Re: [arch-general] Btrfs more than twice as fast compared to ext4
On 03/13/2010 08:35 AM, Shridhar Daithankar wrote: Hi, Just wanted to share an interesting experience I had today. Check http://ghodechhap.net/btrfs.performance.txt Great. A stable version released ? -- Nilesh Govindarajan Site Server Adminstrator www.itech7.com
Re: [arch-general] pdftk - almost build but died - need help figuring out if I can find a work-around
On 03/14/2010 10:37 AM, Edgar Kalkowski wrote: Am oder ungefähr am Freitag, 12. März 2010, schrieb David C. Rankin: Guys, I need pdftk for a script I use that does fax processing. I ran into this problem 6-7 months ago, but still had another server with pdftk on it so it wasn't critical. Now, I need to solve it. Hi David! I always liked to have pdftk around and one or two years ago built it from aur. But then at some point I uninstalled it and now I cannot build it again because I get the very same error you describe here. Currently pdftk in AUR is out of date due to it a dependency of gcc-gcj requiring it to be built against gcc-4.3. The building gcc-4.3 and then gcc-gcj part of the pdftk build goes fine (takes forever, but goes fine). The build seems to crater on a java-lib issue. Here is the actual error with a few lines of context: --- 8 - gcj -march=x86-64 -mtune=generic -O2 -pipe -w --encoding=UTF-8 --classpath=/usr/share/java/libgcj-4.3.jar:/home/david/arch/pkg/bld/pdftk/src/pdftk-1.41/java_libs -c Anchor.java -o Anchor.o Exception in thread main java.lang.NoClassDefFoundError: org.eclipse.jdt.internal.compiler.batch.GCCMain This exception means that gcj was looking for a class named org.eclipse.jdt.internal.compiler.batch.GCCMain and could not find it in the class path. at gnu.java.lang.MainThread.run(libgcj.so.9) Caused by: java.lang.ClassNotFoundException: org.eclipse.jdt.internal.compiler.batch.GCCMain not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:/usr/share/java/eclipse-ecj.jar], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}} This part explains a little more details about what the classpath was gcj looked in. It seems that the only file in the classpath at this point is /usr/share/java/eclipse-ecj.jar which is consistent with the call of gcj above (notice the --classpath argument). If you look into eclipse-ecj.jar you find that it contains a class named org.eclipse.jdt.internal.compiler.batch.Main and thus I think that this class was renamed at some point after gcj 4.3 was released. So it seems that this is indeed a java library issue. I did another test and tried to run gcj on a simple Hello-World java file and it failed with the same exception. So it seems not to be a problem with the pdftk build process but rather that the old gcj does not work anymore with the current eclipse-ecj package. I then looked at the current gcc PKGBUILD and thought I could compile it with java support but failed because I don’t really understand the gcc PKGBUILD (which is rather complex I think). - 8 - The problem is I am no good at figuring out what this is telling me I need to do to fix it. I know there was an exception thrown in thread main java.lang.NoClassDefFoundError: what I don't know is whether this is telling me there is a javalib version mismatch or something similar and whether this is something I might work around by loading/building some alternative java package, etc.. If you have any idea what is going on here, please pass along a pointer or two. If this is just one of those areas where I'm screwed and there isn't a way around it -- well knowing that would be helpful too. Thanks. If you find out anything more or even get pdftk to build again I would really like to know how to do that! :) Good luck! Edgar Edgar, Thank you for the excellent explanation! I guess it will be up to the maintainer or another arch dev to see if this package can be fixed to compile against the current java and gcc. I'll drop a note in the AUR page letting the maintainer know, but this has been out of date so long, I'm not sure what response we will get. I'll keep you posted if I can snatch victory from the jaws of defeat. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
Re: [arch-general] pdftk - almost build but died - need help figuring out if I can find a work-around
On 03/15/2010 01:06 AM, David C. Rankin wrote: On 03/14/2010 10:37 AM, Edgar Kalkowski wrote: Am oder ungefähr am Freitag, 12. März 2010, schrieb David C. Rankin: Guys, I need pdftk for a script I use that does fax processing. I ran into this problem 6-7 months ago, but still had another server with pdftk on it so it wasn't critical. Now, I need to solve it. Just a FYI, looks like fedora has pdftk with a gcc44 patch: http://cvs.fedoraproject.org/viewvc/rpms/pdftk/F-13/ I'll also drop a note at AUR -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
On 15 March 2010 06:19, Joe(theWordy)Philbrook jtw...@ttlc.net wrote: Could some nice Arch user point me at enough step by step instructions so that I can get enough of a gui up to use a browser like firefox so I can try to find solutions via the web while Arch is actually running??? http://wiki.archlinux.org/index.php/Beginners'_Guide is always a good place to start.
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
On Mon, 15 Mar 2010 02:19:25 -0400 Could some nice Arch user point me at enough step by step instructions so that I can get enough of a gui up to use a browser like firefox so I can try to find solutions via the web while Arch is actually running??? Please! The wiki is your friend: http://wiki.archlinux.org/index.php/Beginners%27_Guide http://wiki.archlinux.org/index.php/Xfce4 http://wiki.archlinux.org/index.php/Firefox you can use Lynx to view these in the console: pacman -S lynx regards, Ananda Samaddar
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
On 03/15/2010 01:19 AM, Joe(theWordy)Philbrook wrote: Hello, I've been using various Linux distros for a while now. I just decided to give Arch Linux a try. But I'm a little bit lost. I'm used to distros like Xubuntu, PCLinuxOS, OpenSuSE, etc... Where I don't need to personally understand what order I need to install which packages to get at least one GUI desktop up running... The install itself went ok. But I needed to add a few things. First I used the list of typical tasks for pacman from the installation guide, to figure out how to look for a package and install it with pacman. I installed mc and vim without a problem. Then I thought it would be nice if I could get a desktop up. I did a: pacman -Si xfce|less and looked for a package that might get me to a minimal desktop I could work with. I thought maybe xfdesktop... pacman -S xfdesktop It wanted (I think) 26 packages to satisfy the dependencies... Sounded low to me but what do I know? I figured the next step would be to ask for help (or a good step by step how-to) But sooner or later I was going to want xfce so I said yes... I didn't get any errors until the last package (xfdesktop itself) Then there was an error with a line number (oops I didn't write it down) And I think something about gtk icons, (something not existing...)sigh {If I'd figured out how to activate GPM I'd have pasted the error into a text file so that I could accurately report what it said.} When pacman reports an error, listing just one line number like that, does it stop processing. Or does the fact that there was only one error (about icons I think) mean that everything else in the package installed successfully??? More to the point: Will I need to figure out how to uninstall xfdesktop to resolve the error? Could some nice Arch user point me at enough step by step instructions so that I can get enough of a gui up to use a browser like firefox so I can try to find solutions via the web while Arch is actually running??? Please! Have you read the beginners guide? It's a great help for times like these, I'll post it below. Well what you wanna do now is to install the xorg group (pacman -S xorg) then the xfce group (pacman -S xfce4). Then move the .xinitrc file to your home folder (cp /etc/skel/.xinitrc/ /home/user/.xinitrc); edit this file to so that the line with startxfce4 is uncommented (in other words has a '#' in front of it. Finally, run 'startx' But do read the beginners guide, it is a very nice page that details all of these steps and more. http://wiki.archlinux.org/index.php/Beginners%27_Guide
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
Hi, On 03/15/10 07:19, Joe(theWordy)Philbrook wrote: When pacman reports an error, listing just one line number like that, does it stop processing. Or does the fact that there was only one error (about icons I think) mean that everything else in the package installed successfully??? I don't know much about xfce, being a KDE user, but start by looking at /var/log/pacman.log. It should tell you what packages actually were installed or which errors occured. Could some nice Arch user point me at enough step by step instructions so that I can get enough of a gui up to use a browser like firefox so I can try to find solutions via the web while Arch is actually running??? Or for a basic troubleshooting you could try a terminal-based browser, such as links. It's not much, but at least ArchLinux wiki will be perfectly readable. Ondřej -- Cheers, Ondřej Kučera -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
Joe(theWordy)Philbrook wrote: Hello, I've been using various Linux distros for a while now. I just decided to give Arch Linux a try. But I'm a little bit lost. I'm used to distros like Xubuntu, PCLinuxOS, OpenSuSE, etc... Where I don't need to personally understand what order I need to install which packages to get at least one GUI desktop up running... You don't need to understand the *Order* in Arch either? The install itself went ok. But I needed to add a few things. First I used the list of typical tasks for pacman from the installation guide, to figure out how to look for a package and install it with pacman. I installed mc and vim without a problem. Then I thought it would be nice if I could get a desktop up. Well it would those are non GUI apps as you know with your opensuse ect experience. I did a: pacman -Si xfce|less and looked for a package that might get me to a minimal desktop I could work with. I thought maybe xfdesktop... pacman -S xfdesktop Why have you done this? If you look at the 'man' page you will see http://linux.die.net/man/1/xfdesktop xfdesktop manages the desktop itself in the Xfce 4 Desktop Environment. You should have done pacman -S xfce4 By the sound of it you've only installed part of the desktop environment. cut More to the point: Will I need to figure out how to uninstall xfdesktop to resolve the error? No. Could some nice Arch user point me at enough step by step instructions so that I can get enough of a gui up to use a browser like firefox so I can try to find solutions via the web while Arch is actually running??? You need to do as others have suggested and read the beginners guide http://wiki.archlinux.org/index.php/Beginners%27_Guide especially the Setting up X section.
Re: [arch-general] [arch-dev-public] Allow comments on closed bugs?
There is already an arch-general thread about this topic. This one was intended to gauge the opinions of the _developers_ (hence the reason it was on the dev list). I am all for keeping things open, but polluting things with arguments from outside is just making this harder. And now this discussion is going to be made private, to keep out the outside comments so that we can get a better grasp of the situation. Mr Heiko, I know you feel you have a vested interest in this topic, but you're just adding useless noise to the discussion. This is quite ironic as this is EXACTLY what you claim will not happen were we to allow comments on closed bugs. Cheers
[arch-general] twm: cannot open fontset
Hello listmates, Here is a problem i encountered: twm doesn't start...i got this message instead: /usr/bin/twm: unable to open fontset anyfont I tried almost all the fonts xfontsel showed me, including fixed, terminal, terminus, but with no success... But when i changed my $LANG from en_US.utf8 to C, twm worked! I tried to start twm into my friends pc (archlinux x64 also) and it worked right away (LANG=en_US.utf8) Searched Google and Archlinux forums, but seems like i'm the only person who have this problem (or bother with twm :P) I'd like to log in to twm, without having to change $LANG variable (as the normal behaviour is)...Can someone help me here? PS. I attached my xorg.conf, in case it matters... xorg.conf Description: Binary data
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
On 15-03-10 14:07, Jeffrey Parke wrote: [installing XFCE, xorg] Have you read the beginners guide? It's a great help for times like these, I'll post it below. Well what you wanna do now is to install the xorg group (pacman -S xorg) then the xfce group (pacman -S xfce4). Then move the .xinitrc file to your home folder (cp /etc/skel/.xinitrc/ /home/user/.xinitrc); edit this file to so that the line with startxfce4 is uncommented (in other words has a '#' in front of it. Finally, run 'startx' Actually, you should /remove/ the '#' from the start of that line... ;) mvg, Guus
Re: [arch-general] twm: cannot open fontset
On Sat, Mar 13, 2010 at 09:14, Thanos Zygouris thanos.zygou...@gmail.com wrote: But when i changed my $LANG from en_US.utf8 to C, twm worked! Is en_US.utf8 uncommented in locale.gen and have you rebuilt locales?
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
Peter Cannon wrote: pacman -Si xfce|less and looked for a package that might get me to a minimal desktop I could work with. I thought maybe xfdesktop... pacman -S xfdesktop Why have you done this? If you look at the 'man' page you will see http://linux.die.net/man/1/xfdesktop xfdesktop manages the desktop itself in the Xfce 4 Desktop Environment. You should have done pacman -S xfce4 By the sound of it you've only installed part of the desktop environment. Looks like xfdesktop packages doesn't specify some of its dependancies (which is probably provided in the xfce4 group). http://www.archlinux.org/packages/?q=xfce4 should also include that there's a group with that name. I don't think it was a bad expectation from his part, looking at pacman -Ss xfce output. And even then, it could have worked, would xfdesktop have taken as dependancies the whole desktop. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [arch-general] Arch is ummnn different: my 1st installation: tried to install xfce...OOPS!
On Mon, Mar 15, 2010 at 12:26 PM, Guus Snijders gsnijd...@gmail.com wrote: On 15-03-10 14:07, Jeffrey Parke wrote: [installing XFCE, xorg] Have you read the beginners guide? It's a great help for times like these, I'll post it below. Well what you wanna do now is to install the xorg group (pacman -S xorg) then the xfce group (pacman -S xfce4). Then move the .xinitrc file to your home folder (cp /etc/skel/.xinitrc/ /home/user/.xinitrc); edit this file to so that the line with startxfce4 is uncommented (in other words has a '#' in front of it. Finally, run 'startx' Actually, you should /remove/ the '#' from the start of that line... ;) mvg, Guus that's exactly what I said, just wanted to make sure he new what a comment was.
[arch-general] Arch Linux security is still poor....
Further to my previous email a while back I've started work on some proposals that I'd like to pitch to the Arch community and the powers that be. They aren't finished yet but should be soon. The thing is I'm not really aware of the 'chain of command' in Arch. Aaron Griffin, are you the 'benevolent dictator' and do you have the final say? The reason I'm asking is I want to know to whom I address my proposals when they are finished. For example I'll probably be proposing some admin changes, nothing too sweeping but just some things that could be done to implement better security in Arch. For the mean time I've created the IRC channel #archlinux-security on Freenode. Anyone is free to hang out there to discuss security in Arch and how we (emphasis on the we, i.e. the community) can make things better. My IRC nick is psychedelicious, I was previously using a different nick based on a Funkadelic album released in 1971. I won't be on there 24x7 but will be online as much as possible. I'd particularly like to see people on that channel interesting in volunteering to create a Security Response Team for our distro! Also I'm aware I've posted under several different email addresses. After toying with several free providers I decided to stop being a cheapskate and get my own domain so this is my canonical email address now. regards, Ananda Samaddar
Re: [arch-general] Arch Linux security is still poor....
Am Montag, 15. März 2010 20:54:03 schrieb Ananda Samaddar: The reason I'm asking is I want to know to whom I address my proposals when they are finished. Simple: File a bug report or feature request at bugs.archlinux.org. No idea what your proposals are about but you should make sure they only address a single concrete issue. Pierre -- Pierre Schmitz, https://users.archlinux.de/~pierre
Re: [arch-general] [arch-dev-public] Allow comments on closed bugs?
Am Mon, 15 Mar 2010 10:33:48 -0600 schrieb Aaron Griffin aaronmgrif...@gmail.com: Mr Heiko, I know you feel you have a vested interest in this topic, but you're just adding useless noise to the discussion. This is quite ironic as this is EXACTLY what you claim will not happen were we to allow comments on closed bugs. I don't think that I'm adding useless noise. I said what I thought about how some of my bugs have been handled, how this is taken by me and that I was quite angry about that. And I gave arguments and also suggestions. And of course I respond to some e-mails or another. And my concerns are not about comments on closed bugs. This was only one of many suggestions other people made to reduce such misunderstandings and to improve the bug handling. Other good suggestions and alternatives have been mentioned, too, also by other people. But I think many good ideas have been given. What I wish is just, that bugs will be taken more seriously even if there are some invalid bug reports which are caused by a wrong configuration and even if some bug reports are written by users with a not so good knowledge. This can't be avoided anyway. I generally don't care how this is done, if it's done by commenting on closed bugs, by the possibility on reopen bugs at once without sending a request or whatever. My wish is, that the reporter first get's a chance to respond and give more details before a bug is closed as works for me or the like. And if a bug is closed the reason for closing should first be given in a comment. Any other things are just technical details which can help for a better bug handling. And I think that it can't hurt if you also listen to the user's arguments and discuss with the users instead of telling them that their comments are useless noise. One more point which let me doubt of the user-friendliness of not all but at least some (most likely only a few) developers. Of course the technical details about the actual implementation of some features can be discussed private between the developers. I have indeed read these statements from developers: Arch is/was from developers for developers, the developers only maintain, what they want, and that they don't like or care about the normal users very much. And that's just not what I'm used to from other distros. And don't mistake it. I don't say that every developer is like this. And I don't say that Arch is bad, that the developers are unfriendly and not helpful in general, don't make good jobs, etc. But this had to be said. I think becoming a bit more open-minded towards the users would be more important than discussing about commenting on closed bugs which could be done nevertheless. Heiko
Re: [arch-general] Arch Linux security is still poor....
On Mon, Mar 15, 2010 at 3:03 PM, Pierre Schmitz pie...@archlinux.de wrote: Am Montag, 15. März 2010 20:54:03 schrieb Ananda Samaddar: The reason I'm asking is I want to know to whom I address my proposals when they are finished. Simple: File a bug report or feature request at bugs.archlinux.org. No idea what your proposals are about but you should make sure they only address a single concrete issue. Agreed. Send them through the bug tracker so the relevant people can be notified
Re: [arch-general] twm: cannot open fontset
On Mon, Mar 15, 2010 at 19:32, Daenyth Blank daenyth+a...@gmail.comdaenyth%2ba...@gmail.com wrote: On Sat, Mar 13, 2010 at 09:14, Thanos Zygouris thanos.zygou...@gmail.com wrote: But when i changed my $LANG from en_US.utf8 to C, twm worked! Is en_US.utf8 uncommented in locale.gen and have you rebuilt locales? Yes. (The command is locale-gen,right?)
Re: [arch-general] Arch Linux security is still poor....
On 16/03/10 06:37, Aaron Griffin wrote: On Mon, Mar 15, 2010 at 3:03 PM, Pierre Schmitzpie...@archlinux.de wrote: Am Montag, 15. März 2010 20:54:03 schrieb Ananda Samaddar: The reason I'm asking is I want to know to whom I address my proposals when they are finished. Simple: File a bug report or feature request at bugs.archlinux.org. No idea what your proposals are about but you should make sure they only address a single concrete issue. Agreed. Send them through the bug tracker so the relevant people can be notified As an aside, I would like to see some numbers on where we could improve in this area. I have been following the CVE announcements and several other distros security releases for the past few months and from what I see, I believe Arch is mostly ahead of the game. Following the latest upstream releases has its advantages. Allan
Re: [arch-general] Arch Linux security is still poor....
On Tue, 16 Mar 2010 07:29:45 +1000 Allan McRae al...@archlinux.org wrote: As an aside, I would like to see some numbers on where we could improve in this area. I have been following the CVE announcements and several other distros security releases for the past few months and from what I see, I believe Arch is mostly ahead of the game. Following the latest upstream releases has its advantages. Allan This may be true in the sense that by using the latest packages we are incorporating security fixes as they are released by default. I take issue with the fact that there's no dedicated team and nothing in place to deal with security alerts. The other issue being the lack of signed packages. I don't know how much of a problem this is for other Arch users. Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. Ananda
Re: [arch-general] Arch Linux security is still poor....
On Mon, Mar 15, 2010 at 17:43, Ananda Samaddar ana...@samaddar.co.uk wrote: Would there be any enthusiasm for a dedicated security team? This has been proposed multiple times, but oddly enough no one who has proposed it has ever taken any steps to make it happen...
Re: [arch-general] Arch Linux security is still poor....
On Tuesday 16 Mar 2010 2:59:45 am Allan McRae wrote: As an aside, I would like to see some numbers on where we could improve in this area. I have been following the CVE announcements and several other distros security releases for the past few months and from what I see, I believe Arch is mostly ahead of the game. Following the latest upstream releases has its advantages. Allan Hi Allan, The major thing we are missing on is: Package signing It there is a need to catch up with other distros on this. Package signing is extremely important to ensure that nobody can tamper the packages. similarly should be way to package's integrity -- Regards, Gaurish Sharma www.gaurishsharma.com
Re: [arch-general] Arch Linux security is still poor....
On Mon, Mar 15, 2010 at 2:43 PM, Ananda Samaddar ana...@samaddar.co.uk wrote: Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. No offence taken and FWIW a lot of people switch distros because of one or two fundamental needs that aren't meant. This wouldn't be any different. Look forward to hearing what you have to say...
Re: [arch-general] Arch Linux security is still poor....
On Mon, Mar 15, 2010 at 2:56 PM, Thayer Williams thay...@gmail.com wrote: On Mon, Mar 15, 2010 at 2:43 PM, Ananda Samaddar ana...@samaddar.co.uk wrote: Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. No offence taken and FWIW a lot of people switch distros because of one or two fundamental needs that aren't meant. This wouldn't be any different. ...because of one or two fundamental needs that aren't MET; not meant. Carry on =)
Re: [arch-general] Arch Linux security is still poor....
On 16/03/10 07:43, Ananda Samaddar wrote: On Tue, 16 Mar 2010 07:29:45 +1000 Allan McRaeal...@archlinux.org wrote: As an aside, I would like to see some numbers on where we could improve in this area. I have been following the CVE announcements and several other distros security releases for the past few months and from what I see, I believe Arch is mostly ahead of the game. Following the latest upstream releases has its advantages. Allan This may be true in the sense that by using the latest packages we are incorporating security fixes as they are released by default. I take issue with the fact that there's no dedicated team and nothing in place to deal with security alerts. There is no dedicated team, but as I said, we appear to be mostly ahead of the game in this respect. I would be interested to see how many packages suffer from security issues that we miss. The other issue being the lack of signed packages. Providing code is the way to fix this. There is a good start that has been made and it mostly needs someone dedicated to finish it off. I don't know how much of a problem this is for other Arch users. Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. Sure there is enthusiasm for such a venture, at least judging by how many times this has been bought up in the past. I think one or two of those times an actual project started up but then died. So it appears enthusiasm yes, continual motivation no (at least up until now...). And, this is a great candidate for a community project. A group could monitor security issues and file bugs to get the devs to fix them. This is the way all Arch projects start and if they are useful, they may get taken on board and made official. Allan
Re: [arch-general] Arch Linux security is still poor....
On Mon, 15 Mar 2010 14:56:32 -0700 Thayer Williams thay...@gmail.com wrote: No offence taken and FWIW a lot of people switch distros because of one or two fundamental needs that aren't meant. This wouldn't be any different. Look forward to hearing what you have to say... I'd like to help get things moving before I give up on Arch. It's too good a distro not to. I've been having a look at the Gentoo security policy here: http://www.gentoo.org/security/en/vulnerability-policy.xml It looks like a pretty good template we could adapt to our needs. The document in that link is licensed under a Creative Commons attribution licence. It mirrors a lot of the things I was going to suggest too. Ananda
Re: [arch-general] Arch Linux security is still poor....
On 15/03/10 21:43, Ananda Samaddar wrote: [..] Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. What would a dedicated security team actually do? /M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe signature.asc Description: OpenPGP digital signature
Re: [arch-general] Arch Linux security is still poor....
On 15/03/10 22:03, Ananda Samaddar wrote: On Mon, 15 Mar 2010 14:56:32 -0700 Thayer Williams thay...@gmail.com wrote: No offence taken and FWIW a lot of people switch distros because of one or two fundamental needs that aren't meant. This wouldn't be any different. Look forward to hearing what you have to say... I'd like to help get things moving before I give up on Arch. It's too good a distro not to. I've been having a look at the Gentoo security policy here: http://www.gentoo.org/security/en/vulnerability-policy.xml It looks like a pretty good template we could adapt to our needs. The document in that link is licensed under a Creative Commons attribution licence. It mirrors a lot of the things I was going to suggest too. After a quick look at it I don't see much that would apply though. Arch doesn't have releases. Arch follows upstream releases very closes (in some cases even too closely ;-) So, if there is no need for backporting to a set of packages that has been blessed into a supported release, what is left to do for a dedicated security team? /M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe signature.asc Description: OpenPGP digital signature
Re: [arch-general] Arch Linux security is still poor....
On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning mag...@therning.org wrote: After a quick look at it I don't see much that would apply though. Arch doesn't have releases. Arch follows upstream releases very closes (in some cases even too closely ;-) So, if there is no need for backporting to a set of packages that has been blessed into a supported release, what is left to do for a dedicated security team? 1) what allan said : A group could monitor security issues and file bugs to get the devs to fix them. 2) resume and finish the gpg work for pacman friends
Re: [arch-general] Arch Linux security is still poor....
On 15/03/10 22:34, Xavier Chantry wrote: On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning mag...@therning.org wrote: After a quick look at it I don't see much that would apply though. Arch doesn't have releases. Arch follows upstream releases very closes (in some cases even too closely ;-) So, if there is no need for backporting to a set of packages that has been blessed into a supported release, what is left to do for a dedicated security team? 1) what allan said : A group could monitor security issues and file bugs to get the devs to fix them. Is there any evidence that this is actually needed? My impression is that maintainers already are monitoring upstream releases. When they are lagging, there are users who mark things out-of-date. The occasional non-maintainer upload doesn't seem to warrant a dedicated team. 2) resume and finish the gpg work for pacman friends Sure, that is worth doing. Is it really a task for a dedicated security team? It sounds more like a one-time thing for a group of developers. Please do note that I'm more than willing to be convinced. /M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe signature.asc Description: OpenPGP digital signature
Re: [arch-general] Arch Linux security is still poor....
On 16/03/10 08:42, Magnus Therning wrote: On 15/03/10 22:34, Xavier Chantry wrote: On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therningmag...@therning.org wrote: After a quick look at it I don't see much that would apply though. Arch doesn't have releases. Arch follows upstream releases very closes (in some cases even too closely ;-) So, if there is no need for backporting to a set of packages that has been blessed into a supported release, what is left to do for a dedicated security team? 1) what allan said : A group could monitor security issues and file bugs to get the devs to fix them. Is there any evidence that this is actually needed? My impression is that maintainers already are monitoring upstream releases. When they are lagging, there are users who mark things out-of-date. The occasional non-maintainer upload doesn't seem to warrant a dedicated team. A bump for something being out of date is quite different from a bump for something being out of date and has a security issues. I also know that there are cases where the security issue fixes are not considered critical by upstream and so they are only patched in CVS/SVN/whatever. These are obviously cases where the expliot is not practical at this time, so there is no rush to fix but we probably still should. But again, I would like to see numbers for how much this is actually an issue. Saying that, if the number is above zero (likely), a security team could do some good. Allan
Re: [arch-general] Arch Linux security is still poor....
On Mon, Mar 15, 2010 at 11:42 PM, Magnus Therning mag...@therning.org wrote: 1) what allan said : A group could monitor security issues and file bugs to get the devs to fix them. Is there any evidence that this is actually needed? No, Allan asked for some numbers, and I am curious too. My impression is that maintainers already are monitoring upstream releases. When they are lagging, there are users who mark things out-of-date. The occasional non-maintainer upload doesn't seem to warrant a dedicated team. 2) resume and finish the gpg work for pacman friends Sure, that is worth doing. Is it really a task for a dedicated security team? It sounds more like a one-time thing for a group of developers. This is also true.. more or less. It does not matter how the people doing the work are called. There is no one writing code, no one giving technical advices, no one testing. There are only users asking for signed packages.
Re: [arch-general] Arch Linux security is still poor....
On 15/03/10 23:03, Xavier Chantry wrote: On Mon, Mar 15, 2010 at 11:42 PM, Magnus Therning mag...@therning.org wrote: [..] 2) resume and finish the gpg work for pacman friends Sure, that is worth doing. Is it really a task for a dedicated security team? It sounds more like a one-time thing for a group of developers. This is also true.. more or less. It does not matter how the people doing the work are called. There is no one writing code, no one giving technical advices, no one testing. There are only users asking for signed packages. I'd argue it *is* important what you call them. In one case one would ask for some developer(s) to dedicate some time during a limited period, while in the other one is asking for on-going commitment. I think it's *crucial* to position the proposal correctly. Getting a feature implemented in pacman is likely to be easier than getting a group of people to sign up for a task that never ends. Though I'm not saying either will be easy. /M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe signature.asc Description: OpenPGP digital signature
Re: [arch-general] [arch-dev-public] [signoff] kernel26 2.6.33.1-1
On 03/15/2010 08:14 PM, Eric Bélanger wrote: On Mon, Mar 15, 2010 at 3:16 PM, Thomas Bächlertho...@archlinux.org wrote: No idea if it is time for signoff yet, I have to check that with tpowa. However, I put 2.6.31.1 in testing with these changes: - Added a trivial patch to support my touchpad (selfish, I know, but it is already accepted upstream for 2.6.34) - Removed EXT4_USE_FOR_EXT23 due to some problems that upstream isn't quite finished discussing yet - we can keep using the ext2 and ext3 drivers for now. I'm getting a: error: /dev/sr0: No medium found when building my initrc. The device exist and is my CD-drive. This is on i686. Ask if you need more info This is already reported here: FS#18585 - [mkinitcpio] Silent error message: No medium found in autodetect hook http://bugs.archlinux.org/task/18585 -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
Re: [arch-general] Btrfs more than twice as fast compared to ext4
On Monday 15 March 2010 15:44:35 Nathan Wayde wrote: On 13/03/10 03:05, Shridhar Daithankar wrote: Hi, Just wanted to share an interesting experience I had today. Check http://ghodechhap.net/btrfs.performance.txt Maybe you're looking for http://docs.python.org/library/filecmp.html One cannot help but think that you took a disk-bound process and turned it into a cpu-bound one. Since you're just interested in which files are different you should have just used `cmp` instead of `md5sum` the latter is just overkill and I'd assume calling an external command that many times can't be very nice either. here are some comparisons, they use /usr/lib - i figured 75000 files should be a good test... I made this as deliberately unfair/in-comparable as possible, I wanted to show the potential overhead of calling md5sum that many times. I didn't know of cmp, thanks. I tried the same thing with cmp in loops and it agrees with your comments that it is is totally I/O bound, not CPU bound at all. However, even in md5sum case, I/O was high too, the disk light was on all the time. May be it was the case for CPU speed difference. But as far as file system performance goes, the overhead should be identical for both the runs, no? Besides, I need to run the comparison(rather verification of file contents) many times over during the application life-cycle and I cannot afford to bring in another copy from disk. The working set is expected to be 30-40GB at a time, 3GB is just test setup. With md5sum, I can store it in database and verify it on one copy only. And finally, it is terrible on timings. Running md5sum is lot faster, about 3 times in the best case. shrid...@bheem /mnt1/shridhar/tmp/importtest.big$ time for i in `find . -type f`;do cmp $i /data/shridhar/tmp/4/$i;done real21m30.137s user0m27.665s sys 1m21.581s shrid...@bheem /data/shridhar/tmp/4$ time for i in `find . -type f`;do cmp $i /mnt1/shridhar/tmp/importtest.big/$i;done real6m26.988s user0m40.721s sys 1m28.371s shrid...@bheem /mnt1/shridhar/tmp/importtest.big$ time for i in `find . -type f`;do cmp $i /data/shridhar/tmp/4/$i;done real16m27.541s user0m37.281s sys 1m23.995s So when the source file system is btrfs, it is still couple of times faster at least. -- Regards Shridhar
Re: [arch-general] Arch Linux security is still poor....
I don't think we need any security team for Arch. New packages are released within a week of their updates. GPG signing and md5sum verification is a must though. -- Nilesh Govindarajan Site Server Administrator www.itech7.com