Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Neil Bothwick]

On Sat, 16 Jan 2016 13:02:04 +0100, meino.cra...@gmx.de wrote:

> You dd the image on a sdcard, put that one in a reader, copy two files
> from /boot to /media/boot, put the sdcard into the OrangePI-PC, boot
> it, log in via ssh and call a script named "fs_resize", the miniPC
> reboots...and VOILA!
> 
> Now I want to create such an image from parts of another image
> (kernel, firmware) and a bootable Gentoo minimal setup.
> 
> For that I need to understand the trick which is used to create such
> images.

Raspbian images do a similar thing, with an option in raspi_config to
resize the root filesystem to fill the card. There's no real trick, just
create the system you want on the smallest SD card that will hold it,
include the resize script and dd that card to an image.


-- 
Neil Bothwick

Copper wire was invented by two Scotsmen fighting over a penny!


pgpvAAhF9VNVh.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Adobe flash warning and tree

[Dale]

Neil Bothwick wrote:
> On Fri, 15 Jan 2016 19:28:16 -0600, Dale wrote:
>
>> I've seen that before.  I use that user agent plugin to switch to
>> something it likes.  Generally, it works.  Basically, you tell the
>> browser to lie and tell it is a windoze machine with IE and carry on. 
>> So far, that has always worked for me. 
> It's better to tell them you're using the Windows version of Firefox or
> Chrome. If you send an IE User_agent, some sites will start messing with
> ActiveX etc.

That is true but in the cases I used that, it required not only M$ but
also IE.  Having it set to Firefox or something would be safer as you
point out, if IE is not also required. 


>> By the way, my bank, credit card company and several other sites don't
>> support Linux.  They still work just fine.  It's just that some still
>> use flash and flash is sort of sick at the moment. 
> There's a difference between unsupported and not working. It works but
> you won't get far if you try to use their helpdesk.
>
>

True but if it works, I don't need the helpdesk.  If it doesn't, then we
are really stuck with no options anyway and back where we was at to
begin with.  ;-)

Dale

:-)  :-)

P. S.  I think I need a keyboard cleaning.  Some keys are stubborn.  :/ 

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Meino . Cramer]

Bill Kenworthy  [16-01-16 11:04]:
> On 16/01/16 17:27, Neil Bothwick wrote:
> > On Sat, 16 Jan 2016 04:50:49 +0100, meino.cra...@gmx.de wrote:
> > 
> >> to post a firmware image of my embedded linux computer
> >> to a friend I want to size it down.
> >>
> >> System wise I did that already (only the really necessary
> >> stuff of Gentoo plus some configuration and addons related
> >> to the embedded system)...the problem comes with the size of
> >> the microSDcard I use: 32 GB
> >>
> >> The microSDcard (source) has two partitions (boot + the rest).
> >> The boot partition is the first partition and it is of a fixed
> >> and tiny size. The second partition contains the "rest": Gentoo.
> >> Currently the used space of this partition is also small.
> >>
> >> The image needs to be of a format, which makes
> >> it possble to 'dd' it onto a microSDcard (target) and afterwards use
> >> g/parted to resize/expand the second partition to the end
> >> of the microSDcard to get all storage space available.
> > 
> > Quick and kludgy. Partition an SD card of the correct size, rsync your
> > data to it, then dd that card.
> > 
> > Any other method you use will require you to have a smaller SD card to
> > test the resultant image, so you may as well use that as the source and
> > know it works.
> > 
> > 
> 
> It is possible to create a dd image of the whole SD card and mount it in
> a loopback to repartition etc.
> 
> Mount it then shrink your existing file system (and probably the
> partition too) to less than the required size, then recreate the dd
> image to a size still less than the new sd card.
> 
> On the new card, dd it across until it errors off, then fix/expand the
> partition and then the file system.  You dont care if the end is missing
> as long as your data is within the size needed.
> 
> BillK
> 
> 
> 
Hi Neil, hi Bill,

THANKS FOR THE EXPLANATIONS! :)

Will try that!

Best regards,
Meino

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Neil Bothwick]

On Sat, 16 Jan 2016 17:53:18 +0800, Bill Kenworthy wrote:

> It is possible to create a dd image of the whole SD card and mount it in
> a loopback to repartition etc.
> 
> Mount it then shrink your existing file system (and probably the
> partition too) to less than the required size, then recreate the dd
> image to a size still less than the new sd card.
> 
> On the new card, dd it across until it errors off, then fix/expand the
> partition and then the file system.  You dont care if the end is missing
> as long as your data is within the size needed.

I get the impression that Meino is trying to keep it as simple as
possible for the other user, so fixing after errors is not a good idea.
Otherwise you could do what you suggest with the original card, shrink the
filesystem and partition to fit a smaller card then create a dd image
that will overflow but should work.


-- 
Neil Bothwick

RISC: Reduced Into Silly Code


pgpnj2F8SLj1Y.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] {OT} Allow work from home?

[Rich Freeman]

On Sat, Jan 16, 2016 at 2:39 AM, Alan McKinnon  wrote:
>
> As for the security levels of their personal machines, tell them what
> you require and from that point on you really have to trust your people
> so be security aware and with the program.
>

Most employers just issue laptops to their employees for this reason.
Set them up with full disk encryption and VPN access.  While I
wouldn't recommend this to a general employer you might get away with
the use of personal laptops if your employees all know what they're
doing - I have no idea what line of business you're in.  Most
businesses are not 100% staffed by people who are qualified to
properly maintain a workstation in a secure manner.

I also view this as a matter of principle.  If you're going to make
employees provide their own hardware, you don't really have that much
of a right to tell them exactly how you want it run.  If you're the
one providing the hardware, then you can provide it exactly how you
need it to be.

VPN is probably the easiest way to manage security though.  It is far
more secure than whitelisting IP addresses.  It isn't the only
solution - if you literally only need them to access a single
web-based application you could use client ssl certificates or
something like that, but you still need to control the security of the
client either way.  Just remember that laptops get lost so they really
do need full disk encryption.  Unfortunately on linux it seems LUKS
and a hand-entered password is the only common solution for this (it
looks like doing something TPM-based should be possible, but you
basically have to DIY).

Oh, if you are 100% web-based another solution is to just issue
chromebooks.  Those allow central provisioning/etc if you have a
google apps account, and they do support VPN.  Those have TPM-backed
full disk encryption out of the box, and are probably going to be way
easier for you to maintain, and certainly a lot cheaper.  As far as I
can tell (not having done this myself) they let you centrally
provision VPN certificates and such and set up the networking
settings.  You just boot a new chromebook, hit Ctrl-Alt-E or whatever,
and type in a google apps username/password that you gave access to
provision devices.  You also get remote wipe and all that other fun
stuff, and from everything I've read the security on those is about as
good as it gets.

-- 
Rich

Re: [gentoo-user] Re: Adobe flash warning and tree

[Neil Bothwick]

On Fri, 15 Jan 2016 19:28:16 -0600, Dale wrote:

> I've seen that before.  I use that user agent plugin to switch to
> something it likes.  Generally, it works.  Basically, you tell the
> browser to lie and tell it is a windoze machine with IE and carry on. 
> So far, that has always worked for me. 

It's better to tell them you're using the Windows version of Firefox or
Chrome. If you send an IE User_agent, some sites will start messing with
ActiveX etc.

> By the way, my bank, credit card company and several other sites don't
> support Linux.  They still work just fine.  It's just that some still
> use flash and flash is sort of sick at the moment. 

There's a difference between unsupported and not working. It works but
you won't get far if you try to use their helpdesk.


-- 
Neil Bothwick

JPEG (JPG)
 Joint Photographic Experts Group. The original name of the
 committee that designed the eponymous standard image compression
 algorithm. Abbreviated to JPG by PPL WHO CNT TYP or WSE PCS ARE BKN.


pgpaUfGUstwTy.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Bill Kenworthy]

On 16/01/16 17:27, Neil Bothwick wrote:
> On Sat, 16 Jan 2016 04:50:49 +0100, meino.cra...@gmx.de wrote:
> 
>> to post a firmware image of my embedded linux computer
>> to a friend I want to size it down.
>>
>> System wise I did that already (only the really necessary
>> stuff of Gentoo plus some configuration and addons related
>> to the embedded system)...the problem comes with the size of
>> the microSDcard I use: 32 GB
>>
>> The microSDcard (source) has two partitions (boot + the rest).
>> The boot partition is the first partition and it is of a fixed
>> and tiny size. The second partition contains the "rest": Gentoo.
>> Currently the used space of this partition is also small.
>>
>> The image needs to be of a format, which makes
>> it possble to 'dd' it onto a microSDcard (target) and afterwards use
>> g/parted to resize/expand the second partition to the end
>> of the microSDcard to get all storage space available.
> 
> Quick and kludgy. Partition an SD card of the correct size, rsync your
> data to it, then dd that card.
> 
> Any other method you use will require you to have a smaller SD card to
> test the resultant image, so you may as well use that as the source and
> know it works.
> 
> 

It is possible to create a dd image of the whole SD card and mount it in
a loopback to repartition etc.

Mount it then shrink your existing file system (and probably the
partition too) to less than the required size, then recreate the dd
image to a size still less than the new sd card.

On the new card, dd it across until it errors off, then fix/expand the
partition and then the file system.  You dont care if the end is missing
as long as your data is within the size needed.

BillK

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Meino . Cramer]

Neil Bothwick  [16-01-16 12:44]:
> On Sat, 16 Jan 2016 17:53:18 +0800, Bill Kenworthy wrote:
> 
> > It is possible to create a dd image of the whole SD card and mount it in
> > a loopback to repartition etc.
> > 
> > Mount it then shrink your existing file system (and probably the
> > partition too) to less than the required size, then recreate the dd
> > image to a size still less than the new sd card.
> > 
> > On the new card, dd it across until it errors off, then fix/expand the
> > partition and then the file system.  You dont care if the end is missing
> > as long as your data is within the size needed.
> 
> I get the impression that Meino is trying to keep it as simple as
> possible for the other user, so fixing after errors is not a good idea.
> Otherwise you could do what you suggest with the original card, shrink the
> filesystem and partition to fit a smaller card then create a dd image
> that will overflow but should work.
> 
> 
> -- 
> Neil Bothwick
> 
> RISC: Reduced Into Silly Code


Hi,

Neil is completly right here (Neil, you are completly right here! :)

Background: There is a cheap (15$) version of the Raspberry PI, which 
is based on a 4core, 1.2GHz Allwinner H3 CPU -- the OrangePI-PC

There are available several firmware images available for this board,
and each images can do a certain thing better than another (for
example hardware accelerated graphic). 

You dd the image on a sdcard, put that one in a reader, copy two files
from /boot to /media/boot, put the sdcard into the OrangePI-PC, boot
it, log in via ssh and call a script named "fs_resize", the miniPC
reboots...and VOILA!

Now I want to create such an image from parts of another image
(kernel, firmware) and a bootable Gentoo minimal setup.

For that I need to understand the trick which is used to create such
images.

The script mentioned above is this one:


#!/bin/bash

# **
# Resize Linux ext4 partition to fill sdcard
# **

if [ "$(id -u)" != "0" ]; then
echo "Script must be run as root !"
exit 0
fi

_REL=`lsb_release -sc`

_rootpart=`mount | grep "on / " | awk '{print $1}'`
if [ "${_rootpart}" = "/dev/mmcblk0p2" ]; then
rootdrv="mmcblk0p2"
sdcard="/dev/mmcblk0"
elif [ "${_rootpart}" = "/dev/mmcblk1p2" ]; then
rootdrv="mmcblk1p2"
sdcard="/dev/mmcblk1"
else
echo "Root fs mount partition not found!"
exit 1
fi
echo ""

fdisk -l $sdcard | grep $sdcard
echo ""

_btrfs=`mount | grep -o btrfs`

sdcard_part=`fdisk -l $sdcard | grep $rootdrv | awk '{print $1}'`
sdcard_sect=`fdisk -l $sdcard | grep "Disk $sdcard" | awk '{print $7}'`
if [ "${sdcard_sect}" = "" ]; then
sdcard_sect=`fdisk -l $sdcard | grep total | awk '{print $8}'`
fi
sdcard_end=$(expr $sdcard_sect - 1024)

part_start=`fdisk -l $sdcard | grep $rootdrv | awk '{print $2}'`
part_end=`fdisk -l $sdcard | grep $rootdrv | awk '{print $3}'`

echo "  Max block: $sdcard_end"
echo "   Part end: $part_end"
echo " Part start: $part_start"
if [ ! "${_btrfs}" = "" ]; then
echo " btrfs part: yes"
_resize="btrfs filesystem resize max /"
else
_resize="resize2fs ${sdcard_part}"
fi
echo ""
if [ $part_end -ge $sdcard_end ]; then
echo "Partition allready maximum size !"
rm /usr/local/bin/fs_resize_warning > /dev/null 2>&1
exit 0
fi

echo -n "WARNING: Do you want to resize \"$sdcard_part\" (y/N)?  "
read -n 1 ANSWER
if [ ! "${ANSWER}" = "y" ] ; then
echo ""
echo "Canceled.."
exit 0
fi
echo ""

# RESIZE PARTITION

echo -e "p\nd\n2\nn\np\n2\n$part_start\n$sdcard_end\nw" | fdisk ${sdcard} > 
/dev/null 2>&1
#if [ $? -ne 0 ]; then
#   echo "ERROR resizing partition!"
#   exit 1
#fi

echo "PARTITION RESIZED."

mv /etc/rc.local /etc/rc.local.orig

cat > /etc/rc.local << _EOF_
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# ** Overclock to 1.728 GHz
#echo 1728000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

echo 0 > /proc/sys/kernel/hung_task_timeout_secs

dmesg -n 1

/usr/local/bin/resize_fs &&

_EOF_

echo "exit 0" >> /etc/rc.local
chmod +x /etc/rc.local > /dev/null 2>&1

cat > /usr/local/bin/resize_fs << _EOF_
#!/bin/bash
$_resize
if [ \$? -eq 0 ]; then
rm /usr/local/bin/fs_resize_warning
rm /usr/local/bin/resize_fs
sleep 2
rm /etc/rc.local
mv /etc/rc.local.orig /etc/rc.local
fi
_EOF_

chmod +x /usr/local/bin/resize_fs > /dev/null 2>&1


REBOOT=1
echo "*"
echo "Rootfs Extended. Please REBOOT to take effect"
echo "*"
echo ""



Best regards,
Meino

Re: [gentoo-user] Re: Adobe flash warning and tree

[Mick]

On Saturday 16 Jan 2016 12:49:30 you wrote:
> On Saturday 16 Jan 2016 04:15:33 Dale wrote:
> > Neil Bothwick wrote:
> > > It's better to tell them you're using the Windows version of Firefox or
> > > Chrome. If you send an IE User_agent, some sites will start messing with
> > > ActiveX etc.
> > 
> > That is true but in the cases I used that, it required not only M$ but
> > also IE.  Having it set to Firefox or something would be safer as you
> > point out, if IE is not also required.
> 
> Well I tried channel5 website with a changed FF useragent string, by adding
> a general.useragent.override key in about:config
> 
> Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
> 
> and it still failed.

Then tried a MSIE useragent string:

Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

and continue to get the same error:

"To view this page ensure that Adobe Flash Player version 15.0.0 or greater is 
installed."

:-(

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Neil Bothwick]

On Sat, 16 Jan 2016 04:50:49 +0100, meino.cra...@gmx.de wrote:

> to post a firmware image of my embedded linux computer
> to a friend I want to size it down.
> 
> System wise I did that already (only the really necessary
> stuff of Gentoo plus some configuration and addons related
> to the embedded system)...the problem comes with the size of
> the microSDcard I use: 32 GB
> 
> The microSDcard (source) has two partitions (boot + the rest).
> The boot partition is the first partition and it is of a fixed
> and tiny size. The second partition contains the "rest": Gentoo.
> Currently the used space of this partition is also small.
> 
> The image needs to be of a format, which makes
> it possble to 'dd' it onto a microSDcard (target) and afterwards use
> g/parted to resize/expand the second partition to the end
> of the microSDcard to get all storage space available.

Quick and kludgy. Partition an SD card of the correct size, rsync your
data to it, then dd that card.

Any other method you use will require you to have a smaller SD card to
test the resultant image, so you may as well use that as the source and
know it works.


-- 
Neil Bothwick

Things which must be shipped together as a set, aren't.


pgpaTLSsB82FQ.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] {OT} Allow work from home?

[Mick]

On Saturday 16 Jan 2016 09:39:24 Alan McKinnon wrote:
> On 16/01/2016 06:17, Grant wrote:
> > I'm considering allowing some employees to work from home but I'm
> > concerned about the security implications.  Currently everybody shows up
> > and logs into their locked down Gentoo system and from there is able to
> > access the company webapps which are restricted to the office IP
> > address.  I guess I would have to allow webapp access from any IP for
> > those users and trust that their computer is secure?  Should that not be
> > scary?
> > 
> > - Grant
> 
> I have experience in this area. I work at ISPs where working from home
> is routine and required for overnight standby.
> 
> You need a VPN, I'd recommend OpenVPN. It's easy to set up and offers
> the security levels you need. Use the Layer3 routing option that uses
> tun drivers (not tap) and issue the certificates to the users yourself.
> Then allow your servers to accept connections from the VPN range as well
> as the internal office range
> 
> As for the security levels of their personal machines, tell them what
> you require and from that point on you really have to trust your people
> so be security aware and with the program.

Some other alternatives and thoughts to solutions already proposed are:

1.  Only allow access through the office firewall and webapp servers to the IP 
addresses of your employees.  This would only work if your employees have 
static IP addresses and are few in number - otherwise you are creating an 
administrative burden.  I assume that the client connection to the webapp 
server will be over some secure protocol, e.g. SSH, SSL/TLS.  Otherwise, 
you'll need an encrypted tunnel (see below).

2. Instead of OpenVPN which has been recommended I suggest that you take a 
look at IPSec with IKEv2.  IPSec + IKEv2 provides higher throughout because 
encryption/decryption is performed in the kernel, rather than userspace and 
because it allows for multi-threading, which last time I looked OpenVPN does 
not.  In addition, IKEv2 employs the MOBIKE protocol which allows mobile 
client roaming.  Changing client IP addresses is handled automatically, 
without having to restart manually the VPN session.  All this said, if your 
use case has low throughput demand then OpenVPN would work fine.  In both 
cases, use strong encryption.  

3. If you go with OpenVPN, following Alan's suggestion to use tun instead of 
tap, I should add that if you have deployed MSWindows or other clients and 
services with non-IP protocols, then you'll probably need a tap bridge to make 
sure that all services can get through.  The client machines will then become 
part of your LAN.  Depending on client numbers you may need more than one VLAN 
segment and multiple OpenVPN servers.

4. An easier and simpler alternative may be to run SSH SOCKS proxy on the 
server and proxychains on the clients.  Any software run with proxychains on 
the client will be tunnelled via SSH to the server and from a network 
perspective will be connected to the office LAN.  Webapps should be able to 
run quite efficiently in this way and connect to the LAN server.  Public key 
authentication and an SSH high port should keep pests away.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Meino . Cramer]

Neil Bothwick  [16-01-16 13:23]:
> On Sat, 16 Jan 2016 13:02:04 +0100, meino.cra...@gmx.de wrote:
> 
> > You dd the image on a sdcard, put that one in a reader, copy two files
> > from /boot to /media/boot, put the sdcard into the OrangePI-PC, boot
> > it, log in via ssh and call a script named "fs_resize", the miniPC
> > reboots...and VOILA!
> > 
> > Now I want to create such an image from parts of another image
> > (kernel, firmware) and a bootable Gentoo minimal setup.
> > 
> > For that I need to understand the trick which is used to create such
> > images.
> 
> Raspbian images do a similar thing, with an option in raspi_config to
> resize the root filesystem to fill the card. There's no real trick, just
> create the system you want on the smallest SD card that will hold it,
> include the resize script and dd that card to an image.
> 
> 
> -- 
> Neil Bothwick
> 
> Copper wire was invented by two Scotsmen fighting over a penny!

My problem is, that I dont know which will be the final size of
that image. So I will take a sdcard, which is big enough in 
any case.and end up with the problem, which caused my first
posting of this thread;)
And I am not owning a great variety of sdcards...especially when
it comes to feature of being EMPTY sdcards...;)

Best regards,
Meino

Re: [gentoo-user] Re: Adobe flash warning and tree

[Mick]

On Saturday 16 Jan 2016 04:15:33 Dale wrote:
> Neil Bothwick wrote:

> > It's better to tell them you're using the Windows version of Firefox or
> > Chrome. If you send an IE User_agent, some sites will start messing with
> > ActiveX etc.
> 
> That is true but in the cases I used that, it required not only M$ but
> also IE.  Having it set to Firefox or something would be safer as you
> point out, if IE is not also required.

Well I tried channel5 website with a changed FF useragent string, by adding a 
general.useragent.override key in about:config

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

and it still failed.  

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Creating an firmware image from a too large microSDcard...?

[Neil Bothwick]

On 16 January 2016 12:27:15 GMT+00:00, meino.cra...@gmx.de wrote:
> Neil Bothwick  [16-01-16 13:23]:
> > On Sat, 16 Jan 2016 13:02:04 +0100, meino.cra...@gmx.de wrote:
> > 
> > > You dd the image on a sdcard, put that one in a reader, copy two
> files
> > > from /boot to /media/boot, put the sdcard into the OrangePI-PC,
> boot
> > > it, log in via ssh and call a script named "fs_resize", the miniPC
> > > reboots...and VOILA!
> > > 
> > > Now I want to create such an image from parts of another image
> > > (kernel, firmware) and a bootable Gentoo minimal setup.
> > > 
> > > For that I need to understand the trick which is used to create
> such
> > > images.
> > 
> > Raspbian images do a similar thing, with an option in raspi_config
> to
> > resize the root filesystem to fill the card. There's no real trick,
> just
> > create the system you want on the smallest SD card that will hold
> it,
> > include the resize script and dd that card to an image.
> > 
> > 
> > -- 
> > Neil Bothwick
> > 
> > Copper wire was invented by two Scotsmen fighting over a penny!
> 
> My problem is, that I dont know which will be the final size of
> that image. So I will take a sdcard, which is big enough in 
> any case.and end up with the problem, which caused my first
> posting of this thread;)
> And I am not owning a great variety of sdcards...especially when
> it comes to feature of being EMPTY sdcards...;)
> 
> Best regards,
> Meino

Set it up on your 32GB card then, when you know how much space it uses, rsync 
it to a suitable card, like I said previously. You'll need a smaller card 
anyway, to test that it works, and microSD cards are really cheap now. 
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

[gentoo-user] Re: {OT} Allow work from home?

[Grant Edwards]

On 2016-01-16, Daniel Frey  wrote:

> I would use VPN + an X server that can spawn sessions on demand. This
> way it all stays internal on the work network.

One caveat: the way X11 was intended to work in this situation is that
you run the X11 clients on the secure machine in the office, and run
the X11 server on the remote machine in the worker's home.  But, in my
experience, it's been decades since remote X sessions could be used
for anything other than xterms and emacs.  All the "modern" GUI
toolkits (GTK, Qt, etc.) have been designed with the assumption that
the X11 server and client are co-resident on the same machine.  Even
the most trivial operations in those toolkits involve so many
round-trips between server and client that there's an intolerable
multi-second latency over a WAN connection (these days it barely works
though a 100M LAN).

It's a shame, because that used to be one of the big wins in the X11
architecture.

OTOH, there are other remote desktop options that work much better.

> I do something similar at work for our Windows clients, it was
> simple to set up there.
>
> I've set up my home server to act as a Windows-type terminal server
> using X and tigervnc.

OK, there you're running the X server and client on the same machine,
but the server is using VNC to display remotely.  That works.  Just
don't try to do it the "right" way -- the way X was intended to work.

> It actually works well, but I never got into multiuser and dealing
> with logon scripts and the like (you may or may not need this to
> deal with user documents and the like.)

--
Grant

[gentoo-user] Shutdown through systemctl as a normal user

[lukash]

Hi all,

I'm reading on the internet that systemctl poweroff should work for
normal user if he is the only one logged in, he is logged in locally
and his session is active. I seem to be meeting these conditions:

# loginctl
   SESSIONUID USER SEAT
 2   1000 lukash           seat0

$ loginctl show-session 2
Id=2
User=1000
Name=lu
Timestamp=Sat 2016-01-16 17:27:30 CET
TimestampMonotonic=9614418
VTNr=7
Seat=seat0
Display=:0
Remote=no
Service=lightdm
Desktop=awesome
Scope=session-2.scope
Leader=529
Audit=2
Type=x11
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0

But invoking the command gives me:

$ systemctl poweroff
Failed to set wall message, ignoring: Access denied
Failed to power off system via logind: Access denied
Failed to start poweroff.target: Access denied

How is this supposed to work on Gentoo?

Thanks in advance,
Lukas

Re: [gentoo-user] Re: Adobe flash warning and tree

[Dale]

Mick wrote:
> On Saturday 16 Jan 2016 12:49:30 you wrote:
>> On Saturday 16 Jan 2016 04:15:33 Dale wrote:
>>> Neil Bothwick wrote:
 It's better to tell them you're using the Windows version of Firefox or
 Chrome. If you send an IE User_agent, some sites will start messing with
 ActiveX etc.
>>> That is true but in the cases I used that, it required not only M$ but
>>> also IE.  Having it set to Firefox or something would be safer as you
>>> point out, if IE is not also required.
>> Well I tried channel5 website with a changed FF useragent string, by adding
>> a general.useragent.override key in about:config
>>
>> Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
>>
>> and it still failed.
> Then tried a MSIE useragent string:
>
> Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
>
> and continue to get the same error:
>
> "To view this page ensure that Adobe Flash Player version 15.0.0 or greater 
> is 
> installed."
>
> :-(
>


Sounds like you need a way to get it to lie about the version of flash
you are using now.  I'm not sure how one would do that but it seems that
is what it is complaining about. 

Sometimes I wish we were back in the days of text, just not dial-up. 
Don't want any more dial-up days.  :/

Dale

:-)  :-) 

[gentoo-user] Re: Adobe flash warning and tree

[Nikos Chantziaras]

On 16/01/16 14:54, Mick wrote:

On Saturday 16 Jan 2016 12:49:30 you wrote:

On Saturday 16 Jan 2016 04:15:33 Dale wrote:

Neil Bothwick wrote:

It's better to tell them you're using the Windows version of Firefox or
Chrome. If you send an IE User_agent, some sites will start messing with
ActiveX etc.


That is true but in the cases I used that, it required not only M$ but
also IE.  Having it set to Firefox or something would be safer as you
point out, if IE is not also required.


Well I tried channel5 website with a changed FF useragent string, by adding
a general.useragent.override key in about:config

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

and it still failed.


Then tried a MSIE useragent string:

Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

and continue to get the same error:

"To view this page ensure that Adobe Flash Player version 15.0.0 or greater is
installed."

:-(


As already pointed out, you need Google Chrome which comes with recent 
Flash. You can override the User-agent there too and use a Windows 
Chrome string.

Re: [gentoo-user] Re: {OT} Allow work from home?

[Daniel Frey]

On 01/16/2016 07:48 AM, Grant Edwards wrote:
>>
>> I've set up my home server to act as a Windows-type terminal server
>> using X and tigervnc.
> 
> OK, there you're running the X server and client on the same machine,
> but the server is using VNC to display remotely.  That works.  Just
> don't try to do it the "right" way -- the way X was intended to work.
> 

Yes, I was aware the "right" way wouldn't work for what I was trying to
do. To be honest, I never tested this over a VPN, I usually use it
internally when I'm moving big files around on the server. I used the
shell for the longest time but when you are copying files that don't
easily into a wildcard pattern, it's just easier to click them in the
GUI and copy/move them. That was the whole reason I set it up. The nice
thing is that everything runs on the server on my local LAN this way,
the only thing needed is tigervnc (well, and a VPN setup) on the client.

I've been running this setup for at least seven years (probably longer,
I don't remember when I set it up originally) now, with no major issues.
I actually just ran into one recently (like two weeks ago) - the new
version of tigervnc doesn't work in the manner I've set up with the
latest stable Xorg. Instead of troubleshooting, I just masked them and
everything is running normally.

I actually used a forum thread in the Docs, Tips, and Tricks forum[1] to
get it set up initially.


Dan

[1] https://forums.gentoo.org/viewtopic-t-72893-highlight-xvnc.html