Re: [gentoo-user] Unable to set up wireless lan - followed documentation
On Sun, 15 Nov 2009 06:25:13 +0100, Stroller wrote: On 14 Nov 2009, at 17:55, Nelis Botha wrote: ... I need some help. I am trying to set up my wireless lan on gentoo. I have recompiled kernel. Every attempt at configuring /etc/conf.d/net end in faed to configure wireless for wlan0 i have folowed the advice given when it fails and give info/advice to resolve but nothing has worked thus far. My question then is : what should the /etc/conf.d/net look like if I want to connect to dhcp enabled adsl router that does not need authenticating ? Hi there, Could you start by telling us which make & model of wireless card you're using, please? Do you have the right drivers compiled into the kernel for it, or as modules? Please post the output of `lspci` / `lsusb` as appropriate, of `lsmod` and `iwconfig`. Stroller. Also, did you try setting up wpa_supplicant or with wireless-tools? -- Zeerak
Re: [gentoo-user] Unable to set up wireless lan - followed documentation
On 14 Nov 2009, at 17:55, Nelis Botha wrote: ... I need some help. I am trying to set up my wireless lan on gentoo. I have recompiled kernel. Every attempt at configuring /etc/conf.d/net end in faed to configure wireless for wlan0 i have folowed the advice given when it fails and give info/advice to resolve but nothing has worked thus far. My question then is : what should the /etc/conf.d/net look like if I want to connect to dhcp enabled adsl router that does not need authenticating ? Hi there, Could you start by telling us which make & model of wireless card you're using, please? Do you have the right drivers compiled into the kernel for it, or as modules? Please post the output of `lspci` / `lsusb` as appropriate, of `lsmod` and `iwconfig`. Stroller.
Re: [gentoo-user] Block root user from login on xorg GUI
On 14 Nov 2009, at 20:46, Alan McKinnon wrote: ... You are right of course, but in this particular case the guy who pays wants to have root access. And you agreed to work like that? So when he fucks things up good royal and proper, will he gladly accept his shafting and pay you more to undo it? Or will he do the usual customer stunt and blame you? My typical experience is that the customer will take it completely on the chin and pay me to fix the problems. That doesn't make foul-ups due to such unnecessary meddling any less frustrating, though. I only work under one of two conditions: I am root and the customer is not. The customer is root and I am not. This is clearly the "right" way to operate, however it can be extremely difficult to walk away from your largest-paying contract, just because the owner sees this particular issue differently. One has to hope, really, that the client only wants the root password as insurance in case you get run over by a bus, and won't use it to arbitrarily mess about on the system. Stroller.
[gentoo-user] Re: app-crypt/-MERGING-gnupg
On Sat, Nov 14, 2009 at 8:38 PM, Mark Knecht wrote: > Hi, > How do I properly clean up this problem with emerge? > > Thanks, > Mark > Seems that I was able to do emerge gnupg emerge -C gnupg emerge --depclean and now revdep-rebuild -ip is clean. Cheers, Mark
Re: [gentoo-user] app-crypt/-MERGING-gnupg
On Sonntag 15 November 2009, Mark Knecht wrote: > app-crypt/-MERGING-gnupg > remove that from world file and the directory from /var/db/pkg and then re- emerge gnupg.
[gentoo-user] app-crypt/-MERGING-gnupg
Hi, How do I properly clean up this problem with emerge? Thanks, Mark dragonfly ~ # revdep-rebuild -ip * Configuring search environment for revdep-rebuild * Checking reverse dependencies * Packages containing binaries and libraries broken by a package update * will be emerged. * Collecting system binaries and libraries * Generated new 1_files.rr * Collecting complete LD_LIBRARY_PATH * Generated new 2_ldpath.rr * Checking dynamic linking consistency [ 13% ] * broken /usr/bin/gpg-agent (requires libpth.so.20) * broken /usr/bin/gpg-connect-agent (requires libpth.so.20) * broken /usr/bin/gpgsm (requires libksba.so.8) [ 16% ] * broken /usr/bin/kbxutil (requires libksba.so.8) [ 100% ] * Generated new 3_broken.rr * Assigning files to packages * /usr/bin/gpg-agent -> app-crypt/-MERGING-gnupg * /usr/bin/gpg-connect-agent -> app-crypt/-MERGING-gnupg * /usr/bin/gpgsm -> app-crypt/-MERGING-gnupg * /usr/bin/kbxutil -> app-crypt/-MERGING-gnupg * Generated new 4_raw.rr and 4_owners.rr * Cleaning list of packages to rebuild * Generated new 4_pkgs.rr * Assigning packages to ebuilds * Generated new 4_ebuilds.rr * Evaluating package order Traceback (most recent call last): File "/usr/bin/portageq", line 639, in main() File "/usr/bin/portageq", line 620, in main retval = function(args) File "/usr/bin/portageq", line 358, in best_visible mylist=portage.db[argv[0]]["porttree"].dbapi.match(argv[1]) File "/usr/lib/portage/pym/portage/dbapi/porttree.py", line 1077, in match return self.xmatch("match-visible", mydep) File "/usr/lib/portage/pym/portage/dbapi/porttree.py", line 972, in xmatch mydep = dep_expand(origdep, mydb=self, settings=self.mysettings) File "/usr/lib/portage/pym/portage/__init__.py", line 8160, in dep_expand mydep = dep.Atom(mydep) File "/usr/lib/portage/pym/portage/dep.py", line 541, in __init__ raise InvalidAtom(self) portage.exception.InvalidAtom: app-crypt/-MERGING-gnupg:0 * * Portage could not find any version of the following packages it could build: * app-crypt/-MERGING-gnupg:0 * * (Perhaps they are masked, blocked, or removed from portage.) * Try to emerge them manually. * * Warning: Portage cannot rebuild any of the necessary packages. dragonfly ~ #
Re: [gentoo-user] openwatcom ebuild question
On Sat, 14 Nov 2009 23:34:46 +0100 Daniel Pielmeier wrote: > David Relson schrieb am 14.11.2009 21:33: > > As background, http://bugs.gentoo.org/show_bug.cgi?id=233097 has an > > experimental, unsupported ebuild for openwatcom-1.7.1 and it doesn't > > quite work :-< > > > > The ebuild's src_compile function is: > > > > src_compile() { > > ./build.sh || die "build.sh failed" > > } > > > > When I run "emerge =dev-lang/openwatcom-1.7.1", the build fails with > > > > > > /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: > > i386:x86-64 architecture of input file `bootstrp/clibext.o' is > > incompatible with i386 output distcc[16016] ERROR: compile > > (null) on localhost failed > > > > The full output of the emerge command is in the attached file. > > > > Alternatively, I can manually unpack and build with commands: > > > > ebuild =dev-lang/openwatcom-1.7.1.ebuild unpack > > cd /var/tmp/dev-lang/openwatcom-1.7.1/work > > ./build.sh > > > > With the steps performed manually, the compilation works properly. > > > > Anybody familiar with the "i386:x86-64 ... incompatible ... i386" > > message and know what it means? > > > > Any suggestions on ebuild changes to correct this behavior? > > > > Thanks ! > > > > David > > Okay, this is not a distcc problem. > > From looking at the bug. Do you really think by just tricking the > architecture check to accept x86_64 will make it magically compile. > You can't be serious! This software does not build on x86_64 at the > moment. If you don't have the appropriate programming skills to fix > this yourself you have to wait for the openwatcom developers to make > it x86_64 ready. > > -- > Daniel Pielmeier Daniel, A detail I meant to include in my original posting is that I'm attempting the build on (and for) a 32 bit machine. So distcc _is_ the problem. The lack of 64-bit buildability for openwatcom is a whole 'nother subject and I'm in communication with the developer about it. Regards, David
Re: [gentoo-user] scrollback using framebuffer
On 11/14/09, Alan McKinnon wrote: > On Sunday 15 November 2009 00:12:26 Maxim Wexler wrote: > > Yes, use vesa. It's slow at high res, but works. > > The nvidia framebuffer does not work with nvidia-drivers Yeah, I found that out just after mailing the above. But now that I'm using vesa how do I enable scrollback? 'fbcon=scrollback:128' in the grub kernel line doesn't work. It's enabled in the kernel and works fine without the fb, if that matters. mw
[gentoo-user] install nvidia driver and virtualbox for two kernels
Hi list, I want to keep two kernels in my pc, but have some problems on video card driver and vbox: pc ~ # cd /lib/modules/ pc modules # ls 2.6.28-tuxonice-r10-tuxonice 2.6.30-tuxonice-r6 pc modules # uname -r 2.6.28-tuxonice-r10-tuxonice pc modules # eix -I nvidia [I] x11-drivers/nvidia-drivers Available versions: 71.86.09!s ~71.86.11!s 96.43.13!s 173.14.20!s ~173.14.20-r1!s 180.60!s ~185.18.36!s ~185.18.36-r1!s ~190.29!s ~190.42-r2!s ~190.42-r3!s {acpi custom-cflags gtk kernel_FreeBSD kernel_linux multilib userland_BSD} Installed versions: 180.60!s(21时18分12秒 2009年08月16日)(acpi kernel_linux -custom-cflags -gtk -multilib) ### and I want to install nv driver for another kernel by hand (not emerge) pc modules # sh /usr/portage/distfiles/NVIDIA-Linux-x86-180.60-pkg0.run -a -K -k "2.6.30-tuxonice-r6" Verifying archive integrity... OK Uncompressing NVIDIA Accelerated Graphics Driver for Linux-x86 180.60 ERROR: No NVIDIA driver is currently installed; the '--kernel-module-only' option can only be used to install the NVIDIA kernel module on top of an existing driver installation. the same problem will be in virtaulbox-modules, though I have not tested. how can I install nv driver and vbox-modules for two kernels ? thanks!
Re: [gentoo-user] scrollback using framebuffer
On Sunday 15 November 2009 00:12:26 Maxim Wexler wrote: > Hi group, > > I'm using the nvidia framebuffer(CONFIG_FB_NVIDIA=y) but I can't get > scrollback to work for more than a few lines. I've added > 'fbcon=scrollback:128' to my kernel line in grub.conf but scrollback > is still disabled. > > Is there some nvidia specific way to do this? > Yes, use vesa. It's slow at high res, but works. The nvidia framebuffer does not work with nvidia-drivers -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] kdemultimedia-arts-3.5.10 and the arts flag
On Sunday 15 November 2009 00:40:48 Dale wrote: > > The only reason arts ever existed at all was to do sound mixing in > > software in the days when hardware generally did not do that. > > > > These days alsa takes care of all of that. OSS-4 does a better job I > > hear, but in any case you do not need arts. If you did, how would it be > > possible to hear sound in a flash video in a browser on a non-KDE system? > > > > > > And I think that was my problem. It would only play one sound at a time > and some things hogged up the sound system. Mine makes a sound when I > change desktops for instance and it would hold onto the sound system for > a minute or so before other sounds could use it. > Typical arts behaviour :-) arts would grab the sound device, and any KDE app could then use arts to play sound. arts used software mixing to make this all work. However, non-KDE apps (or any app actually without arts support) could not get to the sound device as arts had locked it. It would give up the lock after 1 minute of no sound. This led to obvious problems. There were some "solutions" such as a wrapper script you'd use to start gnome apps with, the wrapper would grab the gnome app sound and sent it onto arts. But none of this was synchronized so although the app sound played, you were never sure exactly *when* is would play Yuck. I mean, alsa is a bit of a mess but arts makes also look pristine and wonderful in comparison -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Unable to set up wireless lan - followed documentation
On Sat, 14 Nov 2009 21:13:52 +0200, Alan McKinnon wrote: > Is this a desktop machine? What difference does that make? > > If so, dump the net.* scripts and just run wicd. > > Why? Because it just works. Agreed, but on laptops and netbooks too. -- Neil Bothwick Why is it that when you transport something by car it's called shipment, but when you transport it by ship it's called cargo? signature.asc Description: PGP signature
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
- Original Message - From: "Alan McKinnon" To: Sent: Saturday, November 14, 2009 5:42 PM Subject: Re: [gentoo-user] Blocking login attempts to sshd and vsftpd On Saturday 14 November 2009 23:49:23 Richard Marza wrote: I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? There are HUNDREDS of such solutions out there. Did you even try to Google first? fail2ban & denyhosts are quite popular and get the job done. OSSEC is a full blown IDS that I use at work, it functions very well but is probably overkill for your needs. Last hint: You do NOT want to block hosts permanently. Your logs will empty sure enough, but sooner or later you will lock yourself out, or you will lock out people you really do want to access your services. -- alan dot mckinnon at gmail dot com Thank you for the information, I did find that denyhost and fail2ban in threads but there were issues with it not working properly. Some users created custom scripts to get the job done correctly. I did try google. I guess it's no longer my friend. Will try to use another search engine next time.
[gentoo-user] ~amd64 : X11 (?) crashing
greets ... As mentioned lately in another thread I moved to amd64 unstable last week. So far OK ... but: I see X11 crashing repeatedly but I don't have a clue what component might be the reason. Sometimes my gnome-session (2.28) works for hours, sometimes for minutes. It crashes when starting a new program like opera, firefox, thunderbird, amarok, ... something I don't have a clear way to reproduce the crash and the logs don't tell me anything. --> I rebuilt xorg-server, xorg-drivers, xf86-input-* opera, etc I re-emerged @system overnight, ran revdep-rebuild, lalefixer etc (yeah, I know, X11 isn't @system ... but just to do the basement right) I use nvidia-drivers here, so I also did "eselect opengl ..." again. I erased xorg.conf and redid it via nvidia-xconfig ... and changed it to use absolute coordinates, as the xorg-server-1.7 seems to have issues with "LeftOf" ... Additional info: I use compiz and xinerama ... two monitors ... might add some problems. The two monitors are the reason for still using xorg.conf with xorg-server-1.7.x (maybe there's a better solution? I don't know yet). bugs.gentoo.org doesn't show anything describing my issues, I hesitate to file a bug as long as the symptoms are that vague ... Some clues, someone? There were NO such crashes before moving to full ~amd64, I ran xorg-server-1.6 before (mixing stable and unstable ...). Simply going back to xorg-server-1.6 ? Thanks a lot, Stefan.
Re: [gentoo-user] Re: Block root user from login on xorg GUI
On Saturday 14 November 2009 22:46:18 Dirk Heinrichs wrote: > Am Samstag 14 November 2009 16:13:04 schrieb Nikos Chantziaras: > > Ever heard about make menuconfig? > > ??? The account foolishly being "prevented" from bypassing SELinux is root. So, configure a new kernel, disable SELinux, build, install, reboot. Voila! No SELinux. Or, Edit grub.conf, reboot. Voila! No SELinux. Or, (as SELinux can be used to prevent access to grub.conf) Just hit the damn power button and edit the kernel options in the grub command line. Voila! No SELinux. Lessons learned: Trying to prevent root from doing $STUFF on a pc is utterly and completely pointless and simply will not succeed, ever. There is hardware where this can be done, but it's not a PC, has no Intel designs in it and is often truly secured with armed guards. trying to prevent root from doing $STUFF on Unix is utterly and completely pointless and simply will not succeed, ever. There are OSes where this can be done, but they are not Unix. By definition, on Unix root can do anything, including bypassing systems to prevent root from doing anything. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
On Saturday 14 November 2009 23:49:23 Richard Marza wrote: > I recently check my log files and discovered that there was a dictionary > attack attempt on my daemons. sshd and vsftpd were the primary targets. Is > there a script or tool to block the offending IP addresses using iptables. > Something that checks to see if a minimum of attempts has occured and > blocks them indefinitely based on that? There are HUNDREDS of such solutions out there. Did you even try to Google first? fail2ban & denyhosts are quite popular and get the job done. OSSEC is a full blown IDS that I use at work, it functions very well but is probably overkill for your needs. Last hint: You do NOT want to block hosts permanently. Your logs will empty sure enough, but sooner or later you will lock yourself out, or you will lock out people you really do want to access your services. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] kdemultimedia-arts-3.5.10 and the arts flag
Alan McKinnon wrote: On Saturday 14 November 2009 01:17:13 Dale wrote: Just picking on this one since it is newer. ;-) I finally got through the other stuff, with arts enabled since it griped about the change before, and I am now disabling arts. I think it wanted it so badly because I was doing a preserved-rebuild and other packages had it enabled. I don't guess a -N option would take on that emerge. I think I did this once before and my sound disappeared. Everything went mute so I may be back. It may just be a setting in KDE or something that needs changing. That was a while ago to. I barely remember it. Then again, maybe it wasn't sooo long ago. What did I have for breakfast today? ^_^ The only reason arts ever existed at all was to do sound mixing in software in the days when hardware generally did not do that. These days alsa takes care of all of that. OSS-4 does a better job I hear, but in any case you do not need arts. If you did, how would it be possible to hear sound in a flash video in a browser on a non-KDE system? And I think that was my problem. It would only play one sound at a time and some things hogged up the sound system. Mine makes a sound when I change desktops for instance and it would hold onto the sound system for a minute or so before other sounds could use it. It has been a while so I couldn't remember the details, just that it wasn't working right. It works now tho. I played a video and changed desktops and could hear them both. Yeppie !! No arts system. Dale :-) :-)
Re: [gentoo-user] openwatcom ebuild question
On Sat, 14 Nov 2009 22:21:50 +0100 Xavier Parizet wrote: > David Relson a écrit : > > As background, http://bugs.gentoo.org/show_bug.cgi?id=233097 has an > > experimental, unsupported ebuild for openwatcom-1.7.1 and it doesn't > > quite work :-< > > > > The ebuild's src_compile function is: > > > > src_compile() { > > ./build.sh || die "build.sh failed" > > } > > > > When I run "emerge =dev-lang/openwatcom-1.7.1", the build fails with > > > > > > /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: > > i386:x86-64 architecture of input file `bootstrp/clibext.o' is > > incompatible with i386 output distcc[16016] ERROR: compile > > (null) on localhost failed > > You use distcc. But seems to be not well configured. Just disable > distcc to build the package (FEATURES=-distcc in /etc/make.conf). > > HTH. Xavier, It helps a lot! I had installed distcc, but never quite got it working. Getting it working is on my TODO list, but I hadn't thought of it when the problem occurred. Thanks! David
Re: [gentoo-user] openwatcom ebuild question
David Relson schrieb am 14.11.2009 21:33: > As background, http://bugs.gentoo.org/show_bug.cgi?id=233097 has an > experimental, unsupported ebuild for openwatcom-1.7.1 and it doesn't > quite work :-< > > The ebuild's src_compile function is: > > src_compile() { > ./build.sh || die "build.sh failed" > } > > When I run "emerge =dev-lang/openwatcom-1.7.1", the build fails with > > /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: > i386:x86-64 architecture of input file `bootstrp/clibext.o' is > incompatible with i386 output distcc[16016] ERROR: compile (null) > on localhost failed > > The full output of the emerge command is in the attached file. > > Alternatively, I can manually unpack and build with commands: > > ebuild =dev-lang/openwatcom-1.7.1.ebuild unpack > cd /var/tmp/dev-lang/openwatcom-1.7.1/work > ./build.sh > > With the steps performed manually, the compilation works properly. > > Anybody familiar with the "i386:x86-64 ... incompatible ... i386" > message and know what it means? > > Any suggestions on ebuild changes to correct this behavior? > > Thanks ! > > David Okay, this is not a distcc problem. From looking at the bug. Do you really think by just tricking the architecture check to accept x86_64 will make it magically compile. You can't be serious! This software does not build on x86_64 at the moment. If you don't have the appropriate programming skills to fix this yourself you have to wait for the openwatcom developers to make it x86_64 ready. -- Daniel Pielmeier signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] openwatcom ebuild question
David Relson schrieb am 14.11.2009 21:33: > As background, http://bugs.gentoo.org/show_bug.cgi?id=233097 has an > experimental, unsupported ebuild for openwatcom-1.7.1 and it doesn't > quite work :-< > > The ebuild's src_compile function is: > > src_compile() { > ./build.sh || die "build.sh failed" > } > > When I run "emerge =dev-lang/openwatcom-1.7.1", the build fails with > > /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: > i386:x86-64 architecture of input file `bootstrp/clibext.o' is > incompatible with i386 output distcc[16016] ERROR: compile (null) > on localhost failed > > The full output of the emerge command is in the attached file. > > Alternatively, I can manually unpack and build with commands: > > ebuild =dev-lang/openwatcom-1.7.1.ebuild unpack > cd /var/tmp/dev-lang/openwatcom-1.7.1/work > ./build.sh > > With the steps performed manually, the compilation works properly. > > Anybody familiar with the "i386:x86-64 ... incompatible ... i386" > message and know what it means? > > Any suggestions on ebuild changes to correct this behavior? > > Thanks ! > > David Do you use distcc? Try if the ebuild works with temporary disabling distcc. If distcc is to blame, fixing wont be that easy. You have to examine build.sh and fix it in order to work with distcc. -- Daniel Pielmeier signature.asc Description: OpenPGP digital signature
[gentoo-user] scrollback using framebuffer
Hi group, I'm using the nvidia framebuffer(CONFIG_FB_NVIDIA=y) but I can't get scrollback to work for more than a few lines. I've added 'fbcon=scrollback:128' to my kernel line in grub.conf but scrollback is still disabled. Is there some nvidia specific way to do this?
Re: Gentoo for many servers (was: Re: [gentoo-user] executing commands on lots of servers at once)
Alan McKinnon writes: > On Saturday 14 November 2009 19:36:06 Alex Schuster wrote: >> Alan McKinnon wrote: >>> clusterssh will let you log into many machines at once and run emerge >>> -avuND world everywhere >> This is way cool. I just started using it on eight Fedora servers I am >> administrating. Nice, now this is an improvement over my 'for $h in >> $HOSTS; do ssh $h "yum install foo"; done' approach. > > I feel your pain :-) > > We used to have the same problem adding new admins to 87 machines. Now > we have a bespoke provisioner that does it all. Sorry, I just do not get 'bespoke provisioner'. Some sort of software, like clusterssh? Or a person, one admin instead of many? >> What do you guys think about using Gentoo for servers? At the institute >> I partially work we chose Fedora. There is no special reason for that - >> we already had some Fedora machines, the setup seemed to work, the >> reputation was good, so we kept it. That was okay for me, why choose >> many different environments and learn everything again. I mentioned >> Gentoo, but did not really suggest to actually use it. Maybe I should >> have. > > I'm a huge fan of Gentoo Now who would have thought of that! > and all my personal machines (except the new netbook have run it for the > last 5 years. > > But I will never install Gentoo on a production server at work. > > Why? > > Because it is too time consuming, because no two machines are set up the > same, because I can't trust that other admins used the flags they should > have. So updates become a case of logging into 80+ machines individually > and doing emerge world by hand. Gentoo allows you to customize things to > the nth degree - that is it's strength - so people WILL use this one > discriminating factor. > > If OTOH I had a server farm of 80+ machines, all identical, I'd put > Gentoo on them in a flash. But I don't have that Of our 8 machines, 7 are essentially the same and differ only in hard drive space and CPU speed. The other machine is Intel, not AMD, and needs different IDE drivers. At the moment it has a different initrd (I set up a minimal fedora install to generate it after the cloned system did not boot), the rest is - apart from some config files - identical. So I would make sure that about everything is exactly the same, well, maybe except for hostnames, udev net-persistent-rules, ssh keys... what more? The last, a little different machine is a problem though. With optimized CFLAGS, this one would have to compile all stuff again, while for the others I could use binpkgs. Updating them all with clusterssh should not be much more work than updating a single one. Well, not completely true, I would have the double work, as I would upgrade one server first to test if there are problems, and then do it for the others. Maybe I could use the special machine to test stuff, and then update all the others. If they would differ, Gentoo would of course be too much work. I already have this problem now... there is my desktop machine, my notebook running a Gentoo VM, a second desktop machine at my other home, the living-room machine of my flat share, the machine of a fried I also administrate, the server of my flat share I need to set up again... and clusterssh is no option here. >> Now I am thinking about a Gentoo installation instead. >> >> Pros: >> - Continuous updates, no downtime for upgrading, only when I decide to >> install a new kernel. This is really really cool. I fear the upgrade >> from Fedora 10 to 12 which has to be done soon. > > Do not upgrade, especially not with a version jump of 2 or more. If you > have a lot of machines, I assume you are a decent shop, and that you > have some form of formal process for upgrades and changes. Not really, I think. We are not very professional I must admit. We have two capable admins, but one is specialized in network stuff and Windows, the other has to do with our big Sun servers, huuge storage systems and such. They do not much about the Linux cluster. Another user sometimes installs a package on a machine, but usually I do this. For me, it is not my main job, I work only about ten hours per week there, mostly being some 100 km away. We are a research institute. We do neurological research, PET and MRI tomography. The Linux servers do number crunching, and of course they should work and have good uptimes, but it is not as important as if we were an ISP. > What you do instead is a formal migration - copy the data off, > reinstall, restore data. Advice noted. Yes, this sounds like the better idea, giving a cleaner setup. And if some things break I do not have to wonder if it was some strange side effect from the upgrade process. > If you can't afford to do that every six or twleve months, then > I have to ask - what the hell is the organization doing using a distro > that is unsupported after 12 months? Well, I do not think this was considered much. One machine was s
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
Richard Marza writes: > I recently check my log files and discovered that there was a > dictionary attack attempt on my daemons. sshd and vsftpd were the > primary targets. Is there a script or tool to block the offending IP > addresses using iptables. Something that checks to see if a minimum of > attempts has occured and blocks them indefinitely based on that? I am using net-analyzer/fail2ban for this. There is also app- admin/denyhosts, which gets a list of offending IPs from a server. But it may only be for SSH. Wonko
[gentoo-user] Blocking login attempts to sshd and vsftpd
I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? Regards, Richard M.
Re: [gentoo-user] openwatcom ebuild question
David Relson a écrit : > As background, http://bugs.gentoo.org/show_bug.cgi?id=233097 has an > experimental, unsupported ebuild for openwatcom-1.7.1 and it doesn't > quite work :-< > > The ebuild's src_compile function is: > > src_compile() { > ./build.sh || die "build.sh failed" > } > > When I run "emerge =dev-lang/openwatcom-1.7.1", the build fails with > > /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: > i386:x86-64 architecture of input file `bootstrp/clibext.o' is > incompatible with i386 output distcc[16016] ERROR: compile (null) > on localhost failed You use distcc. But seems to be not well configured. Just disable distcc to build the package (FEATURES=-distcc in /etc/make.conf). HTH. > The full output of the emerge command is in the attached file. > > Alternatively, I can manually unpack and build with commands: > > ebuild =dev-lang/openwatcom-1.7.1.ebuild unpack > cd /var/tmp/dev-lang/openwatcom-1.7.1/work > ./build.sh > > With the steps performed manually, the compilation works properly. > > Anybody familiar with the "i386:x86-64 ... incompatible ... i386" > message and know what it means? > > Any suggestions on ebuild changes to correct this behavior? > > Thanks ! > > David > -- Xavier Parizet YaGB : http://gentooist.com GPG :C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] making a file-list at (a) for fetching at (b)
On Saturday 14 November 2009 20:55:16 Maxim Wexler wrote: > > redirect to a file, bash it into suitable shape with your Unix text tools > > of course, use said file as input to wget. > > > > > > -- > > alan dot mckinnon at gmail dot com > > Here > > http://www.gentoo-wiki.info/TIP_Gentoo_for_dialup_users > > I found this gem: > > emerge -fpu world | sort | uniq | sed '/\(^http\|^ftp\).*/!d;s/\ > .*$//g' > links.txt > > But something doesn't seem right. links.txt has 92 lines(I added the > ND switches) that all use only one URL, distfiles.gentoo.org, for each > package. It's 5.5k. But the raw command lists several URLs for each > package and it's gotta be ~200k. And if you read the article the wget > command is meant to skip the other URLs as soon as one instance of the > pkg has been downloaded: > > "With wget, just do: > > wget -i links.txt -nc > > Option -i tells wget to look inside links.txt for URLs of stuff to > download, option -nc tells it not to download it twice or thrice once > the file has been retrieved from a working URL." > > Am I missing something here? The output of emerge -f lists ALL known mirrors and SRCs configured on the machine for each distfile. So you really only need to grab the first one listed, which is usually gentoo.org. If the file is not there, it is most unlikely to be anywhere else, with the exception of fetch-restricted packages. Those you would have to download manually anyway. When I was forced to use this same method, I just used cut on the output, using space as the delimiter. This seldom failed. I would not trust wget -nc. It has all kinds of implications including what to do with differing timestamps. wget -c is better. It completes partial downloads. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Block root user from login on xorg GUI
On Saturday 14 November 2009 21:32:39 Mick wrote: > > Approach security a little more sanely and don't give untrusted users > > root access? If you have to take steps to restrict the root account, > > you need to rethink who has use of it. Preventing damage in the event > > that the system does get compromised is one thing, but trying to > > control someone who is given access to root on the software side is > > the wrong approach, in my incredibly non-humble opinion. > > You are right of course, but in this particular case the guy who pays > wants to have root access. And you agreed to work like that? So when he fucks things up good royal and proper, will he gladly accept his shafting and pay you more to undo it? Or will he do the usual customer stunt and blame you? I only work under one of two conditions: I am root and the customer is not. The customer is root and I am not. > So, I'm just trying to find an easy way to > protect him from himself. Initially I implemented SELinux, but had to > pull that back because I couldn't in any quick way get Nagios cgi working > with it. One day I may find some time to get back to it. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Block root user from login on xorg GUI
Am Samstag 14 November 2009 16:13:04 schrieb Nikos Chantziaras: > Ever heard about make menuconfig? ??? Bye... Dirk signature.asc Description: This is a digitally signed message part.
[gentoo-user] openwatcom ebuild question
As background, http://bugs.gentoo.org/show_bug.cgi?id=233097 has an experimental, unsupported ebuild for openwatcom-1.7.1 and it doesn't quite work :-< The ebuild's src_compile function is: src_compile() { ./build.sh || die "build.sh failed" } When I run "emerge =dev-lang/openwatcom-1.7.1", the build fails with /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: i386:x86-64 architecture of input file `bootstrp/clibext.o' is incompatible with i386 output distcc[16016] ERROR: compile (null) on localhost failed The full output of the emerge command is in the attached file. Alternatively, I can manually unpack and build with commands: ebuild =dev-lang/openwatcom-1.7.1.ebuild unpack cd /var/tmp/dev-lang/openwatcom-1.7.1/work ./build.sh With the steps performed manually, the compilation works properly. Anybody familiar with the "i386:x86-64 ... incompatible ... i386" message and know what it means? Any suggestions on ebuild changes to correct this behavior? Thanks ! David >>> Unpacking source... >>> Unpacking open_watcom_1.7.1-src.tar.bz2 to /var/tmp/portage/dev-lang/openwatcom-1.7.1/work [32;01m*[0m Applying build.sh.patch ... [A[71C [34;01m[ [32;01mok[34;01m ][0m >>> Source unpacked in /var/tmp/portage/dev-lang/openwatcom-1.7.1/work >>> Compiling source in /var/tmp/portage/dev-lang/openwatcom-1.7.1/work ... Open Watcom compiler build environment mkdir bootstrp cc -c -funsigned-char -fno-common -g -O2 -Wall -Wno-switch -Ibootstrp -Ih -I../watcom/h -I../lib_misc/h -D__LINUX__ -D__UNIX__= -DUNIX -Uunix -DBOOTSTRAP -DWMAKE -Ibootstrp -o bootstrp/wsplice.o ../builder/c/wsplice.c cc -c -funsigned-char -fno-common -g -O2 -Wall -Wno-switch -Ibootstrp -Ih -I../watcom/h -I../lib_misc/h -D__LINUX__ -D__UNIX__= -DUNIX -Uunix -DBOOTSTRAP -DWMAKE -Ibootstrp -o bootstrp/clibext.o ../watcom/c/clibext.c cc -g bootstrp/wsplice.o bootstrp/clibext.o -o bootstrp/wsplice collect2: ld terminated with signal 11 [Segmentation fault] /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: i386:x86-64 architecture of input file `bootstrp/wsplice.o' is incompatible with i386 output /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: i386:x86-64 architecture of input file `bootstrp/clibext.o' is incompatible with i386 output distcc[16016] ERROR: compile (null) on localhost failed make: *** [bootstrp/wsplice] Error 1 ./build.sh: line 19: wmake: command not found ./build.sh: line 22: builder: command not found >>> Source compiled. >>> Test phase [not enabled]: dev-lang/openwatcom-1.7.1 >>> Install openwatcom-1.7.1 into /var/tmp/portage/dev-lang/openwatcom-1.7.1/image/ category dev-lang cp: cannot stat `rel2': No such file or directory ln: creating symbolic link `/var/tmp/portage/dev-lang/openwatcom-1.7.1/image//opt/openwatcom/bin': No such file or directory >>> Completed installing openwatcom-1.7.1 into /var/tmp/portage/dev-lang/openwatcom-1.7.1/image/ >>> Done.
Re: [gentoo-user] Re: Quoting style on HTC Dream
On Friday 13 November 2009 23:35:21 James wrote: > Alan McKinnon gmail.com> writes: > > Do you mean "droid" as a synonym for Android? > > yes, > Verizon is offering the HTC ERIS (DROID) phone, in > addition to the Mot DROID phone: > http://www.htc.com/us/product/droideris/specification.html Nice phone, looks a lot like the Hero available here > > To flash it you need root privileges which is a trivial hack; > > carrier-provided phones usually have this disabled but this too has been > > hacked around. Then followed Google and HTC's own docs on the flash > > procedure > > > > http://wiki.xda-developers.com/index.php?pagename=HTC_Dream > > http://wiki.cyanogenmod.com/index.php/Main_Page > > HTC images available at http://developer.htc.com/adp.html > > > > This page describes how to install Debian so gentoo will also be > > possible: http://forum.xda-developers.com/showthread.php?t=507291 > > Nice links but do they relate to the Mot version of the DROID, or just the > HTC? Mot put a very fast Cortex-A8 arm chip in their phone.. Sorry, but I really have no idea. It might turn out similar to trying to run 686 code on a 486 > Will flashing work with the Verizon HTC Eris phone like yours? > Not sure by my googling results. Everything I've read suggests that flashing either works or it doesn't, and if it doesn't then you can roll back to factory preset. But that's a big if, so you might want to wait till some of the more experienced hackers show if it can be done. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] emerge @ world -> @preserved-rebuild -> @preserved-rebuild -> what next?
On Saturday 14 November 2009 03:06:02 Mark Knecht wrote: > It wasn't that I had 50 packages in the emerge -DuN @world. That was > something like 10. It was after that finished and I ran > @preserved-rebuild that it said 50 packages were effected by something > it found, but those 50 were all dependent on just one or two packages > that Alan was suggesting to me are held in the preserved database > file, or so I think. > Yes, that's pretty much the scenario I was describing. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] emerge @ world -> @preserved-rebuild -> @preserved-rebuild -> what next?
On Saturday 14 November 2009 01:13:06 Neil Bothwick wrote: > > However, it did get to the point where it was complaining about two > > packages and the number of files to be rebuilt went (IIRC) 52, 50, 50, > > so I decide since it was rebuilding 50 packages the 2nd & 3rd times it > > wasn't going to improve. Might not be true though. > > I think it is being over-cautious, which results in packages being > rebuilt multiple time unnecessarily, but I's rather give it the chance to > fix itself. That said, I've never had a list anything like 50 packages > long, but I do update frequently. > The only relevant facts I have ever seen myself are that ldd was telling me a lib was required and portage had already told me via depclean that it wasn't... It's totally possible that what the OP is running into is something I've never had to track down -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] kdemultimedia-arts-3.5.10 and the arts flag
On Saturday 14 November 2009 01:17:13 Dale wrote: > Just picking on this one since it is newer. ;-) I finally got through > the other stuff, with arts enabled since it griped about the change > before, and I am now disabling arts. I think it wanted it so badly > because I was doing a preserved-rebuild and other packages had it > enabled. I don't guess a -N option would take on that emerge. > > I think I did this once before and my sound disappeared. Everything > went mute so I may be back. It may just be a setting in KDE or > something that needs changing. That was a while ago to. I barely > remember it. Then again, maybe it wasn't sooo long ago. What did I > have for breakfast today? ^_^ > The only reason arts ever existed at all was to do sound mixing in software in the days when hardware generally did not do that. These days alsa takes care of all of that. OSS-4 does a better job I hear, but in any case you do not need arts. If you did, how would it be possible to hear sound in a flash video in a browser on a non-KDE system? -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Quoting style on HTC Dream
On Saturday 14 November 2009 11:30:42 Neil Bothwick wrote: > > I have not looked into these new phones much because my G1 is only a > > year old, still runs fine, and still has a year to go on the danged > > contract. But if I were looking for a new phone today, I would start > > by investigating the Maemo, then look at other Androids which don't > > have a physical keyboard but do have multitouch, and finally at the > > Droid. > > I had more or less decided to go for the N900 when my contract expires in > a few months, then Motorola confused things by releasing the Droid. Now > I'm as confused as a baby in a topless bar. > hehehe, I know that feeling. I eventually had to draw a line in the sand and make a decision. Consider that I'd been mulling over what smart phone to get for 4 years, I figured it was time :-) Here in South Africa, we get all the mundane phones almost as soon as everyone else. Top of the line gear though - we wait 12 months at least usually. So the G1 was the best choice for me from what was available right now. So far I'm happy, even though I completely understand the G1 was more of an experiment than anything else, even though the enter key is not as accessible as the rest of the keys. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Block root user from login on xorg GUI
On Saturday 14 November 2009 07:01:19 Joshua Murphy wrote: > On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote: > > On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: > >> On Thu, 2009-11-12 at 22:18 +, Mick wrote: > >> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: > >> > > Gdm itself has a config option to disallow root logins > >> > > >> > Ahh, unfortunately I can only access it remotely via ssh at this > >> > stage. Hopefully the pam method will work fine. > >> > >> You don't need anything more to configure gdm than ssh access - this is > >> Linux after all & a good program has text based configurations :) > >> > >> Edit /etc/X11/gdm/custom.conf > >> > >> In the section [security] add: > >> AllowRoot=false > > > > Thanks for this! :-) > > > >> You may then have to restart xdm. > >> > >> However, if someone has the root password to log in to X, then what's to > >> stop them changing anything you do now? > > > > Know how? > > -- > > Regards, > > Mick > > Approach security a little more sanely and don't give untrusted users > root access? If you have to take steps to restrict the root account, > you need to rethink who has use of it. Preventing damage in the event > that the system *does* get compromised is one thing, but trying to > control someone who is *given* access to root on the software side is > the wrong approach, in my incredibly non-humble opinion. You are right of course, but in this particular case the guy who *pays* wants to have root access. So, I'm just trying to find an easy way to protect him from himself. Initially I implemented SELinux, but had to pull that back because I couldn't in any quick way get Nagios cgi working with it. One day I may find some time to get back to it. Thanks again. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Block root user from login on xorg GUI
On Saturday 14 November 2009 17:13:04 Nikos Chantziaras wrote: > On 11/14/2009 12:12 PM, Dirk Heinrichs wrote: > > Am Samstag 14 November 2009 10:21:35 schrieb Nikos Chantziaras: > >> You cannot impose any restrictions to the root user. root is > >> unrestricted by definition. It's useless to even start thinking about > >> trying. > > > > Ever heard about SELinux? > > > > Bye... > > Ever heard about make menuconfig? Or: Ever heard about keyboard, power switch, terminal and the ability to touch all three? -- alan dot mckinnon at gmail dot com
Re: Gentoo for many servers (was: Re: [gentoo-user] executing commands on lots of servers at once)
On Saturday 14 November 2009 19:36:06 Alex Schuster wrote: > Alan McKinnon wrote: > > clusterssh will let you log into many machines at once and run emerge > > -avuND world everywhere > > This is way cool. I just started using it on eight Fedora servers I am > administrating. Nice, now this is an improvement over my 'for $h in > $HOSTS; do ssh $h "yum install foo"; done' approach. I feel your pain :-) We used to have the same problem adding new admins to 87 machines. Now we have a bespoke provisioner that does it all. > What do you guys think about using Gentoo for servers? At the institute I > partially work we chose Fedora. There is no special reason for that - we > already had some Fedora machines, the setup seemed to work, the reputation > was good, so we kept it. That was okay for me, why choose many different > environments and learn everything again. I mentioned Gentoo, but did not > really suggest to actually use it. Maybe I should have. I'm a huge fan of Gentoo and all my personal machines (except the new netbook) have run it for the last 5 years. But I will never install Gentoo on a production server at work. Why? Because it is too time consuming, because no two machines are set up the same, because I can't trust that other admins used the flags they should have. So updates become a case of logging into 80+ machines individually and doing emerge world by hand. Gentoo allows you to customize things to the nth degree - that is it's strength - so people WILL use this one discriminating factor. If OTOH I had a server farm of 80+ machines, all identical, I'd put Gentoo on them in a flash. But I don't have that > These 8 servers I mentioned are basically clones of the one I installed > manually. Instead of doing this again, I boot a live-cd on a new one, > create partitions, and extract tar files of the first server's partitions. > Then I do some extra configuration, like hostname and network setup. Done. > > My plan for updating them is to take the first server down, and upgrade > the installation (if that works - I had some trouble with that before, so > maybe it will be better to reinstall from scratch). Then I will create a > snapshot of the new setup, transfer that to the other hosts, and unpack it > in new logical volumes. I plan to script this so I do not have to do it > manually every time - but that was before I knew ClusterSSH. When all is > done and there is some time to take the servers down, I will reboot into > the new system. > > Now I am thinking about a Gentoo installation instead. > > Pros: > - Continuous updates, no downtime for upgrading, only when I decide to > install a new kernel. This is really really cool. I fear the upgrade from > Fedora 10 to 12 which has to be done soon. Do not upgrade, especially not with a version jump of 2 or more. If you have a lot of machines, I assume you are a decent shop, and that you have some form of formal process for upgrades and changes. What you do instead is a formal migration - copy the data off, reinstall, restore data. If you can't afford to do that every six or twleve months, then I have to ask - what the hell is the organization doing using a distro that is unsupported after 12 months? > - Some improvement in speed. Those machines do A LOT of numbercrunching, > which jobs often lasting for days, so even small improvements would be > nice. Don't fool yourself. Unless you need what Google needs, there is very little speed difference between Gentoo and Fedora. I/O improvements you need can be easily gotten by fiddling the kernel tuning knobs. > - Easier debugging. When things do not work, I think it's easier to dig > into the problem. No fancy, but sometimes buggy GUIs hiding basic > functionality. Emm, Fedora does not require a GUI :-) > - Heck, Gentoo is _cooler_ than typical distributions. And emerging with > distcc on about 8*4 cores would be fun :) Can't argue with that. But that is your ego talking and the machines do not belong to you but to the institute. Your ego has no place in that. > - I am probably the only one who can administrate them. This is not a benefit. It is a severe liability. Where I work, I get fired for trying that :-( > Cons: > - If something will not work with this not so common (meta)distribution, > people will say "always trouble with your Gentoo Schmentoo, it works fine > in Fedora". Fedora is more mainstream, if something does not work there, > then it's okay for the people to accept it. Those same people are likely to say the same about linux vs windows. > - I fear that big packages like Matlab are made for and tested on the > typical distributions, and may have problems with the not-so-common > Gentoo. I think someone here just had such a problem with Mathematica > (which we do currently not use). One or two persons had problems. Many many more replied that they had no problems at all. In Fedora-land, the ratio is the same. >
Re: [gentoo-user] Unable to set up wireless lan - followed documentation
On Saturday 14 November 2009 19:55:15 Nelis Botha wrote: > Hey list > > I need some help. I am trying to set up my wireless lan on gentoo. I > have recompiled kernel. Every attempt at configuring /etc/conf.d/net > end in faed to configure wireless for wlan0 i have folowed the advice > given when it fails and give info/advice to resolve but nothing has > worked thus far. My question then is : what should the /etc/conf.d/net > look like if I want to connect to dhcp enabled adsl router that does > not need authenticating ? > > Any help would be appreiciated. I have gooogled and folowed tutorials > on gentoo wiki but it didnt help at all. > Thanks in advance Is this a desktop machine? If so, dump the net.* scripts and just run wicd. Why? Because it just works. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] return of SOD
Maxim Wexler wrote: > Meanwhile, I'll wait and see; the problem was intermittant; sometimes > the SOD appeared in a few minutes, sometimes it took days. > I'm keeping my fingers crossed for you. :) Be lucky, Neil http://www.easy-ebay.com
Re: [gentoo-user] making a file-list at (a) for fetching at (b)
> redirect to a file, bash it into suitable shape with your Unix text tools of > course, use said file as input to wget. > > > -- > alan dot mckinnon at gmail dot com > > Here http://www.gentoo-wiki.info/TIP_Gentoo_for_dialup_users I found this gem: emerge -fpu world | sort | uniq | sed '/\(^http\|^ftp\).*/!d;s/\ .*$//g' > links.txt But something doesn't seem right. links.txt has 92 lines(I added the ND switches) that all use only one URL, distfiles.gentoo.org, for each package. It's 5.5k. But the raw command lists several URLs for each package and it's gotta be ~200k. And if you read the article the wget command is meant to skip the other URLs as soon as one instance of the pkg has been downloaded: "With wget, just do: wget -i links.txt -nc Option -i tells wget to look inside links.txt for URLs of stuff to download, option -nc tells it not to download it twice or thrice once the file has been retrieved from a working URL." Am I missing something here?
Re: [gentoo-user] Help with unsubscribing.
came...@cameronlowe.com wrote: Hello, I've sent several emails to gentoo-user+unsubscr...@lists.gentoo.org, in an attempt to unsubscribe myself from this Gentoo list, but this has not worked. Could any of the admins plese remove my email address from all Gentoo lists. Thanks. Msg sent via @Mail - http://atmail.com/ Are you sending it from the email address you want to unsubscribe? I don't know if anyone here can unsubscribe you or not. Dale :-) :-)
[gentoo-user] double posting
hey guys sorry for the double post I was under the impression the 1st mail's sending failed thus the 2nd mail ignore the 1st mail sorry again for any inconveniance cuased regards nelis
[gentoo-user] setting up wireless on gentoo using wireless-tools
Hey guys I'm Strugling to set up wireless, have recompiled kernel to include wireless i have folowed all the documentation and read and folowed tutorials on gentoo wiki and also i have folowed the /net.examples and wireless.examples but it keeps giving me errors when i want to start init.d/net.wlan0 my question is: what should a working /etc/init.d/net look like if I want to connect to dhcp enabled open wireless dslmodem/router ? any advice will be extremely welcome Thanks Nelis
[gentoo-user] sound on intel imac
Hello, I have a 20 inch aluminum imac: uname -a Linux pyrope 2.6.30-gentoo-r5 #9 SMP Sat Nov 14 14:04:55 NST 2009 x86_64 Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz GenuineIntel GNU/Linux The sound card is listed by lspci as: 00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 03) cat /proc/asound/card0/codec#0 says Codec: Realtek ALC889A I'm using the in-kernel alsa drivers. I have tried compiling into the kernel and as modules. I cannot get any output from speakers or headphone. (Yes, I have run alsamixer and un-muted everything). I have looked around using google and problems with the ALC889A codec seem common. I tried some of the suggested fixes, like setting model=whatever to the kernel snd-intel-hda module. Nothing I have tried has worked. I know the sound system is functioning because it works in OSX. If anyone here has any suggestions or knows for sure that the sound system on these machines cannot be made to work in Gentoo it would be useful to find out before I waste more time on it. Thanks, Roger
[gentoo-user] Unable to set up wireless lan - followed documentation
Hey list I need some help. I am trying to set up my wireless lan on gentoo. I have recompiled kernel. Every attempt at configuring /etc/conf.d/net end in faed to configure wireless for wlan0 i have folowed the advice given when it fails and give info/advice to resolve but nothing has worked thus far. My question then is : what should the /etc/conf.d/net look like if I want to connect to dhcp enabled adsl router that does not need authenticating ? Any help would be appreiciated. I have gooogled and folowed tutorials on gentoo wiki but it didnt help at all. Thanks in advance Nelis -- Sent from my mobile device
Gentoo for many servers (was: Re: [gentoo-user] executing commands on lots of servers at once)
Alan McKinnon wrote: > clusterssh will let you log into many machines at once and run emerge > -avuND world everywhere This is way cool. I just started using it on eight Fedora servers I am administrating. Nice, now this is an improvement over my 'for $h in $HOSTS; do ssh $h "yum install foo"; done' approach. What do you guys think about using Gentoo for servers? At the institute I partially work we chose Fedora. There is no special reason for that - we already had some Fedora machines, the setup seemed to work, the reputation was good, so we kept it. That was okay for me, why choose many different environments and learn everything again. I mentioned Gentoo, but did not really suggest to actually use it. Maybe I should have. These 8 servers I mentioned are basically clones of the one I installed manually. Instead of doing this again, I boot a live-cd on a new one, create partitions, and extract tar files of the first server's partitions. Then I do some extra configuration, like hostname and network setup. Done. My plan for updating them is to take the first server down, and upgrade the installation (if that works - I had some trouble with that before, so maybe it will be better to reinstall from scratch). Then I will create a snapshot of the new setup, transfer that to the other hosts, and unpack it in new logical volumes. I plan to script this so I do not have to do it manually every time - but that was before I knew ClusterSSH. When all is done and there is some time to take the servers down, I will reboot into the new system. Now I am thinking about a Gentoo installation instead. Pros: - Continuous updates, no downtime for upgrading, only when I decide to install a new kernel. This is really really cool. I fear the upgrade from Fedora 10 to 12 which has to be done soon. - Some improvement in speed. Those machines do A LOT of numbercrunching, which jobs often lasting for days, so even small improvements would be nice. - Easier debugging. When things do not work, I think it's easier to dig into the problem. No fancy, but sometimes buggy GUIs hiding basic functionality. - Heck, Gentoo is _cooler_ than typical distributions. And emerging with distcc on about 8*4 cores would be fun :) - I am probably the only one who can administrate them. Cons: - If something will not work with this not so common (meta)distribution, people will say "always trouble with your Gentoo Schmentoo, it works fine in Fedora". Fedora is more mainstream, if something does not work there, then it's okay for the people to accept it. - I fear that big packages like Matlab are made for and tested on the typical distributions, and may have problems with the not-so-common Gentoo. I think someone here just had such a problem with Mathematica (which we do currently not use). - I am probably the only one who can administrate them. I think Gentoo is easier to maintain in the long run, but only when you take the time to learn it. With Fedora, you do not need much more than the 'yum install' command. There is no need to read complicated X.org upgrade guides and such. I think I already made my decision, but I am still interested in your opinions, maybe some of you are in a similar position and like to share your experiences. Whether I will be allowed to use Gentoo is another question, I guess my boss will not like my idea at first, and I am not even sure if he is right. But maybe I can test-install Gentoo on one machine in a chroot, and see if things work fine. Wonko
Re: [gentoo-user] return of SOD
On 11/14/09, Neil Walker wrote: > Maxim Wexler wrote: >> Anybody guess what's happening here? >> > > Well, it is just a guess but, from what you have said, it > sounds like either a problem with the video driver or > a hardware problem. :( > hmm, ran #emerge -pv xf86-intel-driver and it came back with [ebuild ud]. Portage wanted to downgrade 2.9.1 with 2.8.1, so I did. IIRC I upgraded to 2.9.1 to fix another video problem. Or, maybe it was the same one. I'll have to look over my history to be sure. Meanwhile, I'll wait and see; the problem was intermittant; sometimes the SOD appeared in a few minutes, sometimes it took days. mw
[gentoo-user] Help with unsubscribing.
Hello, I've sent several emails to gentoo-user+unsubscr...@lists.gentoo.org, in an attempt to unsubscribe myself from this Gentoo list, but this has not worked. Could any of the admins plese remove my email address from all Gentoo lists. Thanks. Msg sent via @Mail - http://atmail.com/
Re: [gentoo-user] strange cron messages...
Jarry writes: > Hi, I'm getting strange mails from vixie-cron-4.1-r10: > -- > SUBJECT: Cron test -x /usr/sbin/run-crons && > /usr/sbin/run-crons > > error: kernel:9 unknown option 'compytruncate' -- ignoring line > error: kernel:12 unknown option 'endscript' -- ignoring line > -- > > What does it mean??? I assume you are using logrotate, and have the /etc/logrotate.d/kernel file? I guess the 'compytruncate' is misspelled and should be 'copytruncate'. And 'endscript' is used after using 'prerotate' or 'postrotate', which you probably do not have. Something like that, I never used logrotate by myself. See the man page for more information. Wonko
Re: [gentoo-user] Re: xorg-server upgrading problem
Nikos Chantziaras wrote: > > I already posted how do downgrade to 1.6.5 correctly :P > I have a slightly different case, but related -- I tried the upgrade because I saw a message that the new nvidia drivers would actually work, but xorg-server 1.7.1 would not compile and so I followed the instructions in the bug 290739 comments 3 and 6 and xorg-server 1.6.5 and 1.6.4 which is the one I still have -- neither one will compile. In the 1.6.5 case I get errors in rensize.c. Thanks in advance for any ideas on how to fix. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] Re: Quoting style on HTC Dream
On Sat, Nov 14, 2009 at 09:30:42AM +, Neil Bothwick wrote: > On Fri, 13 Nov 2009 22:21:06 -0800, fe...@crowfix.com wrote: > > Plus it does > > not have multitouch like the iPhone or the new Motorola Droid, which > > would be a big improvement. > > That's a software limitation, the touchscreen supports multitouch and > I've seen a hacked G-1 with multitouch working. The hardware supports a limited multitouch sort of by chance. It loses track of fingers too close to the vertical or horizontal so if you want to pinch or spread for zoom, you have to do it at an angle. Rotation doesn't work thru a vertical or horizontal, altho a clever program could make a guess. > > Here are some of the things I like about Better Keyboard: > > Is this in the Market? If so, I'll give it a try as you can get a refund > on paid programs within the first 24 hours. Yes, I think $5. I had tried the builtin virtual keyboard and found it barely better than nothing, but nowhere near as good as the physical keyboard. I was reluctant to try Better Keyboard but it turned out so good that I wondered if Google would incorporate many of its features into some later version of Android, maybe even buy rights to it if not just plain copy. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o
[gentoo-user] Re: Block root user from login on xorg GUI
On 11/14/2009 12:12 PM, Dirk Heinrichs wrote: Am Samstag 14 November 2009 10:21:35 schrieb Nikos Chantziaras: You cannot impose any restrictions to the root user. root is unrestricted by definition. It's useless to even start thinking about trying. Ever heard about SELinux? Bye... Ever heard about make menuconfig? Bye...
[gentoo-user] strange cron messages...
Hi, I'm getting strange mails from vixie-cron-4.1-r10: -- SUBJECT: Cron test -x /usr/sbin/run-crons && /usr/sbin/run-crons error: kernel:9 unknown option 'compytruncate' -- ignoring line error: kernel:12 unknown option 'endscript' -- ignoring line -- What does it mean??? Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
Re: [gentoo-user] Missing icons in K3b
On Samstag 14 November 2009, Jacques Montier wrote: > Jacques Montier a gentiment tapote: > > Julien Gormotte a gentiment tapote: > >> Ok, this is interesting : > >> libpng12.so.0 > >> libQtSvg.so.4 > >> I suppose the icons are in png or svg format, and k3b is not able to > >> load them because this lib is missing... > >> > >> Did you tried a revdep-rebuild ? maybe an update broke these libs ? > >> > >> Well, it's a possibility, but try this. > >> > >> And, just to be sure, try to do this, with the same user you use to > >> launch k3b : > >> file /usr/share/apps/k3b/icons/* > >> > >> If it works, then it's not a permissions problem. > >> > >> Julien Gormotte > >> > >> > >> This message was sent using IMP, the Internet Messaging Program. > > > > $ file /usr/share/apps/k3b/icons/* > > i get : > > /usr/share/apps/k3b/icons/crystalsvg: directory > > /usr/share/apps/k3b/icons/hicolor:directory > > > > So i can access to those directories as user. > > > > Now revdep-rebuild... > > > > Thank you for you help ! > > > > -- > > Jacques > > Hi everybody, > > # revdep-rebuild --> All system consistent. > I re-emerged : > # x11-libs/qt-svg-4.5.3-r1 > # media-libs/libpng-1.2.38 > But no success, k3b doesn't load icons. > I think k3b doesn't even read the /usr/share/k3b/icons directory as i > deleted it without any change... > > I noticed one thing with kde games (kshisen or else ): they are unable > to load *.svgz (background images). > I have to move *.svgz to *.gz, then to unzip then and move to svg. > Then the background images are loaded... > Strange... > > -- > Jacques > then you are missing something else, because it is all working fine here. maybe ldd can help you with that.
Re: [gentoo-user] Missing icons in K3b
Jacques Montier a gentiment tapote: > Julien Gormotte a gentiment tapote: > >> Ok, this is interesting : >> libpng12.so.0 >> libQtSvg.so.4 >> I suppose the icons are in png or svg format, and k3b is not able to >> load them because this lib is missing... >> >> Did you tried a revdep-rebuild ? maybe an update broke these libs ? >> >> Well, it's a possibility, but try this. >> >> And, just to be sure, try to do this, with the same user you use to >> launch k3b : >> file /usr/share/apps/k3b/icons/* >> >> If it works, then it's not a permissions problem. >> >> Julien Gormotte >> >> >> This message was sent using IMP, the Internet Messaging Program. >> >> >> >> > > $ file /usr/share/apps/k3b/icons/* > i get : > /usr/share/apps/k3b/icons/crystalsvg: directory > /usr/share/apps/k3b/icons/hicolor:directory > > So i can access to those directories as user. > > Now revdep-rebuild... > > Thank you for you help ! > > -- > Jacques > > Hi everybody, # revdep-rebuild --> All system consistent. I re-emerged : # x11-libs/qt-svg-4.5.3-r1 # media-libs/libpng-1.2.38 But no success, k3b doesn't load icons. I think k3b doesn't even read the /usr/share/k3b/icons directory as i deleted it without any change... I noticed one thing with kde games (kshisen or else ): they are unable to load *.svgz (background images). I have to move *.svgz to *.gz, then to unzip then and move to svg. Then the background images are loaded... Strange... -- Jacques
Re: [gentoo-user] Re: Block root user from login on xorg GUI
Am Samstag 14 November 2009 10:21:35 schrieb Nikos Chantziaras: > You cannot impose any restrictions to the root user. root is > unrestricted by definition. It's useless to even start thinking about > trying. Ever heard about SELinux? Bye... Dirk signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Quoting style on HTC Dream
On Fri, 13 Nov 2009 22:21:06 -0800, fe...@crowfix.com wrote: > I have a G1, normal model, not flashed. I too wanted it because of > its physical keyboard, but then someone developed a pay program ($5 I > think, well worth it) called Better Keyboard which has been so good > that I don't use the physical keyboard any more and no longer consider > it a necessity, at least for Android. Friends who have an iPhone say > this Better Keyboard is better than the iPhone's soft keyboard. I'll give that a try. The Android soft keyboard is OK, but nothing to write home about... or with. > One problem with the G1 is its small memory, making it possible that > it won't be able to use the 2.0 features. It can take humonguous SD > chips, but the internal program flash is just too small. I believe it's already been stated that 2.0 won't be pushed out to the G-1. > Plus it does > not have multitouch like the iPhone or the new Motorola Droid, which > would be a big improvement. That's a software limitation, the touchscreen supports multitouch and I've seen a hacked G-1 with multitouch working. > I have not looked into these new phones much because my G1 is only a > year old, still runs fine, and still has a year to go on the danged > contract. But if I were looking for a new phone today, I would start > by investigating the Maemo, then look at other Androids which don't > have a physical keyboard but do have multitouch, and finally at the > Droid. I had more or less decided to go for the N900 when my contract expires in a few months, then Motorola confused things by releasing the Droid. Now I'm as confused as a baby in a topless bar. > Here are some of the things I like about Better Keyboard: Is this in the Market? If so, I'll give it a try as you can get a refund on paid programs within the first 24 hours. -- Neil Bothwick IBM - I Blame Microsoft signature.asc Description: PGP signature
[gentoo-user] Re: Block root user from login on xorg GUI
On 11/12/2009 10:01 PM, Mick wrote: I should know how to do this ... It isn't as simple as commenting out vc7 in /etc/securetty, right? The persistent offenders would try to start another X session on a different vc. Is there a trick I could add in /etc/pam.d/login or one of the /etc/pam.d/gdm* files perhaps? You cannot impose any restrictions to the root user. root is unrestricted by definition. It's useless to even start thinking about trying. What you *can* do, is give them a VPS inside of which they are root.
Re: [gentoo-user] Going ~x86?
On Fri, Nov 13, 2009 at 1:36 AM, Alan McKinnon wrote: > On Friday 13 November 2009 01:21:49 Joshua Murphy wrote: >> Useless? well, not exactly. ~amd64 marked packages in it are >> redundant, but every box I put wine on runs git builds >> (=app-emulation/wine- in the portage tree), and as such has to >> have a "=app-emulation/wine- **" line in package.keywords to get >> around being "masked by missing keyword." Of course, this also >> involves me knowing full well that, in the process of any rebuild of >> wine, I could end up with a terribly broken install and potential data >> loss, as is true of running anything from sources that aren't even >> being released as "stable" even by the upstream developers. >> > > How do you find latest wine git commits compares to the fortnightly snapshots? > > I use Alexandre's snapshots almost as soon as they are released, I figure I > can wait the max two weeks to get a latest feature > > > -- > alan dot mckinnon at gmail dot com I only bother rebuilding wine when I hit a problem, or I'm doing an otherwise fairly big set of upgrades to everything else on the system, so I don't keep it running on the 'latest', though I will mention I find it very rare that it gives me even the slightest problem that I can blame on Wine itself. -- Poison [BLX] Joshua M. Murphy
Re: [gentoo-user] emerge @ world -> @preserved-rebuild -> @preserved-rebuild -> what next?
On Fri, 13 Nov 2009 17:06:02 -0800, Mark Knecht wrote: > > I think it is being over-cautious, which results in packages being > > rebuilt multiple time unnecessarily, but I's rather give it the > > chance to fix itself. That said, I've never had a list anything like > > 50 packages long, but I do update frequently. > > > It wasn't that I had 50 packages in the emerge -DuN @world. That was > something like 10. It was after that finished and I ran > @preserved-rebuild that it said 50 packages were effected by something > it found, but those 50 were all dependent on just one or two packages > that Alan was suggesting to me are held in the preserved database > file, or so I think. I realised it was 50-odd in the rebuild list, but in my experience multiple runs gradually reduces that number. Maybe portage could be more intelligent about the order in which it re-emerges these packages, but running it enough times always works for me. Removing the registry is potentially risky because you could still have packages linked to a library that is not managed by portage, and that will never update. If someone finds a security hole in that library, you could be in trouble. "Fixing" the problem by deleting the registry is akin to fixing low oil pressure in your car by disconnecting the warning light. -- Neil Bothwick We are THOR of Borg... your RFC compliant mailbox has been assimilated signature.asc Description: PGP signature
Re: [gentoo-user] return of SOD
Maxim Wexler wrote: > Anybody guess what's happening here? > Well, it is just a guess but, from what you have said, it sounds like either a problem with the video driver or a hardware problem. :( Be lucky, Neil http://www.easy-ebay.com
Re: [gentoo-user] Block root user from login on xorg GUI
On Sat, Nov 14, 2009 at 2:01 AM, Joshua Murphy wrote: > On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote: >> On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: >>> On Thu, 2009-11-12 at 22:18 +, Mick wrote: >>> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: >>> > > Gdm itself has a config option to disallow root logins >>> > >>> > Ahh, unfortunately I can only access it remotely via ssh at this stage. >>> > Hopefully the pam method will work fine. >>> >>> You don't need anything more to configure gdm than ssh access - this is >>> Linux after all & a good program has text based configurations :) >>> >>> Edit /etc/X11/gdm/custom.conf >>> >>> In the section [security] add: >>> AllowRoot=false >> >> Thanks for this! :-) >> >>> You may then have to restart xdm. >>> >>> However, if someone has the root password to log in to X, then what's to >>> stop them changing anything you do now? >> >> Know how? >> -- >> Regards, >> Mick > > Approach security a little more sanely and don't give untrusted users > root access? If you have to take steps to restrict the root account, > you need to rethink who has use of it. Preventing damage in the event > that the system *does* get compromised is one thing, but trying to > control someone who is *given* access to root on the software side is > the wrong approach, in my incredibly non-humble opinion. > > -- > Poison [BLX] > Joshua M. Murphy And, a quick note on the case that the intent is to prevent the level of damage in the event of a compromised root account, give this a quick read over and google any terms you're not certain of the meaning of: Linux.com :: Securing Linux with Mandatory Access Controls http://www.linux.com/archive/feature/113941 -- Poison [BLX] Joshua M. Murphy
Re: [gentoo-user] Block root user from login on xorg GUI
On Fri, Nov 13, 2009 at 7:24 PM, Mick wrote: > On Thursday 12 November 2009 23:08:18 Iain Buchanan wrote: >> On Thu, 2009-11-12 at 22:18 +, Mick wrote: >> > On Thursday 12 November 2009 22:09:01 Alan McKinnon wrote: >> > > Gdm itself has a config option to disallow root logins >> > >> > Ahh, unfortunately I can only access it remotely via ssh at this stage. >> > Hopefully the pam method will work fine. >> >> You don't need anything more to configure gdm than ssh access - this is >> Linux after all & a good program has text based configurations :) >> >> Edit /etc/X11/gdm/custom.conf >> >> In the section [security] add: >> AllowRoot=false > > Thanks for this! :-) > >> You may then have to restart xdm. >> >> However, if someone has the root password to log in to X, then what's to >> stop them changing anything you do now? > > Know how? > -- > Regards, > Mick Approach security a little more sanely and don't give untrusted users root access? If you have to take steps to restrict the root account, you need to rethink who has use of it. Preventing damage in the event that the system *does* get compromised is one thing, but trying to control someone who is *given* access to root on the software side is the wrong approach, in my incredibly non-humble opinion. -- Poison [BLX] Joshua M. Murphy
Re: [gentoo-user] return of SOD
On Fri, Nov 13, 2009 at 10:21 PM, Maxim Wexler wrote: > Hi group, > > That's (S)creen (O)f (D)eath. I thought I had fixed this problem on my > eee. I would get these SODs, black usually, but sometimes white and > once green while connected to the web(don't know if that's > significant). At first I thought it was the browser, so I tried > firefox-3.0, firefox-3.5, opera-10. Same story, so I replaced xfce4 > with fluxbox, no screen savers, no icons, widgets, just the default > bar at the bottom of the screen and there was no problem for several > days until this morning the desktop went totally black and wouldn't > respond to mouse or keyboard. > > I did #tail /var/log/Xorg.0.log immediately from a spare console but > there was no sign of trouble. > > I can get back to the start console, ctl-c and run startx again but > the desktop remains black. To get back the desktop I have to reboot. > > Anybody guess what's happening here? > > Maxim >From the sound of it, that'd be X itself (less likely because restarting X should resolve any direct X issues), a video driver (which doesn't, to my knowledge, get completely unloaded on closing X), or hardware issue. Since it doesn't mess with plain console, which is rendered through a different driver than X video, I'd guess that it's not hardware (I'd expect video corruption to persist through VT switching with a hardware issue). Still, could be any of the three, or something else entirely, but by the sound of it, try changing version on your video driver. -- Poison [BLX] Joshua M. Murphy
Re: [gentoo-user] Quoting style on HTC Dream
On Fri, Nov 13, 2009 at 08:39:20PM +0200, Alan McKinnon wrote: > I downloaded it and so far it looks OK, but need to play more. First thing I > need to figure out is how to make it refresh the inbox when, and only when, I > click the button myself. I don't quite do this "beep at me every time there's > a new email" thing - I already have several notebooks for that :-) Click the MENU button and one of the choices is Check mail. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o
Re: [gentoo-user] Re: Quoting style on HTC Dream
On Fri, Nov 13, 2009 at 04:29:49PM +, James wrote: > My son wants a droid phone. I'm pushing him towards the HTC droid > as I think we can customize it, if not eventually run embedded > Gentoo on this phone. I have a G1, normal model, not flashed. I too wanted it because of its physical keyboard, but then someone developed a pay program ($5 I think, well worth it) called Better Keyboard which has been so good that I don't use the physical keyboard any more and no longer consider it a necessity, at least for Android. Friends who have an iPhone say this Better Keyboard is better than the iPhone's soft keyboard. I would also look at Nokia's open source phone, Maeomo I believe, which actually runs Debian, much much closer to true open source. Android apps HAVE to be written in their subset of Java, at least on the normal phone -- I don't know about jail broken ones. The Maemo can take programs from anything -- perl, python, etc, no doubt plain old C and even assembler if you want to. No doubt you could put gentoo on it. One problem with the G1 is its small memory, making it possible that it won't be able to use the 2.0 features. It can take humonguous SD chips, but the internal program flash is just too small. Plus it does not have multitouch like the iPhone or the new Motorola Droid, which would be a big improvement. I have not looked into these new phones much because my G1 is only a year old, still runs fine, and still has a year to go on the danged contract. But if I were looking for a new phone today, I would start by investigating the Maemo, then look at other Androids which don't have a physical keyboard but do have multitouch, and finally at the Droid. The physical keyboard adds complexity and cost and bulk and weight, and Better Keyboard is so good that I don't use mine any more. (for the record :-) Here are some of the things I like about Better Keyboard: Vibrate feedback on each keystroke. Long press on a key pops up a small window with all the extra chars on that key, such as accented keys. Side swipe brings up alternate keyboards, such as 2 chars per key like a cross between standard num pad texting and a real keyboard, or a numbers-only keyboard, or symbols-only. Lots of different themes which are useful, making it easier to find one that your eyes are happy with. Easy to invoke -- just tap in any text area and it comes up. Switches horizontal and vertical layouts as you switch the phone. Provides a list of possible words as you type, and you can build up your own local dictionary. All of these are configurable, near as I can tell. If you have a chance to try Better Keyboard on someone else's phone, you might find it so good that you won't insist on the physical keyboard. The biggest problem I have with the physical keyboard is that since it is half depth on the G1, the very right side keys are hard to get sometimes, with my fingers banging into the right side of the G1 which is full height. This may not be so on other Androids. And don't forget that the physical keyboard does not rotate 90 degrees as you rotate the phone, unlike the cirtual keyboards. I find Better Keyboard almost as easy to use when crammed into the vertical position as when horizontal. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o