Re: [gentoo-user] Firefox 38.1.0 :-(
On Jul 30, 2015 11:23 AM, "Alan Mackenzie" wrote:
> Over the course of the last 24 hours,
> Firefox 38.1.0 became stable in portage, so I merged it in.
> What a mistake! All my existing configuration (incl for NoScript+),
> all my bookmarks, all record of previous visits to site -
> gone, deleted, vanished. I'm not happy about that ... [etc]
Today, did the same emerge without any problem :
my bookmarks remain the same, as does my start-up ("home") site.
>From the discussion, it appears that your difficulties
resulted from your use of a developer version of FF,
but how you come to be using it is not clear.
--
,,
SUPPORT ___//___, Philip Webb
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto
TRANSIT`-O--O---' purslowatchassdotutorontodotca
[gentoo-user] Re: Firefox 38.1.0 :-(
On Thu, 30 Jul 2015 22:46:40 +0300 Emre Eryilmaz wrote: > 2015-07-30 21:23 GMT+03:00 Alan Mackenzie : > > Over the course of the last 24 hours, Firefox 38.1.0 became stable > > in portage, so I merged it in. > > > > What a mistake! > > It's a firefox profile problems. No data loss. Because aurora goes > firefox developer edition and firefox developer edition has a new > firefox profile. Its solutions: > https://bugs.gentoo.org/show_bug.cgi?id=555416#c5 I'm confused by all this. Why should the bindist USE flag control whether Firefox ESR or Firefox aurora/developer gets built? Will Firefox ESR no longer compile with the option --disable-official-branding ? Or does --disable-official-branding now produce an ESR version that behaves like a developer version WRT profiles? (If the answer to that last question is "yes", then ISTM this is an upstream bug.)
Re: [gentoo-user] Firefox 38.1.0 :-(
Alan Mackenzie wrote: > Hello, Mick. > > >> The 'default' profile selection does not stick. Deleting the new >> 'dev-edition-default' profile causes it to be recreated afresh at the >> next start up. > Yes. This is the sort of developer attitude that is making me want to > use a proper browser. What the heck does a browser need "prefiles" for, > anyway? It's supposed to be a web browser, for goodness sake. > > >> HTH. >> -- >> Regards, >> Mick I use different profiles for doing different things. Example, a social site that I volunteer as staff on requires me to be logged in as different members. If I use the same profile, I can only be logged in as one person at a time. When using a different profile, I can create a new profile for ever how many accounts/profiles I have to use. When I need to switch to another account, I just go to the bottom of the screen and click to switch to that profile. No logging out and back in and such. Also, I have one profile that I use to download videos. On that profile, I have plugins related to finding and downloading videos. I don't have those plugins in my other profiles. I do this in case a plugin goes bad, it only affects that profile but the others still work. It also helps me narrow down what the problem is. I have other profiles for similar reasons. Each as it's own setup for doing what it is intended to do. For years, I used a single profile. Once I started using different profiles for different things, I found it easier. The added benefit of isolating bad plugins helps too. Also, having only the plugins I need installed, seems to make it faster as well. I'm not a developer by any stretch. I do make good use of profiles tho. I have 8 different profiles for Firefox and three for Seamonkey. Due to a plugin issue, I recently moved a Seamonkey profile over to Firefox. Firefox has a lot more plugins it seems and they seem to get updated/fixed faster. Hope that helps answer your question. Dale :-) :-)
Re: [gentoo-user] Firefox 38.1.0 :-(
On Jul 30, 2015 11:23 AM, "Alan Mackenzie" wrote: > > Hello, Gentoo. > > Over the course of the last 24 hours, Firefox 38.1.0 became stable in > portage, so I merged it in. > > What a mistake! > > All my existing configuration (including for NoScript+), all my > bookmarks, all record of previous visits to site - gone, deleted, > vanished. I'm not happy about that. > > The usability of the program has gone down, down, down. Not a lot seems > to work properly, anymore. For example, it used to be that you could > mark a selection of "your" cookies then delete them in one operation. > Now you have to mark a single cookie and delete it, mark the next cookie > and delete it, Even the screen area where the current URL is > displayed is now displayed in low-contrast miniscule type, so that I can > barely read it. > > What on earth are the upstream developers thinking about? Destroying > somebody's configuration is not a nice thing to do. > > I've a feeling that all this must have been discussed here quite > recently, so apologies if I'm dredging up old stuff. Still, a > recommendation as to how I might proceed would be welcome. Should I go > back to 31.8.0 and stay there, or would I be better going with some fork > of firefox? > > Has my old config/cookies/... actually been physically destroyed, or is > it just being disregarded by 38.1.0? Looking at my ~/.mozilla/firefox > doesn't give me much hope. > > Yours, in anger. > -- > Alan Mackenzie (Nuremberg, Germany). > Not an answer to your question, but Google - chrome is a much better browser imo, and installs itself very quickly and tidily with portage.
Re: [gentoo-user] Configuring hostapd
On Saturday, August 01, 2015 8:50:21 PM Fernando Rodriguez wrote: > Hello, > > After installing hostapd I can successfully connect to the AP, I can get DHCP > from it, but I cannot access the network through it (neither lan or internet). > This is an existing router box so iptables and everything else is already > properly configured. > > I'm using this minimal config: > > interface=wlp0s10 > #driver=nl80211 > hw_mode=g > channel=6 > #ieee80211d=1 > #country_code=FR > #ieee80211n=1 > #wmm_enabled=1 > > ssid=LinuxAP > auth_algs=1 > wpa=2 > wpa_key_mgmt=WPA-PSK > rsn_pairwise=CCMP > wpa_passphrase=hello linux ap > > iw list shows the following supported modes: > * IBSS > * managed > * AP > * AP/VLAN > * monitor > > The ebuild warns that in order for hostapd to work I need to set the card in > master mode (the wiki makes no mention of it). But when I try to do that > (either through the net init scripts or through iwconfig) I get the following > error: > > Error for wireless request "Set Mode" (8B06) : > SET failed on device wlp0s10 ; Invalid argument. > > However after starting hostapd it appears that it was able to set the card to > master mode according to iwconfig: > > wlp0s10 IEEE 802.11bg Mode:Master Tx-Power=20 dBm > Retry short limit:7 RTS thr:off Fragment thr:off > Power Management:off > > So, is this card supported or not? Will I be able to connect and get dhcp from > the server if it didn't? Avahi also _sortof_ works. If I add the wifi card to > the deny-interfaces list on avahi-daemon.conf and try to ping the AP using the > avahi name the avahi daemon (on the AP) logs the following: > > Received packet from invalid interface. > > > This is the output of rc-service hostapd start: > > Configuration file: /etc/hostapd/hostapd.conf > Using interface wlp0s10 with hwaddr 00:14:a5:cb:4d:8a and ssid "LinuxAP" > wlp0s10: interface state UNINITIALIZED->ENABLED > wlp0s10: AP-ENABLED [ ok ] > > > Any suggestions? > > Forgot to mention, the card is: Qualcomm Atheros AR2413/AR2414 Wireless Network Adapter It uses ath5k driver. -- Fernando Rodriguez
[gentoo-user] Configuring hostapd
Hello, After installing hostapd I can successfully connect to the AP, I can get DHCP from it, but I cannot access the network through it (neither lan or internet). This is an existing router box so iptables and everything else is already properly configured. I'm using this minimal config: interface=wlp0s10 #driver=nl80211 hw_mode=g channel=6 #ieee80211d=1 #country_code=FR #ieee80211n=1 #wmm_enabled=1 ssid=LinuxAP auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP wpa_passphrase=hello linux ap iw list shows the following supported modes: * IBSS * managed * AP * AP/VLAN * monitor The ebuild warns that in order for hostapd to work I need to set the card in master mode (the wiki makes no mention of it). But when I try to do that (either through the net init scripts or through iwconfig) I get the following error: Error for wireless request "Set Mode" (8B06) : SET failed on device wlp0s10 ; Invalid argument. However after starting hostapd it appears that it was able to set the card to master mode according to iwconfig: wlp0s10 IEEE 802.11bg Mode:Master Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off So, is this card supported or not? Will I be able to connect and get dhcp from the server if it didn't? Avahi also _sortof_ works. If I add the wifi card to the deny-interfaces list on avahi-daemon.conf and try to ping the AP using the avahi name the avahi daemon (on the AP) logs the following: Received packet from invalid interface. This is the output of rc-service hostapd start: Configuration file: /etc/hostapd/hostapd.conf Using interface wlp0s10 with hwaddr 00:14:a5:cb:4d:8a and ssid "LinuxAP" wlp0s10: interface state UNINITIALIZED->ENABLED wlp0s10: AP-ENABLED [ ok ] Any suggestions? -- Fernando Rodriguez
Re: [gentoo-user] Firefox 38.1.0 :-(
On Sat, Aug 01, 2015 at 05:31:45PM +, Alan Mackenzie wrote: > > The 'default' profile selection does not stick. Deleting the new > > 'dev-edition-default' profile causes it to be recreated afresh at the > > next start up. > > Yes. This is the sort of developer attitude that is making me want to > use a proper browser. What the heck does a browser need "prefiles" for, > anyway? It's supposed to be a web browser, for goodness sake. I don’t use it often, but having it is nice. Actually many contemporary browsers do. I have my main profile that I usually use. But if I want to visit some site that shall not have any way of obtaining information I don’t want it to have (or because it just would not work with my restrictive security setup), I quickly create a throwaway profile. -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me with any social network. There is so much sand in Northern Africa that if it were spread out over the world it would completely cover the Sahara Desert.
Re: [gentoo-user] New Firefox-38.1.0 headers, or is Google getting smarter?
On Sat, Aug 1, 2015 at 9:27 AM, Mick wrote: > I tried to connect using IMAP4 while overseas. So this tells me that Google > are also logging the IP addresses I am connecting from and check my geographic > location for security purposes. If you log into gmail, scroll to the bottom and on the right you will find something along the lines of Last account activity: 0 minutes ago Details Now if you press the "Details" link you will find a log of recent activity on your account, including client and ip address. You can be either delighted that *you* can monitor your account activity, or terrified... the choice is yours.
Re: [gentoo-user] Firefox 38.1.0 :-(
2015-08-02 1:29 GMT+03:00 Mick : > PS. I noticed that Firebug (developer tools for FF), as well as Developer > Tools in Chromium, suddenly start uploading data to some https server, when I > visit certain websites. For example some sites on weebly.com would cause > this. The upload saturated the bandwidth of my ISP, but the data was over > https so I don't know what it was uploading. I uninstalled Firebug and > disabled developer tools in Chromium and the problem's gone. Have you noticed > the same? I've never used this plugin(firebug).
Re: [gentoo-user] Firefox 38.1.0 :-(
On Saturday 01 Aug 2015 18:45:17 Emre Eryilmaz wrote: > 2015-08-01 20:31 GMT+03:00 Alan Mackenzie : > >> The 'default' profile selection does not stick. Deleting the new > >> 'dev-edition-default' profile causes it to be recreated afresh at the > >> next start up. > > Hi Mick, > > You can use my previous solution and first firefox startup ( profiles > choose section), select "Use to selected profile without asking at > startup" This does not stick. The 'dev-edition-default' will launch at the next start up irrespective of the profile I have selected. > or you can use this solution Option 2. [1] > > [1] > https://support.mozilla.org/tr/kb/recover-lost-bookmarks-firefox-developer > -edition OK, but now I have rebuilt it and the problem is gone anyway. :-) PS. I noticed that Firebug (developer tools for FF), as well as Developer Tools in Chromium, suddenly start uploading data to some https server, when I visit certain websites. For example some sites on weebly.com would cause this. The upload saturated the bandwidth of my ISP, but the data was over https so I don't know what it was uploading. I uninstalled Firebug and disabled developer tools in Chromium and the problem's gone. Have you noticed the same? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: Blocking a domain instead of an IP with ufw
gmx.de> writes: > With ufw I want temporary block any access from my Gentoo PC to certain > domains. Since domain names change IP addresses I dont want to block > on base of the IP only. Here is a relevant discussion : http://unix.stackexchange.com/questions/137904/how-to-do-domain-filtering-in-linux In this aforementioned discussion there is a simple script (that I have no experience with) that just might be what you are looking for:: https://github.com/vmxdev/sidmat/ Good luck finding that solution that is simple and works best for you. Post back, as it is an interesting problem. hth, James
Re: [gentoo-user] Firefox 38.1.0 :-(
2015-08-01 20:31 GMT+03:00 Alan Mackenzie : >> The 'default' profile selection does not stick. Deleting the new >> 'dev-edition-default' profile causes it to be recreated afresh at the >> next start up. > Hi Mick, You can use my previous solution and first firefox startup ( profiles choose section), select "Use to selected profile without asking at startup" or you can use this solution Option 2. [1] [1] https://support.mozilla.org/tr/kb/recover-lost-bookmarks-firefox-developer-edition
Re: [gentoo-user] Firefox 38.1.0 :-(
Hello, Mick. On Sat, Aug 01, 2015 at 04:19:32PM +0100, Mick wrote: > On Thursday 30 Jul 2015 19:59:25 you wrote: > > On Thursday 30 Jul 2015 19:23:03 Alan Mackenzie wrote: > > > Hello, Gentoo. > > > Over the course of the last 24 hours, Firefox 38.1.0 became stable in > > > portage, so I merged it in. > > > What a mistake! > > > All my existing configuration (including for NoScript+), all my > > > bookmarks, all record of previous visits to site - gone, deleted, > > > vanished. I'm not happy about that. > > > The usability of the program has gone down, down, down. Not a lot seems > > > to work properly, anymore. For example, it used to be that you could > > > mark a selection of "your" cookies then delete them in one operation. > > > Now you have to mark a single cookie and delete it, mark the next cookie > > > and delete it, Even the screen area where the current URL is > > > displayed is now displayed in low-contrast miniscule type, so that I can > > > barely read it. > > > What on earth are the upstream developers thinking about? Destroying > > > somebody's configuration is not a nice thing to do. > > > I've a feeling that all this must have been discussed here quite > > > recently, so apologies if I'm dredging up old stuff. Still, a > > > recommendation as to how I might proceed would be welcome. Should I go > > > back to 31.8.0 and stay there, or would I be better going with some fork > > > of firefox? > > > Has my old config/cookies/... actually been physically destroyed, or is > > > it just being disregarded by 38.1.0? Looking at my ~/.mozilla/firefox > > > doesn't give me much hope. > > > Yours, in anger. > [snip ...] > > Someone else has already posted about losing their FF profile and settings. > > This however has not happened here. > > Sorry I can't shed more light on this problem. > Until it happened here too ... :-( > So, I find myself with one box having the problem of ALWAYS wanting to start > up with some 'dev-edition-default' profile, which has a dark bacground theme > and is void of previous user settings. The old profile with the user's > bookmarks, extensions, etc. is called 'default'. Firefox starts with the > Profile Manager pop-up giving me a choice which profile to use, but selecting > the 'default' profile and asking it not to ask again at start up does not > work > as expected. No, indeed it doesn't. > The 'default' profile selection does not stick. Deleting the new > 'dev-edition-default' profile causes it to be recreated afresh at the > next start up. Yes. This is the sort of developer attitude that is making me want to use a proper browser. What the heck does a browser need "prefiles" for, anyway? It's supposed to be a web browser, for goodness sake. > Anyway, the box without this problem does not have USE="bindist" set, while > the PC with the above problem does. I just removed bindist from make.conf > (not sure why it was there) and I rebuilt Firefox. The stuck dev-edition- > fault profile problem is gone! :-) But the bindist USE flag is about branding, and restrictions on the use of trademarks, and stuff like that. And if you look at the ebuild, you will see that this is indeed the only way that bindist is used. So all the messing around that firefox does with these silly profiles is done by some sort of "clever" programming. > HTH. > -- > Regards, > Mick -- Alan Mackenzie (Nuremberg, Germany).
Re: [gentoo-user] Firefox 38.1.0 :-(
On Thursday 30 Jul 2015 19:59:25 you wrote: > On Thursday 30 Jul 2015 19:23:03 Alan Mackenzie wrote: > > Hello, Gentoo. > > > > Over the course of the last 24 hours, Firefox 38.1.0 became stable in > > portage, so I merged it in. > > > > What a mistake! > > > > All my existing configuration (including for NoScript+), all my > > bookmarks, all record of previous visits to site - gone, deleted, > > vanished. I'm not happy about that. > > > > The usability of the program has gone down, down, down. Not a lot seems > > to work properly, anymore. For example, it used to be that you could > > mark a selection of "your" cookies then delete them in one operation. > > Now you have to mark a single cookie and delete it, mark the next cookie > > and delete it, Even the screen area where the current URL is > > displayed is now displayed in low-contrast miniscule type, so that I can > > barely read it. > > > > What on earth are the upstream developers thinking about? Destroying > > somebody's configuration is not a nice thing to do. > > > > I've a feeling that all this must have been discussed here quite > > recently, so apologies if I'm dredging up old stuff. Still, a > > recommendation as to how I might proceed would be welcome. Should I go > > back to 31.8.0 and stay there, or would I be better going with some fork > > of firefox? > > > > Has my old config/cookies/... actually been physically destroyed, or is > > it just being disregarded by 38.1.0? Looking at my ~/.mozilla/firefox > > doesn't give me much hope. > > > > Yours, in anger. [snip ...] > Someone else has already posted about losing their FF profile and settings. > This however has not happened here. > > Sorry I can't shed more light on this problem. Until it happened here too ... :-( So, I find myself with one box having the problem of ALWAYS wanting to start up with some 'dev-edition-default' profile, which has a dark bacground theme and is void of previous user settings. The old profile with the user's bookmarks, extensions, etc. is called 'default'. Firefox starts with the Profile Manager pop-up giving me a choice which profile to use, but selecting the 'default' profile and asking it not to ask again at start up does not work as expected. The 'default' profile selection does not stick. Deleting the new 'dev-edition-default' profile causes it to be recreated afresh at the next start up. Anyway, the box without this problem does not have USE="bindist" set, while the PC with the above problem does. I just removed bindist from make.conf (not sure why it was there) and I rebuilt Firefox. The stuck dev-edition- fault profile problem is gone! :-) HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Can't boot btrfs
On Friday 31 July 2015 21:47:01 James wrote: > Rich Freeman gentoo.org> writes: > > > As many know, I have made many failed attempts to get btrfs in raid 1 > > > working on gentoo, and have to this date, failed. > > > > Interesting. I've never had any problems with it. I boot using > > grub2+dracut with root on a single-device btrfs, and /usr on a > > multi-device raid1 btrfs (and dracut mounts both). > > We should focus on Peter's needs, as this is his thread. Well, thanks, but for the time being I've abandoned the attempt and restored the original system (and lost the last two days' e-mails - what an oaf). I read your advice about starting with one disk and adding the other later, but then I contemplated going through all that yet again and risk it still not booting, and I decided to stop and wait for some improvement in the code or the documents. Besides, it seems from my worsening error rate that /anno domini/ is taking its toll on my three remaining brain cells. My suspicion is that the BIOS and chipset on this old Asus P7P55D motherboard need some kind of special setup. Thanks to all for your help - I'm sure to need it again! -- Rgds Peter
Re: [gentoo-user] Gentoo on Android and the problem of space
Mick [15-08-01 12:39]: > On Saturday 01 Aug 2015 11:26:26 Helmut Jarausch wrote: > > On 08/01/2015 10:44:56 AM, meino.cra...@gmx.de wrote: > > > Hi Helmut, > > > > > > Until now it seems that my ASUS MeMO Pad 7 (ME176CX) only > > > mounts FAT32 automagically... > > > But I will try that extFAT > > > > > > > > > Question is: > > > how can I format a SCcard with exFAT on my Gentoo Box? > > > > sys-fs/exfat-utils > > > > Good luck, > > Helmut > > man mkfs.vfat > > -- > Regards, > Mick Hi Mick, I told Helmut, that I need obviously more coffee... After reading your mail I think I need a LOT more coffee! :) Thanks a lot ! :) Best regards, Meino
Re: [gentoo-user] Gentoo on Android and the problem of space
Helmut Jarausch [15-08-01 12:32]: > On 08/01/2015 10:44:56 AM, meino.cra...@gmx.de wrote: > > Hi Helmut, > > > > Until now it seems that my ASUS MeMO Pad 7 (ME176CX) only > > mounts FAT32 automagically... > > But I will try that extFAT > > > > > > Question is: > > how can I format a SCcard with exFAT on my Gentoo Box? > > sys-fs/exfat-utils > > Good luck, > Helmut > > > Hi Helmut, hu? Why I didn't find that? I grepped through eix's output...none. OK, more coffee may be the cure...;) Thanks a lot! :) Best regards, Meino
Re: [gentoo-user] Blocking a domain instead of an IP with ufw
Mick [15-08-01 13:20]: > On Saturday 01 Aug 2015 11:35:14 meino.cra...@gmx.de wrote: > > Mick [15-08-01 12:20]: > > > On Saturday 01 Aug 2015 10:48:15 Alan McKinnon wrote: > > > > On 01/08/2015 11:21, meino.cra...@gmx.de wrote: > > > > > Hi, > > > > > > > > > > With ufw I want temporary block any access from my Gentoo PC to > > > > > certain domains. Since domain names change IP addresses I dont want > > > > > to block on base of the IP only. > > > > > > > > > > Is this possible with ufw? > > > > > > > > That is really not a good idea, which is why packet filtering firewalls > > > > seldom attempt it. > > > > > > > > It means that *every*single*packet* involves a reverse DNS lookup to > > > > get the (unreliable) DNS name (which might not even be listed at all), > > > > do a string comparison and make a block decision based on that. All of > > > > which is probably an order of magnitude more resource use that simply > > > > sending the packet out. There are optimizations of course, such as > > > > caching the results of previous lookups, but there's still a > > > > considerable overhead. > > > > > > > > There's a few ways around it: > > > > > > > > 1. Rethink your firewalling policy. Maybe you really don't need to > > > > block stuff and just think you do. > > > > > > > > 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it > > > > cannot change more than once a day. So you only need to do a lookup > > > > once a day. Write or get a script that looks up your banned domains > > > > every so often, gets the new IP if it changed and reload a new > > > > netfilter rule set. > > > > > > > > #2 is the correct approach for large firewalls with many users but does > > > > involves a quite sophisticated codebase, probably way more than you > > > > need for your 1 pc. Which brings us back to #1 > > > > > > There's also the option to set in /etc/hosts: > > > > > > 127.0.0.1 safebrowsing.clients.google.com > > > > > > (Replace the google domain above with whatever you want to stop access > > > to). > > > > Hi Mick, > > > > yes this comes close to what I want, but it is not that easy to switch > > on/off. > > > > Background: > > I have a Android tablet which I connected via Wifi to my PC and > > started wireshark before the connection was etablished. > > > > As soon the connection was there, the tablet starts to phone home. > > I want to stop that for the case, when the tablet accesses those > > domains, since in that case an tablet ID or whatever this > > "anonymous identification" is called is transmitted. > > > > Next came iptables into my mind since it is a configuration > > item and not a phyical thing like a file. > > > > Is there a way (for example via something below /proc or /sys) to > > feed the contents of /etc/hosts into the kernel instead of using > > the physical file? > > > > Best regards > > Meino > > If I recall right you are using dnsmasq on the PC you connect the tablet to? > > In this case you can add in dnsmasq.conf: > > address=/some-adnroid-site.com/127.0.0.1 > > This will cause any dns queries to this address from the tablet to fail, but > it will NOT block connections to relevant IP addresses. Not sure if this is > any easier than altering /etc/hosts on the tablet. > > -- > Regards, > Mick Hi Mick, I am using create_ap on my PC to build a temporary Access Point for a Wifi connection with my tablet. I think, create_ap uses dnsmasq on the fly...not sure. I will try not to touch any Android system owned files on the tablet until a Custom ROM is made public for this tablet. With this Custom ROMS there is a tool bundled called "TWPR" or "CWM" which makes it easy to replay a so called nandroid backup (an image copy of the whole system internal flash) right after the bootloader is run and the system is still not booted. May sound a little paranoid, but changing things below /etc the wrong way especially on a system I dont understand in full currently has the ability to create "Just another brick in the wall"..."There is a difference in knowing the path and walking the path, Neo"..."Do you think you are booting, Neo? In _this room?" Ok...back to the topic. I added the suspicious accesses to the /etc/hosts on my PC, which I hope has the same effect, since everything is routed to the same DNS. What do you think? Best regards, Meino
Re: [gentoo-user] Blocking a domain instead of an IP with ufw
On Saturday 01 Aug 2015 11:35:14 meino.cra...@gmx.de wrote: > Mick [15-08-01 12:20]: > > On Saturday 01 Aug 2015 10:48:15 Alan McKinnon wrote: > > > On 01/08/2015 11:21, meino.cra...@gmx.de wrote: > > > > Hi, > > > > > > > > With ufw I want temporary block any access from my Gentoo PC to > > > > certain domains. Since domain names change IP addresses I dont want > > > > to block on base of the IP only. > > > > > > > > Is this possible with ufw? > > > > > > That is really not a good idea, which is why packet filtering firewalls > > > seldom attempt it. > > > > > > It means that *every*single*packet* involves a reverse DNS lookup to > > > get the (unreliable) DNS name (which might not even be listed at all), > > > do a string comparison and make a block decision based on that. All of > > > which is probably an order of magnitude more resource use that simply > > > sending the packet out. There are optimizations of course, such as > > > caching the results of previous lookups, but there's still a > > > considerable overhead. > > > > > > There's a few ways around it: > > > > > > 1. Rethink your firewalling policy. Maybe you really don't need to > > > block stuff and just think you do. > > > > > > 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it > > > cannot change more than once a day. So you only need to do a lookup > > > once a day. Write or get a script that looks up your banned domains > > > every so often, gets the new IP if it changed and reload a new > > > netfilter rule set. > > > > > > #2 is the correct approach for large firewalls with many users but does > > > involves a quite sophisticated codebase, probably way more than you > > > need for your 1 pc. Which brings us back to #1 > > > > There's also the option to set in /etc/hosts: > > > > 127.0.0.1 safebrowsing.clients.google.com > > > > (Replace the google domain above with whatever you want to stop access > > to). > > Hi Mick, > > yes this comes close to what I want, but it is not that easy to switch > on/off. > > Background: > I have a Android tablet which I connected via Wifi to my PC and > started wireshark before the connection was etablished. > > As soon the connection was there, the tablet starts to phone home. > I want to stop that for the case, when the tablet accesses those > domains, since in that case an tablet ID or whatever this > "anonymous identification" is called is transmitted. > > Next came iptables into my mind since it is a configuration > item and not a phyical thing like a file. > > Is there a way (for example via something below /proc or /sys) to > feed the contents of /etc/hosts into the kernel instead of using > the physical file? > > Best regards > Meino If I recall right you are using dnsmasq on the PC you connect the tablet to? In this case you can add in dnsmasq.conf: address=/some-adnroid-site.com/127.0.0.1 This will cause any dns queries to this address from the tablet to fail, but it will NOT block connections to relevant IP addresses. Not sure if this is any easier than altering /etc/hosts on the tablet. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Blocking a domain instead of an IP with ufw
Mick [15-08-01 12:20]: > On Saturday 01 Aug 2015 10:48:15 Alan McKinnon wrote: > > On 01/08/2015 11:21, meino.cra...@gmx.de wrote: > > > Hi, > > > > > > With ufw I want temporary block any access from my Gentoo PC to certain > > > domains. Since domain names change IP addresses I dont want to block > > > on base of the IP only. > > > > > > Is this possible with ufw? > > > > That is really not a good idea, which is why packet filtering firewalls > > seldom attempt it. > > > > It means that *every*single*packet* involves a reverse DNS lookup to get > > the (unreliable) DNS name (which might not even be listed at all), do a > > string comparison and make a block decision based on that. All of which > > is probably an order of magnitude more resource use that simply sending > > the packet out. There are optimizations of course, such as caching the > > results of previous lookups, but there's still a considerable overhead. > > > > There's a few ways around it: > > > > 1. Rethink your firewalling policy. Maybe you really don't need to block > > stuff and just think you do. > > > > 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it > > cannot change more than once a day. So you only need to do a lookup once > > a day. Write or get a script that looks up your banned domains every so > > often, gets the new IP if it changed and reload a new netfilter rule set. > > > > #2 is the correct approach for large firewalls with many users but does > > involves a quite sophisticated codebase, probably way more than you need > > for your 1 pc. Which brings us back to #1 > > There's also the option to set in /etc/hosts: > > 127.0.0.1 safebrowsing.clients.google.com > > (Replace the google domain above with whatever you want to stop access to). > > -- > Regards, > Mick Hi Mick, yes this comes close to what I want, but it is not that easy to switch on/off. Background: I have a Android tablet which I connected via Wifi to my PC and started wireshark before the connection was etablished. As soon the connection was there, the tablet starts to phone home. I want to stop that for the case, when the tablet accesses those domains, since in that case an tablet ID or whatever this "anonymous identification" is called is transmitted. Next came iptables into my mind since it is a configuration item and not a phyical thing like a file. Is there a way (for example via something below /proc or /sys) to feed the contents of /etc/hosts into the kernel instead of using the physical file? Best regards Meino
Re: [gentoo-user] Gentoo on Android and the problem of space
On Saturday 01 Aug 2015 11:26:26 Helmut Jarausch wrote: > On 08/01/2015 10:44:56 AM, meino.cra...@gmx.de wrote: > > Hi Helmut, > > > > Until now it seems that my ASUS MeMO Pad 7 (ME176CX) only > > mounts FAT32 automagically... > > But I will try that extFAT > > > > > > Question is: > > how can I format a SCcard with exFAT on my Gentoo Box? > > sys-fs/exfat-utils > > Good luck, > Helmut man mkfs.vfat -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Gentoo on Android and the problem of space
On 08/01/2015 10:44:56 AM, meino.cra...@gmx.de wrote: > Hi Helmut, > > Until now it seems that my ASUS MeMO Pad 7 (ME176CX) only > mounts FAT32 automagically... > But I will try that extFAT > > > Question is: > how can I format a SCcard with exFAT on my Gentoo Box? sys-fs/exfat-utils Good luck, Helmut
Re: [gentoo-user] Blocking a domain instead of an IP with ufw
On Sat, 1 Aug 2015 11:48:15 +0200, Alan McKinnon wrote: > There's a few ways around it: > > 1. Rethink your firewalling policy. Maybe you really don't need to block > stuff and just think you do. > > 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it > cannot change more than once a day. So you only need to do a lookup once > a day. Write or get a script that looks up your banned domains every so > often, gets the new IP if it changed and reload a new netfilter rule > set. > > #2 is the correct approach for large firewalls with many users but does > involves a quite sophisticated codebase, probably way more than you need > for your 1 pc. Which brings us back to #1 3. If you just want to block a few domains for all users of a computer, add them to /etc/hosts, pointing to 127.0.0.1 or somewhere similarly useless. If you only want to block web access, maybe something like squid or dansguardian is more suited to your needs. -- Neil Bothwick Linux like wigwam. No windows, no gates, Apache inside. pgpNtZBErkugG.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Blocking a domain instead of an IP with ufw
On Saturday 01 Aug 2015 10:48:15 Alan McKinnon wrote: > On 01/08/2015 11:21, meino.cra...@gmx.de wrote: > > Hi, > > > > With ufw I want temporary block any access from my Gentoo PC to certain > > domains. Since domain names change IP addresses I dont want to block > > on base of the IP only. > > > > Is this possible with ufw? > > That is really not a good idea, which is why packet filtering firewalls > seldom attempt it. > > It means that *every*single*packet* involves a reverse DNS lookup to get > the (unreliable) DNS name (which might not even be listed at all), do a > string comparison and make a block decision based on that. All of which > is probably an order of magnitude more resource use that simply sending > the packet out. There are optimizations of course, such as caching the > results of previous lookups, but there's still a considerable overhead. > > There's a few ways around it: > > 1. Rethink your firewalling policy. Maybe you really don't need to block > stuff and just think you do. > > 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it > cannot change more than once a day. So you only need to do a lookup once > a day. Write or get a script that looks up your banned domains every so > often, gets the new IP if it changed and reload a new netfilter rule set. > > #2 is the correct approach for large firewalls with many users but does > involves a quite sophisticated codebase, probably way more than you need > for your 1 pc. Which brings us back to #1 There's also the option to set in /etc/hosts: 127.0.0.1 safebrowsing.clients.google.com (Replace the google domain above with whatever you want to stop access to). -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Blocking a domain instead of an IP with ufw
On 01/08/2015 11:21, meino.cra...@gmx.de wrote: > Hi, > > With ufw I want temporary block any access from my Gentoo PC to certain > domains. Since domain names change IP addresses I dont want to block > on base of the IP only. > > Is this possible with ufw? That is really not a good idea, which is why packet filtering firewalls seldom attempt it. It means that *every*single*packet* involves a reverse DNS lookup to get the (unreliable) DNS name (which might not even be listed at all), do a string comparison and make a block decision based on that. All of which is probably an order of magnitude more resource use that simply sending the packet out. There are optimizations of course, such as caching the results of previous lookups, but there's still a considerable overhead. There's a few ways around it: 1. Rethink your firewalling policy. Maybe you really don't need to block stuff and just think you do. 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it cannot change more than once a day. So you only need to do a lookup once a day. Write or get a script that looks up your banned domains every so often, gets the new IP if it changed and reload a new netfilter rule set. #2 is the correct approach for large firewalls with many users but does involves a quite sophisticated codebase, probably way more than you need for your 1 pc. Which brings us back to #1 -- Alan McKinnon alan.mckin...@gmail.com
[gentoo-user] Blocking a domain instead of an IP with ufw
Hi, With ufw I want temporary block any access from my Gentoo PC to certain domains. Since domain names change IP addresses I dont want to block on base of the IP only. Is this possible with ufw? Thanks a lot for any help! Best regards, Meino
Re: [gentoo-user] Gentoo on Android and the problem of space
Helmut Jarausch [15-08-01 10:32]: > On 07/31/2015 08:19:06 PM, meino.cra...@gmx.de wrote: > > Hi, > > > > on my tablet PC I used an Android App called "Linux deploy" > > to install an chroot-environment for - guess - Gentoo. :) > > > > The tablet has a SDcard slot and recognizes any FAT32 formatted > > SDcard automatically. Anything else will silently be ignored. > > > > On my Galaxy S5, running Android 5.0, I have an 128 Gb SDcard formatted with > exFAT. > I do have files > 4Gb on that and there is no problem so far. > Helmut > > Hi Helmut, Until now it seems that my ASUS MeMO Pad 7 (ME176CX) only mounts FAT32 automagically... But I will try that extFAT Question is: how can I format a SCcard with exFAT on my Gentoo Box? Best regards, Meino
Re: [gentoo-user] Gentoo on Android and the problem of space
On 07/31/2015 08:19:06 PM, meino.cra...@gmx.de wrote: > Hi, > > on my tablet PC I used an Android App called "Linux deploy" > to install an chroot-environment for - guess - Gentoo. :) > > The tablet has a SDcard slot and recognizes any FAT32 formatted > SDcard automatically. Anything else will silently be ignored. > On my Galaxy S5, running Android 5.0, I have an 128 Gb SDcard formatted with exFAT. I do have files > 4Gb on that and there is no problem so far. Helmut
Re: [gentoo-user] New Firefox-38.1.0 headers, or is Google getting smarter?
Mick wrote: > On Saturday 01 Aug 2015 05:08:04 Volker Armin Hemmann wrote: >> Am 31.07.2015 um 11:31 schrieb Mick: >>> I used Firefox to login to Gmail and suddenly received a message from >>> Google, advising me: >>> >>> "New sign-in from Firefox on Linux >>> >>> Hi Michael,Your Google Account x was just used to sign in from >>> Firefox on Linux." >>> >>> Have you noticed something similar and should we be changing anything on >>> the new FF configuration, or is this Gmail getting smarter? >> >> seriously? Have you never heard that browsers send tons of data to the >> server? Like browser version, OS, language... ? >> >> Mozilla/5.0 (X11; Linux x86_64) KHTML/4.14.10 (like Gecko) Konqueror/4.14 >> >> that is, for example what MY konqueror setup currently sends. > > Thanks Volker, I know that browsers send agent data to the server, but I had > never received such an email from Gmail before. Most that had happened in the > past is to receive an email to confirm I am the real owner of the account when > I tried to connect using IMAP4 while overseas. So this tells me that Google > are also logging the IP addresses I am connecting from and check my geographic > location for security purposes. > Facebook does this too. I was testing tor once and it had me showing as coming from Africa somewhere. Anyway, it wouldn't let me in even with my password. After I disabled tor so that it would show my real location, I had a warning that someone had tried to login from a foreign country. It wanted me to change my password etc etc etc. Google isn't the only one that does this. I suspect that most all sites do this to some extent. After all, how can you visit a website and it not know your IP address and such? It has to know where to send your requests too. ;-) Dale :-) :-)
Re: [gentoo-user] New Firefox-38.1.0 headers, or is Google getting smarter?
On Saturday 01 Aug 2015 05:08:04 Volker Armin Hemmann wrote: > Am 31.07.2015 um 11:31 schrieb Mick: > > I used Firefox to login to Gmail and suddenly received a message from > > Google, advising me: > > > > "New sign-in from Firefox on Linux > > > > Hi Michael,Your Google Account x was just used to sign in from > > Firefox on Linux." > > > > Have you noticed something similar and should we be changing anything on > > the new FF configuration, or is this Gmail getting smarter? > > seriously? Have you never heard that browsers send tons of data to the > server? Like browser version, OS, language... ? > > Mozilla/5.0 (X11; Linux x86_64) KHTML/4.14.10 (like Gecko) Konqueror/4.14 > > that is, for example what MY konqueror setup currently sends. Thanks Volker, I know that browsers send agent data to the server, but I had never received such an email from Gmail before. Most that had happened in the past is to receive an email to confirm I am the real owner of the account when I tried to connect using IMAP4 while overseas. So this tells me that Google are also logging the IP addresses I am connecting from and check my geographic location for security purposes. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
