Re: [gentoo-user] using unstable gentoo-sources
»Q« wrote: After moving from gentoo-sources-2.6.39-r3 to 3.1.6 (yes, I had put off upgrading the whole system for something like 6 mos.), I found hibernation wouldn't work on my laptop. Instead of troubleshooting, I tried the unstable gentoo-sources-3.2.1, and AFAICT everything is working fine, including hibernation. I've never used any unstable build for the kernel, and once a>=3.2.1 kernel goes stable, I'll stick with stable again. But in the meantime, is there anything I should watch out for or keep in mind? I have used unstable kernels lots of times. If everything works, then it works. If you upgrade and something isn't working or is fishy, then go back to the stable one. This is why I keep a known working kernel and a newer version in /boot at all times. I always have two versions and at times have as many as a dozen. Oh, have entries in grub for both too. That help any? Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS="--quiet-build=n"
[gentoo-user] using unstable gentoo-sources
After moving from gentoo-sources-2.6.39-r3 to 3.1.6 (yes, I had put off upgrading the whole system for something like 6 mos.), I found hibernation wouldn't work on my laptop. Instead of troubleshooting, I tried the unstable gentoo-sources-3.2.1, and AFAICT everything is working fine, including hibernation. I've never used any unstable build for the kernel, and once a >=3.2.1 kernel goes stable, I'll stick with stable again. But in the meantime, is there anything I should watch out for or keep in mind?
Re: [gentoo-user] RUBYOPT="-rauto_gem"
On 15 January 2012 18:21, Michael Orlitzky wrote: > On 01/15/2012 05:24 PM, Hilco Wijbenga wrote: >> >> Hi all, >> >> The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT. >> This breaks my own scripts so I have removed it from /etc/env.d. So >> far, so good. >> >> I just tried upgrading dev-ruby/json and it failed because I did not >> have RUBYOPT set. Obviously, the "fix" was easy but now I'm wondering >> ... is this really the best approach? >> >> It does not seem like a good idea that the rubygems ebuild sets >> RUBYOPT and subsequent (Ruby Gems related) emerges break without it. >> Would it not be simpler and more reliable if ebuilds that need it >> simply execute "export RUBYOPT=..." prior to running? Why does it have >> to be in the global environment, forcing it on every user? >> >> If there is a requirement for this to be in the global environment, >> what is the consequence of unsetting RUBYOPT in my own .bashrc (or >> similar)? Is that "safe"? Or does that break something that I simply >> haven't noticed yet? >> > > (1) I don't know much about ruby packaging > > (2) Keeping (1) in mind, I agree with you Good. Thanks. > (3) You're asking the wrong people > > Try asking on the -dev list, or filing a bug. They'll just close it if it's > considered invalid. Yeah, I went back and forth. I figured (hoped?) that gentoo-dev is (more or less) a subset of gentoo-user so I should reach (most of) the devs this way too. Maybe I'm naive. :-) We have too many open bugs already so I'll wait until (hopefully) I see a few more responses before I file a bug. That way there's less chance of an invalid bug and I may save some valuable dev time. > This bit me once long ago: ruby scripts running from cron don't have their > RUBYOPT set, so scripts that normally work "magically" fail. Since I never > set RUBYOPT myself, I didn't expect it to be set. Of course, I just forgot > to require rubygems in my script.
[gentoo-user] libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64
Greetings, on my x86_64 libreoffice fails to detect Java. I am getting this when starting lowriter: hafi@i5_64 ~ $ lowriter Warning: failed to launch javaldx - java may not fuction correctly Trying to add Java manually via Tools->Libreoffice->Java gives [Java framework] Invalid value for bootstrap variable: UNO_JAVA_JFW_VENDOR_SETTINGS Calculating dependencies... done! [ebuild R] app-office/libreoffice-bin-3.4.3.2-r1 USE="(-aqua) -gnome -java -kde (-kdeenablefinal)" 0 kB Calculating dependencies... done! [ebuild Rf ] dev-java/sun-jdk-1.6.0.29 USE="X alsa examples nsplugin -derby -doc -jce" 0 kB hafi@i5_64 ~ $ eselect java-vm list Available Java Virtual Machines: [1] sun-jdk-1.6 system-vm hafi@i5_64 ~ $ eselect java-nsplugin list Available 32-bit Java browser plugins Available 64-bit Java browser plugins [1] sun-jdk-1.6 current Any ideas what to do? Hartmut -- Usenet-ABC-Wiki http://www.usenet-abc.de/wiki/ Von Usern fuer User :-)
Re: [gentoo-user] RUBYOPT="-rauto_gem"
On 01/15/2012 05:24 PM, Hilco Wijbenga wrote: Hi all, The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT. This breaks my own scripts so I have removed it from /etc/env.d. So far, so good. I just tried upgrading dev-ruby/json and it failed because I did not have RUBYOPT set. Obviously, the "fix" was easy but now I'm wondering ... is this really the best approach? It does not seem like a good idea that the rubygems ebuild sets RUBYOPT and subsequent (Ruby Gems related) emerges break without it. Would it not be simpler and more reliable if ebuilds that need it simply execute "export RUBYOPT=..." prior to running? Why does it have to be in the global environment, forcing it on every user? If there is a requirement for this to be in the global environment, what is the consequence of unsetting RUBYOPT in my own .bashrc (or similar)? Is that "safe"? Or does that break something that I simply haven't noticed yet? (1) I don't know much about ruby packaging (2) Keeping (1) in mind, I agree with you (3) You're asking the wrong people Try asking on the -dev list, or filing a bug. They'll just close it if it's considered invalid. This bit me once long ago: ruby scripts running from cron don't have their RUBYOPT set, so scripts that normally work "magically" fail. Since I never set RUBYOPT myself, I didn't expect it to be set. Of course, I just forgot to require rubygems in my script.
Re: [gentoo-user] Resetting the root passwd
On Jan 16, 2012 12:58 AM, "Walter Dnes" wrote: > > On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote > > > This is nothing like changing the port for SSH - a port scanner can > > figure that one out in seconds... > > A real BOFH would set up a dummy instance of sshd on the regular port, > as well as a real sshd instance on another port. The dummy instance > could be set up to always fail the login attempt, and with special > iptable rules to not clutter up your logfile. > And don't forget to put the false sshd through a tc rule that chokes the return traffic to 1 cps B-) Of course, being the "real sysadmin" a.k.a lazy slob that I am, that's way too much work for not enough bastardly pleasure... I can't gleefully see the face of people trapped in the tc hell :-P Rgds,
Re: [gentoo-user] Resetting the root passwd
On Jan 16, 2012 3:56 AM, "Alan McKinnon" wrote: > > On Sun, 15 Jan 2012 12:54:51 -0500 > "Walter Dnes" wrote: > > > On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote > > > > > This is nothing like changing the port for SSH - a port scanner can > > > figure that one out in seconds... > > > > A real BOFH would set up a dummy instance of sshd on the regular > > port, as well as a real sshd instance on another port. The dummy > > instance could be set up to always fail the login attempt, and with > > special iptable rules to not clutter up your logfile. > > > > Actually a real sysadmin[1] would run ssh standardly plus OSSEC with > active rules and dynamically block our Chinese friends > > [1] "real sysadmin" being defined as the quintessentially lazy dude who > is really not into causing himself pain or doing anything that would > increase support tickets in his inbox > That depends on who are authorized to access the boxen via SSH. In my case, only the IT Division is authorized to access them via SSH, so the "real sysadmin" in me (g) decides it is much easier to shift the port rather than implementing esoteric hardening stuffs ;-) Plus, I get the benefit of ridiculing any IT guy/gal who managed to get him-/herself locked out (thanks to the auto-blacklist) B-) Rgds,
Re: [gentoo-user] Re: kernel-3.2.1-gentoo + Broadcom-STA = Could not get rssi (-22)
On 15 January 2012 04:01, Mick wrote: > On Sunday 15 Jan 2012 01:38:08 Carlos Sura wrote: > > On 14 January 2012 18:14, Carlos Sura > wrote: > > > Hello Mates, > > > > > > I have updated my kernel to 3.2.1, using my old config, when I boot my > > > laptop with the new kernel, my wireless was not working, I thought that > > > it was my mistake, but after a google search I found the following > > > article: http://en.gentoo-wiki.com/wiki/Broadcom_43xx > > I'm not sure that this article is up to date. > > Have you been through this: > > http://wireless.kernel.org/en/users/Drivers/b43 > > > > > Since, my wireless card is: Broadcom Corporation BCM4313 802.11b/g/n > > > Wireless LAN Controller > > > > > > That should work, right? > > I'm running stable kernels and actually I'm still with 3.0.6 because the > 3.1.6 > crashes when I suspend to RAM. Also my wireless card is BCM4312 802.11b/g > LP- > PHY and it works fine with the b43 driver on the older kernels - which > driver > was yours using? > > (from lspci -k) > > 05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g LP-PHY > (rev > 01) >Subsystem: Dell Wireless 1397 WLAN Mini-Card >Kernel driver in use: b43-pci-bridge >Kernel modules: ssb > > > > > Then I did the Open Source Kernel Driver, and installed the package > > > broadcom-sta. > > The broadcom-sta is Broadcom's proprietary driver - not Open Source! > > According to the URL I mention above the BCM4313 chipset uses unsupported > LCN > PHY, and the kernel developers are working on it. May be worth talking to > them on #bcm-users in irc.freenode.net to see what they recommend. I > suspect > your choices are wl (which I don't think is in kernel) and the staging > driver > brcmsmac (because the mac80211 does not work with Broadcom's proprietary > ieee80211 stack). > > > > > Boot the laptop again, and 'voila' wireless was working again, but > after > > > 25-30 minutes using it, it stopped working, show me a blank screen with > > > the following error: > > > > > > Fixing recursive fault but reboot is needed! > > > Jan 14 18:12:14 gentoo-b0x kernel: [ 614.214017] ERROR > > > @wl_cfg80211_get_station : Could not get rssi (-22) > > > > > > with a loop of that message, I could not do anything, just ctrl + alt + > > > supr to reboot > > > > > > Second time, took 15-20 minutes and the same mistake, this is my third > > > time with the new kernel, I'm 15 minutes now, and nothing happened. > > See if the module has any options for power saving and switch them off. > > > > > Any help? > > > > > > Regards > > > > > > -- > > > Carlos Sura.- > > > www.carlossura.com > > > > I'm back in the old kernel, and removed the broadcom-sta package and > > wireless seems to works. > > > > So, there is no need of broadcom-sta at this moment in the old kernel, > > maybe the new kernel works too without that package, I will update later, > > after testing. > > It may help if you were to tell us which driver you are now using. > -- > Regards, > Mick > Hello Mick, Thank you for your answer. I'm using the following driver: lspci -k 03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01) Subsystem: Hewlett-Packard Company Device 1483 Kernel driver in use: wl Kernel modules: wl You were right, there is no need to have broadcom-sta I have unistalled and seems to be working fine (with my old kernel); now, it seems to improve in the new kernel too 3.2.1, but the issue persist, I'm not sure why is happening, it does not show the message based on time now, it shows when the load of my pc is heavy and when I'm doing important stuff or many tabs opened in Chrome, there is no way to get back to X, because it shows that message, so I have to reeboot. Now, about this: According to the URL I mention above the BCM4313 chipset uses unsupported LCN PHY, and the kernel developers are working on it. May be worth talking to them on #bcm-users in irc.freenode.net to see what they recommend. I suspect your choices are wl (which I don't think is in kernel) and the staging driver brcmsmac (because the mac80211 does not work with Broadcom's proprietary ieee80211 stack). You are right, my chipset uses unsopported LCN PHY. but, in my old kernel never happened this, that's why I'm more interested in know more about this issue. I'm on ~AMD64 this is my emerge --info : http://tinypaste.com/5ee0e0a4 Also, I forgot to mention, my old kernel was working fine, when I tried to use the old config, it was not working, so I have to deactive some things in the new kernel (related to the wireless card) I will send it in the next email. Thanks for helping me- Regards -- Carlos Sura.- www.carlossura.com
[gentoo-user] RUBYOPT="-rauto_gem"
Hi all, The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT. This breaks my own scripts so I have removed it from /etc/env.d. So far, so good. I just tried upgrading dev-ruby/json and it failed because I did not have RUBYOPT set. Obviously, the "fix" was easy but now I'm wondering ... is this really the best approach? It does not seem like a good idea that the rubygems ebuild sets RUBYOPT and subsequent (Ruby Gems related) emerges break without it. Would it not be simpler and more reliable if ebuilds that need it simply execute "export RUBYOPT=..." prior to running? Why does it have to be in the global environment, forcing it on every user? If there is a requirement for this to be in the global environment, what is the consequence of unsetting RUBYOPT in my own .bashrc (or similar)? Is that "safe"? Or does that break something that I simply haven't noticed yet? Cheers, Hilco
Re: [gentoo-user] Resetting the root passwd
On Sun, 15 Jan 2012 12:54:51 -0500 "Walter Dnes" wrote: > On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote > > > This is nothing like changing the port for SSH - a port scanner can > > figure that one out in seconds... > > A real BOFH would set up a dummy instance of sshd on the regular > port, as well as a real sshd instance on another port. The dummy > instance could be set up to always fail the login attempt, and with > special iptable rules to not clutter up your logfile. > Actually a real sysadmin[1] would run ssh standardly plus OSSEC with active rules and dynamically block our Chinese friends [1] "real sysadmin" being defined as the quintessentially lazy dude who is really not into causing himself pain or doing anything that would increase support tickets in his inbox -- Alan McKinnnon alan.mckin...@gmail.com
Re: [gentoo-user] Updating mysql-init-scripts to 2.0_pre1-r2 now Mysql restart fails!?
On Sunday 15 Jan 2012 18:35:01 Stéphane Guedon wrote: > On Sunday 15 January 2012 18:26:09 Tanstaafl wrote: > > Anyone else having this problem? > > > > Yes, I did etc-update, and simply accepted the new conf.d config file > > and init.d script changes... > > > > After the update, I attempted to restart mysql but got: > > > > myhost : Sun Jan 15, 12:23:47 : ~ > > > > # /etc/init.d/mysql restart > > * Starting mysql ... > > * start-stop-daemon: /usr/sbin/mysqld is already running [ !! ] > > * ERROR: mysql failed to start > > > > myhost : Sun Jan 15, 12:23:55 : ~ > > > > and in the log: > > > > Jan 15 12:23:55 myhost /etc/init.d/mysql[16429]: start-stop-daemon: > > /usr/sbin/mysqld is already running > > Jan 15 12:23:55 myhost /etc/init.d/mysql[16396]: ERROR: mysql failed to > > start > > I have this since years ! > Can't manage to get this error out ! > I will look at the tread carefully ! You could try: ps axf | grep mysql and then kill of mysql before you try to restart it. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Updating mysql-init-scripts to 2.0_pre1-r2 now Mysql restart fails!?
On Sunday 15 January 2012 18:26:09 Tanstaafl wrote: > Anyone else having this problem? > > Yes, I did etc-update, and simply accepted the new conf.d config file > and init.d script changes... > > After the update, I attempted to restart mysql but got: > > myhost : Sun Jan 15, 12:23:47 : ~ > # /etc/init.d/mysql restart > * Starting mysql ... > * start-stop-daemon: /usr/sbin/mysqld is already running [ !! ] > * ERROR: mysql failed to start > myhost : Sun Jan 15, 12:23:55 : ~ > > and in the log: > > Jan 15 12:23:55 myhost /etc/init.d/mysql[16429]: start-stop-daemon: > /usr/sbin/mysqld is already running > Jan 15 12:23:55 myhost /etc/init.d/mysql[16396]: ERROR: mysql failed to > start I have this since years ! Can't manage to get this error out ! I will look at the tread carefully ! -- Stéphane Guedon http://www.22decembre.eu/ http://lectures.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Resetting the root passwd
On 2012-01-15 12:54 PM, Walter Dnes wrote: On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote This is nothing like changing the port for SSH - a port scanner can figure that one out in seconds... A real BOFH would set up a dummy instance of sshd on the regular port, as well as a real sshd instance on another port. The dummy instance could be set up to always fail the login attempt, and with special iptable rules to not clutter up your logfile. Interesting, thanks for the idea... :)
Re: [gentoo-user] Resetting the root passwd
On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote > This is nothing like changing the port for SSH - a port scanner can > figure that one out in seconds... A real BOFH would set up a dummy instance of sshd on the regular port, as well as a real sshd instance on another port. The dummy instance could be set up to always fail the login attempt, and with special iptable rules to not clutter up your logfile. -- Walter Dnes
[gentoo-user] Updating mysql-init-scripts to 2.0_pre1-r2 now Mysql restart fails!?
Anyone else having this problem? Yes, I did etc-update, and simply accepted the new conf.d config file and init.d script changes... After the update, I attempted to restart mysql but got: myhost : Sun Jan 15, 12:23:47 : ~ # /etc/init.d/mysql restart * Starting mysql ... * start-stop-daemon: /usr/sbin/mysqld is already running [ !! ] * ERROR: mysql failed to start myhost : Sun Jan 15, 12:23:55 : ~ and in the log: Jan 15 12:23:55 myhost /etc/init.d/mysql[16429]: start-stop-daemon: /usr/sbin/mysqld is already running Jan 15 12:23:55 myhost /etc/init.d/mysql[16396]: ERROR: mysql failed to start
Re: [gentoo-user] Re: Is it possible to move from hardened profile?
On Jan 15, 2012 10:33 PM, "Michael Orlitzky" wrote: > > On 01/15/2012 08:36 AM, Tanstaafl wrote: >> >> >>> Virtualization is iffy if you're not careful which options you enable in >>> the kernel. >> >> >> I've been meaning to as a similar (but reverse) question - which I'll do >> in a separate thread later, but... >> >> Your reference to 'virtualizationis iffy' above... do you mean if you >> are going to run VMs on a hardened HOST? Or run a hardened machine as a >> VM? I had a problem trying to switch my Linode VM to the hardened >> profile, and ended up giving up on it... >> > > I was talking about a hardened host. Fortunately, newer kernels will have a preset "virtualization" profile that you can select to set only the safe options. See this thread for the announcement: > > http://archives.gentoo.org/gentoo-hardened/msg_4bfe029213c94d7ee59cdf8f3f38.xml > > I personally have never run a hardened guest, but in that post he alludes to the fact there may also be issues there, "...but in some > cases applies even for the guest." > > In either case, you would want to stick to the stable kernels, since new problems do crop up occasionally as new features are introduced. > I have been running hardened unstable kernels as guests on top of VMware vSphere and XenServer without any problems. Except for that one time where something went horribly wrong, rendering *everything* unusable. But that kernel was withdrawn and replaced with a new revision within 24 hours. Of course, YMMV. Rgds,
Re: [gentoo-user] Resetting the root passwd
On Sunday 15 Jan 2012 14:19:07 Tanstaafl wrote: > On 2012-01-15 3:50 AM, Pandu Poluan wrote: > > Well, I *always* change my sshd ports, not for added security, but > > because I'm tired of seeing failed login attempts from China. The daily > > log became *much* shorter after I moved the port somewhere else. > > That is the *only* legitimate reason (I can think of) to change the > port... but it always irks me when someone thinks they are truly gaining > any extra *security* through doing so... They are ... not at all in terms of complexity (the difficulty of cracking the ssh password remains exactly the same), but yes in terms of probability (fewer attempts to crack the password). Of course, using public keys instead of passwords improves difficulty by orders of magnitude, but for the sake of reducing bandwidth alone, I think that changing the sshd port makes sense. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Is it possible to move from hardened profile?
On 01/15/2012 08:36 AM, Tanstaafl wrote: Virtualization is iffy if you're not careful which options you enable in the kernel. I've been meaning to as a similar (but reverse) question - which I'll do in a separate thread later, but... Your reference to 'virtualizationis iffy' above... do you mean if you are going to run VMs on a hardened HOST? Or run a hardened machine as a VM? I had a problem trying to switch my Linode VM to the hardened profile, and ended up giving up on it... I was talking about a hardened host. Fortunately, newer kernels will have a preset "virtualization" profile that you can select to set only the safe options. See this thread for the announcement: http://archives.gentoo.org/gentoo-hardened/msg_4bfe029213c94d7ee59cdf8f3f38.xml I personally have never run a hardened guest, but in that post he alludes to the fact there may also be issues there, "...but in some cases applies even for the guest." In either case, you would want to stick to the stable kernels, since new problems do crop up occasionally as new features are introduced.
Re: [gentoo-user] [OT] Hardware Problems causing kernel panics during large compiles
Update time. Today, still running on the integrated Radeon HD 3300, I did an upgrade to chromium again. BAM! Kernel panic. Recoverable, but the compilation failed again. So, the NVIDIA 9800GT has been out since my last message and I am apparently getting the kernel panics again. I suppose it was luck that I got through the upgrade last time. So looks like I'll be getting a new motherboard. Jason Weisberger jbdu...@gmail.com
Re: [gentoo-user] Re: Is it possible to move from hardened profile?
Well, hardened profile really did add some peace of mind to me, very rarely I found some app to be terminated thanks to stack smashing protection. I would like to have safe working environment, but the incompatibility cost me quite some time. Hardened would be the only choice for me if it was a server solution, but for notebook workstation with KDE it is quite inconvenient. ATI fglrx drivers have problems on hardened kernel (even with GrSec and PAX disabled, just thanks to other hardened patches), VirtualBox cannot be compiled using hardened gcc profile, when trying to emerge wxMaxima some of its dependencies refuse to be compiled on hardened profile (was it gnuplot? I am really not sure)... These are usually small amounts of time which I have to invest, but there is quite a bunch of them. On server I have no such problems and I am using hardened profile with lots of security features turned on without problems, but on desktop workstation it is quite a pain. Anyway I have already creates a partition and in some free time I have been installing Gentoo with default profile via chroot. When I have complete environment and all my data moved, I'll try to convert the profile, just out of curiosity... Peter
Re: [gentoo-user] [OT] opendns.org
On Fri, Jan 13, 2012 at 4:06 PM, walt wrote: > I just heard about opendns.org for the first time today, but their > website makes it seem that I'm the only person in the solar system > who's not already on the bandwagon. > > Anyone know if they are as wonderful as they sound? > > I've used OpenDNS for so long without problems that I'd actually forgotten that it is OpenDNS that I'm using. I get an email from them maybe once a month telling me a few things about their company but that's no big deal. It works well and has been for me 100% pain free for years. HTH, Mark
Re: [gentoo-user] Resetting the root passwd
On 2012-01-15 3:50 AM, Pandu Poluan wrote: Well, I *always* change my sshd ports, not for added security, but because I'm tired of seeing failed login attempts from China. The daily log became *much* shorter after I moved the port somewhere else. That is the *only* legitimate reason (I can think of) to change the port... but it always irks me when someone thinks they are truly gaining any extra *security* through doing so...
Re: [gentoo-user] Re: Is it possible to move from hardened profile?
On 2012-01-14 5:25 PM, Michael Orlitzky wrote: On 01/14/2012 04:56 PM, walt wrote: On 01/14/2012 01:05 PM, czernitko wrote: Hello, I wonder whether it is possible to convert hardened desktop box into box with non-hardened profile? I guess I would have to recompile world with vanilla compiler (no hardening) and compile gentoo-sources kernel (no prob with those), but how can I get clean, non-hardened profile for portage (if it is even possible)? Short answer: I have no idea :) But I'd like to ask why you want to dump the hardened profile. Is there a significant disadvantage to the hardening? I've been wanting for awhile to try hardening but I'm basically to lazy to Just Do It(TM). Virtualization is iffy if you're not careful which options you enable in the kernel. I've been meaning to as a similar (but reverse) question - which I'll do in a separate thread later, but... Your reference to 'virtualizationis iffy' above... do you mean if you are going to run VMs on a hardened HOST? Or run a hardened machine as a VM? I had a problem trying to switch my Linode VM to the hardened profile, and ended up giving up on it...
Re: [gentoo-user] [OT] opendns.org
On 2012-01-13 7:06 PM, walt wrote: I just heard about opendns.org for the first time today, but their website makes it seem that I'm the only person in the solar system who's not already on the bandwagon. Anyone know if they are as wonderful as they sound? We've been using them for a very long time and had zero problems... We don't use any of the blocking or fancy stuff though, and disabled the redirects. One caveat - do *not* use them on a mail server if you do RBL lookups on any service that meters your usage (like zen.spamhaus.org), they block access to their services from public DNS servers like opendns and google...
Re: [gentoo-user] [OT] opendns.org
On 2012-01-13 7:46 PM, Florian Philipp wrote: 2) their redirection on missing domain names became annoying, especially on slow mobile connections This can be disabled you know...
Re: [gentoo-user] Re: kernel-3.2.1-gentoo + Broadcom-STA = Could not get rssi (-22)
On Sunday 15 Jan 2012 01:38:08 Carlos Sura wrote: > On 14 January 2012 18:14, Carlos Sura wrote: > > Hello Mates, > > > > I have updated my kernel to 3.2.1, using my old config, when I boot my > > laptop with the new kernel, my wireless was not working, I thought that > > it was my mistake, but after a google search I found the following > > article: http://en.gentoo-wiki.com/wiki/Broadcom_43xx I'm not sure that this article is up to date. Have you been through this: http://wireless.kernel.org/en/users/Drivers/b43 > > Since, my wireless card is: Broadcom Corporation BCM4313 802.11b/g/n > > Wireless LAN Controller > > > > That should work, right? I'm running stable kernels and actually I'm still with 3.0.6 because the 3.1.6 crashes when I suspend to RAM. Also my wireless card is BCM4312 802.11b/g LP- PHY and it works fine with the b43 driver on the older kernels - which driver was yours using? (from lspci -k) 05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g LP-PHY (rev 01) Subsystem: Dell Wireless 1397 WLAN Mini-Card Kernel driver in use: b43-pci-bridge Kernel modules: ssb > > Then I did the Open Source Kernel Driver, and installed the package > > broadcom-sta. The broadcom-sta is Broadcom's proprietary driver - not Open Source! According to the URL I mention above the BCM4313 chipset uses unsupported LCN PHY, and the kernel developers are working on it. May be worth talking to them on #bcm-users in irc.freenode.net to see what they recommend. I suspect your choices are wl (which I don't think is in kernel) and the staging driver brcmsmac (because the mac80211 does not work with Broadcom's proprietary ieee80211 stack). > > Boot the laptop again, and 'voila' wireless was working again, but after > > 25-30 minutes using it, it stopped working, show me a blank screen with > > the following error: > > > > Fixing recursive fault but reboot is needed! > > Jan 14 18:12:14 gentoo-b0x kernel: [ 614.214017] ERROR > > @wl_cfg80211_get_station : Could not get rssi (-22) > > > > with a loop of that message, I could not do anything, just ctrl + alt + > > supr to reboot > > > > Second time, took 15-20 minutes and the same mistake, this is my third > > time with the new kernel, I'm 15 minutes now, and nothing happened. See if the module has any options for power saving and switch them off. > > Any help? > > > > Regards > > > > -- > > Carlos Sura.- > > www.carlossura.com > > I'm back in the old kernel, and removed the broadcom-sta package and > wireless seems to works. > > So, there is no need of broadcom-sta at this moment in the old kernel, > maybe the new kernel works too without that package, I will update later, > after testing. It may help if you were to tell us which driver you are now using. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Resetting the root passwd
On Jan 12, 2012 8:07 PM, "Alan McKinnon" wrote: > , >8 snip > > Changing the ssh port (and even crypto keys on DVDs) is just a > brain-dead approach, we agree on that. We rightfully rip a new one to > people advocating doing this. > Well, I *always* change my sshd ports, not for added security, but because I'm tired of seeing failed login attempts from China. The daily log became *much* shorter after I moved the port somewhere else. Plus, thanks to the wonders of iptables and ipset, anyone attempting to connect to port 22 will now gets blocked completely. Rgds,