[gentoo-user] Re: RUBYOPT="-rauto_gem"

[Hans de Graaff]

On Sun, 15 Jan 2012 14:24:30 -0800, Hilco Wijbenga wrote:

> If there is a requirement for this to be in the global environment, what
> is the consequence of unsetting RUBYOPT in my own .bashrc (or similar)?
> Is that "safe"? Or does that break something that I simply haven't
> noticed yet?

We don't support that setup, but you can always try. The only consequence 
should be that scripts won't find code installed by rubygems, unless you 
explicitly require 'rubygems' yourself.

The reason for this is partly history, and we can't really change it now 
without breaking a lot of stuff. It it also there to provide more choice, 
since you don't need to be explicit about this in your scripts. Finally, 
this is the default in ruby 1.9, even without RUBYOPT set, so we now have 
a matching situation between the different ruby versions.

Kind regards,

Hans

[gentoo-user] Re: RUBYOPT="-rauto_gem"

[Hans de Graaff]

On Sun, 15 Jan 2012 22:21:30 -0800, Hilco Wijbenga wrote:

> On 15 January 2012 18:21, Michael Orlitzky  wrote:
>> On 01/15/2012 05:24 PM, Hilco Wijbenga wrote:
>>>
>>> Hi all,
>>>
>>> The dev-ruby/rubygems ebuild adds "-rauto_gem" to the global RUBYOPT.
>>> This breaks my own scripts so I have removed it from /etc/env.d. So
>>> far, so good.

>> Try asking on the -dev list, or filing a bug. They'll just close it if
>> it's considered invalid.

Agree, if things are broken then please file a bug.

> We have too many open bugs already so I'll wait until (hopefully) I see
> a few more responses before I file a bug. That way there's less chance
> of an invalid bug and I may save some valuable dev time.

If you want to help us then open a bug so there can be a focused 
discussion, especially if things are broken. If you really want to help 
us then participate in the bugs and help us close them :-)

Kind regards,

Hans

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[walt]

On 01/15/2012 07:05 PM, Hartmut Figge wrote:
> Greetings,
> 
> on my x86_64 libreoffice fails to detect Java. I am getting this when
> starting lowriter:
> 
> hafi@i5_64 ~ $ lowriter
> Warning: failed to launch javaldx - java may not fuction correctly
> 
> Calculating dependencies... done!
> [ebuild   R] app-office/libreoffice-bin-3.4.3.2-r1  USE="(-aqua)
> -gnome -java -kde (-kdeenablefinal)" 0 kB
 ^

Your java useflag seems to be turned off.  Try turning it on before
re-emerging libreoffice.

Do you have /usr/lib/libreoffice/ure/bin/javaldx on your machine?

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[Hartmut Figge]

walt:
>On 01/15/2012 07:05 PM, Hartmut Figge wrote:

>> on my x86_64 libreoffice fails to detect Java. I am getting this when
>> starting lowriter:
>> 
>> hafi@i5_64 ~ $ lowriter
>> Warning: failed to launch javaldx - java may not fuction correctly
>> 
>> Calculating dependencies... done!
>> [ebuild   R] app-office/libreoffice-bin-3.4.3.2-r1  USE="(-aqua)
>> -gnome -java -kde (-kdeenablefinal)" 0 kB
> ^
>
>Your java useflag seems to be turned off.

Yes. It is turned off by default. Turning it on results in
Total: 45 packages (44 new, 1 reinstall), Size of downloads: 208,892 kB
Horrible. *g*

>Try turning it on before re-emerging libreoffice.

I don't believe it must be turned on because of [1].

>Do you have /usr/lib/libreoffice/ure/bin/javaldx on your machine?

No.
hafi@i5_64 ~ $ locate javaldx
hafi@i5_64 ~ $

[1]
On another partition i have an i686 Gentoo, updated last 3 month ago. On
that Gentoo libreoffice detects java.
http://www.triffids.de/pub/screenshot/libr_jav.png (7 KB)

Calculating dependencies... done!
[ebuild   R] app-office/libreoffice-bin-3.3.4  USE="offlinehelp
-gnome -java" LINGUAS="de en -af[...]"

Calculating dependencies... done!
[ebuild   Rf   ] dev-java/sun-jdk-1.6.0.29  USE="X alsa doc examples
nsplugin -derby -jce" 0 kB

hafi@i5 ~ $ eselect java-vm list
Available Java Virtual Machines:
  [1]   sun-jdk-1.6  system-vm user-vm

hafi@i5 ~ $ eselect java-nsplugin list
Available Java browser plugins
  [1]   sun-jdk-1.6  current

There is no javaldx either:
hafi@i5 ~ $ locate javaldx
hafi@i5 ~ $

There is a difference to my x86_64 Gentoo that *may* be important

x86:64:
Available Java Virtual Machines:
  [1]   sun-jdk-1.6  system-vm

i686:
Available Java Virtual Machines:
  [1]   sun-jdk-1.6  system-vm user-vm

On i686 there is not only system-vm, but also user-vm. Don't know, why.

Hartmut
-- 
Usenet-ABC-Wiki http://www.usenet-abc.de/wiki/
Von Usern fuer User  :-)

Re: [gentoo-user] Libre Office failing to build

[Andrew Lowe]

On 01/15/12 03:21, Carlos Sura wrote:



On 14 January 2012 12:09, Paul Hartman mailto:paul.hartman%2bgen...@gmail.com>> wrote:

On Sat, Jan 14, 2012 at 11:26 AM, Andrew Lowe mailto:a...@wht.com.au>> wrote:
 > Hi all,
 >Are people currently building Libre Office successfully? I'm
 > attempting to do so and getting it failing with an error 65280 and it

[snip]
...
...
...
[snip]


(~AMD64), no problems found. Well, there is one minimun thing, I'm using
Gnome 3 and LibreOffice is not showing any ICON in the Application Menu.
Anyone with this problem? a quick fix?

Regards.

--
Carlos Sura.-
www.carlossura.com 



And there was much rejoicing..

	It looks like having an incomplete "emerge -NuD world" hanging around 
caused the build of libreoffice to fail all over the place. After 
managing to eventually get the world updated, Libreoffice has finally built.


Yeah,

Andrew

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[walt]

On 01/16/2012 04:12 AM, Hartmut Figge wrote:
> There is a difference to my x86_64 Gentoo that *may* be important
> 
> x86:64:
> Available Java Virtual Machines:
>   [1]   sun-jdk-1.6  system-vm
> 
> i686:
> Available Java Virtual Machines:
>   [1]   sun-jdk-1.6  system-vm user-vm
> 
> On i686 there is not only system-vm, but also user-vm. Don't know, why.

I never had user-vm set until just now.  It made no difference AFAICT.

It seems that your java environment is somehow broken, but I don't know
why.  Some part of libreoffice thinks that javaldx is available when it's
not.  What does java -version say?

Because both jdk and libreoffice are binary packages, I'd say just
re-emerge them both, and then use eselect java-vm set system to re-
write all the java-config symlinks just in case they are wrong.  You
might run env-update again, too.  The shotgun approach may work :)

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[Hartmut Figge]

walt:

>I never had user-vm set until just now.  It made no difference AFAICT.

I am not seeing a difference also.

>It seems that your java environment is somehow broken, but I don't know
>why.  Some part of libreoffice thinks that javaldx is available when it's
>not.  What does java -version say?

hafi@i5_64 ~ $ java -version
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) 64-Bit Server VM (build 20.4-b02, mixed mode)

>Because both jdk and libreoffice are binary packages, I'd say just
>re-emerge them both, and then use eselect java-vm set system to re-
>write all the java-config symlinks just in case they are wrong.  You
>might run env-update again, too.  The shotgun approach may work :)

Would have been nice if it worked. But unfortunately... *g*

I had even left X with ^Backspace, logged out, logged in, then 'sudo
env-update', then startx, then opened a xterm, then issued lowriter.

Hartmut
-- 
Usenet-ABC-Wiki http://www.usenet-abc.de/wiki/
Von Usern fuer User  :-)

Re: [gentoo-user] Resetting the root passwd

[Walter Dnes]

On Mon, Jan 16, 2012 at 08:23:33AM +0700, Pandu Poluan wrote

> That depends on who are authorized to access the boxen via SSH. In my case,
> only the IT Division is authorized to access them via SSH, so the "real
> sysadmin" in me (g) decides it is much easier to shift the port rather than
> implementing esoteric hardening stuffs ;-)
> 
> Plus, I get the benefit of ridiculing any IT guy/gal who managed to get
> him-/herself locked out (thanks to the auto-blacklist) B-)

  The opposite of auto-blacklisting is port-knocking.  Think of it as
auto-unblacklisting, where the world is blacklisted by default.  See...

http://www.hostsvault.com/blog/howto-protect-services-like-ssh-against-brute-force-using-only-iptables-port-knocking/

  The idea is that your external service is blocked to everybody by
default.  When an external IP address "knocks" in sequence on the right
3 ports (specified in iptables), it is then allowed a few seconds to
establish a connection (ssh/ftp/whatever).

-- 
Walter Dnes 

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[walt]

On 01/16/2012 10:15 AM, Hartmut Figge wrote:
>>  The shotgun approach may work :)

> Would have been nice if it worked. But unfortunately... *g*

Oh, I forgot shotgun v.2 :)  When faced with something as complex
as libreoffice I usually create a brand new user account and try
running it from there, to rule out breakage in my home directory.

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[Hartmut Figge]

walt:

>Oh, I forgot shotgun v.2 :)  When faced with something as complex
>as libreoffice I usually create a brand new user account and try
>running it from there, to rule out breakage in my home directory.

Fine to know about this. :) But... ;)

I could try the unstable sun-jdk. I could try an old libreoffice. I
could try other jdk's. Or i could just forget about java, because i
never had missed it. *g*

Hartmut
-- 
Usenet-ABC-Wiki http://www.usenet-abc.de/wiki/
Von Usern fuer User  :-)

Re: [gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[James Broadhead]

On 16 January 2012 19:51, Hartmut Figge  wrote:
> walt:
>
>>Oh, I forgot shotgun v.2 :)  When faced with something as complex
>>as libreoffice I usually create a brand new user account and try
>>running it from there, to rule out breakage in my home directory.
>
> Fine to know about this. :) But... ;)
>
> I could try the unstable sun-jdk. I could try an old libreoffice. I
> could try other jdk's. Or i could just forget about java, because i
> never had missed it. *g*
>
> Hartmut

I saw this earlier in the week, and did a little googling.

It's actually looking for java-1.7 ; but seems to work fine with 1.6
(hence the lower DEPEND  version).

[gentoo-user] Re: libreoffice-bin-3.4.3.2-r1 & sun-jdk-1.6.0.29 on x86_64

[Hartmut Figge]

James Broadhead:

[libreoffice-bin-3.4.3.2-r1]
>It's actually looking for java-1.7 ; but seems to work fine with 1.6

Tcha. Not here. icedtea-bin-1.10.4 isn't found by libreoffice either.

Hartmut
-- 
Usenet-ABC-Wiki http://www.usenet-abc.de/wiki/
Von Usern fuer User  :-)

[gentoo-user] GLSA «201110-01 / openssl» and acroread-9.4.2

[Urs Schutz]

Today I see the following:

I uninstalled dev-libs/openssl-0.9.8s-r1 because there is
a GLSA (201110-01 / openssl) against it.

But acroread-9.4.2 wants the installation of
openssl-0.9.8s-r1:

> # emerge -uDpvtN world

These are the packages that would be merged, in reverse
order:

Calculating dependencies... done!
[nomerge   ] app-text/acroread-9.4.2  USE="cups ldap
nsplugin -minimal" LINGUAS="de en -fr -ja" [ebuild  NS
]  dev-libs/openssl-0.9.8s-r1 [1.0.0f-r1] USE="gmp sse2
zlib -bindist -kerberos -test" 0 kB

Total: 1 package (1 in new slot), Size of downloads: 0 kB

The last stable openssl is already installed:
> # eix -I openssl
[I] dev-libs/openssl
 Available versions:  
(0.9.8) 0.9.8r ~0.9.8s 0.9.8s-r1
(0) 1.0.0d 1.0.0e ~1.0.0e-r1 ~1.0.0f 1.0.0f-r1
{bindist gmp kerberos rfc3779 sse2 static-libs test
zlib}
 Installed versions:  1.0.0f-r1(07:52:58 PM 
01/16/2012)(gmp sse2 zlib -bindist -kerberos -rfc3779
-static-libs -test)
 Homepage:http://www.openssl.org/
 Description:

As far as I know acroread is not unmasked in this
installation, nor is openssl 
> # grep -i acro /etc/portage/*
> # grep -i ssl /etc/portage/*
shows nothing, so acroread and ssl is «stable».

For now I just uninstalled acroread to prevent the
installation of a buggy openssl version, but this seems
wrong for a mostly stable installation...

Any hints how to proceed? Is there any danger to have an
old (and apparently buggy) openssl lib installed in parallel
with the recent one? 

Urs

Re: [gentoo-user] Re: kernel-3.2.1-gentoo + Broadcom-STA = Could not get rssi (-22)

[Mick]

On Sunday 15 Jan 2012 23:55:41 Carlos Sura wrote:
> On 15 January 2012 04:01, Mick  wrote:

> Now, about this:
> According to the URL I mention above the BCM4313 chipset uses unsupported
> LCN
> PHY, and the kernel developers are working on it.  May be worth talking to
> them on #bcm-users in irc.freenode.net to see what they recommend.  I
> suspect
> your choices are wl (which I don't think is in kernel) and the staging
> driver
> brcmsmac (because the mac80211 does not work with Broadcom's proprietary
> ieee80211 stack).
> 
> You are right, my chipset uses unsopported LCN PHY. but, in my old kernel
> never happened this, that's why I'm more interested in know more about this
> issue.
> 
> I'm on ~AMD64 this is my emerge --info : http://tinypaste.com/5ee0e0a4
> 
> Also, I forgot to mention, my old kernel was working fine, when I tried to
> use the old config, it was not working, so I have to deactive some things
> in the new kernel (related to the wireless card) I will send it in the next
> email.

Try:

modinfo wl

(or whatever module you are loading) to see what parameters are there and then 
load the module with any parameter affecting power management turned off.  
Experiment with different parameters (like QoS) to see if any of them make a 
difference.

Speaking to the devs on IRC may get you to a solution (and help with 
debugging) sooner.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Resetting the root passwd

[Mick]

On Monday 16 Jan 2012 01:35:04 Pandu Poluan wrote:
> On Jan 16, 2012 12:58 AM, "Walter Dnes"  wrote:
> > On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote
> > 
> > > This is nothing like changing the port for SSH - a port scanner can
> > > figure that one out in seconds...
> >  
> >  A real BOFH would set up a dummy instance of sshd on the regular port,
> > 
> > as well as a real sshd instance on another port.  The dummy instance
> > could be set up to always fail the login attempt, and with special
> > iptable rules to not clutter up your logfile.
> 
> And don't forget to put the false sshd through a tc rule that chokes the
> return traffic to 1 cps B-)
> 
> Of course, being the "real sysadmin" a.k.a lazy slob that I am, that's way
> too much work for not enough bastardly pleasure... I can't gleefully see
> the face of people trapped in the tc hell :-P


Can you set up tc by port?  I thought it is only applicable to an interface.  
I need to brush up on this one day.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Resetting the root passwd

[Pandu Poluan]

On Jan 17, 2012 6:11 AM, "Mick"  wrote:
>
> On Monday 16 Jan 2012 01:35:04 Pandu Poluan wrote:
> > On Jan 16, 2012 12:58 AM, "Walter Dnes"  wrote:
> > > On Thu, Jan 12, 2012 at 06:30:03AM -0500, Tanstaafl wrote
> > >
> > > > This is nothing like changing the port for SSH - a port scanner can
> > > > figure that one out in seconds...
> > >
> > >  A real BOFH would set up a dummy instance of sshd on the regular
port,
> > >
> > > as well as a real sshd instance on another port.  The dummy instance
> > > could be set up to always fail the login attempt, and with special
> > > iptable rules to not clutter up your logfile.
> >
> > And don't forget to put the false sshd through a tc rule that chokes the
> > return traffic to 1 cps B-)
> >
> > Of course, being the "real sysadmin" a.k.a lazy slob that I am, that's
way
> > too much work for not enough bastardly pleasure... I can't gleefully see
> > the face of people trapped in the tc hell :-P
>
>
> Can you set up tc by port?  I thought it is only applicable to an
interface.
> I need to brush up on this one day.

Actually, yes, by using u32 match.

But I prefer to just MARK the packet in iptables and match against that.

Rgds,

[gentoo-user] Questions about hacked sites and passwords

[Dale]

Howdy,

It was on the news that some company got hacked into that was related to 
Amazon.  They said Amazon users should change their password just as a 
precaution.  I have a questions tho.  I use some pretty good passwords 
for the things that matter, sites such as my bank, credit card, ebay, 
paypal, newegg and others that may store things such as my credit card 
numbers.  Here is a example but not a close match to a typical password:


$cb78862A!

According to those password strength websites, that is a great 
password.  Fairly long and lots of assorted characters and impossible to 
guess since it contains no personal info such as birthdays or pets.  
This is fairly typical for sites that matter.  I may use something 
simple for sites such as forums or something tho.


My question.  If I have a really good password and someone gets hacked, 
should I change the password if the passwords are still safe?  In other 
words, they got some data such as email addys but the passwords and 
credit cards are still secure.  Should a person change it anyway?


One reason I ask this.  I remember my passwords well.  If I go to 
changing them every time someone gets hacked, I'll never be able to keep 
up with them again.  I use Lastpass to remember them but it could stop 
working because of a upgrade or something.  Then again, I could use its 
autogenerate thing and just HOPE for the best on upgrades.


Thoughts?  What do you guys, and our gal, do in situations like this?

Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

[gentoo-user] ZIC, aka setting the time zone.

[Alan Mackenzie]

Hi, everybody.

I've finally become zic and tired of messages like

Tue Jan 17 02:48:28 Local time zone must be set--see zic manual page 2012 
on tty14

.  Trying to read man zic, my eyes just glaze over.  I "just" want my
time to be GMT (or UTC or UCT, or whatever it's called these days).
Surely I don't have to go through the palaver described in the zic
manual page.

Help, please!

-- 
Alan Mackenzie (Nuremberg, Germany).

[gentoo-user] Re: using unstable gentoo-sources

[»Q«]

On Mon, 16 Jan 2012 00:59:16 -0600
Dale  wrote:

> »Q« wrote:

> > I've never used any unstable build for the kernel, and once a>=3.2.1
> > kernel goes stable, I'll stick with stable again.  But in the
> > meantime, is there anything I should watch out for or keep in mind?
> 
> I have used unstable kernels lots of times.  If everything works,
> then it works.  If you upgrade and something isn't working or is
> fishy, then go back to the stable one.  This is why I keep a known
> working kernel and a newer version in /boot at all times.  I always
> have two versions and at times have as many as a dozen.
> 
> Oh, have entries in grub for both too.
> 
> That help any?

Yep, thanks.  If you can do it I can do it, I hope. :)

Re: [gentoo-user] Re: using unstable gentoo-sources

[Dale]

»Q« wrote:

On Mon, 16 Jan 2012 00:59:16 -0600
Dale  wrote:


»Q« wrote:

I've never used any unstable build for the kernel, and once a>=3.2.1
kernel goes stable, I'll stick with stable again.  But in the
meantime, is there anything I should watch out for or keep in mind?

I have used unstable kernels lots of times.  If everything works,
then it works.  If you upgrade and something isn't working or is
fishy, then go back to the stable one.  This is why I keep a known
working kernel and a newer version in /boot at all times.  I always
have two versions and at times have as many as a dozen.

Oh, have entries in grub for both too.

That help any?

Yep, thanks.  If you can do it I can do it, I hope. :)






Just check the logs after you boot a new kernel.  If it looks like 
something weird is going on or you see error messages, reboot to the 
older kernel and see if it still does it.  If it doesn't, wait for a 
couple versions before trying again.  Naturally if something isn't 
working, go back and try again later.  I always use make oldconfig.  I 
have had it fail only when there are major changes to the kernel.  If 
something is broken and you have the time, try to figure out if it is a 
config issue or a kernel issue.  Report it if you can.


Oh, crossing your fingers helps sometimes too.  ;-)   I need a rabbits 
foot.


Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

[gentoo-user] want sound (alsa) muted on boot

[»Q«]

I want sound muted on boot, but it always starts unmuted.  I don't know
when this problem started; I only noticed it because I recently went
through a stretch of being unable to hibernate, so I booted a lot.

grep -i =\" /etc/conf.d/alsasound 
ENABLE_OSS_EMUL="yes"
RESTORE_ON_START="no"
SAVE_ON_STOP="no"
LOAD_ON_START="no"

I thought the RESTORE_ON_START="no" should do what I want, but no such
luck.  I tried the old `# alsactl store` after using alsamixer to mute
sound, which also didn't help.

OT: Re: [gentoo-user] Questions about hacked sites and passwords

[Chris Walters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
 
On 1/16/2012 09:22 PM, Dale wrote:
> Howdy,
>
> It was on the news that some company got hacked into that was
> related to Amazon. They said Amazon users should change their
> password just as a precaution. I have a questions tho. I use some
> pretty good passwords for the things that matter, sites such as my
> bank, credit card, ebay, paypal, newegg and others that may store
> things such as my credit card numbers. Here is a example but not a
> close match to a typical password:
>

> My question. If I have a really good password and someone gets
> hacked, should I change the password if the passwords are still
> safe? In other words, they got some data such as email addys but the
> passwords and credit cards are still secure. Should a person change
> it anyway?
>
> One reason I ask this. I remember my passwords well. If I go to
> changing them every time someone gets hacked, I'll never be able to
> keep up with them again. I use Lastpass to remember them but it
> could stop working because of a upgrade or something. Then again, I
> could use its autogenerate thing and just HOPE for the best on
> upgrades.
>
> Thoughts? What do you guys, and our gal, do in situations like
> this?
>
> Dale

My idea on changing your passwords is that you should change your passwords
every 6 months, at least since you can never know if someone has stolen the
other site's user/password files (or your own).  Even with password
encryption/hashing, it is only a matter of time before an attacker will crack
your password (even assuming a brute-force attack).  Also, when you hear that a
site you do personal business with, such as your bank, shopping sites, etc. has
been hacked, it is a *very* good idea to change your password for that site,
and related sites - for example, if you change your password for Amazon, you
probably should change it for Paypal if you ever use it to pay for your 
purchases.

It is a matter of protection (both the 6 month policy and the hacked site
policy).  It means that, even if a hacker got your username and (encrypted)
password, and managed to brute force your password, it would not be able to be
used to log in as you.  Oh, and I do practice a policy that most advise against
- I write down my passwords for sites, until I memorize them, and keep those
papers safe.  I do this because, if someone were to break into my home, all
thoughts of computer security would go out the window.

Chris
-BEGIN PGP SIGNATURE-
 
iEYEAREKAAYFAk8VEfEACgkQUx1jS/ORyCtIegCgjlAPcNMBTiA4fqKaFnT8bdf3
TpQAnj1hYst3EFNiIAoAHsfPG2LfXG0R
=83kF
-END PGP SIGNATURE-



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 120116-1, 01/16/2012
Tested on: 1/17/2012 1:15:15 AM
avast! - copyright (c) 1988-2012 AVAST Software.
http://www.avast.com

Re: [gentoo-user] ZIC, aka setting the time zone.

[Chris Walters]

On 1/16/2012 09:56 PM, Alan Mackenzie wrote:
> Hi, everybody.
>
> I've finally become zic and tired of messages like
>
> Tue Jan 17 02:48:28 Local time zone must be set--see zic manual page 2012 
> on tty14
>
> .  Trying to read man zic, my eyes just glaze over.  I "just" want my
> time to be GMT (or UTC or UCT, or whatever it's called these days).
> Surely I don't have to go through the palaver described in the zic
> manual page.
>
> Help, please!

I'm not sure what arch you're using, but the Installation manual has a part of
the answer for you.
I tend to avoid zic like I would avoid the plague, and use the Gentoo method of
changing settings.

For x86/amd64 systems (7.1.7):

  # ls /usr/share/zoneinfo (Suppose you want to use GMT) 
  # cp /usr/share/zoneinfo/GMT /etc/localtime

You also need to edit /etc/conf.d/hwclock (if you're using baselayout-2)
Specifically, you want to change the "clock=" line to the timezone you are
going to be using. 
There also used to be an /etc/timezone file that would have to be edited, as
well.  I think they removed
that file, but it has been a while since I changed my timezone.

After doing all this, you'd have to "source /etc/profile" in your active
shells, or just restart.  You may get some
errors about file times - especially when trying to emerge packages, and if the
dates would be in the future.
Not a problem if they're in the past.

Chris



signature.asc
Description: OpenPGP digital signature

[gentoo-user] Cross Compiling in Gentoo

[Chris Walters]

Hi,

I have a question about cross compiling in Gentoo - specifically cross
compiling for W32/W64.  I tried their preferred method and didn't like it, so I
downloaded the appropriate Mingw64 build files, set up a cross compile account,
with the appropriate paths, variables, etc.  Most packages compile correctly
(though it sometimes takes some code hacking - and yes they do run in Win 7),
but there are some I can't seem to get to build properly - usually the ones
that have make files for MS Visual Studio.  I have no interest in purchasing
Visual Studio.

My question is, does anyone know of any good resources (mailing lists, sites,
etc.) on cross compiling on a GNU/Linux platform for a W32/W64 platform?  The
searches I've run have directed me to sites that talk about using MSYS and
Mingw on a W32 platform (I don't have all year to build a single package).  I
am looking to build GraphicsMagick, and some helpful tools for W64 (though I'd
accept W32, if that's the only way).

Chris





signature.asc
Description: OpenPGP digital signature

Re: [gentoo-user] Questions about hacked sites and passwords

[Florian Philipp]

Am 17.01.2012 03:22, schrieb Dale:
> Howdy,
> 
> It was on the news that some company got hacked into that was related to
> Amazon.  They said Amazon users should change their password just as a
> precaution.  I have a questions tho.  I use some pretty good passwords
> for the things that matter, sites such as my bank, credit card, ebay,
> paypal, newegg and others that may store things such as my credit card
> numbers.  Here is a example but not a close match to a typical password:
> 
> $cb78862A!
> 
> According to those password strength websites, that is a great
> password.  Fairly long and lots of assorted characters and impossible to
> guess since it contains no personal info such as birthdays or pets. 
> This is fairly typical for sites that matter.  I may use something
> simple for sites such as forums or something tho.
> 
> My question.  If I have a really good password and someone gets hacked,
> should I change the password if the passwords are still safe?  In other
> words, they got some data such as email addys but the passwords and
> credit cards are still secure.  Should a person change it anyway?
> 
> One reason I ask this.  I remember my passwords well.  If I go to
> changing them every time someone gets hacked, I'll never be able to keep
> up with them again.  I use Lastpass to remember them but it could stop
> working because of a upgrade or something.  Then again, I could use its
> autogenerate thing and just HOPE for the best on upgrades.
> 
> Thoughts?  What do you guys, and our gal, do in situations like this?
> 
> Dale
> 
> :-)  :-)
> 

Well, "it depends" is the only answer I can really give. There are
basically 4 scenarios which might have occurred:

1. Plaintext passwords were stolen. Then you should definitely change
your pw. I doubt amazon is stupid enough to store passwords as
plaintext, though.

2. Relatively weak password hashes were stolen, for example MD5 or sha1
with no salt. With modern PCs, it isn't too hard to brute-force against
such, even without rainbow-tables. Then you should change your password
but you might get lucky and don't need to.

3. Strong password hashes were used (something slow with a lot of salt,
possibly without storing the salt so it has to be guessed as well). Then
you don't need to change your password.

4. Something else was done. For example known-plaintext or
man-in-the-middle attacks against users. Then, well, it depends again ;)

Concerning how I'd handle it: I use app-admin/keepassx with a master
password. I'd just change the random amazon password as I've not
memorized it.

Obligatory xkcd reference: http://xkcd.com/936/
(I've checked the math, he is right.)

Regards,
Florian Philipp



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-user] ZIC, aka setting the time zone.

[Hinnerk van Bruinehsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 17.01.2012 03:56, Alan Mackenzie wrote:
> Hi, everybody.
> 
> I've finally become zic and tired of messages like
> 
> Tue Jan 17 02:48:28 Local time zone must be set--see zic manual
> page 2012 on tty14
> 
> .  Trying to read man zic, my eyes just glaze over.  I "just" want
> my time to be GMT (or UTC or UCT, or whatever it's called these
> days). Surely I don't have to go through the palaver described in
> the zic manual page.
> 
> Help, please!
> 

Should be done with:

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

(Berlin is my guess since you hail from Nuremberg, otherwise look in
/usr/share/zoneinfo if something fits better)


Kind regards,

Hinnerk
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPFR+xAAoJEJwwOFaNFkYcbPsH/iLJUSJjgWaAfMQzp1sXyI/X
uCVHqToWpGSQxMyVYEL6C9/uBrBmBa0uCB+XWbuCM/6vxdifvwoKfQ2nneKQPx78
uEVUqBb0DZY0jEfJf7HMdvnGbZGLkNBnpvt237UE6615qp75mzn+Y5qMvQ17gVBo
7Tcq8SWIwQbUcxw3ksGrY9qOmf7TG7+QMexr88boR1WwXvmPkmNM/Mia/AzoJZKT
sd5PCgC7H9K4PciPazFxQrLnlq4tUdfXLBj6Fb7vOJNHgGw5aS2XdCxm0d6rGPYi
VT1u0yrkbTNm/RHZVW8wWEYexS/NYoRQMdyd9ze02A1GaopmejkN2QSJCk21Lt4=
=l3JX
-END PGP SIGNATURE-

Re: [gentoo-user] Questions about hacked sites and passwords

[Dale]

Florian Philipp wrote:

Am 17.01.2012 03:22, schrieb Dale:

Howdy,

It was on the news that some company got hacked into that was related to
Amazon.  They said Amazon users should change their password just as a
precaution.  I have a questions tho.  I use some pretty good passwords
for the things that matter, sites such as my bank, credit card, ebay,
paypal, newegg and others that may store things such as my credit card
numbers.  Here is a example but not a close match to a typical password:

$cb78862A!

According to those password strength websites, that is a great
password.  Fairly long and lots of assorted characters and impossible to
guess since it contains no personal info such as birthdays or pets.
This is fairly typical for sites that matter.  I may use something
simple for sites such as forums or something tho.

My question.  If I have a really good password and someone gets hacked,
should I change the password if the passwords are still safe?  In other
words, they got some data such as email addys but the passwords and
credit cards are still secure.  Should a person change it anyway?

One reason I ask this.  I remember my passwords well.  If I go to
changing them every time someone gets hacked, I'll never be able to keep
up with them again.  I use Lastpass to remember them but it could stop
working because of a upgrade or something.  Then again, I could use its
autogenerate thing and just HOPE for the best on upgrades.

Thoughts?  What do you guys, and our gal, do in situations like this?

Dale

:-)  :-)


Well, "it depends" is the only answer I can really give. There are
basically 4 scenarios which might have occurred:

1. Plaintext passwords were stolen. Then you should definitely change
your pw. I doubt amazon is stupid enough to store passwords as
plaintext, though.

2. Relatively weak password hashes were stolen, for example MD5 or sha1
with no salt. With modern PCs, it isn't too hard to brute-force against
such, even without rainbow-tables. Then you should change your password
but you might get lucky and don't need to.

3. Strong password hashes were used (something slow with a lot of salt,
possibly without storing the salt so it has to be guessed as well). Then
you don't need to change your password.

4. Something else was done. For example known-plaintext or
man-in-the-middle attacks against users. Then, well, it depends again ;)

Concerning how I'd handle it: I use app-admin/keepassx with a master
password. I'd just change the random amazon password as I've not
memorized it.

Obligatory xkcd reference: http://xkcd.com/936/
(I've checked the math, he is right.)

Regards,
Florian Philipp



This is what one news source says, and they are all about the same:

http://venturebeat.com/2012/01/16/zappo-hack/

"I suppose the one saving grace is that the database that stores our 
customers’ critical credit card and other payment data was not affected 
or accessed."


What I read now is that it only affected the one site. It was early on 
that changing the password on Amazon was mentioned and I guess since 
they were not sure, it was just in case the worst happened.


I use Lastpass which does about the same as other password managers. It 
looks now like Zappo got off sort of lucky. Their customers may get 
extra spam now but at least it sounds like their credit card data is safe.


According to netcraft they run Linux. I wonder how they got into it? 
Think the admin had a really common password like "god" or something. 
lol Wasn't that in the movie "Hackers"?


Well, I changed mine before I sent the first post, just to be sure. Of 
course, with my bank account, they ain't going to spend much. Certainly 
not worth serious jail time. o_O


Dale

:-) :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"