Re: xorg: Maximum number of clients reached
I need to install and check. On Jun 12, 2015 4:20 PM, "Michael Butash" wrote: > Stephen, out of curiosity, what does your xrandr show as a max > framebuffer size on your quadro? > > mb@host:~$ xrandr | grep maximum > Screen 0: minimum 320 x 200, current 11520 x 1200, maximum 16384 x 16384 > > This was a big limiter for me, in the past I couldn't figure out why my > old ATI 5800 card with 6 ports wouldn't support a full, single framebuffer, > but was internally limited to 8192x8192, with the 6xxx+ supporting > 16384x16384. Xorg wasn't too forthcoming with that info, and it was prior > to xrandr support in their drivers, so totally left me scratching my head > until escalating with AMD support to an engineer with a clue that told me > that. > > With the advent of 4k displays, they still seem limited to that, which > means I can only do 4x wide until vendors give to open that up. > > Thanks! > > -mb > > > On 06/12/2015 03:55 PM, Michael Butash wrote: > > Next time I have an absolute need to upgrade hardware, I plan on avoiding > ati/amd at all costs. After dealing with them for a good 5 years as the > only real viable option to run my displays, only to be wrought with > constant disappointment, problems, and frustration. Buying highly > overpriced quadro cards might be money well spent at this point, but I > still despise nvidia that they're really little other than rebranded, and > marked-up normal video cards with driver-locked (to bios-id) features. > > That said, going to set up some ebay agents to look for decent quadro's to > snipe. I had good luck getting my last few amd cards that way on the > cheap, gotta love jbidwatcher for cheating some other person with a > last-second bid. > > Thanks as always for the input Stephen. > > -mb > > > On 06/12/2015 03:20 PM, Stephen Partington wrote: > > I have almost given up on ATI, if i want just multiple screens i would > look into the Quadro NVS cards. Such as the NVS 510 or the K1200. They may > be very proprietary to get running, but my success with Nvidia cards in > both linux and windows really makes it worthwhile. These cards will only do > a single monitor, but they are cheap enough to run 2 cards with reasonable > usability. or one NVS and one more Gamer friendly card. > > > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail > settings:http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: xorg: Maximum number of clients reached
Stephen, out of curiosity, what does your xrandr show as a max framebuffer size on your quadro? mb@host:~$ xrandr | grep maximum Screen 0: minimum 320 x 200, current 11520 x 1200, maximum 16384 x 16384 This was a big limiter for me, in the past I couldn't figure out why my old ATI 5800 card with 6 ports wouldn't support a full, single framebuffer, but was internally limited to 8192x8192, with the 6xxx+ supporting 16384x16384. Xorg wasn't too forthcoming with that info, and it was prior to xrandr support in their drivers, so totally left me scratching my head until escalating with AMD support to an engineer with a clue that told me that. With the advent of 4k displays, they still seem limited to that, which means I can only do 4x wide until vendors give to open that up. Thanks! -mb On 06/12/2015 03:55 PM, Michael Butash wrote: Next time I have an absolute need to upgrade hardware, I plan on avoiding ati/amd at all costs. After dealing with them for a good 5 years as the only real viable option to run my displays, only to be wrought with constant disappointment, problems, and frustration. Buying highly overpriced quadro cards might be money well spent at this point, but I still despise nvidia that they're really little other than rebranded, and marked-up normal video cards with driver-locked (to bios-id) features. That said, going to set up some ebay agents to look for decent quadro's to snipe. I had good luck getting my last few amd cards that way on the cheap, gotta love jbidwatcher for cheating some other person with a last-second bid. Thanks as always for the input Stephen. -mb On 06/12/2015 03:20 PM, Stephen Partington wrote: I have almost given up on ATI, if i want just multiple screens i would look into the Quadro NVS cards. Such as the NVS 510 or the K1200. They may be very proprietary to get running, but my success with Nvidia cards in both linux and windows really makes it worthwhile. These cards will only do a single monitor, but they are cheap enough to run 2 cards with reasonable usability. or one NVS and one more Gamer friendly card. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: xorg: Maximum number of clients reached
Next time I have an absolute need to upgrade hardware, I plan on avoiding ati/amd at all costs. After dealing with them for a good 5 years as the only real viable option to run my displays, only to be wrought with constant disappointment, problems, and frustration. Buying highly overpriced quadro cards might be money well spent at this point, but I still despise nvidia that they're really little other than rebranded, and marked-up normal video cards with driver-locked (to bios-id) features. That said, going to set up some ebay agents to look for decent quadro's to snipe. I had good luck getting my last few amd cards that way on the cheap, gotta love jbidwatcher for cheating some other person with a last-second bid. Thanks as always for the input Stephen. -mb On 06/12/2015 03:20 PM, Stephen Partington wrote: I have almost given up on ATI, if i want just multiple screens i would look into the Quadro NVS cards. Such as the NVS 510 or the K1200. They may be very proprietary to get running, but my success with Nvidia cards in both linux and windows really makes it worthwhile. These cards will only do a single monitor, but they are cheap enough to run 2 cards with reasonable usability. or one NVS and one more Gamer friendly card. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: xorg: Maximum number of clients reached
I have almost given up on ATI, if i want just multiple screens i would look into the Quadro NVS cards. Such as the NVS 510 or the K1200. They may be very proprietary to get running, but my success with Nvidia cards in both linux and windows really makes it worthwhile. These cards will only do a single monitor, but they are cheap enough to run 2 cards with reasonable usability. or one NVS and one more Gamer friendly card. On Fri, Jun 12, 2015 at 3:14 PM, Michael Butash wrote: > Looking at those results after responding, I noticed I only have 5 okular > instances open, the pdf reader (sadly I stay mired in pdf documentation > often), when it's spawning 13 xclient sessions. I wonder if this is just > being stupid is what's blowing it out somehow. > > PDF's, another bit lf legacy windoze technology I wish would die. I hate > adobe, but it's become defacto for doc standards when libreoffice vs. > openoffice vs. microsith office stay in a pissing match with each other. > > -mb > > > > On 06/12/2015 02:56 PM, Michael Butash wrote: > >> Thanks for the comments Matt - in line. >> >> On 06/12/2015 02:18 PM, Matt Graham wrote: >> >>> On 2015-06-11 17:20, Michael Butash wrote: >>> [X reaching a maximum number of clients is a problem] in that it simply refuses to open new [X clients], and [I] find this happens more and more these days. Am I like the only actual person to use linux these days that this occurs with? >>> >>> I've never seen this happen. What do you get when this is happening and >>> you do "xlsclients | sort | uniq -c" ? I currently have 64 X clients >>> running here. Most KDE things show up as 2 or 3 X clients. plasma-desktop >>> shows up as 20. firefox shows up as 1. >>> >> I was actually trying to remember that command as I've seen it referenced >> and checked before, so thanks for that. >> >> Every now and then problem will piss me off royally as literally my pc >> won't be able to wake my monitors up out of dpms sleep because of this >> (presumably), thus I have to hard reboot. Odd part is when it freaks like >> this, even ssh'ing in from my laptop, killing some pids (ie. >> chrome|chromium I have an xargs script I keep to seek and destroy all), and >> it still won't wake then. I need add something to watch these... >> >> After it did this the other day upon composition of the email, I killed >> the chrom*'s, and it's been a bit stable. xrestop was another that was >> recommended to watch, but by the time I hit that limit, even xrestop gives >> me the "max number of clients reached", even though a cli application... >> >> Another way I know my system is almost ready to implode is waking up out >> of monitor sleep, expecting to see the simple-locker screen, rather I see a >> full desktop, unhidden, but I can't actually click on anything. Yeah, so >> much for privacy/security, but at least someone couldn't interact with it. >> It requires me to ctrl-alt-F1, switch to a tty, and back to F7 to see the >> locker again, unlock, and actually use my desktop. Seem another byproduct >> of xorg freaking out. >> >> At the (working) moment... >> >> mb@host:~$ xlsclients | sort | wc -l >> 144 >> mb@host:~$ xlsclients | sort | uniq -c >> 1 host baloo_file >> 1 host bamfdaemon >> 1 host Banshee >> 1 host blueman-applet >> 1 host cairo-dock >> 1 host chromium-browser >> 1 host dolphin >> 1 host eom >> 1 host evince >> 1 host gcalctool >> 1 host gkrellm >> 1 host gnome-terminal >> 1 host ibus-ui-gtk3 >> 1 host ibus-x11 >> 1 host kactivitymanagerd >> 3 host kded4 >> 1 host 'kdeinit4: kded4 [kdeinit]' >> 1 host 'kdeinit4: ksmserver [kdeinit]' >> 1 host kglobalaccel >> 1 host klipper >> 1 host kmix >> 1 host knotify4 >> 1 host konsole >> 1 host korgac >> 1 host krunner >> 2 host ksmserver >> 1 host kuiserver >> 1 host kwalletd >> 6 host kwin >> 1 host mate-screensaver >> 1 host nautilus >> 5 host okular >> 1 host pavucontrol >> 1 host Pidgin >> 1 host plasma-desktop >> 1 host pluma >> 1 host polkit-kde-authentication-agent-1 >> 1 host soffice.bin >> 1 host thunderbird >> 1 host transmission-remote-gtk >> 2 host /usr/bin/baloo_file >> 3 host /usr/bin/dolphin >> 1 host /usr/bin/kactivitymanagerd >> 2 host /usr/bin/kglobalaccel >> 3 host /usr/bin/klipper >> 8 host /usr/bin/kmix >> 8 host /usr/bin/konsole >> 2 host /usr/bin/korgac >> 3 host /usr/bin/krunner >> 2 host /usr/bin/kuiserver >> 2 host /usr/bin/kwalletd >> 13 host /usr/bin/okular >> 29 host /usr/bin/plasma-desktop >> 2 host /usr/lib/kde4/libexec/polkit-kde-authentication-agent-1 >> 2 host /usr/lib/libreoffice/program/soffice.bin >> 1 host /usr/l
Re: xorg: Maximum number of clients reached
Looking at those results after responding, I noticed I only have 5 okular instances open, the pdf reader (sadly I stay mired in pdf documentation often), when it's spawning 13 xclient sessions. I wonder if this is just being stupid is what's blowing it out somehow. PDF's, another bit lf legacy windoze technology I wish would die. I hate adobe, but it's become defacto for doc standards when libreoffice vs. openoffice vs. microsith office stay in a pissing match with each other. -mb On 06/12/2015 02:56 PM, Michael Butash wrote: Thanks for the comments Matt - in line. On 06/12/2015 02:18 PM, Matt Graham wrote: On 2015-06-11 17:20, Michael Butash wrote: [X reaching a maximum number of clients is a problem] in that it simply refuses to open new [X clients], and [I] find this happens more and more these days. Am I like the only actual person to use linux these days that this occurs with? I've never seen this happen. What do you get when this is happening and you do "xlsclients | sort | uniq -c" ? I currently have 64 X clients running here. Most KDE things show up as 2 or 3 X clients. plasma-desktop shows up as 20. firefox shows up as 1. I was actually trying to remember that command as I've seen it referenced and checked before, so thanks for that. Every now and then problem will piss me off royally as literally my pc won't be able to wake my monitors up out of dpms sleep because of this (presumably), thus I have to hard reboot. Odd part is when it freaks like this, even ssh'ing in from my laptop, killing some pids (ie. chrome|chromium I have an xargs script I keep to seek and destroy all), and it still won't wake then. I need add something to watch these... After it did this the other day upon composition of the email, I killed the chrom*'s, and it's been a bit stable. xrestop was another that was recommended to watch, but by the time I hit that limit, even xrestop gives me the "max number of clients reached", even though a cli application... Another way I know my system is almost ready to implode is waking up out of monitor sleep, expecting to see the simple-locker screen, rather I see a full desktop, unhidden, but I can't actually click on anything. Yeah, so much for privacy/security, but at least someone couldn't interact with it. It requires me to ctrl-alt-F1, switch to a tty, and back to F7 to see the locker again, unlock, and actually use my desktop. Seem another byproduct of xorg freaking out. At the (working) moment... mb@host:~$ xlsclients | sort | wc -l 144 mb@host:~$ xlsclients | sort | uniq -c 1 host baloo_file 1 host bamfdaemon 1 host Banshee 1 host blueman-applet 1 host cairo-dock 1 host chromium-browser 1 host dolphin 1 host eom 1 host evince 1 host gcalctool 1 host gkrellm 1 host gnome-terminal 1 host ibus-ui-gtk3 1 host ibus-x11 1 host kactivitymanagerd 3 host kded4 1 host 'kdeinit4: kded4 [kdeinit]' 1 host 'kdeinit4: ksmserver [kdeinit]' 1 host kglobalaccel 1 host klipper 1 host kmix 1 host knotify4 1 host konsole 1 host korgac 1 host krunner 2 host ksmserver 1 host kuiserver 1 host kwalletd 6 host kwin 1 host mate-screensaver 1 host nautilus 5 host okular 1 host pavucontrol 1 host Pidgin 1 host plasma-desktop 1 host pluma 1 host polkit-kde-authentication-agent-1 1 host soffice.bin 1 host thunderbird 1 host transmission-remote-gtk 2 host /usr/bin/baloo_file 3 host /usr/bin/dolphin 1 host /usr/bin/kactivitymanagerd 2 host /usr/bin/kglobalaccel 3 host /usr/bin/klipper 8 host /usr/bin/kmix 8 host /usr/bin/konsole 2 host /usr/bin/korgac 3 host /usr/bin/krunner 2 host /usr/bin/kuiserver 2 host /usr/bin/kwalletd 13 host /usr/bin/okular 29 host /usr/bin/plasma-desktop 2 host /usr/lib/kde4/libexec/polkit-kde-authentication-agent-1 2 host /usr/lib/libreoffice/program/soffice.bin 1 host /usr/lib/virtualbox/VirtualBox 2 host /usr/lib/virtualbox/VirtualBox --comment shitxp --startvm 81289eb9-7de8-492c-9a4f-56977a2b8eca --no-startvm-errormsgbox 1 host vino-server 2 host VirtualBox 1 host vmware 1 host vmware-tray 1 host vmware-unity-helper 1 '' /usr/lib/libreoffice/program/soffice I made a note on my desktop (dry erase pen + glass tabletop == best whiteboard ever) to check that next time it freaks out. I've seen reports of this, stating it's a hard-coded thing in xorg code, which I find entirely asinine It probably seemed like a reasonable assumption back when the X11 protocol was designed that an X client would only make 1 connection to the server, and that having 256 or 512 X clients at once was enough. I
Re: xorg: Maximum number of clients reached
I've been somewhat waiting for some sign from above that Wayland is actually a real, usable piece of software, as it's been hyped as "xorg, but doesn't suck". My limiters are fglrx support (again, my damn 6-head ati card), and decent support for window environments, mostly kde I use on everything now. At your mention, I looked at Wayland as it's been a while, and still seems like a tech demo more than a usable product. http://blog.martin-graesslin.com/blog/2013/06/starting-a-full-kde-plasma-session-in-wayland/ http://linuxg.net/how-to-install-kde-plasma-5-on-kubuntu-14-04-kubuntu-14-10-and-linux-mint-17-kde/ I did try the oss ati driver vs. fglrx, and sadly it was only seeing one monitor, wanting to only replicate the output across all 6. Scratch. Ubuntu/compiz is just out of the question, I tried lxde, mint (cinnamon/mate), gnomeshell, and more or less hate them all vs. kde that remains the most usable/bug-free. I might try that second link later and see how my mileage might vary, but I'm still stuck on using kde as the least sucky (usable) desktop out there atm. I did try lxde with marco as a compositor, but it was as buggy, or worse than compiz in dealing with my giant 11520x1200 framebuffer. So far Kwin is the least buggy at it, and I still can't spawn an opengl game without it flickering like an epilepsy-inducing apparatus by design as they all do. Apparently no one considers someone might actually try and make 6 displays work, aside from me of course, but then the rest of the x issues just compound it to make that the least of my worries. I had designs to replace my 6x displays with 3x 4k res displays (11520x2160), but I need to see this will even work stable before bothering. -mb On 06/11/2015 08:09 PM, Stephen Partington wrote: Have you tried weyland yet to see if it is any improvement? I think fedora has a build running weyland. (memory is fuzzy on this one.) On Jun 11, 2015 5:20 PM, "Michael Butash"wrote: So this seems to be a big problem for me, in that it simply refuses to open new apps, and find this happens more and more these days. Am I like the only actual person to use linux these days that this occurs with? I've seen reports of this, stating it's a hard-coded thing in xorg code, which I find entirely asinine, but seems a reality when using Chrome/Chromium that launches some 300 flocks on various things, and blows out the 256/512 client count on xorg. I find this almost stupid, and feel I'm back to the days of windoze me having to reboot every other day. Reality is I have 3 chrome profiles open, some pdfs, libreoffice, some chrome apps, some file manager windows (dolphin/kde), and not much else. Sort of want to punch someone in the face when I see this - someone is obviously doing something wrong, and really can't see why. All I can ever think is really, am I the only person that really "uses" a linux desktop to see these? Uninstalling pepperflash, or any flash vermin, seems to have done some good, no longer causing a persistent memory leak in xorg/fglrx drivers, but otherwise chrome|chromium still seems an absolute basketcase under linux, forgetting there are resource limits they should consider adhering to. -mb --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: xorg: Maximum number of clients reached
Thanks for the comments Matt - in line. On 06/12/2015 02:18 PM, Matt Graham wrote: On 2015-06-11 17:20, Michael Butash wrote: [X reaching a maximum number of clients is a problem] in that it simply refuses to open new [X clients], and [I] find this happens more and more these days. Am I like the only actual person to use linux these days that this occurs with? I've never seen this happen. What do you get when this is happening and you do "xlsclients | sort | uniq -c" ? I currently have 64 X clients running here. Most KDE things show up as 2 or 3 X clients. plasma-desktop shows up as 20. firefox shows up as 1. I was actually trying to remember that command as I've seen it referenced and checked before, so thanks for that. Every now and then problem will piss me off royally as literally my pc won't be able to wake my monitors up out of dpms sleep because of this (presumably), thus I have to hard reboot. Odd part is when it freaks like this, even ssh'ing in from my laptop, killing some pids (ie. chrome|chromium I have an xargs script I keep to seek and destroy all), and it still won't wake then. I need add something to watch these... After it did this the other day upon composition of the email, I killed the chrom*'s, and it's been a bit stable. xrestop was another that was recommended to watch, but by the time I hit that limit, even xrestop gives me the "max number of clients reached", even though a cli application... Another way I know my system is almost ready to implode is waking up out of monitor sleep, expecting to see the simple-locker screen, rather I see a full desktop, unhidden, but I can't actually click on anything. Yeah, so much for privacy/security, but at least someone couldn't interact with it. It requires me to ctrl-alt-F1, switch to a tty, and back to F7 to see the locker again, unlock, and actually use my desktop. Seem another byproduct of xorg freaking out. At the (working) moment... mb@host:~$ xlsclients | sort | wc -l 144 mb@host:~$ xlsclients | sort | uniq -c 1 host baloo_file 1 host bamfdaemon 1 host Banshee 1 host blueman-applet 1 host cairo-dock 1 host chromium-browser 1 host dolphin 1 host eom 1 host evince 1 host gcalctool 1 host gkrellm 1 host gnome-terminal 1 host ibus-ui-gtk3 1 host ibus-x11 1 host kactivitymanagerd 3 host kded4 1 host 'kdeinit4: kded4 [kdeinit]' 1 host 'kdeinit4: ksmserver [kdeinit]' 1 host kglobalaccel 1 host klipper 1 host kmix 1 host knotify4 1 host konsole 1 host korgac 1 host krunner 2 host ksmserver 1 host kuiserver 1 host kwalletd 6 host kwin 1 host mate-screensaver 1 host nautilus 5 host okular 1 host pavucontrol 1 host Pidgin 1 host plasma-desktop 1 host pluma 1 host polkit-kde-authentication-agent-1 1 host soffice.bin 1 host thunderbird 1 host transmission-remote-gtk 2 host /usr/bin/baloo_file 3 host /usr/bin/dolphin 1 host /usr/bin/kactivitymanagerd 2 host /usr/bin/kglobalaccel 3 host /usr/bin/klipper 8 host /usr/bin/kmix 8 host /usr/bin/konsole 2 host /usr/bin/korgac 3 host /usr/bin/krunner 2 host /usr/bin/kuiserver 2 host /usr/bin/kwalletd 13 host /usr/bin/okular 29 host /usr/bin/plasma-desktop 2 host /usr/lib/kde4/libexec/polkit-kde-authentication-agent-1 2 host /usr/lib/libreoffice/program/soffice.bin 1 host /usr/lib/virtualbox/VirtualBox 2 host /usr/lib/virtualbox/VirtualBox --comment shitxp --startvm 81289eb9-7de8-492c-9a4f-56977a2b8eca --no-startvm-errormsgbox 1 host vino-server 2 host VirtualBox 1 host vmware 1 host vmware-tray 1 host vmware-unity-helper 1 '' /usr/lib/libreoffice/program/soffice I made a note on my desktop (dry erase pen + glass tabletop == best whiteboard ever) to check that next time it freaks out. I've seen reports of this, stating it's a hard-coded thing in xorg code, which I find entirely asinine It probably seemed like a reasonable assumption back when the X11 protocol was designed that an X client would only make 1 connection to the server, and that having 256 or 512 X clients at once was enough. I don't have the Xorg source here so can't find where this is set, either. https://unix.stackexchange.com/questions/25273/what-is-the-max-number-of-x-clients Chrome/Chromium that launches some 300 flocks on various things, and blows out the 256/512 client count on xorg. What did you mean by "flocks"? If Chrome creates a separate X client for every browser tab, that'd probably cause stupidity, but I could see it doing that. (Having fewer than 30 tabs open at any given time would fix that if it were the case.) File locks, or rather
Re: xorg: Maximum number of clients reached
On 2015-06-11 17:20, Michael Butash wrote: [X reaching a maximum number of clients is a problem] in that it simply refuses to open new [X clients], and [I] find this happens more and more these days. Am I like the only actual person to use linux these days that this occurs with? I've never seen this happen. What do you get when this is happening and you do "xlsclients | sort | uniq -c" ? I currently have 64 X clients running here. Most KDE things show up as 2 or 3 X clients. plasma-desktop shows up as 20. firefox shows up as 1. I've seen reports of this, stating it's a hard-coded thing in xorg code, which I find entirely asinine It probably seemed like a reasonable assumption back when the X11 protocol was designed that an X client would only make 1 connection to the server, and that having 256 or 512 X clients at once was enough. I don't have the Xorg source here so can't find where this is set, either. Chrome/Chromium that launches some 300 flocks on various things, and blows out the 256/512 client count on xorg. What did you mean by "flocks"? If Chrome creates a separate X client for every browser tab, that'd probably cause stupidity, but I could see it doing that. (Having fewer than 30 tabs open at any given time would fix that if it were the case.) I have 3 chrome profiles open, some pdfs, libreoffice, some chrome apps, some file manager windows (dolphin/kde), and not much else. [...] am I the only person that really "uses" a linux desktop to see these? Obviously not if you found some other people complaining on a search engine. First thing to do is figure out which program is causing the stupidity. I was surprised to see 20 plasma-desktop clients here, because plasma applets are useless and I didn't think I had any of them running at all. -- Crow202 Blog: http://crow202.org/wordpress There is no Darkness in Eternity But only Light too dim for us to see. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How RedHat Backports Vulnerability Fixes
On 06/12/2015 11:12 AM, Keith Smith wrote: On 2015-06-12 10:43, der.hans wrote: Am 12. Jun, 2015 schwätzte Keith Smith so: I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. You would think. I used to think so too, before having to deal with various qsa's throughout the years. Most I find to be lacking, in either real or practical knowledge, especially when it comes to more nebulous things like networks and how they play into security. Seemingly nothing more than glorified tech writers pushing some automagical "scan and make report go" button. Case in point, I had one tell me that trunking/802.1q was "insecure" (requiring huge changes from "normal" physical deployment a sane network guy might deploy), but hey, my MPLS network, also using dot1q, was just dandy. Mostly because they didn't know what mpls presumably even did, which was even more extensive logical separation than even dot1q, and just as prone to abuse/misconfiguration should someone bleed routes between tables of organizations in a service provider network accidentally. Same one also just glossed over the 50-60k firewall rules we had involved, more just happy we simply had one, with or without an explicit permit any. Of course, inherently insecure applications or systems can always have "mitigating controls" documented that in my experiences equals sleight of hand, putting some voodoo appliance in front of it they know even less about, or host security software that has McAfee or Symmantec in the name, but as long as it's called a *security* something, it makes it quite ok suddenly. Target, Home Depot, and all the others you never hear about being exploited for your pci/pii data are good examples of how useless the certification really is, other than as another profit center for firms selling the audit services. -mb --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How RedHat Backports Vulnerability Fixes
Am 12. Jun, 2015 schwätzte Keith Smith so: On 2015-06-12 10:43, der.hans wrote: Am 12. Jun, 2015 schwätzte Keith Smith so: I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. You would think. If they don't they get gig reports from me :). ciao, der.hans -- # http://www.LuftHans.com/http://www.PhxLinux.org/ # "Lie detector eyeglasses perfected: Civilization collapses." # -- Richard Powers--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How RedHat Backports Vulnerability Fixes
On 2015-06-12 10:43, der.hans wrote: Am 12. Jun, 2015 schwätzte Keith Smith so: I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. You would think. I don't think a lot of people understand how RHEL maintains it's packages. I know I did not for a long time. RedHat backports vulnerability fixes while maintaining the original version number. Here is a great explanation : https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Thanks for the link! I've mostly understood it, but it's good to have a handy official reference to point people at. ciao, der.hans --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How RedHat Backports Vulnerability Fixes
Am 12. Jun, 2015 schwätzte Keith Smith so: I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. I don't think a lot of people understand how RHEL maintains it's packages. I know I did not for a long time. RedHat backports vulnerability fixes while maintaining the original version number. Here is a great explanation : https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Thanks for the link! I've mostly understood it, but it's good to have a handy official reference to point people at. ciao, der.hans -- # http://www.LuftHans.com/http://www.PhxLinux.org/ # The Internet is the front line of the battle # to protect our freedom. -- Nathaniel Borenstein--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How RedHat Backports Vulnerability Fixes
Am 12. Jun, 2015 schwätzte Keith Smith so: I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. I don't think a lot of people understand how RHEL maintains it's packages. I know I did not for a long time. RedHat backports vulnerability fixes while maintaining the original version number. Here is a great explanation : https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Thanks for the link! I've mostly understood it, but it's good to have a handy official reference to point people at. ciao, der.hans -- # http://www.LuftHans.com/http://www.PhxLinux.org/ # The Internet is the front line of the battle # to protect our freedom. -- Nathaniel Borenstein--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How RedHat Backports Vulnerability Fixes
Am 12. Jun, 2015 schwätzte Keith Smith so: I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. I don't think a lot of people understand how RHEL maintains it's packages. I know I did not for a long time. RedHat backports vulnerability fixes while maintaining the original version number. Here is a great explanation : https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Thanks for the link! I've mostly understood it, but it's good to have a handy official reference to point people at. ciao, der.hans -- # http://www.LuftHans.com/http://www.PhxLinux.org/ # The Internet is the front line of the battle # to protect our freedom. -- Nathaniel Borenstein--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
How RedHat Backports Vulnerability Fixes
I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) scans seem to always see the server as vulnerable. I've have to submit for a review since the server is not really vulnerable. I don't think a lot of people understand how RHEL maintains it's packages. I know I did not for a long time. RedHat backports vulnerability fixes while maintaining the original version number. Here is a great explanation : https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Keith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss