Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-04-15 Thread Frank Steinmetzger 
Am Sun, Mar 31, 2024 at 08:33:20AM -0400 schrieb Rich Freeman:
> (moving this to gentoo-user as this is really getting off-topic for -dev)
> […]
> We're going on almost 20 years since the Snowden revelations, and back
> then the NSA was basically doing intrusion on an industrial scale.

Weeaalll, it’s been 11 years in fact. Considering that is more than 10 
years, one could argue it is approaching 20. ;-)

I can remember the year well because Snowden is the same vintage as I am and 
he became 30 about when this all came out.

-- 
Grüße | Greetings | Salut | Qapla’
Others make mistakes, too -- but we have the most experience in it.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Alexandru N. Barloiu 
No argument from me. That JiaTan dude had other projects forked he was 
looking at. And none of them are good news. zstd. lz4. libarchive. 
squashfs-tools. But still, I think its good news if people already 
figured how to turn it off in a few days.




On 4/1/2024 1:36 AM, Michael Orlitzky wrote:

On Mon, 2024-04-01 at 01:32 +0300, Alexandru N. Barloiu wrote:

https://piaille.fr/@zeno/112185928685603910

There's an ENV var you can set that is a kill switch for the whole thing :)


For the part that we found :)

The author of the backdoor had commit access to the upstream repository
for a long time:

   https://git.tukaani.org/?p=xz.git;a=search;s=Jia+Tan;st=author

Personally I would be skeptical of running any version of any package
that he has touched.

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Michael Orlitzky 
On Mon, 2024-04-01 at 01:32 +0300, Alexandru N. Barloiu wrote:
> https://piaille.fr/@zeno/112185928685603910
> 
> There's an ENV var you can set that is a kill switch for the whole thing :)
> 

For the part that we found :)

The author of the backdoor had commit access to the upstream repository
for a long time:

  https://git.tukaani.org/?p=xz.git;a=search;s=Jia+Tan;st=author

Personally I would be skeptical of running any version of any package
that he has touched.

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Alexandru N. Barloiu 

https://piaille.fr/@zeno/112185928685603910

There's an ENV var you can set that is a kill switch for the whole thing :)


On 4/1/2024 1:29 AM, Michael Orlitzky wrote:

On Sun, 2024-03-31 at 18:19 -0400, Michael Orlitzky wrote:

The old version will show up as liblzma.so.5.6.1. Restart anything that
uses it.

Or liblzma.so.5.6.0

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Michael Orlitzky 
On Sun, 2024-03-31 at 18:19 -0400, Michael Orlitzky wrote:
> 
> The old version will show up as liblzma.so.5.6.1. Restart anything that
> uses it.

Or liblzma.so.5.6.0

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Michael Orlitzky 
On Sun, 2024-03-31 at 12:04 -0400, Rich Freeman wrote:
> 
> It is not necessary to rebuild anything, unless you're doing something
> so unusual that you'd already know the answer to the question.
> 

You should probably reboot afterwards though.

For a more fine-grained approach, you can check for running processes
that still use the old library with something like,

  root # grep liblzma /proc/*/maps

The old version will show up as liblzma.so.5.6.1. Restart anything that
uses it.

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Rich Freeman 
On Sun, Mar 31, 2024 at 5:36 PM Wol  wrote:
>
> On 31/03/2024 20:38, Håkon Alstadheim wrote:
> > For commercial entities, the government could just contact the company
> > and apply pressure, no need to sneak the backdoor in. Cf. RSA .
>
> Serving a "secret compliance" notice on a third party is always fraught
> with danger. Okay, I probably can't trust my own government to protect
> me, but if the US Government served a compliance notice on me I'd treat
> it with the respect it deserved - probably use it as loo paper!

I imagine most large companies would just comply with their local
government, but there are some major limitations all the same:

1. It isn't necessarily the local government who wants to plant the
back door.  The FBI can't just call up Huawei and get the same results
they would with Google.
2. Even if the company complies, there are going to be more people who
are aware of the back door.  Some of those could be foreign agents.
If you infiltrate the company and obfuscate your code, then only your
own agents are aware there is an intrusion.
3. The methods employed in your attack might also be sensitive, and so
that's another reason to not want to disclose them.  If you have some
way of subtly compromising some encryption scheme, you might not want
any employees of the company to even know the cryptosystem weakness
even exists, let alone the fact that you're exploiting it.  When the
methods are secret in this way it is that much easier to obfuscate a
clandestine attack as well.

When you look at engineer salaries against national defense budgets,
it wouldn't surprise me if a LOT of FOSS (and other) contributors are
being paid to add back doors.  On the positive side, that probably
also means that they're getting paid to fix a lot of bugs and add
features just to give them cover.

To bomb a power plant might take the combined efforts of 1-2 dozen
military aircraft in various roles, at $100M+ each (granted, that's
acquisition cost and not operational cost).  Installing a trojan that
would cause the plant to blow itself up on command might just require
paying a few developers for a few years, for probably less than $1M
total, and it isn't even that obvious that you were involved if it
gets discovered, or even after the plant blows up.

-- 
Rich

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Wol 

On 31/03/2024 20:38, Håkon Alstadheim wrote:
For commercial entities, the government could just contact the company 
and apply pressure, no need to sneak the backdoor in. Cf. RSA .


Apply pressure to who? At the end of the day, the only people the 
government can trust are their own agents.


Serving a "secret compliance" notice on a third party is always fraught 
with danger. Okay, I probably can't trust my own government to protect 
me, but if the US Government served a compliance notice on me I'd treat 
it with the respect it deserved - probably use it as loo paper!


Nobody should trust anybody else more than they have need to - and 
especially governments should not trust 3rd-party nationals! It's not 
worth it.


Cheers,
Wol

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Håkon Alstadheim 



Den 31.03.2024 14:33, skrev Rich Freeman:

(moving this to gentoo-user as this is really getting off-topic for -dev)


It might also happen with commercial software, but the challenge there
is HR as you can't just pay 1 person to masquerade as 10 when they all
need to deal with payroll taxes.


For commercial entities, the government could just contact the company 
and apply pressure, no need to sneak the backdoor in. Cf. RSA .

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Rich Freeman 
On Sun, Mar 31, 2024 at 10:59 AM Michael  wrote:
>
> On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
> > (moving this to gentoo-user as this is really getting off-topic for -dev)
>
> Thanks for bringing this to our attention Rich.
>
> Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are
> we meant to rebuilding any other/all packages, especially if we rebuilt our
> @world only a week ago as part of the move to profile 23.0?

It is not necessary to rebuild anything, unless you're doing something
so unusual that you'd already know the answer to the question.

-- 
Rich

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Daniel Frey 

On 3/31/24 07:59, Michael wrote:

On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:

(moving this to gentoo-user as this is really getting off-topic for -dev)


Thanks for bringing this to our attention Rich.

Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are
we meant to rebuilding any other/all packages, especially if we rebuilt our
@world only a week ago as part of the move to profile 23.0?


I just ran `glsa-check -l affected` and it came up blank for me.

I ran `emerge --sync` and checked again and it indeed says my machine is 
affected.


I then ran `emerge -auDN world` and it automatically downgraded.

So, all we need to do sync and update world. It will downgrade xz-utils 
automatically.


If you want to make sure, run `glsa-check -l affected` after the emerge 
world, if it comes up blank you are not affected. Or run `glsa-check -l 
202403-02` and it will tell you if you are affected:


$ glsa-check -l 202403-04
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.

202403-04 [U] XZ utils: Backdoor in release tarballs ( app-arch/xz-utils )


Dan

Re: [gentoo-user] Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

2024-03-31 Thread Michael 
On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
> (moving this to gentoo-user as this is really getting off-topic for -dev)

Thanks for bringing this to our attention Rich.

Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are 
we meant to rebuilding any other/all packages, especially if we rebuilt our 
@world only a week ago as part of the move to profile 23.0?


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: gentoo-sources-6.7.7 build error

2024-03-02 Thread ralfconn 

Il 02/03/24 18:17, Holger Hoffstätte ha scritto:
> On 2024-03-02 18:12, ralfconn wrote:
>> I have a build error with latest gentoo-sources (~amd64): # eix -I
>> gentoo-sources Installed versions: 6.7.6(6.7.6)^bs(10:37:31
>> 02/24/24)(-build -experimental -symlink) 6.7.7(6.7.7)^bs(18:43:20
>> 03/01/24)(-build -experimental -symlink) # eix -I gcc Installed
>> versions: 13.2.1_p20240210(13)^t(17:09:30 02/18/24)(cet cxx
>> default-stack-clash-protection default-znow fortran hardened nls
>> openmp pie sanitize ssp -ada -custom-cflags -d -debug -doc
>> -fixed-point -go -graphite -ieee-long-double -jit -libssp -lto
>> -modula2 -multilib -objc -objc++ -objc-gc -pch -pgo -systemtap -test
>> -valgrind -vanilla -vtv -zstd) fs/ntfs3/frecord.c: In function
>> ‘ni_read_frame’: fs/ntfs3/frecord.c:2460:16: error: unused variable
>> ‘i_size’ [-Werror=unused-variable]  2460 | loff_t i_size =
>> i_size_read(>vfs_inode);
>>
>> This is on a gentoo box with mixed profile
>> (local:no-multilib-hardened-desktop (dev)). The vanilla kernel
>> downloaded from kernel.org - with same config - has the same build
>> error. I thought it could be a hardened-related issue, but a
>> different gentoo box with an hardened-dektop profile builds fine. The
>> kernel config is different, though. By the way, looking at the
>> failing source it seems to me that the error is a false positive. I
>> suppose nobody else is seeing this, I see no reports on the net. Any
>> hints? Should I file a bug upstream? thanks, raffaele
>
> Already known:
> https://lore.kernel.org/stable/2024030214-scratch-compactly-638f@gregkh/
>
> So either set CONFIG_NTFS3_LZX_XPRESS=y or just wait.
>
>
Wow, faster than light, thanks!

In addition to the suggested fix, also disabling NTFS support completely 
works.


thanks again,

raffaele

RE: [gentoo-user] RE: [gentoo-user] Encrypted hard drives on LVM and urgent power shutdowns.

2022-09-13 Thread Laurence Perkins 


>> If you want an arbitrarily large battery bank, just get a decent power 
>> inverter heavy enough to run your load and a battery float charger that can 
>> push enough amps to keep up, then put as big a stack of batteries as you 
>> like between the two.  The nicer inverters will even warn you when the 
>> batteries get low.
>
>> You can often get used batteries from the local automotive shop for 
>> just the core charge.  Just because it can't provide 600 amps to start a car 
>> any more doesn't mean it can't provide 60 to run your computers.  Obviously 
>> they'll require more regular maintenance, but it's hard to beat the price.
>
>> LMP 
>
>How would you physically connect the automotive battery to the computer, and 
>would you need the shell of the old UPS?
>
>I have an old Tripp-Lite UPS, batteries are dead and no longer rechargeable.
>
>Would you connect only the computer, or would you connect the monitor as well? 
> Would you connect networking equipment?
>
>Tom
>
>

If your old UPS had sufficient capacity, you can usually just open it up (make 
sure it's unplugged and turned off first, obviously) and replace the battery 
with one of the same size.  Often there's an access panel for doing exactly 
that.

Otherwise, you'll need to extend the battery leads out through the side of the 
case to whatever battery bank you're using.  Keeping the case would definitely 
be recommended since there will be high voltage in the system when it's in 
operation.  Also the new battery bank will need to be the same chemistry and 
voltage as the original.  Usually it's lead-acid and multiples of 12 volts, 
(hence why old automotive batteries can work, but will require test and service 
after every power outage because they're designed for high output, not deep 
discharge) but do double check.

What you connect to it depends on what you figure needs battery backup and how 
many amps the inverter in the UPS can supply without overheating.

Note that messing too much with the internals of a power inverter can cause 
fire or electrocution if done improperly, so make sure you research how it all 
works before modifying anything.

LMP

Re: [gentoo-user] RE: [gentoo-user] Encrypted hard drives on LVM and urgent power shutdowns.

2022-09-13 Thread Michael 
On Tuesday, 13 September 2022 06:47:21 BST Thomas Mueller wrote:
> from Laurence Perkins:
> > Some of the higher-end UPS models do have diagnostic modes for simulating
> > various events to make sure the connected systems behave as desired.  A
> > very few of the consumer-grade ones do as well.  But how to do it is
> > model specific, so you'll have to dig up the documentation.
> > 
> > Commercial-grade units also often have a DC port on the back so you can
> > plug in larger battery banks and/or hotswap battery banks during extended
> > outages.
> > 
> > If you want an arbitrarily large battery bank, just get a decent power
> > inverter heavy enough to run your load and a battery float charger that
> > can push enough amps to keep up, then put as big a stack of batteries as
> > you like between the two.  The nicer inverters will even warn you when
> > the batteries get low.
> > 
> > You can often get used batteries from the local automotive shop for just
> > the core charge.  Just because it can't provide 600 amps to start a car
> > any more doesn't mean it can't provide 60 to run your computers. 
> > Obviously they'll require more regular maintenance, but it's hard to beat
> > the price.
> > 
> > LMP
> 
> How would you physically connect the automotive battery to the computer, and
> would you need the shell of the old UPS?

Yes, you need the *contents* of the UPS shell. It contains the rectifier to be 
able to recharge the battery/batteries and the inverter to be able to feed the 
PC from the batteries.

I've also used a car battery out of an old Mini to keep equipment running 
during prolonged power outages.  I connected it in parallel to the UPS 
battery.  After the power returned, almost two days later, I disconnected it 
and recharged it with a car battery charger, which could take the higher 
amperage.  Trickle-charging should be OK via the UPS.


> I have an old Tripp-Lite UPS, batteries are dead and no longer rechargeable.

Why don't you replace them?  They are not particularly expensive, although I 
have not looked at UPS battery prices lately.


> Would you connect only the computer, or would you connect the monitor as
> well?  Would you connect networking equipment?
> 
> Tom

I connect modem, router, PC and monitor, so that whatever operation is taking 
place it can be completed, applications running ended and the PC shutdown 
manually.  If the PC is running unattended when the power interruption 
happens, eventually the upssched will shutdown the PC.

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: Gentoo IRC presence moving to Libera Chat

2021-05-28 Thread Hund 
On May 28, 2021 5:50:32 AM GMT+02:00, "caveman رَجُلُ الْكَهْفِ 穴居人" 
 wrote:
>hi.  any reason why you guys didn't go to OFTC
>instead of libera?
>
>despite libera being called after liberty in latin,
>its tor support is hypocritical, as it requires
>registering SASL over an un-tor-ed connection,
>hence revealing your IP address, which defeats the
>whole point of tor (hiding your IP address).
>OFTC, on the other hand, is the home of the tor
>project, and has best tor support.  so, in a
>sense, OFTC is the true libera.
>
>rgrds,
>cm.
>

(I'm not representing Gentoo.)

The purpose of Libera Chat is to provide a community platform for libre 
software and peer directed projects, like Gentoo.

Libera means "to set free". Which is the philosophical view of software that it 
should be free as in free speech, not necessarily as in free beer. It has 
nothing to with online anonymity.

--
Hund

Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-15 Thread William Kenworthy 
Hi,

    genkernel keeps a very detailed log at /run/iniramfs/gksoreport.txt.
(or similar)

When it exits to the cant find root prompt, type "shell" and you can
read/save the report.

BillK



On 15/5/21 7:10 am, mad.scientist.at.la...@tutanota.com wrote:
> --"Fascism begins the moment a ruling class, fearing the people may use their 
> political democracy to gain economic democracy, begins to destroy political 
> democracy in order to retain its power of exploitation and special 
> privilege." Tommy Douglas
>
>
>
>
> May 14, 2021, 15:15 by john.bli...@gmail.com:
>
>> n
>>
>>
>> On Fri, May 14, 2021 at 2:36 AM John Covici <> cov...@ccs.covici.com> > 
>> wrote:
>>
>>> I would look in the grub.cfg and give us exactly what is in the stanza
>>>  you are using, including where it thinks the root file system is,
>>>  etc.  Also, see if there is any genkernel option to get some debugging
>>>  info out of the initrd, I know using dracut you can get breakpoints
>>>  during the process and see how its doing.
>>>
>> Tried dracut.  No change.
>>
>> Added the kernel command line debug options (#3 in “Identifying your problem 
>> area” in ‘man dracut’).  No change.
>>
>> Feeling peevish, I made a file of random junk using dd if=/dev/random 
>> of=initrd.img count=4096.  Then supplied that pile of junk as the initrd.  
>> Again, no change.
>>
>> Then I supplied a nonexistent file name (xxx.img) as the initrd.  This time 
>> I got a complaint:
>>
>> error: file ‘/xxx.img’ not found.
>>
>> Press any key to continue...
>>
>> So, it’s getting as far as wanting to read the initrd, and is smart enough 
>> to tell whether the specified initrd actually exists on the specified boot 
>> partition.  But it can’t actually be doing anything with the initrd, or it 
>> would have objected to the random junk I fed it.
>>
>> From > https://en.m.wikipedia.org/wiki/Initial_ramdisk#Implementation> , it 
>> appears that grub is in charge of loading both linux and the initrd into 
>> memory, then handing execution over to linux along with a pointer to the 
>> memory location of the initrd.
>>
>> I’ve observed that that no booting output comes out of linux, nor any 
>> complaints from linux about the nonsense contents I fed it from the random 
>> initrd I built.  That suggests to me that grub has failed to load linux 
>> and/or the initrd into memory, or that it's failed to hand execution control 
>> to linux.
>>
>> Next step:  learned how to run an interactive grub2 command shell. With full 
>> debugging turned on, it looks like grub2 can load the kernel image, and it 
>> looks like it loads the initrd as well.  At least there are no complaints 
>> and the reported initrd size looks correct.
>>
>> But when I issue the boot command, grub2 issues a handful of mallocs and 
>> does a little token parsing, and then just stops...
>>
>> So it appears that the boot problem arises right around the handoff from 
>> grub2 to linux.  Don’t know whether grub2 or linux has failed.  I don’t know 
>> how to get either one to tell me more.
>>
>> John
>>
> Have you recompiled the kernel?  Could be a random, erroneous write to disk 
> or something in the kernel compile didn't go well.  I'd suggest also 
> rebuilding the initrd and reinstalling grub.  I.e. I think there is likely a 
> kernel compile issue since it doesn't ever launch the kernel succesfully 
> either on autopilot or when you run grub interactive.  Might also recompile 
> grub, perhaps there's a change in compiler options that produces an 
> incompatible (at least partially).  I also suggest the rebuild so you can be 
> sure you have the right initrd and matching kernel.
>

Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-15 Thread Peter Humphrey 
On Saturday, 15 May 2021 00:54:02 BST John Blinka wrote:

> I don’t think it’s a kernel compile issue.  I just now used 
efibootmgr to
> create a uefi entry with kernel command line parameters to 
define the root
> fs and initrd.  That worked.  That result focuses the blame on 
grub.

I'm glad that worked. Personally, I'm pleased to have ditched grub 
altogether.

-- 
Regards,
Peter Humphrey.

Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread mad . scientist . at . large 


--"Fascism begins the moment a ruling class, fearing the people may use their 
political democracy to gain economic democracy, begins to destroy political 
democracy in order to retain its power of exploitation and special privilege." 
Tommy Douglas




May 14, 2021, 15:15 by john.bli...@gmail.com:

> n
>
>
> On Fri, May 14, 2021 at 2:36 AM John Covici <> cov...@ccs.covici.com> > wrote:
>
>>
>> I would look in the grub.cfg and give us exactly what is in the stanza
>>  you are using, including where it thinks the root file system is,
>>  etc.  Also, see if there is any genkernel option to get some debugging
>>  info out of the initrd, I know using dracut you can get breakpoints
>>  during the process and see how its doing.
>>
>
> Tried dracut.  No change.
>
> Added the kernel command line debug options (#3 in “Identifying your problem 
> area” in ‘man dracut’).  No change.
>
> Feeling peevish, I made a file of random junk using dd if=/dev/random 
> of=initrd.img count=4096.  Then supplied that pile of junk as the initrd.  
> Again, no change.
>
> Then I supplied a nonexistent file name (xxx.img) as the initrd.  This time I 
> got a complaint:
>
> error: file ‘/xxx.img’ not found.
>
> Press any key to continue...
>
> So, it’s getting as far as wanting to read the initrd, and is smart enough to 
> tell whether the specified initrd actually exists on the specified boot 
> partition.  But it can’t actually be doing anything with the initrd, or it 
> would have objected to the random junk I fed it.
>
> From > https://en.m.wikipedia.org/wiki/Initial_ramdisk#Implementation> , it 
> appears that grub is in charge of loading both linux and the initrd into 
> memory, then handing execution over to linux along with a pointer to the 
> memory location of the initrd.
>
> I’ve observed that that no booting output comes out of linux, nor any 
> complaints from linux about the nonsense contents I fed it from the random 
> initrd I built.  That suggests to me that grub has failed to load linux 
> and/or the initrd into memory, or that it's failed to hand execution control 
> to linux.
>
> Next step:  learned how to run an interactive grub2 command shell. With full 
> debugging turned on, it looks like grub2 can load the kernel image, and it 
> looks like it loads the initrd as well.  At least there are no complaints and 
> the reported initrd size looks correct.
>
> But when I issue the boot command, grub2 issues a handful of mallocs and does 
> a little token parsing, and then just stops...
>
> So it appears that the boot problem arises right around the handoff from 
> grub2 to linux.  Don’t know whether grub2 or linux has failed.  I don’t know 
> how to get either one to tell me more.
>
> John
>
Have you recompiled the kernel?  Could be a random, erroneous write to disk or 
something in the kernel compile didn't go well.  I'd suggest also rebuilding 
the initrd and reinstalling grub.  I.e. I think there is likely a kernel 
compile issue since it doesn't ever launch the kernel succesfully either on 
autopilot or when you run grub interactive.  Might also recompile grub, perhaps 
there's a change in compiler options that produces an incompatible (at least 
partially).  I also suggest the rebuild so you can be sure you have the right 
initrd and matching kernel.

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread John Blinka 
On Fri, May 14, 2021 at 7:10 PM  wrote:

> >
> Have you recompiled the kernel?  Could be a random, erroneous write to
> disk or something in the kernel compile didn't go well.  I'd suggest also
> rebuilding the initrd


Yes.  Same problems with several kernels and associated initrds, the latter
produced by genkernel or dracut or even some gibberish I pretended was an
initrd.  From grub debug output, I believe the problem exists right before
the kernel tries to use the initrd.  It’s contents are irrelevant at that
stage.

and reinstalling grub.


That may or may not be the answer, but it’s such an obvious step. Will
definitely give that a try.

I.e. I think there is likely a kernel compile issue since it doesn't ever
> launch the kernel succesfully either on autopilot or when you run grub
> interactive.  Might also recompile grub, perhaps there's a change in
> compiler options that produces an incompatible (at least partially).  I
> also suggest the rebuild so you can be sure you have the right initrd and
> matching kernel.


I don’t think it’s a kernel compile issue.  I just now used efibootmgr to
create a uefi entry with kernel command line parameters to define the root
fs and initrd.  That worked.  That result focuses the blame on grub.

John

>

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread John Blinka 
n

On Fri, May 14, 2021 at 2:36 AM John Covici  wrote:

>
> I would look in the grub.cfg and give us exactly what is in the stanza
> you are using, including where it thinks the root file system is,
> etc.  Also, see if there is any genkernel option to get some debugging
> info out of the initrd, I know using dracut you can get breakpoints
> during the process and see how its doing.


Tried dracut.  No change.

Added the kernel command line debug options (#3 in “Identifying your
problem area” in ‘man dracut’).  No change.

Feeling peevish, I made a file of random junk using dd if=/dev/random
of=initrd.img count=4096.  Then supplied that pile of junk as the initrd.
Again, no change.

Then I supplied a nonexistent file name (xxx.img) as the initrd.  This time
I got a complaint:

error: file ‘/xxx.img’ not found.

Press any key to continue...

So, it’s getting as far as wanting to read the initrd, and is smart enough
to tell whether the specified initrd actually exists on the specified boot
partition.  But it can’t actually be doing anything with the initrd, or it
would have objected to the random junk I fed it.

>From https://en.m.wikipedia.org/wiki/Initial_ramdisk#Implementation, it
appears that grub is in charge of loading both linux and the initrd into
memory, then handing execution over to linux along with a pointer to the
memory location of the initrd.

I’ve observed that that no booting output comes out of linux, nor any
complaints from linux about the nonsense contents I fed it from the random
initrd I built.  That suggests to me that grub has failed to load linux
and/or the initrd into memory, or that it's failed to hand execution
control to linux.

Next step:  learned how to run an interactive grub2 command shell. With
full debugging turned on, it looks like grub2 can load the kernel image,
and it looks like it loads the initrd as well.  At least there are no
complaints and the reported initrd size looks correct.

But when I issue the boot command, grub2 issues a handful of mallocs and
does a little token parsing, and then just stops...

So it appears that the boot problem arises right around the handoff from
grub2 to linux.  Don’t know whether grub2 or linux has failed.  I don’t
know how to get either one to tell me more.

John

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread John Blinka 
On Fri, May 14, 2021 at 7:50 AM John Blinka  wrote:

>
>
> On Fri, May 14, 2021 at 3:12 AM William Kenworthy 
> wrote
>
>> >
>> Try https://wiki.ubuntu.com/DebuggingKernelBoot ... I am not sure
>> genkernel uses that exact name but I did need to find the initramfs boot
>> log to diagnose a failure in a genkernel initramfs at one time.
>
>
Unfortunately, made no difference and provided no new information.
https://www.askapache.com/linux/linux-debugging/ might be too old to be
relevant any more, but tried almost everything it suggested to obtain
debugging output.  Not one byte of debug info appeared.  Going to try the
dracut approach suggested elsewhere.

John

>

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread John Blinka 
On Fri, May 14, 2021 at 3:12 AM William Kenworthy  wrote

> >
> Try https://wiki.ubuntu.com/DebuggingKernelBoot ... I am not sure
> genkernel uses that exact name but I did need to find the initramfs boot
> log to diagnose a failure in a genkernel initramfs at one time.


That’s an intriguing link.  Exploring it now.

John

>
>

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread John Blinka 
On Fri, May 14, 2021 at 2:36 AM John Covici  wrote:

>
> I would look in the grub.cfg and give us exactly what is in the stanza
> you are using, including where it thinks the root file system is,
> etc.  Also, see if there is any genkernel option to get some debugging
> info out of the initrd, I know using dracut you can get breakpoints
> during the process and see how its doing.


Here’s what I see when pressing “e” just before the system attempts to boot:

setparams ‘Gentoo GNU/Linux’

load_video
if [ “x$grub_platform” = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod fat
set root=‘hd0,gpt2’
if [ x$feature_platform_search_hint = xy ]; then
  search —no-floppy —fs-uuid —set=root —hint-bios=hd0,gpt2
—hint-baremetal=ahci0, got2 5C75-30A0
else
  search —no-floppy —fs-uuid —set=root 5C75-30A0
fi
echo‘Loading Linux 5.10.27-gentoo-x86_64 ...’
linux /vmlinuz-5.10.27-gentoo-x86_64
root=UUID=0df096ca-4dc8-4325-9296-7b0ddb67f044 ro loglevel=4 nomodeset
echo‘Loading initial ramdisk ...’
initrd/early_ucode.cpio
/initramfs-5.10.27-gentoo-x86_64.img

I have checked the uuid and filenames - they are correct.  (hd0,gpt2) makes
sense.  There’s only 1 disk connected, it uses gpt, and the second
partition is a fat boot partition with the above uuid.  The named files
exist on that partition.

I don’t see anything in ‘man genkernel’ that looks like a way to get debug
info out of an initrd/initramfs.  Looks like there’s a way to turn it off,
so perhaps it’s on by default?

John

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread William Kenworthy 


On 14/5/21 2:35 pm, John Covici wrote:
> On Thu, 13 May 2021 21:58:25 -0400,
> John Blinka wrote:
>> [1  ]
>> On Thu, May 13, 2021 at 9:12 PM Jack 
>> wrote:
>>
>>> Given  you say the UUID is for the boot partition, then both the linux and
>>> initrd should just have the name of the kernel and initrd files (without
>>> leading "/boot",) which sounds like what  you've got.  I'd next wonder if
>>> something is missing from the kernel/initrd combination, such as a kernel
>>> module necessary for some early part of the boot process or a file system
>>> (per Dale's suggestion.)  Assuming that you ran genkernel after booting a
>>> live image and chrooting into the new system, then we know the hardware can
>>> boot a good kernel/image combo.  Mainly I'm  just thinking out loud here,
>>> trying to coax someone's little gray cells into action.
>>>
>> In my early linux days, I thought it would be clever to include kernel
>> support for my root filesystem in a module.  Whose code resided on the root
>> filesystem...  That didn’t work, of course, but at least the kernel started
>> to boot and threw out an error message.  Here, I just get complete
>> silence.  So, I doubt that file system support is an issue.
>>
>> John
> I would look in the grub.cfg and give us exactly what is in the stanza
> you are using, including where it thinks the root file system is,
> etc.  Also, see if there is any genkernel option to get some debugging
> info out of the initrd, I know using dracut you can get breakpoints
> during the process and see how its doing.
>
Try https://wiki.ubuntu.com/DebuggingKernelBoot ... I am not sure
genkernel uses that exact name but I did need to find the initramfs boot
log to diagnose a failure in a genkernel initramfs at one time.

BillK

Re: [gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-14 Thread John Covici 
On Thu, 13 May 2021 21:58:25 -0400,
John Blinka wrote:
> 
> [1  ]
> On Thu, May 13, 2021 at 9:12 PM Jack 
> wrote:
> 
> > Given  you say the UUID is for the boot partition, then both the linux and
> > initrd should just have the name of the kernel and initrd files (without
> > leading "/boot",) which sounds like what  you've got.  I'd next wonder if
> > something is missing from the kernel/initrd combination, such as a kernel
> > module necessary for some early part of the boot process or a file system
> > (per Dale's suggestion.)  Assuming that you ran genkernel after booting a
> > live image and chrooting into the new system, then we know the hardware can
> > boot a good kernel/image combo.  Mainly I'm  just thinking out loud here,
> > trying to coax someone's little gray cells into action.
> >
> In my early linux days, I thought it would be clever to include kernel
> support for my root filesystem in a module.  Whose code resided on the root
> filesystem...  That didn’t work, of course, but at least the kernel started
> to boot and threw out an error message.  Here, I just get complete
> silence.  So, I doubt that file system support is an issue.
> 
> John

I would look in the grub.cfg and give us exactly what is in the stanza
you are using, including where it thinks the root file system is,
etc.  Also, see if there is any genkernel option to get some debugging
info out of the initrd, I know using dracut you can get breakpoints
during the process and see how its doing.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici wb2una
 cov...@ccs.covici.com

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-13 Thread John Blinka 
On Thu, May 13, 2021 at 9:12 PM Jack 
wrote:

> Given  you say the UUID is for the boot partition, then both the linux and
> initrd should just have the name of the kernel and initrd files (without
> leading "/boot",) which sounds like what  you've got.  I'd next wonder if
> something is missing from the kernel/initrd combination, such as a kernel
> module necessary for some early part of the boot process or a file system
> (per Dale's suggestion.)  Assuming that you ran genkernel after booting a
> live image and chrooting into the new system, then we know the hardware can
> boot a good kernel/image combo.  Mainly I'm  just thinking out loud here,
> trying to coax someone's little gray cells into action.
>
In my early linux days, I thought it would be clever to include kernel
support for my root filesystem in a module.  Whose code resided on the root
filesystem...  That didn’t work, of course, but at least the kernel started
to boot and threw out an error message.  Here, I just get complete
silence.  So, I doubt that file system support is an issue.

John

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-13 Thread John Blinka 
On Thu, May 13, 2021 at 9:10 PM Dale  wrote:

>
> I hate these init thingys and will admit I know little about the
> things.  I had a thought tho, could it be that the file system needed to
> read the init thingy isn't included somehow or in the kernel maybe?  If
> it is pointing to the right place, sounds like it is to me, then it has
> to be a read problem I'd think.


All the uefi stuff is on a fat filesystem.  I would think that something
that fundamental (and universally supported) is embedded in the bios.  The
grub bootloader itself is on that fat filesystem, and it must have loaded
or else I wouldn’t have access to the grub edit facility.  So I think I’m
ok on file system support.



>
> I haven't ever had to use the edit menu on grub2 that I remember.  It
> might be worth mentioning that it may have tab completion.  That would
> certainly remove a typo if it can complete the kernel or init thingys
> file name on its own.  Just a thought.


Grub documentation says it does have tab completion.  But the file names,
uuids, and other things prone to typos that I referenced are generated by
grub, so typos are unlikely to be an issue.  And I’ve checked them
meticulously.  They look ok.

>
> Going back under my desk now.


Maybe I’d be less frustrated by this new mobo if I did the same! ;)

John

Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-13 Thread Jack 

On 5/13/21 6:51 PM, John Blinka wrote:
On Thu, May 13, 2021 at 7:23 PM Jack > wrote:



I'd start by removing any "quiet" or "splash" from the kernel command
line.    You should be able to see them when you hit "e". I'm not
sure
if it will actually help, but it should be a start.


Thanks, but neither one appears.  My command line is

linux  /vmlinuz… root=UUID=… ro loglevel=4 nomodeset

Here I’ve replaced the full name of the kernel and the uuid of the 
boot partition with ellipses because it’s too tedious to type.  I’ve 
scrutinized the actual ones for typos and am convinced there are 
none.  Leaving out the loglevel command doesn’t change the behavior at 
all.


Given  you say the UUID is for the boot partition, then both the linux 
and initrd should just have the name of the kernel and initrd files 
(without leading "/boot",) which sounds like what you've got.  I'd next 
wonder if something is missing from the kernel/initrd combination, such 
as a kernel module necessary for some early part of the boot process or 
a file system (per Dale's suggestion.)  Assuming that you ran genkernel 
after booting a live image and chrooting into the new system, then we 
know the hardware can boot a good kernel/image combo.  Mainly I'm  just 
thinking out loud here, trying to coax someone's little gray cells into 
action.

Re: [gentoo-user] Re: [gentoo-user] boot hangs forever at “Loading initial ramdisk...”

2021-05-13 Thread Dale 
John Blinka wrote:
>
>
> On Thu, May 13, 2021 at 7:23 PM Jack  > wrote:
>
>
> I'd start by removing any "quiet" or "splash" from the kernel command
> line.    You should be able to see them when you hit "e". I'm not
> sure
> if it will actually help, but it should be a start.
>
>
> Thanks, but neither one appears.  My command line is
>
> linux  /vmlinuz… root=UUID=… ro loglevel=4 nomodeset
>
> Here I’ve replaced the full name of the kernel and the uuid of the
> boot partition with ellipses because it’s too tedious to type.  I’ve
> scrutinized the actual ones for typos and am convinced there are
> none.  Leaving out the loglevel command doesn’t change the behavior at
> all.
>
> John


I hate these init thingys and will admit I know little about the
things.  I had a thought tho, could it be that the file system needed to
read the init thingy isn't included somehow or in the kernel maybe?  If
it is pointing to the right place, sounds like it is to me, then it has
to be a read problem I'd think. 

I haven't ever had to use the edit menu on grub2 that I remember.  It
might be worth mentioning that it may have tab completion.  That would
certainly remove a typo if it can complete the kernel or init thingys
file name on its own.  Just a thought.

Going back under my desk now. 

Dale

:-)  :-) 

Re: [gentoo-user] Re: Gentoo + wifi

2021-03-22 Thread antlists 

On 22/03/2021 13:17, Grant Edwards wrote:

If you don't want to spend quite that much money, I'm a fan of
Lenonovo Moto "G" series phones. You get a lot of phone for your money
and very little "bloat". A few of the models used to be available as
pure vanilla android, but I don't know if any of the current models
are.


Agreed. I had a G5 (all the reviews said it was the lemon between the G4 
and the G6, but I liked it). It's now been replaced by a G8. The main 
thing I don't like is the stock android! It's changed between the 5 and 
8 - from Android 8.1 to 10. And afaik they're all close to stock.


The other thing is to look at your contract - I pay £5/month for 
unlimited minutes and texts, and 2GB data.


I don't know whether the wi-fi would be a good deal - my experience of 
free wi-fi is it assumes you're using a browser, so if you're using a 
mail client or whatever things tend to break ... And it's filtered, so a 
lot of sites I do (or did) visit get blocked ... Make sure the wifi is 
pure access without any of that sort of crap.


The phone itself should allow tethering no problem - that's what we use 
when we go away. And if tethering works and you get an unlimited data 
contract, then you've got all you need (that sort of contract is about 
£30, iirc).


Cheers,
Wol

Re: [gentoo-user] Re: Gentoo as NAS

2021-02-07 Thread Frank Steinmetzger 
Am Fri, Feb 05, 2021 at 10:43:39AM -0600 schrieb Matt Connell (Gmail):

> On Fri, 2021-02-05 at 09:36 +, Michael wrote:
> > Wouldn't a binary distro, potentially purpose built as a NAS and/or HTPC 
> > offering, make more sense?  I don't see what advantage the maintenance 
> > burden 
> > of a Gentoo system has to offer in this use case, other than repurposing 
> > with 
> > little effort an existing Gentoo installation.  :-/
> 
> Running Gentoo on my home server makes the maintenance burden *lower*
> for me because I can use all the same tools I'm used to.  Besides,
> portage is the pinnacle of package managers IMHO.  Using a GNU+Linux
> system without USE flags and such feels like I'm stuck in a hallway,
> with someone else's idea of how software should be configured and
> deployed.

Coincidentally, my NAS is the only Gentoo system left in my menagerie. The
install base is much smaller than on a desktop, which keeps the package
graph to a manageable size (and with, it portage churning time). Every few
months I fire it up to store new movies or grab old ones to watch, and I do
a system update at the same time. That way I won’t lose all of my Gentoo-foo
over time.

I built it in a small cube-format server case and a server-grade mITX board,
and maxed it out with four drives, 6 TB each, plus a small system SSD. They
are used in a raid Z2 data pool, on top of LUKS-encrypted block devices.
This is out of pure paranoia in case I need to send a drive in for warranty.
Currently, I don’t use the system for anything else but media library. For
24/7 services I have a raspi. The power bill just isn’t worth it.

-- 
Gruß | Greetings | Qapla’
Please do not share anything from, with or about me on any social network.

Team work:
Everyone does what he wants, nobody does what he should, and all play along.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Gentoo as NAS

2021-02-05 Thread Matt Connell (Gmail) 
On Fri, 2021-02-05 at 09:36 +, Michael wrote:
> Wouldn't a binary distro, potentially purpose built as a NAS and/or HTPC 
> offering, make more sense?  I don't see what advantage the maintenance burden 
> of a Gentoo system has to offer in this use case, other than repurposing with 
> little effort an existing Gentoo installation.  :-/

Running Gentoo on my home server makes the maintenance burden *lower*
for me because I can use all the same tools I'm used to.  Besides,
portage is the pinnacle of package managers IMHO.  Using a GNU+Linux
system without USE flags and such feels like I'm stuck in a hallway,
with someone else's idea of how software should be configured and
deployed.

tl;dr I like Gentoo

Re: [gentoo-user] Re: Gentoo as NAS

2021-02-05 Thread Michael 
On Friday, 5 February 2021 03:34:12 GMT Matt Connell (Gmail) wrote:
> On Fri, 2021-02-05 at 01:06 +, Grant Edwards wrote:
> > > The plex-server ebuild appears to require systemd, but it isn't listed
> > > as a dependency. Am I missing something?
> > 
> > Apparently so. The presence of the command systemd_newunit in the .ebuild
> > 
> > doesn't mean that systemd is required.
> 
> I am using plex-media-server from this overlay without systemd.  It is
> not required.

Wouldn't a binary distro, potentially purpose built as a NAS and/or HTPC 
offering, make more sense?  I don't see what advantage the maintenance burden 
of a Gentoo system has to offer in this use case, other than repurposing with 
little effort an existing Gentoo installation.  :-/


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: Gentoo as NAS

2021-02-04 Thread Matt Connell (Gmail) 
On Fri, 2021-02-05 at 01:06 +, Grant Edwards wrote:
> > The plex-server ebuild appears to require systemd, but it isn't listed
> > as a dependency. Am I missing something?
> 
> 
> Apparently so. The presence of the command systemd_newunit in the .ebuild
> 
> doesn't mean that systemd is required.

I am using plex-media-server from this overlay without systemd.  It is
not required.

Re: [gentoo-user] Re: Gentoo as NAS

2021-02-04 Thread Scott Ellis 
I use Plex via Docker and it works great.  Super simple to setup a
docker-compose file to bring it up (or even a simple script to 'docker
run...').  Data stored on a zpool made up of a pair of 3-drive vdevs.  More
complex than random FreeNAS/Unraid/Whatever setup, but if you're
comfortable enough to use Gentoo, I don't think figuring out ZFS and Docker
is much of a stretch.

On Thu, Feb 4, 2021 at 5:07 PM Grant Edwards 
wrote:

> On 2021-02-05, Grant Edwards  wrote:
> > On 2021-02-05, Michael Jones  wrote:
> >
> >> Use the plex overlay.
> >>
> >> It's updated regularly. Faster than the official gentoo repo was.
> >
> > This one?
> >
> > https://github.com/comio/plex-overlay/
> >
> > The plex-server ebuild appears to require systemd, but it isn't listed
> > as a dependency. Am I missing something?
>
> Apparently so. The presence of the command systemd_newunit in the .ebuild
> doesn't mean that systemd is required.
>
>
>

Re: [gentoo-user] Re: Gentoo as NAS

2021-02-04 Thread Michael Jones 
Use the plex overlay.

It's updated regularly. Faster than the official gentoo repo was.

On Thu, Feb 4, 2021 at 5:56 PM Grant Edwards 
wrote:

> On 2021-02-04, Neil Bothwick  wrote:
> > On Thu, 4 Feb 2021 15:04:14 -0300, Raphael MD wrote:
> >
> >> Said that, what could be the effort to turn my Gentoo in a NAS service,
> >> setting up SAMBA, Plex, quotas and ZFS?
> >
> > I see Plex as the main problem, as it is no longer in portage.
> > One way round that would be to run it under Docker.
>
> The whole Plex thing is something I need to figure out. I suppose it's
> either give up on it completely or Docker. Complaints in the Plex
> forums about it using an obsolte version of Python are pretty much met
> with a response of "shut up and go away".  :/
>
> --
> Grant
>
>
>
>

Re: [gentoo-user] Re: gentoo handbook

2020-11-14 Thread Jude DaShiell 
On Sat, 14 Nov 2020, Grant Edwards wrote:

> Date: Sat, 14 Nov 2020 17:30:51
> From: Grant Edwards 
> Reply-To: gentoo-user@lists.gentoo.org
> To: gentoo-user@lists.gentoo.org
> Subject: [gentoo-user] Re: gentoo handbook
>
> On 2020-11-14, Jude DaShiell  wrote:
> > # eselect profile show
>
> > during a new install is what you run to find what distribution your
> > distribution iso uses.
> >
> > Also you will do best to select a matching profile for first time
> > installation.
>
> I don't understand what you mean above.  What is a "distribution ISO"?
In your case it probably starts with install-minimal and you got it off
the gentoo downloads page.

>
>

-- United States has 633 Billionaires with only 10 doing any annual
significant giving.

Re: [gentoo-user] Re: [gentoo-user] UEFI booting again

2020-10-13 Thread Peter Humphrey 
On Monday, 12 October 2020 17:43:04 BST Michael wrote:

> The UEFI firmware contains a number of variables in key/value pairs, stored
> on NVRAM.  One of these is a table containing a Boot Menu within an
> editable area of the firmware, which can be manipulated with the EFI shell
> (efibootmgr) to set, rename, delete bootable .efi images.

[...etc]

Thanks Michael; more-or-less what I thought.

-- 
Regards,
Peter.

Re: [gentoo-user] Re: [gentoo-user] UEFI booting again

2020-10-12 Thread Michael 
On Monday, 12 October 2020 10:15:16 BST pe...@prh.myzen.co.uk wrote:
> On 2020-10-12 12:26 AM, "Jack"  wrote:
> > On 10/11/20 7:37 PM, Jude DaShiell wrote:
> > > If you followed the handbook /dev/sda2 would be where the boot record
> > > lives.> 
> > I don't think so, but the terminology is certainly confusing. Peter
> > asked where efibootmgr writes something.  What is on /dev/sda2 could be
> > grub.cfg if it were mounted at /boot, and the grub booting stub (I
> > forget the correct name, but grubx64.efi) might be on /dev/sda2 if it
> > were mounted at /boot/EFI.  However, efibootmgr doesn't mess with either
> > of those.  It deals with what is stored in the UEFI boot firmware.  That
> > entry, which is read by the UEFI at boot time, runs the entry in the EFI
> > disk partition (usually under /boot/EFI), which then runs the kernel
> > (and possibly initramfs) in /boot.  Unfortunately, "boot record" is
> > probably too general a term.
> 
> Yes, I meant the equivalent of that in an MBR system. Where the bootable
> kernel image lives is another matter.

The MBR's architecture is a bit different to UEFI.  Legacy BIOS in CMOS has a 
jump command to the MBR 'boot sector', stored @sector 0, which in the first 
446 bytes contains a bootstrap code and thereafter a partition table.  The 
bootstrap code signature is checked by BIOS and loaded in RAM where it is 
executed as a boot loader.  The bootstrap code (a.k.a. boot.img) contains a 
pointer to either Stage 1.5 or Stage 2.  Stage 1.5 starts on Sector 1 and has 
any filesystem drivers needed to access and read Stage 2.  Some boot loaders 
jump into a partition and load hardcoded sectors into RAM, which then run in 
order to load the rest of the OS boot image and execute it.  These are Stage 1 
boot loaders.  Other boot loaders like GRUB, load Stage 1 drivers and use 
these to access the stage 2 files in /boot, present a boot menu and load an OS 
kernel image.

With UEFI a lot of the above is stored in the much larger compared to CMOS 
UEFI firmware NVRAM.  The UEFI has its own bootstrap code, plus a boot 
manager, boot menu table and requisite device drivers, to access the ESP, or 
other bootable devices.

UEFI can load and execute any compatible UEFI applications from ESP, including 
OS boot loaders.


> I haven't been using grub, just efibootmgr to declare the image to the UEFI
> BIOS, and bootctl from systemd-boot to show a list of boot options.
> 
> I assume there's something like an EEPROM on the motherboard to contain
> pointers (what I called boot records) to the the bootable kernel images.
> That's what I was asking about. I'm pretty sure that that table doesn't
> live on the disk. (Followers of this tale may remember that I had a problem
> with the NVMe disk; it turned out to be faulty, and I've replaced it.
> Windows could still boot on another disk without any intervention by me.)
> 
> Can someone confirm or refute those ideas?

The UEFI firmware contains a number of variables in key/value pairs, stored on 
NVRAM.  One of these is a table containing a Boot Menu within an editable area 
of the firmware, which can be manipulated with the EFI shell (efibootmgr) to 
set, rename, delete bootable .efi images.

Upon a reboot the UEFI boot manager will scan the ESP and other similar VFAT 
partitions and bootable devices (CD/USB) for executable UEFI applications, to 
re-list any .efi bootable images it finds in its GUI boot menu.  If the 
previously configured boot menu order is lost/corrupted, a rescanned ESP may 
not arrive at the same order of bootable images.

As I understand it the concern of the OP here is the EEPROM chip may have 
corrupted its editable content.  Different OEMs have different solutions, with 
OOB hypervisors managing backup/restore functions, to using a secondary Boot 
Block found in the main Firmware chip, but at an alternate address location, 
to using two separate EEPROM chips and so on and using some jumper to restore 
from the backup.  If major firmware malfunction is suspected, then re-flashing 
the MoBo with the latest version of OEM firmware should hopefully restore 
sanity.  If the MoBo chip is faulty, or on its way out, then the failure mode 
will soon repeat itself.



signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-27 Thread antlists 

On 27/05/2020 01:44, William Kenworthy wrote:

I have a few different pi's and similar Odroid arm systems running
Gentoo on sdcards - the failure rate is a real and constant problem (and
seems worse on pi's no matter what brand/type of sdcard so keep an up to
date spare+backups) and I am thinking of doing a disk-less NFS using the
a minimal sdcard image. Has advantages in centralised management and
using small cheap sdcards with possibly better performance.


Hmmm...

The trouble from my point of view is it seems micro-SDs are unreliable. 
I've never had a full-size SD card fail on me, but I've binned several 
of the micro version. But apart from big hefty DSLRs, not much takes the 
full-size cards any more ...


Cheers,
Wol

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-27 Thread Neil Bothwick 
On Wed, 27 May 2020 10:24:21 +0200, J. Roeleveld wrote:

> > I'm moving over to using Balena on Pis wherever possible. N more
> > keeping track of multiple different SD card backup images and easy
> > centralised management.  
> 
> Do you have a simple howto for this?
> What I see when I quickly check, it only mentions docker.

It is Docker based, but there are a lot of ready to use images available.

Simple howto:

if image_is_available; then
install_it
else
learn_docker :(
fi

Hence my use of "wherever possible".

This may suit the OP

https://www.balena.io/blog/put-friends-and-loved-ones-on-the-big-screen-with-this-instant-video-call-project/


-- 
Neil Bothwick

Assembler: (n.) a minor program of interest only to obsessed programmers.


pgpTuPhRY00rF.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-27 Thread J. Roeleveld 
On Wednesday, May 27, 2020 9:39:06 AM CEST Neil Bothwick wrote:
> On Wed, 27 May 2020 08:44:08 +0800, William Kenworthy wrote:
> > I have a few different pi's and similar Odroid arm systems running
> > Gentoo on sdcards - the failure rate is a real and constant problem (and
> > seems worse on pi's no matter what brand/type of sdcard so keep an up to
> > date spare+backups) and I am thinking of doing a disk-less NFS using the
> > a minimal sdcard image. Has advantages in centralised management and
> > using small cheap sdcards with possibly better performance.
> 
> I'm moving over to using Balena on Pis wherever possible. N more keeping
> track of multiple different SD card backup images and easy centralised
> management.

Do you have a simple howto for this?
What I see when I quickly check, it only mentions docker.

--
Joost

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-27 Thread Neil Bothwick 
On Wed, 27 May 2020 08:44:08 +0800, William Kenworthy wrote:

> I have a few different pi's and similar Odroid arm systems running
> Gentoo on sdcards - the failure rate is a real and constant problem (and
> seems worse on pi's no matter what brand/type of sdcard so keep an up to
> date spare+backups) and I am thinking of doing a disk-less NFS using the
> a minimal sdcard image. Has advantages in centralised management and
> using small cheap sdcards with possibly better performance.

I'm moving over to using Balena on Pis wherever possible. N more keeping
track of multiple different SD card backup images and easy centralised
management. 


-- 
Neil Bothwick

Like an atheist in a grave: all dressed up and no place to go.


pgpjZxqWMdBLz.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread William Kenworthy 

On 27/5/20 3:26 am, Neil Bothwick wrote:
> On Tue, 26 May 2020 20:13:29 +0100, antlists wrote:
>
>>> Mounting the card with sync will significantly reduce the likelihood
>>> of corruption, at a cost of reduced life.
>>>   
>> Well, compared to a dead card, a reduced life is a small price to pay
>> :-)
> A dead card is a reduced life ;-)
>  
>> I think you're talking about a corrupted filesystem, I'm talking about
>> a corrupt/dead card ...
> I am. I still think the idea of a soft power button is the least complex
> and most reliable approach.
>
I'll add a "me too" - soft power off rules.  Look into a pi-juice Hat or
similar - it has a battery and can turn off properly either at low
battery, or when power is removed.  Alternatively, a pi is very low
power anyway ... why not just leave it on in a featureless "black box"
with no lights showing and program the remote to to do a fake
"standbay/off" that triggers a script to blank the video and or reset
the screen to the entry menu? (if you are like me, playing with the gear
is way more fun than using it as a media box! :)

I have a few different pi's and similar Odroid arm systems running
Gentoo on sdcards - the failure rate is a real and constant problem (and
seems worse on pi's no matter what brand/type of sdcard so keep an up to
date spare+backups) and I am thinking of doing a disk-less NFS using the
a minimal sdcard image. Has advantages in centralised management and
using small cheap sdcards with possibly better performance.

BillK



pEpkey.asc
Description: application/pgp-keys

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread Neil Bothwick 
On Tue, 26 May 2020 20:13:29 +0100, antlists wrote:

> > Mounting the card with sync will significantly reduce the likelihood
> > of corruption, at a cost of reduced life.
> >   
> Well, compared to a dead card, a reduced life is a small price to pay
> :-)

A dead card is a reduced life ;-)
 
> I think you're talking about a corrupted filesystem, I'm talking about
> a corrupt/dead card ...

I am. I still think the idea of a soft power button is the least complex
and most reliable approach.


-- 
Neil Bothwick

I've got a Mickey Mouse PC with a Goofy operating system.


pgpoEikgneIc3.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread antlists 

On 26/05/2020 19:27, Neil Bothwick wrote:

On Tue, 26 May 2020 19:14:18 +0100, antlists wrote:


That's the Gentoo version that I'm using. But I'm looking for a way
to make it bullet-proof to having the plug pulled.



Don't use an SD card? Seriously, pulling the power on an SD card has
been known to corrupt it beyond recovery. BUT.



Mounting the card with sync will significantly reduce the likelihood of
corruption, at a cost of reduced life.


Well, compared to a dead card, a reduced life is a small price to pay :-)

I think you're talking about a corrupted filesystem, I'm talking about a 
corrupt/dead card ...


Cheers,
Wol

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread antlists 

On 26/05/2020 19:27, Neil Bothwick wrote:

This will mitigate the reduced life as you are hardly writing to the
card. Booting from a read-only / has caused problems for me in the past,
because of the inability to write to /etc.


Well, if we can get a loopback into the boot sequence before you write 
to /etc (why did it want to write to it?), then it won't realise that it 
can't. You just have to accept that all writes will get lost on power-down.


Cheers,
Wol

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread Michael Jones 
On Tue, May 26, 2020 at 1:27 PM Neil Bothwick  wrote:

> On Tue, 26 May 2020 19:14:18 +0100, antlists wrote:
>
> > > That's the Gentoo version that I'm using. But I'm looking for a way
> > > to make it bullet-proof to having the plug pulled.
> >
> > Don't use an SD card? Seriously, pulling the power on an SD card has
> > been known to corrupt it beyond recovery. BUT.
>
> Mounting the card with sync will significantly reduce the likelihood of
> corruption, at a cost of reduced life.
>
> > Is the big worry that the home directory will get corrupted etc etc? I
> > don't know if you can partition an SD card, but look at doing a
> > kiosk-style install with the OS protected and read-only. Then look at
> > sticking a loopback device on top of home, so that any changes exist
> > only in ram, and are lost on shutdown. Hopefully, that means you now
> > have a system that can boot and run off a write-protected SD card :-)
>
> This will mitigate the reduced life as you are hardly writing to the
> card. Booting from a read-only / has caused problems for me in the past,
> because of the inability to write to /etc.
>



Consider a hybrid approach like how many embedded systems do things. E.g.
openwrt.

/root is actually a read-only squashfs image, and on top of that there's an
overlay fs that uses a second partition as it's backing storage.

This way, almost all of your system is purely read-only, but you have the
ability to store changes to things you need to store changes for.

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread Neil Bothwick 
On Tue, 26 May 2020 19:14:18 +0100, antlists wrote:

> > That's the Gentoo version that I'm using. But I'm looking for a way
> > to make it bullet-proof to having the plug pulled.  
> 
> Don't use an SD card? Seriously, pulling the power on an SD card has 
> been known to corrupt it beyond recovery. BUT.

Mounting the card with sync will significantly reduce the likelihood of
corruption, at a cost of reduced life. 

> Is the big worry that the home directory will get corrupted etc etc? I 
> don't know if you can partition an SD card, but look at doing a 
> kiosk-style install with the OS protected and read-only. Then look at 
> sticking a loopback device on top of home, so that any changes exist 
> only in ram, and are lost on shutdown. Hopefully, that means you now 
> have a system that can boot and run off a write-protected SD card :-)

This will mitigate the reduced life as you are hardly writing to the
card. Booting from a read-only / has caused problems for me in the past,
because of the inability to write to /etc.


-- 
Neil Bothwick

Politically Incorrect -- and damn proud of it!


pgpeILno6FnDZ.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread antlists 

On 26/05/2020 18:28, Frank Tarczynski wrote:
That's the Gentoo version that I'm using. But I'm looking for a way to 
make it bullet-proof to having the plug pulled.


Don't use an SD card? Seriously, pulling the power on an SD card has 
been known to corrupt it beyond recovery. BUT.


Is the big worry that the home directory will get corrupted etc etc? I 
don't know if you can partition an SD card, but look at doing a 
kiosk-style install with the OS protected and read-only. Then look at 
sticking a loopback device on top of home, so that any changes exist 
only in ram, and are lost on shutdown. Hopefully, that means you now 
have a system that can boot and run off a write-protected SD card :-)


Look at the raid wiki site

https://raid.wiki.kernel.org/index.php/Linux_Raid#When_Things_Go_Wrogn

and especially the stuff on recovering a damaged raid for info about how 
to set up loopback.


Cheers,
Wol

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread Frank Tarczynski 
That's the Gentoo version that I'm using. But I'm looking for a way to make
it bullet-proof to having the plug pulled.

Frank

On Tue, May 26, 2020 at 1:19 PM Michael Jones  wrote:

>
>
> On Tue, May 26, 2020 at 12:16 PM Grant Edwards 
> wrote:
>
>> On 2020-05-26, Frank Tarczynski  wrote:
>>
>> > I'm building a video conference appliance using a Raspberry Pi 4 for
>> > my parents.
>>
>> Sorry, no advice running Gentoo on RPi.  I run OSMC/Kodi on an older
>> RPi, and it works fine, but I don't think there are any video
>> conference apps for Kodi.
>>
>> But...
>>
>> For skype and zoom, I'd probably just buy them a 10" Kindle Fire.
>>
>> There are Zoom and Skype apps available for it.  Main drawback:
>> smallish screen and limited to 4 video windows at a time in
>> zoom. However, it's portable: you can flip to the back camera and walk
>> around the house/yard to show something to people.  It's also nice in
>> that you can just tap on a Zoom invite url in the email app, and it
>> "just works".
>>
>> I haven't trie Skype on Fire.
>>
>> You can add hangounts/duo, but you've got to futz around sideloading
>> the Google App store first.
>>
>> --
>> Grant
>
>
>
> FYI, this project exists: https://github.com/sakaki-/gentoo-on-rpi-64bit
>

Re: [gentoo-user] Re: Gentoo RPi boot to ram or read-only FS?

2020-05-26 Thread Michael Jones 
On Tue, May 26, 2020 at 12:16 PM Grant Edwards 
wrote:

> On 2020-05-26, Frank Tarczynski  wrote:
>
> > I'm building a video conference appliance using a Raspberry Pi 4 for
> > my parents.
>
> Sorry, no advice running Gentoo on RPi.  I run OSMC/Kodi on an older
> RPi, and it works fine, but I don't think there are any video
> conference apps for Kodi.
>
> But...
>
> For skype and zoom, I'd probably just buy them a 10" Kindle Fire.
>
> There are Zoom and Skype apps available for it.  Main drawback:
> smallish screen and limited to 4 video windows at a time in
> zoom. However, it's portable: you can flip to the back camera and walk
> around the house/yard to show something to people.  It's also nice in
> that you can just tap on a Zoom invite url in the email app, and it
> "just works".
>
> I haven't trie Skype on Fire.
>
> You can add hangounts/duo, but you've got to futz around sideloading
> the Google App store first.
>
> --
> Grant



FYI, this project exists: https://github.com/sakaki-/gentoo-on-rpi-64bit

Re: [gentoo-user] Re: gentoo accessibility re i'm blind,

2020-04-22 Thread Ashley Dixon 
On Wed, Apr 22, 2020 at 10:15:31AM -0700, Ian Zimmerman wrote:
> Maybe wrt visual handicaps you are right, but wrt keyboard access to
> everything that "normal" users do with the mouse, I violently disagree.

Ian,

I'm sorry I have invoked feelings of such  violence.   I  did  mean  for  visual
handicaps.  Even for able users, such as myself, we often make a choice  not  to
use the mouse as it is often less  efficient  than  using  the  keyboard,  so  I
wouldn't   really   classify   the   latter   as   an   accessibility   feature.

-- 

Ashley Dixon
suugaku.co.uk

2A9A 4117
DA96 D18A
8A7B B0D2
A30E BF25
F290 A8AA



signature.asc
Description: PGP signature

[gentoo-user] Re: [gentoo-user] Re: [gentoo-user] !!! section ‘local’ in repos.conf has name different from ...

2020-04-16 Thread John Blinka 
On Thu, Apr 16, 2020 at 2:36 PM Alexey Mishustin  wrote:

>
> Aren't /usr/local/portage and /usr/local/portage/steam-overlay really
> intertwined? What if you move the 'local' overlay to, say,
> /usr/local/portage/local ? (And, sure, edit the corresponding info in
> the configuration files).
>
> --
> Regards,
> Alex
>
> Thanks, Alex, your suggestion worked.  And better than that, helped me
understand how I broke my 3rd installation by misreading and misapplying
the steam overlay installation guide.  It’s a mystery to me why my
misintallation ever worked on the first 2 boxes, but I’ll leave it
unexplored.

John

Re: [gentoo-user] Re: gentoo robot vacuum

2019-11-26 Thread Caveman Al Toraboran 
i think with raspies u can install gentoo, and control the pins/motors/sensors 
via a python script.  i think it's also more fun this way as u'll play around 
experimenting with ur own designs and algorithms for navigation.

imo it should be easy to make one using raspies.  all wat's needed is a fan to 
suck air into a bucket, some motors to control wheels, and some sensors to look 
around.

i think it might be a good idea to also design ur own custom power sockets 
which makes it more friendly for the vacuum cleaner to plug itself when its 
battery gets low enough.  or even extend it so that it also automatically 
empties its trash tank by itself.

disclaimer: i never used raspies or fancy vacuum cleaners.

rgrds,
cm.

‐‐‐ Original Message ‐‐‐
On Thursday, November 21, 2019 11:15 AM, Michael Haubenwallner 
 wrote:

> On 10/4/19 2:13 AM, james wrote:
>
> > Gentoo community,
> > Robotic vacuum cleaners are all the rage nowadays.
> > I'd like to buy/build one, that also has remote camera (so I can see what 
> > troubles it is having by reviewing stored video) find it easy, and make 
> > sure it's not just banging against the wall. I'm not so interested in a 
> > slick, massively miniturized model, as much as I am
> > something where I can get to the firmware, or is completely open sourced; 
> > so I can fix/enhance the thing.
> > If it's already done, then my searches have missed it, or a community work 
> > on such linux centric solutions to automating home/small-office flooring.
> > Anyone know of such a robotic vacuum that is basically very open, if not 
> > completely open source?
> > Gentoo friendly vaccuum?
>
> Not sure about their Gentoo friendlyness, maturity or current activity,
> but here are some search results:
> https://github.com/wpietri/sucks
> https://en.wikipedia.org/wiki/IRobot_Create
> https://hackaday.io/project/165537-the-diyson-an-open-source-cyclone-vacuum-cleaner
> https://github.com/unknowndomain/Open-Source-Vacuum-Cleaner
> https://awesomeopensource.com/project/dgiese/dustcloud
> https://github.com/ioBroker/AdapterRequests/issues/76
>
> HTH,
> /haubi/

Re: [gentoo-user] Re: Gentoo and OSS(4)

2018-05-16 Thread Klaus Ethgen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Am Mi den 16. Mai 2018 um  6:26 schrieb Martin Vaeth:
> Klaus Ethgen  wrote:
> > - - What does that -oss in brackets mean?
> 
> It means that it is masked in use.mask or package.use.mask
> In your case the file /usr/portage/profiles/default/linux/package.use.mask
> explains the reason.
[...]
> Whether this will compile and work is a different question:
> You are on your own with that setting. Unmasking USE-flags is not
> supported by gentoo. Bug reports will probably be closed as INVALID.

Thanks.

That is fine with me. I won't install pulsaudio if it would not be the
only way to use bluetooth audio. It just had the dependencie for the
default flag udev to have oss or alsa enabled. And I do not have alsa.

However if there is a better solution for bluetooth audio, I would be
happy to drop pulseaudio completely.

I believe that other applications like cmus will work fine with oss.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlr700UACgkQpnwKsYAZ
9qxL4gv+NJZN5qCk6eufDLj7mD/NHBcszSyHyUXhakisSAiP2H78HUAgt1EzA677
/alMQ16vhoyscIAf6rdKzP3xqN2SOf84cltJMv9Yp+vXwN/LYZmfvGk9bjLBLUz4
6jt06k6/EUwi7aVgOp9ByJEpVwpkXwj4ueDP2fft1dLhh7DTKsuWkpNS+LHNOMwB
DIsPLIpqBtBAB+Qn15kfxvH9ZafdxEMHak1/0IptZZ9GOtwbGBenQOuDXBKp9siZ
LHIYz3E8q6GrJzvh/qyYzuTmQ7y66Xgf6jDenubl8zfnUVn8ntKPt5rG8b7LI0l9
B3EvNly2dVqjrUVUe/aDhfpOTHRw/GzpNoBtg4dFAwWr8lifpcJrwjiTrg7UYoyr
B2LnPlKTsBCHhWAoF1d4a1EybhoIATAmyg2bGkm7ZfDfHP2a2kc+fkruh5gFxCXB
hnFpVh0EkFP2Z8vv7gYPnSgKQk6ro0iVUO6piLQXd49n5NXAe9N2NampaZoi2Z4N
hbmwGT4z
=UvUL
-END PGP SIGNATURE-

Re: [gentoo-user] Re: Gentoo Hardened vs Kali Linux

2018-04-03 Thread Grant Taylor 

On 04/02/2018 10:15 PM, Ian Zimmerman wrote:

Does that mean LFS is dead?  That would be a pity.


Nope.  I see "2018" on the http://www.linuxfromscratch.org/ website.  At 
a quick glance, it looks like LFS is still alive.


I was referring to my ignorance of if LFS has changed since I last 
worked through it 10+ years ago.




--
Grant. . . .
unix || die

Re: [gentoo-user] Re: #gentoo experiences

2017-11-19 Thread Vadim A. Misbakh-Soloviov 
В письме от понедельник, 20 ноября 2017 г. 0:38:36 +07 пользователь Grant 
Edwards написал:
> On 2017-11-19, Michael Palimaka  wrote:
> > Hi all,
> > 
> > I'm collecting information about people's experiences in #gentoo.
> 
> Just curious: what is "#gentoo"?
> 
> Something to do with Twitter?

IRC

Re: [gentoo-user] Re: ....Gentoo update killed Gentoo update?

2017-10-04 Thread Wolfram Schlich 
* Martin Vaeth  [2017-10-04 10:09]:
> Wolfram Schlich  wrote:
> >
> > Use this for a quick fix until it's sorted out upstream:
> 
> It is not an upstream issue. You can use the ebuild from the
> mv overlay which does not patch the upstream build system.

Oh, looking at the ebuild now, I see what you mean.

But the following makes me wonder:
metadata.xml lists app-portage/eix as a proxy-maintained
package with you as the bug assignee.

So, you (also) are effectively the maintainer, content-wise :-)

Cheers,
Wolfram

Re: [gentoo-user] Re: gentoo rocks

2017-05-20 Thread Neil Bothwick 
On Sat, 20 May 2017 09:02:37 +0300, Nikos Chantziaras wrote:

> More than a decade ago I did that, with mixed results:
> 
> http://i.imgur.com/t55RyxV.jpg

That looks like a conflict between VIDEO_CARDS and INPUT_DEVICES, check
your make.conf!


-- 
Neil Bothwick

Top Oxymorons Number 22: Childproof


pgp5glWyUMc3e.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Gentoo on a Surface Pro 3?

2017-02-14 Thread Daniel Frey 
On 02/05/2017 05:12 PM, Alex Thorne wrote:
> A wiki article would be great. I'd be happy to contribute my experiences
> with my Surface Pro 4 if I eventually get round to installing Gentoo on it.
> 

I'm still plodding away at this. I found some patches to enable
multitouch and some other bits but it seems the newer kernel I'm using
already has parts of these patches installed, so I have to go through
them one by one and update the patches to add only the bits missing.
After that, I should be able to start figuring out writing a wiki article.

I haven't had a lot of time in the last week or so, but I'll get around
to it eventually.

Dan

Re: [gentoo-user] Re: Gentoo on a Surface Pro 3?

2017-02-05 Thread Alex Thorne 
A wiki article would be great. I'd be happy to contribute my experiences
with my Surface Pro 4 if I eventually get round to installing Gentoo on it.

On Sat, 4 Feb 2017 at 22:30 Daniel Frey  wrote:

> On 02/01/2017 01:34 PM, Alex Thorne wrote:
> > While I haven't tried this I would be very interested to hear how it
> > goes, what hardware you can get working etc. Do keep us updated.
> >
>
> An update...
>
> After a lot of experimenting, rebuilding kernels, figuring out what's
> needed and not... this took a few days, I have it working somewhat.
>
> I am using gentoo-sources-4.9.6-r1 for this test. I did a lot of
> experimenting to see what's needed for the tablet only (not the dock,
> for example.) I've managed to trim the kernel down a fair bit removing
> drivers that are not needed.
>
> This is what I have working so far without tweaks on plasma and systemd
> (only installing userland packages and configuring the kernel. After two
> days I found a starter .config with could've made things SO MUCH EASIER.
> Oh well.):
>
> -standard AHCI controller
> -Displayport port on tablet
> -Sound
>   -Speakers work fine
>   -Headphones work (speakers on tablet automute)
>   -Microphone works (used audacity to record my voice)
> -MicroSD slot (I didn't even know it HAD one until I read the specs!
>   (it's well hidden under the kickstand)
> -Power button (pops up plasma's logout/shutdown/restart dialog)
> -Windows button on the front of the tablet (opens K menu)
> -Volume buttons on the side of the tablet
> -Both front and rear webcams (tested using Kamoso)
> -USB3 port (a given, really...)
> -Wifi (using mwifiex_pcie)
> -Bluetooth
> -Touch screen
>   -Finger touch works, no multitouch though
>   -Pen works on display, and taps will do a left-click
>   -Buttons on pen do not seem to work. It will pair with Bluetooth
>but x11 doesn't seem to register an input device.
> -Screen brightness is directly supported (intel_backlight), can change
>  the display by using /sys/class/backlight/intel_backlight/brightness or
>  by using KDE's brightness slider in the Power applet in the tray
> -Battery is detected and showing power levels
> -Type cover (this worked with no patches in 4.9.6-r1)
>   -Keyboard section works normally
>   -Trackpad works, but doesn't seem to recognize multitouch
> -Closing the lid appears to put plasma to sleep. Opening the lid wakes
>  the tablet and asks for password
>
> Some things to maybe figure out:
>
> -Type cover touchpad multitouch
> -Touch screen multitouch
> -Pen bluetooth pairing for the buttons
> -Proper HiDPI detection (used /etc/sddm.conf but when using an external
>  display it was all messed up. However, my monitor is very old and
>  doesn't support EDID properly which may be the problem.) On occasion,
>  when the lock screen comes on, it doesn't detect the display correctly
>  when woken up and scales it incorrectly.
>
> I must say, out of the box it actually works reasonably well. I skipped
> the distcc setup - I knew that the i7 has overheat problems in these
> tablets but I have the i5 version and it has been working fine with no
> overheating problems.
>
> I also borrowed a dock from work so I plan to tweak the kernel some more
> to see if I can get the USB3 and USB2 ports working, as well as the
> displayport and headphone jack.
>
> Other things of note: I found out through the Mint kernel that it can
> register the sensors in the device, under Industrial IO setup. However,
> there doesn't seem to be anything in userland that can use this sensor
> to automatically rotate the display.
>
> I have taken tons of notes through this process. Maybe I should start a
> wiki article...
>
> Dan
>
>
>

Re: [gentoo-user] Re: Gentoo on a Surface Pro 3?

2017-02-04 Thread Daniel Frey 
On 02/01/2017 01:34 PM, Alex Thorne wrote:
> While I haven't tried this I would be very interested to hear how it
> goes, what hardware you can get working etc. Do keep us updated.
> 

An update...

After a lot of experimenting, rebuilding kernels, figuring out what's
needed and not... this took a few days, I have it working somewhat.

I am using gentoo-sources-4.9.6-r1 for this test. I did a lot of
experimenting to see what's needed for the tablet only (not the dock,
for example.) I've managed to trim the kernel down a fair bit removing
drivers that are not needed.

This is what I have working so far without tweaks on plasma and systemd
(only installing userland packages and configuring the kernel. After two
days I found a starter .config with could've made things SO MUCH EASIER.
Oh well.):

-standard AHCI controller
-Displayport port on tablet
-Sound
  -Speakers work fine
  -Headphones work (speakers on tablet automute)
  -Microphone works (used audacity to record my voice)
-MicroSD slot (I didn't even know it HAD one until I read the specs!
  (it's well hidden under the kickstand)
-Power button (pops up plasma's logout/shutdown/restart dialog)
-Windows button on the front of the tablet (opens K menu)
-Volume buttons on the side of the tablet
-Both front and rear webcams (tested using Kamoso)
-USB3 port (a given, really...)
-Wifi (using mwifiex_pcie)
-Bluetooth
-Touch screen
  -Finger touch works, no multitouch though
  -Pen works on display, and taps will do a left-click
  -Buttons on pen do not seem to work. It will pair with Bluetooth
   but x11 doesn't seem to register an input device.
-Screen brightness is directly supported (intel_backlight), can change
 the display by using /sys/class/backlight/intel_backlight/brightness or
 by using KDE's brightness slider in the Power applet in the tray
-Battery is detected and showing power levels
-Type cover (this worked with no patches in 4.9.6-r1)
  -Keyboard section works normally
  -Trackpad works, but doesn't seem to recognize multitouch
-Closing the lid appears to put plasma to sleep. Opening the lid wakes
 the tablet and asks for password

Some things to maybe figure out:

-Type cover touchpad multitouch
-Touch screen multitouch
-Pen bluetooth pairing for the buttons
-Proper HiDPI detection (used /etc/sddm.conf but when using an external
 display it was all messed up. However, my monitor is very old and
 doesn't support EDID properly which may be the problem.) On occasion,
 when the lock screen comes on, it doesn't detect the display correctly
 when woken up and scales it incorrectly.

I must say, out of the box it actually works reasonably well. I skipped
the distcc setup - I knew that the i7 has overheat problems in these
tablets but I have the i5 version and it has been working fine with no
overheating problems.

I also borrowed a dock from work so I plan to tweak the kernel some more
to see if I can get the USB3 and USB2 ports working, as well as the
displayport and headphone jack.

Other things of note: I found out through the Mint kernel that it can
register the sensors in the device, under Industrial IO setup. However,
there doesn't seem to be anything in userland that can use this sensor
to automatically rotate the display.

I have taken tons of notes through this process. Maybe I should start a
wiki article...

Dan

Re: [gentoo-user] Re: Gentoo on a Surface Pro 3?

2017-02-01 Thread Alex Thorne 
While I haven't tried this I would be very interested to hear how it goes,
what hardware you can get working etc. Do keep us updated.

Alex

On Wed, 1 Feb 2017 at 20:59 Daniel Frey  wrote:

> On 01/30/2017 12:24 PM, Daniel Frey wrote:
> > Subject says it all...
> >
> > I acquired (on the cheap) a used Surface Pro 3 with the keyboard cover
> > off of a relative who wasn't using it (they said the screen was too
> small.)
> >
> > I am considering putting Gentoo (or attempting to) and am wondering if
> > anyone has had success.
> >
> > It looks like newer kernels have some builtin support for the hardware.
> > Due to its form factor I will be setting up distcc to help with the
> > build process, and using -bin packages for monstrosities like firefox
> > and libreoffice.
> >
> > Dan
> >
>
> Well, so far, so good. I managed to configure an EFI stub kernel and
> booted it on the first try! I think I still need to compare some
> information on the kernel between the Mint boot USB and what I have, but
> other than that, it boots!
>
> It was then I found out that LABEL= and PARTLABEL= in fstab are two
> different things as I watched systemd fall flat on its face.
>
> Dan
>
>

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-21 Thread Tom H 
On Thu, Jun 16, 2016 at 11:25 PM, J.  wrote:


> They say it's not a GNOME thing only, but born in the GNOME project,
> Quote from their FAQ:
>
> "Is Flatpak tied to GNOME?
>
> No. While Flatpak has been developed by people with a long involvement
> in the GNOME community it is not tied to any desktop. In fact, it was
> designed with the explicit goal of allowing it to build applications
> using any library stack or programming language an application author
> might want."

Marketing's-speak is marketing speak...

AFAIK, the only current implementation of a GUI from which to install
a Flatpak is Gnome Software, with KDE apparently working on something
similar.

So, unless you want to download a file and double-click on it, it's
Gnome for now and KDE soon.


> The flatpak packages take less space because there's a separation
> between runtimes and applications, with the runtime(s) containing many
> of the libraries/packages required by an application, and intended to
> be used by many of these, and the application package only containing
> the remaining required libraries, or maybe only the app, so it could
> reduce but not eliminate the problem previously discussed of
> dependencies being left unmaintained and not upgraded with security
> fixes. IMHO Flatpak seems a better option than Snap, and certainly
> reducing file system and device access is a good thing about both, but
> with these advantages some other problems are created, so it's a trade-
> off.

If you start relying on too many libraries in the runtimes, you end up
with the same "problem" as non-Flatpak, non-Snap packages.


> Maybe we will see Snaps/Flatpaks of popular proprietary software that's
> only available for Windows and MacOS right now that has no real FOSS
> competitor e.g. AutoCAD and family, I often hear the excuse of these
> vendors not supporting Linux because of the many distributions. Getting
> LibreCAD to the level of AutoCAD would take a decade or more at the
> pace it is going, right know it reminds me of AutoCAD 2004, and it
> isn't even a that level.

Linus has complained that the dive software that he created had
nightly or weekly (I forget) builds for macOS and Windows but not for
Linux because of the multitude of distributions. So he and those now
maintaining that app'll be happy.

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-21 Thread Tom H 
On Thu, Jun 16, 2016 at 7:40 PM, José Maldonado  wrote:
> El 16/06/16 a las 13:32, Tom H escribió:
>>
>> When I first saw this, I thought "strange, maybe if Gentoo develops an
>> 'esnap' in order to build the container-package locally" but then I
>> remembered that we have docker and lxc/lxd, so why not another method?
>
> That is possible, but the goal is to serve Snap container for
> applications that can be downloaded and used by the user, down a single
> binary that will have all the dependencies in that binary. Docker and
> LXC obviously can do this, but its scope and possibilities are much
> larger and are not addressed within the scope of normal user of a PC.

With docker/lxc/lxd, you can use your own images so you should be able
to do so with snap. You lose the ability simply to add a repo and pull
an image from it.


>> When Flatpak's ready, someone'll make it available and/or package it.
>
> Flatpak is ready for use now.

Not fully.

>From fedora-devel@:


> Isn't flatpak in gnome-software pushed back to F25 ?

It partly supports Flatpak in F24. You can manage already installed
apps, but you still need to use flatpak command to install them. In
F25, you will be able to just download .flatpak file, double-click it
and Software will install it and set its repo.


and


I think that once the full sandboxing / portal system is in place,
there _will_ be a tangible reason to prefer Flatpak.



>> [AFAIK, Flatpak's for GUI apps accessed via Gnome Software so it's not
>> quite a Snap competitor.]
>
> Flatpak and Snap, have GUI and command-line. In addition, Flatpak
> packages weigh less than their counterparts Snap, and right now several
> free software projects officially support it, including LibreOffice.

i wasn't referring to the "installer." The Flatpak intention's to
package GUI apps only.

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-18 Thread Rich Freeman 
On Sat, Jun 18, 2016 at 4:01 AM, Mick  wrote:
> On Thursday 16 Jun 2016 21:25:01 J. García wrote:
>
> How does Nix compare to flatpack, docker, snap, et al. from a gentoo
> perspective?
>

Nix is a similar sort of approach.  I don't think they run apps in
containers (though they probably could if they wanted to do the work
and a lot of bind mounting).  The reality is that they're a form of
bundling, but the bundled libs can be shared.  Basically everything is
linked to uniquely identified dependencies.  So, a package isn't just
linked to zlib, or even a particular version of zlib, but a particular
build of zlib.  However, 15 different packages could all depend on
that same build.  So, you potentially don't get the same kind of
memory duplication that you do with outright bundling.  However, if
you install a new version of zlib on your system, nothing will
actually use it, unless those packages are themselves updated.  So, in
that respect it is just like bundling.

Since the libraries you're running with on your box are exact copies
of the binaries the packager was using, you're going to get the same
experience the packager did when they were testing their package.  So,
that's the big upside.  There are no conflicts or collisions either,
since every package is installed in what amounts to a private
namespace.  You can have 14 different packaged builds of zlib-1.2.3 if
you want to, with different builds being used by different
applications.

This is just my understanding based on having looked into NixOS a bit
out of curiosity.  Somebody closer to the project should feel free to
correct any errors I made.  There are obviously pros and cons to this
approach.

-- 
Rich

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-18 Thread Mick 
On Thursday 16 Jun 2016 21:25:01 J. García wrote:
> El jue, 16-06-2016 a las 19:40 -0400, José Maldonado escribió:
> > That is possible, but the goal is to serve Snap container for
> > applications that can be downloaded and used by the user, down a
> > single
> > binary that will have all the dependencies in that binary. Docker and
> > LXC obviously can do this, but its scope and possibilities are much
> > larger and are not addressed within the scope of normal user of a PC.
> >
> > 
> 
> Docker doesn't get the applications down to a single binary, it's a
> package containing everything. A single binary would be something like
> what Go does by default, as it compiles every source package imported
> into the final binary, that's why even a "hello world" takes ~2MB.
> 
> > 
> >
> > > 
> > >
> > > [AFAIK, Flatpak's for GUI apps accessed via Gnome Software so it's
> > > not
> > > quite a Snap competitor.]
> > >
> > > 
> 
> They say it's not a GNOME thing only, but born in the GNOME project,
> Quote from their FAQ:
> 
> "Is Flatpak tied to GNOME?
> 
> No. While Flatpak has been developed by people with a long involvement
> in the GNOME community it is not tied to any desktop. In fact, it was
> designed with the explicit goal of allowing it to build applications
> using any library stack or programming language an application author
> might want."
> 
> I would say is the implementation of something that Lennart P. wrote in
> his blog a while back[1](I don't know to what extent is 'his' idea, or
> if it just happens that he wrote about it after discussing it with
> others), but it seems that he didn't write code for it(I looked at the
> contributors in GitHub)
> 
> > Flatpak and Snap, have GUI and command-line. In addition, Flatpak
> > packages weigh less than their counterparts Snap, and right now
> > several
> > free software projects officially support it, including LibreOffice.
> >
> > 
> 
> The flatpak packages take less space because there's a separation
> between runtimes and applications, with the runtime(s) containing many
> of the libraries/packages required by an application, and intended to
> be used by many of these, and the application package only containing
> the remaining required libraries, or maybe only the app, so it could
> reduce but not eliminate the problem previously discussed of
> dependencies being left unmaintained and not upgraded with security
> fixes. IMHO Flatpak seems a better option than Snap, and certainly
> reducing file system and device access is a good thing about both, but
> with these advantages some other problems are created, so it's a trade-
> off.
> As Andrew Savchenko said previously Snap seems like C:\Program Files
> for Linux, but I would add 'with sandboxing' and other security
> features, and that certainly makes it better than than Windows to be
> fair.
> Maybe we will see Snaps/Flatpaks of popular proprietary software that's
> only available for Windows and MacOS right now that has no real FOSS
> competitor e.g. AutoCAD and family, I often hear the excuse of these
> vendors not supporting Linux because of the many distributions. Getting
> LibreCAD to the level of AutoCAD would take a decade or more at the
> pace it is going, right know it reminds me of AutoCAD 2004, and it
> isn't even a that level. Trying to be optimistic maybe we'll see a new
> wave of users in Linux as a result of these new packaging systems, and
> in the long run if the GNU/Linux user base grows and learns about the
> Free Software philosophy and get tired of having to pay large sums of
> money to Autodesk and other companies for a yearly permission to use
> their software, they would contribute to the FOSS alternatives with
> money to get people working full time on these, and we could see them
> grow to be real competitors.
> That said I hope upstreams don't start bundling libraries into their
> software as a result of this(at least not more than some already do
> now), that's really annoying and it could create a nightmare of the
> likes of java(I mean most java developers seemingly putting every jar
> they come across in their 'source' trees and then forget about it for
> the rest of their lifes, or at least until Oracle breaks them, after
> years and years of deprecation).
> 
> [1] http://0pointer.net/blog/revisiting-how-we-put-together-linux-syste
> ms.html
>  

How does Nix compare to flatpack, docker, snap, et al. from a gentoo 
perspective?

https://nixos.org/nix/about.html

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-17 Thread Rich Freeman 
On Fri, Jun 17, 2016 at 3:16 AM, Andrew Savchenko  wrote:
> On Thu, 16 Jun 2016 22:35:24 -0400 waltd...@waltdnes.org wrote:
>>   I don't follow this stuff, so this may be a stupid question... how
>> does a "container" or "docker" differ from a chroot or a QEMU VM with a
>> minimal set of applications?
>
> Due to reasons above I prefer container solutions like LXC over VM
> for security: they give approximately the same level of protection
> as VM, but resources cost is much lower. Of course it is still
> possible to break any container through L3 cache or some kernel
> bugs, so for really tight security independent hardware and OS must
> be used.

Containers on Linux aren't nearly as secure as a VM right now.
Certainly the intent is for them to get there, and if you find a way
to break out of a container the kernel team would certainly accept it
as a bug and fix it.  However, I don't think most of the big names in
linux would rate it on the same level as a VM.  As you've pointed out,
VMs aren't perfect, though I'm not aware of any way to actually defeat
any of the popular ones (and if there were, they'd almost certainly
patch it).  I'll certainly acknowledge that there is a larger attack
surface than separate hosts (and it isn't like those are invulnerable
either - who knows what bug exists in an ethernet card somewhere).

Containers are a lot more secure than chroots though.  Non-root in a
container is generally considered to be fairly secure - it is an
additional layer on top of normal user privilege isolation.
Containers are generally a lot more convenient than chroots as well,
simply because there are fewer compatibility issues and constraints
inside.  If you want to run sysvinit/openrc or systemd inside your
container you can, and that isn't really possible inside a chroot.  Of
course, you don't have to, but at least you have the option.

The biggest selling point for a container is the resource
requirements.  The overhead to run a container with systemd inside is
only a few MB.  If you're running a container without a service
manager the overhead is even less.  You could never run a VM with only
a few MB of RAM.  The main constraint on RAM use for a container is
the fact that you're not sharing libraries with the host.  Otherwise
they're just processes with different namespace values in the kernel
(EVERY process runs in a set of namespaces, even if you're not using
containers - by default they just all have the same set of values).
Any solution that bundles the libraries with the package is going to
use a similar amount of RAM.  Also, launching a process in a new
namespace takes the same amount of time as launching a process in the
same namespace, minus the trivial time required to page in libraries
and such.  A VM takes seconds to boot, vs the milliseconds for a
container.  In terms of overhead containers and chroots are almost
identical.

The biggest selling point for not just running everything on the host
is isolation.  I have a container that just runs mariadb.  When I do
an emerge -u world it is like updating any other Gentoo host, but when
I'm done I fire off a bunch of tests to make sure mariadb is working,
and if it works I know I'm done.  When I was running everything on a
single host I'd inevitably do an emerge -u world and occasionally have
something random break.  Short of testing everything every time I do
an update it is hard to avoid that sort of thing.  Of course, I end up
having to run a lot more updates, but I don't have to do them all at
once and I can update the container for each service on an appropriate
schedule.

-- 
Rich

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-17 Thread Volker Armin Hemmann 
oh yeah, forgot the catchy name. Mea culpa.

2016-06-17 10:52 GMT+02:00 Neil Bothwick :

> On Fri, 17 Jun 2016 10:28:10 +0200, Volker Armin Hemmann wrote:
>
> > soo... why not compile everything statically in the first place? and
> > put it in HOME?
>
> Because that's not new and shiny with a catchy name!
>
>
> --
> Neil Bothwick
>
> Windows Error #02: Multitasking attempted. System confused.
>

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-17 Thread Neil Bothwick 
On Fri, 17 Jun 2016 10:28:10 +0200, Volker Armin Hemmann wrote:

> soo... why not compile everything statically in the first place? and
> put it in HOME?

Because that's not new and shiny with a catchy name!


-- 
Neil Bothwick

Windows Error #02: Multitasking attempted. System confused.


pgpxMIMMyyWcD.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-17 Thread Volker Armin Hemmann 
soo... why not compile everything statically in the first place? and put it
in HOME?

2016-06-17 9:18 GMT+02:00 Andrew Savchenko :

> On Thu, 16 Jun 2016 19:30:49 -0400 José Maldonado wrote:
> >
> >
> > El 16/06/16 a las 11:27, James escribió:
> > > One word SECURITY?  Trust but verify does come to mind.
> > >
> >
> > The snaps come to "replace" a lack of security that is in Linux, in
> > addition to facilitating the installation of all applications from the
> > user-space without root privileges.
>
> Replace lack of security, really? It will create it in the long
> run due to outdated unmaintained third-party bundled software.
>
> Best regards,
> Andrew Savchenko
>

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-17 Thread Andrew Savchenko 
On Thu, 16 Jun 2016 19:30:49 -0400 José Maldonado wrote:
> 
> 
> El 16/06/16 a las 11:27, James escribió:
> > One word SECURITY?  Trust but verify does come to mind.
> > 
> 
> The snaps come to "replace" a lack of security that is in Linux, in
> addition to facilitating the installation of all applications from the
> user-space without root privileges.

Replace lack of security, really? It will create it in the long
run due to outdated unmaintained third-party bundled software.

Best regards,
Andrew Savchenko


pgpoy4EWTrn3I.pgp
Description: PGP signature

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-17 Thread Andrew Savchenko 
On Thu, 16 Jun 2016 22:35:24 -0400 waltd...@waltdnes.org wrote:
> On Thu, Jun 16, 2016 at 04:33:12PM -0400, Rich Freeman wrote
> > On Thu, Jun 16, 2016 at 4:11 PM, Alan McKinnon  
> > wrote:
> > >
> > > I don't see the part where all these latest fancy container thingymagicies
> > > are not really just "embed everything in everything"
> > >
> > > We've known for years the dangers of embedding stuff in packages (it 
> > > hardly
> > > ever gets updated properly)
> > >
> > 
> > Well, that strikes me as being true of these self-contained packages,
> > but it isn't necessarily true of containers in general.
> > 
> > I run most of my services in containers, and they're just Gentoo
> > installations with a really small world file.  Things are just as
> > up-to-date as they would be if I ran it all in a single host.
> > 
> > Now, if you're the sort of person who just grabs some random docker
> > image from who knows where, then sure you're getting a big bundle of
> > stuff that may or may not be maintained for security.  This is no
> > different.
> 
>   I don't follow this stuff, so this may be a stupid question... how
> does a "container" or "docker" differ from a chroot or a QEMU VM with a
> minimal set of applications?

There is one common misconception, that chroot is security measure.
This is wrong! Chroot is not a security function at all. It is
extremely easy to exit chroot [1] if you have root access inside
chroot (AFAIK with PAX/GRSecurity it is possible to deny this, but
this is another story.) So if you are using chroot for security,
forget about security, you have no security at all. This syscall was
designed for another needs.
Tl;dr; Inside chroot do as a root:
  mkdir foo; chroot foo; cd ..

QEMU VM (as well as other VM) can provide you some degree of
security at the cost of performance and system resources. Inside VM
you have independent (fully or paravirtualized) kernel and
environment. But it is still possible to exit it using hypervisor
bugs or hardware-based attacks like L3 cache attack[2]. Yes, if one
have modern Intel or AMD CPU with SSE2 and L3 cache enabled, forget
about tight security too.

Due to reasons above I prefer container solutions like LXC over VM
for security: they give approximately the same level of protection
as VM, but resources cost is much lower. Of course it is still
possible to break any container through L3 cache or some kernel
bugs, so for really tight security independent hardware and OS must
be used.

[1] https://lwn.net/Articles/252794/
[2] https://www.usenix.org/node/184416

Best regards,
Andrew Savchenko


pgpqsUrMrvX2K.pgp
Description: PGP signature

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread J. 
El jue, 16-06-2016 a las 19:40 -0400, José Maldonado escribió:
> That is possible, but the goal is to serve Snap container for
> applications that can be downloaded and used by the user, down a
> single
> binary that will have all the dependencies in that binary. Docker and
> LXC obviously can do this, but its scope and possibilities are much
> larger and are not addressed within the scope of normal user of a PC.
> 
Docker doesn't get the applications down to a single binary, it's a
package containing everything. A single binary would be something like
what Go does by default, as it compiles every source package imported
into the final binary, that's why even a "hello world" takes ~2MB.

> 
> > 
> > [AFAIK, Flatpak's for GUI apps accessed via Gnome Software so it's
> > not
> > quite a Snap competitor.]
> > 
They say it's not a GNOME thing only, but born in the GNOME project,
Quote from their FAQ:

"Is Flatpak tied to GNOME?

No. While Flatpak has been developed by people with a long involvement
in the GNOME community it is not tied to any desktop. In fact, it was
designed with the explicit goal of allowing it to build applications
using any library stack or programming language an application author
might want."

I would say is the implementation of something that Lennart P. wrote in
his blog a while back[1](I don't know to what extent is 'his' idea, or
if it just happens that he wrote about it after discussing it with
others), but it seems that he didn't write code for it(I looked at the
contributors in GitHub)


> Flatpak and Snap, have GUI and command-line. In addition, Flatpak
> packages weigh less than their counterparts Snap, and right now
> several
> free software projects officially support it, including LibreOffice.
> 
The flatpak packages take less space because there's a separation
between runtimes and applications, with the runtime(s) containing many
of the libraries/packages required by an application, and intended to
be used by many of these, and the application package only containing
the remaining required libraries, or maybe only the app, so it could
reduce but not eliminate the problem previously discussed of
dependencies being left unmaintained and not upgraded with security
fixes. IMHO Flatpak seems a better option than Snap, and certainly
reducing file system and device access is a good thing about both, but
with these advantages some other problems are created, so it's a trade-
off.
As Andrew Savchenko said previously Snap seems like C:\Program Files
for Linux, but I would add 'with sandboxing' and other security
features, and that certainly makes it better than than Windows to be
fair.
Maybe we will see Snaps/Flatpaks of popular proprietary software that's
only available for Windows and MacOS right now that has no real FOSS
competitor e.g. AutoCAD and family, I often hear the excuse of these
vendors not supporting Linux because of the many distributions. Getting
LibreCAD to the level of AutoCAD would take a decade or more at the
pace it is going, right know it reminds me of AutoCAD 2004, and it
isn't even a that level. Trying to be optimistic maybe we'll see a new
wave of users in Linux as a result of these new packaging systems, and
in the long run if the GNU/Linux user base grows and learns about the
Free Software philosophy and get tired of having to pay large sums of
money to Autodesk and other companies for a yearly permission to use
their software, they would contribute to the FOSS alternatives with
money to get people working full time on these, and we could see them
grow to be real competitors.
That said I hope upstreams don't start bundling libraries into their
software as a result of this(at least not more than some already do
now), that's really annoying and it could create a nightmare of the
likes of java(I mean most java developers seemingly putting every jar
they come across in their 'source' trees and then forget about it for
the rest of their lifes, or at least until Oracle breaks them, after
years and years of deprecation).

[1] http://0pointer.net/blog/revisiting-how-we-put-together-linux-syste
ms.html
 

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread waltdnes 
On Thu, Jun 16, 2016 at 04:33:12PM -0400, Rich Freeman wrote
> On Thu, Jun 16, 2016 at 4:11 PM, Alan McKinnon  
> wrote:
> >
> > I don't see the part where all these latest fancy container thingymagicies
> > are not really just "embed everything in everything"
> >
> > We've known for years the dangers of embedding stuff in packages (it hardly
> > ever gets updated properly)
> >
> 
> Well, that strikes me as being true of these self-contained packages,
> but it isn't necessarily true of containers in general.
> 
> I run most of my services in containers, and they're just Gentoo
> installations with a really small world file.  Things are just as
> up-to-date as they would be if I ran it all in a single host.
> 
> Now, if you're the sort of person who just grabs some random docker
> image from who knows where, then sure you're getting a big bundle of
> stuff that may or may not be maintained for security.  This is no
> different.

  I don't follow this stuff, so this may be a stupid question... how
does a "container" or "docker" differ from a chroot or a QEMU VM with a
minimal set of applications?

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Alan McKinnon 

On 17/06/2016 02:02, José Maldonado wrote:

El 16/06/16 a las 16:33, Rich Freeman escribió:

FWIW - the subject of this thread suggests that this is some kind of
"official" Gentoo thing.  As far as I can tell somebody took it upon
themselves to make this available for Gentoo, but it is not in any way
endorsed by the distro.  Of course, if somebody wanted to package it
up and maintain it we probably wouldn't have any issues with having
the package manager in the repository.  After all have other binary
distro package managers in there.  That doesn't mean that Gentoo is
doing anything to ensure that whatever random repository you point it
at is up to date, any more than if you emerge debootstrap.


The truth is that there is not even overlay system to install Gentoo.
What if there is a ebuild, built by a developer Canonical for use in
Gentoo, and I can hardly call that "official support" and "Gentoo
community support".




The headlines means that Snaps support Gentoo.
It doesn't mean that Gentoo supports Snaps.

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread José Maldonado 
El 16/06/16 a las 16:33, Rich Freeman escribió:
> FWIW - the subject of this thread suggests that this is some kind of
> "official" Gentoo thing.  As far as I can tell somebody took it upon
> themselves to make this available for Gentoo, but it is not in any way
> endorsed by the distro.  Of course, if somebody wanted to package it
> up and maintain it we probably wouldn't have any issues with having
> the package manager in the repository.  After all have other binary
> distro package managers in there.  That doesn't mean that Gentoo is
> doing anything to ensure that whatever random repository you point it
> at is up to date, any more than if you emerge debootstrap.

The truth is that there is not even overlay system to install Gentoo.
What if there is a ebuild, built by a developer Canonical for use in
Gentoo, and I can hardly call that "official support" and "Gentoo
community support".

-- 
Dios en su cielo, todo bien en la Tierra

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread José Maldonado 

El 16/06/16 a las 13:32, Tom H escribió:

> 
> When I first saw this, I thought "strange, maybe if Gentoo develops an
> 'esnap' in order to build the container-package locally" but then I
> remembered that we have docker and lxc/lxd, so why not another method?
> 

That is possible, but the goal is to serve Snap container for
applications that can be downloaded and used by the user, down a single
binary that will have all the dependencies in that binary. Docker and
LXC obviously can do this, but its scope and possibilities are much
larger and are not addressed within the scope of normal user of a PC.


> When Flatpak's ready, someone'll make it available and/or package it.

Flatpak is ready for use now.

> 
> [AFAIK, Flatpak's for GUI apps accessed via Gnome Software so it's not
> quite a Snap competitor.]
> 

Flatpak and Snap, have GUI and command-line. In addition, Flatpak
packages weigh less than their counterparts Snap, and right now several
free software projects officially support it, including LibreOffice.

-- 
Dios en su cielo, todo bien en la Tierra

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread José Maldonado 


El 16/06/16 a las 11:27, James escribió:
> One word SECURITY?  Trust but verify does come to mind.
> 

The snaps come to "replace" a lack of security that is in Linux, in
addition to facilitating the installation of all applications from the
user-space without root privileges.

> 
> Is their a version that works on gentoo-hardened?
> 

Hardened or not ... it's matter? What I see here is the "beloved" Mark
talking about a Snap support in Gentoo, and there Gentoo developers
working to make it official.

It's true? I don't know.


> Were are all the security gurus on at on snaps? Do snaps require systemd
> or are they PID-1 agnostic?
> 


Supposedly it is agnostic to PID, asking only have some active features
in the kernel and SELinux or AppArmor using.

Currently, none of the mentioned MACs work as expected with Snap, even
in the Ubuntu itself.

-- 
Dios en su cielo, todo bien en la Tierra

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread José Maldonado 


El 16/06/16 a las 12:36, Mick escribió:
> 
> Keylogger in a snap anyone?
> 

It is possible, who knows. Especially when the server-side is proprietary .


-- 
Dios en su cielo, todo bien en la Tierra

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Rich Freeman 
On Thu, Jun 16, 2016 at 4:11 PM, Alan McKinnon  wrote:
>
> I don't see the part where all these latest fancy container thingymagicies
> are not really just "embed everything in everything"
>
> We've known for years the dangers of embedding stuff in packages (it hardly
> ever gets updated properly)
>

Well, that strikes me as being true of these self-contained packages,
but it isn't necessarily true of containers in general.

I run most of my services in containers, and they're just Gentoo
installations with a really small world file.  Things are just as
up-to-date as they would be if I ran it all in a single host.

Now, if you're the sort of person who just grabs some random docker
image from who knows where, then sure you're getting a big bundle of
stuff that may or may not be maintained for security.  This is no
different.

I'm sure there will be people who provide these all-in-one packages
and carefully update them for upstream security flaws.  And there will
be a lot more providers who don't.

Chromium is a good example of this.  Gentoo tries to unbundle as much
as it can, but if you just do a make install on it you end up with a
bazillion bundled libraries.  Google does a very good job of keeping
them all up to date, but they're not a typical case.

FWIW - the subject of this thread suggests that this is some kind of
"official" Gentoo thing.  As far as I can tell somebody took it upon
themselves to make this available for Gentoo, but it is not in any way
endorsed by the distro.  Of course, if somebody wanted to package it
up and maintain it we probably wouldn't have any issues with having
the package manager in the repository.  After all have other binary
distro package managers in there.  That doesn't mean that Gentoo is
doing anything to ensure that whatever random repository you point it
at is up to date, any more than if you emerge debootstrap.

Oh, and while I generally agree with everything in the linked
Maintainers Matter blog post, I'd hardly call it a security audit.  It
just points out in general terms the sorts of problems that this kind
of approach can lead to.

-- 
Rich

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Alan McKinnon 

On 16/06/2016 21:11, Andrew Savchenko wrote:

On Thu, 16 Jun 2016 15:27:29 + (UTC) James wrote:

José Maldonado  gmail.com> writes:



The last days, ArsTechnica publish this new:





http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/


"Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu,
Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu,"
Canonical's announcement says. "They are currently being validated on
CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are
easy to enable on other Linux distributions." (Ubuntu will continue to
support deb packages, but developers can choose to package applications
as snaps instead of or in addition to debs.)"

Gentoo is supporting officially Snap packages? Why not Flatpak?

Thank you very much for your responses! Bye! :)



One word SECURITY?  Trust but verify does come to mind.


+1
It looks like C:/Program Files/ for Linux to me.

It is a complete bundle with all dependency libs, thus
vulnerabilities can't be fixed by a regular emerge and users will
need to update _each_ snap separately. If updates will be
available, but likely they will not be, at least not in time.


So it's like macs then?



I'm not talking about tremendous RAM waste (due to shared objects
duplication) and disk space waste as well. Both of them can be
mitigated by deduplication of RAM and disk pages, but this will eat
lots of CPU and users should be quite advanced to do that.


Containers are not exactly the most secure apparatus, imho.
"Clair is an open source project for the static analysis of vulnerabilities
in appc and docker containers." [1]. So, I want to hear about the robustness
of the security on these 'self containerd packages.


There is a security audit of the snap already available:
http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html

It is quite lengthy, but worth reading.
Tl;dr: if you care about security of your box, stay away of this
stuff.


I don't see the part where all these latest fancy container 
thingymagicies are not really just "embed everything in everything"


We've known for years the dangers of embedding stuff in packages (it 
hardly ever gets updated properly)

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Andrew Savchenko 
On Thu, 16 Jun 2016 15:27:29 + (UTC) James wrote:
> José Maldonado  gmail.com> writes:
> 
> 
> > The last days, ArsTechnica publish this new:
> 
> >
> http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/
> >
> > "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu,
> > Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu,"
> > Canonical's announcement says. "They are currently being validated on
> > CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are
> > easy to enable on other Linux distributions." (Ubuntu will continue to
> > support deb packages, but developers can choose to package applications
> > as snaps instead of or in addition to debs.)"
> > 
> > Gentoo is supporting officially Snap packages? Why not Flatpak?
>>
>> Thank you very much for your responses! Bye! :)
>>
>
> One word SECURITY?  Trust but verify does come to mind.

+1
It looks like C:/Program Files/ for Linux to me.

It is a complete bundle with all dependency libs, thus
vulnerabilities can't be fixed by a regular emerge and users will
need to update _each_ snap separately. If updates will be
available, but likely they will not be, at least not in time.

I'm not talking about tremendous RAM waste (due to shared objects
duplication) and disk space waste as well. Both of them can be
mitigated by deduplication of RAM and disk pages, but this will eat
lots of CPU and users should be quite advanced to do that.

> Containers are not exactly the most secure apparatus, imho.
> "Clair is an open source project for the static analysis of vulnerabilities
> in appc and docker containers." [1]. So, I want to hear about the robustness
> of the security on these 'self containerd packages.

There is a security audit of the snap already available:
http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html

It is quite lengthy, but worth reading.
Tl;dr: if you care about security of your box, stay away of this
stuff.

Best regards,
Andrew Savchenko


pgpoD77neN2b_.pgp
Description: PGP signature

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Dale 
James wrote:
> José Maldonado  gmail.com> writes:
>
>
>> The last days, ArsTechnica publish this new:
> http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/
>> "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu,
>> Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu,"
>> Canonical's announcement says. "They are currently being validated on
>> CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are
>> easy to enable on other Linux distributions." (Ubuntu will continue to
>> support deb packages, but developers can choose to package applications
>> as snaps instead of or in addition to debs.)"
>>
>> Gentoo is supporting officially Snap packages? Why not Flatpak?
>>
>> Thank you very much for your responses! Bye! :)
>>
>
> One word SECURITY?  Trust but verify does come to mind.
>
> Containers are not exactly the most secure apparatus, imho.
> "Clair is an open source project for the static analysis of vulnerabilities
> in appc and docker containers." [1]. So, I want to hear about the robustness
> of the security on these 'self containerd packages.
> What exactly creates the codes necessary for the container ?
>
> Is their a version that works on gentoo-hardened?
>
> Suggestions for firewalling off a system for routine, deep examination
> and profiling of port activities, would be most welcome. Prima facia,
> I just have no trust in wonderful ideas from the *buntu crowd, ymmv.
>
> Also, it's a really good idea; now maybe *DALE* can get his security
> VM, in a snap (snapple?, snapit?, snapper?), that is gentoo-hardened
> blessed? Maybe the snhap designation for secured (Hardeded) snaps?
> Maybe if it's a hardened, entertainment (video snap) we call them schnapps?
>
> I've been bantering about for a couple of years now how clusters (hpc and
> containers) are going to change everything. Security is the main obstacle
> now.  You know, I'm ready to sip this Kool_aid and ponder the 
> possibilities
>
> Were are all the security gurus on at on snaps? Do snaps require systemd
> or are they PID-1 agnostic?
>
>
>
> James
>
>
>
>
>
> [1] https://github.com/coreos/clair


I saw this and was curious as well.  I'm needing to google a bit on just
what this is about.  Given the name, it should be interesting.  I
suspect I'll get a lot of hits about a energy drink thingy.  lol  Oh,
and this thread too.  ;-)

Dale

:-)  :-)

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Tom H 
On Wed, Jun 15, 2016 at 11:53 PM, José Maldonado  wrote:
>
> The last days, ArsTechnica publish this new:
>
> http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/
>
> "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu,
> Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu,"
> Canonical's announcement says. "They are currently being validated on
> CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are
> easy to enable on other Linux distributions." (Ubuntu will continue to
> support deb packages, but developers can choose to package
> applications as snaps instead of or in addition to debs.)"
>
> Gentoo is supporting officially Snap packages? Why not Flatpak?

When I first saw this, I thought "strange, maybe if Gentoo develops an
'esnap' in order to build the container-package locally" but then I
remembered that we have docker and lxc/lxd, so why not another method?

When Flatpak's ready, someone'll make it available and/or package it.

[AFAIK, Flatpak's for GUI apps accessed via Gnome Software so it's not
quite a Snap competitor.]

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread Mick 
On Thursday 16 Jun 2016 15:27:29 James wrote:
> José Maldonado  gmail.com> writes:
> > The last days, ArsTechnica publish this new:
> http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ub
> untus-snap-apps-are-coming-to-distros-everywhere/
> > "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu,
> > Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu,"
> > Canonical's announcement says. "They are currently being validated on
> > CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are
> > easy to enable on other Linux distributions." (Ubuntu will continue to
> > support deb packages, but developers can choose to package applications
> > as snaps instead of or in addition to debs.)"
> > 
> > Gentoo is supporting officially Snap packages? Why not Flatpak?
> > 
> > Thank you very much for your responses! Bye! :)
> 
> One word SECURITY?  Trust but verify does come to mind.

Keylogger in a snap anyone?


> Containers are not exactly the most secure apparatus, imho.
> "Clair is an open source project for the static analysis of vulnerabilities
> in appc and docker containers." [1]. So, I want to hear about the robustness
> of the security on these 'self containerd packages.
> What exactly creates the codes necessary for the container ?
> 
> Is their a version that works on gentoo-hardened?
> 
> Suggestions for firewalling off a system for routine, deep examination
> and profiling of port activities, would be most welcome. Prima facia,
> I just have no trust in wonderful ideas from the *buntu crowd, ymmv.
> 
> Also, it's a really good idea; now maybe *DALE* can get his security
> VM, in a snap (snapple?, snapit?, snapper?), that is gentoo-hardened
> blessed? Maybe the snhap designation for secured (Hardeded) snaps?
> Maybe if it's a hardened, entertainment (video snap) we call them schnapps?
> 
> I've been bantering about for a couple of years now how clusters (hpc and
> containers) are going to change everything. Security is the main obstacle
> now.  You know, I'm ready to sip this Kool_aid and ponder the
> possibilities
> 
> Were are all the security gurus on at on snaps? Do snaps require systemd
> or are they PID-1 agnostic?
> 
> 
> 
> James
> 
> 
> 
> 
> 
> [1] https://github.com/coreos/clair

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: [gentoo-user] Re: 回复:Re: [gentoo-user] About the kdbus with gentoo-sources 4.3.6, of the greate memory usage.

2016-03-26 Thread Volker Armin Hemmann 
Am 26.03.2016 um 16:40 schrieb Rich Freeman:
> On Sat, Mar 26, 2016 at 10:48 AM, Volker Armin Hemmann
>  wrote:
>> because it is broken by design, a security nightmare and seriously not
>> needed at all?
>>
> While there is general interest in a better design, Linus believes it
> is in fact needed and intends to merge the ultimate result.  The
> concern is with the design of kdbus itself, not the concept.  It is
> just a more rigorous form of IPC.
>
> Others are of course welcome to disagree.
>

hm, back then and everytime kdbus came up on lkml the consensus was
'speed? you do it for speed? Get userspace dbus in order and the speed
argument collapses'. Pretty much everybody also voiced problems with
security (none) and the statefulness of dbus.

All problems, blissfully ignored by the kdbus bunch.

Re: [gentoo-user] Re: gentoo-user@lists.gentoo.org

2015-12-10 Thread Neil Bothwick 
On Thu, 10 Dec 2015 15:49:24 -0800, walt wrote:

> But, seriously, why do we keep making the same errers?

Because it's less effort than coming up with new ones.


-- 
Neil Bothwick

Law of Mechanical Repair: After your hands become coated with
grease, your nose will begin to itch.


pgpAqsOpVOQkF.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Re: gentoo-user@lists.gentoo.org

2015-12-09 Thread Alan McKinnon 
On 10/12/2015 02:08, walt wrote:
> On Tue, 8 Dec 2015 19:00:20 +0200
> Alan McKinnon  wrote:
> 
>> Allow me to translate the Google-speak:
>>
>> "less secure mail app" really means "a really shitty auth method that
>> isn't our (Google's) auth method". So click the (rather well-hidden)
>> button in Gmail's interface and go back to the really shitty auth
>> method we all used just fine for 10+ years already.
> 
> Sounds like it's still grumpy Scotsman day.
> 
> This is a test email to discover if you really have a gmail account,
> and, if so, how often you check it for new email.
> 
> I'll be happy to explain the origin of "grumpy Scotsman" if this test
> succeeds.
> 

Hello walt,

Yes it's me and this is a valid account, it's in constant use.


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] Re: gentoo-user@lists.gentoo.org

2015-12-09 Thread Mick 
On Thursday 10 Dec 2015 06:51:45 Alan McKinnon wrote:
> On 10/12/2015 02:08, walt wrote:
> > On Tue, 8 Dec 2015 19:00:20 +0200
> > 
> > Alan McKinnon  wrote:
> >> Allow me to translate the Google-speak:
> >> 
> >> "less secure mail app" really means "a really shitty auth method that
> >> isn't our (Google's) auth method". So click the (rather well-hidden)
> >> button in Gmail's interface and go back to the really shitty auth
> >> method we all used just fine for 10+ years already.
> > 
> > Sounds like it's still grumpy Scotsman day.
> > 
> > This is a test email to discover if you really have a gmail account,
> > and, if so, how often you check it for new email.
> > 
> > I'll be happy to explain the origin of "grumpy Scotsman" if this test
> > succeeds.
> 
> Hello walt,
> 
> Yes it's me and this is a valid account, it's in constant use.

OK, this must be a good 2FA then?  ;-)

Walt's test worked for me too.

I wouldn't say that the old auth method is sh*tty as Alan asserts, but Google 
in their wisdom wanted to deal with all sort of new apps authenticating with 
user credentials into their mail servers, without revealing to intermediaries 
(e.g. ISPs, hackers, app server admins) the Google user credentials.  They 
could have done this by adding CRAM, SCRAM, et al. in their POP3/IMAP4/SMTP 
authentication, rather than keeping AUTH=PLAIN, but instead they chose to 
follow MSoft's embrace-extend-extinguish strategy by creating their own 
tokenising standard over https.  In other words, using time honoured mail 
client protocols alone is not good enough for Google and you have to use a 
browser as well.  Of course, we all know how  secure browsers are.

The world is changing from classic mail clients and protocols to mobile apps, 
mobile apps running on (proxy) servers in foreign countries and an awful lot 
of bad code, which can be exploited.  There may be cleverer ways to resolve 
this problem, while still adhering to mail protocols, but Google has decided 
to move us all to a protocol (http) where they reign supreme.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: Gentoo net0 - auto resetting - very impressed

2015-09-16 Thread Alan McKinnon 
On 16/09/2015 00:49, the...@sys-concept.com wrote:
> On 09/15/2015 01:58 PM, Alan McKinnon wrote:
>> On 15/09/2015 21:53, the...@sys-concept.com wrote:
> [snip]
>>
 Yea, I almost had mine working but I just got tired of hacking
 away at it. It would be more straightforward to take an rpm or deb
 package and use it. Folks have made specific models work, but, it
 is a bit of work.

 'eix -R brother' shows quite a few overlays (ebuilds) that cover
 a range of brother printers, should you desire to hack that route.
>>>
>>>
>>> To install brother printer just follow these steps from Gentoo forum:
>>> https://forums.gentoo.org/viewtopic-t-909052-highlight-brother.html
>>
>>
>>
>> Or just don't install Brother printers. They are utter crap and why
>> anyone gives them desk space is beyond me. It's not like they are
>> expensive either, toss 'em and buy something real.
>>
>> Recent Samsung, Epson and everything supported by hplip all work great.
> 
> I had a different experience with Samsung printers.  I bought one model
> and it had a big bold letters that it works with Linux.
> When I try to install printer driver, it was impossible. It came with
> some kind of script the relied on an old/obsolete library so it was
> impossible to install it.

Samsung did that once 10 years ago, and slashdot made them pay with
ridicule.

Samsung is a very unusual company, they take note of their mistakes and
fix them very quickly. Their latest printers do not make that same
stupid mistake; mine is a recent colour laser and the cheapest in the
range. Doesn't even have a display or keyboard so it creates it's own
ad-hoc wifi connection so you can connect and configure in a browser.
Once it's on your real network, it all JustWorks(tm) and understands
postscript, PCL, SPL and ipp.

Drivers? What drivers? It's bog standard PCL so the generic ppds all
work. None of this stupid bloody nonsense of the printer implementing a
weird once-off control language that only works on one model and is a
pain to set up. The value in a printer is fast, accurate printing with
cost-effective inks/toners and that doesn't piss off the customer base.

Samsung knows this and it's apparent in all there products for years
now. Witness their Android phones

> 
> On Fedora, script installs brother printer base on Brother source
> web-page driver, it works perfectly.  On Gentoo it is a manual/painful
> setup if you doing it the first time.


This has been explained to you several times already. Fedora takes pains
to automate such things as-shipped as a convenience for their userbase.
It's their contract with them and at the heart of the distro they build.

Gentoo does not offer such a distro. Gentoo offers a highly customizable
source-based distro where you can get what _you_ want, the price you pay
is that you have to do the nice neat user-facing convenience parts
yourself - things like drivers, icon themes, choice of wm and more.
Gentoo has never, and never will, offer an ebuild like that brother
printer by default.


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] Re: Gentoo net0 - auto resetting - very impressed

2015-09-15 Thread thelma 
On 09/15/2015 01:58 PM, Alan McKinnon wrote:
> On 15/09/2015 21:53, the...@sys-concept.com wrote:
[snip]
>
>>> Yea, I almost had mine working but I just got tired of hacking
>>> away at it. It would be more straightforward to take an rpm or deb
>>> package and use it. Folks have made specific models work, but, it
>>> is a bit of work.
>>>
>>> 'eix -R brother' shows quite a few overlays (ebuilds) that cover
>>> a range of brother printers, should you desire to hack that route.
>>
>>
>> To install brother printer just follow these steps from Gentoo forum:
>> https://forums.gentoo.org/viewtopic-t-909052-highlight-brother.html
> 
> 
> 
> Or just don't install Brother printers. They are utter crap and why
> anyone gives them desk space is beyond me. It's not like they are
> expensive either, toss 'em and buy something real.
> 
> Recent Samsung, Epson and everything supported by hplip all work great.

I had a different experience with Samsung printers.  I bought one model
and it had a big bold letters that it works with Linux.
When I try to install printer driver, it was impossible. It came with
some kind of script the relied on an old/obsolete library so it was
impossible to install it.

On Fedora, script installs brother printer base on Brother source
web-page driver, it works perfectly.  On Gentoo it is a manual/painful
setup if you doing it the first time.

Thelma

Re: [gentoo-user] Re: Gentoo net0 - auto resetting - very impressed

2015-09-15 Thread Alan McKinnon 
On 15/09/2015 21:53, the...@sys-concept.com wrote:
> On 09/15/2015 01:47 PM, james wrote:
>>   sys-concept.com> writes:
>>
>>
>>
>>> Lately I've installed Fedora core on my old eeepc and I very impressed
>>> with the printer installation.  Fedora automatically recognized my
>>> Brother HL-5730 printer and installed printer driver for it.
>>
>> I have a brother J6710-DW printer that I have tried, unsuccessfully
>> in the past to set up on Gentoo. Brother is borked on Gentoo. Don't believe
>> me read the recent post from Patrick Lauer on planet.gentoo.org. Patrick
>> offer up a simplified way that he was able to get his brother printer
>> running via IPP and a postscript filter.
>>
>>
>>> I wish Gentoo would be able to do it as well some day.
>>
>> Yea, I almost had mine working but I just got tired of hacking
>> away at it. It would be more straightforward to take an rpm or deb
>> package and use it. Folks have made specific models work, but, it
>> is a bit of work.
>>
>> 'eix -R brother' shows quite a few overlays (ebuilds) that cover
>> a range of brother printers, should you desire to hack that route.
> 
> 
> To install brother printer just follow these steps from Gentoo forum:
> https://forums.gentoo.org/viewtopic-t-909052-highlight-brother.html



Or just don't install Brother printers. They are utter crap and why
anyone gives them desk space is beyond me. It's not like they are
expensive either, toss 'em and buy something real.

Recent Samsung, Epson and everything supported by hplip all work great.


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] Re: Gentoo net0 - auto resetting - very impressed

2015-09-15 Thread thelma 
On 09/15/2015 01:47 PM, james wrote:
>   sys-concept.com> writes:
> 
> 
> 
>> Lately I've installed Fedora core on my old eeepc and I very impressed
>> with the printer installation.  Fedora automatically recognized my
>> Brother HL-5730 printer and installed printer driver for it.
> 
> I have a brother J6710-DW printer that I have tried, unsuccessfully
> in the past to set up on Gentoo. Brother is borked on Gentoo. Don't believe
> me read the recent post from Patrick Lauer on planet.gentoo.org. Patrick
> offer up a simplified way that he was able to get his brother printer
> running via IPP and a postscript filter.
> 
> 
>> I wish Gentoo would be able to do it as well some day.
> 
> Yea, I almost had mine working but I just got tired of hacking
> away at it. It would be more straightforward to take an rpm or deb
> package and use it. Folks have made specific models work, but, it
> is a bit of work.
> 
> 'eix -R brother' shows quite a few overlays (ebuilds) that cover
> a range of brother printers, should you desire to hack that route.


To install brother printer just follow these steps from Gentoo forum:
https://forums.gentoo.org/viewtopic-t-909052-highlight-brother.html


Thelma

Re: [gentoo-user] Re: Gentoo on Android and the problem of space

2015-07-31 Thread Meino . Cramer 
James wirel...@tampabay.rr.com [15-08-01 04:28]:
  Meino.Cramer at gmx.de writes:
 
  on my tablet PC I used an Android App called Linux deploy 
  to install an chroot-environment for - guess - Gentoo. :)
 
  The tablet has a SDcard slot and recognizes any FAT32 formatted
  SDcard automatically. Anything else will silently be ignored.
 
  Furthermore Linux deploy uses a single file when it is
  pointed to an external SDcard (with FAT32) which is mounted
  via a loop device, formatted ext4, and then populated with 
  the Gentoo Linux files.
 
 
 Hello Meino,
 
 I'm not sure tinhat will suit your needs.
 I'm not sure this will work, but if it does it might jubt be very
 cool and quick:
 
 
 http://opensource.dyc.edu/tinhat
 
 
 I'd be curious if anyone has uploaded such to an existing tablet
 computer.
 
 
 
 hth,
 James
 
 


Hi James,

Thank you for the link, James ! :)

But I am not in search of a totally different distribution...I am
looking for more space for my current one... :)

Best regards,
Meino

Re: [gentoo-user] Re: Gentoo on Android and the problem of space

2015-07-31 Thread Francisco Ares 
2015-08-01 0:09 GMT-03:00 meino.cra...@gmx.de:

 James wirel...@tampabay.rr.com [15-08-01 04:28]:
   Meino.Cramer at gmx.de writes:
 
   on my tablet PC I used an Android App called Linux deploy
   to install an chroot-environment for - guess - Gentoo. :)
 
   The tablet has a SDcard slot and recognizes any FAT32 formatted
   SDcard automatically. Anything else will silently be ignored.
 
   Furthermore Linux deploy uses a single file when it is
   pointed to an external SDcard (with FAT32) which is mounted
   via a loop device, formatted ext4, and then populated with
   the Gentoo Linux files.
 
 
  Hello Meino,
 
  I'm not sure tinhat will suit your needs.
  I'm not sure this will work, but if it does it might jubt be very
  cool and quick:
 
 
  http://opensource.dyc.edu/tinhat
 
 
  I'd be curious if anyone has uploaded such to an existing tablet
  computer.
 
 
 
  hth,
  James
 
 


 Hi James,

 Thank you for the link, James ! :)

 But I am not in search of a totally different distribution...I am
 looking for more space for my current one... :)

 Best regards,
 Meino




Hi,

Just my 2 cents: my tablet knows about NTFS; it reads and writes in an 8G
portable flash drive formated that way. It is slow, but it works.

Best regards,
Francisco

Re: [gentoo-user] Re: Gentoo on Android and the problem of space

2015-07-31 Thread Meino . Cramer 
James wirel...@tampabay.rr.com [15-08-01 04:29]:
  Meino.Cramer at gmx.de writes:
 
 
  on my tablet PC I used an Android App called Linux deploy 
  to install an chroot-environment for - guess - Gentoo. :)
 
 Meino,
 
 I just ran across a gentoo project you might find interesting. If nothhing
 else the author will probably be an excellent source of information
 for you::
 
 https://wiki.gentoo.org/wiki/Project:Android
 
 PS, I've got an old android tablet buried somewhere in my lab
 It's a samsung and I'm looking for the charger.
 Once you are successful, I look forward to following your wiki
 page to test what you figure out!
 
 
 hth,
 James
 

Hi James,

Thanks for the link again ! :) :) :)

From this
https://wiki.gentoo.org/wiki/Project:Android/FAQ
I get the impression, that this Gentoo is for ARM based platforms.
My budget tablet runs on a Intel Atom Bay Trail ZF3745 Quad Core.

I am quite happy with what Linux Deploy does and how it works.

I only need more space in my filesystem so I am looking for a 
solution for that problem first before installing other distribution
or projects.

Best regards,
Meino

Re: [gentoo-user] Re: Gentoo on Arm64

2015-07-03 Thread Raffaele BELARDI 
James wrote:
 I don't have links to pre-built images and never used gentoo embedded.
 Here we use a GCC cross-toolchain, build the kernel from scratch and the
 rootfs with buildroot on the host, copy to an SDCard and boot our
 embedded system from there.

 OK, any additional info on setting up your cross-toolchain ?

Sorry, that was done by a different group, I don't know the details. The 
gcc prefix is arm-v7-linux-ucliceabi- so I gather we are using uclib. I 
the past I used Codesourcery for ARM, it was quite easy to set up.

 The bootloader is pre-programmed through
 JTAG to embedded flash. Application debugging is done with gdbserver
 running on the target communicating through ethernet connection to the host.

 Do you have a working JTAG? If so any details of the components, software
 and configs would be keenly appreciated.

I think we use JTAG to download a small code into the SoC embedded RAM 
that programs the flash but again it's something I receive already 
programmed. You obviously could use the JTAG for application debugging 
but I find gdb/gdbserver much more convenient. I know it's also possible 
to access the JTAG from the GDB with openocd but I've never used it.

raffaele

  1   2   3   4   5   >