Re: [gentoo-user] ro /
On Fri, 13 Jan 2017 17:26:37 -0600, Dale wrote: > I did use needrestart after a recent update. One thing I like, it asks > if you want to restart some of the services and gives you the option of > restarting them, skipping etc. You don't have to go do it by hand that > way. It also has intelligent defaults, such as not suggesting restarting services that would cause a problem, like your display manager or logind. It can operate interactively like this, or you can ask it to simply list the services it needs to restart. > It seems to work pretty well but I need to get used to how it > works. It is different from checkrestart. I might add, I also used > checkrestart afterwards and it seemed to pick up a couple things > needrestart didn't. I'm not yet sure what the deal is on that. I found that too. As needrestart is nicer to use, I run that first then checkrestart after if I feel like it. One difference is that needrestart doesn't list all the user processes that can only be restarted by logging out of the desktop. -- Neil Bothwick If Microsoft made cars: "The airbag system would ask "are you sure?" before deploying." pgpRVa_D8kuhu.pgp Description: OpenPGP digital signature
Re: [gentoo-user] tor browser also anti-fingerprinting
Miroslav Rovis [17-01-14 03:36]: > On 170113-18:01+0100, meino.cra...@gmx.de wrote: > > Adam Carter [17-01-13 02:51]: > > > I said in a recent thread that tor was an ip obfuscation tool, but also > > > "Tor > > > Browser normalizes many browser outputs to mitigate existing browser > > > fingerprinting," according to; > > > > > > https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/ > > Great new research! Thanks! This will be linked all over the internet, > for a few more months from now, till newser research comes along! > > > > > Hi Adam, > > > > would it possible to re-configure a Tor-Browser to use the "normal > > web" instead of the tor-network? > > > I see you asked Adam, but this is trivial. Tor-Browser is just Firefox, > modified and improved in some ways. > > -- > Miroslav Rovis > Zagreb, Croatia > http://www.CroatiaFidelis.hr Hi Miroslav, You have checked that yourself? ;) ok...becaused I tried and failed: how can I revert "modified and improved in some ways" to get back to "normal internet" and keep the other improvements... For example: Starting the torbrowser connect to the Tor-network before the browser itsself is visible...where is that implemented? (I dont want to dig into the source of the TB...) Cheers Meino
Re: [gentoo-user] tor browser also anti-fingerprinting
> > > Hi Adam, > > > > would it possible to re-configure a Tor-Browser to use the "normal > > web" instead of the tor-network? > > > I see you asked Adam, but this is trivial. Tor-Browser is just Firefox, > modified and improved in some ways. > I haven't used tor-browser yet, so I didnt know this, but it is good to hear. I will try out the browser with and without the network too.
Re: [gentoo-user] ro /
On Fri, Jan 13, 2017 at 3:26 PM, Dale wrote: > Jorge Almeida wrote: >> >> It would be great a program that goes through all processes and >> checks for old libraries in use. If the program assumes a particular >> setup ( sysv/ systemd or even supporting both) then it will not be >> useful for me. >> > Checkrestart lists what services or programs are using outdated files > after a upgrade. As a example, you upgrade udev and have not rebooted > or restarted udev, checkrestart will list that udev is using the older > version of files. After you restart udev and it is using the new files, > it will no longer list udev. Another example, you upgrade flash, > Firefox or even a package for KDE, if you haven't restarted those, it > will list them as using old versions and that they need to be > restarted. Sometimes it requires logging out, sometimes just closing > and then opening the program again. This may or may not help with your > remounting problem. > It looks good, this is what would be useful (checking processes, not daemons). However, it doesn't seem to work for me: $ checkrestart -v Found 0 processes using old versions of upgraded files $ mount -o remount,ro / mount: / is busy Thanks Jorge
Re: [gentoo-user] ro /
On Fri, Jan 13, 2017 at 3:50 PM, Michael Morak wrote: > On 13 January 2017 at 23:04, Jorge Almeida wrote: > > Almost, but not quite. The problem is that the POSIX standard requires that > any file *must* continue to exist until all file handles pointing to it are > closed. Thus, using your example, when file foo.so gets replaced, the new > foo.so is written to the disk somewhere, but, since foobard holds an open > file handle, the old file is not deleted from the disk yet. At that point, > the content of *both* files (and relevant inodes, etc.) exists on the > *disk*, and, in addition, there is a pending delete operation for the old > file (that is, a "write" operation to /). This prevents / from being mounted > ro, since the pending write must be executed first (hence the message "/ is > busy"). > OK, I think I understand it. > operation and output a list for you. The needrestart script can also try to > automatically restart them for you. I wouldn't want that. Thanks Jorge
Re: [gentoo-user] ro /
On 13 January 2017 at 23:04, Jorge Almeida wrote: > > process foobard requires a library foo.so. foobard was started when / > was ro. Then / is mounted rw and a new version of foo.so is installed. > Of course, foobard still uses foo.so (old). What prevents / to be > remounted ro? foo.so (new) is already on disk, foo.so (old) is still > being used, kept in RAM (I assume...) > Almost, but not quite. The problem is that the POSIX standard requires that any file *must* continue to exist until all file handles pointing to it are closed. Thus, using your example, when file foo.so gets replaced, the new foo.so is written to the disk somewhere, but, since foobard holds an open file handle, the old file is not deleted from the disk yet. At that point, the content of *both* files (and relevant inodes, etc.) exists on the *disk*, and, in addition, there is a pending delete operation for the old file (that is, a "write" operation to /). This prevents / from being mounted ro, since the pending write must be executed first (hence the message "/ is busy"). One reason for this behaviour is that foobard may duplicate its file handle, pass it to some other process, and that process must then still be able to read the file (from disk, that is, since it doesn't share memory with the foobard process). This generally doesn't happen for library files, but this is just how the system behaves for *any* file with an open handle. But apart from these technical details, usually when you update a library, you want all programs relying on it to start using the new version. So a restart would be required anyways. As Dale just wrote while I was typing this, the needrestart and checkrestart scripts basically check for all processes that have open handles for files which have a pending delete operation and output a list for you. The needrestart script can also try to automatically restart them for you. Hope this helps, Michael
Re: [gentoo-user] ro /
Jorge Almeida wrote: > On Thu, Jan 12, 2017 at 3:39 AM, Neil Bothwick wrote: >> On Thu, 12 Jan 2017 05:35:09 -0600, Dale wrote: >> >>> app-admin/checkrestart-0.47-r3 (/usr/sbin/checkrestart) >> There's also needrestart that is a little more intelligent, can > Dale and Neil, thanks for the hints. I'll take a look at checkrestart. > The man page in > http://manpages.ubuntu.com/manpages/precise/man1/checkrestart.1.html > doesn't say much about what it does, though, and I can't read > python... > > It would be great a program that goes through all processes and > checks for old libraries in use. If the program assumes a particular > setup ( sysv/ systemd or even supporting both) then it will not be > useful for me. > > Cheers > > Jorge > > Checkrestart lists what services or programs are using outdated files after a upgrade. As a example, you upgrade udev and have not rebooted or restarted udev, checkrestart will list that udev is using the older version of files. After you restart udev and it is using the new files, it will no longer list udev. Another example, you upgrade flash, Firefox or even a package for KDE, if you haven't restarted those, it will list them as using old versions and that they need to be restarted. Sometimes it requires logging out, sometimes just closing and then opening the program again. This may or may not help with your remounting problem. I did use needrestart after a recent update. One thing I like, it asks if you want to restart some of the services and gives you the option of restarting them, skipping etc. You don't have to go do it by hand that way. It seems to work pretty well but I need to get used to how it works. It is different from checkrestart. I might add, I also used checkrestart afterwards and it seemed to pick up a couple things needrestart didn't. I'm not yet sure what the deal is on that. I'd try them both and then either pick one that does what you want or use them both. Oh, I am pretty sure checkrestart uses lsof to do its thing. Needrestart pulled in some other packages. Based on that, I'd suspect needrestart uses different tools than checkrestart. Given that, even tho they do similar things, they do it differently. it seems. Linkys: https://linux-audit.com/determine-processes-which-need-a-restart-with-checkrestart-needrestart/ https://scottlinux.com/2014/08/13/important-use-checkrestart-on-debian-after-installing-security-updates/ Hope that helps. Dale :-) :-)
Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
I made it! See: http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ or open: $ \ http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm (and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm ) But there are stories to tell, along with patches to share, and a place for a nice bug report, coming. ( only when it's short info, and clear from the title what it's about, do I top post ) On 170111-21:55+0100, Miroslav Rovis wrote: > Hi! > > This is my installation of the package virt-manager: > > # equery l virt-manager > * Searching for virt-manager ... > [IP-] [ ] app-emulation/virt-manager-1.4.0-r2:0 > # > > # emerge -pv virt-manager > > These are the packages that would be merged, in order: > > Calculating dependencies ... done! > [ebuild R] app-emulation/virt-manager-1.4.0-r2::gentoo USE="sasl -debug > -gnome-keyring -gtk -policykit" LINGUAS="-as -bg -bn_IN -bs -ca -cmn -cs -da > -de -en_GB -es -fi -fr -gu -hi -hr -hu -is -it -ja -kn -ko -ml -mr -ms -nb -nl > -or -pa -pl -pt -pt_BR -ro -ru -sk -sr -sr@latin -sv -ta -te -tr -uk -vi > -zh_CN -zh_TW" PYTHON_TARGETS="python2_7" 0 KiB > > Total: 1 package (1 reinstall), Size of downloads: 0 KiB > # > > Also gunzip the equery_f_virt-manager.txt.gz for the list of files, of which I > present only those that I will, apparently, have to try and use, once my > initial query is cleared: > > /usr/bin/virt-clone > /usr/bin/virt-convert > /usr/bin/virt-install > /usr/bin/virt-xml > > While at the list of files, pls. notice that there is no executable named > 'virt-manager' in my system's virt-manager install: > > # grep -E '\/?bin\/virt-manager' equery_f_virt-manager.txt > # > > or: > > # grep 'virt-manager$' equery_f_virt-manager.txt > # > > both return empty. > > If I try sticking: > echo "app-emulation/virt-manager gtk" >> > /etc/portage/package.use/package.use.file > > hopeful to get the GUI, then: > > # emerge -pv virt-manager > > These are the packages that would be merged, in order: > > Calculating dependencies ... done! > > !!! All ebuilds that could satisfy "x11-libs/gtk+:3[introspection]" have been > masked. > !!! One of the following masked packages is required to complete your request: > - x11-libs/gtk+-3.22.5::gentoo (masked by: package.mask) > /etc/portage/package.mask/package.mask.file: > #media-video/libav > #gnome-base/gconf > > - x11-libs/gtk+-3.22.4::gentoo (masked by: package.mask) > - x11-libs/gtk+-3.20.9::gentoo (masked by: package.mask) > - x11-libs/gtk+-3.18.9::gentoo (masked by: package.mask) > - x11-libs/gtk+-3.16.7::gentoo (masked by: package.mask, missing keyword) > > (dependency required by "app-emulation/virt-manager-1.4.0-r2::gentoo[gtk]" > [ebuild]) > (dependency required by "virt-manager" [argument]) > For more information, see the MASKED PACKAGES section in the emerge > man page or refer to the Gentoo Handbook. > > # > > And that is a story that I have met many times with many packages, and, in > short, it hasn't ever been possible to solve it because in my > security-oriented no-frills true-unix only system I have "-dbus" among other > useflags: > > # grep -B3 -A6 '\-dbus' /etc/portage/make.conf > # These are the USE flags that were used in addition to what is provided by > the > # profile used for building. > USE="a52 alsa apache2 audit bash-completion berkdb bzip2 caps cdr crypt \ >cscope css -dbus dri dvb dvdr fam ffmpeg fontconfig gdbm \ >-geoip gif git -gnome gnutls gpm gstreamer gzip hardened \ >imagemagick -introspection jack jpeg jpeg2k -kde lame libcaca -libav \ >mad maildir mhash mng mplayer ncurses nls ogg opengl -pam png > -policykit \ >readline sasl sdl -selinux -systemd sysvipc smp sound sox sqlite > sqlite3 \ >ssl subversion svg tiff truetype -udev unicode v4l vim-syntax vorbis \ >X x264 xattr xine xv xvid zlib -pulseaudio" > > ( > A sidenote: notice what is banned with the '-' prefix. It's an > non-poetterware [1], true-unix only system, and the 'hardened' useflag is of > course for grsecurity-based hardened system, not for NSA Linux based. Oh > sorry, I meant SELinux, but NSA, at the turn of the millenium, created SELinux > just as, say, Mozilla, back in the Netscape days, created Javascript. So it > should be called that, shouldn't it? > ) > > So I guess, to get Tails installed, the way I will need to follow: > > https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html > > is certainly not literally. Exampli gratia, there is not anything to click at > at all in my virt-manager, for me to be able to follow, say, let me paste > just the > first step into here from that "advanced_topics" Tails page: > > PASTING-> > Running Tails from an ISO image > > Start virt-manager. > Double-click on localhost (QEMU) to connect to the QEMU system of your > host. > To create a
Re: [gentoo-user] tor browser also anti-fingerprinting
On 170113-18:01+0100, meino.cra...@gmx.de wrote: > Adam Carter [17-01-13 02:51]: > > I said in a recent thread that tor was an ip obfuscation tool, but also "Tor > > Browser normalizes many browser outputs to mitigate existing browser > > fingerprinting," according to; > > > > https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/ Great new research! Thanks! This will be linked all over the internet, for a few more months from now, till newser research comes along! > > Hi Adam, > > would it possible to re-configure a Tor-Browser to use the "normal > web" instead of the tor-network? > I see you asked Adam, but this is trivial. Tor-Browser is just Firefox, modified and improved in some ways. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] ro /
On Thu, Jan 12, 2017 at 1:06 AM, Michael Morak wrote: > Hi, > > I have a similar setup. The problem is that some of your services may still > have open handles on files that no longer exist after updating (i.e. the > service, when originally started, opened an .so library file that it needs > to run, but the file then gets deleted or replaced during the emerge -u). > Simply restart all services (and other running programs) that have locks on > files that were updated. > > The reason those files do not show up in your lsof command is that they may > not be open for writing but only for reading. A read lock on a file may > still give you the "/ is busy" message, since the open-for-read file cannot > be (fully) deleted while a running application still has a lock on it. You I figured it would be something like that. But I don't understand the gory innards: process foobard requires a library foo.so. foobard was started when / was ro. Then / is mounted rw and a new version of foo.so is installed. Of course, foobard still uses foo.so (old). What prevents / to be remounted ro? foo.so (new) is already on disk, foo.so (old) is still being used, kept in RAM (I assume...) This is not a big problem to me, but I would like to have a better understanding. Thanks Jorge
Re: [gentoo-user] ro /
On Thu, Jan 12, 2017 at 3:39 AM, Neil Bothwick wrote: > On Thu, 12 Jan 2017 05:35:09 -0600, Dale wrote: > >> app-admin/checkrestart-0.47-r3 (/usr/sbin/checkrestart) > > There's also needrestart that is a little more intelligent, can Dale and Neil, thanks for the hints. I'll take a look at checkrestart. The man page in http://manpages.ubuntu.com/manpages/precise/man1/checkrestart.1.html doesn't say much about what it does, though, and I can't read python... It would be great a program that goes through all processes and checks for old libraries in use. If the program assumes a particular setup ( sysv/ systemd or even supporting both) then it will not be useful for me. Cheers Jorge
Re: [gentoo-user] tor browser also anti-fingerprinting
Adam Carter [17-01-13 02:51]: > I said in a recent thread that tor was an ip obfuscation tool, but also "Tor > Browser normalizes many browser outputs to mitigate existing browser > fingerprinting," according to; > > https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/ Hi Adam, would it possible to re-configure a Tor-Browser to use the "normal web" instead of the tor-network? Cheers Meino
Re: [gentoo-user] ro /
On Thursday, 12 January 2017 06:15:55 GMT Dale wrote: > Neil Bothwick wrote: > > On Thu, 12 Jan 2017 05:35:09 -0600, Dale wrote: > >> When I do a upgrade and need to know what processes or services need to > >> be restarted, I use this command that someone posted about on here a > >> long time ago. > >> > >> > >> root@fireball / # equery b checkrestart > >> > >> * Searching for checkrestart ... > >> > >> app-admin/checkrestart-0.47-r3 (/usr/sbin/checkrestart) > > > > There's also needrestart that is a little more intelligent, can > > optionally restart services for you and also works with systemd as well > > as old school init systems. > > I wasn't aware of that one. I read, in the script I think, that > checkrestart isn't smart and needs a human eye. I'll try needrestart > and see if it works better. > > This may help the OP, Michael, me and others reading this and unaware. > > Thanks. >From me too. -- Regards Peter
[gentoo-user] I'm missing key parts of GNOME
So rather than install *all* of GNOME, I opted for setting `-extras` and then just did an `emerge gnome`. However, now that everything is installed, I have two rather important features missing that I'm wondering if I can install special without rolling in things like evolution and trackers etc. The two features are: * The GNOME extensions plugin is missing from all of my browsers * The keyboard settings are severely limited. I can only change a few hotkey combinations. Repeat rate for example is gone. To be honest, I'm not even sure that this is a result of missing the extras as I'm pretty sure both of these features were there when I did a fresh install a few months ago (I did after all install a bunch of extensions at that point that continue to work today) However things appear to have gone awry since the update to 3.22. Any insight on this would be appreciated.
