Re: [gentoo-user] using unstable gentoo-sources

2012-01-15 Thread Dale

»Q« wrote:

After moving from gentoo-sources-2.6.39-r3 to 3.1.6 (yes, I had put off
upgrading the whole system for something like 6 mos.), I found
hibernation wouldn't work on my laptop.  Instead of troubleshooting, I
tried the unstable gentoo-sources-3.2.1, and AFAICT everything is
working fine, including hibernation.

I've never used any unstable build for the kernel, and once a>=3.2.1
kernel goes stable, I'll stick with stable again.  But in the meantime,
is there anything I should watch out for or keep in mind?





I have used unstable kernels lots of times.  If everything works, then 
it works.  If you upgrade and something isn't working or is fishy, then 
go back to the stable one.  This is why I keep a known working kernel 
and a newer version in /boot at all times.  I always have two versions 
and at times have as many as a dozen.


Oh, have entries in grub for both too.

That help any?

Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"




[gentoo-user] using unstable gentoo-sources

2012-01-15 Thread »Q«
After moving from gentoo-sources-2.6.39-r3 to 3.1.6 (yes, I had put off
upgrading the whole system for something like 6 mos.), I found
hibernation wouldn't work on my laptop.  Instead of troubleshooting, I
tried the unstable gentoo-sources-3.2.1, and AFAICT everything is
working fine, including hibernation.

I've never used any unstable build for the kernel, and once a >=3.2.1
kernel goes stable, I'll stick with stable again.  But in the meantime,
is there anything I should watch out for or keep in mind?




Re: [gentoo-user] RUBYOPT="-rauto_gem"

2012-01-15 Thread Hilco Wijbenga
On 15 January 2012 18:21, Michael Orlitzky  wrote:
> On 01/15/2012 05:24 PM, Hilco Wijbenga wrote:
>>
>> Hi all,
>>
>> The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT.
>> This breaks my own scripts so I have removed it from /etc/env.d. So
>> far, so good.
>>
>> I just tried upgrading dev-ruby/json and it failed because I did not
>> have RUBYOPT set. Obviously, the "fix" was easy but now I'm wondering
>> ... is this really the best approach?
>>
>> It does not seem like a good idea that the rubygems ebuild sets
>> RUBYOPT and subsequent (Ruby Gems related) emerges break without it.
>> Would it not be simpler and more reliable if ebuilds that need it
>> simply execute "export RUBYOPT=..." prior to running? Why does it have
>> to be in the global environment, forcing it on every user?
>>
>> If there is a requirement for this to be in the global environment,
>> what is the consequence of unsetting RUBYOPT in my own .bashrc (or
>> similar)? Is that "safe"? Or does that break something that I simply
>> haven't noticed yet?
>>
>
> (1) I don't know much about ruby packaging
>
> (2) Keeping (1) in mind, I agree with you

Good. Thanks.

> (3) You're asking the wrong people
>
> Try asking on the -dev list, or filing a bug. They'll just close it if it's
> considered invalid.

Yeah, I went back and forth. I figured (hoped?) that gentoo-dev is
(more or less) a subset of gentoo-user so I should reach (most of) the
devs this way too. Maybe I'm naive. :-)

We have too many open bugs already so I'll wait until (hopefully) I
see a few more responses before I file a bug. That way there's less
chance of an invalid bug and I may save some valuable dev time.

> This bit me once long ago: ruby scripts running from cron don't have their
> RUBYOPT set, so scripts that normally work "magically" fail. Since I never
> set RUBYOPT myself, I didn't expect it to be set. Of course, I just forgot
> to require rubygems in my script.



[gentoo-user] libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

2012-01-15 Thread Hartmut Figge
Greetings,

on my x86_64 libreoffice fails to detect Java. I am getting this when
starting lowriter:

hafi@i5_64 ~ $ lowriter
Warning: failed to launch javaldx - java may not fuction correctly

Trying to add Java manually via Tools->Libreoffice->Java gives
[Java framework] Invalid value for bootstrap variable:
UNO_JAVA_JFW_VENDOR_SETTINGS

Calculating dependencies... done!
[ebuild   R] app-office/libreoffice-bin-3.4.3.2-r1  USE="(-aqua)
-gnome -java -kde (-kdeenablefinal)" 0 kB

Calculating dependencies... done!
[ebuild   Rf   ] dev-java/sun-jdk-1.6.0.29  USE="X alsa examples
nsplugin -derby -doc -jce" 0 kB

hafi@i5_64 ~ $ eselect java-vm list
Available Java Virtual Machines:
  [1]   sun-jdk-1.6  system-vm

hafi@i5_64 ~ $ eselect java-nsplugin list
Available 32-bit Java browser plugins
Available 64-bit Java browser plugins
  [1]   sun-jdk-1.6  current

Any ideas what to do?

Hartmut
-- 
Usenet-ABC-Wiki http://www.usenet-abc.de/wiki/
Von Usern fuer User  :-)




Re: [gentoo-user] RUBYOPT="-rauto_gem"

2012-01-15 Thread Michael Orlitzky

On 01/15/2012 05:24 PM, Hilco Wijbenga wrote:

Hi all,

The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT.
This breaks my own scripts so I have removed it from /etc/env.d. So
far, so good.

I just tried upgrading dev-ruby/json and it failed because I did not
have RUBYOPT set. Obviously, the "fix" was easy but now I'm wondering
... is this really the best approach?

It does not seem like a good idea that the rubygems ebuild sets
RUBYOPT and subsequent (Ruby Gems related) emerges break without it.
Would it not be simpler and more reliable if ebuilds that need it
simply execute "export RUBYOPT=..." prior to running? Why does it have
to be in the global environment, forcing it on every user?

If there is a requirement for this to be in the global environment,
what is the consequence of unsetting RUBYOPT in my own .bashrc (or
similar)? Is that "safe"? Or does that break something that I simply
haven't noticed yet?



(1) I don't know much about ruby packaging

(2) Keeping (1) in mind, I agree with you

(3) You're asking the wrong people

Try asking on the -dev list, or filing a bug. They'll just close it if 
it's considered invalid.


This bit me once long ago: ruby scripts running from cron don't have 
their RUBYOPT set, so scripts that normally work "magically" fail. Since 
I never set RUBYOPT myself, I didn't expect it to be set. Of course, I 
just forgot to require rubygems in my script.




Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Pandu Poluan
On Jan 16, 2012 12:58 AM, "Walter Dnes"  wrote:
>
> On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote
>
> > This is nothing like changing the port for SSH - a port scanner can
> > figure that one out in seconds...
>
>  A real BOFH would set up a dummy instance of sshd on the regular port,
> as well as a real sshd instance on another port.  The dummy instance
> could be set up to always fail the login attempt, and with special
> iptable rules to not clutter up your logfile.
>

And don't forget to put the false sshd through a tc rule that chokes the
return traffic to 1 cps B-)

Of course, being the "real sysadmin" a.k.a lazy slob that I am, that's way
too much work for not enough bastardly pleasure... I can't gleefully see
the face of people trapped in the tc hell :-P

Rgds,


Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Pandu Poluan
On Jan 16, 2012 3:56 AM, "Alan McKinnon"  wrote:
>
> On Sun, 15 Jan 2012 12:54:51 -0500
> "Walter Dnes"  wrote:
>
> > On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote
> >
> > > This is nothing like changing the port for SSH - a port scanner can
> > > figure that one out in seconds...
> >
> >   A real BOFH would set up a dummy instance of sshd on the regular
> > port, as well as a real sshd instance on another port.  The dummy
> > instance could be set up to always fail the login attempt, and with
> > special iptable rules to not clutter up your logfile.
> >
>
> Actually a real sysadmin[1] would run ssh standardly plus OSSEC with
> active rules and dynamically block our Chinese friends
>
> [1] "real sysadmin" being defined as the quintessentially lazy dude who
> is really not into causing himself pain or doing anything that would
> increase support tickets in his inbox
>

That depends on who are authorized to access the boxen via SSH. In my case,
only the IT Division is authorized to access them via SSH, so the "real
sysadmin" in me (g) decides it is much easier to shift the port rather than
implementing esoteric hardening stuffs ;-)

Plus, I get the benefit of ridiculing any IT guy/gal who managed to get
him-/herself locked out (thanks to the auto-blacklist) B-)

Rgds,


Re: [gentoo-user] Re: kernel-3.2.1-gentoo + Broadcom-STA = Could not get rssi (-22)

2012-01-15 Thread Carlos Sura
On 15 January 2012 04:01, Mick  wrote:

> On Sunday 15 Jan 2012 01:38:08 Carlos Sura wrote:
> > On 14 January 2012 18:14, Carlos Sura 
> wrote:
> > > Hello Mates,
> > >
> > > I have updated my kernel to 3.2.1, using my old config, when I boot my
> > > laptop with the new kernel, my wireless was not working, I thought that
> > > it was my mistake, but after a google search I found the following
> > > article: http://en.gentoo-wiki.com/wiki/Broadcom_43xx
>
> I'm not sure that this article is up to date.
>
> Have you been through this:
>
> http://wireless.kernel.org/en/users/Drivers/b43
>
>
> > > Since, my wireless card is: Broadcom Corporation BCM4313 802.11b/g/n
> > > Wireless LAN Controller
> > >
> > > That should work, right?
>
> I'm running stable kernels and actually I'm still with 3.0.6 because the
> 3.1.6
> crashes when I suspend to RAM.  Also my wireless card is BCM4312 802.11b/g
> LP-
> PHY and it works fine with the b43 driver on the older kernels - which
> driver
> was yours using?
>
> (from lspci -k)
>
> 05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g LP-PHY
> (rev
> 01)
>Subsystem: Dell Wireless 1397 WLAN Mini-Card
>Kernel driver in use: b43-pci-bridge
>Kernel modules: ssb
>
>
> > > Then I did the Open Source Kernel Driver, and installed the package
> > > broadcom-sta.
>
> The broadcom-sta is Broadcom's proprietary driver - not Open Source!
>
> According to the URL I mention above the BCM4313 chipset uses unsupported
> LCN
> PHY, and the kernel developers are working on it.  May be worth talking to
> them on #bcm-users in irc.freenode.net to see what they recommend.  I
> suspect
> your choices are wl (which I don't think is in kernel) and the staging
> driver
> brcmsmac (because the mac80211 does not work with Broadcom's proprietary
> ieee80211 stack).
>
>
> > > Boot the laptop again, and 'voila' wireless was working again, but
> after
> > > 25-30 minutes using it, it stopped working, show me a blank screen with
> > > the following error:
> > >
> > > Fixing recursive fault but reboot is needed!
> > > Jan 14 18:12:14 gentoo-b0x kernel: [  614.214017] ERROR
> > > @wl_cfg80211_get_station : Could not get rssi (-22)
> > >
> > > with a loop of that message, I could not do anything, just ctrl + alt +
> > > supr  to reboot
> > >
> > > Second time, took 15-20 minutes and the same mistake, this is my third
> > > time with the new kernel, I'm 15 minutes now, and nothing happened.
>
> See if the module has any options for power saving and switch them off.
>
>
> > > Any help?
> > >
> > > Regards
> > >
> > > --
> > > Carlos Sura.-
> > > www.carlossura.com
> >
> > I'm back in the old kernel, and removed the broadcom-sta package and
> > wireless seems to works.
> >
> > So, there is no need of broadcom-sta at this moment in the old kernel,
> > maybe the new kernel works too without that package, I will update later,
> > after testing.
>
> It may help if you were to tell us which driver you are now using.
> --
> Regards,
> Mick
>


Hello Mick,

Thank you for your answer.

I'm using the following driver:
lspci -k
03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n
Wireless LAN Controller (rev 01)
Subsystem: Hewlett-Packard Company Device 1483
Kernel driver in use: wl
Kernel modules: wl

You were right, there is no need to have broadcom-sta I have unistalled and
seems to be working fine (with my old kernel); now, it seems to improve in
the new kernel too 3.2.1, but the issue persist, I'm not sure why is
happening, it does not show the message based on time now, it shows when
the load of my pc is heavy and when I'm doing important stuff or many tabs
opened in Chrome, there is no way to get back to X, because it shows that
message, so I have to reeboot.

Now, about this:
According to the URL I mention above the BCM4313 chipset uses unsupported
LCN
PHY, and the kernel developers are working on it.  May be worth talking to
them on #bcm-users in irc.freenode.net to see what they recommend.  I
suspect
your choices are wl (which I don't think is in kernel) and the staging
driver
brcmsmac (because the mac80211 does not work with Broadcom's proprietary
ieee80211 stack).

You are right, my chipset uses unsopported LCN PHY. but, in my old kernel
never happened this, that's why I'm more interested in know more about this
issue.

I'm on ~AMD64 this is my emerge --info : http://tinypaste.com/5ee0e0a4

Also, I forgot to mention, my old kernel was working fine, when I tried to
use the old config, it was not working, so I have to deactive some things
in the new kernel (related to the wireless card) I will send it in the next
email.

Thanks for helping me-

Regards

-- 
Carlos Sura.-
www.carlossura.com


[gentoo-user] RUBYOPT="-rauto_gem"

2012-01-15 Thread Hilco Wijbenga
Hi all,

The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT.
This breaks my own scripts so I have removed it from /etc/env.d. So
far, so good.

I just tried upgrading dev-ruby/json and it failed because I did not
have RUBYOPT set. Obviously, the "fix" was easy but now I'm wondering
... is this really the best approach?

It does not seem like a good idea that the rubygems ebuild sets
RUBYOPT and subsequent (Ruby Gems related) emerges break without it.
Would it not be simpler and more reliable if ebuilds that need it
simply execute "export RUBYOPT=..." prior to running? Why does it have
to be in the global environment, forcing it on every user?

If there is a requirement for this to be in the global environment,
what is the consequence of unsetting RUBYOPT in my own .bashrc (or
similar)? Is that "safe"? Or does that break something that I simply
haven't noticed yet?

Cheers,
Hilco



Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Alan McKinnon
On Sun, 15 Jan 2012 12:54:51 -0500
"Walter Dnes"  wrote:

> On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote
> 
> > This is nothing like changing the port for SSH - a port scanner can 
> > figure that one out in seconds...
> 
>   A real BOFH would set up a dummy instance of sshd on the regular
> port, as well as a real sshd instance on another port.  The dummy
> instance could be set up to always fail the login attempt, and with
> special iptable rules to not clutter up your logfile.
> 

Actually a real sysadmin[1] would run ssh standardly plus OSSEC with
active rules and dynamically block our Chinese friends 

[1] "real sysadmin" being defined as the quintessentially lazy dude who
is really not into causing himself pain or doing anything that would
increase support tickets in his inbox


-- 
Alan McKinnnon
alan.mckin...@gmail.com




Re: [gentoo-user] Updating mysql-init-scripts to 2.0_pre1-r2 now Mysql restart fails!?

2012-01-15 Thread Mick
On Sunday 15 Jan 2012 18:35:01 Stéphane Guedon wrote:
> On Sunday 15 January 2012 18:26:09 Tanstaafl wrote:
> > Anyone else having this problem?
> > 
> > Yes, I did etc-update, and simply accepted the new conf.d config file
> > and init.d script changes...
> > 
> > After the update, I attempted to restart mysql but got:
> > 
> > myhost : Sun Jan 15, 12:23:47 : ~
> > 
> >   # /etc/init.d/mysql restart
> >   * Starting mysql ...
> >   * start-stop-daemon: /usr/sbin/mysqld is already running [ !! ]
> >   * ERROR: mysql failed to start
> > 
> > myhost : Sun Jan 15, 12:23:55 : ~
> > 
> > and in the log:
> > 
> > Jan 15 12:23:55 myhost /etc/init.d/mysql[16429]: start-stop-daemon:
> > /usr/sbin/mysqld is already running
> > Jan 15 12:23:55 myhost /etc/init.d/mysql[16396]: ERROR: mysql failed to
> > start
> 
> I have this since years !
> Can't manage to get this error out !
> I will look at the tread carefully !

You could try:

ps axf | grep mysql

and then kill  of mysql before you try to restart it.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] Updating mysql-init-scripts to 2.0_pre1-r2 now Mysql restart fails!?

2012-01-15 Thread Stéphane Guedon
On Sunday 15 January 2012 18:26:09 Tanstaafl wrote:
> Anyone else having this problem?
> 
> Yes, I did etc-update, and simply accepted the new conf.d config file
> and init.d script changes...
> 
> After the update, I attempted to restart mysql but got:
> 
> myhost : Sun Jan 15, 12:23:47 : ~
>   # /etc/init.d/mysql restart
>   * Starting mysql ...
>   * start-stop-daemon: /usr/sbin/mysqld is already running [ !! ]
>   * ERROR: mysql failed to start
> myhost : Sun Jan 15, 12:23:55 : ~
> 
> and in the log:
> 
> Jan 15 12:23:55 myhost /etc/init.d/mysql[16429]: start-stop-daemon:
> /usr/sbin/mysqld is already running
> Jan 15 12:23:55 myhost /etc/init.d/mysql[16396]: ERROR: mysql failed to
> start

I have this since years !
Can't manage to get this error out !
I will look at the tread carefully !

-- 
Stéphane Guedon
http://www.22decembre.eu/
http://lectures.22decembre.eu/
carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf


signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Tanstaafl

On 2012-01-15 12:54 PM, Walter Dnes  wrote:

On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote

This is nothing like changing the port for SSH - a port scanner can
figure that one out in seconds...



A real BOFH would set up a dummy instance of sshd on the regular port,
as well as a real sshd instance on another port.  The dummy instance
could be set up to always fail the login attempt, and with special
iptable rules to not clutter up your logfile.


Interesting, thanks for the idea... :)



Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Walter Dnes
On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote

> This is nothing like changing the port for SSH - a port scanner can 
> figure that one out in seconds...

  A real BOFH would set up a dummy instance of sshd on the regular port, 
as well as a real sshd instance on another port.  The dummy instance
could be set up to always fail the login attempt, and with special
iptable rules to not clutter up your logfile.

-- 
Walter Dnes 



[gentoo-user] Updating mysql-init-scripts to 2.0_pre1-r2 now Mysql restart fails!?

2012-01-15 Thread Tanstaafl

Anyone else having this problem?

Yes, I did etc-update, and simply accepted the new conf.d config file 
and init.d script changes...


After the update, I attempted to restart mysql but got:

myhost : Sun Jan 15, 12:23:47 : ~
 # /etc/init.d/mysql restart
 * Starting mysql ...
 * start-stop-daemon: /usr/sbin/mysqld is already running [ !! ]
 * ERROR: mysql failed to start
myhost : Sun Jan 15, 12:23:55 : ~

and in the log:

Jan 15 12:23:55 myhost /etc/init.d/mysql[16429]: start-stop-daemon: 
/usr/sbin/mysqld is already running
Jan 15 12:23:55 myhost /etc/init.d/mysql[16396]: ERROR: mysql failed to 
start




Re: [gentoo-user] Re: Is it possible to move from hardened profile?

2012-01-15 Thread Pandu Poluan
On Jan 15, 2012 10:33 PM, "Michael Orlitzky"  wrote:
>
> On 01/15/2012 08:36 AM, Tanstaafl wrote:
>>
>>
>>> Virtualization is iffy if you're not careful which options you enable in
>>> the kernel.
>>
>>
>> I've been meaning to as a similar (but reverse) question - which I'll do
>> in a separate thread later, but...
>>
>> Your reference to 'virtualizationis iffy' above... do you mean if you
>> are going to run VMs on a hardened HOST? Or run a hardened machine as a
>> VM? I had a problem trying to switch my Linode VM to the hardened
>> profile, and ended up giving up on it...
>>
>
> I was talking about a hardened host. Fortunately, newer kernels will have
a preset "virtualization" profile that you can select to set only the safe
options. See this thread for the announcement:
>
>
http://archives.gentoo.org/gentoo-hardened/msg_4bfe029213c94d7ee59cdf8f3f38.xml
>
> I personally have never run a hardened guest, but in that post he alludes
to the fact there may also be issues there, "...but in some
> cases applies even for the guest."
>
> In either case, you would want to stick to the stable kernels, since new
problems do crop up occasionally as new features are introduced.
>

I have been running hardened unstable kernels as guests on top of VMware
vSphere and XenServer without any problems.

Except for that one time where something went horribly wrong, rendering
*everything* unusable. But that kernel was withdrawn and replaced with a
new revision within 24 hours.

Of course, YMMV.

Rgds,


Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Mick
On Sunday 15 Jan 2012 14:19:07 Tanstaafl wrote:
> On 2012-01-15 3:50 AM, Pandu Poluan  wrote:
> > Well, I *always* change my sshd ports, not for added security, but
> > because I'm tired of seeing failed login attempts from China. The daily
> > log became *much* shorter after I moved the port somewhere else.
> 
> That is the *only* legitimate reason (I can think of) to change the
> port... but it always irks me when someone thinks they are truly gaining
> any extra *security* through doing so...

They are ... not at all in terms of complexity (the difficulty of cracking the 
ssh password remains exactly the same), but yes in terms of probability (fewer 
attempts to crack the password).

Of course, using public keys instead of passwords improves difficulty by orders 
of magnitude, but for the sake of reducing bandwidth alone, I think that 
changing the sshd port makes sense.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] Re: Is it possible to move from hardened profile?

2012-01-15 Thread Michael Orlitzky

On 01/15/2012 08:36 AM, Tanstaafl wrote:



Virtualization is iffy if you're not careful which options you enable in
the kernel.


I've been meaning to as a similar (but reverse) question - which I'll do
in a separate thread later, but...

Your reference to 'virtualizationis iffy' above... do you mean if you
are going to run VMs on a hardened HOST? Or run a hardened machine as a
VM? I had a problem trying to switch my Linode VM to the hardened
profile, and ended up giving up on it...



I was talking about a hardened host. Fortunately, newer kernels will 
have a preset "virtualization" profile that you can select to set only 
the safe options. See this thread for the announcement:


http://archives.gentoo.org/gentoo-hardened/msg_4bfe029213c94d7ee59cdf8f3f38.xml

I personally have never run a hardened guest, but in that post he 
alludes to the fact there may also be issues there, "...but in some

cases applies even for the guest."

In either case, you would want to stick to the stable kernels, since new 
problems do crop up occasionally as new features are introduced.




Re: [gentoo-user] [OT] Hardware Problems causing kernel panics during large compiles

2012-01-15 Thread Jason Weisberger
Update time.

Today, still running on the integrated Radeon HD 3300, I did an
upgrade to chromium again.  BAM!  Kernel panic.  Recoverable, but the
compilation failed again.

So, the NVIDIA 9800GT has been out since my last message and I am
apparently getting the kernel panics again.  I suppose it was luck
that I got through the upgrade last time.

So looks like I'll be getting a new motherboard.

Jason Weisberger
jbdu...@gmail.com



Re: [gentoo-user] Re: Is it possible to move from hardened profile?

2012-01-15 Thread czernitko
Well, hardened profile really did add some peace of mind to me, very rarely
I found some app to be terminated thanks to stack smashing protection. I
would like to have safe working environment, but the incompatibility cost
me quite some time. Hardened would be the only choice for me if it was a
server solution, but for notebook workstation with KDE it is quite
inconvenient. ATI fglrx drivers have problems on hardened kernel (even with
GrSec and PAX disabled, just thanks to other hardened patches), VirtualBox
cannot be compiled using hardened gcc profile, when trying to emerge
wxMaxima some of its dependencies refuse to be compiled on hardened profile
(was it gnuplot? I am really not sure)... These are usually small amounts
of time which I have to invest, but there is quite a bunch of them. On
server I have no such problems and I am using hardened profile with lots of
security features turned on without problems, but on desktop workstation it
is quite a pain.
Anyway I have already creates a partition and in some free time I have been
installing Gentoo with default profile via chroot. When I have complete
environment and all my data moved, I'll try to convert the profile, just
out of curiosity...
Peter


Re: [gentoo-user] [OT] opendns.org

2012-01-15 Thread Mark Knecht
On Fri, Jan 13, 2012 at 4:06 PM, walt  wrote:
> I just heard about opendns.org for the first time today, but their
> website makes it seem that I'm the only person in the solar system
> who's not already on the bandwagon.
>
> Anyone know if they are as wonderful as they sound?
>
>

I've used OpenDNS for so long without problems that I'd actually
forgotten that it is OpenDNS that I'm using. I get an email from them
maybe once a month telling me a few things about their company but
that's no big deal. It works well and has been for me 100% pain free
for years.

HTH,
Mark



Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Tanstaafl

On 2012-01-15 3:50 AM, Pandu Poluan  wrote:

Well, I *always* change my sshd ports, not for added security, but
because I'm tired of seeing failed login attempts from China. The daily
log became *much* shorter after I moved the port somewhere else.


That is the *only* legitimate reason (I can think of) to change the 
port... but it always irks me when someone thinks they are truly gaining 
any extra *security* through doing so...




Re: [gentoo-user] Re: Is it possible to move from hardened profile?

2012-01-15 Thread Tanstaafl

On 2012-01-14 5:25 PM, Michael Orlitzky  wrote:

On 01/14/2012 04:56 PM, walt wrote:

On 01/14/2012 01:05 PM, czernitko wrote:

Hello, I wonder whether it is possible to convert hardened desktop
box into box with non-hardened profile? I guess I would have to
recompile world with vanilla compiler (no hardening) and compile
gentoo-sources kernel (no prob with those), but how can I get clean,
non-hardened profile for portage (if it is even possible)?


Short answer:  I have no idea :)  But I'd like to ask why you want to
dump the hardened profile.  Is there a significant disadvantage to
the hardening?  I've been wanting for awhile to try hardening but I'm
basically to lazy to Just Do It(TM).



Virtualization is iffy if you're not careful which options you enable in
the kernel.


I've been meaning to as a similar (but reverse) question - which I'll do 
in a separate thread later, but...


Your reference to 'virtualizationis iffy' above... do you mean if you 
are going to run VMs on a hardened HOST? Or run a hardened machine as a 
VM? I had a problem trying to switch my Linode VM to the hardened 
profile, and ended up giving up on it...




Re: [gentoo-user] [OT] opendns.org

2012-01-15 Thread Tanstaafl

On 2012-01-13 7:06 PM, walt  wrote:

I just heard about opendns.org for the first time today, but their
website makes it seem that I'm the only person in the solar system
who's not already on the bandwagon.

Anyone know if they are as wonderful as they sound?


We've been using them for a very long time and had zero problems...

We don't use any of the blocking or fancy stuff though, and disabled the 
redirects.


One caveat - do *not* use them on a mail server if you do RBL lookups on 
any service that meters your usage (like zen.spamhaus.org), they block 
access to their services from public DNS servers like opendns and google...




Re: [gentoo-user] [OT] opendns.org

2012-01-15 Thread Tanstaafl

On 2012-01-13 7:46 PM, Florian Philipp  wrote:

2) their redirection on missing domain names became annoying, especially
on slow mobile connections


This can be disabled you know...



Re: [gentoo-user] Re: kernel-3.2.1-gentoo + Broadcom-STA = Could not get rssi (-22)

2012-01-15 Thread Mick
On Sunday 15 Jan 2012 01:38:08 Carlos Sura wrote:
> On 14 January 2012 18:14, Carlos Sura  wrote:
> > Hello Mates,
> > 
> > I have updated my kernel to 3.2.1, using my old config, when I boot my
> > laptop with the new kernel, my wireless was not working, I thought that
> > it was my mistake, but after a google search I found the following
> > article: http://en.gentoo-wiki.com/wiki/Broadcom_43xx

I'm not sure that this article is up to date.

Have you been through this:

http://wireless.kernel.org/en/users/Drivers/b43


> > Since, my wireless card is: Broadcom Corporation BCM4313 802.11b/g/n
> > Wireless LAN Controller
> > 
> > That should work, right?

I'm running stable kernels and actually I'm still with 3.0.6 because the 3.1.6 
crashes when I suspend to RAM.  Also my wireless card is BCM4312 802.11b/g LP-
PHY and it works fine with the b43 driver on the older kernels - which driver 
was yours using?

(from lspci -k)

05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g LP-PHY (rev 
01)
Subsystem: Dell Wireless 1397 WLAN Mini-Card
Kernel driver in use: b43-pci-bridge
Kernel modules: ssb


> > Then I did the Open Source Kernel Driver, and installed the package
> > broadcom-sta.

The broadcom-sta is Broadcom's proprietary driver - not Open Source!

According to the URL I mention above the BCM4313 chipset uses unsupported LCN 
PHY, and the kernel developers are working on it.  May be worth talking to 
them on #bcm-users in irc.freenode.net to see what they recommend.  I suspect 
your choices are wl (which I don't think is in kernel) and the staging driver 
brcmsmac (because the mac80211 does not work with Broadcom's proprietary 
ieee80211 stack).


> > Boot the laptop again, and 'voila' wireless was working again, but after
> > 25-30 minutes using it, it stopped working, show me a blank screen with
> > the following error:
> > 
> > Fixing recursive fault but reboot is needed!
> > Jan 14 18:12:14 gentoo-b0x kernel: [  614.214017] ERROR
> > @wl_cfg80211_get_station : Could not get rssi (-22)
> > 
> > with a loop of that message, I could not do anything, just ctrl + alt +
> > supr  to reboot
> > 
> > Second time, took 15-20 minutes and the same mistake, this is my third
> > time with the new kernel, I'm 15 minutes now, and nothing happened.

See if the module has any options for power saving and switch them off.


> > Any help?
> > 
> > Regards
> > 
> > --
> > Carlos Sura.-
> > www.carlossura.com
> 
> I'm back in the old kernel, and removed the broadcom-sta package and
> wireless seems to works.
> 
> So, there is no need of broadcom-sta at this moment in the old kernel,
> maybe the new kernel works too without that package, I will update later,
> after testing.

It may help if you were to tell us which driver you are now using.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.


Re: [gentoo-user] Resetting the root passwd

2012-01-15 Thread Pandu Poluan
On Jan 12, 2012 8:07 PM, "Alan McKinnon"  wrote:
>

, >8 snip

>
> Changing the ssh port (and even crypto keys on DVDs) is just a
> brain-dead approach, we agree on that. We rightfully rip a new one to
> people advocating doing this.
>

Well, I *always* change my sshd ports, not for added security, but because
I'm tired of seeing failed login attempts from China. The daily log became
*much* shorter after I moved the port somewhere else.

Plus, thanks to the wonders of iptables and ipset, anyone attempting to
connect to port 22 will now gets blocked completely.

Rgds,