Re: dnf workstation collection
" sixpack13" writes: > sudo dnf groupinstall "Fedora Workstation" I was wondering about that. I did it (without typing "y") on both and upgraded and a system with a fresh install. In the upgraded case I got a large list as expected. The unexpected part was that I had a shorter, but still unexpectedly long list on the freshly installed system too. It also came up with some errors that made me wonder if the option had gotten tested. # dnf groupinstall "Fedora Workstation" --skip-broken Last metadata expiration check: 0:00:31 ago on Sat 01 Jun 2019 01:34:06 PM PDT. No match for group package "libva-vaapi-driver" No match for group package "xorg-x11-drv-omap" No match for group package "totem-nautilus" No match for group package "xorg-x11-drv-armsoc" No match for group package "powerpc-utils" No match for group package "lsvpd" Dependencies resolved. Problem: problem with installed package fedora-chromium-config-1.1-2.fc30.noarch - installed package fedora-chromium-config-1.1-2.fc30.noarch obsoletes fedora-user-agent-chrome < 0.0.0.5 provided by fedora-user-agent-chrome-0.0.0.4-6.fc30.noarch - package fedora-chromium-config-1.1-2.fc30.noarch obsoletes fedora-user-agent-chrome < 0.0.0.5 provided by fedora-user-agent-chrome-0.0.0.4-6.fc30.noarch - conflicting requests PackageArch VersionRepo Size Installing group/module packages: podman x86_64 2:1.3.1-1.git7210727.fc30 updates 11 M Installing dependencies: containers-common x86_64 1:0.1.36-9.dev.gitd93a581.fc30 updates 35 k fuse3-libs x86_64 3.5.0-1.fc30 updates 83 k runc x86_64 2:1.0.0-93.dev.gitb9b6cc6.fc30 updates 2.5 M containernetworking-plugins x86_64 0.7.4-2.fc30 fedora 14 M libnet x86_64 1.1.6-17.fc30 fedora 61 k Installing weak dependencies: container-selinux noarch 2:2.101-1.gitb0061dc.fc30 updates 47 k criu x86_64 3.12-11.fc30 updates 476 k fuse-overlayfs x86_64 0.3-10.dev.gita7c8295.fc30 updates 50 k podman-manpagesnoarch 2:1.3.1-1.git7210727.fc30 updates 172 k slirp4netnsx86_64 0.3.0-2.git4992082.fc30updates 82 k Installing Environment Groups: Fedora Workstation Installing Groups: base-x Container Management Core Firefox Web Browser Fonts GNOME Desktop Environment Guest Desktop Agents Hardware Support LibreOffice Multimedia Common NetworkManager Submodules Printing Support Fedora Workstation product core Transaction Summary Install 11 Packages Total download size: 28 M Installed size: 111 M Is this ok [y/N]: n Operation aborted. # ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
dnf workstation collection
Is there a way to make sure a system that was upgraded multiple times instead of installed from scratch has all the rpm packages that the current workstation collection has? I notice some things like the login screen wallpaper program that is present on fresh installs is missing from an upgraded system. Is there an @something dnf collection that I can install to bring that aspect of an old system up to date? -wolfgang ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
booting and NVME on older motherboards
Has anyone gone through the exercise of setting up the boot environment for booting fedora on a system with an NVME drive where the motherboard UEFI code doesn't understand NVME disks? I did a clean install of fedora to the nvme and let anacondia do its thing. The only non-default item was using real partitions instead of LVM. Rebooting after the installation showed me the problem. The motherboard's UEFI firmware didn't see the NVME disk at all. Clearly I need to have the early stages of booting grab files from a sata drive. Is copying the /boot and /boot/efi partitions to the sata drive and editing /boot/efi/EFI/fedora/grub.cfg to point the /dev/sda instead of /dev/nvme0n1 all that needs doing? No hidden firmare on the bootable drive like in the bios days? Is there any other file that had the drive's pathname embedded? -wolfgang ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: vt's enable screen blanking
stan writes: > On Mon, 09 Apr 2018 12:56:43 -0700 > Wolfgang S Rupprecht wrote: > >> That looks like a fine solution if you are logged in on a terminal and >> you want to change it for your current terminal. I'm not sure how >> that would work from rc.local. How would I tell it to do that to all >> the vt's? (I tried the stdin and stdout as redirection targets but it >> didn't seem to work.) > > A quick search turned up these pages, which should get you a little > further on your journey. > > https://superuser.com/questions/152347/change-linux-console-screen-blanking-behavior > > https://unix.stackexchange.com/questions/8056/disable-screen-blanking-on-text-console Thanks. Those are both 7 years old and things appear to have changed much. [wolfgang@arbol ~]$ setterm -blank 600 setterm: argument error: 600 Not only is the "-blank" missing but I believe it applies to the current tty. That would make it difficult to slip into /etc/rc.local . -wolfgang ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: vt's enable screen blanking
stan writes: > On Mon, 09 Apr 2018 08:57:12 -0700 > Wolfgang S Rupprecht wrote: > >> How does one activate screen blanking on the vt's these days? > > I use setterm --blank=60 to prevent the screens from blanking after > whatever the default is (10 minutes?). I don't know where the actual > setting is, though. But you could put it in an rc.local file with > whatever value you want to use so it is set on startup. Thanks. That looks like a fine solution if you are logged in on a terminal and you want to change it for your current terminal. I'm not sure how that would work from rc.local. How would I tell it to do that to all the vt's? (I tried the stdin and stdout as redirection targets but it didn't seem to work.) -wolfgang ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
vt's enable screen blanking
How does one activate screen blanking on the vt's these days? I have an ancient 32-bit x86 Acer mini laptop running as a server where the X11 greeter just started crashing in a tight loop. I've turned the graphical login off but that leaves me with the first vt's login prompt displaying. Whatever is responsible for blanking the screen seems not to be doing its thing. Where is the screen blank timer configuration these days? It has been so long and things have changed so much that google is useless. I assume systemd has absorbed that function by now but I can't find it. /etc/systemd/logind.conf doesn't seem to have a screenblank setting even though it seems to have everything else. -wolfgang ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Meet PoisonTap, the $5 tool that ransacks password-protected computers
"George N. White III" writes: > I assume the OP's intent was for the system to ignore devices newly > connected when the screen is locked, so existing devices such as the > keyboard used to unlock the screen remain available for use. Apple > systems do something like this. If you connect a USB storage device > to a macOS box while the screen is locked, nothing happens. After the > screen is unlocked, the device must be unplugged and plugged in again > before it can be used. You can, however, connect a USB mouse or > keyboard to a macOS system that is locked and use the new USB device > to unlock the system. Delaying the discovery seems superior in another way too. Whitelisting certain classes of devices has another security problem. If usb keyboards are whitelisted (as they probably will need to be if the person uses a dock for their laptop) then someone could connect a small computer that imitates a keyboard. That phony usb keyboard can hammer the victim computer with rapid-fire password guesses. It makes breaking the lockscreen a lot less painful than the alternative of typing a large number of password guesses. -wolfgang ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Monitor / graphics card recommendation
Mark writes: > One of my new year's resolutions is to upgrade the monitor on my Fedora > 23 Desktop. > > I've been looking at a 34" curved 3440 x 1440 monitor. But first I want > to make sure it actually makes sense to get such a large monitor for > Linux and that there's a graphics card on the market that works well > with Fedora and that can drive such a large monitor. I would prefer an > open source driver, but I'm prepared to install a blob if I have to. > I'm not interested in gaming so that's not an issue, it's the real > estate I'm after. Have a look at the ASUS R7360-OC-2GD5 or the same ATI/Radeon R7-360 card by any of a half dozen companies. I have one attached to a cheap 4k Seiki HDMI monitor (8M pixels) which is 3M pixels more than you need to shift (5M pixels). Xorg works with it out of the box. No mystery binaries needed. The downside is this card has a fan, but it runs very slowly under Xorg and normal use. Modern framebuffers just don't come fanless any more. The GPU's at idle all seem to use just a touch too much power. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: 802.11n WIFI speeds
Stephen Morris writes: >> As always, YMMV. I find 802.11n fine for what I need wifi for, although >> I do have 802.11ac available as well. If I need higher speed, my house >> is fully CAT6-ified with an Extreme Summit 400-48T 48-port switch in the >> middle, so I can "go copper" if I need higher speed (sorta gilding the >> lily since my Internet link is only 100Mbps upload (download is faster, >> but I do a lot of uploading due to my job). Thanks Rick and Steve. I was just curious as to whether my new laptop could get the claimed speeds over wifi. I too have gigabit ethernet around the house and plug into that normally. As far as I can tell 802.11ac still has little support on open-source / linux-based routers, so I'll hold off upgrading my router. Besides, 'ac probably has the same 2x overstatement of advertised speed vs actual measured speed. ;-) -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Cannot access my phone storage from fc22
Will W writes: > On Tue, 5 Jan 2016, Tim wrote: > >> Date: Tue, 05 Jan 2016 16:45:18 +1030 >> From: Tim >> Reply-To: Community support for Fedora users >> To: users@lists.fedoraproject.org >> Subject: Re: Cannot access my phone storage from fc22 >> >> Allegedly, on or about 04 January 2016, Will W sent: >>> I know a lot of people mentioned about the cable, the only one that >>> seems to work for me is the cable that came with the phone >> >> With something like that, it makes me wonder whether there's a problem >> with the contacts in the phone's socket, and some cables just make poor >> connections. > > I agree there but with genernic cables it works sometimes for me. It > is weird tho. There are "charging-only" cables that intentionally leave out the data wires. These are a good idea when you don't want some random charger at a coffee shop or airport to download all your pictures and other data while your phone is charging. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: 802.11n WIFI speeds
Jack Craig writes: > how due you calculate throughput? i have a wireless config for 54 > Mbit/sec > but never measured... I used one of the web-based speed tests such as http://speedtest.comcast.net/ . That test is flash-based but there are others that use straight html such as http://www.dslreports.com/speedtest . -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
802.11n WIFI speeds
Does Fedora/Linux support the faster than 54 Mbit/sec 802.11n speeds? My OpenWRT AP has a status page that claims that the 5 Ghz radio is configured for a 150 Mbits/sec 40Mhz (double-wide) channel. I'm only seeing a 54 Mbit/sec throughput over WIFI though. (Over ethernet to the same router I'm seeing the expected 180 Mbits/sec to the internet.) This is what lshw(1) has to say about the wifi card: *-network description: Wireless interface product: RTL8821AE 802.11ac PCIe Wireless Network Adapter vendor: Realtek Semiconductor Co., Ltd. physical id: 0 bus info: pci@:03:00.0 logical name: wlp3s0 version: 00 width: 64 bits clock: 33MHz capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=rtl8821ae driverversion=4.2.8-300.fc23.x86_64 firmware=N/A ip=192.168.75.107 latency=0 link=yes multicast=yes wireless=IEEE 802.11abgn resources: irq:52 ioport:3000(size=256) memory:b200-b2003fff Does this ring any bells? I can easily believe that the faster speeds are proprietary extensions but figured I'd check. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Change ip address -
Gordon Messmer writes: > On 10/08/2015 11:21 PM, Wolfgang S. Rupprecht wrote: >> Hacking routes as one of the other replies suggested will only solve >> half the problem. The packet gets flung in the right direction. The >> problem is that the return packet won't be accepted. In fact the arp >> reply won't even happen. > > That's not quite correct. The problem is not that the packets > wouldn't be accepted by your client, or that your client would not > reply to ARP requests. The Buffalo device at 1.1.1.1 would accept > packets from your client (unless rp_filter is enabled and it had no > default route, but let's ignore that), but it would lack a route back > to the client. The Buffalo device would never send an ARP request, > nor would it send packets in return. Yea, I realized that after sending off the msg. It would never even send that arp request because it wouldn't see the src address as a local network hence no arp. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Change ip address -
Bob Goodwin writes: > I have a device that when reset requires I set my Fedora-22 computer > to the address 1.1.1.2 in order that I can access it at 1.1.1.1. with > my Firefox browser. # allow us to talk to our zoom modem at 192.168.100.1/24 /usr/sbin/ip addr add 192.168.100.2/24 dev eth0.2 Hacking routes as one of the other replies suggested will only solve half the problem. The packet gets flung in the right direction. The problem is that the return packet won't be accepted. In fact the arp reply won't even happen. Assigning the appropriate interface a second address will take care of both the outgoing and incoming packet. Ignore the funny name of the ethernet dev. This is actually on an OpenWRT router. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: journalctl --follow
Chris Murphy writes: > Yeah I don't know any details about this hook; but basically > systemd-journald is the single source for logging now, but it provides > a socket for rsyslog (and other conventional loggers that have been > updated) can grab the stream and do their own thing like they have in > the past. But there is only one such socket, and no two loggers can > share it, as I understand things. Thanks for the background. I think I have a handle on what was happening. The delay wasn't in the input side of things but in my using the stdout/stderr to do a quick and dirty logging via systemd's redirection of stdout/stderr into the logs. Systemd seems to delay things a bit more as time goes on. Maybe a delay based on the total byte-count as some auto-adjusting efficiency hack? In any case this shell script with the output to a gnome terminal showed only 3 or 4 milliseconds delay over a 24+ hr period. journalctl -f -o short-precise -u apcupsd | \ while read line do date="$(date '+%b %d %H:%M:%S.%N')" echo "$date -- $line" done Feb 12 17:32:50.127051639 -- Feb 12 17:32:50.124113 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,29.0,00.0,000.0,000.0,119.0,100.0,1 Feb 12 17:33:50.615503948 -- Feb 12 17:33:50.610058 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,29.0,00.0,000.0,000.0,119.0,100.0,0 Feb 12 17:35:04.240717368 -- Feb 12 17:35:04.237443 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,29.0,00.0,000.0,000.0,119.0,100.0,1 Feb 12 17:36:57.216696271 -- Feb 12 17:36:57.213388 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,0 Feb 12 17:37:57.702263685 -- Feb 12 17:37:57.699308 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,1 Feb 12 17:38:58.198243702 -- Feb 12 17:38:58.185059 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,0 Feb 12 17:39:58.669490321 -- Feb 12 17:39:58.666990 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,1 Feb 12 17:40:59.152423114 -- Feb 12 17:40:59.148905 arbol.wsrcc.com apcupsd[1147]: 000.0,000.0,000.0,27.27,00.00,28.0,00.0,000.0,000.0,119.0,100.0,0 That ultra-low delay compared to what I was seeing got me wondering about the delay in the output of my perl program. Thanks for the ideas. Now that I replace the lazy logging in my perl script with perl calls to syslog(), things are logging so rapidly that the scripts log entries and sshd's log entries are interleaved. That's never happened before. > I think I have a below average handle on most Linux internals. I > mostly just have a vivid imagination! ;-) A good imagination is the most valuable debugging skill. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: journalctl --follow
Chris Murphy writes: > Is this delayed behavior reproducible in a shell running journalctl -f > ? Or only happens with the script log? I guess I need to get off my duff and run that test. > If you aren't using rsyslog, I wonder if you can use the single socket > designed for this instead, if that's more reliable for something like > this? I didn't know about this. Thanks! I'll look into it and give it a shot. > Anyway, feel free to ignore all of the above. I think you'll get > better help from systemd-devel@. Your outlook is always appreciated. It is clear to me that you have a very good handle on the Linux internals. Thanks for thinking about this and speaking up! -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: journalctl --follow
Chris Murphy writes: > On Mon, Feb 9, 2015 at 11:59 PM, Wolfgang S. Rupprecht > wrote: >> >> Is journalctl in the tail -f mode called "follow" supposed to be >> realtime? I'm seeing it more or less output log lines in realtime for >> many hours and then eventually it falls behind with half an hour or one >> hour delay. > I haven't seen this. If you quit and then issue a new journalctl -f, > do you see a bunch of things that previously weren't there with > (approximately) current time? It might be a bug worth inquiring about > on systemd-devel@. I do see journalctl output the delayed lines when I run either journalctl by itself or with "-f". (with slight editing, just to toy with the script kiddies probing the system. ;-)) # journalctl -o short-precise -u ssh-ban -u sshd --lines 73 ... Feb 10 09:30:12.267795 xxx.example.com sshd[10846]: Set /proc/self/oom_score_adj to 0 Feb 10 09:30:12.278631 xxx.example.com sshd[10846]: Connection from 104.236.247.20 port 59270 on 192.168.35.32 port 22 Feb 10 09:49:22.061551 xxx.example.com sshd[10952]: Set /proc/self/oom_score_adj to 0 Feb 10 09:49:22.069974 xxx.example.com sshd[10952]: Connection from 219.153.36.198 port 41053 on 192.168.35.32 port 22 Feb 10 09:55:47.553083 xxx.example.com sshd[10966]: Set /proc/self/oom_score_adj to 0 Feb 10 09:55:47.556836 xxx.example.com sshd[10966]: Connection from 103.41.124.32 port 51058 on 192.168.35.32 port 22 Feb 10 09:55:47.560852 xxx.example.com ssh-ban[764]: Connection 104.236.247.20 Count: 1 Feb 10 09:55:47.561618 xxx.example.com ssh-ban[764]: Connection 219.153.36.198 Count: 2 Feb 10 09:55:47.562250 xxx.example.com ssh-ban[764]: Connection 103.41.124.32 Count: 4 Feb 10 09:55:47.562861 xxx.example.com ssh-ban[764]: SSHBANNED: 103.41.124.32 My script will print significant events to its output which systemd will then throw into the logs. This lets me see the original sshd printf timestamp and the time that my script (ssh-ban) saw it at. In this case the first connection, from 104.236.247.20 was logged at 09:30:12.278631 but the script saw it at 09:55:47.560852 . That's a delay of 25 minutes. Thanks for the tip on systemd-devel@ mailing list. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
journalctl --follow
Is journalctl in the tail -f mode called "follow" supposed to be realtime? I'm seeing it more or less output log lines in realtime for many hours and then eventually it falls behind with half an hour or one hour delay. The (simplified) lines are from a perl sshd tracker are: open( LOG, "journalctl -o short-precise -u sshd --follow |"); while () { ... } I suppose, it is possible that the delay is in perl, but journalctl seems more likely to be the culprit, hence the subject line. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: wireless is strange
Dave Ihnat writes: > On Tue, Dec 30, 2014 at 05:32:03PM +0100, antonio wrote: >> as network is a an extension of an office network, I do not want >> anybody even see that network is extended > > With all due respect, it doesn't matter. The Bad Guys(Tm) *will* see it, > SSID or not. WiFi scanning tools return all channels, with or without a > SSID. So why obfuscate your network to no advantage? It just gets in the > way of legitimate administration and users. And even more importantly, laptops and phones need to search for hidden SSID's, so they are constantly broadcasting the fact that they are looking for a certain SSID, even when they aren't anywhere near that SSID. People with hidden SSID's are effectively letting people track them wherever they go. ;-) -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: MTU breakage in f20 (solved)
Ed Greshko writes: > As I mentioned in a previous message, I would have suggested rebooting > the GWwhich may also solve it as it may not be an actual port > problem just that it got into a "condition". :-) It would be nice if it were that simple. That switch was only a year and change old. Just enough to take it out of the 1 year warranty. Rebooting all around is the first thing I did. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: MTU breakage in f20 (solved)
The problem turned out to be my switch dying in a funny way. When I moved the computer's ethernet from the switch (Netgear GS108E-100NAS) to a spare port on the gateway, large pings started working. Thanks for everyone helping to reason through this. The observation that it wasn't a general fedora problem helped a lot. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: MTU breakage in f20
Ed Greshko writes: > [egreshko@meimei ~]$ ping -s 1200 wifi (my gw) > PING wifi.greshko.com (192.168.1.1) 1200(1228) bytes of data. > 1208 bytes from wifi.greshko.com (192.168.1.1): icmp_seq=1 ttl=64 time=0.487 > ms > 1208 bytes from wifi.greshko.com (192.168.1.1): icmp_seq=2 ttl=64 time=0.501 > ms > So, no trouble here. Fully updated F20 system. Hmm. I didn't really believe it could be an across the board problem without anyone else noticing, but that leaves me with the question as to what is going on here. I've got a similar claimed mtu of 1500. [wolfgang@arbol ~]$ ip link show p34p1 3: p34p1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:60:6e:74:6f:e2 brd ff:ff:ff:ff:ff:ff Using a bit of binary search it turns out my largest working ping is 512 bytes. That is a very suspicious number because it is power of two and the actual packet still has a handful of bytes slapped onto the front making it a non power of two. [wolfgang@arbol ~]$ ping -s 512 gw PING gw.wsrcc.com (192.168.35.1) 512(540) bytes of data. 520 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=1 ttl=64 time=0.538 ms 520 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=2 ttl=64 time=0.521 ms 520 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=3 ttl=64 time=0.453 ms ^C --- gw.wsrcc.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.453/0.504/0.538/0.036 ms [wolfgang@arbol ~]$ ping -s 513 gw PING gw.wsrcc.com (192.168.35.1) 513(541) bytes of data. ^C --- gw.wsrcc.com ping statistics --- 9 packets transmitted, 0 received, 100% packet loss, time 7999ms [wolfgang@arbol ~]$ I've turned off all the hardware accelerators that ethtool knows about. No change. [wolfgang@arbol ~]$ ethtool -k p34p1 Features for p34p1: rx-checksumming: off tx-checksumming: off tx-checksum-ipv4: off tx-checksum-ip-generic: off [fixed] tx-checksum-ipv6: off [fixed] tx-checksum-fcoe-crc: off [fixed] tx-checksum-sctp: off [fixed] scatter-gather: off tx-scatter-gather: off tx-scatter-gather-fraglist: off [fixed] tcp-segmentation-offload: off tx-tcp-segmentation: off tx-tcp-ecn-segmentation: off [fixed] tx-tcp6-segmentation: off [fixed] udp-fragmentation-offload: off [fixed] generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off [fixed] rx-vlan-offload: off tx-vlan-offload: off ntuple-filters: off [fixed] receive-hashing: off [fixed] highdma: off [fixed] rx-vlan-filter: off [fixed] vlan-challenged: off [fixed] tx-lockless: off [fixed] netns-local: off [fixed] tx-gso-robust: off [fixed] tx-fcoe-segmentation: off [fixed] tx-gre-segmentation: off [fixed] tx-ipip-segmentation: off [fixed] tx-sit-segmentation: off [fixed] tx-udp_tnl-segmentation: off [fixed] tx-mpls-segmentation: off [fixed] fcoe-mtu: off [fixed] tx-nocache-copy: off loopback: off [fixed] rx-fcs: off rx-all: off tx-vlan-stag-hw-insert: off [fixed] rx-vlan-stag-hw-parse: off [fixed] rx-vlan-stag-filter: off [fixed] l2-fwd-offload: off [fixed] busy-poll: off [fixed] [wolfgang@arbol ~]$ What is left? Some weirdness caused by my router announcing a low MTU but Fedora not reporting it? I'm grasping at straws here. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
MTU breakage in f20
It looks like something broke recently that severely limits the MTU in Fedora 20 when running under NM. Are other people seeing this too? Here I'm pinging my upstream lan-to-wan gateway. A 1200 byte ping fails while a 500 byte one succeeds. I see the same thing when pinging between two identical, fully up-to-date f20 systems. wolfgang@arbol ~]$ ping -s 1200 gw PING gw.wsrcc.com (192.168.35.1) 1200(1228) bytes of data. ^C --- gw.wsrcc.com ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms [wolfgang@arbol ~]$ ping -s 500 gw PING gw.wsrcc.com (192.168.35.1) 500(528) bytes of data. 508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=1 ttl=64 time=0.503 ms 508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=2 ttl=64 time=0.460 ms 508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=3 ttl=64 time=0.456 ms 508 bytes from gw.wsrcc.com (192.168.35.1): icmp_seq=4 ttl=64 time=0.454 ms ^C --- gw.wsrcc.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.454/0.468/0.503/0.025 ms [wolfgang@arbol ~]$ -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: dram showing up as scsi
Digimer writes: > On 09/08/14 04:46 PM, Wolfgang S. Rupprecht wrote: >> Anyone know what is going on here? My 4 DRAM sticks are showing up as >> scsi devices. Strange. >> Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:0: Direct-Access >> Kingston FCR-HS219/1 9745 PQ: 0 ANSI: 0 > That part number is for a card reader, not RAM. > > http://www.kingston.com/en/support/technical/products?model=fcr-hs219 Ah! Thanks. Now that you mention it, that card reader does say Kingston on it. Sheesh. (I still think of Kingston as the aftermarket DRAM guys.) -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
dram showing up as scsi
Anyone know what is going on here? My 4 DRAM sticks are showing up as scsi devices. Strange. kernel: 3.15.8-200.fc20.x86_64 Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:0: Direct-Access Kingston FCR-HS219/1 9745 PQ: 0 ANSI: 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:1: Direct-Access Kingston FCR-HS219/1 9745 PQ: 0 ANSI: 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:2: Direct-Access Kingston FCR-HS219/1 9745 PQ: 0 ANSI: 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: scsi 8:0:0:3: Direct-Access Kingston FCR-HS219/1 9745 PQ: 0 ANSI: 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:0: Attached scsi generic sg4 type 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:0: [sdd] Attached SCSI removable disk Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:1: Attached scsi generic sg5 type 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:2: Attached scsi generic sg6 type 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:3: Attached scsi generic sg7 type 0 Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:1: [sde] Attached SCSI removable disk Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:2: [sdf] Attached SCSI removable disk Aug 09 05:44:39 arbol.wsrcc.com kernel: sd 8:0:0:3: [sdg] Attached SCSI removable disk -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: cloned sd card is not booting
Robert Moskowitz writes: > On 08/06/2014 03:55 PM, Wolfgang S. Rupprecht wrote: >> Robert Moskowitz writes: >>> On 08/06/2014 09:58 AM, Wolfgang S. Rupprecht wrote: >>>> Robert Moskowitz writes: >>>>> I suspect that although they are marketed as 16GB, they vary due to >>>>> manufacturing quality by a block or so. >>>> The other thing to consider if it is a bargain bin drive is that the >>>> drive might be a counterfeit with mismarked capacity. >>>> http://www.ebay.com/gds/All-About-Fake-Flash-Drives-2013-/1000177553258/g.html >>> These are not sold under any name. They are 'blank' packaged. >>> >>> So I figured that whatever that whatever is 'wrong' with them in >>> perhaps malware, would get blown away by Linux. I once DID buy a usb >>> drive from an online store that had a hidden partition with some >>> strange looking stuff >> The above URL uses counterfeit to mean drives are sold as large capacity >> drives that really don't have large flash chips inside. The upstream >> sellers buy small drives and reprogram the controllers to advertise a >> larger size that the drive really can't deliver. > > Well these are marketed as 16Gb. parted is showing one to be 15.6Gb. > And I have put over 8Gb on a couple of them. I think if MicroCenter > was seriously mismarketing them, their customers would be complaining > in droves. Being off by .4Gb would not be noticed and as in my cases > tossed off as low quality that needed to mark parts of it as not to be > used and thus the smaller size. > > # parted /dev/sdb print > Model: Generic- Multi-Card (scsi) > Disk /dev/sdb: 15.6GB > Sector size (logical/physical): 512B/512B > Partition Table: msdos > Disk Flags: > > Number Start End SizeType File system Flags > 1 1000kB 513MB 512MB primary ext3 > 2 513MB 1025MB 512MB primary linux-swap(v1) > 3 1025MB 15.6GB 14.5GB primary ext4 You do realize that whatever parted is showing is whatever the USB's controller is telling it? If you have having problems writing the full drive's worth of information (as your previous message indicated) my first sanity check would be to write the full *raw* drive with unique data and see if the expected data was still there on read. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: cloned sd card is not booting
Robert Moskowitz writes: > On 08/06/2014 09:58 AM, Wolfgang S. Rupprecht wrote: >> Robert Moskowitz writes: >>> I suspect that although they are marketed as 16GB, they vary due to >>> manufacturing quality by a block or so. >> The other thing to consider if it is a bargain bin drive is that the >> drive might be a counterfeit with mismarked capacity. >> http://www.ebay.com/gds/All-About-Fake-Flash-Drives-2013-/1000177553258/g.html > > These are not sold under any name. They are 'blank' packaged. > > So I figured that whatever that whatever is 'wrong' with them in > perhaps malware, would get blown away by Linux. I once DID buy a usb > drive from an online store that had a hidden partition with some > strange looking stuff The above URL uses counterfeit to mean drives are sold as large capacity drives that really don't have large flash chips inside. The upstream sellers buy small drives and reprogram the controllers to advertise a larger size that the drive really can't deliver. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: cloned sd card is not booting
Robert Moskowitz writes: > I suspect that although they are marketed as 16GB, they vary due to > manufacturing quality by a block or so. The other thing to consider if it is a bargain bin drive is that the drive might be a counterfeit with mismarked capacity. http://www.ebay.com/gds/All-About-Fake-Flash-Drives-2013-/1000177553258/g.html -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Somewhat OT, but possibly useful to all Fedorites
g writes: > a 6gbps drive connected to a 3gbps controller is not going to > have a 6gbps throughput. And just to hammer that point home, any good modern SSD is going to have a capacity of 550 MBytes/sec or more. It is going to mostly saturate that 6 Gbit/sec SATA channel. Putting the drive on a 3 Gbit/sec channel is going to limit you to the 280 MByte/sec range. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: OpenSSL package updates coming shortly to mirrors
>> yum -y install koji >> koji download-build --arch=x86_64 openssl-1.0.1e-38.fc20 > > yum localupdate openssl*-1.0.1e-38.fc20.x86_64.rpm A while ago someone posted this method which seems to work well enough and takes care of the dependencies without installing needless *-dev options. Basically you need to create the koji repo file and then use yum to download the needed rpms automatically. /etc/yum.repos.d/koji.repo: [koji] name=Koji Repo baseurl=http://koji.fedoraproject.org/repos/f$releasever-build/latest/$basearch/ enabled=0 skip_if_unavailable=1 gpgcheck=0 and then run: yum install openssl --enablerepo=updates-testing,koji -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: mailinglist issues
David writes: > The only mailing list emails that Gmail sends to spam, for me, are those > that come from Linux users that have their own email server(s). And all > of those come from post to Linux mailing lists. Yahoo and AOL both have similar DMARC, DKIM, SPF settings and senders from those domains should also go to spam (unless Gmail is special casing them). Although, I can't imagine there is much overlap between AOL users and those that post to linux mailing lists. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
mailinglist issues (Was: Fedora-like Linux for 1.99GB RAM?)
Ed Greshko writes: > On 06/01/14 10:14, Sudhir Khanger wrote: > > > Off topic. Is this email sent from your personal email server? > I am asking because Google shows a warning that they can't verify > if this message was sent by the wsrcc.com. > > You get this warning because of this header in the email. > > Authentication-Results: mx.google.com; >spf=pass (google.com: domain of users-boun...@lists.fedoraproject.org > designates 209.132.181.2 as permitted sender) > smtp.mail=users-boun...@lists.fedoraproject.org; >dkim=neutral (body hash did not verify) header.i=@; >dmarc=fail (p=REJECT dis=NONE) header.from=wsrcc.com Bingo. Right on the money. > I've not looked into itbut I don't think dkim/dmarc works very > well with mailing lists. It can. Mailman has already been changed to take ownership of the "From:" line pointing it to some list-owned address and injecting a reply-to optionally to allow unicast msgs to work too. The problem is that mailing lists forging From addresses looks the same to software as a spammer forging the same. No progress is going to be made till mailing lists stop doing that. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
mailing list errors (was: Fedora-like Linux for 1.99GB RAM?)
Sudhir Khanger writes: > Off topic. Is this email sent from your personal email server? I am > asking because Google shows a warning that they can't verify if this > message was sent by the wsrcc.com. Sudhir, thanks for noticing and speaking up! Not totally off topic. The issue is that the mailing list software that fedora uses is an old version that still re-writes the body and subject yet keeps the "From:" address. Modern mailers that receive mail can verify this tampering and will mark the message as such. The magic is done via the DKIM header in the message as well as the SPF and DMARC records I publish for wsrcc.com . Yes I know that will cause problems for my posts to this mailinglist. Hopefully when the mailman software is updated on lists.fedoraproject.org this problem will go away. (The wsrcc.com domain is 24 years old and is on many spam email lists as a potential source of forged "From:" addresses. I see a small, but to me, annoying 40 messages per day forged with my address. I want it to stop and this setting is doing wonders and dissuading spammers from using my address.) Probably more than you wanted to know. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedora-like Linux for 1.99GB RAM?
Oliver Ruebenacker writes: > I need a new OS for an old computer, an about 10 years old x86. I > upgraded RAM from 500MB to 2GB, though Windows XP reports 1.99 GB. > I would have installed Fedora, but they say the requirements are at > least 4GB RAM. My trusty laptop which I have been updating since FC4 max's out at 2GB. Once booted, Cinammon logins work just fine as long as one doesn't run any memory pig (like Google Chrome with Adblock active). That pushes things over the edge by a small amount of memory. Closing Chrome gets me back under the magic 2GB boundry and things run at normal speed again. Booting does rattle the disk quite a bit. I assume it is swapping, but I've learned to turn the laptop on before going to the kitchen to make coffee. The laptop is always up and running by the time coffee is done. ;-) Why not try installing F20 and see if it works for you? -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: stopping cinnamon-started apps at logout
Ahmad Samir writes: > On 11/05/14 18:52, Wolfgang S. Rupprecht wrote: >> I'd assumed that the apps started by cinnamon when I logged in would >> also be killed when I logged out. That doesn't seem to be the case for >> non-X11 programs that hang around forever and watch files. Those >> programs just get passed off to PID 1 when one logs out and continue on >> their merry way till the system reboots. If one logs in again, another >> instance of the program is started. > I am not sure but it could be systemd-logind; try editing > /etc/systemd/logind.conf and change: > > #KillUserProcesses=no > > to > KillUserProcesses=yes Thanks! That is a great find. I'll try. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: stopping cinnamon-started apps at logout
Ed Greshko writes: > I found this for gnome/gdm. Maybe it will be useful for you if you use gdm? > > http://www.linuxquestions.org/questions/linux-desktop-74/gnome-run-script-on-logout-724453/ I may have to do that. Thanks. Strikes me as an oversight that one has to hack a file together and install that with root privs. Whatever is starting the apps really should kill it too. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: stopping cinnamon-started apps at logout
Ed Greshko writes: > In your .bash_logout file you could place a "killall" statement and > name the process you want to kill off. See the killall man page. Are you seeing .bash_logout called when you exit a desktop session? I don't, but then our setups might differ a bit. (I'm using f20 w. cinnamon) As an aside, doing it cleanly from .bash_logout would be a bit tricky because I wouldn't want it run when any ssh or tty based logout happened, only when the logout was from the GUI session that started the apps. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
stopping cinnamon-started apps at logout
I'd assumed that the apps started by cinnamon when I logged in would also be killed when I logged out. That doesn't seem to be the case for non-X11 programs that hang around forever and watch files. Those programs just get passed off to PID 1 when one logs out and continue on their merry way till the system reboots. If one logs in again, another instance of the program is started. The exact program I'm running is a IMAP watcher that watches my remote INBOX and grabs the new mail as soon as it arrives. It would be good if it stopped when I logged out. /usr/bin/getmail --idle=INBOX Any ideas? Do I have to keep track of the PID myself and find a logout hook to hang a kill -HUP onto? Does .bash_logout or .logout even get called? -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UEFI Big Drive question
Stephen Morris writes: > The one limitation with GPT as I understand it is that in order to use > GPT you must also have UEFI active in the Bios. I use GPT on all my single-boot Fedora machines. All but one has the traditional BIOS. The traditional BIOS works just fine with GPT formatted disks. Furthermore, I use just two partitions. Linux swap and ext4 / fs. It works just fine that way. There is no need to make your life more difficult with juggling a bunch of partitions that will need re-sizing down the road. > From experience I have also found that you can't install the > windows system partition on a GPT device and I thought I read > somewhere that you also can't put Linux /boot on GPT either. This is true. My laptop's MS Windows XP doesn't seem to like GPT. Not sure about anything more recent. I only use the XP partition to load updated firmware on consumer devices, so I'm not about to spend money to upgrade an OS I use perhaps once a year. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rkhunter sshd warning
Patrick O'Callaghan writes: > On Sun, 2014-03-16 at 15:04 -0700, Wolfgang S. Rupprecht wrote: >> A clever intruder is just going to wait until a batch of changes goe >> out and then add their trojan. > > Of course you check the hash signatures on those downloads, right? Yes, but in a haphazard, infrequent manner. The whole point of me installing rkhunter was to automate detection of trojans. If I'm going to have to check the hashes myself, what is rkhunter bringing to the party? The more I think about it the more --propupd bothers me. rkhunter emits warnings that turn into regular mailbox clutter and sooner or later one is going to ignore them. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rkhunter sshd warning
John Horne writes: > On Sun, 2014-03-16 at 12:59 -0700, Wolfgang S. Rupprecht wrote: >> -- Start Rootkit Hunter Scan >> -- >> Warning: The file '/usr/sbin/sshd' exists on the system, but it is >> not present in the 'rkhunter.dat' file. >> Warning: The file '/usr/bin/ssh' exists on the system, but it is >> not present in the 'rkhunter.dat' file. >> Warning: The file '/usr/bin/telnet' exists on the system, but it >> is not present in the 'rkhunter.dat' file. >> > You should have run 'rkhunter --propupd' after installing the new > release of RKH. > > From the RKH CHANGELOG file for release 1.4.2: > > - The 'ssh', 'sshd' and 'telnet' commands are now checked as part of >the file properties test. > > > So these commands are now being checked automatically. > Run 'rkhunter --propupd'. Thanks! I'm beginning to wonder if rkhunter is ever going to find any real intrusions for me if I keep on having to run 'rkhunter --propupd'. A clever intruder is just going to wait until a batch of changes goe out and then add their trojan. The --propupd is going to approve it in the sweep and it will have succeeded in coming in under the wire. To be useful rkhunter really needs to know how to identify changed files by knowing the hashes, sizes etc without grabbing them from the local system. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rkhunter sshd warning
Kevin Fenzi writes: > On Sun, 16 Mar 2014 12:59:29 -0700 > "Wolfgang S. Rupprecht" wrote: >> Are other people seeing this? I'm not looking forward to a full scrub >> and clean installation. > > Did you recently install or update openssh-server, openssh or > telnet-server ? When you update packages you need to re-run > 'rkhunter --propupd' to update it's db. > > The /dev/dev/ thing is a dracut bug from a while back. You can safely > remove that /dev/dev/ directory and it's contents. $ grep ssh /var/log/yum.log Jan 06 19:27:53 Updated: openssh-6.4p1-3.fc20.x86_64 Jan 06 19:28:23 Updated: openssh-server-6.4p1-3.fc20.x86_64 Jan 06 19:28:23 Updated: openssh-clients-6.4p1-3.fc20.x86_64 Jan 06 19:28:23 Installed: openssh-askpass-6.4p1-3.fc20.x86_64 I do nightly yum updates but ssh* hasn't updated in a long while. I also recall the file updated messages are a bit different, complaining that an inode changed. I also did an 'rpm -Va' to see if the hash changed, but it hadn't. While it is possible that rpm was replaced with a version that lies, I honestly can't believe the rabbit hole goes that deep. I'm leaning towards something bad having happened to upstream's rkhunter. I guess I should check with a fedora live usb just to be sure. (Again, I have to trust that the tools aren't doctored so much that burning a live image is still doable without inserting a trojan.) -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
rkhunter sshd warning
Things that make you go 'hmmm' (see sshd, ssh, telnet mention): From: root (root) To: root Subject: rkhunter Daily Run on [redacted] Date: Sun, 16 Mar 2014 07:51:04 -0700 - Start Rootkit Hunter Update - [ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat[ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/tr [ No update ] Checking file i18n/tr.utf8 [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] -- Start Rootkit Hunter Scan -- Warning: The file '/usr/sbin/sshd' exists on the system, but it is not present in the 'rkhunter.dat' file. Warning: The file '/usr/bin/ssh' exists on the system, but it is not present in the 'rkhunter.dat' file. Warning: The file '/usr/bin/telnet' exists on the system, but it is not present in the 'rkhunter.dat' file. Warning: GasKit Rootkit [ Warning ] Directory '/dev/dev' found --- End Rootkit Hunter Scan --- In the famous words of the Three Miles Island operators "Ignore those gauges. They are clearly wrong." Every one of my systems here is showing some subset of this error. Some only show sshd, others all three. Disconcerting to say the least. Are other people seeing this? I'm not looking forward to a full scrub and clean installation. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F19: Is this an httpd attack attempt?
Tim writes: > I've always configured all domains separately, and left the default > service showing that pre-configuration Apache page that tells you that > the service is alive, or just a basic page. That way, non-matching > connections don't connect to /some/ virtual host, as if by accident. While I don't use apache (I use lighttpd) I configure it the same way. Non-matching vhosts get a bland "you lose, now move along" page. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F19: Is this an httpd attack attempt?
lee writes: > "Wolfgang S. Rupprecht" writes: > >> lee writes: >>> Could someone please explain why/how this may be considered as an attack >>> or at least as something bad? Someone requesting an URL from a web >>> server that doesn´t serve this URL --- or doesn´t serve the specified >>> domain at all --- could be caused by incorrect responses from name >>> servers, couldn´t it? >>> >>> What is it in particular that would distinguish the request in question >>> from others? >> >> This is not an attack, but someone fishing for information. I >> understand that apache in some modes give you the first configured vhost >> when encountering a query like that. Someone wanted to see if there >> was something juicy lying around. The server served the URL >> "http:///" >> which was the index.{html,htm,php,etc} file in the vhost0 root directory. > > Sorry, I still don´t understand. You seem to imply that any request to > a web server which, for whatever reason, doesn´t serve the request or > doesn´t serve for the domain given in the request --- I´m not sure which > is in question here: the domain or the request --- can be considered as > an attempt to obtain information the requester is not supposed to have. > > So far, my understanding has been that the requester is supposed to > receive a 4xx or 5xx error message/code when the server does not want to > or can not serve the request. > > For instances when the web server gives a wrong answer to a request it > does not serve --- like sending the index page used with requests for a > different domain instead of indicating an error --- someone has > misconfigured the server, or there is a bug in the server. Neither has > anything to do with the sender of the request, other than that they > receive a wrong answer. It´s not the fault of the sender of the request > when the web server sends the wrong answer. I don't know how to say it more precisely. 1) this is not an exploit. 2) apache has (to my mind) a minor bug where it serves pages from the first vhost if you ask for an unknown vhost. 3) the request in the initial post was for the page at the root of the directory tree often called /index.html . 4) the request was successfully served hence the 200 return code. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F19: Is this an httpd attack attempt?
lee writes: > Could someone please explain why/how this may be considered as an attack > or at least as something bad? Someone requesting an URL from a web > server that doesn´t serve this URL --- or doesn´t serve the specified > domain at all --- could be caused by incorrect responses from name > servers, couldn´t it? > > What is it in particular that would distinguish the request in question > from others? This is not an attack, but someone fishing for information. I understand that apache in some modes give you the first configured vhost when encountering a query like that. Someone wanted to see if there was something juicy lying around. The server served the URL "http:///" which was the index.{html,htm,php,etc} file in the vhost0 root directory. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
hardware TPM module - install?
What is the current feeling on installing an optional hardware TPM module on a motherboard that has a header for it? My most recent Asus motherboard has a header for a $20 TPM module. From what I understand this module has a hardware random number generator that can spit out 10's of kbits/sec of entropy and has several different modes for storing user-loadable crypto keys. On the surface, both of these sound like useful things. Is there a downside? Can a flawed RNG pollute the entropy pool in a way that lowers the security? -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Good Fedora-compatible multi-monitor video card recommendation
>> Digimer writes: >>> What would be a good (as in, relatively painless) video card for >>> driving as many 1080p monitors as possible? I'm not concerned about 3D >>> performance at all... It will be to display terminals/rarely-changing >>> web pages only. ATI FirePro 2460 512MB DDR3 4x Mini-DisplayPort Low Profile PCI-Express Video Card ~$240 from Amazon. Back when I looked this was the only game in town that allowed 4 DP or 4 (single-link) DVI. The price is pretty much a rip-off, but what can you do when there aren't any cheaper choices? One caveat if you ever want to put higher res monitors on this, the virtual framebuffer on that card is only 8k x 8k. You can only put 3 2560x1440 monitors on it horizontally (or 2 "4k" monitors). -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: dns/dhcp client - hooks??
Tim writes: > You really don't want some > client to be able to log in and claim to be the "printserver," or any > other vital machine name, when something else really does that role. You don't have to allow this. Bind will let you issue keys for doing nsupdates. The keys can restrict the client to be permitted to edit one hostname and no more. I actually have both client-side and dhcpd-side dynamic dns in place. Both have their advantages and disadvantages. The biggest advantage to client-side dynamic dns is that I can take a laptop to a different location and still get its current ipv4 and ipv6 addresses registered in DNS. With working ipv6 I can even log in to the laptop and perform remote maintenance. The advantage to dhcpd based updates is that it catches all the riff-raff that one can't instrument with the client code needed for the nsupdates. In practice, it only gets the ipv4 addresses and the ipv6 hosts use slaac to silently assign themselves an ipv6 address. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: IPv6 breakage in NetworkManager
Dan Irwin writes: > Seeing significant issues with IPv6. After some time, IPv6 completely > seems to stop working. IPv4 is unaffected. I'm seeing an IPv6 breakage in NetworkManager/dhclient6 too. At first it looked like an Selinux problem (there was an avc), but fixing that didn't stop the problem with NM not getting a working IPv6 address via dhclient6. BZ#1055226 https://bugzilla.redhat.com/show_bug.cgi?id=1055226 > Re-connecting to wifi seems to restore IPv6 connectivity. Mine is via an ethernet connection to my cable modem which connects to Comcast. I can do a "systemctl restart NetworkManager" in order to get an ipv6 address. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: dns/dhcp client - hooks??
bruce writes: > As I understand it, there's a process/way to use dhclient-scripts to > generate hook functions that can be called, which can then dynamically > update the dns using nsupdate... Just add a routine to do an nsupdate to /sbin/dhclient-script or if you are using NetworkManager add an nsupdate script to /etc/NetworkManager/dispatcher.d/ . That's essentially what I do here. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: SELinux RPM scriptlet issue cleanup
Markus Lindholm writes: > --> Finished Dependency Resolution > Error: Multilib version problems found. This often means that the root >cause is something else and multilib version checking is just >pointing out that there is a problem. Eg.: > ... I found that removing just the old firefox wouldn't work due to multilib issues. 'yum erase firefox' to remove both did work. Then you can just add firefox back. Does anyone know if /var/log/yum.log is accurate in the face of these scriptlet failures? After updating the selinux policies, is reinstalling everything mentioned in /var/log/yum.log for that day sufficient to get everything back on track without any lasting damage? -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
creating unreachable routes with NetworkManager
Back when I ran my server with the networking scripts instead of NetworkManager it was easy to add unreachable routes. I'd put lines like the following: /etc/sysconfig/network-scripts/route-lo: unreachable 10.0.0.0/8 unreachable 172.16.0.0/16 unreachable 192.168.0.0/16 /etc/sysconfig/network-scripts/route6-lo: unreachable fc00::/7 When lo was enabled, I'd get those unreachable routes loaded (and a few others that the networking scripts added for me.) Now with NetworkMisManager I don't get either my unreachalbes or the formerly built-in ones. Is there a trick I'm missing? Obviously I could do an "ip route add" from a private systemd service, but that seems a bit heavy handed. (The reason I need to add the unreachables is that my ISP doesn't send me network unreachables for private addresses. For laptops on the go, they sometimes get routable IPv6 addresses as well as unroutable IPv4 addresses. I use nsupdate to register my laptop's current addresses in DNS and when private addresses show up it would be nice for things like "ssh laptop" to quickly move on from the private addresses without a very long timeout.) -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: ssh sessions hang F19/20
Mark Haney writes: > This might be a simple question, but I'm having trouble with my ssh > sessions hanging. I have a server at home that I normally connect to > via SSH on a pretty regular basis while I'm at work for pen-testing as > well as checking network latency and other things. Are you behind a NAT box by any chance? It is probably timing out your state after 10 minutes or so of no packets on that tcp connection. add this to /etc/ssh/sshd_config: # Set the keep-alive for a heartbeat every 60 seconds and a connection # close after 30 minutes. -wsr 2003/11/26 ClientAliveInterval 60 ClientAliveCountMax 30 add this to /etc/ssh/ssh_config: Host * # set the keep-alive for a heartbeat every 60 seconds and a connection # close after 30 minutes. -wsr 2003/11/26 ServerAliveInterval60 ServerAliveCountMax30 This adds a heartbeat for both incoming and outgoing connections. It should keep your NAT mappings from timing out. > Keep-alive is set as far as I can tell. Any ideas? It is acting like they are not. What settings do you have? -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: how to set up my "fetchmail" on f20 without sendmail?
"Robert P. J. Day" writes: > since (obviously), without sendmail, nothing is listening on port > 25. so what's the solution these days? a pointer to a web page > somewhere would work just fine. thanks. Since mail at your ISP is most likely going to all go to one user, piping it into a full-blown MTA is overkill. I just have ISP imaps mail placed into the user's mbox directly with getmail(1). I run getmail out of the user's own crontab twice an hour. yum install getmail -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Security/Hacked System - Now what?!!
bruce writes: > However you can also mod the ssh_config (i believe) to have it auto > use the keyFile with the pub/private key to negotiate the user/passwd > process for the ssh cmd. This is useful when remotely/programatically > accessing the ssh cmdline process for running remote apps, xferring > files, etc. Programatic password-less access can be done if you carefully limit the user to be powerless and the commands that that user is allowed to execute are limited to the one command you want to run over ssh. Search for 'command="command"' in the sshd man page. > But, and in my case, once all of this is setup, and working. If hacker > guy gets in Sys1, (where Sys1/Sys2 have been setup to do pub/private > key, and the underlying Sys1/Sys2 keyfiles have been created) then > hacker guy can easily get into/access Sys2, provided they "know" the > username. That is why you generally don't want the remote systems to have access to the main server. More secure would be if you push information from the main server to the remote systems. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Security/Hacked System - Now what?!!
bruce writes: > And regarding the ssh/remote access, you specify public/private keys, > and you have the key process run from the key file. This allows a user > to be able to ssh into the box without having to use the ssh passwd, > but only from the corresponding box that has the associated public > (master/client) passwd/key setup to permit the login access. You should set up the RSA or ECDHE private keys with a password. ssh-keygen prompts you for a password when it cranks out the key for you. > But in this situation, if a user hacks into the 1st system, then they > have access to the 2nd system, assuming they know the 2nd system's > username. This would happen as the private/public key access file has > been setup! Without the decryption password for the RSA or ECDHE keys, they are going nowhere. On the other hand, you want *all* of your systems up to snuff with all forms of unix password logins turned off. Seems like you are implying that some systems are easier to break into than others. That's not good. /etc/ssh/sshd_config: Protocol 2 # reset the host keys to only rsa or ecdsa HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key # rekey every hour or default data (1G - 4G depending on cipher) RekeyLimit default 1h SyslogFacility AUTHPRIV # We use RSA/ECDSA. If it hasn't completed in 10 seconds, there is a # big problem. LoginGraceTime 10 # Unlike what this looks like, it says that root may not use the unix # password for authentication. Root *must* use public-key. -wsr PermitRootLogin without-password AuthorizedKeysFile .ssh/authorized_keys # no unix passwords any more. RSA or ECDSA only. PasswordAuthentication no ChallengeResponseAuthentication no KerberosAuthentication no GSSAPIAuthentication no UsePAM no X11Forwarding yes UsePrivilegeSeparation sandbox # Default for new installations. # Set the keep-alive for a heartbeat every 60 seconds and a connection # close after 30 minutes. -wsr 2003/11/26 ClientAliveInterval 60 ClientAliveCountMax 30 # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # Cut down on the number of user accounts that can ssh in just in case # some bug allows .ssh/authorized_keys files to be written. AllowUsers root user1 user2 usern # --- end -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Security/Hacked System - Now what?!!
bruce writes: > You then mod SSH as required to disable root login > OK, what else should you do? Root login isn't a bad idea in and of itself. More important is to not allow anything but public key logins (eg. ECDSA, RSA). For people logging in with root credentials, give everyone a different public key and keep a secure copy of /var/log/secure on a secure system for backtracking breakins. Each login (including root) will show which key was used to log in. You can easily see who lost control of their key. I'm a firm believer in never allowing passwords logins over the net. Users will hardly ever use random-letter-upper-lower-number passwords. They always think they are oh so clever with easily guessed strung together words, with or without a punctuation char. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
ipv6 breakage
IPv6 under f20, f19 and f18 has been rock solid for me this past year. Now in, the last few days, yum updates have brought some lossage that requires a periodic reboot to get IPv6 connections to the internet back. I can't immediately see what the problem is. The outward-facing interface still has the same IPv6 address it has had for many months. The ipv6 default route still points out internet-facing interface. "ip -6 neigh show" shows only STALE and FAILED transactions. Seems like one of the latest yum updates pooched the neighbor discovery stuff. [wolfgang@arbol ~]$ ip -6 neigh show fe80::201:5cff:fe32:7741 dev p32p1 lladdr 00:01:5c:32:77:41 router REACHABLE fe80::a60:6eff:fe74:6fe2 dev p34p1 lladdr 08:60:6e:74:6f:e2 router STALE fe80::20a:cdff:fe21:7513 dev p32p1 router FAILED fe80::1 dev p34p1 lladdr 44:94:fc:73:cf:43 router STALE 2001:558:6045:22:4c99:1c47:4456:b031 dev p32p1 FAILED 2601:9:a00:1f:9221:55ff:fe66:1b5 dev p34p1 lladdr 90:21:55:66:01:b5 STALE fe80::4694:fcff:fe73:cf44 dev p34p1 FAILED fe80::9221:55ff:fe66:1b5 dev p34p1 lladdr 90:21:55:66:01:b5 STALE (p32p1 is the outside, internet-facing interface, p34p1 is the inside local lan-facing interface) Is anyone else seeing this? Surely I'm not the only one running f20 on ipv6. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Cron vs. Whenjobs vs. Goaljobs
Jonathan Ryshpan writes: > In more detail: I have a cron job which backs up my desktop system > every day. The job is actually invoked by anacron, which starts it > about an hour after I boot up the system for the day. Backing up takes > from half an hour to an hour and a half, depending. > > * Frequently, I start the system, check my email and leave for > breakfast; on these days, I'd like backup to start when I leave; I > would invoke it by a shell script or whatever. > > * Other days, I stay on the system for a while; on these days I'd like > cron to start the job whenever its algorithms think best. > > * I don't want to leave starting the job completely to a shell script > run from a terminal, because I'd often forget to run it. > Why not run /etc/cron.hourly/0anacron just before leaving for breakfast (or give it an easier to remember alias like "run-anacron-now")? What I do here the systems that are booted infrequently is add this to /etc/crontab: @reboot root /etc/cron.hourly/0anacron and change /etc/anacrontab: # the maximal random delay added to the base delay of the jobs RANDOM_DELAY=2 # the jobs will be started during the following hours only START_HOURS_RANGE=0-24 -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: hardware full disk encryption
Chris Murphy writes: > On Dec 12, 2013, at 1:36 PM, "Wolfgang S. Rupprecht" > wrote: >> >> If I didn't have always on, hardware FDE for free in the SSD, I'm >> sure I'd be happy with LUKS. > > Yes, it's annoying. But the task is also difficult to do correctly in > a preboot environment. Arguably they got ahead of themselves and > should have first come up with an open SDK so that at the least we > could easily use the SED feature for data drives, rather than the much > more complex case of booting from them. Thanks for this and the previous reply. That gave me a good background and a bunch of new acronyms to google for. I found an interesting white paper by the Intel IT dept. They tried dogfooding their own SSD's and if I'm understanding things correctly, the boot-time bios hooks are sufficient to query the user for the disk password and unlock the SSD. http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/it-management-wde-ssd-amt-encryption-paper.pdf It also strikes me that one can set the ssd disk password at any time after OS installation. Since the disk contents are already encrypted and will continue to be encrypted by the same AES key, from the data's perspective nothing has changed. > CRYPTO ERASE is part of the same ATA command set as SECURITY ERASE and > ENHANCED SECURITY ERASE. Those last two commands cause the drive to > erase itself, all physical sectors, one by one, even ones that don't > have LBA mappings. It's quite a bit faster than writing zeros. Only > one of those commands or fstrim is recommended for SSDs, not writing > zeros. But from the current hdparm man page I'm not seeing an option > to issue this command to drives that support it. I figured out how to do the SECURITY ERASE a while back. The biggest complication is that for most bioses the disk has to be connected to a pcie disk controller. All the mobo sata ports have their attached disks ata "frozen" by the bios as an "aid" to users of virus-ridden OS's. In the absence of a pcie sata controller, one must power cycle the SSD while the computer is up. (I forget if pulling the sata and replugging it is good enough. it might be.) This clears the "frozen" bit. Then one does the following: disk=/dev/sdb pass=funkystuff hdparm -I $disk echo 'Should say "not frozen"' hdparm --user-master u --security-set-pass $pass $disk || exit time hdparm --user-master u --security-erase $pass $disk hdparm --user-master u --security-disable $pass $disk hdparm -I $disk echo "should say 'not enabled'" -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: hardware full disk encryption
Bruno Wolff III writes: > On Thu, Dec 12, 2013 at 11:32:41 -0800, > "Wolfgang S. Rupprecht" wrote: >>Google is failing me here due to search spam for LUKS which doesn't >>appear to be capable of *full* *disk* encryption. It only seems to >>encrypt individual partitions. > It can do full encryption of block devices. If you aren't booting of > the SSD you could encrypt the whole drive. The luks header will still > be on the SSD. If you didn't want that either, you could do some > trickiness with dm to have the header on a different physical > device. This is all going to need manual setup, as it isn't the normal > case. (For most people leaking the partition information isn't a > significant risk and encrypting by partition is simpler.) No, leaking the partition info for the bootstrap isn't a worry for me either. ;-) It's just that LUKS shows up and dominates searches for FDE. If I didn't have always on, hardware FDE for free in the SSD, I'm sure I'd be happy with LUKS. After a bit more research it appears that the SSD FDE machinery is always on, even with a blank password protecting the internally generated random AES key. It is impressive that the disk does ~ 480 MBytes/sec (actual measured speed) even when squeezing all the data through AES-128. Of course, with the Snowden revelations, one has to wonder how random the randomly chosen internal AES key is. If it is from an intentionally crippled RNG, it may be easy for someone in the know to do a brute-force search for it. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
hardware full disk encryption
I've got a standard consumer Intel 520 SSD, which claims to do hardware based AES disk encryption with no speed penalty. It sounds like a useful way to protect laptop data if the laptop is ever stolen. Has anyone tried to do hardware-based full disk encryption with Fedora? Does one need to boot from a live usb or something in order to get to an environment where one can even enter the AES key for the disk decryption? Google is failing me here due to search spam for LUKS which doesn't appear to be capable of *full* *disk* encryption. It only seems to encrypt individual partitions. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: install fedora via usb stick
"Jared K. Smith" writes: > Check out the instructions at > https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB Anyone know why there are so many complicated ways listed? Does the obvious dd not work for some people? I've been doing the following for my clean installs for ages. As far as I know that live iso's are structured in a way that they can be used as both a disk image with embedded partition table and a straight iso. dd if=Fedora-Live-Desktop-x86_64-20-XX.iso of=/dev/sde bs=1M -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: failed updates
Tim writes: > Allegedly, on or about 07 December 2013, Wolfgang S. Rupprecht sent: >> I do see that on my IPv6 systems whenever the stupid Netgear 3700v4 >> router craps out after 2-4 days uptime and needs a reboot. The Fedora >> machinery thinks IPv6 still works, but the packets never make it past >> the router > > Ever tried getting Netgear to replace the faulty product? Just > wondering what their response would be... I do like the hardware (128 MByte Dram, 128 MByte Flash). That's the highest by far that I've been able to find in a cheap $80 router. It should allow for some pretty elaborate features. I was hoping that one of the open-source firmwares (dd-wrt, open-wrt, etc) would be available for it soon. As to getting the Netgear firmware fixed, I understand that the technical people behind the Comcast IPv6 setup are looking into the problem with Netgears. It spans the whole product line. Something goes wrong with the dhclient asking for a prefix delegation. The first one happens just fine but the renewal never happens. I suspect that Netgear is going to listen to Comcast with their millions of customers much more closely than little ol' me. http://www.dslreports.com/forum/r28719812-IPv6-ipv6-stops-working-after-a-few-days -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: failed updates
Ed Greshko writes: > On 12/08/13 08:03, Frank wrote: >> Just tried to update my Fedora 19 with yum check-update. It seems >> every mirror has a problem: >> >> http://mirror.csclub.uwaterloo.ca/fedora/linux/updates/19/i386/repodata/repomd.xml: >> [Errno -1] repomd.xml does not match metalink for updates >> Trying other mirror. >> ftp://mirror.nexicom.net/pub/fedora/linux/updates/19/i386/repodata/repomd.xml: >> [Errno 14] curl#7 - "Failed to connect to 2607:f1f0:1:3::2: Network >> is unreachable" > > Just updated my F19 system without incident. But, I am on a IPv4 only > system and you're system seems to be using IPv6. "2607:f1f0:1:3::2: > Network is unreachable". I do see that on my IPv6 systems whenever the stupid Netgear 3700v4 router craps out after 2-4 days uptime and needs a reboot. The Fedora machinery thinks IPv6 still works, but the packets never make it past the router, so every repo that advertises IPv6 connectivity fails. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: SD card slot
Richard Vickery writes: > I made the error of pulling the card out before unmounting it, and now > the computer won't read a card -which may be obvious. Is there any way > to fix this? If the computer won't read *any* SD card even after a reboot, then it sounds like you may have broken the SD card controller in the computer by pulling the SD card while power was still applied to it. Sorry. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: netflix
Mike Wright writes: > Anybody know how to get Netflix to play on a fedora box??? Until Netflix wants you to play netflix on Linux, you won't be able to. There are a few hacks like installing wine and silverlight that work for some people, but none worked for me when I last tried it in Jan 2013. I ended up buying a roku box, which just worked. It was also lower power than my desktop by far, so it wasn't exactly a lose all the way around. If you have some time to kill, you might try working down this list of methods: http://how-to.wikia.com/wiki/How_to_watch_Netflix_(Watch_Instantly)_in_Linux -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsync errors (selinux?)
ok, I think I see what happened. [root@arbol wolfgang]# ll -Z /home/wolfgang/.config/google-chrome-unstable/Default/Extensions/_hidden_/0.0.5.0_0/_locales/lt/messages.json -rw-rw-r-- wolfgang wolfgang ? /home/wolfgang/.config/google-chrome-unstable/Default/Extensions/_hidden_/0.0.5.0_0/_locales/lt/messages.json The contexts on the source machine are messed up. I recall when I did a "yum distro-sync" that I got an error message between the rpm's for selinux-policy and selinux-policy-targeted about the policy file build failing. I yum erased both rpms (not knowing which caused the error msg) and re-installed them both. I didn't get an error that second time so I figured all went well. Subsequent "restorecon -rv /home" completed without error, so I figured all was well. Off to google as to how to rebuild the policy file... -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsync errors (selinux?)
Daniel J Walsh writes: > service auditd status [wolfgang@arbol ~]$ service auditd status Redirecting to /bin/systemctl status auditd.service auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled) Active: active (running) since Mon 2013-11-25 03:54:01 PST; 12h ago Main PID: 308 (auditd) CGroup: /system.slice/auditd.service ├─308 /sbin/auditd -n ├─313 /sbin/audispd └─315 /usr/sbin/sedispatch Nov 25 03:54:01 arbol.wsrcc.com systemd[1]: Starting Security Auditing Servi Nov 25 03:54:01 arbol.wsrcc.com auditd[308]: Started dispatcher: /sbin/audis...3 Nov 25 03:54:01 arbol.wsrcc.com audispd[313]: priority_boost_parser called w...4 Nov 25 03:54:01 arbol.wsrcc.com audispd[313]: max_restarts_parser called wit...0 Nov 25 03:54:01 arbol.wsrcc.com audispd[313]: audispd initialized with q_dep...s Nov 25 03:54:01 arbol.wsrcc.com systemd[1]: Started Security Auditing Service. Nov 25 03:54:01 arbol.wsrcc.com auditd[308]: Init complete, auditd 2.3.2 lis...) Hint: Some lines were ellipsized, use -l to show in full. [wolfgang@arbol ~]$ I'm beginning to think that this is an internal rsync problem where it can't set the destination file contexts. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rsync errors (selinux?)
Daniel J Walsh writes: > ausearch -m avc -ts recent local host (source of rsync): [root@arbol audit]# ausearch -m avc -ts recent [root@arbol audit]# remote host (destination or rsync): [root@capsicum audit]# ausearch -m avc -ts recent [root@capsicum audit]# also a tail -f on /var/log/audit/audit.log on both machines while the errors were spewing on the screen showed no corresponding errors (or other output for that matter) in audit.log. -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
rsync errors (selinux?)
For several years I've been doing an rsync across-the-lan backup for home directories. All has worked well until recently (well, since the fedup to f20 last night). Now backups are failing with an inscrutable rsync error. While the errors mention selinux, I don't see any errors in either the sending or receiving machines /var/log/secure logfiles. exclude=" --exclude=.gvfs --exclude=simplelock --exclude=.popmail.lock --exclude=SingletonLock --exclude=SingletonCookie --exclude=SingletonSocket " rsync -axHAX --log-file=/var/log/rsync.log --log-file-format="%t [%p] $host %o %f %l" --delete --delete-excluded $exclude /home/ $host:/home/ /var/log/rsync.log: ... 2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: lremovexattr(""/home/wolfgang/dotfiles-f19/.local/share/zeitgeist/fts.index/record.baseB"","security.selinux") failed: Permission denied (13) 2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: lremovexattr(""/home/wolfgang/dotfiles-f19/.local/share/zeitgeist/fts.index/termlist.baseA"","security.selinux") failed: Permission denied (13) 2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: lremovexattr(""/home/wolfgang/dotfiles-f19/.local/share/zeitgeist/fts.index/termlist.baseB"","security.selinux") failed: Permission denied (13) 2013/11/24 09:35:21 [15417] rsync: rsync_xal_set: lremovexattr(""/home/wolfgang/hackbin/monitor-layout"","security.selinux") failed: Permission denied (13) 2013/11/24 09:35:23 [15417] rsync error: unexplained error (code 255) at rsync.c(634) [sender=3.1.0pre1] Any ideas what's up and what I need to do to get this working again? -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Chron curiosity
Geoffrey Leach writes: > I have this line in /etc/crontab: > > 30 23 * * * geoff /usr/local/bin/fp.pl > > which executes the program every day at 2330. The script terminates by > executing system 'sudo systemctl start poweroff.target'; > > Generally this works as expected. > > However, when I realize that the shutdown happened too soon, and I > restart the system, it re-executes the script. > > Any suggestions as to where I've gone wrong? You didn't wait a minute for before restarting the computer? ;-) Look at the top of /etc/cron.hourly/0anacron and add logic just like this to your script. Cron is stateless across reboots (as far as I know) and has no way to tell if it already ran. You have to record that fact yourself. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: OT: Hard drive warning at boot time
Paul Smith writes: > 5 Reallocated_Sector_Ct 0x0033 013 013 036Pre-fail > Always FAILING_NOW 3587 What the other respondents missed is that this is the *reallocated* sector count. It is a count of the sectors that have already been replaced by spares. There are no unreadable files currently. The replacement only happens on writes, so you are probably seeing freshly written, pristine files. As to the haste you should replace the disk with, that all depends on how the sectors got trashed in the first place. If you moved the computer while it was up and writing to the disk the arm could have been jiggled onto the next track during the write. I know that happens with 3-1/2" drives. I was seeing an ever increasing reallocated sectors on my desktop machine until I traced the lossage back to me tilting the case forward in order to get easier access to the connectors on the back. Another computer, my laptop has had 6 reallocated sectors since the first few weeks after I got it. That was 7+ years ago. The disk is still going strong with no increase in reallocated sector count (or pending reallocation sector count) in all those years. Stable reallocated counts shouldn't bother you too much. It is when they go up that you should be concerned. On the other hand, I do nightly rsync backups to a spare disk. According to google, which probably has more disks that the NSA, only half of the disk drive deaths are preceded by smartmon saying anything. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: no audio with HDMI
Mike Wright writes: > I've connected the HDMI output from a PC to an HDTV's HDMI port. The > TV reports HDMI no audio. > > On the PC, PulseAudio Volume Control->Output Devices shows: > > HDA ATI HDMI Digital Stereo (HDMI) > Port: HDMI/Display Port Same problem here on an Asus M3A78T with AMD chipset. In addition to no audio, the videos play at ~10x speed over HDMI. Over DVI to a computer monitor they play normal speed and audio over the analog 1/8" jacks works too. HDMI support seems kind of rough all around. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: 3840x2160 resolution?
Tom Horsley writes: > I am fascinated by the idea of having a Sharp PN-K321 monitor > (but it will remain a fantasy till the price gets much lower :-). There are bugs that high resolution monitors trigger. https://bugzilla.redhat.com/show_bug.cgi?id=896170 Most current AMD/Radeon are limited to 8k x 8k. The horizontal limit will probably be the first one you hit. You can do two landscape 3840x2160 or three landscape 2560x1600 monitors. You can run the Sharp monitor from a displayport and AMD/Radeon displayports are easy to find. You can even get a fan-less quad displayport card (ATI Firepro 2460). -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Who? Me?? Attacked???
Junk writes: > It also might be something much more mundane such as a bug in the > browser which occurs when you have 100+ tabs open and tries to write to > a misaddressed memory region. It may well be some malloc()-like routine returning 0, saying "no more memory for you buddy" and the code blindly dereferencing that value and causing a write to the 0-page. It is a common error with sloppy coders. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk spindown
poma writes: > grep -w sdc /proc/diskstats >dstat.1st > sleep 60 > grep -w sdc /proc/diskstats >dstat.2nd > if cmp dstat.1st dstat.2nd >/dev/null 2>&1 > then > echo Stopping disk, spinning down… > sdparm -f -r -q -v -C stop /dev/sdc > exit 0 > else > echo Disk busy. > exit 1 > fi > EOF Thanks! I had forgotten about sdparm. (Boy do I miss the days when I just installed everything and then could do something like "man -k disk" to find likely candidates. Monitoring /proc/diskstats might also give me a clue as to what is touching the disks. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disk spindown
Bill Davidsen writes: > Wolfgang S. Rupprecht wrote: >> I've done the following and the "hdparm -C" does show the disk spun >> down, but the next time I look it is spun up, and it stays up. The disk > One thing wrong might be jumpers, Other than that, I suspect something > is still accessing it. udev? Thanks for the good ideas. This is a WD Caviar Green and the jumpers are only documented to slow down the SATA by one notch and add spread spectrum clocking for rf noise reduction. I'll have to try to check for udev. Maybe running lsof in a loop will catch it. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
disk spindown
Has anyone succeeded in spinning down disks under Fedora? I've done the following and the "hdparm -C" does show the disk spun down, but the next time I look it is spun up, and it stays up. The disk is unmounted and I've stopped and disabled smartd, so it isn't accessing the disks. I don't think anything else is either. I'm probably missing a trick somewhere, but what??? disk=/dev/sdc hdparm -S 120 $disk hdparm -y $disk hdparm -C $disk -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Optimization Start Up of Fedora
carachi diego writes: > Yes the SSD is a possible solution to reduce the boot time, but I am > in doubt for the writng circle of the SSD because it is very few than > a magnetic HDD... Just get an Intel 520 series at least twice the size you need and wear out won't be a problem. The biggest problem is when people fill the SSD to near capacity and the SSD firmware has to do excessive juggling because there aren't enough free blocks. The SSD has to clean a whole write block (~ 1MByte or more) and juggle things around. (keyword: write amplification). > What about load the kernel and operating system on RAM? I see that it > is possible load with grub all in memory and if I understand well > after the operating system became very faster. Someone try to do that? > Maybe increase the time of booting but after you have a very faster > computer... > What do you thing about this? Sounds useful. You'll have to write it though. Slapping in an SSD is simple and doesn't require you to write any home-grown code. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to set enforcing to 0?
Daniel J Walsh writes: > touch /.autorelabel; reboot > > Will cause a relabel at boot, although not necessary now. One thing that has always bothered me about the first "restorecon -rv /" run after a fresh install is how many files are relabeled because the restorecon database and the rpm that the file came from disagree on the context. Should we put in a bug report for these? Are these things benign enough to ignore? -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network-scripts documentation
Sam Varshavchik writes: > My old router, that was running DD-WRT firmware, bit the dust. The > stock brand router that replaced it doesn't have the ability to send > NTP for clients via DHCP. I'm trying to figure out if I had drop > something into /etc/sysconfig/network-scripts/ifcfg-*, that'll have > the effect of doing that. Seems like overkill. Why not just add it to /etc/ntp.conf and/or /etc/chrony.conf ? If you are off-net and if the server has a non-routable address that ntp host simply won't be used. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Optimization Start Up of Fedora
carachi diego writes: > I would like to know if someone knows where I can find some guide, > tutorial that can help me to improve the performance of Fedora on my > laptop in start up. The biggest change you can make to your laptop to get it to boot faster is throw out the rotating disk and buy an SSD (Solid State Disk). A 120GB disk can be had for under $120. You can cut your boot time from 1+ minute to 15 sec (from the time grub loads to the time the login screen appears). No other change you can make will be anywhere close to that dramatic. The one fly in the ointment is that you need to have a modern enough laptop for the disk to be a SATA disk. Anything newer than ~2007 should be ok (but check your disk first before ordering an SSD). -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
F18 Xorg/drm/kernel - Failed to find memory space for buffer 0xXXX eviction
On most of my systems the F17 to F18 upgrade went well. On the main one, my desktop, I'm seeing a string of failures that leaves the display in various states of unusable depending on the positions of the stars and planets. The file /var/log/messages contains the following and the displays have messed up icons and background images. It looks like the frame buffer is just displaying random snippets of past items in some mosaic-ed pattern. 2013-01-27T20:06:10.077567-08:00 arbol kernel: [ 28.832592] [TTM] Failed to find memory space for buffer 0x88021ceda848 eviction 2013-01-27T20:06:10.077590-08:00 arbol kernel: [ 28.832604] [TTM] No space for 88021ceda848 (9660 pages, 38640K, 37M) 2013-01-27T20:06:10.077592-08:00 arbol kernel: [ 28.832609] [TTM] placement[0]=0x00070002 (1) 2013-01-27T20:06:10.077593-08:00 arbol kernel: [ 28.832613] [TTM] has_type: 1 2013-01-27T20:06:10.077595-08:00 arbol kernel: [ 28.832616] [TTM] use_type: 1 2013-01-27T20:06:10.077596-08:00 arbol kernel: [ 28.832619] [TTM] flags: 0x000A 2013-01-27T20:06:10.077597-08:00 arbol kernel: [ 28.832621] [TTM] gpu_offset: 0x2000 2013-01-27T20:06:10.077599-08:00 arbol kernel: [ 28.832624] [TTM] size: 131072 2013-01-27T20:06:10.077600-08:00 arbol kernel: [ 28.832627] [TTM] available_caching: 0x0007 2013-01-27T20:06:10.077601-08:00 arbol kernel: [ 28.832629] [TTM] default_caching: 0x0001 Does this ring a bell with anyone? Is there something I can turn off (perhaps in Xorg.conf) to stop this lossage perhaps at some cost in CPU time or speed? It feels like it must be some video acceleration hack gone awry. Why else would the kernel get involved in this level of xorg userland drawing to the framebuffer? I put in a bugzilla for this a dozen days ago, but so far, not even a peep from anyone. I figured I'd try for a larger audience. https://bugzilla.redhat.com/show_bug.cgi?id=896170 -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Tom Horsley writes: > On Fri, 25 Jan 2013 14:45:29 -0800 > Wolfgang S. Rupprecht wrote: >> The ISP's that give you IPv6 addresses (Comcast for one) will also use >> dhcp to give you a whole 64-bit network of addresses via DHCP-PD. > > Yea, but unless the router you have comcast's cable modem > plugged into supports v6, it doesn't really matter what comcast does. Many routers can be updated with firmware from openwrt / ddwrt etc. I've never felt the need for one of these routers to be between my internal ethernet and the dsl or cable modem. The software on them usually sucks and the CPU is usually underpowered compared to a desktop machine running with two ethernets. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: R graphics in F18 (x86_64, Huge blocker for me)
Ranjan Maitra writes: > So, has anyone tried this out in F18, on x86_64? > sudo yum install R-core ... > graphics window shows up but no graphics get displayed for me. No > messages also, anywhere. I don't know about R-core, but X.org output for me took a big hit with the "upgrade" to f18. I'm getting long waits for simple operations to complete and things like this are showing up in /var/log/messages. Might this be your problem too? 2013-01-16T04:46:38.463444-08:00 arbol kernel: [4.483876] [drm] Initialized radeon 2.24.0 20080528 for :01:00.0 on minor 0 2013-01-16T04:46:50.883021-08:00 arbol kernel: [ 19.909046] [TTM] Failed to find memory space for buffer 0x8802034b2c48 eviction 2013-01-16T04:46:50.883041-08:00 arbol kernel: [ 19.909053] [TTM] No space for 8802034b2c48 (9660 pages, 38640K, 37M) 2013-01-16T04:46:50.883043-08:00 arbol kernel: [ 19.909056] [TTM] placement[0]=0x00070002 (1) 2013-01-16T04:46:50.883044-08:00 arbol kernel: [ 19.909058] [TTM] has_type: 1 2013-01-16T04:46:50.883046-08:00 arbol kernel: [ 19.909060] [TTM] use_type: 1 2013-01-16T04:46:50.883047-08:00 arbol kernel: [ 19.909061] [TTM] flags: 0x000A 2013-01-16T04:46:50.883049-08:00 arbol kernel: [ 19.909062] [TTM] gpu_offset: 0x2000 2013-01-16T04:46:50.883050-08:00 arbol kernel: [ 19.909064] [TTM] size: 131072 2013-01-16T04:46:50.883051-08:00 arbol kernel: [ 19.909065] [TTM] available_caching: 0x0007 2013-01-16T04:46:50.883080-08:00 arbol kernel: [ 19.909066] [TTM] default_caching: 0x0001 2013-01-16T04:46:50.883164-08:00 arbol kernel: [ 19.909187] [TTM] Failed to find memory space for buffer 0x8802034b2c48 eviction -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: disable IPv6?
Robert Moskowitz writes: > On 01/24/2013 10:22 PM, Chris Adams wrote: >> Once upon a time, Tom Horsley said: >>> My system at work seems to take a long time to start >>> the network. I have this suspicion it is waiting for >>> an IPv6 DHCP server to respond (which won't happen). >> It looks like the F18 install writes out ifcfg-* files with >> "DHCPV6C=yes", which should probably not be set by default, especially >> since so few environments (even IPv6 environments) will have a IPv6 DHCP >> server. Comment out that line or set it to "no" and it should fix the >> slowdown. > > RA will be more common. That is what I have. +1 Belts and suspenders: check both. The ISP's that give you IPv6 addresses (Comcast for one) will also use dhcp to give you a whole 64-bit network of addresses via DHCP-PD. I'm curious how many of the people that are disabling their IPv6 actually have painless access to IPv6 and are ignoring it. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: recommendations for SSD drive as first disk for fedora 18?
Rick Stevens writes: > And please, PLEASE make sure you have a reliable and consistent backup > procedure. I like SSDs, but when they die they generally die > catastrophically and completely (at least in my experience) and you may > not be able to recover anything from them. You can do rsyncs from /etc/cron.daily onto a spare, normally unmounted and spun-down, disk. That way if your SSD ever goes south, you lose at most a day's work. When I got my ssd I wasn't sure what to expect, so I figured I'd play it safe. The only time I needed the daily backup was a goof that did involve the ssd, but was the result of confusion as to which directory I was in. The incredible speed of the SSD allowed me to delete a few thousand pictures in approximately a second. SSD's: allowing you to make mistakes faster than ever before. ;-) -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: any foss bitmap editor which can do this?
Fernando Cassia writes: > Is there any FOSS bitmap editor with a command line, allowing me to > experiment with, for instance, the circle drawing function and specify > the circle´s position on screen, and size (radius)?. I've used xfig to draw bitmaps in the past. It isn't command-line, but it is fairly simple to pick up and figure out (unlike gimp). The native internal xfig format is vector graphics, but you can output to bitmaps. It is fairly easy to bang out 16x16 icons for web sites using it. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup: it's full of stars
Reindl Harald writes: > and that is why in my opinion "rhgb quiet" is a dumb default > > you should never hit anything to see what is > going on with a proper free operating system I hate them too, but we probably aren't the intended audience. I assume that there is a human-factors study that indicates that non-technical users don't like to be reminded of how complicated things really are under the hood. At least that is why I thought such cover-up screens exist. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup: it's full of stars
Phil Meyer writes: > Its a Plymouth bug, I think. Caused by hitting > ESC before Plymouth is ready for you to. :) It is confirmed. That is all it was for me too. I just hit too early. The second time around I just let it be and it upgraded all by itself. I suppose there is a wise saying in there about watched computers never upgrading. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup: it's full of stars
Phil Meyer writes: > On 01/17/2013 02:06 PM, Wolfgang S. Rupprecht wrote: >> One of the laptops I'm trying to upgrade to f18/x86_64 from f17/x86_64 >> is printing row after row of asterisks after it rebooted into the fedup >> boot environment. >> >> Has anyone seen this before? Is there a fix or do I have to do a >> wipe/reinstall from some other source? >> >> -wolfgang > > > Yes, happened to me. Its a Plymouth bug, I think. Caused by hitting > ESC before Plymouth is ready for you to. :) Ah. That make sense. Thanks! That laptop is one of the two computers here that still have "rhgb quiet" appended to the boot lines. I did hit to see what is going on. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup: it's full of stars
Joe Zeff writes: > I must admit that your subject line gave me a major Stanley Kubrick > moment. ;-) I had to get people to read the msg. > Are there any signs of disk activity or is this all that happens? Not in the long run. There was some initially, but after a few seconds it stopped. I let the installer run for half an hour or so, but all it did was print stars and run the fan at high speed doing its best hairdryer imitation. I'm running fedup from f17 again. The fedup directory in /var/tmp seems to be gone now. There is a small chance that a local shell script which cleans /var/tmp was to blame. (It didn't effect the other 4 machines I updated with fedup, so I'm not entirely sure what was going on.) I'll report back whenever the fedup install gets to the point of trying a reboot again. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
fedup: it's full of stars
One of the laptops I'm trying to upgrade to f18/x86_64 from f17/x86_64 is printing row after row of asterisks after it rebooted into the fedup boot environment. Has anyone seen this before? Is there a fix or do I have to do a wipe/reinstall from some other source? -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Fernando Cassia writes: > On Mon, Nov 12, 2012 at 10:31 PM, Robert Moskowitz > wrote: > > Well my APC smart1400 has died, shorted battery. So I am in the > market for a new unit. > > > And replacing the battery is impossible because? I was about to suggest a replacement battery too. The problem is those old APC units used weird batteries and the replacement cost of that battery is ~$150. It is cheaper to just get a more modern unit that uses 2x $25 replacement batteries. The difference between a USB unit and a serial unit is significant. The serial control is very limited and a controlled automatic shutdown with an automatic reboot is problematic. I used to have a serial unit and unattended use was problematic. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Robert Moskowitz writes: > Well my APC smart1400 has died, shorted battery. So I am in the > market for a new unit. THe other problem you have with your UPS is that it doesn't take standard size batteries. The more modern units take standard 9ah 12v cells that can be had mail order for around $25 per cell. My APC Backups RS-1500 takes two of them. > I could get another APC 1400, but part of the reason it died was I was > not monitoring it to note a battery had failed. And I was not > monitoring it because it uses serial connection for the monitoring > system. > > So I am looking at what I might get with a USB monitoring port, either > APC or TrippLite and what software would work on Fedora. I'm happy with my unit. It has a USB connection and it works well with Fedora and BSD using apcupsd. The ~865 watts is 3x more than I need, but it is nice not to beat on the batteries too much. At 1/3 load the unit runs like 10x longer. The modern version of what looks like the same product is APC Backups Pro 1500. Just like my version, if you need more runtime you can add an external battery pack (BR24BPG) which triples your battery capacity for an ungodly amount of run time. (I have this unit and it is a blast to continue to work for close to two hours after a power failure.) -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: ahci sata data overruns
lee writes: > "Wolfgang S. Rupprecht" writes: >> The SSD in question is capable of 550 MByte/sec (Intel 520 SSD), while >> the PCIE controller is only an x1 single lane controller which probbly >> saturates the single lane at 480 MByte/sec. I'm assuming (perhaps >> incorrectly) that the controller is choking when it receives more data >> from the SATA than it can transmit on the PCIE. >> >> The bootup kprintf's show a 6Mbit/sec negotiation, but later when I try >> a transfer I see 130 MByte/sec transfers for a raw partition dd, hinting >> strongly that it is now talking at 1.5Mbit/sec on the SATA. I'm >> wondering if it is silently downshifting the SATA speed. In comparison, >> a slower SSD rated at 250MBytes/sec (which can stay within the PCIE x1 >> lane budget) runs at full speed, of slightly over 250MBytes/sec on the >> same controller. > > Have you tried to change the SATA cable? You could switch them over and > see what happens ... Yes. I've even swapped cables and SATA port between the good SSD that runs at 250MBytes/sec and this one. Same results and the other SSD still ran at its 250MBytes/sec on the cable and port the mis-behaving SSD was on. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: ahci sata data overruns
Alan Cox writes: > On Thu, 08 Nov 2012 09:43:29 -0800 > "Wolfgang S. Rupprecht" wrote: >> Can someone familiar with how the AHCI driver works confirm that data >> overruns on a SATA link can cause the driver to down-shift the SATA >> speed 6->3->1.5 Gbits/sec. I don't see any kprintf's but I notice that >> a high speed SSD acting as if the SATA were running at 1.5 Gbits/sec. > > It has a set of heuristics based upon error rate over time. > > I'm not sure what you mean by "data overruns" however The SSD in question is capable of 550 MByte/sec (Intel 520 SSD), while the PCIE controller is only an x1 single lane controller which probbly saturates the single lane at 480 MByte/sec. I'm assuming (perhaps incorrectly) that the controller is choking when it receives more data from the SATA than it can transmit on the PCIE. The bootup kprintf's show a 6Mbit/sec negotiation, but later when I try a transfer I see 130 MByte/sec transfers for a raw partition dd, hinting strongly that it is now talking at 1.5Mbit/sec on the SATA. I'm wondering if it is silently downshifting the SATA speed. In comparison, a slower SSD rated at 250MBytes/sec (which can stay within the PCIE x1 lane budget) runs at full speed, of slightly over 250MBytes/sec on the same controller. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
ahci sata data overruns
Can someone familiar with how the AHCI driver works confirm that data overruns on a SATA link can cause the driver to down-shift the SATA speed 6->3->1.5 Gbits/sec. I don't see any kprintf's but I notice that a high speed SSD acting as if the SATA were running at 1.5 Gbits/sec. This looks like it could be a bug. I can see down-shifting as a response to noise on the SATA link, but downshifting for data overrun reasons is only going to make the problem worse. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org