user] blender 2.80 or 2.81?
any idea when? rgrds, cm.
Re: [gentoo-user] blender 2.80 or 2.81?
thing is, i already have a blender file created with 2.80. i cannot open it with 2.79. any idea what's the easiest way to get 2.80 or 2.81 running on gentoo? and any idea how when to expect the 2.80 or 2.81? rgrds, cm. Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐ Original Message ‐‐‐ On Saturday, December 7, 2019 1:17 PM, Jacques Montier wrote: > Le ven. 6 déc. 2019 23:57, Caveman Al Toraboran > a écrit : > >> any idea when? >> >> rgrds, >> cm. > > Hello all, > > I use Blender 2.81 and it works quite fine. Eevee render is fine. > Nevertheless, be careful if using old blend file with 2.81 Blender, you may > lose your data. > Make à copy before opening old data. > > Cheers > > Jacques > >>
Re: [gentoo-user] XDM Start Faster
below is not exactly answering ur question, but i am sharing it in case it helps. here is how i chose to live in order to minimize suffering, and i did not change this setup for several years: 0. i login in text (no gui login). i think xdm is fundamentally a redundant concept that should not have existed as per occam's razor. 1. i use i3, and start it by `startx`. i can auto-start startx upon login, but i like it better this way, as i may not always want gui stuff. 2. for screen locking, i made an i3 binding that executes `i3lock` upon pressing `mod+del`. 3. if i wanted to auto-lock, or auto-run a screen saver, i use things like `xautolock`. but i no longer do it, bcoz i don't feel i really need it (occam's razor) -- it's just that i happened to do it in the past. nowadays, i have evolved to just not forget locking the screen when leaving my desk. i know not exactly answering ur xdm-specific question, but i hope it offered u another perspective that might take u closer to ur nerd singularity. rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Tuesday, December 10, 2019 2:27 AM, jdm wrote: > Hi, > > Over the last couple of weeks my wifi connection net.wlp5s0 doesn't see > to want to connect at boot up (It used to be very fast but now taking > 1min +). Therefore XDM (login screen slim) takes a long time to start > up. And LXD daemon doesn't start at all. > > I have my rc.conf set to rc_parallel="YES" but if I set this to "NO" > then clamd seems to take an age to start up as well as the wireless. > > Is there a way I can get XDM to start quicker and leave the other > services to start up whilst logging in. I can then set rc_parrallel to > "NO" which I hope should ensure LXD starts correctly. > > It's only a minor gripe but feels like it's taking a long time to > login. At least if I can get into desktop I can change wallpaper, > themes and icons whilst my wireless decides to get a grip. > > Thanks > John
Re: [gentoo-user] "Application Menu" missing on Desktop after Plasma update to 5.17.4 : bug reported
‐‐‐ Original Message ‐‐‐ On Monday, December 30, 2019 4:42 PM, Philip Webb wrote: > I can submit it to KDE Bugs, but first what to others think re it ? What I think about it is that I object to you wasting your time by submitting bug reports to KDE. It will be a net-loss for humanity in the grand scheme of things and the long term survival of life forms. Because, you'll never get a bug "fixed" with KDE, since, by definition, everything that KDE does is a workaround. It's just that they speak a different language, very similar to English (kde_EN), where "fix" means "workaround". Technically, KDE cannot make a "fix" and exist at the same time. In other words, the concepts "bug fix" and "KDE exists" are mutually exclusive. IMO the best thing to do, which is also what I think can be called "fix" without unethically redefining words in the English language, is to silently unmerge all KDE's fluff, and install i3 + dmenu + i3status + i3lock, and call it a day. rgrds, cm.
Re: [gentoo-user] "Application Menu" missing on Desktop after Plasma update to 5.17.4 : bug reported
‐‐‐ Original Message ‐‐‐ On Thursday, January 2, 2020 2:47 PM, Dan Johansson wrote: > @Caveman Al Toraboran: If you do not like KDE, that is fine with me, BUT > then, you do NOT have to "pollute" the thread with your opinions if they > do nothing to solve this KDE issue. Please stop "polluting" this thread by your false pollution reports. Just because you don't agree with an advise, it does not make it into pollution. And yes, KDE sucks. Get over it.
Re: [gentoo-user] "Application Menu" missing on Desktop after Plasma update to 5.17.4 : bug reported
‐‐‐ Original Message ‐‐‐ On Thursday, January 2, 2020 10:53 PM, Dale wrote: > I'm not sure how either of your posts helped the OP. You don't like > KDE, you think KDE doesn't fix bugs, got it. I'm not sure how that > helps with the problem. I've filed a bug report or two in the past with > KDE and they got fixed, sometimes in strange ways but fixed never the > less. It seems to me that either your past requests, if you made any, > were not bugs or was not fixable for some reason. > > Just a thought. > > Dale > > :-) :-) OP asked for thoughts before he submits the bug report to KDE, and I gave him thoughts to save his time by guiding him towards the better path. If OP follows my advise, he should get increased productivity. Do you see now? Your last 2 posts are useless, and you are trying to make me offer you free online parenting services. This was supposed to be offered to you by your parents. If you need extra help, please email your parents. I am not going to be your online parent.
[gentoo-user] how to lbry desktop?
this: https://github.com/lbryio/lbry-desktop#running-from-source doesn't work. i did `yarn dev:web` (and without web) and i don't see anything usable. with `:web` i get a browser opened, but it doesn't show anything. without `:web` it just says that render compilation complete, and gets stuck there. ctrl^c shows `killing threads...`. wat's the best way? is there even a best way? rgrds, cm.
Re: [gentoo-user] how to lbry desktop?
thx but, some other error i noticed: says keytar something 127, when running `yarn`. btw why is lbry so horrible? can't they just make a normal app? == snippet start == caveman@cave ~/D/d/lbry-desktop> yarn yarn install v1.21.1 $ yarn cache clean lbry-redux && yarn cache clean lbryinc yarn cache v1.21.1 success Cleared package "lbry-redux" from cache Done in 0.79s. yarn cache v1.21.1 success Cleared package "lbryinc" from cache Done in 0.84s. [1/5] Validating package.json... [2/5] Resolving packages... [3/5] Fetching packages... info fsevents@1.2.11: The platform "linux" is incompatible with this module. info "fsevents@1.2.11" is an optional dependency and failed compatibility check. Excluding it from installation. [4/5] Linking dependencies... warning " > lbryinc@0.0.1" has incorrect peer dependency "lbry-redux@lbryio/lbry-redux". [5/5] Building fresh packages... [9/9] ⠂ nodemon [8/9] ⠂ node-sass [3/9] ⠂ keytar [7/9] ⠂ lbryinc error /home/caveman/Documents/dev/lbry-desktop/node_modules/keytar: Command failed. Exit code: 127 Command: prebuild-install || node-gyp rebuild Arguments: Directory: /home/caveman/Documents/dev/lbry-desktop/node_modules/keytar == snippet end == rgrds, cm. ‐‐‐ Original Message ‐‐‐ On Thursday, January 16, 2020 7:59 PM, Alec Ten Harmsel wrote: > On Thu, Jan 16, 2020, at 10:27, Caveman Al Toraboran wrote: > > > this: > > https://github.com/lbryio/lbry-desktop#running-from-source > > > > doesn't work. i did `yarn dev:web` (and without web) and i don't see > > anything > > usable. with `:web` i get a browser opened, but it doesn't show anything. > > without `:web` it just says that render compilation complete, and gets stuck > > there. ctrl^c shows `killing threads...`. > > > > wat's the best way? is there even a best way? > > > > rgrds, > > cm. > > `yarn dev:web-server' works for me. > > HTH, > > Alec
[gentoo-user] anything new in kernel 5.5.6 that makes boot slower (some extra file system checks?)
hi - is title right? if so, what is going on? rgrds, cm. Sent with [ProtonMail](https://protonmail.com) Secure Email. (this is a lie obviously)
Re: [gentoo-user] Nice job,
‐‐‐ Original Message ‐‐‐ On Sunday, March 8, 2020 2:02 PM, Michael wrote: > > atg@tortoise ~ $ konsole > > QCommandLineParser: already having an option named "h" > > QCommandLineParser: already having an option named "help-all" > > QCommandLineParser: already having an option named "v" i get this warning/error in gentoo and archlinux (without cannot mix ...etc).
Re: [gentoo-user] Re: New laptop - AMD or Intel?
‐‐‐ Original Message ‐‐‐ On Wednesday, March 11, 2020 11:17 PM, james wrote: > On 3/9/20 2:53 PM, Michael wrote: > > Intel/nvidia sold their souls to satan, a long time ago, from my > perspective as a christian, ymmv. [Citation needed].
[gentoo-user] emerge --sync using tor by default?
hi - is that true? it seems to be using it automatically when tor.service is running. what's the point? e.g. is it made to ensure that we reduce the probability of having a single man in the middle that may consistently fool us? by replacing it by varying men in the middle that is harder for them to coordinate a consistent lie? and what do you recommend me to do in order look like the cool kids? rgrds, cm.
[gentoo-user] repair uefi vfat /boot?
questions: * what's going on? * how to find out? * how to fix? symptoms: * can't write (gives read/write error). * but files can get created and deleted. * newly created files, which also have failed writes have 0 bytes in them. * mount /dev/sda1 /boot is slow. * umount /boot is slow. cave ~ # fsck.vfat -v -a -w /dev/sda1 fsck.fat 4.1 (2017-01-24) Checking we can access the last sector of the filesystem 0x41: Dirty bit is set. Fs was not properly unmounted and some data may be corrupt. Automatically removing dirty bit. Boot sector contents: System ID "mkfs.fat" Media byte 0xf8 (hard disk) 512 bytes per logical sector 4096 bytes per cluster 32 reserved sectors First FAT starts at byte 16384 (sector 32) 2 FATs, 32 bit entries 565248 bytes per FAT (= 1104 sectors) Root directory start at cluster 2 (arbitrary size) Data area starts at byte 1146880 (sector 2240) 140520 data clusters (575569920 bytes) 63 sectors/track, 255 heads 2048 hidden sectors 1126400 sectors total Got 4096 bytes instead of 562088 at 16384 thoughts? rgrds, cm. Sent with ProtonMail Secure Email.
Re: [gentoo-user] repair uefi vfat /boot?
‐‐‐ Original Message ‐‐‐ On Saturday, March 21, 2020 8:03 PM, Stefan Schmiedl wrote: > "Caveman Al Toraboran" toraboracave...@protonmail.com, 21.03.2020, 14:49: > > > questions: > > * what's going on? > > * how to find out? > > "dmesg -T" is your friend. It should show the error messages > with their timestamps. > > > * how to fix? > > For spinning HDs: > > If the error messages point towards faulty sectors that can't be > written, get a new drive and migrate your data. If the messages > don't contain sectors, check and/or replace the cabling. If the > problem persists, get a new drive etc... i get this: http://codepad.org/MVeqeBBu it mentions "sector", but not sure if it is what you mean. what do you think?
Re: [gentoo-user] repair uefi vfat /boot?
‐‐‐ Original Message ‐‐‐ On Sunday, March 22, 2020 11:53 AM, Stefan Schmiedl wrote: > Messages like > > > > [sda] tag#6 Sense Key : Medium Error [current] > > > > [sda] tag#6 Add. Sense: Unrecovered read error - auto reallocate failed > > usually point towards towards problems with the magnetic layer > on the disk. These do not get better over time, they only get > worse. > > Then we have "auto reallocate failed", which means that the HD > controller tried to reassign the damaged sector to another working > sector, unsuccessfully. > > > what do you think? > > If there is anything of value on the disk, get a new one right now. done (fortunately important data got backed up). any idea why 1 partition (uefi vfat) is suffering errors, but the other ext4 isn't?
Re: [gentoo-user] repair uefi vfat /boot?
‐‐‐ Original Message ‐‐‐ On Sunday, March 22, 2020 12:50 PM, Michael wrote: > What Stefan said - the disk is on its way out and autorecovery of bad sectors > is failing. You could run: > > smartctl -a /dev/sda > > to see what errors it reports, but in the first instance if the data on this > disk is valuable I suggest you get another disk and immediately transfer all > useful/recoverable files off this drive. If the value of the data is not > high/irreplaceable, then carry on using it - it may take years and years > before it fails completely. > > To reallocate a bad block on your disk and hope more won't arrive overnight, > have a read at this page: > > https://www.smartmontools.org/wiki/BadBlockHowto i get this output: https://gist.github.com/Al-Caveman/b3be1a623f20b55de80d0e2eddcda5d4 how to read this? seems very cryptic to me. how is this better than dmest -T? thx.
Re: [gentoo-user] repair uefi vfat /boot?
‐‐‐ Original Message ‐‐‐ On Monday, March 23, 2020 3:33 PM, Michael wrote: > 'man smartctl' provides some explanation with regards to reading the Attribute > values reported by the firmware of the disk, as does Wikipedia: > > https://en.wikipedia.org/wiki/S.M.A.R.T.#Known_ATA_S.M.A.R.T._attributes > > However, with Seagate drives in particular reported values by the firmware are > counterintuitive and can cause confusion: > > http://www.users.on.net/~fzabkar/HDD/Seagate_SER_RRER_HEC.html > > Not withstanding the above, if you look under the section "-A --attributes" in > the manual you'll see the following. If an attribute type is of type 'Pre- > fail' and is equal or less than the Threshold value then there is a problem. > If the WHEN_FAILED column shows a dash, this means the drive has not failed > yet with respect to this attribute. > > Looking at your SMART table we can see no attribute has failed completely yet, > but we see some potentially worrying signs too. > > There have been a number of (ID 1) Raw Read Errors and also (ID 195) Hardware > ECC Recovered sectors. However, there are a large number of (ID 187) Reported > Uncorrectable errors - these are sectors the Hardware ECC failed to correct. > > The next value (ID 188) Command Timeout is also of some concern, showing a > count of 30 aborted operations by the HDD. > > There are also some Bad Blocks, with a raw value of 49. If you see this > number increasing over time, it means potentially more and more of your data > can be lost. It would explain for example why some of the files you stored in > the vfat partition are showing a size of zero. The value of (ID 197) Current > Pending Sector of 12 is also worrying - there are 12 sectors waiting to be > remapped to a more healthy part of the disk because of unrecoverable read > errors. The following attribute (ID 198) Offline Uncorrectable Error counts > also shows 12. These are indications your hard disk is failing probably due > to some platter surface damage and you should take all data off it. At some > point it will fail completely and until then loss of data is likely to > increase. amazing help :). thank you very much for walking me throughout this. highly appreciated. from now on, will start the smart daemon + some raid solution (after replacing faulty disk). (side note: and psu's fuse blew up a few days ago. fortunately important data is backed up. but i wonder if this is related? or is it just that i'm unlucky?) rgrds, cm
[gentoo-user] mail cannot send emails (trying to use it with smartd)
why can't `mail` send emails? below is some info. from journalctl: > Apr 01 03:55:17 blah smartd[11693]: mail: cannot send message: Process exited > with a non-zero status i did `equery belongs mail`, and i got: > dev-python/twisted-19.10.0 (/usr/lib64/python3.6/site-packages/twisted/mail) > dev-python/twisted-19.10.0 (/usr/lib64/python2.7/site-packages/twisted/mail) > net-mail/mailutils-3.9 (/usr/bin/mail) > net-mail/mailutils-3.9 (/bin/mail -> ../usr/bin/mail) > net-mail/mailutils-3.9 (/etc/mailutils.d/mail) then `whereis mail`: > mail: /usr/bin/mail /bin/mail /usr/share/man/man1/mail.1.bz2 so i guess this means that i'm using the `mail` from mailutils. rgrds, cm.
Re: [gentoo-user] Re: mail cannot send emails (trying to use it with smartd)
On Wednesday, April 1, 2020 10:20 AM, Ian Zimmerman wrote: > On 2020-04-01 03:51, Caveman Al Toraboran wrote: > > > why can't `mail` send emails? below is some info. > > Normally the mail program works by execing /usr/sbin/sendmail to to the > hard part :-P Do you have it? It doesn't have to be the "real" > sendmail - any MTA program you install usually makes a symlink from > /usr/sbin/sendmail to itself. i got sendmail around. but didn't do any configurations. what's the minimum configuration to do? i'm really not planning anything ultra-professional. i hope it to send an email the shameless style (just send an smtp message to the smtp server where my email is hosted)
[gentoo-user] how do you monitor your pc?
currently i have two i3 tiles open on one of my monitors: * one shows `journalctl -f`, which shows things from smartd, sudo attempts, and maybe soon also arpwatch. (btw, any other monitoring apps that you recommend?) * another shows `watch 'dmesg -T` for kernely things not showing up in `journalcdl`. [question 1] i wonder how do you monitor your pc? [question 2] i'm thinking to put my `journalctl -f` as a wallpaper that keeps updating. how to do this? conky? better than conky? rgrds, cm.
Re: [gentoo-user] Re: mail cannot send emails (trying to use it with smartd)
On Thursday, April 2, 2020 6:18 PM, Grant Edwards wrote: > Then DO NOT use sendmail. Sendmail is only for the ultra-professional > who already knows how to configure it (not joking). > > If all your mail gets sent via a single SMTP server at your ISP (or > wherever), then Sendmail is definitely not what you want. > > If you don't need local queueing (so you can send email while > offline), then I'd pick ssmtp. NB: ssmtp is a bit old and in need of > a ebuild maintainer, so might not be my first choice if I wasn't > already familiar it. > > https://wiki.archlinux.org/index.php/SSMTP > > Nullmailer is also a good option with the added bonus of queueing > outbound mail while you're offline.: > > https://github.com/bruceg/nullmailer > https://wiki.archlinux.org/index.php/Nullmailer > > If you want something even more sophisticated (e.g. something that can > deliver mail locally and receive inbound mail using SMTP), then postfix > or exim would probably the be the next step up: > > https://wiki.gentoo.org/wiki/Postfix > https://wiki.archlinux.org/index.php/Postfix > > https://wiki.gentoo.org/wiki/Exim > https://wiki.archlinux.org/index.php/Exim > > I've read claims that there are things you can do with sendmail that > Exim or Postfix can't handle, but I'm not sure I believe it. I am > sure I'll never need to do any of those things. thanks a lot for this info. highly appreciated. i'll go with nullmailer (imo suits me best). though i'm a bit curious about sendmail (if your time allows). do you mean the ebuild "sendmail"? or the command "sendmail"? i used to think it's a swiss-army kind of tool (used to call "sendmail" in my cgi scripts decades ago without any infrastructure; by just directly zapping recipient's smtp gateway).
Re: [gentoo-user] Re: mail cannot send emails (trying to use it with smartd)
On Friday, April 3, 2020 6:23 AM, Grant Edwards wrote: > On 2020-04-03, Caveman Al Toraboran toraboracave...@protonmail.com wrote: > > > though i'm a bit curious about sendmail (if your > > time allows). do you mean the ebuild "sendmail"? > > Yes. I meant the program provided by the "sendmail" ebuild. That is > the MTA named "sendmail" that's been around since the universe cooled > enough to form atoms: > > https://en.wikipedia.org/wiki/Sendmail > > For many years it was the de-facto standard MTA for Unix systems. > > It's very powerful but the configuration file format is almost > impossible to understand, so people developed an m4 application that > accepted a slightly less cryptic language and generated the sendmail > configuration file. At it's peak back in the early 90's there were > approximately five people in the world who actually understood > sendmail, and none of them ever worked where you did. The rest of us > stumbled in the dark using the finely honed cargo-cult practices > cutting and pasting random snippets out of example configurations to > see what happened. Usually what happed is that mail was lost or flew > around in a loop multiplying to the point where a disk parition filled > up. > > That said, sendmail has features that no other MTA has. For example, > it can transfer mail using all sorts of different protocols that > nobody uses these days. > > Back in the 90's a number of replacement MTAs were developed such as > qmail, postfix, exim, etc. When you installed one of these, (instead > of the classic sendmail), they would usually provide an executable > file named "sendmail" that accepted the same command line arguments > and input format that the original did. That allowed applications who > wanted to send email to remain ignorant about exactly what MTA was > installed. > > Exim, postfix, qmail and the others were all still full-function MTAs > intended for a multi-users system. They could route mail to different > destinations (including delivering it locally to a variety of mailbox > types) and accept inbound email from other MTAs. While they were far > easier to set up and maintain than the original sendmail, they were > still massive overkill for a computer that was used only by a single > person where reading mail was done via POP/IMAP and all outbound mail > was handed over to a single outside mail relay. They often didn't > deal well with the fact that they were running on a host that didn't > have a "real" hostname that meant anything to the outside world, and > that the local hostname had nothing to do with the email addresses of > the user(s). > > For that use case, simple MTAs like msmtp, ssmtp, and nullmailer were > written that don't handle incoming mail at all, and where all outbound > mail is sent to a single mail relay host. The first two don't even do > any queuing: if you try to send mail when your relay host is > unreachable, then the send simply fails. > > These too, when installed, provide an executable named "sendmail" that > accepts the same command line options and input format as the original. wow, didn't know sendmail's syntax was so hard it needed a compiler :D thank you very much for your help. highly appreciated. rgrds, cm
Re: [gentoo-user] Re: mail cannot send emails (trying to use it with smartd)
On Thursday, April 2, 2020 6:18 PM, Grant Edwards wrote: > Nullmailer is also a good option with the added bonus of queueing > outbound mail while you're offline.: nullmailer is now configured, and test with `echo "Subject: ..." | sendmail -v m...@dom.com` works. but, smartd's test mail is not working, with this error: Apr 03 10:15:09 blah smartd[219171]: Test of to m...@dom.com produced unexpected output (65 bytes) to STDOUT/STDERR: Apr 03 10:15:09 blah smartd[219171]: mail: cannot send message: Process exited with a non-zero status Apr 03 10:15:09 blah smartd[219171]: Test of to m...@dom.com: failed (32-bit/8-bit exit status: 9216/36) tried to test `mail` in isolation: echo "test body" | mail -s "test subj" m...@dom.com --debug-level=3 mail: sendmail binary: /usr/sbin/sendmail mail: source=system, name=me, passwd=x, uid=1000, gid=1000, gecos=, dir=/home/me, shell=/bin/fish, mailbox=.maildir, quota=0, change_uid=1 mail: source=system, name=me, passwd=x, uid=1000, gid=1000, gecos=, dir=/home/me, shell=/bin/fish, mailbox=.maildir, quota=0, change_uid=1 mail: mu_mailer_send_message(): using From: me@localhost mail: Sending headers... mail: Sending body... mail: /usr/sbin/sendmail exited with: 1 mail: progmailer error: Process exited with a non-zero status mail: cannot send message: Process exited with a non-zero status mail: source=system, name=me, passwd=x, uid=1000, gid=1000, gecos=, dir=/home/me, shell=/bin/fish, mailbox=.maildir, quota=0, change_uid=1 i've also monitored `watch -n .1 tree /var/spool/nullmailer/` and verified that the queue never gets filled with any message when i use the `mail` command (which, i think, is what `smartd` uses). but, the queues get filled when i used `sendmail` by the command in my 1st paragraph. i like the queue functionality, so it is definitely more suitable for me than ssmtp. but i'm disappointed that it requires the service nullmailer to be running all the time. it should -imo- run in a triggered way upon calling sendmail, and should run once at bootup just to check if queue is not empty. and, if it runs, and is unable to empty the queue (e.g. due to no network availability) then it shall remain running until the network is back and the queue is empty. but, currently, it seems that the null mailer is just always running. disappoint!
Re: [gentoo-user] Re: mail cannot send emails (trying to use it with smartd)
On Friday, April 3, 2020 10:42 AM, Caveman Al Toraboran wrote: > nullmailer is now configured, and test with`echo "Subject: ..." | sendmail -v > m...@dom.com` works. but, smartd's test mail is not working, with this error: > > Apr 03 10:15:09 blah smartd[219171]: Test of to m...@dom.com produced > unexpected output (65 bytes) to STDOUT/STDERR: > > Apr 03 10:15:09 blah smartd[219171]: mail: cannot send message: Process > exited with a non-zero status > Apr 03 10:15:09 blah smartd[219171]: Test of to m...@dom.com: > failed (32-bit/8-bit exit status: 9216/36) > > > tried to test`mail` in isolation: > > echo "test body" | mail -s "test subj" m...@dom.com --debug-level=3 > mail: sendmail binary: /usr/sbin/sendmail > mail: source=system, name=me, passwd=x, uid=1000, gid=1000, gecos=, > dir=/home/me, shell=/bin/fish, mailbox=.maildir, quota=0, change_uid=1 > mail: source=system, name=me, passwd=x, uid=1000, gid=1000, gecos=, > dir=/home/me, shell=/bin/fish, mailbox=.maildir, quota=0, change_uid=1 > mail: mu_mailer_send_message(): using From: me@localhost > mail: Sending headers... > mail: Sending body... > mail: /usr/sbin/sendmail exited with: 1 > mail: progmailer error: Process exited with a non-zero status > mail: cannot send message: Process exited with a non-zero status > mail: source=system, name=me, passwd=x, uid=1000, gid=1000, gecos=, > dir=/home/me, shell=/bin/fish, mailbox=.maildir, quota=0, change_uid=1 > > i've also monitored `watch -n .1 tree /var/spool/nullmailer/` and verified > that > the queue never gets filled with any message when i use the `mail` command > (which, i think, is what `smartd` uses). but, the queues get filled when i > used `sendmail` by the command in my 1st paragraph. extra info: i've just found that it only fails when sender address is `@locahost`. if i manually execute `mail` with `-aFrom:lol@safsdfsd` it will work, even tho the `From:...` is total garbage. but somehow just can't work when `From:lol@localhost`. something personal going on with `mail` and `localhost`. any idea what's going on? and what did i do wrong? hence what's the most elegant way to fix this?
Re: [gentoo-user] Re: mail cannot send emails (trying to use it with smartd)
On Thursday, April 9, 2020 10:49 AM, Michael wrote: > I have not configured nullmailer to know its internals, but assuming you have > not removed '127.0.0.1 localhost' from your /etc/hosts it should work. interesting. i had (no work): `127.0.0.1localhost myhostname` but it only worked when i swapped order of `myhostname`: `127.0.0.1myhostname localhost` so now it's working, but me surprise! me cannot sense. do u sense?
[gentoo-user] display repo in emerge list?
hi - any way to display which repository a package is being installed/updated from when emerging something? e.g. when doing `emerge -aqvDuUNt @world`, i see a tree of packages, but i don't know from which repository are they coming. this concerns me since i got 2 overlays added, and it would be useful for me to verify that i'm not accidently emerging the wrong package from a layman repo that i had for something else. (extra question to keep you isolated a lil longer: some one laughed at my `-aqvDuUNt` but didn't tell me why. is there anything stupid about it?) rgrds, cm.
Re: [gentoo-user] display repo in emerge list?
On Thursday, April 16, 2020 3:19 PM, Arve Barsnes wrote: > It shows the repository for me when I use my command. I assume you > would get the same if you removed -q (quiet) from your command, which > might override or interfere with your -v (verbose). > > Another thing people might react to, are your use of both -U and -N, > which are two different approaches to updating packages with changes > in their USE state. thx sir. i removed: `-q` and added: `--quiet-build y` instead. very excellente. rgrds, cm.
[gentoo-user] can't paste password from clipboard into ssh login in urxvt
so i get my password loaded into the clipboard by keepassxc. then i can paste it into various terminals, like urxvt. but, the strange thing is that, i cannot paste it into urxvt when it shows ssh's login prompt. i can paste the password loaded into the clipboard from keepassxc if there is no ssh login. but just can't when there is an ssh login prompt. any idea what's going on? rgrds, cm.
Re: [gentoo-user] can't paste password from clipboard into ssh login in urxvt
On Thursday, April 16, 2020 8:12 PM, David Abbott wrote: > Did you try CTRL + SHIFT + V yes (that's how i paste).
Re: [gentoo-user] can't paste password from clipboard into ssh login in urxvt
On Thursday, April 16, 2020 8:20 PM, wrote: > I didn't tru that muself, but as far as I could remember, > ssh catches the tty so no password will be shown (but processed). ya, i know that bit. > What happens if you paste the password, ignore, that "nothing" happens > and then press ? if i press ctrl+shift+v, followed by enter, then not even the enter registers. if i press the enter again, alone, without the preceeding ctrl+shift+v, it works but tells me the obvious message "permission denied, please try again". but if i do the same thing (ctrl+shift+v) in urxvt, without having ssh's password prompt, then the password pastes normally, and the subsequent enter works normally (of course it shows "unknown command: ").
Re: [gentoo-user] can't paste password from clipboard into ssh login in urxvt
On Thursday, April 16, 2020 9:51 PM, Caveman Al Toraboran wrote: > if i press ctrl+shift+v, followed by enter, then > not even the enter registers. if i press the > enter again, alone, without the preceeding > ctrl+shift+v, it works but tells me the obvious > message "permission denied, please try again". > > but if i do the same thing (ctrl+shift+v) in > urxvt, without having ssh's password prompt, then > the password pastes normally, and the subsequent > enter works normally (of course it shows "unknown > command: "). just to add: if i paste the password by the middlemouse buffer (selection buffer?) it goes through ssh's login prompt. but the ctrl+shift+v (clipboard buffer) doesn't. both (selection and clipboard) pastes work in urxvt when ssh's prompt is not there. but it seems deeper than just the "login prompt". i repeated the same fast enough to paste before the "login prompt" appearing, and same effect: paste did not work when ssh is running. it seems a problem when ssh is running. here is one hint: when i paste with ctrl+shift+v, ssh shows "^" before the password prompt appears. of course, shows nothing when the password prompt appears.
Re: [gentoo-user] can't paste password from clipboard into ssh login in urxvt
On Thursday, April 16, 2020 10:09 PM, Alec Ten Harmsel wrote: > I use urxvt and I've always done Ctrl+Alt+V for paste. If you try that, what > does it do? yes. it works. thanks. i guess the reason ctrl+shift+v, or ctrl+v, work is because of fish's (shell) magic. but when ssh runs, it's no longer fish's business to do its magic as i'm pasting into ssh's stdin (not fish's), which is when only urxvt's magic applies.
[gentoo-user] best rss reader?
hi - could everyone share his rss reading setup? i have newsboat, but it got masked. so i'm now starting to look around again. i'm open minded and welling to question fundamentals in the theory of the optimality of rss feed readers. so if you have some principles/theories about what makes an rss feed optimum, please share these too, as it might help me think in a better way in my quest to find the best rss feed reader. summary of questions: - 1. what rss feed reader do you use? 2. what are your theoretical principles that guided you to choose the rss feed that you use. rgrds, cm.
Re: [gentoo-user] Is Gentoo dead?
On Tuesday, April 21, 2020 11:01 PM, Consus wrote: > Yeah, mgorny likes to do some provocative stuff like forking Portage. patching P*E is heretic, and forking it is outright blasphemous.
Re: [gentoo-user] Re: best rss reader?
On Wednesday, April 22, 2020 3:44 AM, Ian Zimmerman wrote: > Really? Masked as in package.mask? When? I don't see that. > I use it too, and it is better than the alternatives IMO. i'm on ~amd, is this related to why you don't see it? from `/var/db/repos/gentoo/profiles/package.mask`: ``` # Michał Górny (2020-04-19) # Both packages are unmaintained and have unresolved bugs. stfl # is stuck on Python 3.6 and newsboat is its only revdep. # Removal in 30 days. Bug #718286. dev-libs/stfl net-news/newsboat ``` i highly appreciate mgorny's work though. thanks to him, now i'm aware of the shortcomings, and looks like i'm now headed to get me a better rss reader. also thanks to those who helped me in this thread. highly appreciated. i'm now trying your ideas, and very optimistic i'll find a better rss reader setup.
Re: [gentoo-user] Is Gentoo dead?
On Wednesday, April 22, 2020 7:35 PM, Michael Orlitzky wrote: > On 4/22/20 11:22 AM, Caveman Al Toraboran wrote: > > > On Tuesday, April 21, 2020 11:01 PM, Consus con...@ftml.net wrote: > > > > > Yeah, mgorny likes to do some provocative stuff like forking Portage. > > > > patching P*E is heretic, and forking it is > > outright blasphemous. > > For everyone complaining about how long emerge @world takes, and about > the incomprehensible error messages -- this fork was a step towards > fixing that. Portage does some slow, unpredictable, undocumented magic > when resolving dependencies that it never should have done in the first > place. Developers using portage then make commits that appear to work > with portage, but won't work in any other PMS-compliant package manager, > and often don't work in portage itself when given slightly different > command-line options. > > Portage was forked because the current maintainers insist on leaving it > broken to "avoid the phone calls." There are still problems, but this > way people don't realize they're portage's fault. i was joking. i agree with you + mgorny. in fact, i think portage sucks so much it must be rewritten from scratch, in such a way that it has least run-time dependencies, so we stop worrying about upgrading other packages, such as python. e.g. perhaps gne (gne is not emerge) should better be statically linked (no stupid python run-time that freaks us every time we upgrade python). just my thought. but mgorny knows much better than me most likely. i like his work. and i hope politics around emerge/portage gets dropped.
Re: [gentoo-user] Is Gentoo dead?
On Wednesday, April 22, 2020 9:34 PM, Michael Orlitzky wrote: > Dependency resolution is indeed a (formally) hard problem. Solving the > traveling salesman problem is also hard. Solving the traveling salesman > problem while being punched in the face is even harder. When I complain > about portage being slow, what I mean is that I want to stop being > punched in the face so that I can concentrate all of my energy on the > underlying hard problem. any reason why is it a traveling salesman problem, and not just a tree walk with heuristics to handle exceptions (e.g. cycles)? my thought -- my thought is that dep. resolution is like walking down a tree, and branch out depending on the USE flags -- for this, imo the sympt. run-time complexity should be approximately O(log n), where n = number of packages in portage. except that some of its leaves go back to a branch (circular dependencies). here, we can add heuristics/workarounds when cycles are detected. how common is it to stumble upon cycles in a single dependency resolution run? let's say it happens S many times per run. so in overall, i think, it should be O(log n + S). since it can be seen as a tree, imo it is very easy to distribute the computation across several cores, even for a single package dep. resolution. e.g. create threads upon branching in the tree until MAX_THRD reached. of course all in C, statically-linked (minimum run-time dep. for emerge). i don't see why we need fancy stuff like python.
Re: [gentoo-user] Prefer Gentoo repository rather than overlay?
On Thursday, April 23, 2020 11:09 PM, Matt Connell (Gmail) wrote: > Looking for some guidance in managing the source of package > installs/upgrades when a package is provided by both the standard > repository and an overlay. > > I currently have the poly-c overlay added via layman. poly-c provides > many of the same packages as the standard gentoo repository. > > When I install/update packages, portage appears to prefer the version > provided by poly-c rather than the version provided by the gentoo > repository, if the two provide the same version number of the package. > Examples of this include sys-boot/grub, sys-fs/udev, and other critical > packages. > > I would prefer that portage prioritize gentoo's version rather than the > overlay's version, unless specified otherwise (eg. > sys-boot/grub::poly-c) when installing. > > What's the best way to go about doing this? I could specify ::gentoo > for each entry in my world file, but this seems rather heavy-handed and > high maintenance. Is there a better way? **warning** i'm dumb. didn't try it, but i guess you'll get the effect you want by: * setting priority of your layman repo below -1000. * setting priority of the gentoo repo above 50 (i think default for layman). more info: https://wiki.gentoo.org/wiki/Ebuild_repository#Priorities
Re: [gentoo-user] Is Gentoo dead?
On Friday, April 24, 2020 1:03 AM, Alec Ten Harmsel wrote: > If it's so easy, why don't you implement it? /s because busy and got better things in life. but what is your point? 1. are you trying to get to know me a bit closer? 2. or are you trying to indirectly a claim that making portage faster is too hard? if (1) then off-topic. if (2) then you're committing a logical fallacy. some version of appeal to majority? hence your claim is unsubstantiated, and is deleted from space thanks to occam's razor. if it was too hard for most people in the past, it doesn't mean that it is hard for everyone else. not saying that your claim is wrong. but saying that your tool to show that claim is not working. not saying that your claim is right either. it's so far floating somewhere in the ``unknown'' region (until a proof is presented; not a logical fallacy). > Sorry for being a little glib but every couple months I go through this > thought process: > > 1. Wow, portage is slow > 2. I can make this faster, it can't be that hard > 3. ...wow, nevermind, it is really hard > 4. Thank you portage maintainers! if your point is to share history, thanks. else: logical fallacy (read above). > I don't think it's O(log n). Roughly, for 1 package portage has to make the > full dep > tree, solve all the constraints to resolve to actual packages that can be > installed, > and order and merge the tree into a single branch of packages to install. I'm > probably missing some steps and obviously that's not a rigorous explanation > but > it's at least O(n) where n is the total number of dependencies. not mutually exclusive. your n (number of deps) is different than my n (number of packages in portage). e.g. i think that : O(your n) = O(log(my n)) i think the real trick is to split portage into two separate parts: 1. index: pre-compiled indexed global dependency graph. this should allow efficient jumping into the right spot of the graph to efficiently walk around to meet the dependencies based on constraints (e.g. USE flags, versions). imo this can do the dependency resolution that emerge does in 45 seconds in less than 3 seconds. 2. scripts to carry out the compile/installation. currently portage has (1) and (2) mixed into a single directory-based structure containing files in a format that is not efficient for graph walking, and uses the wrong tool (python). > Speeding up portage would be a fun project but it's less important > that portage being correct. yes, the speed issue is not a problem (more like a psychological issue). but that's misleading. portage's problems is beyond the timing issue. e.g.: 1. the fact that emerge uses python is horrible. ideally a package manager must have least run-time dependencies possible. but now, emerge is based on python, which limits our freedom in upgrading python versions in the fear of wrecking emerge (and getting stuck, needing manual attention). which is why i think ideally new emerge should be some statically linked compiled binary. 2. i'm sure smart people can point out better reasons about how emerge is wrong.
Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Wednesday, April 22, 2020 8:32 PM, Michael Jones wrote: > > No-no. C++ is a nightmare. A few people want to use it. > > C++ is an extremely widespread language with millions of lines of code > written daily world wide. i think that might be misleading as it seems to imply that being a c++ dev is mutually exclusive against being a c dev (is it? the languages agree on many syntaxes/features). i think the right way of thinking is as follows: 1. identify programming features needed to code a reliable pms. i think most likely all we need is [recursive] function calls and if/else/loops. the rest probably has to do with algorithms (independent of the language). 2. pick language that has features (1) and has the largest users base. if the set of features in (1) is small enough (such as ones i suggested), then the c++ developers should be counted as c developers (because that part is common between c++ and c). 3. apply occam's razor. if two languages are equally satisfying points (1) and (2), then choose the simplest one. but if my thought is correct (that we only need the subset of features in c++ that's already in c), then c is guaranteed to have a greater effective number of developers in step (2). hence, we will not even need to apply occam's razor to remove c++ (unless points (1) and (2) result in a tie, which i don't think it does in this case). > Lots of people want to use it. Just not people who want to write a PMS > compliant package manager. probably same kind of people that are headed to blow their legs (and ours) in the process.
Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Friday, April 24, 2020 4:45 PM, Rich Freeman wrote: > How did we get from "Is Gentoo dead?" to "Is C++ dead?" c++ is very alive. it just usually exists in the form of a disease and spreads like cancer. rgrds, cm.
Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Friday, April 24, 2020 8:30 PM, inasprecali wrote: > There is no rational reason for the core of Portage to be written in > C. curious.. are you also cool if busybox was written in python?
Re: [OBORONA-SPAM] Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Friday, April 24, 2020 9:56 PM, Michele Alzetta wrote: > I mean, basically portage is just a set of functions, so a functional > programming language might just be the best way to go yes, haskell passes step (1); so does php, java, etc. now kindly apply the rest of the steps ((2) and (3)), and see how far haskell would reach? i don't think haskell would pass step (2), and even if does, i doubt it would survive step (3). unless you're seriously asking this question, you're committing a strawman.
Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Friday, April 24, 2020 12:27 AM, Steven Lembark wrote: > Main issue I can see with C is that most people today don't know how > to manage memory; not enough of us left who really understand how > malloc works :-) i find it very hard to believe this. because, fundamentally, the concept of malloc/free is the same concept that we expect a 5 years old kid to know. e.g. we tell kids ``return all balls back into the bucket before you leave the room'', which is exactly the concept of malloc/free. probably we can even train monkeys to do the same (return all taken balls back before leaving). so i really can't believe that we have devolved in such a way where malloc/free suddenly has became a hard concept for homo sapiens.
Re: [gentoo-user] Is Gentoo dead?
On Saturday, April 25, 2020 10:04 PM, Fernando Reyes wrote: > Bravo, and Gentoo can't be dead because it's immortal. > > likewhoa no, that's not it. let me explain. gentoo is indeed dead. specifically, gentoo's death happened some time in 2007. then, in the 2nd of march 2008, gentoo became undead [1]. it's very difficult to kill undeads (try it in dark souls). technically they are dead already. but i think i know how to finally free gentoo from the undead realm and let it finally rest in peace. here is how: * something better than gentoo should come. e.g. something source-based and comprehensive. so far, there is no better solution than gentoo for the requirements that gentoo satisfies. therefore, gentoo cannot be freed from the "undread" realm to finally rest in peace. if you want to set gentoo free, please tell us 1 source-based distro that is as comprehensive as gentoo (or more). then we cen celebrate gentoo's freedom from the undead realm right now. [1] https://en.wikipedia.org/wiki/Gentoo_Linux#History rgrds, cm.
Re: [gentoo-user] Is Gentoo dead?
On Saturday, April 25, 2020 1:23 AM, Michael Orlitzky wrote: > It's not outwardly a traveling salesman problem, but it's on the same > level of difficulty. If you look at RDEPEND in an ebuild, you'll see a > bunch of entries like > > cat/pkg <= version > > As the package manager recursively processes all of the ebuilds in the > dependency graph, you wind up with a goal like > > maximize the versions of all installed packages > subject to > cat/pkg1 <= version1 > cat/pkg1 > version2 > > cat/pkg2 >= version3 > > ... > > > That looks a lot like a linear programming problem, but package versions > are discrete. So ignoring all of the details, it's believable that we > have an integer programming problem, which is NP-complete. i'm dumb, and don't fully understand this, but i think i found something interesting: [1] http://www.aimsciences.org/article/doi/10.3934/jimo.2014.10.557 i wonder, can gradient descent be used to find optimal portage solution? didn't read beyond the abstract in [1], but from the abstract it seems doable (i.e. integer programming solvable by gradient descent). anyone please correct me if i'm wrong. if doing it with gradient descent is doable, then i wonder, can emerge one day be GPU accelerated? how coold would it be? :D ``world's 1st GPU accelerated package manager''! of course it is not a pressing issue, but i think it is a very fun puzzle to think about in my free time (which is most of my life these days), and i think some here may like contemplating such shameless thoughts. rgrds, cm.
[gentoo-user] transparent compression? (e.g. device mapper for compression)
hi - any nice way to have compression at the file system level, without using zfs? perhaps some kind of device mapper that compresses data? i find file system compression to speed up read/write to slow disks noticeably (e.g. sata). rgrds, cm.
Re: [gentoo-user] transparent compression? (e.g. device mapper for compression)
On Thursday, April 30, 2020 9:59 AM, Adam Carter wrote: > https://btrfs.wiki.kernel.org/index.php/Compression oo. thanks, but my mistake. i should've clarified better. i'm looking for a solution that works nicely with ext4. ideally i am thinking of a device mapper solution. e.g. we got a device mapper for encryption (dm-crypt), but i think we lack one for compression.
[gentoo-user] how to partition a dm-crypt disk?
hi - why can't i use fdisk to partition a dm-crypt disk? tried to `sudo fdisk /dev/mapper/ea`, which is created by: > `sudo cryptsetup open --type plain /dev/sda ea` fdisk shows my partitions: > Device StartEndSectors Size Type > /dev/mapper/ea-part1 2048 10487807 10485760 5G Linux filesystem > /dev/mapper/ea-part2 10487808 1953525134 1943037327 926.5G Linux filesystem but, as i save that partition table, i get this error: > Command (m for help): w > The partition table has been altered. > Failed to add partition 1 to system: Invalid argument > Failed to add partition 2 to system: Invalid argument if i repeat the execution of fdisk, i see that partition table, and if i hit `w`, it saves without showing that error. then, as i go to run `mkfs.ext4` on them, i can't see them under `/dev/mapper/`. rgrds, cm.
[gentoo-user] which linux RAID setup to choose?
hi - i'm to setup my 1st RAID, and i'd appreciate if any of you volunteers some time to share your valuable experience on this subject. my scenario --- 0. i don't boot from the RAID. 1. read is as important as write. i don't have any application-specific scenario that makes me somehow favor one over another. so RAIDs that speed up the read (or write) while significantly harming the write (or read) is not welcome. 2. replacing failed disks may take a week or two. so, i guess that i may have several disks fail one after another in the 1-2 weeks (specially if they were bought about the same time). 3. i would like to be able to grow the RAID's total space (as needed), and increase its reliability (i.e. duplicates/partities) as needed. e.g. suppose that i got a 2TB RAID that tolerates 1 disk failure. i'd like to, at some point, to have the following options: * only increase the total space (e.g. make it 3TB), without increasing failure toleration (so 2 disk failure would result in data loss). * or, only increase the failure tolerance (e.g. such that 2 disks failure would not lead to data loss), without increasing the total space (e.g. space remains 2TB). * or, increase, both, the space and the failure tolerance at the same time. 4. only interested in software RAID. my thought -- i think these are not suitable: * RAID 0: fails to satisfy point (3). * RAID 1: fails to satisfy points (1) and (3). * RAIDs 4 to 6: fails to satisfy point (3) since they are stuck with a fixed tolerance towards failing disks (i.e. RAIDs 4 and 5 tolerate only 1 disk failure, and RAID 6 tolerates only 2). this leaves me with RAID 10, with the "far" layout. e.g. --layout=n2 would tolerate the failure of two disks, --layout=n3 three, etc. or is it? (i'm not sure). my questions Q1: which RAID setup would you recommend? Q2: how would the total number of disks in a RAID10 setup affect the tolerance towards the failing disks? if the total number of disks is even, then it is easy to see how this is equivalent to the classical RAID 1+0 as shown in md(4), where any disk failure is tolerated for as long as each RAID1 group has 1 disk failure only. so, we get the following combinations of disk failures that, if happen, we won't lose any data: RAID0 --^-- RAID1 RAID1 --^-- --^-- F . . . < cases with . F . . < single disk . . F . < failures . . . F < F . . F < cases with . F F . < two disk . F . F < failures F . F . < . F F . < this gives us 4+5=9 possible disk failure scenarious where we can survive it without any data loss. but, when the number of disks is odd, then written bytes and their duplicates will start wrap around, and it is difficult for me to intuitively see how would this affect the total number of scenarious where i will survive a disk failure. Q3: what are the future growth/shrinkage options for a RAID10 setup? e.g. with respect to these: 1. read/write speed. 2. tolerance guarantee towards failing disks. 3. total available space. rgrds, cm.
Re: [gentoo-user] which linux RAID setup to choose?
On Sunday, May 3, 2020 1:14 PM, Wols Lists wrote: > > Q3: what are the future growth/shrinkage > > options for a RAID10 setup? e.g. with > > respect to these: > > > > 1. read/write speed. > > > > iirc far is good for speed. > > > 2. tolerance guarantee towards failing > >disks. > > > > Guarantees? If you have two mirrors. the guarantee is just ONE disk. Yes > you can gamble on losing more. > > > 3. total available space. > > > > iirc you can NOT grow the far layout. sorry, typo, i meant "near" (the command was right though --layout=n2)
Re: [gentoo-user] which linux RAID setup to choose?
On Sunday, May 3, 2020 1:23 PM, Wols Lists wrote: > For anything above raid 1, MAKE SURE your drives support SCT/ERC. For > example, Seagate Barracudas are very popular desktop drives, but I guess > maybe HALF of the emails asking for help recovering an array on the raid > list involve them dying ... > > (I've got two :-( but my new system - when I get it running - has > ironwolves instead.) that's very scary. just to double check: are those help emails about linux's software RAID? or is it about hardware RAIDs? the reason i ask about software vs. hardware, is because of this wiki article [1] which seems to suggest that mdadm handles error recovery by waiting for up to 30 seconds (set in /sys/block/sd*/device/timeout) after which the device is reset. am i missing something? to me it seems that [1] seems to suggest that linux software raid has a reliable way to handle the issue? since i guess all disks support resetting well? [1] https://en.wikipedia.org/wiki/Error_recovery_control#Software_RAID
Re: [gentoo-user] which linux RAID setup to choose?
On Sunday, May 3, 2020 6:27 PM, Jack wrote: > Minor point - you have one duplicate line there ". f f ." which is the > second and last line of the second group. No effect on anything else in > the discussion. thanks. > Trying to help thinking about odd numbers of disks, if you are still > allowing only one disk to fail, then you can think about mirroring half > disks, so each disk has half of it mirrored to a different disk, instead > of drives always being mirrored in pairs. that definitely helped get me unstuck and continue thinking. thanks. curious. how do people look at --layout=n2 in the storage industry? e.g. do they ignore the optimistic case where 2 disk failures can be recovered, and only assume that it protects for 1 disk failure? i see why gambling is not worth it here, but at the same time, i see no reason to ignore reality (that a 2 disk failure can be saved). e.g. a 4-disk RAID10 with -layout=n2 gives 1*4/10 + 2*4/10 = 1.2 expected recoverable disk failures. details are below: F . . . < recoverable . F . . < cases with . . F . < 1 disk . . . F < failure F . . F < recoverable . F F . < cases with . F . F < 2 disk F . F . < failures F F . . < not recoverable . . F F < cases with 2 disk < failures now, if we do a 5-disk --layout=n2, we get: 1(1)2(2)3 (3)4(4)5(5) 6(6)7(7)8 (8)9(9)10 (10) 11 (11) 12 (12) 13 (13) ... obviously, there are 5 possible ways a single disk may fail, out of which all of the 5 will be recovered. there are nchoosek(5,2) = 10 possible ways a 2 disk failure could happen, out of which 5 will be recovered: xxx (1) xxx (2)3 xxx4xxx5(5) xxx (1)2xxx3 xxx4(4) xxx (5) 1xxx2xxx3 (3) xxx (4) xxx (5) 1xxx2(2) xxx (3) xxx (4)5xxx 1(1) xxx (2) xxx (3)4xxx5xxx so, expected recoverable disk failures for a 5-disk RAID10 --layout=n2 is: 1*5/15 + 2*5/15 = 1 so, by transforming a 4-disk RAID10 into a 5-disk one, we increase total storage capacity by a 0.5 disk's worth of storage, while losing the ability to recover 0.2 disks. but if we extended the 4-disk RAID10 into a 6-disk --layout=n2, we will have: 6 nchoosek(6,2) - 3 = 1 * - + 2 * - 6 + nchoosek(6,2) 6 + nchoosek(6,2) = 6/21 + 2 * 12/15 = 1.8857 expected recoverable failing disks. almost 2. i.e. there is 80% chance of surviving a 2 disk failure. so, i wonder, is it a bad decision to go with an even number disks with a RAID10? what is the right way to think to find an answer to this question? i guess the ultimate answer needs knowledge of these: * F1: probability of having 1 disks fail within the repair window. * F2: probability of having 2 disks fail within the repair window. * F3: probability of having 3 disks fail within . the repair window. . . * Fn: probability of having n disks fail within the repair window. * R1: probability of surviving 1 disks failure. equals 1 with all related cases. * R2: probability of surviving 2 disks failure. equals 1/3 with 5-disk RAID10 equals 0.8 with a 6-disk RAID10. * R3: probability of surviving 3 disks failure. equals 0 with all related cases. . . . * Rn: probability of surviving n disks failure. equals 0 with all related cases. * L : expected cost of losing data on an array. * D : price of a disk. this way, the absolute expected cost when adopting a 6-disk RAID10 is: = 6D + F1*(1-R1)*L + F2*(1-R2)*L + F3*(1-R3)*L + ... = 6D + F1*(1-1)*L + F2*(1-0.8)*L + F3*(1-0)*L + ... = 6D + 0 + F2*(0.2)*L + F3*(1-0)*L + ... and the absolute cost for a 5-disk RAID10 is: = 5D + F1*(1-1)*L + F2*(1-0.)*L + F3*(1-0)*L + ... = 5D + 0 + F2*(0.6667)*L + F3*(1-0)*L + ... canceling identical terms, the difference cost is: 6-disk ===> 6D + 0.2*F2*L 5-disk ===> 5D + 0.6667*F2*L from here [1] we know that a 1TB disk costs $35.85, so: 6-disk ===> 6*35.85 + 0.2*F2*L 5-disk ===> 5*35.85 + 0.6667*F2*L now, at which point is a 5-disk array a better economical decision than a 6-disk one? for simplicity, let LOL = F2*L: 5*35.85 + 0.6667 * LOL < 6*35.85 + 0.2 * LOL 0.6667*LOL - 0.2 * LOL < 6*35.85 - 5*35.85 LOL * (0.6667 - 0.2)< 6*35.85 - 5*35.85 6*35.85 - 5*35.85 LOL < - 0.6667 - 0.2 LOL < 76.816 F
Re: [gentoo-user] which linux RAID setup to choose?
On Monday, May 4, 2020 2:50 AM, hitachi303 wrote: > Am 03.05.2020 um 23:46 schrieb Caveman Al Toraboran: > > > so, in summary: > > /\ > > | a 5-disk RAID10 is better than a 6-disk RAID10 | > > | ONLY IF your data is WORTH LESS than 3,524.3 | > > | bucks. | > > \/ > > any thoughts? i'm a newbie. i wonder how > > industry people think? > > Don't forget that having more drives increases the odds of a failing > drive. If you have infinite drives at any given moment infinite drives > will fail. Anyway I wouldn't know how to calculate this. by drive, you mean a spinning hard disk? i'm not sure how "infinite" helps here even theoretically. e.g. say that every year, 76% of disks fail. in the limit as the number of disks approaches infinity, then 76% of infinity is infinity. but, how is this useful? > Most people are limited by money and space. Even if this isn't your > problem you will always need an additional backup strategy. The hole > system can fail. > I run a system with 8 drives where two can fail and they can be hot > swoped. This is a closed source SAS which I really like except the part > being closed source. I don't even know what kind of raid is used. > > The only person I know who is running a really huge raid ( I guess 2000+ > drives) is comfortable with some spare drives. His raid did fail an can > fail. Data will be lost. Everything important has to be stored at a > secondary location. But they are using the raid to store data for some > days or weeks when a server is calculating stuff. If the raid fails they > have to restart the program for the calculation. thanks a lot. highly appreciate these tips about how others run their storage. however, i am not sure what is the takeaway from this. e.g. your closed-source NAS vs. a large RAID. they don't seem to be mutually exclusive to me (both might be on RAID). to me, a NAS is just a computer with RAID. no? > Facebook used to store data which is sometimes accessed on raids. Since > they use energy they stored data which is nearly never accessed on blue > ray disks. I don't know if they still do. Reading is very slow if a > mechanical arm first needs to fetch a specific blue ray out of hundreds > and put in a disk reader but it is very energy efficient. interesting.
Re: [gentoo-user] which linux RAID setup to choose?
On Monday, May 4, 2020 3:19 AM, antlists wrote: > On 03/05/2020 22:46, Caveman Al Toraboran wrote: > > > On Sunday, May 3, 2020 6:27 PM, Jack ostrof...@users.sourceforge.net wrote: > > curious. how do people look at --layout=n2 in the > > storage industry? e.g. do they ignore the > > optimistic case where 2 disk failures can be > > recovered, and only assume that it protects for 1 > > disk failure? > > You CANNOT afford to be optimistic ... Murphy's law says you will lose > the wrong second disk. so i guess your answer is: "yes, the industry ignores the existence of optimistic cases". if that's true, then the industry is wrong, must learn the following: 1. don't bet that your data's survival is lingering on luck (you agree with this i know). 2. don't ignore statistics that reveal the fact that lucky cases exist. (1) and (2) are not mutually exclusive, and murfphy's law would suggest to not ignore (2). becuase, if you ignore (2), you'll end up adopting a 5-disk RAID10 instead of the superior 6-disk RAID10 and end up being less lucky in practice. don't rely on lucks, but why deny good luck to come to you when it might? --- two different things. > > i see why gambling is not worth it here, but at > > the same time, i see no reason to ignore reality > > (that a 2 disk failure can be saved). > > Don't ignore that some 2-disk failures CAN'T be saved ... yeah, i'm not. i'm just not ignoring that 2-disk failure might get saved. you know... it's better to have a lil window where some good luck may chime in than banning good luck. > Don't forget, if you have a spare disk, the repair window is the length > of time it takes to fail-over ... yup. just trying to not rely on good luck that a spare is available. e.g. considering for the case that no space is there. > > this site [2] says that 76% of seagate disks fail > > per year (:D). and since disks fail independent > > of each other mostly, then, the probabilty of > > having 2 disks fail in a year is: > > 76% seems incredibly high. And no, disks do not fail independently of > each other. If you buy a bunch of identical disks, at the same time, and > stick them all in the same raid array, the chances of them all wearing > out at the same time are rather higher than random chance would suggest. i know. i had this as a note, but then removed it. anyway, some nitpics: 1. dependence != correlation. you mean correlation, not dependence. disk failure is correlated if they are baught together, but other disks don't cause the failure (unless from things like heat from other disks, or repair stress because of other disk failing). 2. i followed the extreme case where a person got his disks purchased at a random time, so that he was maximally lucky in that his disks didn't synchronize. why? (i) offers a better pessimistic result. now we know that this probability is actually lower than reality, which means that we know that the 3.5k bucks is actually even lower. this should scare us more (hence us relying on less luck). (ii) makes calculation easier.
Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Wednesday, April 22, 2020 8:28 PM, Michael Orlitzky wrote: > On 4/22/20 12:24 PM, Michael Jones wrote: > > > On a source-based distribution, the thing that manages package > > installations can break itself if it incorrectly installs a library that > > a subsequent run of itself would dynamically link against. > > I won't say this is impossible, but in general it hasn't been true for a > long time in Gentoo. Old libraries are left behind until you rebuild the > things that link against them (that's what emerge @preserved-rebuild > does). When used correctly, subslot dependencies in ebuilds avoid the > need for even that additional step. just to say that some portagy thing (layman) can't work now as emerge was rebuilding packages to remove python3_6): running "layman -S"... Traceback (most recent call last): File "/usr/lib/python-exec/python3.6/layman", line 36, in from layman.cliimport Main File "/usr/lib64/python3.6/site-packages/layman/cli.py", line 29, in from layman.api import LaymanAPI File "/usr/lib64/python3.6/site-packages/layman/api.py", line 25, in from layman.remotedbimport RemoteDB File "/usr/lib64/python3.6/site-packages/layman/remotedb.py", line 46, in from sslfetch.connections import Connector ModuleNotFoundError: No module named 'sslfetch' obviously solvable easily in this case, but imo needless drama keeps coming every now and then. imo we've also became pythonupgradophobic. every python upgrade becomes after a warning from eselect news. i look forward the day when all portagy things get treated similar to busybox (i.e. come with "static" USE flag by default). that said, gentoo is still the best distro imo. so it shall remain accursed by immortality in the realm of undeads.
Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Thursday, May 7, 2020 5:43 AM, Rich Freeman wrote: > Are you overriding something, or were you running this right in the > middle of an update? emerge was updating, then some ebuild failed and i didn't have --keep-going. then next time i tried to sync layman it failed. i'm now re-running emerge and it seems to work normally. > > layman-2.4.2 strictly requires python 3.6 and the system wouldn't let > you remove that version of python unless you forced it to. The newer > version of layman is compatible with the newer versions of python, but > of course needs to be rebuilt for it. i have layman-2.4.3, emerged with python3_6, and is now about to be moved to python3_7. no biggie. i can fix it. but, my point is, this hassle is needless and keeps coming. > If you read the news on the update you'd see this. If you just do a > regular emerge -uD @world then while it was in the middle of updating > some things would break. There are instructions in the news for how > to do a more seamless upgrade by enabling both the older and newer > versions of python in parallel, in which case there won't be any point > where things break. That does require rebuilding everything twice > (not necessarily at the same time). true, but needless hassle imo. > Really though this is pretty tame. There have been some updates to > expat and especially glibc in the past that were pretty hairy. are you referring to python's dependence on expat and glibc? yeah, so many layers of mistakes get born when one relies on python as a dependency for a system app that manages other apps (including itself).
Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Thursday, May 7, 2020 7:31 AM, Dale wrote: > Rich Freeman wrote: > > OP, odds are the emerge failure is what triggered the problem. If it had > completed without failure, it would likely have been a clean update. This is > why I set up a chroot and do my updates there and use the -k option to > install on my actual system. It takes very little time and so far, no > breakages on my real system. If any thing fails, it's more likely to be in > the chroot which won't hurt anything. If you able, may be a option worth > thinking about for yourself as well. > > Dale > > :-) :-) ya. i said it already. emerge's update failed with some package midways (some package needed some USE flag change), but then layman stopped working in this incomplete state. also the issue was simple. but i pointed out that the inconvenience of having a fancy dependency on a pms is still there.
Re: [OBORONA-SPAM] Re: [gentoo-user] Is Gentoo dead?
On Thursday, May 7, 2020 6:35 AM, Rich Freeman wrote: > On Wed, May 6, 2020 at 10:14 PM Caveman Al Toraboran > toraboracave...@protonmail.com wrote: > > > are you referring to python's dependence on expat > > and glibc? > > More like bash's dependence. Well, and in the case of glibc just > about everything. When those break you're basically stuck recovering > from a rescue disk. or have sash somewhere around? > Fortunately we haven't had glibc/gcc break ABI in quite a while, and > preserved-rebuild covers a lot of the other issues. > > In any case, if you have a solution other than statically building > half the system I'm sure patches will be welcome. FWIW Gentoo is > about as hassle-free to use as it has ever been. It isn't debian > stable, and it is unlikely to ever be that way... why not? surely not as a 1st step, but it's not like 50% of the system apps are sacred or anything. imo right approach is this: 1. make portage statically linked. enjoy the removed python inconveniences. 2. if the bottleneck of inconvenience becomes bash's use glibc (a great milestone to celebrate btw), then we see how to fix that. 3. a component at a time, we eventually approach linux utopia. ``step (1) is not a utopia yet'' is no excuse to not start the journey of removing inconveniences.
[gentoo-user] newboat loading wrong library path
hi: shell> newsboat newsboat: error while loading shared libraries: libstfl.so.0: cannot open shared object file: No such file or directory shell> ls /usr/lib64/libstfl.so* -lh lrwxrwxrwx 1 root root 15 May 10 15:27 /usr/lib64/libstfl.so -> libstfl.so.0.24* -rwxr-xr-x 1 root root 80K May 10 15:27 /usr/lib64/libstfl.so.0.24* if i manually link the lib to libstfl.so.0, it works normally. any idea what's causing this issue? (or how to find what's the cause?) (and thanks for your time) rgrds, cm.
Re: [gentoo-user] newboat loading wrong library path
On Sunday, May 10, 2020 5:02 PM, Ashley Dixon wrote: > A more permanent solution would be to fix the error in newsboat, or patch the > ebuild to create this symlink upon installation of stfl or newsboat. thanks a lot for your time. highly appreciated. any reason why it isn't a bug in libstfl? e.g. shouldn't it create a symlink to libstfl.so.0 as well? any guideline that helps us figure out whether its an app's fault or a lib's fault? rgrds, cm
[gentoo-user] docutils needing py2.7, but not wanting py2.7?
if i exec: "emerge -avDuNt --quiet-build=y @world": > These are the packages that would be merged, in reverse order: > > Calculating dependencies... done! > > The following USE changes are necessary to proceed: > (see "package.use" in the portage(5) man page for more details) > # > >=dev-python/docutils-0.16 -python_targets_python2_7 > > Would you like to add these changes to your config files? [Yes/No] so >=dev-python/docutils-0.16 doesn't want python_targets_python2_7. let's remove it then by adding: >=dev-python/docutils-0.16 -python_targets_python2_7 into: /etc/portage/package.use/stuff but then i get this: > The following USE changes are necessary to proceed: > (see "package.use" in the portage(5) man page for more details) > # required by dev-python/m2r-0.2.1::gentoo[-test] > # required by dev-python/automat-20.2.0::gentoo > # required by dev-python/twisted-20.3.0::gentoo > # required by www-servers/tornado-6.0.4::gentoo > # required by dev-python/ipykernel-5.1.4::gentoo[-test] > # required by dev-python/ipyparallel-6.2.3::gentoo > # required by dev-python/ipython-7.5.0::gentoo[smp] > # required by @selected > # required by @world (argument) > >=dev-python/docutils-0.16 python_targets_python2_7 > > Would you like to add these changes to your config files? [Yes/No] which i guess means that docutils wants py2.7. any idea how to handle this situation?
Re: [gentoo-user] docutils needing py2.7, but not wanting py2.7?
On Friday, June 5, 2020 1:43 AM, Ashley Dixon wrote: > I can't replicate this at all. Could you post (attach, compress if necessary) > your `emerge --info docutils` ? Thanks a lot for your time. Highly appreciated. Portage 2.3.100 (python 3.7.7-final-0, default/linux/amd64/17.1/systemd, gcc-10.1.0, glibc-2.31-r3, 5.6.15-gentoo-x86_64 x86_64) = System Settings = System uname: Linux-5.6.15-gentoo-x86_64-x86_64-Intel-R-_Core-TM-_i5-3570K_CPU_@_3.40GHz-with-gentoo-2.7 KiB Mem:32848340 total, 18036276 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Thu, 04 Jun 2020 21:00:01 + Head commit of repository gentoo: 0d82464546659a8e2e797fc60889bcea6f9c1a2f sh bash 5.0_p17 ld GNU ld (Gentoo 2.34 p4) 2.34.0 app-shells/bash: 5.0_p17::gentoo dev-lang/perl:5.30.3::gentoo dev-lang/python: 2.7.18::gentoo, 3.6.10-r2::gentoo, 3.7.7-r2::gentoo, 3.8.3::gentoo, 3.9.0_beta1::gentoo dev-util/cmake: 3.17.3::gentoo sys-apps/baselayout: 2.7::gentoo sys-apps/sandbox: 2.20::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r5::gentoo sys-devel/automake: 1.16.2::gentoo sys-devel/binutils: 2.34-r1::gentoo sys-devel/gcc:10.1.0::gentoo sys-devel/gcc-config: 2.3::gentoo sys-devel/libtool:2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.7::gentoo (virtual/os-headers) sys-libs/glibc: 2.31-r3::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-jobs: 1 sync-rsync-verify-metamanifest: yes sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: cg location: /var/lib/layman/cg masters: gentoo priority: 50 steam-overlay location: /var/lib/layman/steam-overlay masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe -msse -msse2 -msse3 -mmmx -fdiagnostics-color=always" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe -msse -msse2 -msse3 -mmmx -fdiagnostics-color=always" DISTDIR="/var/cache/distfiles" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-march=native -O2 -pipe -msse -msse2 -msse3 -mmmx -fdiagnostics-color=always" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe -msse -msse2 -msse3 -mmmx -fdiagnostics-color=always" GENTOO_MIRRORS="http://distfiles.gentoo.org"; LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl alsa amd64 berkdb bzip2 cli crypt dri fortran gdbm iconv ipv6 libtirpc multilib ncurses nls nptl openmp pam pcre pulseaudio readline seccomp split-usr ssl systemd tcpd udev unicode xattr zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="gli
Re: [gentoo-user] docutils needing py2.7, but not wanting py2.7?
On Friday, June 5, 2020 4:20 AM, Ashley Dixon wrote: > installed version of ipython also has the [smp] USE-flag ? yeah. added -smp for ipython, and the circle is gone. looks problem is solved for now. (i hope i'm not missing much for having ipython with -smp) thanks a lot! i highly appreciate your help and time.
Re: [gentoo-user] docutils needing py2.7, but not wanting py2.7?
On Friday, June 5, 2020 5:08 AM, Ashley Dixon wrote: > smp? ( > >=dev-python/ipykernel-5.1.0[${PYTHON_USEDEP}] > > >=dev-python/ipyparallel-6.2.3[${PYTHON_USEDEP}] > > )" > > > Do you currently have either of these packages installed ? yes, but gone by --depclean (probably after -smp). both were with python targets 3_7.
[gentoo-user] arpwatch changed syntax?
hi. background: --- previously, i used to run it by this: > arpwatch -i enp7s0 -m cave...@domain.com -s /usr/sbin/sendmail but now, after some update, apparently this doesn't work any more. what seems to have changed is: * "-m" is replaced by "-w" or "-W". * "-s" doesn't specify sendmail path, but is rather only a flag to suppress "reports sent by email". if i update the command into: > arpwatch -i enp7s0 -w cave...@domain.com then, it runs normally, but, it fails to send emails, with this error: > execl: sendmail: No such file or directory `whereis sendmail`: > sendmail: /usr/sbin/sendmail /usr/lib/sendmail /usr/lib64/sendmail /usr/share/man/man1/sendmail.1.bz2 questions: -- Q1: what happened that caused this syntax change? e.g. is it an update from upstream? or is it a totally new app written by other devs? or am i hallucinating (pretty sure it used to work tho)? Q2: is there any better tool to monitor arps and to email me when interesting things happen? thanks a lot for your time. rgrds, cm.
[gentoo-user] color fonts?
hi - some colors are fancy schmancy, look: https://www.fontspace.com/category/color can we do this to linux? e.g. in urxvt? also can we make our own color fonts? e.g. can OTB fonts have color encoded in them? rgrds, cm.
[gentoo-user] nsapass - alternative to keepassxc (and others)
hi - recently i heard some guys were suffering in this list from keepassxc, which reminded me of my my own. so i finally decided to put an end to this in 404 lines of py code: https://github.com/Al-Caveman/nsapass hth. rgrds, cm.
Re: [gentoo-user] nsapass - alternative to keepassxc (and others)
‐‐‐ Original Message ‐‐‐ On Friday, July 17, 2020 2:32 PM, Ashley Dixon wrote: > I haven't downloaded it yet, but I think you should rephrase the README on the > GitHub page. Instead of constantly explaining the reasons you dislike > KeePassXC > in particular, it would be more attractive to explain the merits of your own > program, and why people---who may have never used any > password-manager---should > download NSAPass. There are also quite a few spelling and grammar mistakes, > which I suggest you fix before tagging the next release. thanks. yeah, i should add a section probably for totally new people. but not sure i have the time for this, which is why i also communicated my ideas in the most efficient way my brain can produce. i also agree with you that not expressing dislike towards an app may help me make new friends, because unfortunately we live in a time where people get triggered by almost anything. but imo there is another side to it: if we let fear take from us our right to express dislike towards an ``app'' then next generation people will have more buggy software. do we want our children, or grand children, to have more bugs? 1st step starts here! i also don't get why one shouldn't express his dislike towards an ``app''. ``don't insult my app'' is now a thing? imo if ppl keep advancing towards this direction, we'll end up getting detached from reality, and live in an abstract space where everyone is 100% happy despite the fact being 100% out of touch with reality (ultimately). > It is not my place to criticise your opposition to capital letters (although I > do not personally understand it myself), but if you want to garner a serious a > serious user-base, you will need to write your README and code comments in a > more professional manner. Currently, users and contributors might be repelled. that's fine. i made this app to address a requirement of mine, then shared it in case it helps others. if someone doesn't want to use my app that's fine. i'd still use it regardless. if someone is too superficial/arrogant and picks on unrelated issues (e.g. use of capitals), then tbh i may actually prefer him to not use my app. so in a sense not using capitals is a feature. superficial/arrogant people are sort of vandalizes as they occupy a communication channel only to end up wasting time in unproductive discussions. > Irrelevant aside. You mention that one of the reasons that NSAPass is superior > to KeePassXC is the GitHub-generated distributions of languages: please > realise > that this is often grossly inaccurate, and is probably not something on which > you should capitalise in your critique of the project. Rest assured, the > entire > project is written in C++, with header files being erroneously classified as > plain C [1]. The Objective C++ is a very small proportion of the entire > codebase, used for MacOSX-specific builds, and everything else just consists > of > build utilities and scripts. Thankfully, GitHub uses `linguist` for automatic > language-detection, which supports a manual override [2], although this > feature > is unknown to most. yeah, however, two points: (1) imo build utilities is still part of the app since the app cannot run without them. imo we may call them ``build-time parts of the app'', which will still affect the run-time of the app. so it is still a relevant indicator of project's complexity imo. otoh, nsapass uses a single py file for everything, hence none of that complexity. (2) my main reason for that is to show that they are implemented mostly in c++ which is a nice tool to lose a leg (as bjarne stroustrup puts it). so if it's 100% c++, then it's even scarier. > Although it's wonderful that you're writing good code for others to use (and > one > of the best ways to learn programming), it is not a good idea to start your > endeavours by placing the logo of a seven-year-matured project with over > two-hundred contributors and many commercial sponsors next to some clip-art of > an unpleasant animalistic product (the most courteous description of which I > could think) and some out-of-date cheese. (1) it makes it more efficient because a person who looks at the image, and didnt' still read much of the text, he'd be more likely to tell from the graph that ``yeah complexity is bad'' (thanks to the clip arts). (2) it's funny imo. playfulness is a prerequisite of creativity. imo it's good to play around a bit. the opposite to it is "efficiency" i guess? if we operate in an efficient mode, then we will are optimized for completing paperwork-like tasks, but with much less creativity. (3) imo keepassxc's devs are too smart to be emotionally hurt because random neckbeard in the interwebs doesn't like their apps. but, hypothetically, in case there existed a dev who gets triggered by such things, then it is an indication
Re: [gentoo-user] nsapass - alternative to keepassxc (and others)
‐‐‐ Original Message ‐‐‐ On Friday, July 17, 2020 8:56 PM, J. Roeleveld wrote: > Looks nice. Except for: > I like having a GUI where I can easily access the different account details. how about: `nsapass list | less` ? (thinking to let nsapass automatically pipe list's output to `less`) > Does it use Keepass databases? Or something you designed yourself? myself. it's just an encrypted json file. you can decrypt it by `scrypt dec path/to/db.enc` to see how stupidly simple it is. (to create it, use `nsapass gen 25 printable` to generate an entry quickly, or `nsapass add UNAME PWORD NOTE` for a manual approach). > Can it work with password database files that are stored on a central server > without having to change the code? no. i personally sync my passwords file with git (as i also sync my configs). > A password database with NSA in the name does not inspire confidence. it's like making a bear gag. if you run away from bear, bear may chase you. but instead if you stand, and put your fist in bear's mouth, the bear gags and runs away. i wonder if this would make nsa gag and run away? on the other hand, but if it was named BlockchainedTorPass, they would be probably sniffing at it day long. the name is a joke though. i thought it is funny (someone suggested it to me and i liked it). just to clarify, i am not even against nsa. imo nsa people are actually good guys that try to audit suspects to ensure longer stability and peace, and it's disappointing that they get a bad image in media. that said, i just like having a personal space that its boundaries are respected. if anyone wants my data, i want him to take it with my approval.
Re: [gentoo-user] nsapass - alternative to keepassxc (and others)
‐‐‐ Original Message ‐‐‐ On Saturday, July 18, 2020 10:28 PM, Ashley Dixon wrote: > This sociological position may be valid, but please understand that I was not > suggesting you "don't insult" them. But placing a picture of a shit next to > their project name based solely on the fact it is written in C++ instead of > Python, does not cast your project (or you) in the greatest of lights. i don't see the problem. the unicode consortium says the pile of sh*t is a normal character. alternatively, i can replace the sh*t character by a blown off leg, alongside the bjarne stroustrup quote about c++. > I'm not sure why you're so against C++ ? It is certainly not perfect, as it > allows inherently poorly written code (Java, for example, tries to enforce > good > coding styles a bit more), but that is no reason to (quite literally) shit on > any project/programmers using it. Having a quick review of the KeePassXC code- > base, I can say with reasonable confidence, that it is written to a very > professional standard. i'm not universally against c++, but i'm against it for a passwords manager, because it needlessly re-invents many wheels including memory management which is already done in other languages, such as python. and a passwords manager is too critical to risk re-inventing such wheels. and keepassxc is full of segfaults [1] [1] https://github.com/keepassxreboot/keepassxc/issues?q=segfault > That's OK. I have no problem with that, aside from not personally > understanding > it myself. However, the complete lack of capital letters does make your > project > look juvenile. thanks. that's a feature. it's by design. i hope my writing style functions as repellent of superficial ppl. > However, I do have a rather significant issue with you calling those you dare > to > use the English language correctly "superficial" and "arrogant". i didn't say that. people are free to waste their time by capitalizing what they want. people are also free to advise others on wat they think is better. but what i'm saying is different: if someone rejects my app simply because i don't capetalize in my writings in README.md, then nothx don't use my app. > I'm not going > to say too much here, as I don't want to get into an argument over something > completely off-topic, but I strongly advise that you stop confusing "cool, > quirky, and different" with "semantically incorrect". you already did, but thx for advise. > The best way to make your project stand out is to make it of exceptionally > quality, usability, and stability. You really don't want the complete lack of > spelling and grammar to be your entire project's unique claim-to-fame. it's already more stable than keepassxc. spelling of README.md is unrelated. nsapass is slightly over 400 lines of py code. super easy to audit. one doesn't need to guess code reliability based on my spelling in README.md. alternatively, if my spelling in README.md is too scary/offensive, people are free to use the thousands of c++ lines of keepassxc code and segfault away from me. > The fact that a projecthas a build utility is a really, really poor vector of > attack. If the build utility did not work, or was a virus, or anything other > than a good build utility, then you may use that to discredit the > project.However, criticising the mere existence of a few Makefiles and > automated testing > scripts is a monumentally BAD idea. true, but that's not my point. my point is the increased complexity by itself, from an occam-razorian point of view. this is a logical consequence that follows once you accept that every assumption has a positive probability of error, by definition. then fancier build setup is effectively equivalent to requiring more assumptions. > It turns out that they exist to aid the main code-base. true, their main code-base system needs extra assumptions in order to operate. > C and C++ are certainly double-edged swords; I've been writing code in C > since I > was about twelve years of age. Fortunately, the nice thing about a > double-edged > sword is that one of the "edges" work in your favour. If you (over > two-hundred- > and-thirty individual contributors) work at ensuring the quality of a project > over a period of seven years, in whatever language, it's very likely that few > legs are to be lost. true. in some apps c/c++ is superior thanks to performance or lower level system management. > You're essentially saying that all C++ code is of poor quality. Do you > honestly > think that such an observation is correct ? no. thats a strawman. you're ignoring the context: passwords manager. i'm sayin, c++ is an overkill for a passwords manager. feel free to use c++ for lower level things like a games engine that demands high performance, in fact i'd recommend c/c++ for some cases, such as a gaming engine, or stuff that need high throughput/low latency. but c++ for a passwords manager? nothx, i don't want to risk funny
Re: [gentoo-user] nsapass - alternative to keepassxc (and others)
‐‐‐ Original Message ‐‐‐ On Saturday, July 18, 2020 11:13 PM, J. Roeleveld wrote: > This is not a GUI xterm is GUI. you don't need to click on gtk/qt widgets to access details of password entries. gtk/qt is a massive overkill. > This makes portability a problem. Exactly why keepass (and clones) are used > more. compatibility with keepassxc is extremely overrated. it's easy to port nsapass to windows/apple (may even work out of the box, didn't try). > Nice, a full detailed list of every single change to your passwords :) no. how do you backup your passwords file? dropbox? flash disk? it's up to you. this is unrelated to the passwords manager. it's just that i personally use git. that's all. some use dropbox, and it's the same in this regard: none of them see passwords. they only get encrypted passwords. i put encrypted psswords database in a git server. it's my personal choice. you don't have to do it. the git server sees random bytes only. and thanks to scrypt, even if i don't do anything, but merely encrypt/decypt with the same key, the encrypted file will still look totally different. > The likes of NSA don't actually care about your (dis)approval. no one does. not unique to nsa. people exaggerate nsa as if they are any better. tbh, nsa is even better than most of our neighbours. if our phones fall in the hands of our neighbours, next day most people will find themselves in pornhub. but nsa can get it all, and yet they still didn't leak it to pornhub (at least not as much).
Re: [gentoo-user] nsapass - alternative to keepassxc (and others)
‐‐‐ Original Message ‐‐‐ On Sunday, July 19, 2020 6:57 PM, Ashley Dixon wrote: > [I have stripped all mention of capitalisation, as it is off-topic here. > However, a seeming lack of competence in English will lead people to believe > that the incompetence also leaks into the code. This is especially true when > this lack of writing competence is intentional.] stripped, however not stripped? while there might be a correlation between spelling/grammar errors and bugs in software, it does not matter here at all because: (1) a passwords manager is too critical to have its reliability judged by the mere spellin/grammar of its dev. (2) nsapass has less than 500 lines of code. super easy to read yourself. you don't need to read my README.md file to deduce anything. in fact, the nsapass itself is probably about the size of the README.md file. > Just because something is not strongly typed and does not perform automatic > garbage-collection (which is very insecure for something like a password- > manager anyway), does not mean it is reinventing any wheels. It just forces > people to design their programs properly; weak typing is the absolute worst > feature of all these modern languages. strawman. > > and keepassxc is full of segfaults [1] > > [1] https://github.com/keepassxreboot/keepassxc/issues?q=segfault > > There are no open issues regarding segmentation violations. There may have > been > at some point, but that is why I keep mentioned that the project is matured. i didn't say "open", irrelevant. latest segfaults are a few days old only. one of the recent segfaults is closed without being resolved, simply because they couldn't reproduce it. > Occam's Razor does not always apply. For example, forcing people to enter > their > plain-text passwords on the command-line may be simpler than polling stdin, > but, > surprisingly, it is not the best solution. occam's razor always applies. you're ignoring the fact that occam's razor doesn't blindly seek simplicity, but rather also looks at assumptions' "utility". the mathematical representation of it says: every assumption has a positive probability of error, so unless it increases accuracy/utility of the model, don't use extra assumptions. but if it does increase the utility, then surely use it. you may read the article on wiki for more info. > You are now againstall languages which run as native code (require a compiler > or linker/build system) ? Just because you did not personally write the Python > interpreter does not make it non-existent, and thus simple. If you want to > write > something minimalistic and ultra-simple, why don't you use Assembly language > (semi-serious suggestion) ? I assure you, that is far simpler and lightweight > than invoking Python for every run ! no, not against. i don't know how are you getting these ideas. i literally told you cases where c/c++ is good. python has higher dev-time than keepassxcs. yes, python is in c, but much higher dev-time + auditing + bug fixes. less silly bugs. why not assembly? obviously for the same reason why not c/c++: (1) to keep line count small for convenient auditing, and (2) to avoid funny memory bugs. > Executing ./nsapass without any arguments takes around 0.054 seconds, whereas > my > euses implementation (written in C) takes 0.002 seconds to open, buffer, > search, > and close tens of multi-thousand-line USE-flag description files, in addition > to > parsing a few INI files. Please, do not attack compiled languages too much; > they > are not going anywhere for a long time. ricing doesn't matter for a passwords manager. this is not a low-latency high-bandwidth case. the delay is mainly from the user. for a pwords manager you mostly need (1) and (2) above (not ricing). > I think in virtually every case, well-designed code written in native > languages > have an extreme performance benefit. The one counterexample might be Java (not > interpreted; JIT'd on-the-fly), as that has matured over such a long period of > time [1]. except when "performance" is defined by (1) and (2). > It's such a general-purpose language, it's not really "overkill" for anything. > Maybe an operating system or device driver, yes, but not a userspace QT > application ! You seem to be under the misguided impression that C and C++ are > low-level languages ? doesn't matter, they fail at (1) and (2). > You are capitalising (no pun intended) on this issue of memory-management, but > aside from a search for the term "segfault" on the KeePassXC GitHub issues > page, > you have no evidence to suggest that your code improves upon these > non-existent > problems. don't ignore the fact that the segfaults are pretty recent, and some of which is closed without solving :) > It is possible to write code in C/C++ which does not have memory > violations; you just need to know what you're accessing is valid, and perform > proper testing to make sure. strawman. >
Re: [gentoo-user] nsapass - alternative to keepassxc (and others)
‐‐‐ Original Message ‐‐‐ On Saturday, August 1, 2020 5:49 PM, J. Roeleveld wrote: > > > This is not a GUI > > > > xterm is GUI. you don't need to click on gtk/qt > > widgets to access details of password entries. > > gtk/qt is a massive overkill. > > Please check the meaning of " GUI " and try to answer my statement again. xterm/urxvt is a gui. it can render images too. e.g. seen ranger? but nitpick aside, i know what you want. you want an app that uses gtk or qt libraries, so that you get some buttons to click on with your mouse, and menus and scrollbars to drag around — but why would you seek to do this to yourself? very sadistic. if you check the latest version in this dev branch (wip, code will improve next month): https://github.com/Al-Caveman/nsapass/tree/space-cephalopod you'll find a neat interactive feature and a search feature that allows you to, say, retrieve passwords really fast. e.g. `nsapass get c p` would equate `nsapass get caveman protonmail` (if c p makes it unique). > > > This makes portability a problem. Exactly why keepass (and clones) are > > > used more. > > > > compatibility with keepassxc is extremely > > overrated. it's easy to port nsapass to > > windows/apple (may even work out of the box, > > didn't try). > > Compatibility with "keepass" (keepassxc is already a different tool/clone) is > important and makes it simpler to use the same database on different > environments. > You might be happy with a simplistic database that only stores a few > passwords. I tend to deal with passwords that are shared within teams because > the hardware involved only supports a single account. This makes tools like > keepass important. curious, any standardized or special hardware that works with keepass? e.g. some kind of dual factor authentication? or maybe USB sticks that give you some physical button to, mechanically, select if the passwords inside should be read? anything else interesting? about `few passwords'. i'm also curious why do you think so? e.g. here is a quick test with an outrageously unrealistic test of 1 million key entries in nsapass: - 3.9 seconds for scrypt to decrypt the file. for a good reason that makes it more secure than keepass's aes 256-bit enc. - 2.6 seconds for python's json to parse the file (parsing 1 mil entries). - everything else was instantaneous after that (just a dictionary lookup). about your team, not sure about your point. you said that nsapass is simplistic. so i guess this means that keepass offers you something more? or is it just that you have more people already using it and too lazy to migrate? > > > Nice, a full detailed list of every single change to your passwords :) > > > > no. how do you backup your passwords file? > > dropbox? flash disk? it's up to you. this is > > unrelated to the passwords manager. > > Actually, the more copies with changes to your passwords there are, the easier > it will be to guess your passwords. i never denied this. nothing in nsapass that makes you copy passwords with changes. i don't know where you got this. i personally use git to copy my passwords database around, but this -obviously- has nothing to do with nsapass. > > > The likes of NSA don't actually care about your (dis)approval. > > > > no one does. not unique to nsa. people > > exaggerate nsa as if they are any better. > > tbh, nsa is even better than most of our > > neighbours. if our phones fall in the hands of > > our neighbours, next day most people will find > > themselves in pornhub. but nsa can get it all, > > and yet they still didn't leak it to pornhub (at > > least not as much). > > No, they leak it to the press and wikileaks. leakers like snowden? doesn't media call them ``heros''? see, NSA is made of decent people. they either keep our secrets better than our neighbours do, or, when they leak it, they do so for a good cause and become ``heros''. i personally trust NSA much better than my trust to my neighbours (no comparision). nothing personal against my neighbours, decent people, but they are less educated than NSA's staff. it's just a matter of honesty to state that media's stance against NSA is unfair imo. even though this statement will probably harm the reputation of nsapass as i'm its dev and i'm flirting NSA (not that it matters though).
[gentoo-user] which bitcoin app to use?
hi - which btc app to use? one in portage? or one in the overlay `bitcoin'? and why? rgrds, cm.
[gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
hi. context: 1. tinfoil hat is on. 2. i feel disrespected when someone does things to my stuff without getting my approval. 3. vps admin is not trusty and their sys admin may read my emails, and laugh at me! 4. whole thing is not worth much money. so not welling to pay more than the price of a cheap vps. moving to dedicated hardware for me is not worth it. my goal is to make it annoying enough that cheap-vps's admins find it a bad idea for them to allocate their time to mingle with my stuff. thoughts on how to maximally satisfy these requirements? rgrds, cm.
Re: [gentoo-user]
‐‐‐ Original Message ‐‐‐ On Monday, August 17, 2020 8:54 PM, Dale wrote: > > If you visit this site, it doesn't allow adblock to be in use. I can't tell > if it has the actual list or not. Sites that don't like my adblock blocking > their annoying ads that I will never click on gets a tab closure. I've never > once clicked on a ad or any sponsored link even in google search results. > Link may work for you, may not. > > https://www.businessinsider.com/nsa-prism-keywords-for-domestic-spying-2013-6 > > These sites I can see the list. The more obvious ones are further down the > list. > > https://www.sovereignman.com/lifestyle-design/uncle-sam-admits-monitoring-you-for-these-377-words-6832/ > > https://www.forbes.com/sites/reuvencohen/2012/05/26/department-of-homeland-security-forced-to-release-list-of-keywords-used-to-monitor-social-networking-sites/ i like how terrorists speak only english. rgrds, cm
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Monday, August 17, 2020 3:33 PM, Ashley Dixon wrote: > How many concurrent users will be connected to the mail server? How much > traffic > will the S.M.T.P. server receive (read: how many e-mails arrive on a daily > basis)? If you really don't trust your V.P.S. provider, and your mail server > is > small-ish, you could just skip all the trust issues and buy a cheap Raspberry > Pi > for £20 or so. 1 user (me). about 2 real daily mails. maybe 10 in peak times. that, plus gentoo's users list, plus spam. but i don't see much spammers in protonmail's spambox. so i guess my spam is low. > Running a mail server over a domestic connection presents some issues, such as > dynamic I.P. ranges appearing in the Spamhaus blocklist, or some > tyrannicalesque > I.S.P.s blocking outbound port 25 (S.M.T.P. submission port), but it is > possible > to have a smooth, self-administered mail server, providing you can put in the > time and effort. I have been doing it myself for a few years with Courier and > Postfix (although I wouldn't recommend Courier; Dovecot is far superior). > > What do you think? interesting. do you have reverse ptr records for your domain name pointing to your home's ip? did you pay extra fees for this ptr to your isp? i wonder if price-wise, and uptime-wise, that would beat a cheap vps at 20 bucks/year.
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Monday, August 17, 2020 3:48 PM, Jarry wrote: > Rent VPS and be your own admin. But running properly configured > mail-server is not so easy. Setting up postfix/exim/sendmail > is just a beginning. If you mean it seriously and do not want > your IP to land on blacklists (and you vps suspended), there is > much more to do, i.e. spf, dkim, dmarc, dnssec, etc... would i get blacklisted for simply not using spf/dkim/etc? even if no other user is using the mail service other than me and i'm not mass mailing?
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Monday, August 17, 2020 8:00 PM, Grant Taylor wrote: > On 8/16/20 10:50 PM, Caveman Al Toraboran wrote: > > 3. vps admin is not trusty and their sys admin may read my emails, > > and laugh at me! > > Do you have any (anecdotal) evidence that this has actually happened? not specifically with a mail provider, but with other i.t. services, yes. and since they're all humans, then the simplest model that explains this is that this is about humans in general, and same past experience would extend to mail provider's admins. > Well, seeing as how you're talking about email, the biggest elephant in > the room is SMTP's default of unencrypted communications path. It's > realtively easy to add support for encryption, but more systems than I'm > comfortable with don't avail themselves of the optional encryption for > some reason. Sure, it's possible to configure many receiving SMTP > servesr to require it from specific sending systems and / or sending > domains. But this is effort you have to expend to enact these restrictions. yes. smtp is nasty, and also redundant. makes me wonder if i should just create me a hidden tor service that is just a normal website, and give its url to people (instead of email) who want to message me by telling them ``submit your messages to me''. then, verify messages by mailing their supplied email a confirmation message.
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Tuesday, August 18, 2020 2:21 PM, Remco Rijnders wrote: > On Tue, Aug 18, 2020 at 07:00:52AM +, Caveman wrote in > > > yes. smtp is nasty, and also redundant. > > How is it redundant? redundant as in containing concepts already done in other protocols, so smtp has many re-invented wheels that are already invented in existing protocols. basically smtp, as an application-layer protocol, is needless. imo, smtp should be a much-higher level protocol defined purely on top of how dns and http/2. e.g. for mail submission, there is no need for a separate application-layer protocol as we can simply use http/2. because the concept of mail submission is a special case of data submission, which is already in http/2. here is a more complete example of what i mean: 1. we lookup MX records to identify smtp servers to submit mails to. 2. from the response to that lookup we get a domain name, say, mail.dom.com. 3. then, the standard defines a http/2 request format to submit the mail. an example of step (3) could be this: https://mail.dom.com/from=...&to=...&cc=...\ &bcc=...&subject=...&attach1=...&attach2=...\ &attachn=... i don't know how http/2 works. do they have POST requests? if so maybe fields attach1, attach2, ..., attachn can be submitted as file uploads using POST. further, if we modify steps (1) and (2), we can generalise this concept into tor services. e.g. an email address simply becomes an onion address. e.g. if vagzgdrh747aei0q.onion is the hidden service address of your mail server, then your email address could be written as (for convenience): remco@vagzgdrh747aei0q.onion and when a "mail" client tries to submit you an email, it submits it by this url: https://vagzgdrh747aei0q.onion/to=remco&...etc. then, in order to authenticate a source, we simply use public-private keys to sign messages. basically, our public keys become our user identifiers. this will also solve the problem of the case when an onion address changes. i call this protocol mailball for the purpose of making speech this mail thread a bit easier. of course, we can pick better names, and refine the mechanics. > > makes me wonder if i should just create me a > > hidden tor service that is just a normal website, > > and give its url to people (instead of email) who > > want to message me by telling them ``submit your > > messages to me''. then, verify messages by > > mailing their supplied email a confirmation > > message. > > Ah, the "Don't spam us, we'll spam you approach?" for people who use the deprecated smtp protocol, yes, it will be "don't spam us, we'll spam you". however, that's not our fault. they are using a deprecated protocol, and we are just kind enough to allow them an opportunity to talk to us over the superior mailball protocol. basically, they are using deprecated identifiers (email ids) instead of public keys, and we're kind enough to give them a temporary api so that we confirm their emails. on the other hand, people who use mailball will not have this problem. why? because ids are public keys anyway, and their messages are signed by their private keys (the usual drill, won't insult your intelligence).
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
> So you want to change from a ubiquitous protocol that is supported by > many Many MANY devices to niche protocol that has a non-trivial > installation / configuration curve. 1st half is "yes", 2nd half is "no" (mine is simpler). > > then, verify messages by mailing their supplied email a confirmation > > message. > > And then you want to take what people send you, turn around and send > unsolicited messages based on it — this is the icing on the cake — using > the protocol that you are trying to avoid. > > It's only a matter of time before someone uses your Tor hidden service > as a vector to send spam. — Joe Job comes to mind. this was just a quick thought. maybe adding a captcha is enough in the contact-us html submission form. this is not a permanent element. just a temporary solution to get messages from the lagging wold. > > redundant as in containing concepts already done in other protocols, > > so smtp has many re-invented wheels that are already invented in > > existing protocols. > > Please elaborate. Please be careful to provide information about /when/ > the protocols that SMTP is supposedly redundant of were developed. > > I suspect that you will quickly find that SMTP predates the protocols > that you are stating it's redundant of. I further suspect that you will > find that SMTP predates them by 10, or more likely 20, if not 30 years. > > Here's a hint. SMTP was ~82. HTTP (1.0) was ~89. We couldn't post > thing in HTTP 1.0. HTTP 2.0 was ~15. sure, smtp is older, but protocol age is irrelevant. right now http/2 is more developed and much more efficient (e.g. compressed binary, pipelining, single connection multiplexing, encryption by default). even http1.4 was a more efficient replacement. > > imo, smtp should be a much-higher level protocol defined purely on > > top of how dns and http/2. > > How do you get any higher layer than the application layer? it's a matter of definition. if we define http/2 as an application layer protocol, and we define "depends on" as "on layer below", then mail is necessarily above the application layer. anyway, this whole osi/internet model is not accurate and many protocols ignore it. i propose this model (fireball model?): 6. app layer(usual drill..) 5. resource layer (exch. by res.; http/2) 4. socket layer (socke ids; tcp/udp/etc ports) 3. end-to-end layer (inter-lan; e.g. ip) 2. hop layer(intra-lan; e.g. mac addr.) 1. physical layer (electromagnetic fluctuations) http/2 is morphing into general "resource layer" where data is exchanged between difference resources. email is just a special case of this inter-resource communication where some resources are humans. > > e.g. for mail submission, there is no need for a separate > > application-layer protocol as we can simply use http/2. because the > > concept of mail submission is a special case of data submission, > > which is already in http/2. > > HTTP /now/ has a way to submit data. HTTP didn't exist when SMTP was > developed. Further, HTTP didn't have the ability to submit data for a > while. true, but that's history. now http/2 is better for resource exchange than smtp. > If you look at multiple layers of the network stack, HTTP and SMTP are > both at the application layer. Now you are suggesting moving equal > peers so that mail is subservient of / dependent on web? yes. > Does HTTP or the web servers have the ability to queue messages to send > between systems? How many web servers handle routing of incoming > messages to send to other servers? How dynamic is this web server > configuration to allow servers for two people who have never exchanged > email to do so? > > This routing, queuing, and many more features are baked into the email > ecosystem. Features that I find decidedly lacking in the web ecosystem. of course. it's called web application; it can do all fancy queueing and routing you want. basically the only part of current "email system" that is not redundant is the part where it is a "mail web app". every other part (e.g. protocol for data exchange) is redundant and inferior to what exists (e.g. http/2). i am considering to make an uwsgi ptyhon script for my personal use. there is absolutely nothing really challenging about the concept of mail routing and queueing. > > here is a more complete example of what i mean: > > > > 1. we lookup MX records to identify smtp servers to submit mails to. > > 2. from the response to that lookup we get a domain name, say, > > mail.dom.com. > > #1 and 2 are par for what we have today. No improvement. yes. dns is ok for now. i never said dns is redundant. > > 3. then, the standard defines a http/2 request format to submit > > the mail. > > Given how things never die on the Internet, you're going to need both > SMTP /and/ HTTP /on/ /the/ /email/ /server/ to be able to send & receive > email with people on the Internet. no, but that's how most of today's mail servers are. e.g. they
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Wednesday, August 19, 2020 12:25 PM, Ashley Dixon wrote: > I don't think you fully understand Grant's point. Whilst HTTP(/2) may be more > featureful for serving web pages, it makes absolutely no sense to use for > anything but. Protocol age absolutely is not irrelevant: SMTP has been > ubiquitous in mail transportation for many years, and thus, every single mail > client supports it pretty close to the RFC. Moreover, as Grant mentioned in > the > previous message, it is the only reliable method of reliably transferring > messages to and fro systems which, in most cases, differ quite vastly in every > element except their understanding of SMTP. there are two aspects: (1) backwards compatibility: sure, email is better if the goal is to deal with a large audience. but this is not necessarily my goal because i don't talk to everyone. and for rare cases when i need to send an archaic email, i can just open gmail.com, protonmail.com, etc, and use their web gui. (2) technically irrespective of backwards compatibility: there is no doubt that a http/2-based mail system will be much more efficient than smtp's archaic format where all attachments are base64-ed into giant mono text balls. the only reason we're using smtp's archaic text base64-ed balls is pure history. but, fundamentally, contents of emails are in the same scope as of web pages. so emails' contents is not alien to http/2. the only reason we don't have http/2-based mail is pure history, and that people resist change. > Interoperability is the entire point of protocol standardisation in the first > place, and if you're going to suggest a revision, or complete overhaul, of a > standard as well-understood as SMTP, you need to provide extremely compelling > evidence which supports your proposed replacement. So far, you haven't done > that. SMTP can be tricky and unwieldy to configure on certain (most) > implementations, but that does not indicate a lack of features. The complete > opposite, in fact. but i'm not proposing a standard for "everyone". it's about my case of using cheap vps with untrusty admins. so i don't "need" to present any compelling evidence, because i don't care about the approval of these standardization organizations. worst case scenario i can shove an smtp-client leg into gmail and call it a day, and thrive with only 1 listening tcp port (for https). in fact, if possible, even if we wanted to go as far as changing a protocol, we better create our own standards free from them, specially with the likes of w3c which have absolutely no respect for us (they slapped us with drm despite our cries, simply because netflex/google paid enough). currently we're being treated like sheep and get told which disgusting protocols to use.
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Wednesday, August 19, 2020 7:10 PM, Grant Taylor wrote: > Per protocol specification, SMTP is EXTREMELY robust. > > It will retry delivery, nominally once an hour, for up to five (or > seven) days. That's 120-168 delivery attempts. > > Further, SMTP implementations MUST (RFC sense of the word) deliver a > notification back to the sender if the implementation was unable to > delivery a message. this queue re-transmission, and failure notification, can be done with a small python script.
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Thursday, August 20, 2020 11:41 AM, antlists wrote: > Will that python script allow for the situation that the message is > received, but the message was NOT safely stored for onwards transmission > before the receiver crashed, and as such the message has not been > SUCCESSFULLY received? > > SMTP has lots of things specifically meant to ensure messages survive > the internet jungle on their journey ... thanks for the point. would it suffice if we have these notifications: 1. receipt by final mail server (mandatory). 2. receipt by end user(s) (optional). 3. opening by end user(s) (optional). ? (1) is required by the server, else mail will be retransmitted from source relay(s) (or client if done directly). (2) is optional by final server, (3) is optional by end user's client. the job of a relay would be to optionally add some metadata (e.g. maybe describing sender's role) and sign the whole thing (e.g. by company's private key). this way we can have group-level rules.
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Friday, August 21, 2020 4:28 PM, Wols Lists wrote: > You're re-inventing the wheel. yes, i do consider re-inventing octagonal wheels. though this wasn't my point here. here, i'm just "asking" to see what makes the "safely stored" guarantee. perhaps i should've asked more directly (and yes, i know these are not new features). > > 1. receipt by final mail server (mandatory). > > > > This is part of SMTP already, in that each server (post office) > acknowledges that the message has been received AND SAFELY STORED. > Without that last guarantee, "receipt by the server" isn't worth > diddley-squat. got any specific definition of what makes a storage "guaranteed"? e.g. what kind of tests does the mail server do in order to say "yup, i can now guarantee this is stored safely!"? > > the job of a relay would be to optionally add some > > metadata (e.g. maybe describing sender's role) and > > sign the whole thing (e.g. by company's private > > key). this way we can have group-level rules. > > Except that SMTP allows for the fact that a message may (or may not) > pass through several post-offices on the way. The old internet thing of > "don't assume any computer will survive a nuclear attack - take whatever > route you can find ..." so there is no guarantee that a relay going in > one direction will even see a message going back in the other. so? not sure how this relates to what i said. i guess you think that i meant that a relay should be mandatory? or maybe i'm misunderstanding your point? (yes, a relay doesn't have to be used. i'm just describing some uses of relays that i think make sense. (1) indicate trust hierarchy, (2) offload mail delivery so that i can close my laptop and let the relay have fun with the retries. not sure there is any other use. anyone?)
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
thanks. highly appreciate your time. to save space i'll skip parts where i fully agree with/happily-learned. (e.g. loop detection; good reminder, i wasn't thinking about it. plus didn't know of acronyms DSN, MDNs, etc; nice keywords for further googing). ‐‐‐ Original Message ‐‐‐ On Friday, August 21, 2020 8:59 PM, Grant Taylor wrote: > On 8/20/20 7:39 PM, Caveman Al Toraboran wrote: > > > 1. receipt by final mail server (mandatory). > > > > You're missing the point that each and every single server along the > path between the original submission server and the final destination > server is on the hook for delivery of the message -or- notification of > it's failure back to the purported sender address. So "final mail > server" is not sufficient. i was thinking (and still) if such relay-by-relay delivery increases probability of error by a factor of n (n = number of relays in the middle). e.g. probability of accidental silent mail loss is if one, or more, accidentally said "yes got it!" but actually didn't. i.e.: Pr(silent loss) = sum_{k=1}^n {n choose k} * Pr(mistake)**k * Pr(no mistake)**{n-k} n = number of relays in the middle. * = mult. ** = exponent. i wonder if it would be better if only the entry relay aims at the confirmation from the terminal server? this way we won't need to assume that relays in the middle are honouring their guarantees, hence the probability above would be smaller since k is limited up to 2 despite n's growth. > Of course, there are servers that go against the RFC "MUST" directives > and either don't safely commit messages to disk /before/ saying > "Okay..." and / or don't deliver failure messages. care to point part of the rfc that defines "safe" commit to disk? e.g. how far does the rfc expect us to go? should we execute `sync`'s equivalent to ensure that data is actually written on disk and is not in operating system's file system write buffer? > Signing will be of somewhat limited value as it will quite likely be > subject to the same problem that DMARC / ARC suffer from now. Mail > servers can sign what they receive. But in doing so, they alter what is > sent to include their signature. As such, the data that the next server > receives is different. The real problem is working backwards. Down > stream servers don't have a reliable way to undo what upstream servers > have done to be able to get back to the original message to validate > signatures. onion signatures? e.g. message is wrapped around several layers of signatures for every relay in the path? > > this way we can have group-level rules. > > I'm not quite sure what you mean by group-level rules in this context. e.g. whitelisting, tagging, spam filtration, prioritizing, etc, based on entities that onion-signed the message.
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
‐‐‐ Original Message ‐‐‐ On Friday, August 21, 2020 11:37 PM, Grant Taylor wrote: > SMTP may not be the best, but I do think that it has some merits. > Merits that the previously mentioned HTTP/2 alternative misses. not a major point but just to clarify a thing. i think it's unfair to look at SMTP as a single thing that compares against HTTP*. because while HTTP* is a single-ish thing, SMTP is several things. i.e. SMTP is at least 2 parts: 1. resource exchange layer where people are defined as some kind of URL (e.g. n...@dom.zone) and attachments are base64-ed text balls referred to by some numbers in RFC822. This part overlaps with HTTP*. let's call this "RESXCH_SERVER". 2. the part where it defines how to process the exchanged resources (e.g. safe storage, routing, etc). this part is beyond HTTP*'s scope, and is the "web app" scope. let's call this "RESUSE_SERVER" of course, email still doesn't work with those 2 parts, because you need a way to get mails to your email client, so you end up using POP or IMAP. now, this --itself-- is also two parts: 1. resource exchange layer to send resources to users. which also overlaps with HTTP* (again). let's call this "RESXCH_CLIENT". 2. the part where it defines how the mail client to treat the resources. let's call this "RESUSE_CLIENT". > Why add an additional protocol to the stack? > > TCP / SMTP is two layers. > > TCP / HTTP / $Email-protocol-de-jure is three layers. > > UDP / HTTP / $Email-protocol-de-jusre is three layers. > > Why introduce an additional layer? i disagree. i think this is more like it about the current email system: RESXCH_SERVER / RESUSE_SERVER / RESXCH_CLIENT / RESUSE_CLIENT it's 4 different layers to exchange mail between people. but if we plug HTTP* in the mix, it because only 3 different layers: HTTP* / RESUSE_SERVER / HTTP* / RESUSE_CLIENT and it is even nicer for when HTTP* is plugged, because it is also the protocol used for most of internet's traffic (web browsing). so basically total expected number of protocols/layers used in the universe, per second, will be much less if we, on planet earth, use a mail system that uses HTTP* instead of RESXCH_*.