Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Alexander Skwar 
Neil Bothwick wrote:
> On Thu, 16 Feb 2006 18:46:57 +0100, Alexander Skwar wrote:
> 
>> > If partition A
>> > runs out of space while partition B has plenty, 
>> 
>> Then you made B too large, which is the main cause of the problem.
> 
> Of course, but if your needs change, that's the situation you find
> yourself in, as I did recently.

Yes, this might happen. How often does it, though?

>> > you have to shrink B's
>> > filesystem before you can add space to A. That's time consuming,
>> > especially if B uses XFS.
>> 
>> What's so special about XFS? The fact that there's no shrinker?
> 
> Yes, so a matter of seconds turns into the time it takes to backup,

Shrinking is never a matter of seconds :) Not with reiserfs and
especially not with ext2/ext3. But with those filesystems,
shrinking is at least possible.

> I've used complex partition layouts in the past and have found that, as
> with most things, KISS is the best approach.

Yep.

Alexander Skwar
-- 
It is common sense to take a method and try it.  If it fails,
admit it frankly and try another.  But above all, try something.
-- Franklin D. Roosevelt
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Marco Calviani 
Hi Uwe,

> Change the "kernel line" to:
>
> kernel /boot/kernel-2.6.14-gentoo-r5-fb root=/dev/ram0 init=linuxrc
> ramdisk=8192 real_root=/dev/hda3 quiet video=vesafb:ywrap,mtrr,[EMAIL 
> PROTECTED]
> splash=silent,fadein,theme:emergence quiet CONSOLE=/dev/tty1

 unfortunately with these options i'm getting a "nice" kernel panic.
Why is it necessary to insert this command line?

root=/dev/ram0 init=linuxrc ramdisk=8192 real_root=/dev/hda3

Best regards,
MC

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread Marco Calviani 
Hi list,
   i would like to share a problem that i'm encountering in dealing
with two net interfaces. I've a "normal" ethernet device (eth0) and a
wireless ipw2200 one (eth1).

1) i would like to have, at boot, a situation in which first of all
eth0 is started; if dhcp signal is found proceed with the
initialization of eth0, while if dhcp is not found try to start eth1.

2) as of now, at boot time i've only eth0; obviously if it's not
connected via ethernet cable the dhcp goes in timeout and net
initialization is failed. Then at the prompt i reissue
/etc/init.d/net.eth1 start to start wireless connection. However, and
here's the problem, the first time i digit this, eth1 goes in timeout
too. Digiting another time the same command and everythig goes well.
This situation is encountered everytime.

Thanks in advance for any hint,
MC

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread Heinz Sporn 
Am Freitag, den 17.02.2006, 09:29 +0100 schrieb Marco Calviani:
> Hi list,
>i would like to share a problem that i'm encountering in dealing
> with two net interfaces. I've a "normal" ethernet device (eth0) and a
> wireless ipw2200 one (eth1).
> 
> 1) i would like to have, at boot, a situation in which first of all
> eth0 is started; if dhcp signal is found proceed with the
> initialization of eth0, while if dhcp is not found try to start eth1.
> 

Have you looked into sys-apps/ifplugd ?

> 2) as of now, at boot time i've only eth0; obviously if it's not
> connected via ethernet cable the dhcp goes in timeout and net
> initialization is failed. Then at the prompt i reissue
> /etc/init.d/net.eth1 start to start wireless connection. However, and
> here's the problem, the first time i digit this, eth1 goes in timeout
> too. Digiting another time the same command and everythig goes well.
> This situation is encountered everytime.
> 
> Thanks in advance for any hint,
> MC
> 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread Marco Calviani 
Hi Heinz,
   thanks for this hint i will try it. Question number 1) seems ok...

Regards,
MC

2006/2/17, Heinz Sporn <[EMAIL PROTECTED]>:
> Am Freitag, den 17.02.2006, 09:29 +0100 schrieb Marco Calviani:
> > Hi list,
> >i would like to share a problem that i'm encountering in dealing
> > with two net interfaces. I've a "normal" ethernet device (eth0) and a
> > wireless ipw2200 one (eth1).
> >
> > 1) i would like to have, at boot, a situation in which first of all
> > eth0 is started; if dhcp signal is found proceed with the
> > initialization of eth0, while if dhcp is not found try to start eth1.
> >
>
> Have you looked into sys-apps/ifplugd ?
>
> > 2) as of now, at boot time i've only eth0; obviously if it's not
> > connected via ethernet cable the dhcp goes in timeout and net
> > initialization is failed. Then at the prompt i reissue
> > /etc/init.d/net.eth1 start to start wireless connection. However, and
> > here's the problem, the first time i digit this, eth1 goes in timeout
> > too. Digiting another time the same command and everythig goes well.
> > This situation is encountered everytime.
> >
> > Thanks in advance for any hint,
> > MC
> >
>
> --
> gentoo-user@gentoo.org mailing list
>
>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Uwe Thiem 
On 17 February 2006 10:15, Marco Calviani wrote:
> Hi Uwe,
>
> > Change the "kernel line" to:
> >
> > kernel /boot/kernel-2.6.14-gentoo-r5-fb root=/dev/ram0 init=linuxrc
> > ramdisk=8192 real_root=/dev/hda3 quiet
> > video=vesafb:ywrap,mtrr,[EMAIL PROTECTED]
> > splash=silent,fadein,theme:emergence quiet CONSOLE=/dev/tty1
>
>  unfortunately with these options i'm getting a "nice" kernel panic.
> Why is it necessary to insert this command line?
>
> root=/dev/ram0 init=linuxrc ramdisk=8192 real_root=/dev/hda3

It makes sure the splash screen start as early as possible (don't forget the 
"quiet" option). On my systems, it starts immediately after the kernel and 
the initrd are loaded.

Kernel panic ... hm ...

How did you generate your initrd? Maybe, it doesn't contain "linuxrc" which 
does all the magic before it hands over to the real init process.

Uwe

-- 
Why do consumers keep buying products they will live to curse?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Marco Calviani 
Hi Uwe,

> It makes sure the splash screen start as early as possible (don't forget the
> "quiet" option). On my systems, it starts immediately after the kernel and
> the initrd are loaded.
>
> Kernel panic ... hm ...
>
> How did you generate your initrd? Maybe, it doesn't contain "linuxrc" which
> does all the magic before it hands over to the real init process.

i've created the initrd as indicated in the howto mentioned above, that is with:

# splash_geninitramfs -g /boot/fbsplash-emergence-1024x768 -v -r
1024x768 emergence

MC

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] nagios & cgi.cfg SOLVED

2006-02-17 Thread Arnau Bria Ramírez 
El Thu, 16 Feb 2006 16:46:23 +
Arnau Bria Ramírez dijo:

In order to let apache move into nagios directories, I add to include apache
into nagios group.

All my problems moved away!

Many thanks to all how read this threat!

Cheers!
Arnau
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Neil Bothwick 
On Thu, 16 Feb 2006 19:59:44 -0600, Zac Slade wrote:

> > But far more chance of running out of space on /usr, /var or /opt
> > while one of the others has plenty free. I prefer to have these three
> > on the same partition for a desktop, but separate from /. I use the
> > bind option to mount /var and /opt on /usr/var and /usr/opt
> Good god man!  This is about as kludgy as they come.  Sure it gets the
> job done, but this is EXACTLY what LVM was invented for.

This is not about partitions but filesystems.

> Partitions are hard (relatively) to resize.  However, logical volumes
> are not. You can increase them when they are full, or reduce their size
> when you need to distribute disk space to other places.

LVs are dead easy to resize, reducing the size of a filesystem is not
always that easy, or even possible.

> Also consider the case where you completely fill up your 200GB drive.
> What then?  Buy a new drive and migrate data from /home or /usr to the
> new disk and mount that, then reclaim the partition for some other fs
> etc.  You have the migration of data and the inflexibility of
> partitions to resize.  If you use LVM in the same case you just add the
> new disk to your volume group increase any logical volumes that are in
> need of more space and resize the filesystem.

I am using LVM, where did I say I wasn't?

If I run out of space and add a new disk, I can easily add a new physical
volume to the volume group and resize the partitions. How many
directories I keep on each partition has absolutely nothing to do with
this.

I want to have / on a small partition, so everything else can go on RAID
and LVM, but why should that force me to have separate filesystems
for /usr, /var and /opt if I don't want them?


-- 
Neil Bothwick

I'm out of my mind, but feel free to leave a message...


signature.asc
Description: PGP signature

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 08:52:17 +0100, Alexander Skwar wrote:

> >> Then you made B too large, which is the main cause of the problem.
> > 
> > Of course, but if your needs change, that's the situation you find
> > yourself in, as I did recently.
> 
> Yes, this might happen. How often does it, though?

Twice last year, how many times is acceptable?

> >> What's so special about XFS? The fact that there's no shrinker?
> > 
> > Yes, so a matter of seconds turns into the time it takes to backup,
> 
> Shrinking is never a matter of seconds :) Not with reiserfs and
> especially not with ext2/ext3. But with those filesystems,
> shrinking is at least possible.

OK, quite a few seconds :)


-- 
Neil Bothwick

Strike any user to continue


signature.asc
Description: PGP signature

Re: [gentoo-user] Kernel not updating...

2006-02-17 Thread Neil Bothwick 
On Thu, 16 Feb 2006 21:05:04 -0500, Ernie Schroder wrote:

> # cat /etc/portage/package* | grep gentoo-sources

grep gentoo-sources /etc/portage/package*

is better, it shows which files match.


-- 
Neil Bothwick

C:\BELFRY is where I keep my .BAT files ^^^oo^^^


signature.asc
Description: PGP signature

Re: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 09:46:32 +0100, Heinz Sporn wrote:

> Have you looked into sys-apps/ifplugd ?

Note that the latest baselayout supports ifplugd itself. You only need to
emerge ifplugd, you don't need to configure it or add it to a runlevel.


-- 
Neil Bothwick

If at first you don't suceed, try the switch marked "Power"


signature.asc
Description: PGP signature

Re: [gentoo-user] Wireless works with Knoppix CD but not Gentoo

2006-02-17 Thread Rob Oravec 
On Thu, 2006-02-16 at 23:32 -0500, Grant wrote:
> I've been struggling to get my wireless card to connect to the WEP
> Airport router at my housing complex.  It turns out it connects just
> fine using a Knoppix disc and manual ifconfig/iwconfig commands, but
> the same commands don't work in Gentoo.  My Gentoo packages are
> totally up to date.  I'm using madwifi.  Any suggestions?
> 
> - Grant
> 

Hi Grant,

Firstly have you got wireless extensions enabled in the kernel?
-CONFIG_NET_WIRELESS=y
I believe that is a requirement.

Is the madwifi-driver installed and the module loaded?
-modprobe ath_pci

If it can't find the module emerge the madwifi-driver package
-emerge madwifi-driver
or alternatively try the madwifi-ng code at http://madwifi.org
Both methods should give you a "ath0" interface.

Are you getting any error messages?, when you run "iwconfig" does it
show wireless related settings on the relevant interface?

Hope this helps.
Let us know,

Rob





signature.asc
Description: This is a digitally signed message part

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Uwe Thiem 
On 17 February 2006 11:16, Marco Calviani wrote:
> Hi Uwe,
>
> > It makes sure the splash screen start as early as possible (don't forget
> > the "quiet" option). On my systems, it starts immediately after the
> > kernel and the initrd are loaded.
> >
> > Kernel panic ... hm ...
> >
> > How did you generate your initrd? Maybe, it doesn't contain "linuxrc"
> > which does all the magic before it hands over to the real init process.
>
> i've created the initrd as indicated in the howto mentioned above, that is
> with:
>
> # splash_geninitramfs -g /boot/fbsplash-emergence-1024x768 -v -r
> 1024x768 emergence

Try:
genkernel --gensplash=emergence --gensplash-res=1024x768 initrd

genkernel puts all those nifty little things in your initrd. You could add 
"--menuconfig" if you want to check your kernel options.

Look up the exact name of the generated initrd in /boot and adjust your grub 
entry accordingly.

Uwe

-- 
Why do consumers keep buying products they will live to curse?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Hardware issues, probably overheating, help?

2006-02-17 Thread Mrugesh Karnik 
On Friday 17 February 2006 04:32, [EMAIL PROTECTED] wrote:
> A long shot, but I had this happen once due to bad power supply.
>
> Is there a chance the power supply is failing? If you have an alternate
> supply, you may want to swap it out. Are you pushing it near its limits,
> perhaps with many disk drives? Can you remove some drives as a test?

I thought this to be a possibility to start with... I have been wondering 
about buying a 400W supply. Hmm, this'll need some testing.

Thanks,
Mrugesh
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] 3d rendering with dri radeon

2006-02-17 Thread Bo Andresen 
I have a laptop with a ATI Radeon 9000 Mobility graphics card. I wanted to get 
3d rendering working with the free dri drivers so I followed this howto: 
http://www.gentoolinux.org/doc/en/dri-howto.xml

But it does not work:
~# glxinfo | grep rendering
direct rendering: No

Below is listed everything that I think might be relevant. I hope someone has 
an idea. What I notice in particular is these two lines 
from /var/log/Xorg.0.log:
drmOpenDevice: node name is /dev/dri/card0
drmOpenDevice: open result is -1, (No such device)

===
~# lspci | grep AGP
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev 
03)
===
~#cat /boot/config
...
CONFIG_MTRR=y
...
CONFIG_AGP=m
CONFIG_AGP_INTEL=m
...
# CONFIG_DRM is not set
...
===
~# emerge -vp xorg-x11 x11-drm

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] x11-base/xorg-x11-6.8.2-r6  USE="bitmap-fonts ipv6 nls opengl 
pam sse truetype-fonts type1-fonts xprint xv dfx -3dnow -cjk -debug -dlloader 
-dmx -doc -font-server -insecure-drivers -minimal -mmx -nocxx -sdk -static" 0 
kB
[ebuild   R   ] x11-base/x11-drm-20050502  0 kB
===
~# cat /etc/X11/xorg.conf | grep -v ^#
Section "Module"
   Load"synaptics"
   Load"dbe"
   SubSection  "extmod"
  Option"omit xfree86-dga" 
   EndSubSection
   Load"type1"
   Load"freetype"
   Load   "dri"
   Load   "glx"
EndSection

Section "Files"
   
EndSection

Section "InputDevice"
   Identifier  "Keyboard1"
   
EndSection

Section "InputDevice"
   Identifier  "Touchpad"
   ...
EndSection

Section "InputDevice"
   Identifier  "External Mouse"
   ...
EndSection

Section "Monitor"
Identifier  "AcerMonitor"
HorizSync   31.5-57.0
VertRefresh 50-70
EndSection

Section "Device"
Identifier  "Ati Radeon 9000 Mobility"
Driver  "radeon"
Option  "AGPMode" "4"
Option  "AGPFastWrite" "True"
Option  "EnablePageFlip" "True"
EndSection

Section "Screen"
   Identifier  "Screen 1"
   Device  "Ati Radeon 9000 Mobility"
   Monitor "AcerMonitor"
   DefaultDepth 24
   Subsection "Display"
   ...
   Subsection "Display"
  Depth   24
  Modes   "1400x1050" "1280x1024" "1024x768" "800x600" "640x480"
  ViewPort0 0
   EndSubsection
EndSection

Section "ServerLayout"
   Identifier  "Simple Layout"
   Screen "Screen 1"
   InputDevice "Touchpad" "Corepointer"
   InputDevice "External Mouse" "SendCoreEvents"
   InputDevice "Keyboard1" "CoreKeyboard"
EndSection

Section "DRI"
   Mode 0666
EndSection
===
~# cat /etc/modules.autoload.d/kernel-2.6
...
intel-agp
...
drm
===
~# lsmod | grep 'drm\|agp'
drm65944  0
intel_agp  20508  1
agpgart29256  2 drm,intel_agp
===
~# cat /var/log/Xorg.0.log
...
(II) LoadModule: "dri"
(II) Loading /usr/lib/modules/extensions/libdri.a
(II) Module dri: vendor="X.Org Foundation"
compiled for 6.8.2, module version = 1.0.0
ABI class: X.Org Server Extension, version 0.2
(II) Loading sub module "drm"
(II) LoadModule: "drm"
(II) Loading /usr/lib/modules/linux/libdrm.a
(II) Module drm: vendor="X.Org Foundation"
compiled for 6.8.2, module version = 1.0.0
ABI class: X.Org Server Extension, version 0.2
(II) Loading extension XFree86-DRI
(II) LoadModule: "glx"
(II) Loading /usr/lib/modules/extensions/libglx.a
(II) Module glx: vendor="X.Org Foundation"
compiled for 6.8.2, module version = 1.0.0
ABI class: X.Org Server Extension, version 0.2
(II) Loading sub module "GLcore"
(II) LoadModule: "GLcore"
(II) Loading /usr/lib/modules/extensions/libGLcore.a
(II) Module GLcore: vendor="X.Org Foundation"
compiled for 6.8.2, module version = 1.0.0
ABI class: X.Org Server Extension, version 0.2
(II) Loading extension GLX
(II) LoadModule: "radeon"
(II) Loading /usr/lib/modules/drivers/radeon_drv.o
(II) Module radeon: vendor="X.Org Foundation"
compiled for 6.8.2, module version = 4.0.1
Module class: X.Org Video Driver
ABI class: X.Org Video Driver, version 0.7
(II) LoadModule: "ati"
(II) Loading /usr/lib/modules/drivers/ati_drv.o
(II) Module ati: vendor="X.Org Foundation"
compiled for 6.8.2, module version = 6.5.6
Module class: X.Org Video Driver
ABI class: X.Org Video Driver, version 0.7
...
(II) Primary Device is: PCI 01:00:0
(--) Assigning device section with no busID to primary device
(--) Chipset ATI Radeon Mobility 9000 (M9) Lf (AGP) found
...
(II) Loading sub module "radeon"
(II) LoadModule: "radeon"
(II) Reloading /usr/lib/modules/drivers/radeon_drv.o
...
(II) Setting vga for screen 0.
(II) RADEON(0): MMIO regis

Re: [gentoo-user] Hardware issues, probably overheating, help?

2006-02-17 Thread Mrugesh Karnik 
On Friday 17 February 2006 08:37, Daniel da Veiga wrote:
> I had the same issue, same MOBO and same system (almost the same,
> instead of the sempron I had an athlon xp), the heatsink was working
> fine, it kept locking for a while, then one day as you described it
> refused to boot, as I forced it, it became unstable, finally not
> booting anymore.
>
> I took it to the guy I got it from and he said part of the bus for the
> MOBO was fried, due to high temperatures, not in the processor, but at
> the chipset, that caused the BIOS to failure, finally crushing the
> entire system, reflashing BIOS did not solve it. Now I'm looking for a
> new motherboard as I write this from my notebook. Check the whole sys
> temperature.
>
> I have been running into problems with this kind of MOBO and
> processor, its the second fried mobo in 3 months, I changed the power
> supply, changed memory, drives, everything. So, my advice, cool your
> system...
>
> Again, that's my own experience and I just write this because you
> described exactly what happened to me last week.

You scare me :P

I wondered about the BIOS being dead when the computer refused to start, but 
then after a few hours the computer did start, so I guess it wasn't a BIOS 
issue.

Thanks for your input.

Mrugesh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Marco Calviani 
Hi Uwe,

> Try:
> genkernel --gensplash=emergence --gensplash-res=1024x768 initrd
>
> genkernel puts all those nifty little things in your initrd. You could add
> "--menuconfig" if you want to check your kernel options.
>
> Look up the exact name of the generated initrd in /boot and adjust your grub
> entry accordingly.

the fact is that i didn't use genkernel to build my actual kernel. I
think it is not possible to use in the way you told me..

regards,
MC

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Hardware issues, probably overheating, help?

2006-02-17 Thread Mrugesh Karnik 
On Friday 17 February 2006 05:34, [EMAIL PROTECTED] wrote:
> On Fri, 17 Feb 2006, Emanuele Morozzi wrote:
> > 1. Tell us the Watts of the power supply (perhaps you'll have to change
> > it) 2. Take the PC powered off and try extracting the video card and
> > replugging it.
> > 3. Try to change the plug you use to give power to the PC.
> > 4. Try to discharge the bios and reconfigure it.
>
> Add to this to make sure the line cord is plugged in well, both at the
> wall and at the computer. I once replaced a power supply only to find
> that the line cord wasn't plugged in all the way.

It says 400W on the power supply, but at the price I've bought the case, I'm 
sure its only about 350W.

The second and third I've tried. Fourth... Hmm, I'll try to do that.

And yeah, the power cord is plugged in perfectly, I just checked.

Thanks again,
Mrugesh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] 3d rendering with dri radeon

2006-02-17 Thread Ghaith Hachem 
havn't tried it since i have a newer unspoorted ship (X300SE)
but try this guide here
http://gentoo-wiki.com/HOWTO_DRI_with_ATi_Open-Source_Drivers

On 2/17/06, Bo Andresen <[EMAIL PROTECTED]> wrote:
> I have a laptop with a ATI Radeon 9000 Mobility graphics card. I wanted to get
> 3d rendering working with the free dri drivers so I followed this howto:
> http://www.gentoolinux.org/doc/en/dri-howto.xml
>
> But it does not work:
> ~# glxinfo | grep rendering
> direct rendering: No
>
> Below is listed everything that I think might be relevant. I hope someone has
> an idea. What I notice in particular is these two lines
> from /var/log/Xorg.0.log:
> drmOpenDevice: node name is /dev/dri/card0
> drmOpenDevice: open result is -1, (No such device)
>
> ===
> ~# lspci | grep AGP
> 00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev
> 03)
> ===
> ~#cat /boot/config
> ...
> CONFIG_MTRR=y
> ...
> CONFIG_AGP=m
> CONFIG_AGP_INTEL=m
> ...
> # CONFIG_DRM is not set
> ...
> ===
> ~# emerge -vp xorg-x11 x11-drm
>
> These are the packages that I would merge, in order:
>
> Calculating dependencies ...done!
> [ebuild   R   ] x11-base/xorg-x11-6.8.2-r6  USE="bitmap-fonts ipv6 nls opengl
> pam sse truetype-fonts type1-fonts xprint xv dfx -3dnow -cjk -debug -dlloader
> -dmx -doc -font-server -insecure-drivers -minimal -mmx -nocxx -sdk -static" 0
> kB
> [ebuild   R   ] x11-base/x11-drm-20050502  0 kB
> ===
> ~# cat /etc/X11/xorg.conf | grep -v ^#
> Section "Module"
>Load"synaptics"
>Load"dbe"
>SubSection  "extmod"
>   Option"omit xfree86-dga"
>EndSubSection
>Load"type1"
>Load"freetype"
>Load   "dri"
>Load   "glx"
> EndSection
>
> Section "Files"
>
> EndSection
>
> Section "InputDevice"
>Identifier  "Keyboard1"
>
> EndSection
>
> Section "InputDevice"
>Identifier  "Touchpad"
>...
> EndSection
>
> Section "InputDevice"
>Identifier  "External Mouse"
>...
> EndSection
>
> Section "Monitor"
> Identifier  "AcerMonitor"
> HorizSync   31.5-57.0
> VertRefresh 50-70
> EndSection
>
> Section "Device"
> Identifier  "Ati Radeon 9000 Mobility"
> Driver  "radeon"
> Option  "AGPMode" "4"
> Option  "AGPFastWrite" "True"
> Option  "EnablePageFlip" "True"
> EndSection
>
> Section "Screen"
>Identifier  "Screen 1"
>Device  "Ati Radeon 9000 Mobility"
>Monitor "AcerMonitor"
>DefaultDepth 24
>Subsection "Display"
>...
>Subsection "Display"
>   Depth   24
>   Modes   "1400x1050" "1280x1024" "1024x768" "800x600" "640x480"
>   ViewPort0 0
>EndSubsection
> EndSection
>
> Section "ServerLayout"
>Identifier  "Simple Layout"
>Screen "Screen 1"
>InputDevice "Touchpad" "Corepointer"
>InputDevice "External Mouse" "SendCoreEvents"
>InputDevice "Keyboard1" "CoreKeyboard"
> EndSection
>
> Section "DRI"
>Mode 0666
> EndSection
> ===
> ~# cat /etc/modules.autoload.d/kernel-2.6
> ...
> intel-agp
> ...
> drm
> ===
> ~# lsmod | grep 'drm\|agp'
> drm65944  0
> intel_agp  20508  1
> agpgart29256  2 drm,intel_agp
> ===
> ~# cat /var/log/Xorg.0.log
> ...
> (II) LoadModule: "dri"
> (II) Loading /usr/lib/modules/extensions/libdri.a
> (II) Module dri: vendor="X.Org Foundation"
> compiled for 6.8.2, module version = 1.0.0
> ABI class: X.Org Server Extension, version 0.2
> (II) Loading sub module "drm"
> (II) LoadModule: "drm"
> (II) Loading /usr/lib/modules/linux/libdrm.a
> (II) Module drm: vendor="X.Org Foundation"
> compiled for 6.8.2, module version = 1.0.0
> ABI class: X.Org Server Extension, version 0.2
> (II) Loading extension XFree86-DRI
> (II) LoadModule: "glx"
> (II) Loading /usr/lib/modules/extensions/libglx.a
> (II) Module glx: vendor="X.Org Foundation"
> compiled for 6.8.2, module version = 1.0.0
> ABI class: X.Org Server Extension, version 0.2
> (II) Loading sub module "GLcore"
> (II) LoadModule: "GLcore"
> (II) Loading /usr/lib/modules/extensions/libGLcore.a
> (II) Module GLcore: vendor="X.Org Foundation"
> compiled for 6.8.2, module version = 1.0.0
> ABI class: X.Org Server Extension, version 0.2
> (II) Loading extension GLX
> (II) LoadModule: "radeon"
> (II) Loading /usr/lib/modules/drivers/radeon_drv.o
> (II) Module radeon: vendor="X.Org Foundation"
> compiled for 6.8.2, module version = 4.0.1
> Module class: X.Org Video Driver
> ABI class: X.Org Video Driver, version 0.7
> (II) LoadModule: "ati"
> (II) Loading /usr/lib/modules/drivers/ati_drv.o
> (II) Module ati: vendor="X.Org

Re: [gentoo-user] Wireless works with Knoppix CD but not Gentoo

2006-02-17 Thread Robert Crawford 
On Friday 17 February 2006 05:17, Rob Oravec wrote:
> On Thu, 2006-02-16 at 23:32 -0500, Grant wrote:
> > I've been struggling to get my wireless card to connect to the WEP
> > Airport router at my housing complex.  It turns out it connects just
> > fine using a Knoppix disc and manual ifconfig/iwconfig commands, but
> > the same commands don't work in Gentoo.  My Gentoo packages are
> > totally up to date.  I'm using madwifi.  Any suggestions?
> >
> > - Grant
>
> Hi Grant,
>
> Firstly have you got wireless extensions enabled in the kernel?
> -CONFIG_NET_WIRELESS=y
> I believe that is a requirement.
>
> Is the madwifi-driver installed and the module loaded?
> -modprobe ath_pci
>
> If it can't find the module emerge the madwifi-driver package
> -emerge madwifi-driver
> or alternatively try the madwifi-ng code at http://madwifi.org
> Both methods should give you a "ath0" interface.
>
> Are you getting any error messages?, when you run "iwconfig" does it
> show wireless related settings on the relevant interface?
>
> Hope this helps.
> Let us know,
>
> Rob

You also need to emerge madwifi-tools, and you need ath_hal loaded too.
-- 
gentoo-user@gentoo.org mailing list

SOLVED: [gentoo-user] GConf Error

2006-02-17 Thread Emanuele Morozzi 
michael higgins wrote:
> On Tue, 14 Feb 2006 18:40:06 +0100
> Emanuele Morozzi <[EMAIL PROTECTED]> wrote:
> 
>> Hello to everybody,
>>
>> Since some day I get this error while starting Gnome:
>>
 GConf Error: Error contactiong the configuration server; it may be
 necessary to enable necessario TCP/IP support for ORBit or there may be
 an old NFS lock due to system crash. Please see
 http://www.gnome.org/projects/gconf/  (Detail - 1: Error converting IOR
 "" referencing an object 2: Error converting IOR "" referencing an
 object 2)
 EGConf Error: Error contactiong the configuration server; it may be
 necessary to enable necessario TCP/IP support for ORBit or there may be
 an old NFS lock due to system crash.
>> Gnome doesn't start in a good way. I can see only the desktop, but
>> without any icons
>>
>> Other info:
>>
>> - I have tried to re-emerge everything in system and world but without
>> success.
>>
>> - I have tried to log as root to try (I never do it).
>>
>> - I have tried to look at http://www.gnome.org/projects/gconf/
>>
>> - I think this is a permission problem
>>
>> - KDE is working perfectly
>>
>> Does anybody have some idea/suggestion/other_tries?
>>
>> Thanks.
>>
>>
> 
> Did you remove the files in ~/.gnome*, etc? This usually fixed the issue for 
> me.
> 
> HTH,
> 
> 

Solved with

http://forums.gentoo.org/viewtopic-t-362119-highlight-orbit.html

and re-emerging gconf metacity metacity-themes gnome-themes
gnome-themes-extra

Thx





___ 
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB 
http://mail.yahoo.it

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Wireless works with Knoppix CD but not Gentoo

2006-02-17 Thread Rob Oravec 
On Fri, 2006-02-17 at 06:29 -0500, Robert Crawford wrote:
> You also need to emerge madwifi-tools, and you need ath_hal loaded too.

Emerging madwifi-driver will emerge madwifi-tools.

I have never needed to explicitly load "ath_hal" as "ath_pci" loads it
dynamically even with the older madwifi code.




signature.asc
Description: This is a digitally signed message part

[gentoo-user] Re: [gentoo-user-pl] update kernel

2006-02-17 Thread Piotr Jaroszyński 
> Po drugie genkernel jest bardzo miłym i pomocnym narzędziem, nie trzeba
> się bawić w initrd itp. To takie półautomatyczne robienie jajka :)

uzywanie czy nie uzywania genkernela nie ma nic wspolnego z uzywaniem 
initrd...


-- 
Pozdrowienia,
Peper

-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread John Jolet 
Emerge ifplugd.  that's precisely what  my laptop does.

-Original Message-
From: "Marco Calviani"<[EMAIL PROTECTED]>
Sent: 2/17/06 2:29:46 AM
To: "gentoo-user@lists.gentoo.org"
Subject: [gentoo-user] net.eth0 and net.eth1 choice + net.eth1 timeout

Hi list,
   i would like to share a problem that i'm encountering in dealing
with two net interfaces. I've a "normal" ethernet device (eth0) and a
wireless ipw2200 one (eth1).

1) i would like to have, at boot, a situation in which first of all
eth0 is started; if dhcp signal is found proceed with the
initialization of eth0, while if dhcp is not found try to start eth1.

2) as of now, at boot time i've only eth0; obviously if it's not
connected via ethernet cable the dhcp goes in timeout and net
initialization is failed. Then at the prompt i reissue
/etc/init.d/net.eth1 start to start wireless connection. However, and
here's the problem, the first time i digit this, eth1 goes in timeout
too. Digiting another time the same command and everythig goes well.
This situation is encountered everytime.

Thanks in advance for any hint,
MC

-- 
gentoo-user@gentoo.org mailing list


-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] nspr problems and revdep

2006-02-17 Thread Constantine Kardaris 
hello,
some problems occured last week when i upgraded dev-libs/nspr to most
stable version (4.6.1-r1 -> 4.6.1-r2). Many programs stop working cause
they use shared libs from nspr. yelp, gnome-about-me, devhelp are some
of them. There is no problem actualy; i just re-emerged them and
problems solved.
Iam just wondering revdep-rebuild shouldn't have found those broken
links? I did "revdep-rebuild -i" but it did not find anything. :/

thnks
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Setting time in middle of session

2006-02-17 Thread James 
Uwe Thiem  iway.na> writes:

> > Hey, this is cool, do you have an example 'ip-up' config file? 

> My customised part of ip-up looks like this:


> Doesn't matter whether it uses a modem, just a serial line or any other 
> media, /etc/ppp/ip-up is executed as soon as the two ppp processes have 
> established an IP connection.

This is cool, I realized that I had not actually emerged ppp so that's
why /etc/ppp/ip-up was missing. Thanks for the examples, I should be
all set now.

thx,
James



-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] printer won't stop puking

2006-02-17 Thread Michael Kintzios 


> -Original Message-
> From: William Kenworthy [mailto:[EMAIL PROTECTED] 
> Sent: 16 February 2006 12:07
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] printer won't stop puking
> 
> 
> At times you also have to go to the cups cache directory and 
> delete the
> print job there as well, as on restart it stats the printjob from the
> beginning again.  They really need to fix this ...

As a rule I delete unwanted jobs from the localhost:631 gui.  Only when
I forcefully shut Cups down, or switch off the printer *without*
deleting the previously submitted jobs using the gui I get problems
similar to what you describe.
-- 
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Re: Problems with GRUB in the installation of Gentoo

2006-02-17 Thread Holly Bostick 
Neil Bothwick schreef:
> On Thu, 16 Feb 2006 23:33:15 +0100, Holly Bostick wrote:
> 
>> This functionality is not in any way a hack:
>> 
>> equery belongs /sbin/installkernel [ Searching for file(s) 
>> /sbin/installkernel in *... ] sys-apps/debianutils-2.15 
>> (/sbin/installkernel)
> 
> 
> It's part of system.
> 
> # emerge -C debianutils
> 
> !!! 'sys-apps/debianutils' is part of your system profile. !!! 
> Unmerging it may be damaging to your system.
> 
> 
I suspected that (since it would be eminently logical for the package
that provides the 'make install' command to be on the system by
default), but as I said in an unquoted part of that mail I don't know
how to check what's in system.

Is there another way to get a list of packages that comprise the system
profile (other than just trying to unmerge one and getting a warning)?

Holly
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Uwe Thiem 
On 17 February 2006 13:10, Marco Calviani wrote:
> Hi Uwe,
>
> > Try:
> > genkernel --gensplash=emergence --gensplash-res=1024x768 initrd
> >
> > genkernel puts all those nifty little things in your initrd. You could
> > add "--menuconfig" if you want to check your kernel options.
> >
> > Look up the exact name of the generated initrd in /boot and adjust your
> > grub entry accordingly.
>
> the fact is that i didn't use genkernel to build my actual kernel. I
> think it is not possible to use in the way you told me..

Yes, it is. You can use genkernel to create your initrd without haven used it 
for the kernel itself.

Uwe

-- 
Why do consumers keep buying products they will live to curse?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] nagios & cgi.cfg SOLVED

2006-02-17 Thread Herman Grootaers 
On Friday 17 February 2006 11:29, Arnau Bria Ramírez wrote:
> El Thu, 16 Feb 2006 16:46:23 +
> Arnau Bria Ramírez dijo:
>
> In order to let apache move into nagios directories, I add to include
> apache into nagios group.
>
> All my problems moved away!
>
> Many thanks to all how read this threat!

Stupid of me not to think about this. It is so simple afterwards to 
think about it, but I was not on my work when I was reading this 
thread.

I had Nagios running for 59 servers and over 400 tests, it took an hour 
(yes 3600 seconds) to give accurate results about the machines; and I 
am still no Nagios-guru.

thanks
-- 
Herman Grootaers


-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread Thomas Kirchner 
* On Feb 17  9:46, Neil Bothwick (gentoo-user@lists.gentoo.org) wrote:
> Note that the latest baselayout supports ifplugd itself. You only need 
> to emerge ifplugd, you don't need to configure it or add it to a 
> runlevel.

I'm having a similar problem, and I'm using ifplugd via baselayout.  
(net.eth0 and net.eth1 starting by default runlevel, not ifplugd.)

However, when I start my laptop, only net.eth0 is started even if a 
wireless signal exists.  Obviously, I'd like net.eth1 (wireless) started 
if net.eth0 fails.

In /etc/conf.d/net, I've tried both the wpa_supplicant and iwconfig 
modules for eth1, with the ifplugd module, and nothing is attempted 
automatically.  I have to either manually iwconfig eth1 or restart 
/etc/init.d/net.eth1 to get a connection.

Any ideas why it's not starting automatically?

Tom


pgpAxBWzF5cX5.pgp
Description: PGP signature

Re: [gentoo-user] Re: Re: Problems with GRUB in the installation of Gentoo

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 14:45:39 +0100, Holly Bostick wrote:

> Is there another way to get a list of packages that comprise the system
> profile (other than just trying to unmerge one and getting a warning)?

You could look at the packages files in the directory linked to
by /etc/make.profile and its parents. Or you could do emerge -pe system

$ emerge -pe system | grep debian
[ebuild  N] sys-apps/debianutils-2.15


-- 
Neil Bothwick

"Bother" said Rue, when Eeyore called him a sellout


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Setting time in middle of session

2006-02-17 Thread Uwe Thiem 
On 17 February 2006 15:32, James wrote:
> Uwe Thiem  iway.na> writes:
> > > Hey, this is cool, do you have an example 'ip-up' config file?
> >
> > My customised part of ip-up looks like this:
>
> 
>
> > Doesn't matter whether it uses a modem, just a serial line or any other
> > media, /etc/ppp/ip-up is executed as soon as the two ppp processes have
> > established an IP connection.
>
> This is cool, I realized that I had not actually emerged ppp so that's
> why /etc/ppp/ip-up was missing. Thanks for the examples, I should be
> all set now.

Actually, I forgot something. You said you used ppp for connections to 
embedded devices not on the Internet. So you probably want to do different 
things depending on which device you connect to.

Since the fifth parameter ($5) ip-ip gets called with is the remote IP address 
you can base on that parameter which part of ip-up is executed.

Uwe

-- 
Why do consumers keep buying products they will live to curse?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] 3d rendering with dri radeon

2006-02-17 Thread Andrei Slavoiu 
--- Bo Andresen <[EMAIL PROTECTED]> wrote:
> ~# lsmod | grep 'drm\|agp'
> drm65944  0
> intel_agp  20508  1
> agpgart29256  2 drm,intel_agp
There should also be a drm_radeon there (not sure how
it's called because I use it builtin the kernel)

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] File system full issues

2006-02-17 Thread Frédéric Grosshans 
Le jeudi 16 février 2006 à 16:32 +, Neil Bothwick a écrit :
> On Thu, 16 Feb 2006 07:50:01 -0800, Mark Knecht wrote:
> 
> > > I found xdiskusage to be a very practical tool to findout where space
> > > is wasted on a disk. 

[...]
> Filelight is another useful program here... and with more eye-candy :)
Stupid question : Is there a gnome equivalent ? (I like candy !)
Obvious answer : apparently not easily found with Google. But I just ask
to be proven wrong...

Fred

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Marco Calviani 
Hi Uwe,

> Yes, it is. You can use genkernel to create your initrd without haven used it
> for the kernel itself.

i would like to thank you very much for your help. Effectively the
system is working now. Thanks again.

Since we're here and you're expert in this field, i would like to ask
you if, like me, you experience problem in deleting the
/etc/splash/default symlink:

# rm -rf default/
rm: cannot remove `default/': Not a directory

How is it possible?

MC

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: net.eth0 and net.eth1 choice + net.eth1 timeout

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 08:56:23 -0500, Thomas Kirchner wrote:

> I'm having a similar problem, and I'm using ifplugd via baselayout.  
> (net.eth0 and net.eth1 starting by default runlevel, not ifplugd.)
> 
> However, when I start my laptop, only net.eth0 is started even if a 
> wireless signal exists.  Obviously, I'd like net.eth1 (wireless)
> started if net.eth0 fails.

net.eth0 isn't actually failing when ifplugd detects no cable. It is
shown as inactive rather than stopped. You could try starting the
interface from /etc/conf.d/local only if eth0 is not active with

etc/init.d/net.eth0 status --quiet | echo /etc/init.d/eth1 start

You should also edit /etc/conf.d/net to shut down eth1 when eth0 detects
a cable. I have this as the preup function

preup() {
  [ ${IFACE} == "eth0" ] && /etc/init.d/net.eth1 --quiet status && 
/etc/init.d/net.eth1 pause
  return 0
}


-- 
Neil Bothwick

"Bother," said Pooh, as he pulled the alien face-hugger off.


signature.asc
Description: PGP signature

Re: [gentoo-user] File system full issues

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 16:19:22 +0100, Frédéric Grosshans wrote:

> > Filelight is another useful program here... and with more eye-candy :)

> Stupid question : Is there a gnome equivalent ?

Not that I know of.

> (I like candy !)

So do I, but I don't like GNOME

SCNR :)


-- 
Neil Bothwick

Politically Incorrect -- and damn proud of it!


signature.asc
Description: PGP signature

Re: [gentoo-user] File system full issues

2006-02-17 Thread Frédéric Grosshans 
Le vendredi 17 février 2006 à 16:07 +, Neil Bothwick wrote, using 

Sylpheed-Claws 2.0.0 (GTK+ 2.8.12;
x86_64-pc-linux-gnu)
> So do I, but I don't like GNOME
> SCNR :)

But apparently, you like GTK+ software enough to use it to write this
Gnome-bashing answer ;) 

SCNR ...

Fred

PS: I know GTK != Gnome. I suppose you use XFCE. 



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] File system full issues

2006-02-17 Thread Mark Knecht 
On 2/17/06, Frédéric Grosshans
<[EMAIL PROTECTED]> wrote:
>
> PS: I know GTK != Gnome. I suppose you use XFCE.
>
Or possibly some minimalistic environment like fluxbox?

I'd use fluxbox or something like that if there was a good way to
manage menus. Last time I used it as my main environment, now over two
years ago, they made you edit files by hand to get menus which was a
drag.

Cheers,
Mark

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] File system full issues

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 17:49:07 +0100, Frédéric Grosshans wrote:

> > So do I, but I don't like GNOME
> > SCNR :)
> 
> But apparently, you like GTK+ software enough to use it to write this
> Gnome-bashing answer ;) 

Good catch :)

> PS: I know GTK != Gnome. I suppose you use XFCE. 

I use KDE for the desktop, but whatever program best suits the task in
hand. I also use The GIMP, Gnucash, VMWare and Unison, and probably
several other GTK apps I can't think of right now.

I'd say it was impossible to limit yourself to only GTK or only QT
without severely limiting your software choices.


-- 
Neil Bothwick

User-friendly: (adj.) trivialized, slow, incapable, and boring.


signature.asc
Description: PGP signature

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Etaoin Shrdlu 
On Friday 17 February 2006 16:35, Marco Calviani wrote:

> Since we're here and you're expert in this field, i would like to ask
> you if, like me, you experience problem in deleting the
> /etc/splash/default symlink:
>
> # rm -rf default/
> rm: cannot remove `default/': Not a directory
>
> How is it possible?

Well, the message is correct. Look:

# rm -rf default/
rm: cannot remove `default/': Not a directory
# rm -rf default
#

If you include the trailing slash, rm thinks that you are asking it to 
delete a directory, which "default" is not (it's a symlink).
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Hemmann, Volker Armin 
On Friday 17 February 2006 07:33, Alexander Skwar wrote:
> Hemmann, Volker Armin wrote:
> > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> >> Hemmann, Volker Armin wrote:
> >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> >> >> Hemmann, Volker Armin wrote:
> >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
> >> >> >> Hemmann, Volker Armin wrote:
> >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:
> >> >> >> >> Izar Ilun wrote:
> >> >> >
> >> >> > Why should he make /tmp noexec,
> >> >>
> >> >> Security precaution.
> >> >
> >> > if you have 10+ users with access to the box. But a workstation,
> >> > without even sshd running, it is not needed.
> >>
> >> "needed" - What's "needed", anyway?
> >>
> >> > And hey, why should /tmp noexec save you from anything?
> >>
> >> Because it does.
> >
> > so? how?
>
> Think, you might find out. What does noexec do, hm?
>
> Even *you* might find out...
>
> Well... If I think about it... No, you're too clueless
> to find out.
>
> Hint 1: "noexec" nowadays makes it impossible to execute
> programs stored on that filesystem.

I know, but it won't save you from anything.
After a user got in, he is a user. And every user has a place with write 
permission (if he is user apache/httpd he has lots of places, where he can 
store code).  Outside of /tmp.
You see - it doesn't help you anything.

> Hint 2: /tmp (and /var/tmp) are (hopefully) the only places
> where everybody can write.

an attacker does not need a place, where everybody can write. He just needs 
SOME place, where he can write - like the home-directory of the user he just 
corrumpted.
Also, he can disrupt your system, by just filling up /tmp. No code needed for 
that.

>
> >> > If someone is  able to break into your box, he can build his tools in
> >> > /home or /var/tmp or somewhere else. No need for /tmp.
> >>
> >> Wrong again. If tmp is the only place somebody can write, then
> >> it might save you (and it DID save my ass more than once now).
> >
> > since /tmp is not the only place where someone can write (/var/tmp
> > anyone?)
>
> True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp
> could also easily be a seperate fs.
and another partition ..,.

>
> > it
> > won't help you much.
>
> That's of course wrong again.
>
> >> >> Ah. Please explain how you mount /tmp noexec and /usr
> >> >> readonly.
> >> >
> >> > I don't because it is wasted effort.
> >>
> >> Of course it's not.
> >
> > yes it is.
>
> Jaja. Just because you've got problems, it doesn't mean
> that there ARE problems.

it is wasted: if he has so many rights, that he could write to /usr, he has 
enough rights to remount it.
and /tmp is not needed, as soon  as you have breaken into the box.
Plus, a full /tmp and /var will disrupt services and make reboot (almost) 
impossible.

So, noexec and ro /usr will save you from nothing.

> No, it's not. Write permissions don't mean, that somebody is root.

in my /usr, yes it does.
;)


> >
> > yes really, you have to remount /usr everytime you update something.
>
> Jaja. You know, your exaggerations become boring...

because it is true?
show me, how do you update something residing in /usr without remounting.

>

>
> a) /tmp is cleaned during boot - so this won't happen anyway.

/tmp ios cleaned so late, that it is too late, is both are totally full.

> b) Don't let it happen in the first place.
you can not tell an attacker what not to do.

> c) Boot a rescue system like Knoppix and clean /tmp.

yeah! but why boot from a boot-cd, if you don't have to? (hint: /tmp not on 
its own, small partition)

>
> d) In reality, I NEVER had it happen that /tmp or /var/tmp
> ran out of space. What happened "more often" is that /var
> ran out of space, because of the logs in /var/log.

you have never used gimp, did you?
I have seen gimp filling up a 5GB /tmp.

>
> >> >> I see. Strange thing is, that about every server and workstation
> >> >> I've seen more or less contradicts what you say.
> >> >
> >> > if you have 20+ users on each of them, and every single one is a
> >> > little cracker in disguisse, it may make sense, but for a single user
> >> > box?
> >>
> >> Why are you asking?
> >
> > because you are the one starting with 'server' and 'workstations'
>
> Correct. So what? Why are you asking?
>
> > and the OP
> > never talked about one or the other.
>
> His system MUST be the one or the other.

nope, there is a third category: personal computer (also called home 
computer).

>
> >> > If every partition takes a second, it will be very noticable.
> >>
> >> Hardly. (Notice that I'm not saying "No".)
> >
> > if mounting becomes the major 'hold up' in your booting process, it
> > becomes VERY noticable.
>
> Jaja. Do you actually expect to be taken seriously?

not from you. From thois mailing list I learnt, that if someone is not on your 
side, the person is wrong.

>
> > I have been there,
>
> I doubt that.

Why should I lie?
I had 3 ibm harddisks 1

Re: [gentoo-user] Hardware issues, probably overheating, help?

2006-02-17 Thread Hemmann, Volker Armin 
On Friday 17 February 2006 12:03, Mrugesh Karnik wrote:
> On Friday 17 February 2006 04:32, [EMAIL PROTECTED] wrote:
> > A long shot, but I had this happen once due to bad power supply.
> >
> > Is there a chance the power supply is failing? If you have an alternate
> > supply, you may want to swap it out. Are you pushing it near its limits,
> > perhaps with many disk drives? Can you remove some drives as a test?
>
> I thought this to be a possibility to start with... I have been wondering
> about buying a 400W supply. Hmm, this'll need some testing.

the watt printed on the case is not everything!
It is some phantasy number, created by marketing.
Look for 'combined power' (which will be much lower), and don't buy a cheap 
one.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Richard Fish 
On 2/17/06, Hemmann, Volker Armin <[EMAIL PROTECTED]> wrote:
> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
> > Hemmann, Volker Armin wrote:
> > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> > >> Hemmann, Volker Armin wrote:
> > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> > >> >> Hemmann, Volker Armin wrote:
> > >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
> > >> >> >> Hemmann, Volker Armin wrote:
> > >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:

Are you two done with your pissing match yet?  You've both made your
points already, you are obviously not going to convince the other of
anything, and this whole "I'm right; no I'M RIGHT, NO YOUR WRONG AND
I'M RIGHT" thread is getting really boring.

-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Richard Fish 
On 2/17/06, Uwe Thiem <[EMAIL PROTECTED]> wrote:
> Kernel panic ... hm ...
>
> How did you generate your initrd? Maybe, it doesn't contain "linuxrc" which
> does all the magic before it hands over to the real init process.

He could also be using an initramfs (which is preferable to an initrd
today, because it is available even earlier) which uses an "init"
script.

-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] 3d rendering with dri radeon

2006-02-17 Thread Benno Schulenberg 
Bo Andresen wrote:
> [ebuild   R   ] x11-base/x11-drm-20050502  0 kB

There's a much more recent version of this, have you tried that?
As DRM can change from kernel release to kernel release, you need 
the version that fits your kernel.  To use that newer DRM version, 
it may be that you need to manually and locally install libdrm, or 
upgrade to Xorg-7.0.

> Option  "AGPFastWrite" "True"
> Option  "EnablePageFlip" "True"

You may want to switch these off, when things start locking up.

Benno
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Alexander Skwar 
Hemmann, Volker Armin wrote:
> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
>> Hemmann, Volker Armin wrote:
>> > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
>> >> Hemmann, Volker Armin wrote:
>> >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
>> >> >> Hemmann, Volker Armin wrote:
>> >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
>> >> >> >> Hemmann, Volker Armin wrote:
>> >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:
>> >> >> >> >> Izar Ilun wrote:
>> >> >> >
>> >> >> > Why should he make /tmp noexec,
>> >> >>
>> >> >> Security precaution.
>> >> >
>> >> > if you have 10+ users with access to the box. But a workstation,
>> >> > without even sshd running, it is not needed.
>> >>
>> >> "needed" - What's "needed", anyway?
>> >>
>> >> > And hey, why should /tmp noexec save you from anything?
>> >>
>> >> Because it does.
>> >
>> > so? how?
>>
>> Think, you might find out. What does noexec do, hm?
>>
>> Even *you* might find out...
>>
>> Well... If I think about it... No, you're too clueless
>> to find out.
>>
>> Hint 1: "noexec" nowadays makes it impossible to execute
>> programs stored on that filesystem.
> 
> I know,

Obviously not.

> but it won't save you from anything.

It does. Like I said.

> After a user got in,

Then it is too late. noexec can save you exactly here.

> he is a user. And every user has a place with write 
> permission (if he is user apache/httpd he has lots of places, where he can 
> store code).

No, he doesn't.

>  Outside of /tmp.

Wrong.

> You see - it doesn't help you anything.

I see that you don't know what you're talking about.

>> Hint 2: /tmp (and /var/tmp) are (hopefully) the only places
>> where everybody can write.
> 
> an attacker does not need a place, where everybody can write. He just needs 
> SOME place, where he can write - like the home-directory of the user he just 
> corrumpted.

But to gain access, most attacks need a place to write.

> Also, he can disrupt your system, by just filling up /tmp. No code needed for 
> that.

True. /var/log might be even easier.

>> True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp
>> could also easily be a seperate fs.
> and another partition ..,.

Hint: A link is not a partition. And even if it were another
filesystem - who cares?

>> >> >> Ah. Please explain how you mount /tmp noexec and /usr
>> >> >> readonly.
>> >> >
>> >> > I don't because it is wasted effort.
>> >>
>> >> Of course it's not.
>> >
>> > yes it is.
>>
>> Jaja. Just because you've got problems, it doesn't mean
>> that there ARE problems.
> 
> it is wasted: if he has so many rights, that he could write to /usr, he has 
> enough rights to remount it.

Of course not. Having write permissions doesn't mean that
somebody is root.

Answer the question.

> and /tmp is not needed, as soon  as you have breaken into the box.

Exactly - *as* *soon*.

> So, noexec and ro /usr will save you from nothing.

Wrong.

>> No, it's not. Write permissions don't mean, that somebody is root.
> 
> in my /usr, yes it does.

Fine - who cares?

>> > yes really, you have to remount /usr everytime you update something.
>>
>> Jaja. You know, your exaggerations become boring...
> 
> because it is true?

No, it's not.

> show me, how do you update something residing in /usr without remounting.

I don't.

>> c) Boot a rescue system like Knoppix and clean /tmp.
> 
> yeah! but why boot from a boot-cd, if you don't have to? (hint:

Don't let it happen in the first place.

 /tmp not on
> its own, small partition)

Bad advice.

>> >> >> I see. Strange thing is, that about every server and workstation
>> >> >> I've seen more or less contradicts what you say.
>> >> >
>> >> > if you have 20+ users on each of them, and every single one is a
>> >> > little cracker in disguisse, it may make sense, but for a single user
>> >> > box?
>> >>
>> >> Why are you asking?
>> >
>> > because you are the one starting with 'server' and 'workstations'
>>
>> Correct. So what? Why are you asking?
>>
>> > and the OP
>> > never talked about one or the other.
>>
>> His system MUST be the one or the other.
> 
> nope,

Wrong.


> there is a third category: personal computer (also called home 
> computer).

Which is the WS class.

>> >> > If every partition takes a second, it will be very noticable.
>> >>
>> >> Hardly. (Notice that I'm not saying "No".)
>> >
>> > if mounting becomes the major 'hold up' in your booting process, it
>> > becomes VERY noticable.
>>
>> Jaja. Do you actually expect to be taken seriously?
> 
> not from you.

Fine.

> From thois mailing list I learnt, that if someone is not on your 
> side, the person is wrong.

If you say so.

>> > I have been there,
>>
>> I doubt that.
> 
> Why should I lie?

I've got no idea. But you obviously do.

> I had 3 ibm harddisks 1x10Gb,2x40gb one seagate 20gb and all and everything 
> on 
> its own partition.
> And it was hell after a while.

Because you overdid it: "all a

Re: [gentoo-user] Hardware issues, probably power-related

2006-02-17 Thread Benno Schulenberg 
Mrugesh Karnik wrote:
> It says 400W on the power supply, but at the price I've bought
> the case, I'm sure its only about 350W.

More than enough.  But maybe the mains is polluted (by electric 
motors or other high frequency stuff) or its tension has been 
lowered by some 10 or 20 volts?

Benno
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Wireless works with Knoppix CD but not Gentoo

2006-02-17 Thread Grant 
> > I've been struggling to get my wireless card to connect to the WEP
> > Airport router at my housing complex.  It turns out it connects just
> > fine using a Knoppix disc and manual ifconfig/iwconfig commands, but
> > the same commands don't work in Gentoo.  My Gentoo packages are
> > totally up to date.  I'm using madwifi.  Any suggestions?
> >
> > - Grant
> >
>
> Hi Grant,
>
> Firstly have you got wireless extensions enabled in the kernel?
> -CONFIG_NET_WIRELESS=y
> I believe that is a requirement.
>
> Is the madwifi-driver installed and the module loaded?
> -modprobe ath_pci
>
> If it can't find the module emerge the madwifi-driver package
> -emerge madwifi-driver
> or alternatively try the madwifi-ng code at http://madwifi.org
> Both methods should give you a "ath0" interface.
>
> Are you getting any error messages?, when you run "iwconfig" does it
> show wireless related settings on the relevant interface?
>
> Hope this helps.
> Let us know,

Hi Rob,

I should have mentioned that this card works great with all other
access points: WEP, WPA, and unencrypted.  It just seems to have a
problem with this Airport under Gentoo.

- Grant

> Rob

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Alexander Skwar 
Richard Fish wrote:
> On 2/17/06, Hemmann, Volker Armin <[EMAIL PROTECTED]> wrote:
>> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
>> > Hemmann, Volker Armin wrote:
>> > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
>> > >> Hemmann, Volker Armin wrote:
>> > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
>> > >> >> Hemmann, Volker Armin wrote:
>> > >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
>> > >> >> >> Hemmann, Volker Armin wrote:
>> > >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:
> 
> Are you two done with your pissing match yet?

Sure. As soon as that moron stops pissing at me, I'll
also stop.

>  You've both made your
> points already, you are obviously not going to convince the other of
> anything,

Exactly.

> thread is getting really boring.

Yes, it is.

Alexander Skwar
-- 
All laws are simulations of reality.
   -- John C. Lilly
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] /dev/ttyS0: Too many levels of symbolic links

2006-02-17 Thread Michael Hartmann 
Hi list,

I tried to use a serial device, but /dev/ttyS0 is a symlink to /dev/tss/0 
and /dev/tss/0 is a symlink to /dev/ttyS0 (again)
/dev/ttyS0 -> /dev/tts/0 -> /dev/ttyS0 --> [...].
I don't know if I have compiled the right kernel drivers for serial devices 
(in fact I've compiled and loaded these kernel modules: 8250.ko  8250_acpi.ko  
8250_pci.ko  8250_pnp.ko  serial_core.ko).

However, /dev/ttyS0 shouldn't be a recursive symlink.

I'm using the latest (unmasked) udev available with gentoo.

Any ideas?

Thank you,
Michael
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: fbsplash starting after local and not during boot

2006-02-17 Thread Simon Kellett 
Uwe Thiem <[EMAIL PROTECTED]> writes:

> kernel /boot/kernel-2.6.14-gentoo-r5-fb root=/dev/ram0 init=linuxrc 
> ramdisk=8192 real_root=/dev/hda3 quiet video=vesafb:ywrap,mtrr,[EMAIL 
> PROTECTED] 
> splash=silent,fadein,theme:emergence quiet CONSOLE=/dev/tty1

As a side issue: for kernel versions from 2.6.13 onwards you must
specify the mtrr mode: eg "mtrr:2". IIRC the default is off !!

-- 
Simon Kellett,|   Gentoo Linux, Fvwm, Firefox 
Darmstadt, Germany|  Xemacs, Vm, Gnus

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Benno Schulenberg 
Alexander Skwar wrote:
> Richard Fish wrote:
> > Are you two done with your pissing match yet?
>
> Sure. As soon as that moron stops pissing at me, I'll
> also stop.

You lost.  If you're so clever, you should stop first.

Benno
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Daniel da Veiga 
Take it to an IRC chat or whatever where the both of you can keep
going with this pointless and obviously selfish discussion that is not
even close to the OP question and had been discussed a lot over the
net, being one of those things where you think you're right and use
it, and somebody else don't and use something else, but both of you
are SURE that the other is wrong.

Do that please so my mail checker won't come with warnings every 10
minutes and save me the time of reading just to see you both keep
chatting (yes, it looks exactly as a private chat).

Don't get me wrong, you both surely are good pros and probably have
helped a lot of people (including me, maybe), but this thread has gone
too far and now there's no point in going on, if you want, please
don't post to the list, private reply each other ok.

--
Daniel da Veiga
Computer Operator - RS - Brazil
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
--END GEEK CODE BLOCK--

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Maarten 

Okay, can we stop with the flamefest, already ?
Comments below...

Alexander Skwar wrote:
> Hemmann, Volker Armin wrote:
>>On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
>>>Hemmann, Volker Armin wrote:
On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
>Hemmann, Volker Armin wrote:
>>On Thursday 16 February 2006 15:45, Alexander Skwar wrote:


>>>Wrong again. If tmp is the only place somebody can write, then
>>>it might save you (and it DID save my ass more than once now).
>>
>>since /tmp is not the only place where someone can write (/var/tmp anyone?)

Several more indeed.  Find comes to the rescue:

120870 drwxrwxrwt   2 root root   40 Jan 10 22:40 /dev/shm
2527440 drwxrwxrwt   2 root root   72 Apr 20  2005 
/var/spool/samba

Yes, I CAN make files there, as a regular user.


>>if he has enough rights, that you have to worry about rw /usr, he has enough 
>>rights, to circumvent ro mounting by remounting.

No, that is also not true.  Just to satisfy everyone's curiosity, look at what
find comes up with:

12100210 drwxrwxr-x   2 lp   lp416 Aug 26 16:44 
/usr/share/foo2zjs/crd
128775   21 drwxrwsr-x   4 root portage 21968 Feb  8 10:58 
/usr/portage/distfiles

And I'm _only_ looking at directories now, not even files...

>>yes really, you have to remount /usr everytime you update something.
> 
> Jaja. You know, your exaggerations become boring...

Well, no.  It is correct. How do you expect to install something when /usr is 
mounted RO ?




Maarten
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] php5 upgrade instruction

2006-02-17 Thread A. Khattri 
On Thu, 16 Feb 2006, Roy Wright wrote:

> >
>
> http://www.gentoo.org/proj/en/php/php-upgrading.xml
>


And what if you dont want to upgrade?!


-- 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] php5 upgrade instruction

2006-02-17 Thread Jarry 
I'm having also problems with php installation/upgrade:
I need php, php-cgi, php_mod and phpmyadmin. Impossible!

mod_php/php-cgi is still in 4.x version, it installs php
4.x,  and I can not install phpmyadmin because it wants php5.
And php can not be upgraded from 4.x to 5.x, because it is
needed/blocked by php-cgi and mod_php. How to get out of this?

Jarry
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] php5 upgrade instruction

2006-02-17 Thread Maximilian Gaß 
Am Freitag, 17. Februar 2006 21:44 schrieb Jarry:
> I'm having also problems with php installation/upgrade:
> I need php, php-cgi, php_mod and phpmyadmin. Impossible!
>
> mod_php/php-cgi is still in 4.x version, it installs php
> 4.x,  and I can not install phpmyadmin because it wants php5.
> And php can not be upgraded from 4.x to 5.x, because it is
> needed/blocked by php-cgi and mod_php. How to get out of this?
>
> Jarry

mkdir -p /etc/portage/profile
echo "dev-lang/php-5.0.5" >> /etc/portage/profile/package.provided

Portage will think that PHP5 is installed.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] php5 upgrade instruction

2006-02-17 Thread A. Khattri 
On Fri, 17 Feb 2006, A. Khattri wrote:

> On Thu, 16 Feb 2006, Roy Wright wrote:
>
> > >
> >
> > http://www.gentoo.org/proj/en/php/php-upgrading.xml
> >
>
>
> And what if you dont want to upgrade?!

Never mind, I figured it out.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Alexander Skwar 
Maarten wrote:
> Okay, can we stop with the flamefest, already ?

Certainly.

> Alexander Skwar wrote:
>> Hemmann, Volker Armin wrote:
>>>On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
Hemmann, Volker Armin wrote:
>On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
>>Hemmann, Volker Armin wrote:
>>>On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
> 
> 
Wrong again. If tmp is the only place somebody can write, then
it might save you (and it DID save my ass more than once now).
>>>
>>>since /tmp is not the only place where someone can write (/var/tmp anyone?)
> 
> Several more indeed.  Find comes to the rescue:
> 
> 120870 drwxrwxrwt   2 root root   40 Jan 10 22:40 /dev/shm
> 2527440 drwxrwxrwt   2 root root   72 Apr 20  2005 
> /var/spool/samba
> 
> Yes, I CAN make files there, as a regular user.

Yep, but you have to find those places. If you cannot execute
programs, that will be hard. With /tmp, an attacker knows
that he can write there.

Granted, /dev/shm is also a rather common place that allows
everyone to write to.

>>>yes really, you have to remount /usr everytime you update something.
>> 
>> Jaja. You know, your exaggerations become boring...
> 
> Well, no.  It is correct. How do you expect to install something when /usr is 
> mounted RO ?

Well, you know, his arguments aren't /totally/ wrong. I already
said that they are true, in a sense - but I also said, that he's
exaggerating very much. Quite obviously, there's no way to write
to /usr if it is mounted read only.

What I disagree with, is that his notion that a "mount -o
remount,rw /usr" is a lot of work.

I also don't disagree that it IS extra work. I'm just saying
that it's not MUCH extra work.

Alexander Skwar
-- 
(German philosopher) Georg Wilhelm Hegel, on his deathbed, complained,
"Only one man ever understood me."  He fell silent for a while and then added,
"And he didn't understand me."
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Uwe Thiem 
On 17 February 2006 17:35, Marco Calviani wrote:
> Hi Uwe,
>
> > Yes, it is. You can use genkernel to create your initrd without haven
> > used it for the kernel itself.
>
> i would like to thank you very much for your help. Effectively the
> system is working now. Thanks again.

Congratulations!

>
> Since we're here and you're expert in this field, i would like to ask
> you if, like me, you experience problem in deleting the
> /etc/splash/default symlink:
>
> # rm -rf default/
> rm: cannot remove `default/': Not a directory

Now, this is interesting and intriguing. ;-)

First of all, what filesystem are you using? Ext2/ext3?

Secondly, would you please do a "ls -ld default" from the same place you did 
the "rm"? And, of course, post the output? I have an idea what this might be 
about.

Uwe

-- 
Why do consumers keep buying products they will live to curse?
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: php5 upgrade instruction

2006-02-17 Thread Harm Geerts 
On Friday 17 February 2006 21:44, Jarry wrote:
> I'm having also problems with php installation/upgrade:
> I need php, php-cgi, php_mod and phpmyadmin. Impossible!
>
> mod_php/php-cgi is still in 4.x version, it installs php
> 4.x,  and I can not install phpmyadmin because it wants php5.
> And php can not be upgraded from 4.x to 5.x, because it is
> needed/blocked by php-cgi and mod_php. How to get out of this?

dev-lang/php is a replacement for dev-php/php-cgi,mod_php,php

dev-lang/php uses USE flags to decide which SAPI's have to be build.
USE="cgi apache2" emerge dev-lang/php
This would merge the php-cgi and mod_php for apache2.

You'll have to set at least one SAPI.
Remember to build dev-lang/php with the same USE flags as you used on mod_php 
and php-cgi.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Hardware issues, probably power-related

2006-02-17 Thread Mrugesh Karnik 
On Saturday 18 February 2006 00:04, Benno Schulenberg wrote:
> Mrugesh Karnik wrote:
> > It says 400W on the power supply, but at the price I've bought
> > the case, I'm sure its only about 350W.
>
> More than enough.  But maybe the mains is polluted (by electric
> motors or other high frequency stuff) or its tension has been
> lowered by some 10 or 20 volts?

Hmmm. I have a feeling that there's just too much electrical load in our 
home...

Mrugesh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Patrick Börjesson 
First, I can't really understand why either one of you two won't fully
explain your reasonings when going against the other. It helps noone.

On 2006-02-17 19:04, Hemmann, Volker Armin uttered these thoughts:
> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
> > Hemmann, Volker Armin wrote:
> > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> > >> Hemmann, Volker Armin wrote:
> > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> > >> >> Hemmann, Volker Armin wrote:
> > >> >> >
> > >> >> > Why should he make /tmp noexec,
> > >> >>
> > >> >> Security precaution.
> > >> >
> > >> > if you have 10+ users with access to the box. But a workstation,
> > >> > without even sshd running, it is not needed.

Of course, if you have a system with _no_ services running (including
apache, sshd and so on), or a firewall that blocks every and all
incoming connection attempt, then for someone to access /tmp without
having physical access to the system (in which case you're pretty much
screwed anyhow) is, as far as I know, impossible. 

This doesn't take into account client-side exploits; because with these
the exploiting code has access to whatever resources the user running
the client has, including writing to whatever areas that the user has. 

> > >> "needed" - What's "needed", anyway?
> > >>
> > >> > And hey, why should /tmp noexec save you from anything?
> > >>
> > >> Because it does.
> > >
> > > so? how?
> >
> > Think, you might find out. What does noexec do, hm?
> >
> > Even *you* might find out...
> >
> > Well... If I think about it... No, you're too clueless
> > to find out.
> >
> > Hint 1: "noexec" nowadays makes it impossible to execute
> > programs stored on that filesystem.
> 
> I know, but it won't save you from anything.
> After a user got in, he is a user. And every user has a place with write 
> permission (if he is user apache/httpd he has lots of places, where he can 
> store code).  Outside of /tmp.

Where?
If you've locked down your system tight enough (with file permissions,
noexec and so on), I'd guess that the places where things can be stored
_and_ be executed from is pretty limited. 

> You see - it doesn't help you anything.

I disagre, but if you're under that impression you're not forced to go
that route... But I'd advice you from expressing this opinion to people
not knowing better. 

> > Hint 2: /tmp (and /var/tmp) are (hopefully) the only places
> > where everybody can write.
> 
> an attacker does not need a place, where everybody can write. He just needs 
> SOME place, where he can write - like the home-directory of the user he just 
> corrumpted.

What's to say that the only way to get access to a system is through
hacking a user account? 
Exploits have existed (and probably does, if not in older code) that
uses /tmp, and the ability to execute things from that location, to get
access to more privileges.
So having /tmp mounted as noexec is a good security measure from these
kind of exploits. 

> Also, he can disrupt your system, by just filling up /tmp. No code needed for 
> that.

And that is the exact reason for keeping "writable by all" locations on
separate filesystems, so that the damage can be limited and not make the
entire system unusable if someone decides to fill up a filesystem. 

> > >> > If someone is  able to break into your box, he can build his tools in
> > >> > /home or /var/tmp or somewhere else. No need for /tmp.
> > >>
> > >> Wrong again. If tmp is the only place somebody can write, then
> > >> it might save you (and it DID save my ass more than once now).
> > >
> > > since /tmp is not the only place where someone can write (/var/tmp
> > > anyone?)
> >
> > True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp
> > could also easily be a seperate fs.
> and another partition ..,.

Not necessarily a partition (by using LVM), but ok. 

I really don't get why this is a problem if you can easily extend the
size of these filesystems, which it is when using LVM or an eqvivalent
system. 

> > > it
> > > won't help you much.
> >
> > That's of course wrong again.
> >
> > >> >> Ah. Please explain how you mount /tmp noexec and /usr
> > >> >> readonly.
> > >> >
> > >> > I don't because it is wasted effort.
> > >>
> > >> Of course it's not.
> > >
> > > yes it is.
> >
> > Jaja. Just because you've got problems, it doesn't mean
> > that there ARE problems.
> 
> it is wasted: if he has so many rights, that he could write to /usr, he has 
> enough rights to remount it.
> and /tmp is not needed, as soon  as you have breaken into the box.
> Plus, a full /tmp and /var will disrupt services and make reboot (almost) 
> impossible.
> 
> So, noexec and ro /usr will save you from nothing.
> 
> > No, it's not. Write permissions don't mean, that somebody is root.
> 
> in my /usr, yes it does.
> ;)

That's I think your problem with this entire approach. You only see
your specific scenario. It's fully possible to have write privileges to
/usr without h

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Hemmann, Volker Armin 
On Friday 17 February 2006 19:38, Alexander Skwar wrote:
> Richard Fish wrote:
> > On 2/17/06, Hemmann, Volker Armin <[EMAIL PROTECTED]> 
wrote:
> >> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
> >> > Hemmann, Volker Armin wrote:
> >> > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> >> > >> Hemmann, Volker Armin wrote:
> >> > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> >> > >> >> Hemmann, Volker Armin wrote:
> >> > >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
> >> > >> >> >> Hemmann, Volker Armin wrote:
> >> > >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:
> >
> > Are you two done with your pissing match yet?
>
> Sure. As soon as that moron stops pissing at me, I'll
> also stop.


thank you, you just invalidated everything you ever wrote.

Have a nice day.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread John Jolet 
the problem is they both have valid points.  in this,as in nearly all aspects 
of unix administration, there is not a single right answer.

-Original Message-
From: "Patrick Börjesson"<[EMAIL PROTECTED]>
Sent: 2/17/06 4:15:08 PM
To: "gentoo-user@lists.gentoo.org"
Subject: Re: [gentoo-user] How many GB for / partition?

First, I can't really understand why either one of you two won't fully
explain your reasonings when going against the other. It helps noone.

On 2006-02-17 19:04, Hemmann, Volker Armin uttered these thoughts:
> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
> > Hemmann, Volker Armin wrote:
> > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> > >> Hemmann, Volker Armin wrote:
> > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> > >> >> Hemmann, Volker Armin wrote:
> > >> >> >
> > >> >> > Why should he make /tmp noexec,
> > >> >>
> > >> >> Security precaution.
> > >> >
> > >> > if you have 10+ users with access to the box. But a workstation,
> > >> > without even sshd running, it is not needed.

Of course, if you have a system with _no_ services running (including
apache, sshd and so on), or a firewall that blocks every and all
incoming connection attempt, then for someone to access /tmp without
having physical access to the system (in which case you're pretty much
screwed anyhow) is, as far as I know, impossible.=20

This doesn't take into account client-side exploits; because with these
the exploiting code has access to whatever resources the user running
the client has, including writing to whatever areas that the user has.=20

> > >> "needed" - What's "needed", anyway?
> > >>
> > >> > And hey, why should /tmp noexec save you from anything?
> > >>
> > >> Because it does.
> > >
> > > so? how?
> >
> > Think, you might find out. What does noexec do, hm?
> >
> > Even *you* might find out...
> >
> > Well... If I think about it... No, you're too clueless
> > to find out.
> >
> > Hint 1: "noexec" nowadays makes it impossible to execute
> > programs stored on that filesystem.
>=20
> I know, but it won't save you from anything.
> After a user got in, he is a user. And every user has a place with write=
=20
> permission (if he is user apache/httpd he has lots of places, where he ca=
n=20
> store code).  Outside of /tmp.

Where?

[Message truncated. Tap Edit->Mark for Download to get remaining portion.]

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: fbsplash starting after local and not during boot

2006-02-17 Thread Uwe Thiem 
On 17 February 2006 20:58, Simon Kellett wrote:
> Uwe Thiem <[EMAIL PROTECTED]> writes:
> > kernel /boot/kernel-2.6.14-gentoo-r5-fb root=/dev/ram0 init=linuxrc
> > ramdisk=8192 real_root=/dev/hda3 quiet
> > video=vesafb:ywrap,mtrr,[EMAIL PROTECTED]
> > splash=silent,fadein,theme:emergence quiet CONSOLE=/dev/tty1
>
> As a side issue: for kernel versions from 2.6.13 onwards you must
> specify the mtrr mode: eg "mtrr:2". IIRC the default is off !!

Must? I don't, and it is working.

Uwe

-- 
Why do consumers keep buying products they will live to curse?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Rumen Yotov 
On Fri, 2006-02-17 at 22:35 +0100, Alexander Skwar wrote:
> Maarten wrote:
> > Okay, can we stop with the flamefest, already ?
> 
> Certainly.
> 
> > Alexander Skwar wrote:
> >> Hemmann, Volker Armin wrote:
> >>>On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> Hemmann, Volker Armin wrote:
> >On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> >>Hemmann, Volker Armin wrote:
> >>>On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
> > 
> > 
> Wrong again. If tmp is the only place somebody can write, then
> it might save you (and it DID save my ass more than once now).
> >>>
> >>>since /tmp is not the only place where someone can write (/var/tmp anyone?)
> > 
> > Several more indeed.  Find comes to the rescue:
> > 
> > 120870 drwxrwxrwt   2 root root   40 Jan 10 22:40 /dev/shm
> > 2527440 drwxrwxrwt   2 root root   72 Apr 20  2005 
> > /var/spool/samba
> > 
> > Yes, I CAN make files there, as a regular user.
> 
> Yep, but you have to find those places. If you cannot execute
> programs, that will be hard. With /tmp, an attacker knows
> that he can write there.
> 
> Granted, /dev/shm is also a rather common place that allows
> everyone to write to.
> 
> >>>yes really, you have to remount /usr everytime you update something.
> >> 
> >> Jaja. You know, your exaggerations become boring...
> > 
> > Well, no.  It is correct. How do you expect to install something when /usr 
> > is mounted RO ?
> 
> Well, you know, his arguments aren't /totally/ wrong. I already
> said that they are true, in a sense - but I also said, that he's
> exaggerating very much. Quite obviously, there's no way to write
> to /usr if it is mounted read only.
> 
> What I disagree with, is that his notion that a "mount -o
> remount,rw /usr" is a lot of work.
> 
> I also don't disagree that it IS extra work. I'm just saying
> that it's not MUCH extra work.
> 
> Alexander Skwar
> -- 
> (German philosopher) Georg Wilhelm Hegel, on his deathbed, complained,
> "Only one man ever understood me."  He fell silent for a while and then added,
> "And he didn't understand me."
Hi,
Please don't take this post as a signal for more battles.
IMHO there are many true facts from both of you.
Just a few point, as i have some (limited experience with hardened
systems).
1.For 2-3 years using portage-tree in /var/portage, no problems so far,
all it takes is a symlink in /usr & change in /etc/make.conf file.
So i can mount all /usr as 'noexec'.
2.For a really important system (from security point of view) people
could use some of Gentoo's hardened projects (grsec,SELinux,RSBAC).
i've used 'grsec & RSBAC'. Logically grsec is less powerful but easier
to manage, and RSBAC (as SELinux) is like a combat tank in a battle
during middle age wars (concerning security settings).
So there are tools quite for everything, if you wish and know how to use
them. No system is perfect but some are almost ;)
HTH.Rumen


smime.p7s
Description: S/MIME cryptographic signature

[gentoo-user] really large inline replies

2006-02-17 Thread kashani 
	Really large inline replies with five people and thirteen separate 
arguments are pretty much unreadable. I'm all for fighting things out to 
bitter end, but not when it's impossible to follow along. I'd recommend 
the following:


1. snip. snip a lot. Keep the point you're arguing and snip the rest. If 
someone can't follow then they should check the archives or use a 
threaded client.


2. Paragraphs and summaries are your friends. Here's an example.

"We agree on points a and b so I'll skip them for now. However you say x 
and y are the best choices for w reasons. I say sure x is fine, but only 
with z. And y by itself is right out because of i, j, and k."


Also you can work an insult in a little easier. Something like, "You're 
under the delusion that x and y are the best choices and then proceed to 
misunderstand w as some logic for your nonsense."


Now you've made the other guy sound like a complete knucklehead while 
showing that you do understand his so called logic while summing it up 
for the rest of us and follow it up with a your own argument which reads 
and flows nicely without having to parse thirty lines hidden in two 
hundred lines of quotes. :-)


kashani
--
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] still can't print

2006-02-17 Thread maxim wexler 
> 
> I can't remember, have you tried to get your printer
> working with the
> hpijs driver?
> 
> Emerge -uDpv hpijs

Yow! that's 32 megs. Had to be satisfied with simple
emerge hpijs.

Then it worked! Well, not quite. The test page printed
OK but when I ran lpc reread as per the instructions
at the close of the apsfilter setup, got this:

sarawak heathen # lpc reread
Printer '[EMAIL PROTECTED]' - cannot open connection - No
such file or directory
Make sure the remote host supports the LPD protocol

And an attempt at lpr -J test.txt resulted in

"...Sending job '[EMAIL PROTECTED]' to [EMAIL PROTECTED]
Cannot open location to localhost no such file or
directory..."

And what's going on here:

[EMAIL PROTECTED] ~ $ cat /etc/lprng/printcap
# /etc/printcap: printer capability database.
# $Header:
/var/cvsroot/gentoo-x86/net-print/lprng/files/printcap,v
1.2 2004/07/18 04:19:01 dragonheart Exp $
#
# You can use the filter entries df, tf, cf, gf etc.
for your
# own filters. See the printcap(5) manpage for more
details.

lp|Generic dot-matrix printer entry
:lp=/dev/lp1
:sd=/var/spool/lpd/lp
:af=/var/log/lp-acct
:lf=/var/log/lp-errs
:pl#66
:pw#80
:pc#150
:mx#0
:sh

# rlp|Remote printer entry
# :lp=
# :rm=remotehost
# :rp=remoteprinter
# :sd=/var/spool/lpd/remote
# :mx#0
# :sh

Why does it think my printer is at /dev/lp1? It's at
/dev/lp0 and that's where I pointed apsfilter-setup.

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Neil Bothwick 
On Fri, 17 Feb 2006 22:35:48 +0100, Alexander Skwar wrote:

> > Okay, can we stop with the flamefest, already ?
> 
> Certainly.

[snip]

> Yep, but you have to find those places. If you cannot execute
> programs, that will be hard. With /tmp, an attacker knows
> that he can write there.

OK, a better question is "WILL you stop this"?


-- 
Neil Bothwick

Loose bits sink chips.


signature.asc
Description: PGP signature

Re: [gentoo-user] fbsplash starting after local and not during boot

2006-02-17 Thread Manuel McLure 

On 17 February 2006 17:35, Marco Calviani wrote:

Since we're here and you're expert in this field, i would like to ask
you if, like me, you experience problem in deleting the
/etc/splash/default symlink:

# rm -rf default/
rm: cannot remove `default/': Not a directory


Remove the trailing / :

# rm -rf default

That will delete the symlink.

--
Manuel A. McLure KE6TAW <[EMAIL PROTECTED]> 
...for in Ulthar, according to an ancient and significant law,
no man may kill a cat.   -- H.P. Lovecraft
--
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)

2006-02-17 Thread Eric Bliss 
On Friday 17 February 2006 14:36, Rumen Yotov wrote:
> Hi,
> Please don't take this post as a signal for more battles.
> IMHO there are many true facts from both of you.
> Just a few point, as i have some (limited experience with hardened
> systems).
> 1.For 2-3 years using portage-tree in /var/portage, no problems so far,
> all it takes is a symlink in /usr & change in /etc/make.conf file.
> So i can mount all /usr as 'noexec'.

Forgive me for asking, but how is this possible???  The last time I checked 
(which was 2 minutes ago...), /usr is where almost all the executables on my 
system are - /usr/bin, /usr/kde/3.x, /usr/libexec, /usr/sbin...

I kinda doubt that I'll ever take advantage of a setup like this (at least on 
this machine), but I am curious as to how that would work.

For my own machine (notebook with only a 60g hd), I only run 4 basic 
partitions...

/boot - 70 meg (big just in case I want extra kernels, splash screens, etc.)
swap - 1/2 gig - kinda useless, since I upgraded the RAM from 256m to 2g :-)
/ - 35 gig - everything else Linux
25~ gig or so - Windows partition so I can run games in their native 
environment without hassles.

Now, obviously, I haven't sub-partitioned my Linux stuff, mainly due to my 
concerns over a lack of space in general - I don't want to have to worry 
about ANY lost space to allow room on sub-partitions to not fill up to 100%. 
Now, if I had a 200 gig drive, I might not be so concerned with space, and it 
might make some sense for me to set up a few extra partitions.  But I don't, 
and this works for my situation.

As I said at the start, I'm simply curious how you would manage to mount the 
main executable storage area of your system as "noexec".

-- 
Eric Bliss
systems design and integration,
CreativeCow.Net
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] How many GB for / partition?

2006-02-17 Thread Hemmann, Volker Armin 
On Friday 17 February 2006 23:15, Patrick Börjesson wrote:


> > an attacker does not need a place, where everybody can write. He just
> > needs SOME place, where he can write - like the home-directory of the
> > user he just corrumpted.
>
> What's to say that the only way to get access to a system is through
> hacking a user account?

if he hacks apache, he is the httpd user, if he hacks sendmail, he is 'mail'
If you are not a user, you are not logged in.
IOr in reverse, as soon, as you can do anything on a box, you are a user in 
one way or another.
> Exploits have existed (and probably does, if not in older code) that
> uses /tmp, and the ability to execute things from that location, to get
> access to more privileges.
> So having /tmp mounted as noexec is a good security measure from these
> kind of exploits.

and I bet same exploits would work from /var/spool.

>
> > Also, he can disrupt your system, by just filling up /tmp. No code needed
> > for that.
>
> And that is the exact reason for keeping "writable by all" locations on
> separate filesystems, so that the damage can be limited and not make the
> entire system unusable if someone decides to fill up a filesystem.

if / is huge, it is much harder to fill up /tmp
And if he can fill up /tmp completly, you are hosed anyway. So having it on 
its own partition does not save you from anything. It only makes it more 
likely, that at some point /tmp is too small and you need to make it bigger.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)

2006-02-17 Thread Maarten 
Eric Bliss wrote:
> On Friday 17 February 2006 14:36, Rumen Yotov wrote:
> 
>>Hi,
>>Please don't take this post as a signal for more battles.
>>IMHO there are many true facts from both of you.
>>Just a few point, as i have some (limited experience with hardened
>>systems).
>>1.For 2-3 years using portage-tree in /var/portage, no problems so far,
>>all it takes is a symlink in /usr & change in /etc/make.conf file.
>>So i can mount all /usr as 'noexec'.
> 
> 
> Forgive me for asking, but how is this possible???  The last time I checked 
> (which was 2 minutes ago...), /usr is where almost all the executables on my 
> system are - /usr/bin, /usr/kde/3.x, /usr/libexec, /usr/sbin...

It is, therefore, logically not possible.
I believe, in all the mess that this thread has developed into, that
Rumen simply confused 'noexec' with 'ro'.  Shit happens... :-)
This must be the explanation for sure. Or else, if /usr can be mounted
noexec without trouble, I'll donate 75 bogomips to the FSF.

Maarten


P.S.:

The thread this derived from has to be the most lame discussion I have
witnessed in ages, and I've seen a few. First and foremost because
neither of you took the simple effort to run two trivial 'find' commands
to try and prove the other guy wrong.  It is a shame, because at first,
you both said some things that were 'insightful'[tm]...
Most people would try to strengthen their positions by coming up with
some proof, some good arguments, but that is SO totally absent here...
No proof, nor examples, nor whatsoever...  All you two did manage to say
was really just an endless loop of--

"Wrong"
"Not wrong, right."
"No, you're wrong"
"I'm right, you are wrong"
"You are a thousand times wrong"
"No, it is you who are infinitely wrong"
"You are wrong infinitely plus one"
"I am right, have always been right, and you suck"
"No YOU suck"
"I may suck but that is because you know I'm right"
"You suck AND you are wrong"
"I do not suck. YOU suck!"
"Do NOT!"
"Do TOO!"
"No you suck. And you are wrong..."

Now what age-group type conversation does that remind you of...?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Interpret characters in /etc/inputrc

2006-02-17 Thread George Garvey 
On Mon, Jan 30, 2006 at 02:31:45PM -0600, [EMAIL PROTECTED] wrote:
> Thats what I'm asking.  "Exactly what you see" .. when you press what?
> In other words how can I tell what [2~ or any of the others, are
> without experimenting with C-v and testing different keys.
> 
> I think I've seen a chart somewhere that shows but can't think where.

   They come from ncurses: use infocmp to get a list, and man pages
for ncurses to make sense out of the list.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)

2006-02-17 Thread Ryan Tandy 

Maarten wrote:

Or else, if /usr can be mounted
noexec without trouble, I'll donate 75 bogomips to the FSF.
  
Can we get that in writing, with a signature, creative use of {sym,hard} 
links and nested mounts notwithstanding? ;)


Where "trouble" is defined as a system that won't run (relatively) 
smoothly, rather than the amount of effort required to get it in that 
state...

--
gentoo-user@gentoo.org mailing list

[gentoo-user] Gentoo kixtstart/jumpstart equivalent

2006-02-17 Thread gentuxx 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I've got a little amateur project that I'm working on, and I'm running
into some difficulty.  The most immediate problem I'm having, is that
I want to put gentoo on one of my systems, but they don't have a
CDROM.  (These are old boxes.)  So, my question, simply enough, is
there a JumpStart or KixStart equivalent in gentoo?  I.e. tftp boot,
that'll download the install image, etc.?

TIA

- --
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD9qM8LYGSSmmWCZMRAhf+AJsFxgsLHMpGbe+bMbgRIQ5MrGNUpQCgygDu
Qs28pGIyBDdsmAHGv/sZlO4=
=49tL
-END PGP SIGNATURE-

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] 3d rendering with dri radeon

2006-02-17 Thread Bruce Burden 
On Fri, Feb 17, 2006 at 07:29:30PM +0100, Benno Schulenberg wrote:
> Bo Andresen wrote:
> > [ebuild   R   ] x11-base/x11-drm-20050502  0 kB
> 
> There's a much more recent version of this, have you tried that?
>
Is it in the portage system? I did a "sync" a few weeks
   ago, and I still get the 20050502 version, which will not 
   build. It complains about:

I2C_ALGO_ATI

   is undeclared in the /usr/portage/tmp/portage/x11-drm-20050502/
   work/drm/linux-core/radeon_i2c.c routine.

Bruce
-- 

  "I like bad!" Bruce BurdenAustin, TX.
- Thuganlitha
The Power and the Prophet
Robert Don Hughes

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] /usr as noexec? (was GB for / partition flamewar)

2006-02-17 Thread Rumen Yotov 
On Sat, 2006-02-18 at 01:23 +0100, Maarten wrote:
> Eric Bliss wrote:
> > On Friday 17 February 2006 14:36, Rumen Yotov wrote:
> > 
> >>Hi,
> >>Please don't take this post as a signal for more battles.
> >>IMHO there are many true facts from both of you.
> >>Just a few point, as i have some (limited experience with hardened
> >>systems).
> >>1.For 2-3 years using portage-tree in /var/portage, no problems so far,
> >>all it takes is a symlink in /usr & change in /etc/make.conf file.
> >>So i can mount all /usr as 'noexec'.
> > 
> > 
> > Forgive me for asking, but how is this possible???  The last time I checked 
> > (which was 2 minutes ago...), /usr is where almost all the executables on 
> > my 
> > system are - /usr/bin, /usr/kde/3.x, /usr/libexec, /usr/sbin...
> 
> It is, therefore, logically not possible.
> I believe, in all the mess that this thread has developed into, that
> Rumen simply confused 'noexec' with 'ro'.  Shit happens... :-)
> This must be the explanation for sure. Or else, if /usr can be mounted
> noexec without trouble, I'll donate 75 bogomips to the FSF.
> 
> Maarten
> 
> 
> P.S.:
> 
> The thread this derived from has to be the most lame discussion I have
> witnessed in ages, and I've seen a few. First and foremost because
> neither of you took the simple effort to run two trivial 'find' commands
> to try and prove the other guy wrong.  It is a shame, because at first,
> you both said some things that were 'insightful'[tm]...
> Most people would try to strengthen their positions by coming up with
> some proof, some good arguments, but that is SO totally absent here...
> No proof, nor examples, nor whatsoever...  All you two did manage to say
> was really just an endless loop of--
> 
> "Wrong"
> "Not wrong, right."
> "No, you're wrong"
> "I'm right, you are wrong"
> "You are a thousand times wrong"
> "No, it is you who are infinitely wrong"
> "You are wrong infinitely plus one"
> "I am right, have always been right, and you suck"
> "No YOU suck"
> "I may suck but that is because you know I'm right"
> "You suck AND you are wrong"
> "I do not suck. YOU suck!"
> "Do NOT!"
> "Do TOO!"
> "No you suck. And you are wrong..."
> 
> Now what age-group type conversation does that remind you of...?
Hi,
In the beginning have to say it's *my* mistake - noexec != ro.
As soon as i posted this went to bed and just then remembered about this
HUGE mistake.
You need 'exec' on /usr just to do anything, but i was thinking about
'ro'- so that nobody could change anything there. Could be remounted
only during installation of new packages, then closed again.
But now i need to explain more (because of this silly mistake).
1.While reading about filling up a partition, remembered that i wanted
to write about 'quota' too (using this defense mechanism is easy).
Now back to 'hardened'
2.grsec generally said is using three main lines of additional defense:
2.1. PAX - protects memory space from various attacks + makes data pages
no-executable; Complemented by GCC with SSP,PIC,PIE code generation.
2.2. grsecurity kernel patch (which integrates PAX patch from #2.1)-
which adds some additional chroot protections, hides many things/info
visible in '/proc' could protect/limit networking access (IIRC) and some
other things;
2.3.Uses RBAC (MAC - Mandatory Access Control) model (through ACLs) to
protect file-system data, could be done easily with 'learning mode'.
3.RSBAC (my favorite ;)
3.1.Has PAX too (plus hardened GCC);
3.2 Main protection is from RSBAC (Rule Set Based Access Control).
Generally speaking it's as you have not one but two admin/root users:
the old classic 'root' user plus 'secoff' (Security Officer).
Secoff can limit *all* root privileges/access as he wants - on all type
of resources (root could look like a normal user, no problem to do it ;)
i have all /usr + subdirs (inherited property) as 'RO' even for 'root',
only on system update remove this then afterward apply again.
Same could be done on /etc (minus mtab and some individual files which
change during boot). Still impressed with the power of this system.
3.3. New feature (from some half an year) is the new 'user management'
code. All user account data is kept into kernel space (so
no /etc/passwd, /etc/shadow files).
One big drawback with this is the management issue, it's very difficult
to learn to manage such system (still learning, and a lot to go).
3.4.Very strong "chroot" protection & features.
Think this info explains at least part of the story.
4.SELinux - have no real experience here, just in theory.
4.1.This one is integrated into the kernel as LSM;
4.2.Offers a level of protection similar to RSBAC (IMHO);
4.3.Also have a very strong Type/Domain controlled Access Control;
4.4.Easier to implement (than RSBAC) because there're many ready to be
used 'policies' (also in portage);
4.5.But managing requires a deeper/enough understanding if it's working
model;
4.5.Developed by NSA.
This it. Again sorry for my mistake. Rumen


smime.p7s
Descript

Re: [gentoo-user] Gentoo kixtstart/jumpstart equivalent

2006-02-17 Thread Ghislain Bourgeois 
At my job, I designed a system we call Pullstart that we use to install Gentoo servers. I'm basically building what I call a "stage-4", which is simply a stage3 updated, with the packages we want added to it and a generic kernel built with genkernel. It is made available through a tarball on a web server and I have a simple script generated by web-based configuration utility to install it on the server and configure it for the machine (partitionning, networking, etc...). The only thing you need to run the script is to have a basic linux system running, which you can get with a livecd or a floppy like tomslinux (sorry, I forgot the exact name...). Of course, I have an NDA and the scripts all belong to the company, so I can't make it available, but you can build yourself something similar.
-- Ghislain Bourgeois---Linux System administratorOn 2/17/06, gentuxx <[EMAIL PROTECTED]
> wrote:-BEGIN PGP SIGNED MESSAGE-Hash: SHA1I've got a little amateur project that I'm working on, and I'm running
into some difficulty.  The most immediate problem I'm having, is thatI want to put gentoo on one of my systems, but they don't have aCDROM.  (These are old boxes.)  So, my question, simply enough, isthere a JumpStart or KixStart equivalent in gentoo?  
I.e. tftp boot,that'll download the install image, etc.?TIA- --gentuxecho "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993-BEGIN PGP SIGNATURE-Version: GnuPG v1.4.2.1 (GNU/Linux)iD8DBQFD9qM8LYGSSmmWCZMRAhf+AJsFxgsLHMpGbe+bMbgRIQ5MrGNUpQCgygDuQs28pGIyBDdsmAHGv/sZlO4==49tL-END PGP SIGNATURE-
--gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Gentoo kixtstart/jumpstart equivalent

2006-02-17 Thread Rumen Yotov 
Hi,
On Sat, 2006-02-18 at 00:30 -0500, Ghislain Bourgeois wrote:
> At my job, I designed a system we call Pullstart that we use to
> install Gentoo servers. I'm basically building what I call a
> "stage-4", which is simply a stage3 updated, with the packages we want
> added to it and a generic kernel built with genkernel. It is made
> available through a tarball on a web server and I have a simple script
> generated by web-based configuration utility to install it on the
> server and configure it for the machine (partitionning, networking,
> etc...). The only thing you need to run the script is to have a basic
> linux system running, which you can get with a livecd or a floppy like
> tomslinux (sorry, I forgot the exact name...). Of course, I have an
> NDA and the scripts all belong to the company, so I can't make it
> available, but you can build yourself something similar. 
> 
> -- 
> Ghislain Bourgeois
> ---
> Linux System administrator
> 
There is an article on gentoo-wiki.com + a script to make and later
install a 'so called' stage4 tarball.
Made the stage4 tarball myself but still haven't tried to use it ;)
HTH.Rumen
> On 2/17/06, gentuxx <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I've got a little amateur project that I'm working on, and I'm
> running 
> into some difficulty.  The most immediate problem I'm having,
> is that
> I want to put gentoo on one of my systems, but they don't have
> a
> CDROM.  (These are old boxes.)  So, my question, simply
> enough, is
> there a JumpStart or KixStart equivalent in gentoo?   I.e.
> tftp boot,
> that'll download the install image, etc.?
> 
> TIA
> 
> - --
> gentux
> echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
> 
> gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795
> 2D81 924A 
> 6996 0993
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2.1 (GNU/Linux)
> 
> iD8DBQFD9qM8LYGSSmmWCZMRAhf+AJsFxgsLHMpGbe
> +bMbgRIQ5MrGNUpQCgygDu
> Qs28pGIyBDdsmAHGv/sZlO4=
> =49tL
> -END PGP SIGNATURE- 
> 
> --
> gentoo-user@gentoo.org mailing list
> 
> 


smime.p7s
Description: S/MIME cryptographic signature

Re: [gentoo-user] Gentoo kixtstart/jumpstart equivalent

2006-02-17 Thread gentuxx 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ghislain Bourgeois wrote:

> At my job, I designed a system we call Pullstart that we use to install
Gentoo servers. I'm basically building what I call a "stage-4", which is
simply a stage3 updated, with the packages we want added to it and a
generic kernel built with genkernel. It is made available through a
tarball on a web server and I have a simple script generated by
web-based configuration utility to install it on the server and
configure it for the machine (partitionning, networking, etc...). The
only thing you need to run the script is to have a basic linux system
running, which you can get with a livecd or a floppy like tomslinux
(sorry, I forgot the exact name...). Of course, I have an NDA and the
scripts all belong to the company, so I can't make it available, but you
can build yourself something similar.
>

Well, thanks for the tip.  But for one, I wasn't really planning to
spend *that* much time fussing about it.  The focus is something else
entirely, and I don't have the time to dedicate to designing my own
system.  I totally understand the NDA/company proprietary info, etc.,
etc., so I appreciate the pointer.

I've set up Solaris Jumpstart for Solaris installations in the past.
And, ironically enough, this project is using gentoo-sparc.  Jumpstart
is relatively easy to configure, I just didn't know if there might be
an equivalent for gentoo.  I checked for both JumpStart and KixStart
(I've seen KixStart ported to other distros even though it's a RedHat
package) by running `emerge search jumpstart` and got bupkus.

Also, one inherent flaw with your suggestion is the requirement of a
livecd.  I know you mentioned floppy, but these are SPARC boxen and I
doubt I could fit all the drivers/commands/etc. on a floppy, and one
doesn't even have a floppy.  Thus the necessity for a network boot
situation.

I appreciate the response though.


> --
> Ghislain Bourgeois
> ---
> Linux System administrator
>
> On 2/17/06, *gentuxx* <[EMAIL PROTECTED] > wrote:
>

> I've got a little amateur project that I'm working on, and I'm running
> into some difficulty. The most immediate problem I'm having, is that
> I want to put gentoo on one of my systems, but they don't have a
> CDROM. (These are old boxes.) So, my question, simply enough, is
> there a JumpStart or KixStart equivalent in gentoo? I.e. tftp boot,
> that'll download the install image, etc.?
>
> TIA
>
> --
> gentux
> echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
>
> gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A
> 6996 0993


- --
gentoo-user@gentoo.org  mailing list




- --
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD9rZ8LYGSSmmWCZMRAkU5AKDNfs9NcL1SOMRdOC9ZO5YpCUoIFQCeJxCe
WCtWdPeoaf8q05nHZc8U9DQ=
=IwrC
-END PGP SIGNATURE-

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Gentoo kixtstart/jumpstart equivalent

2006-02-17 Thread Steven S. 

On Fri, 17 Feb 2006, gentuxx wrote:

Read through http://www.gentoo.org/doc/en/altinstall.xml#doc_chap6

You can install from a distro's boot floppies... I have done it 
sucessfully using Slackware 9.1 floppies. You need a binary of bzip, you 
can download one from where I stuck mine at 
http://members.lycos.co.uk/stupendoussteve/Misc/bzip2-102-x86-linux24 if 
you'd like. Just have to set it execute and then run ./bzip2 blah.tar.bz 
(this is to unpack the stage files). Slackware can partition and format on 
it's own. Once you unpack the stage files it's pretty much right out of 
the handbook. You'll need the slackware boot and install floppies, as well 
as the networking ones and probably some others. It's not the easiest 
process but it is not that time consuming... just gotta get the right 
floppies.







-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ghislain Bourgeois wrote:


At my job, I designed a system we call Pullstart that we use to install

Gentoo servers. I'm basically building what I call a "stage-4", which is
simply a stage3 updated, with the packages we want added to it and a
generic kernel built with genkernel. It is made available through a
tarball on a web server and I have a simple script generated by
web-based configuration utility to install it on the server and
configure it for the machine (partitionning, networking, etc...). The
only thing you need to run the script is to have a basic linux system
running, which you can get with a livecd or a floppy like tomslinux
(sorry, I forgot the exact name...). Of course, I have an NDA and the
scripts all belong to the company, so I can't make it available, but you
can build yourself something similar.




Well, thanks for the tip.  But for one, I wasn't really planning to
spend *that* much time fussing about it.  The focus is something else
entirely, and I don't have the time to dedicate to designing my own
system.  I totally understand the NDA/company proprietary info, etc.,
etc., so I appreciate the pointer.

I've set up Solaris Jumpstart for Solaris installations in the past.
And, ironically enough, this project is using gentoo-sparc.  Jumpstart
is relatively easy to configure, I just didn't know if there might be
an equivalent for gentoo.  I checked for both JumpStart and KixStart
(I've seen KixStart ported to other distros even though it's a RedHat
package) by running `emerge search jumpstart` and got bupkus.

Also, one inherent flaw with your suggestion is the requirement of a
livecd.  I know you mentioned floppy, but these are SPARC boxen and I
doubt I could fit all the drivers/commands/etc. on a floppy, and one
doesn't even have a floppy.  Thus the necessity for a network boot
situation.

I appreciate the response though.



--
Ghislain Bourgeois
---
Linux System administrator

On 2/17/06, *gentuxx* <[EMAIL PROTECTED] > wrote:




I've got a little amateur project that I'm working on, and I'm running
into some difficulty. The most immediate problem I'm having, is that
I want to put gentoo on one of my systems, but they don't have a
CDROM. (These are old boxes.) So, my question, simply enough, is
there a JumpStart or KixStart equivalent in gentoo? I.e. tftp boot,
that'll download the install image, etc.?

TIA

--
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A
6996 0993



- --
gentoo-user@gentoo.org  mailing list




- --
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD9rZ8LYGSSmmWCZMRAkU5AKDNfs9NcL1SOMRdOC9ZO5YpCUoIFQCeJxCe
WCtWdPeoaf8q05nHZc8U9DQ=
=IwrC
-END PGP SIGNATURE-



--
gentoo-user@gentoo.org mailing list

[gentoo-user] Unable to locate mail

2006-02-17 Thread Michael Kintzios 
Hi All,

I have not (knowingly) set up my syslog-ng, logrotate, or some other 
application to send me mail, so I am curious where this little message came 
from:
===
Feb 17 20:10:02 study1 cron[12102]: (root) CMD (test -x /usr/sbin/run-crons && 
/usr/sbin/run-crons )
Feb 17 20:11:58 study1 sSMTP[12061]: Unable to locate mail
Feb 17 20:11:58 study1 sSMTP[12061]: Cannot open mail:25
Feb 17 20:11:58 study1 cron[12047]: (root) MAIL (mailed 69 bytes of output but 
got status 0x0001 )
Feb 17 20:20:01 study1 cron[12132]: (root) CMD (test -x /usr/sbin/run-crons && 
/usr/sbin/run-crons )
Feb 17 20:30:01 study1 cron[12144]: (root) CMD (test -x /usr/sbin/run-crons && 
/usr/sbin/run-crons )
===

Any ideas?
-- 
Regards,
Mick

Re: [gentoo-user] Unable to locate mail

2006-02-17 Thread Christopher Cowart 
If a cron generates any output while it's running, it tries to email it
to [EMAIL PROTECTED]

ssmtp is your default MTA, and it's default configuration points to the
host mail, at port 25. As mail doesn't resolve to any mail server,
that's the sSMTP error you're seeing.

If you don't want cron mails, you can redirect ( > ) the output to a
file or /dev/null.

You could also configure sSMTP to have a reverse alias, so that when it
tries to e-mail root, it'll e-mail [EMAIL PROTECTED] This would involve
also changing sSMTP to be aware of your ISP's mail hub.

-Chris

On 20:58 Fri 17 Feb , Michael Kintzios wrote:
> Hi All,
> 
> I have not (knowingly) set up my syslog-ng, logrotate, or some other 
> application to send me mail, so I am curious where this little message came 
> from:
> ===
> Feb 17 20:10:02 study1 cron[12102]: (root) CMD (test -x /usr/sbin/run-crons 
> && /usr/sbin/run-crons )
> Feb 17 20:11:58 study1 sSMTP[12061]: Unable to locate mail
> Feb 17 20:11:58 study1 sSMTP[12061]: Cannot open mail:25
> Feb 17 20:11:58 study1 cron[12047]: (root) MAIL (mailed 69 bytes of output 
> but got status 0x0001 )
> Feb 17 20:20:01 study1 cron[12132]: (root) CMD (test -x /usr/sbin/run-crons 
> && /usr/sbin/run-crons )
> Feb 17 20:30:01 study1 cron[12144]: (root) CMD (test -x /usr/sbin/run-crons 
> && /usr/sbin/run-crons )
> ===
> 
> Any ideas?
> -- 
> Regards,
> Mick
> 


-- 
Christopher Cowart
Unix Systems Administrator
Residential Computing, UC Berkeley
"May all your pushes be popped"


signature.asc
Description: Digital signature