from:"Andrew C Aitchison"

Re: Fix Linux Login Loop

2021-12-07 Thread Andrew C Aitchison


On Mon, 6 Dec 2021, Khaled Ali wrote:


My linux is stuck in a login loop when trying to enter my desktop.
When I login, the screen gets black and soon after that the login screen comes 
back.


Which version of linux - SL7, SL8 or Fedora ?
Do you know whether you are running X or Wayland ?

You should be able to get a console - text only - login by typing
ctrl-alt-f1
(you need to press them in that order, but hold ctrl and alt
while you type f1).

There may be clues in logfiles like
/var/log/X11/Xorg.0.log
especially lines with (EE), and
~/.xsession-errors

Clues are likely to be towards the bottom of these files.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: nxserver: no access to display X via network "-nolisten tcp"

2021-11-14 Thread Andrew C Aitchison


On Sat, 13 Nov 2021, Ekkard Gerlach wrote:

Sorry, my customer is bound to SL 6.10, a medical programm is only supported 
under 6.10 (and ubuntu 20.04)


Ubuntu 20.04 is an LTS version, in long-term support until ...
mainstream April 2023, extended security maintenance April 2030.

I would see when the medical program will be supported on Ubuntu 22.04
(the next Ubuntu LTS version, due out next spring) and move to Ubuntu 
20.04 or 22.04.


, a new server was just installed 2 months ago 
for 25 linux workstations (XDMCP linux clients, Win10 with NX ). Thats the 
server for next 5-7 years!! No update possible, special features for 
userfriendly communication with medical server in internet only supported 
under 6.10. , NOT 7.x , 8.X!!





Once again: who has idea why nxserver 3.2.0-74 is locked/ blocked?


I see you are using
xhost +
Even in SL6 that was considered very insecure.
Could you/they switch to xauth security instead ?

If you are using heavy graphics and need GPU, DRI or OpenGL you may be 
stuck with NX, but otherwise I would consider switching to using VNC

for the display connection.
Oh, I see that NX supports VNC clients; I would try that, perhaps in 
windowed mode if that suits your use, rather than having the whole 
desktop sesson on the medical server.



Am 13.11.21 um 21:08 schrieb Nico Kadel-Garcia:

On Sat, Nov 13, 2021 at 2:22 PM Ekkard Gerlach  wrote:

Hello,

using SL 6.10, nxserver 3.2.0-74 .

Stop there. Update to SL 7 if you expect contemporary tools to work or
continue to work: the underlying RHEL 6 from upstream  The final
release of RHEL 6 was more than 3 years ago.

Nico Kadel-Garcia


root@arthur:~# export DISPLAY=10.0.0.9:1002.0
Sie haben neue Post in /var/spool/mail/root.
root@arthur:~# xterm
Warning: This program is an suid-root program or is being run by the root 
user.

The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm Xt error: Can't open display: %s

but:
root@arthur:~# export DISPLAY=:1002.0
root@arthur:~# xterm
Warning: Cannot convert string "nil2" to type FontStruct
xterm: cannot load font 
-misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1


works!!  (xhost + is in autostart of every user).


Why not accessible viel IP/ network? Only accessible local? What is locked 
on scientific?



example:

--pc44  30755  0.0  0.4 180096 120300 ?   S10:00   0:10   _ 
/usr/libexec/nx/nxagent -persistent -D -name NX - pc44@arthur:1002 - 
DavidX (GPL Edition) -option 
/home/pc44/.nx/C-arthur-1002-27736AF6397123CD7F3F645BCA8E28A4/options 
-nolisten tcp :1002



nxstarts with "-nolisten tcp". Where is that set? - In 
/etc/nxserver/node.conf:


#AGENT_EXTRA_OPTIONS_X="-nolisten tcp"   #is commented out!!

When  I modify it to

AGENT_EXTRA_OPTIONS_X="-listen tcp" # nolisten -> listen!

Then nxserver doesn't allow any login, aborts with error message

Error: Aborting session with 'Unrecognized option: -listen'.


anybody here can help?

Some security policy on SL 6.10 that forces nxserver to "-nolisten tcp" ?

Or: who or what forces to start nx with "-nolisten tcp" although its not 
commented in in node.conf?



tia

Ekkard




--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Need to add ftp to SL 6 machine

2021-11-04 Thread Andrew C Aitchison


On Thu, 4 Nov 2021, Larry Linder wrote:


Thank You all.
I have a copy of the .iso disk on box.
Once I had a clue I was able to install the vsftpd rpm
Archive manager works pretty nicely.


Hmm. I guess that the version on the .iso will be older than 
the one in the obsolete directory.

Especially with a server such as vsftpd, it would be worth
checking that you use the rpm with the most up to date
security fixes ...

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Fermilab/CERN recommendation for Linux distribution

2021-10-28 Thread Andrew C Aitchison

On Thu, 28 Oct 2021, Götz Waschk wrote:

Am 28.10.21 um 15:41 schrieb Troy Dawson:

On Thu, Oct 28, 2021 at 4:56 AM Götz Waschk <mailto:goetz.was...@desy.de>> wrote:

Am 26.10.21 um 04:27 schrieb Patrick J. LoPresti:
 > On Mon, Oct 25, 2021 at 5:45 PM Nico Kadel-Garcia
mailto:nka...@gmail.com>
 > <mailto:nka...@gmail.com <mailto:nka...@gmail.com>>> wrote:
 >  >
 >  > It's getting harder.
 >
 > Singularity containers for CentOS 8 (and latest Ubuntu etc.) work
fine
 > on SL7, for now. Of course this is not a long-term solution, since
 > "kernel too old" will surely crop up eventually.
I just like to add that this has already happened to me with an Ubuntu
20.04 LTS container running on
SL7:

[wgs34:U20] ~ % gnuplot-qt
gnuplot-qt: error while loading shared libraries: libQt5Core.so.5:
cannot open shared object file: No such file or directory

... snip...
That doesn't have much to do with the container running on SL7, and more 
that your gnuplot-qt was compiled on a different qt5 than is in the 
container.

Without more details I couldn't exactly say more than make sure your 
gnuplot-qt and qt5 libraries in yoru container are up to date.

Hi Troy,

it is related to the SL7 kernel. The container contains a standard Ubuntu 
20.04 LTS installation with the default gnuplot package. The problem 
disappears when I run the same singularity container on AlmaLinux 8.4 or 
Ubuntu 18.04 LTS.

The practice of containers seems to be to make them fast and lightweight 
by using host libraries as much as possible, which is not compatible with

portability.

This problem is not caused by what I would call "the SL7 kernel".
Have containers hijacked the word "kernel" to mean something like
"the assumed base system including common libraries" ?

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

No longer Re: Fermilab/CERN recommendation for Linux distribution

2021-10-25 Thread Andrew C Aitchison



To add the opinion of a third Andrew:

I couldn't possibly move to a system where I have to use
the keyboard to copy and paste between windows :-)

(Thank goodness Wayland was persuaded to keep that feature.)

On Mon, 25 Oct 2021, Andrew Komornicki wrote:


Hi,

 I wholeheartedly support such a move.  These long threads have no
basis in reality.  Frankly they have as much purpose as counting the
number of angels on the head of a pin.  Quite some time ago, as a
scientist I stopped at SL 6.9.  If need be I have all of my code
development tools, and am quite happy.

For my daily needs, I continue to use Windows.  Yes, I use Firefox as my
browser and Thunderbird for my mail.  A long time ago I installed the
GNU tools for Windows and that helps a great deal.  My editor is still
Vi, or VIM for the more modern versions.  Some of my colleagues use
Emacs and that also works very well under Windows.  A command line
window is my main interface for all of my work.  Am not willing to swing
at windmills and need to get on with life.

regards,
Andrew



On 10/25/2021 8:13 PM, Andrew Z wrote:

Yeah, this linux isï¿½ a nonsense... just migrate to windows already. And
the bright future is there for you.


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: google-chrome

2021-10-23 Thread Andrew C Aitchison


On Fri, 22 Oct 2021, Stephen Isard wrote:


For the past couple of days, I've been getting

--
/etc/cron.daily/0yum-daily.cron:

Failed to check for updates with the following error message:
Failed to build transaction: google-chrome-stable-95.0.4638.54-1.x86_64
requires libc.so.6(GLIBC_2.18)(64bit)
--

Disabling the google-chrome repo makes the error message go away, of course,
and lets check-update proceed.  But is this the end of the road for chrome
updates on SL7, or is there some reasonably straightforward work-around?


I had a similar problem with SL6. IIRC I found (or built?) a copy
of the missing GLIBC, hacked up an rpm which put it somewhere that
the chrome binary could find it and provided what was required.
Not completely straight-forward though.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

RHEL4 - was Re: DHCP won't let me connect to the internet

2021-09-24 Thread Andrew C Aitchison

On Thu, 23 Sep 2021, Andrew Z wrote:

...more than 10 years ago...

I just had a momentary heart attack...

no way !it was not 10 years ago! It was.. yesterday... fine.. maybe a few
months ago... cant be 10 years ago!!

According to https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_articles_75653=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=11eeNqB0sL73Uz0ER21_8IGgqZ0gEzYnezaBic1i2uM=AOj-GRSTimurfEUyjJMMXpU0rAU87e-Jg77veptv6K8=
On March 01, 2012, all Red Hat Enterprise Linux 4-based products listed

below will transition from the Full/Maintenance Phases to the Extended
Life Phase:

So it isn't quite ten years since the end of the maintenance phase ...
just nine and a bit more than half :-)

On Thu, Sep 23, 2021, 22:02 Nico Kadel-Garcia wrote:

On Thu, Sep 23, 2021 at 8:54 PM Montague Bestes
<1024f7089807-dmarc-requ...@listserv.fnal.gov> wrote:

Greetings,

I have Scientific Linux release 4 Beryllium, on Dell studio slim

desktop. I use a android phone with USB tethering and a hard cable. The
phone seems to recognize the command and responds, indicating a successful
connection, but unable to browse. Multiple dhcp requests are sent out but
none returned.

Backup and upgrade the Scientific Linux, immediately, or replace the
hardware with a new system. Support for that operating system ended
more than 10 years ago. Do *not* expect it to work reliably with
modern peripherals. Replacing that system will be much faster, and

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: customize Xsetup_0 , file is not executed

2021-08-03 Thread Andrew C Aitchison


On Tue, 3 Aug 2021, Ekkard Gerlach wrote:



Am 03.08.21 um 13:04 schrieb Andrew C Aitchison:

On Tue, 3 Aug 2021, Ekkard Gerlach wrote:


Hello,

/etc/X11/xdm/Xsetup_0 inÃ?Â  is NOT executed, what could be the reason? I 
inserted on top of file


echo "hello123" > /tmp/test123
and the file is not created! Who can help?


I'm managing SL 6.10, its deprecated I know, but no way arround, its 
server of a customer


Finally I want to start x11vnc in Xsetup_0, like I am used to do it in 
Suse-Installations with /etc/X11/xdm/Xsetup , the it works perfectly sind 
15 years. Now my first contact to SL/ RedHat.


Background: red hat tells that Xsetup_0 is for customizing login: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2Dus_red-5Fhat-5Fenterprise-5Flinux_6_html_deployment-5Fguide_s2-2Dx-2Drunlevels-2D5=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=FzQidEJ4_tyOpfrm9kxOLH_kfZZcz_swssRrQu-WlI0=k7QNNvmJ93Rn99wd0Z1pZBkkx6TwNa1xBiPJA4NMBAE= 

Xsetup_0 is the right file to do customizations in red hat, here a 
comparison of Suse and Red Hat:  https://urldefense.proofpoint.com/v2/url?u=https-3A__virtualgl.org_vgldoc_2-5F0_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=FzQidEJ4_tyOpfrm9kxOLH_kfZZcz_swssRrQu-WlI0=YixEiCS5nZ03PM7w2lW9Heisf9Ly4cGDtVpudN1vk8k= 



I still have a Scientific Linux 6 "virtual machine" (actually a chroot
"container") so I may be in a better position to help than most.

Are you using display :0 and display manager xdm (not gdm or kdm) ?


I just detected one big bug on my side: gdm is *not* using xdm! They are 
different. (you ask the same)


Thats why gdm does not care about Xsetup_0 , the file belongs to xdm!

Then I searched the aquivalent for gdm: and I found /etc/gdm/Init/Default : 
https://urldefense.proofpoint.com/v2/url?u=https-3A__tldp.org_HOWTO_XFree-2DLocal-2Dmulti-2Duser-2DHOWTO_automation-5Flogin-5Fscreen.html=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=FzQidEJ4_tyOpfrm9kxOLH_kfZZcz_swssRrQu-WlI0=mi6C5sU64FWHNTH5-dSb60hJmjxXG6CKi7xKEs8xUoM= 


On my SL 6.10 there is neither a "Init" directory no "Default".


Odd. My SL6.10 has /etc/gdm/Init/Default - from gdm-2.30.4-69.el6
# ls -Z /etc/gdm/Init/Default
-rwxr-xr-x. root root system_u:object_r:bin_t:s0   /etc/gdm/Init/Default

Might be worth reinstalling the gdm package.

I created 
Init directory, then created a "Default", with bash script inside that makes 
that echo "Hello">/tmp/test123.txt


But /etc/gdm/Init/Default is not executed/ used, I chmod +x , but does not 
help.


Then I detected a registered bug, that "Default" is not used due to selinux 
policy: https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.redhat.com_show-5Fbug.cgi-3Fid-3D851769=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=FzQidEJ4_tyOpfrm9kxOLH_kfZZcz_swssRrQu-WlI0=gkRfClTL54zjgEKvfpRDaCgxz8tG_q6IJsumHTTxMCM= 


Can you help me for next steps?


Reading that bugzilla, I think that they did find a fix (at comment 9)
chcon -Rt bin_t /etc/gdm/Init
but SELinux (RH's equivalent of apparmor) kept changing with newer
versions of Fedora.
If you can try permissive mode in /etc/selinux/config (IIRC you need to 
reboot after changing it) that should bypass theisue and give you better 
diagnostics.


Do you/your client need to do this for all users ?
If not you could add your X11vnc command to $HOME/.Xclients

As the system isn't going to change now, you could modify
 /etc/gdm/Xsession which is a symlink to /etc/X11/xinit/Xsession

I haven't run the X server or xdm/gdm on my SL6 VM/container
and I am not sure how, since I don't actually boot it
(I just chroot the image and run X clients on the host display.

Do you need both the hardware display and the VNC mirror,
or could you just run a standalone VNC server ?

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: customize Xsetup_0 , file is not executed

2021-08-03 Thread Andrew C Aitchison


On Tue, 3 Aug 2021, Ekkard Gerlach wrote:


Hello,

/etc/X11/xdm/Xsetup_0 inÂ  is NOT executed, what could be the reason? I 
inserted on top of file


echo "hello123" > /tmp/test123
and the file is not created! Who can help?


I'm managing SL 6.10, its deprecated I know, but no way arround, its server 
of a customer


Finally I want to start x11vnc in Xsetup_0, like I am used to do it in 
Suse-Installations with /etc/X11/xdm/Xsetup , the it works perfectly sind 15 
years. Now my first contact to SL/ RedHat.


Background: red hat tells that Xsetup_0 is for customizing login: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2Dus_red-5Fhat-5Fenterprise-5Flinux_6_html_deployment-5Fguide_s2-2Dx-2Drunlevels-2D5=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=9FJox_aLoPfQINwEp2m1q_XA0dlYWGQqyQp5v3pYyjY=HQydlhySMzg7GK5gDhmC-TkmQxj3WqdqGf9IeBJXqTY= 

Xsetup_0 is the right file to do customizations in red hat, here a comparison 
of Suse and Red Hat:  https://urldefense.proofpoint.com/v2/url?u=https-3A__virtualgl.org_vgldoc_2-5F0_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=9FJox_aLoPfQINwEp2m1q_XA0dlYWGQqyQp5v3pYyjY=JwhK8skHanCxyhe9mnsLwg3QdTRbLdxfRkicQU9KPVs= 


I still have a Scientific Linux 6 "virtual machine" (actually a chroot
"container") so I may be in a better position to help than most.

Are you using display :0 and display manager xdm (not gdm or kdm) ?

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: [SL-Users] Re: any update on CERN Linux and CentOS-8 situation?

2021-05-05 Thread Andrew C Aitchison


On Tue, 4 May 2021, Yasha Karant wrote:

I fully concur -- a clear statement of a concern about the source and any 
authentication/pay-walls limiting access to that source.  I assume that the 
official rebuilders other than SL have paid the necessary fees to download 
the real, actual, production IBM RH EL buildable source as referenced below, 
currently at
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_downloads_=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=XlwZHatfU9lTVBkqWjIVraTktof8jaVDXPjoOzkoFGs=TX6gLDMRLMZ6f49TN5nbIEbiojZosZn3xgi4HyfiuR0= 
.
I do not have access -- but I assume that both Rocky and AlmaLinux have 
purchased the necessary access license.  I have not attempted to get a "dev" 
IBM RH license that supposedly is at no cost -- has anyone done so and down a 
full buildable source download?



From what I have seen on the EPEL mailing list, I think there are a few

bits missing. In addition to the code available with a devel licence
(which includes a "CodeReady Linux Builder" repo) in order to build 
CentOS the team had to get hold of a number of -devel packages on a 
case-by-case basis
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedoraproject.org_archives_list_epel-2Ddevel-40lists.fedoraproject.org_message_P2DGC5KRDHT2JNGFGJEH3IZ24WTBIH4D_=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=XlwZHatfU9lTVBkqWjIVraTktof8jaVDXPjoOzkoFGs=mPXFT8k9V2llxcjZMZ7XqyZXftuuZCcGUUY83jAntOs= 


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

c++17,17,20... - was Re: [SL-Users] Re: any update on CERN Linux and CentOS-8 situation?

2021-05-04 Thread Andrew C Aitchison


On Tue, 4 May 2021, Konstantin Olchanski wrote:


- first slide of "distribution landscape" is nonsense,
with everybody stuck with el7 for another 3 years and
bye, bye, c++14, c++17, c++20.


Is Red Hat Developer Toolset 10
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2Dus_red-5Fhat-5Fdeveloper-5Ftoolset_10_html_10.0-5Frelease-5Fnotes_dts10.0-5Frelease-23Changes-5Fin-5FDTS=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=Chv7ZrLnQII3dvv1o48KTg7YAxT9SNUUCkOkflNOCd4=bZUlWtCI03IJ95QWY-_DTkmqMdwOzXq8PVBkiR1dZLM= 
not an option ?


(OK, C++20 support in g++ 10.2.1 is "experimental).

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Code bias video, watch it ASAP

2021-04-18 Thread Andrew C Aitchison


On Sun, 18 Apr 2021, Nico Kadel-Garcia wrote:


The movie is very strong on "feels", very poor indeed on data.

A much better article, with far less "feels"

 ^^
Is that a deliberate example of the bias in the video ?

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

sudo - was Re: FWIW: AlmaLinux now available.

2021-04-07 Thread Andrew C Aitchison


On Tue, 6 Apr 2021, Yasha Karant wrote:

 The major issue I find is that everything at the system level is sudo 
-- however, for Ubuntu, I have found the fixes so that I can become root and 
do what I need both from a text interface and a GUI interface.


I find sudo on Ubuntu much easier to use than sudo on SL6.
By default on Ubuntu you can run succeccive sudo commands without
reentering the password each time.
I never figured out how to do that with SL.

When I need to use pipes or redirect stdin and stdout as root,
a simple "sudo bash" first solves those issues.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

RHEL 9 ?

2021-01-26 Thread Andrew C Aitchison


On Tue, 26 Jan 2021, Fait, James F. wrote:


as it was evident that the large company was not interested in the
small research community that was using the hardware to solve
problems that they were never going to make any money on.
I see the same thing happening with RHEL, and I doubt seriously that
there will be a RHEL 9, as IBM will not see it as in their interest
to develop it.  Time to move on.


https://urldefense.proofpoint.com/v2/url?u=https-3A__app.community.engage.redhat.com_e_er-3Fs-3D17900033-26lid-3D2318-26elqTrackId=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=qV8CCGQyFiPng2RnnLNz1_stptB75oWIxXpp9S2Sv4g=hDxjQH3Af2JNUJ-I79Hinn-s5oro-DUWfUuD99JGmaM= 
=afa8068f0af74352991aacaa6ef81bdf=254c98cc861f43f1824d551183aa6dfc

d=451=
discusses the x86_64 microarchitecture(s) which RHEL9 will support,
so they are working on it, even if it never sees the light of day.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Rhel 8

2021-01-25 Thread Andrew C Aitchison


My reminisces and tuppence-worth:

On Sat, 23 Jan 2021, ~Stack~ wrote:

One thing people tend to overlook in these conversations is that systemd was 
clearly not meant to help SysAdmins - the fact that does is a by product. The 
point was to help system builders and integrators. EG: the people building 
the distro that others use; the ones who try to make all of the sub-services 
play nice with each other so that the end user can just click around on a 
mouse.


You can think of SystemD as the the low level communication of services that 
not a whole lot of people (developers nor users) want to do but everyone who 
uses a desktop or server depends on to work- it's at the integrator level 
where SystemD starts to shine. It helps a lot of the underpinning 
communications where most users don't ever dare to tread. Those dark tunnels 
where experienced SysAdmins have their eyes gloss over at the dread they 
encountered upon their last traversal.

Those places.


Because getting all the services to talk to one another is incredibly 
difficult. Speaking as someone who used to do a bunch of dbus level 
programming to get services to talk to each other, the old InitV methods 
sucked. It was painful. And every time there was a new service that did 
things differently, it made my work harder. I particularly recall in ~2008 
tracing out an issue with a kernel notification to a network card that caused 
Pidgin to flip out and spam the dbus to the point of crashing other 
completely unrelated services because of a custom plugin...gah...I was down 
reading hex code off the kernel processes to figure that out...and it still 
gives me wake-up-screaming-nightmares...But all the users knew was that their 
music player would cause a kernel panic - they had no idea it was even a 
plugin on Pidgin that was doing it because why would Pidgin (a chat program ) 
care if a music file was played? And what did that have to do with crashing 
the kernel?


I wish I had read something like this at the time.
It would have given me a better idea of what systemd was about.

I'm somewhat old school (I am still using twm as my window manager* over a 
decade later) so I don't know why anyone would want this new-fangled DBus
thing that, as you say, lets a chat program addon cause a music player to 
crash the kernel.


For release after release we had to hack/patch an init script.
IIRC this was Red Hat 4 and 5, and I don't remember all the details, 
so what follows may be a little off: We had to make ypbind run on
a fixed port so that nfsd didn't fail because something else had 
grabbed the port first (or was it the other way around ?)


With that experience I wont believe you if you tell me that a complex
C program handling lots of signals and processes is safer than a shell 
script. I know which one I can hack sucessfully and have enough smarts

to consider whether what I did was secure.

From what yo say, systemd might have been the right answer to my 
original problem, but if Red Hat couldn't get around to fixing the 
nfsd/ypbind conflict, could I expect them to make code 10 times

(or maybe a 100) more complex any more reliable ?

By the sound of it Larry Linder, who started this discussion, finds
that chat programs and music players don't help the productivity
 of his machine-tool shop either. If D-Bus is a problem why would
he want a complex system that appears to exist to allow it ?

* No, I do not want a "desktop environment". My windows were either
firefox or xterm's sshd into other machines - sometimes a hundred,
fired up in batches of twenty.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: CentOS 8 EOL; CentOS Stream?

2020-12-08 Thread Andrew C Aitchison


With my conspiracy-theory hat on, I suspect the timing of this
announcement, a week after the demise of the much-loved RHEL6.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Migrations to other linux distro

2020-11-08 Thread Andrew C Aitchison


On Sat, 7 Nov 2020, Yasha Karant wrote:

I have configured the machine with MATE from Ubuntu, and installed all of the 
utilities I had used on SL plus some that seemingly were not available for SL 
7.  Naturally, yum, yumex, etc., are replaced by various apt utilities, but 
the functionalities, if not the actual CLI commands or GUI steps, are 
equivalent.



The only peculiarities I have found to date are that unlike SL, LTS assumes 
that everything must be done via sudo.  As I prefer both su and an Xwindow 
GUI root screen, I had to modify some of the LTS configuration files to do 
this, but it is quite simple (in the current LTS).  Both of these 
functionalities now work.


When I moved to LUbuntu I noticed this too, but found that sudo on ubuntu
does not require the password if it has been run recently in that shell,
which makes sudo on ubuntu much more user friendly than sudo on RH/SL.

 It has also been stated than 
unlike SL, LTS allows for upgrade-in-place to the next major LTS production 
release.  The caution for this procedure is to nonetheless backup all 
non-distro directories and files to an external device so that things can be 
retrieved if something were to go awry.


Given that a new Ubuntu LTS release comes out every two years, I was 
surprised to find that it dated more quickly than SL and I have found 
myself moving from LTS to the standard release for my home machine.

Upgrade-in-place between standard releases does work.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: cloning epel 6

2020-10-13 Thread Andrew C Aitchison


On Tue, 13 Oct 2020, Teh, Kenneth M. wrote:


Hello Nico,

I'm under the impression you maintain the epel repos.
If I'm not mistaken, do you have instructions for cloning them?
I'm interested in preserving SL6 and EPEL6 beyond their EOL to
use for creating container images.

Have cc'd to SL list in case this gets routed to your junk folder.


epel-de...@lists.fedoraproject.org
is probably the best place to ask this.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Recovering root password

2020-06-23 Thread Andrew C Aitchison


On Tue, 23 Jun 2020, Konstantin Olchanski wrote:


On Tue, Jun 23, 2020 at 10:49:48AM +0200, Elio Fabri wrote:

Hi all,
I need help (at lest a link) as to how to recover my root password.
I'm using SL6.2. The password I remember by heart is no longer
accepted, neither for the su command nor for sudo.
Thx


While you cannot "recover" the root password, if you have physical access
to the machine, you can bypass it, login as root and reset the password:
remove the boot disk from problem machine, attach it to a 2nd computer,
mount the root partition, go to root/.ssh and install your ssh key. unmount,
reassemble problem computer, boot, ssh into root, done. While the boot disk
is mounted on the 2nd computer, in addition to installing the ssh key,
you can also reset the password (edit /etc/shadow) or setup "sudo" for
password-less "sudo root" (recent Ubuntu are setup this way, you never actually
use the root password to login into root).


If you remember the BIOS password, or never set one,
you can boot from an install or rescue disk/memory stick,
and do that "second computer" stuff without moving the
disk to another machine.


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: After 6.10 update - SAMBA - broken

2020-06-21 Thread Andrew C Aitchison


On Sat, 20 Jun 2020, Nico Kadel-Garcia wrote:


On Thu, Jun 18, 2020 at 11:14 AM Larry Linder
<0dea520dd180-dmarc-requ...@listserv.fnal.gov> wrote:


We liked how samba allow us to connect all systems.  Now even the Win 8
and 10 machines do not see any of the other systems. They all see the
other win machines but none of the linux machines.  On systems that are
running VMWare the win machines can see VM.  I also found out that a
number of BeagleBone Black on the network were running smb and were
visible.  Last Saturday for an hr or so the smb network was running and
I could access everything.  I resarted smb on the server and it all went
away.

I shut down all the devices on the network except for 1 Win 8 box and 1
SL 6.10 box.  Nothing.


Stop there. Seriously. Stop using SL 6.10 as a server, the base
operating system is 10 years old, the Samba is tremendously out of
date and the client hosts you expect to play nicely with it have real
differences in their CIFS behavior. If you have lightweight content to
share from the old SL 6 environments, NFS share it to an SL 7 or SL 8
and run Samba there.


Nico, If I understand correctly the clients for this SMB
service are *old* windows machines, running XP at the latest.

Larry, If I am wrong and the historical apps are running on SL6,
I would recommend moving them to some sort of container - singularity
is the one I have used. This way the apps see an SL6 environment *and*
the filesystem of the host (eg SL7) machine.
Yes it will be a pain to print to file in a container window,
then print the file from a host window, but there are ways around that.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Scientific Linux 6 status after November 2020

2020-06-11 Thread Andrew C Aitchison


On Thu, 11 Jun 2020, Larry Linder wrote:


We looked at the end of life for sl 6 as 2024 and thought it gave us a
lot of time to find another linux or BSD that we could use.


RHEL 6 goes into Extended Life Phase after 30 November 2020
	https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_articles_4665701=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=xdsq_-yfxyv4u436QPzTlvoboJre6--0C8ZP78G418g=pimS4u5lwVfKTsON_KPYTjuabklN_5czx7WraQgEGss= 
which means that Red Hat customers/licencees will have to purchase
Extended Life Cycle Support (ELS) Add-On subscription to continue to 
receive limited software maintenance and (most) technical support.


I imagine that SL6 support will be difficult to maintain in the
present manner once there are no longer updates from Red Hat
(although I suppose the GPL might allow a licencee to make the source 
available ...).


What are the plans for SL6 after Nov 2020 ?

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Mate for CentOS 8

2020-05-21 Thread Andrew C Aitchison


On Thu, 21 May 2020, Larry Linder wrote:


So the world will migrate to a Chinese tablet or telephone and computers
for industrial and engineering will disappear.  If you look at the
slippery slope we will slip back into the dark ages of DOS and Assembly.
There will not be enough of market for engineering and scientific
computers to make the high volume low cost possible.


I've been fearing that since I heard that Dell had a line of 
cloud-optimised servers.



So much for negative stuff.
A university group or government lab in the US should offer a New SL and
maintain it.  The gate keeper should keep it in US English.  And please
no more cheese Icons.


For those of us outside the US it isn't a given that a US base
is in our best interests. For one thing that suggests that it will
be commercial: SL only worked because it had a commercial product
(RedHat) behind it.

The strongest reason for us in the UK to want US rather than say German, 
is indeed the language (though I wonder whether the US will turn to

Spanish ...)

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Snaps

2020-04-25 Thread Andrew C Aitchison


On Sat, 25 Apr 2020, Nico Kadel-Garcia wrote:


On Sat, Apr 25, 2020 at 1:38 AM Yasha Karant  wrote:


Does anyone know how secure (safe, not malware, spyware, etc.) is Snaps?
Please see below.  Certain applications that are not available for EL but
from other distros, particularly Ubuntu, evidently can be installed via
Snaps.  Epel is a standard EL repo, but Snaps is not.



Never heqrd of them. This does not bode well. "Containerized packages"
hints that they're docker based and will "solve packaging" sounds like...
somebody reading Ayn Rand, or Karl Marx, and htinks they learned economics.
Having actually packaged and configured various software, I'm deeply
usspicious that they did the easy part and sell that.


I tried snaps briefly on a home Ubuntu (19.04 IIRC) machine.
I don't remember whether then were docker or singularity, but 
they definitely were containers and each "package" was a file that

was (loop-back?) mounted under /snap (or /snaps).

However I had to abandon them almost immediately as they didn't
support my particular home directory. For possibly good reasons
homedirs have to be /home/ and not symbolic links.
(For reasons of dual boot and having added a second disk my home dir was a 
sym-link).
That struck me as a potentially significant limitation for institutional 
use: in my experience automounters often result in sym-linked homedirs.


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Red Hat on the Desktop - was Re: Calibre current

2020-01-30 Thread Andrew C Aitchison


On Thu, 30 Jan 2020, ONeal, Miles wrote:


Andrew,

On what do you base the following statement?

| Yes it has a GUI user interface, but RHEL is becoming a server distro ...


OK, that was a bit flippant.
I should have been more careful and said something like
 "Red Hat, like Microsoft, is focusing more on more on its server customers".

When I first installed Red Hat in 1995 it was aimed at individuals
running it on desktop PCs - there weren't many servers (though some).
When I last looked at a major upgrade for my home desktop machine
the RHEL8 marketing pages were all about clouds and containers and very 
little about the desktop.

Now I get emails from Red Hat every week, or more often, about Kubernetes,
containers and how to write micro-services for clouds.

About five years ago the team I was in migrated several hundred desktop
users from SL6 to Ubuntu. I cannot see that we would switch these users 
back to RHEL8 or CentOS8 now.


Those thoughts were behind my somewhat inaccurate statement.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Calibre current

2020-01-30 Thread Andrew C Aitchison


On Thu, 30 Jan 2020, Yasha Karant wrote:


I attempted to upgrade Calibre to the current production release.  It
fails to run (I can post my question) but the response given is:

SL7 is based on RHEL7 and uses GCC 4.9 (see
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_solutions_19458=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=1me5NqePA0PdEu-G-UwbXmUVG-wO5NifrsZflDEvp60=ZQQ8bCU6Dc5LF0Q2PJXRyBkqwama6JCIqD4DroytPgQ= 
).

Solution?: wait for RHEL8, install a proper desktop linux distro or
follow  https://urldefense.proofpoint.com/v2/url?u=https-3A__developers.redhat.com_blog_2...gcc-2D8-2Dclang-2D6_=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=1me5NqePA0PdEu-G-UwbXmUVG-wO5NifrsZflDEvp60=Kn0RrukDvwQB6OTZ7mJ3CfSmzcxn_nmZ6GdJa9zVKUM= 


End quote.

I always thought that SL was a proper desktop (user interface GUI)
Linux, and not just Debian/Ubuntu derivatives or SUSE.


Yes it has a GUI user interface, but RHEL is becoming a server distro ...


Calibre needs RuntimeError: Failed to load icu with error:
/lib64/libstdc++.so.6: version `CXXABI_1.3.8' not found (required by
/opt/calibre/lib/libicui18n.so.64)


I'm running SL6 and Ubuntu19... so don't know the exact details for RHEL7 
but the softwarecollections repo should have a devtoolset-8-gcc package
(or more likely a set of packages) with a with suitable compiler and 
runtime.

IIRC they also have a clang compiler.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: Problems with xorg-x11-server-Xorg-1.20.4-7.el7

2019-09-27 Thread Andrew C Aitchison

On Fri, 27 Sep 2019, MAH Maccallum wrote:

I am still having repeated failures with this (using MATE as my
desktop). It creates many directories in /var/spool/abrt and a
massive /var/spool/mail/root file unless I clear those at short
intervals.

Can anybody suggest a reason/cure?

Xorg - your main display program keeps crashing.

Why ?
I would guess that a driver update doesn't play well with your hardware
- either your graphics "card" or trackpad are the most likely.
There could also be a mismatch between kernel and video driver.

I've never used abrt, but it exists to gather together the information
necessary to debug problems like this.

I would start with:
https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.fedoraproject.org_tools_abrt_about.html=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=XsIrcSez_VGLuHy_jGgXrYazHSxji0Zyu2dpSBLuO7I=EaKPT-pzJIcETldXTHwwJALwMCmRai9cg_9uQeI3TYM=

The detailed docs appear to be at:
https://urldefense.proofpoint.com/v2/url?u=https-3A__abrt.readthedocs.io_en_latest_=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=XsIrcSez_VGLuHy_jGgXrYazHSxji0Zyu2dpSBLuO7I=R_6x2BwDe9_3_EKOMZU2-Re5aUwJQSXMOV1KNUr94HU=

I don't know whether it would be safe to put one of these abrt files
or emails on the web for us to assist you* or whether they include
information which could be personal compromise security

(they sound too big to email to the list).

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

Re: issues with migrating to SL 7.6

2019-01-29 Thread Andrew C Aitchison

On Tue, 29 Jan 2019, S. Vergani wrote:

Dear Andrew,

uname -r reports "3.10.0-957.1.3.el7.x86_64".

Hmm.
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_articles_3078=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=AbMRfZpAeBgc2mCkl-KKhLfPwq-pKDQ3Kmztw69QJQ8=6Y0htdEMZXgU1hX9ivQzJnOY_WZIHsSGYEjzWJaki4s=
suggests that
that is an SL7.6 kernel.
I am not so sure that my guess was right after all.

What should I search/do in /boot/grub2?

I'm not really sure.

Many thanks,

Stefano

On 2019-01-29 11:42, Andrew C Aitchison wrote:

On Mon, 28 Jan 2019, S. Vergani wrote:

I am running scientific linux on a ThinkPad t440p. During the past 1.5
years, I have been experiencing the same apparently unsolvable problem
with SL 7.5. Every time I closed the pc without locking it or I tried to
restart it, the pc froze and the only thing to do was to force shut down.
I have been using GNOME classic but with any other desktop as well (I
tried them all) the problem persisted.

I upgraded yesterday to SL 7.6 and finally the issue disappeared. This
morning I started again the session and SL was back to 7.5. When I start
the session (I have windows 7 dual-boot) I can choose only between some
versions of SL 7.5 and windows. The aesthetics is then exactly as it was
with SL 7.5, but when I check which version I am running it shows SL 7.6.
The old issue came back and again it freezes every time.

Could someone help me with the matter? To summarize, the selections during
boot phase, the aesthetics, and the old issues of SL 7.5 are back, but I
upgraded to SL 7.6 and when I ask for the OS the output is

NAME="Scientific Linux"
VERSION="7.6 (Nitrogen)"
ID="scientific"
ID_LIKE="rhel centos fedora"
VERSION_ID="7.6"
PRETTY_NAME="Scientific Linux 7.6 (Nitrogen)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:scientificlinux:scientificlinux:7.6:GA"
HOME_URL="
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.scientificlinux.org__=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=AbMRfZpAeBgc2mCkl-KKhLfPwq-pKDQ3Kmztw69QJQ8=0p_l2ngWO-ICHkUpt4ussePioIS6DmwtZA0jZK0Hi4k=
BUG_REPORT_URL="mailto:scientific-linux-de...@listserv.fnal.gov;>>

REDHAT_BUGZILLA_PRODUCT="Scientific Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.6
REDHAT_SUPPORT_PRODUCT="Scientific Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.6"

What does
uname -r
report ?

I'm guessing that the update did not upgrade the kernel properly
(this is more likely sincx this is a dual-boot system)
and the boot loader is not looking for the kernel where the update
put the SL7.6 kernel, but found the old kernel from SL7.5.

I'm still on SL6 which uses grub as the boot loader;
SL7 uses grub2 which is sufficiently different that I can't really
say what you sould do to fix it; but looking in
/boot /boot/grub or perhaps /boot/grup2 may give you a clue.
- these directories will probably contain the new kernels,
not the ones which are actually being used.

You might even have a separate /boot partition, or had one before you
upgraded; that could confuse both you and the machine.

Sorry this is rather vague.

--
Stefano Vergani
Doctor of Philosophy Student
STFC Data Intensive Science Studentship Beneficiary
Department of Physics, Cavendish Laboratory
King's College, University of Cambridge

Re: issues with migrating to SL 7.6

2019-01-29 Thread Andrew C Aitchison

On Mon, 28 Jan 2019, S. Vergani wrote:

I am running scientific linux on a ThinkPad t440p. During the past 1.5 years,
I have been experiencing the same apparently unsolvable problem with SL 7.5.
Every time I closed the pc without locking it or I tried to restart it, the
pc froze and the only thing to do was to force shut down. I have been using
GNOME classic but with any other desktop as well (I tried them all) the
problem persisted.

I upgraded yesterday to SL 7.6 and finally the issue disappeared. This
morning I started again the session and SL was back to 7.5. When I start the
session (I have windows 7 dual-boot) I can choose only between some versions
of SL 7.5 and windows. The aesthetics is then exactly as it was with SL 7.5,
but when I check which version I am running it shows SL 7.6. The old issue
came back and again it freezes every time.

NAME="Scientific Linux"
VERSION="7.6 (Nitrogen)"
ID="scientific"
ID_LIKE="rhel centos fedora"
VERSION_ID="7.6"
PRETTY_NAME="Scientific Linux 7.6 (Nitrogen)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:scientificlinux:scientificlinux:7.6:GA"
HOME_URL="
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.scientificlinux.org__=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=a0amwAn6gauOoqL5j2vXdxFfTDRJFEhns9i6FkKaaeM=8CvDnyTcYae4a6uXNOdWjq9mNZ7DpGLmBWo9fBeu6Ws=
BUG_REPORT_URL="mailto:scientific-linux-de...@listserv.fnal.gov;

REDHAT_BUGZILLA_PRODUCT="Scientific Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.6
REDHAT_SUPPORT_PRODUCT="Scientific Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.6"

What does
uname -r
report ?

You might even have a separate /boot partition, or had one before you
upgraded; that could confuse both you and the machine.

Sorry this is rather vague.

--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: L1TF

2018-08-15 Thread Andrew C Aitchison


On Wed, 15 Aug 2018, Maarten wrote:


When are the kernel and microcode_ctll package updates coming out for SL?

https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_security_vulnerabilities_L1TF=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=LYs2gfTzw2eug3NkmYbYjAlw0Is8ysORqfAtZUhgo2g=bnNydGecmRBcY9ZeqVEeYwrNdiO2I6q8KIgvqrZkQyU=


SL has released the kernel updates.

The intel microcode was dropped from microcode_ctl in January; when Intel 
withdrew some microcode Red Hat suggested that users should get microcode

from the hardware vendors until things settled down.
Some intel microcode has reappeared, but not yet all.

Currently Intel makes the latest microcode available for Linux at

https://urldefense.proofpoint.com/v2/url?u=https-3A__downloadcenter.intel.com_download_28039=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=d81PuX-ca9yHRwR8_0D1PmZoObeT_rqIKdBccOzAs8Y=lZnbq0VQpWGZ8FcqImj94YtT3ayzgT7rbmgmiFxD2ZM=
- when a newer version is released, that page will be updated, with a link 
to the new current version.


--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: Where is CVE-2018-3665 patch for SL6?

2018-06-26 Thread Andrew C Aitchison


On Tue, 26 Jun 2018, Mike Ely wrote:


It's been a while since that was released (at least for Centos7) and I'm
wondering if there's a plan to release this for SL6 as well.


Basically, for RHEL/CentOS/SL 7 there is a simple fix, but for 
RHEL/CentOS/SL 6, Red hat will have to back-port some functionality.


https://access.redhat.com/solutions/3485131 says:
  RHEL-7 Mitigation

RHEL-7 defaults to (safe) "eager" floating point register restore
on Sandy Bridge and newer Intel processors, so is not affected.
AMD processors are not affected.
You can mitigate this issue on older processors by booting the kernel
with the eagerfpu=on parameter to enable eager FPU restore mode.
In this mode FPU state is saved and restored for every task/context
switch regardless of whether the current process invokes FPU
instructions or not.
The parameter does not affect performance negatively,
and can be applied without adverse effects to processors
that are not affected.

  RHEL 6 and earlier are impacted by this CVE and do not provide
  the eagerfpu parameter. Red Hat will be releasing updates
  which will change the behavior.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-3665
currently depends upon six other open bugs, but I don't
have access to see whether they cover RHEL6.

--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: SL6, GTK2 and Firefox 60esr

2018-06-07 Thread Andrew C Aitchison


On Wed, 6 Jun 2018, Andrew C Aitchison wrote:


Just a heads up for anyone running firefox on
Scientific Linux 6 (and RHEL6 plus other clones,
or other GTK2-based platforms).

Red Hat Enterprise Linux 6 uses gtk2 in firefox 52.8esr,
but I see from
 https://bugzilla.mozilla.org/show_bug.cgi?id=1278282
that Firefox 59 dropped the option to build with gtk2.

In https://access.redhat.com/announcements/3365141
Red Hat talk about plugins and addons with FF60 in RHEL6,
which suggests that they either aren't aware of the gtk2 issue
or have it under control. Two very different possibilities.


I had a reply from Red Hat to this on the mozilla enterprise list:
  https://mail.mozilla.org/pipermail/enterprise/2018-June/50.html
Martin Stransky said:
   We're going to ship gtk3 (on some form) for Firefox60 on RHEL6.
   That does not mean gtk3 will be generally available on RHEL6 (AFAIK).

... which is very good news.

Martin, thank you.

--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

SL6, GTK2 and Firefox 60esr

2018-06-06 Thread Andrew C Aitchison


Just a heads up for anyone running firefox on
Scientific Linux 6 (and RHEL6 plus other clones,
or other GTK2-based platforms).

Red Hat Enterprise Linux 6 uses gtk2 in firefox 52.8esr,
but I see from
  https://bugzilla.mozilla.org/show_bug.cgi?id=1278282
that Firefox 59 dropped the option to build with gtk2.

In https://access.redhat.com/announcements/3365141
Red Hat talk about plugins and addons with FF60 in RHEL6,
which suggests that they either aren't aware of the gtk2 issue
or have it under control. Two very different possibilities.

I guess it is time to migrate my main desktop off SL6 :-(

--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: qt-creator

2018-05-24 Thread Andrew C Aitchison


On Thu, 24 May 2018, etienne.baeu...@vetsuisse.unibe.ch wrote:


Hi all,

since the last updates I get the following message while trying to install 
qt-creator:

Error: Package: qt-creator-4.1.0-3.el7.x86_64 (epel)
  Requires: qt5-qtbase(x86-64) = 5.6.2
  Installed: qt5-qtbase-5.9.2-3.el7.x86_64 (@sl)
  qt5-qtbase(x86-64) = 5.9.2-3.el7

Qt has been upgraded with the last update to 5.9.2 but qt-creator depends still 
on 5.6.2?


You appear to be using the new qt5-qtbase from SL
but an older qt-creator from epel.


Can this be fixed?


Try asking
epel-de...@lists.fedoraproject.org

--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: Trouble with MySQL Server

2018-05-15 Thread Andrew C Aitchison


On Tue, 15 May 2018, Lofgren, Eric wrote:


Iâm running a SL 7 server thatâs being used for a couple data
projects using MySQL Server - which I confess I donât know much
about. Two have my students have both encountered errors recently,
either joining tables or just restarting MySQL Server, with the logs
reading things to the effect of:

2018-05-15T01:26:21.114290Z 0 [Warning] TIMESTAMP with implicit DEFAULT value 
is deprecated. Please use --explicit_defaults_for_timestamp server option (see 
documentation for more details).



2018-05-15T01:26:21.152895Z 0 [Note] InnoDB: Creating shared tablespace for 
temporary tables
2018-05-15T01:26:21.153010Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 
MB. Physically writing the file full; Please wait ...



2018-05-15T01:26:21.375361Z 0 [Warning] InnoDB: Retry attempts for writing 
partial data failed.
2018-05-15T01:26:21.375391Z 0 [ERROR] InnoDB: Write to file ./ibtmp1failed at 
offset 11534336, 1048576 bytes should have been written, only 643072 were 
written. Operating system error number 28. Check that your OS and file system 
support files of this size. Check also that the disk is not full or a disk 
quota exceeded.
2018-05-15T01:26:21.375406Z 0 [ERROR] InnoDB: Error number 28 means 'No space 
left on device'
2018-05-15T01:26:21.375410Z 0 [Note] InnoDB: Some operating system error 
numbers are described at 
http://dev.mysql.com/doc/refman/5.7/en/operating-system-error-codes.html
2018-05-15T01:26:21.375416Z 0 [ERROR2018-05-15T01:26:21.845562Z 0 [Note] InnoDB: Removed 
temporary tablespace data file: "ibtmp1"



A quick check of whether or not thatâs genuinely a disk space problem using 
df -hT shows the following:

[user@computer home]$ df -hT
Filesystem  Type  Size  Used Avail Use% Mounted on
/dev/mapper/sl-root xfs50G   50G   12M 100% /



The database lives on /home, which doesnât seem anywhere near full,
and the number of bytes that âshould have been writtenâ in that
error message are nowhere near a threat to the capacity, which
suggests something else might be going wrong.

Does anyone have a notion of whatâs going on? My suspicion is that
the problem is that the temporary file is just ./file, which is in
the root directory, which as you can see *is* full - if this is the
case, is there a way to redirect where those temporary files are
made? Or should I just try to expand that?


The temp files have a relative path, so I guess they are in the current
working directory, which may be root's home directory.
If you cd to a directory with more space before starting, the temp
files may be made in that directory.

Re: IPv6 outbound packets filtered by default?

2018-03-21 Thread Andrew C Aitchison


On Wed, 21 Mar 2018, Sean A wrote:


Hello,

We have just encountered a strange scenario with firewalld and ipv6.  We are 
running SL 7.4, with kernel 3.10.0-693.21.1.el7.x86_64 and firewalld-0.4.4.4-6, 
but this situation has existed for nearly a year, if not longer.
For a long time, I have thought our infrastructure team just didn't have 
IPv6 Routing or Boundary Firewall rules setup right because I have not 
been able to ping6 sites like google.com (site info scrubbed) -


Its a strange thing, but the first few successful pings after stopping 
firewalld take a long time.  When I start firewalld, the pings will 
continue to succeed for a period of time, then the network will become 
unreachable again at some point later.


From a ruleset perspective, we do not filter outbound packets.
We do use the drop zone as default, but both my system and my colleague's have
different input filtering.  e.g. My system is a desktop, the system my 
colleague was working on is a dns server.


Could the problem be that the firewall is blocking some sort of routing reply
(somethng like arp or dns, but not necessarily either of those) so that 
the system doesn't know where to send the outgoing packets.


When the firewall is turned on again I guess that packets continue to 
be sent until the system realises that they aren't being 
acknowledged...


--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: iptables mac filtering: iptables fails to start after trying to use "mac" iptables module

2018-03-02 Thread Andrew C Aitchison


On Fri, 2 Mar 2018, Karel Lang AFD wrote:


Hello guys,

stumbled on weird thing today - wanted to setup some iptables rules based on 
'mac address' and iptables failed to start.


cat /etc/redhat-release
Scientific Linux release 7.4 (Nitrogen)

iptables --version
iptables v1.4.21

yum list all | grep iptables
iptables.x86_64 1.4.21-18.2.el7_4 @sl-fastbugs
iptables-services.x86_641.4.21-18.2.el7_4 @sl-fastbugs
iptables-utils.x86_64   1.4.21-18.2.el7_4 @sl-fastbugs


what happens:
after adding simple rule to '/etc/sysconfig/iptables':
*filter
-A INPUT -m mac --mac-source 52-54-00-6f-04-51 -j ACCEPT


I spell mac addresses 52:54:00:6f:04:51 - ie with colons not dashes;
case doesn't seem to matter.

it refuses to start after 'systemctl restart iptables' and the 'journalctl 
-xe' says:


Error occurred at line: XX and thats' it


On SL6 I sometimes have to load a module to enable a rule;
what is in your /etc/sysconfig/iptables-config
- or whatever equivalent SL7 uses ?


If i add the same simple rule to the SL 6.9 iptables rules, it works without 
problem..


Anyone stumled upon this, only thing i can think of is, that it is not 
compiled in standard kernel ..


Thanks for any input - i tried to lookup things at search engines, but so far 
no light ..ehh.



--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

Re: Firefox crashes start up

2017-08-20 Thread Andrew C Aitchison


On Thu, 17 Aug 2017, ToddAndMargo wrote:


On 08/17/2017 03:52 AM, David Sommerseth wrote:

On 17/08/17 06:30, ToddAndMargo wrote:

Hi All,

SL 7.3
firefox-55.0.2.x64.tar.bz2


tar.bz2?  Is this a downloaded from Mozilla?


yup.   I have to be up to date, as I support multiple Windows
customers and they all all up to date.




Scientific Linux 7.2 (RHEL clone)
$ cat /etc/redhat-release: Scientific Linux release 7.3 (Nitrogen)
uname -r: 3.10.0-693.1.1.el7.x86_64

I just ran an update on Scientific Linux 7.3.  Firefox will
no longer start, including safe mode or the profile manager.
Firefox goes straight through to the crash reporter.

... ...

Any words of wisdom?



In the mean time, is there a way to tell YUM to uninstall
yesterday's updates?


You can "rollback" and "undo" "yesterday's" (Wednesday's ?) updates with
the "yum history" command *if the history_record config option has been 
set (I don't know whether or not it is set by default)*.


If not, the packages updated with dates are listed in /var/log/yum.log
- you could downgrade them explicitly, though the log doesn't (on SL6)
record the replaced version number so you would have to find those
some other way.

--
Andrew C Aitchison  Cambridge,UK

Re: Firefox crashes start up

2017-08-19 Thread Andrew C Aitchison


On Fri, 18 Aug 2017, ToddAndMargo wrote:


On 08/17/2017 01:03 PM, David Sommerseth wrote:

On 17/08/17 18:33, ToddAndMargo wrote:

On 08/17/2017 09:23 AM, ToddAndMargo wrote:

Mozilla Firefox 55 source tarball


The latest is 52 in sl-testing:

firefox-52.3.0-2.el7_4.i686 : Mozilla Firefox Web browser
Repo: sl-testing


I have to be up to date, especially with me doing PCI
(credit card) consulting.

SL has really become a bad match for what I am doing.
I really should be on a Kaisen OS not a an
anti-Kaisen OS, but I can not afford the
cost of an upgrade to Fedora at the due to the
never ending recession.  So I mumble a lot.


You do realise that firefox-52 packaged for SL7 is the Firefox ESR edition?



Yes I do.  All bugs and security flaws frozen in place for those
that don't like to upgrade their software and those that get
tired of having to respin an RPM every month or so due
to the rapid pace of Firefox's development.  EL Linux
is an anti-Kaisen OS and Red Hat gets CRABBY about having
to update things and often does not.


Red Hat are fairly quick at releasing the six-weekly updates to ESR 
- IIRC 2 days after Mozilla for 52.3 (SL took almost a week after that).



Even though it's a while since I've looked at the PCI-DSS stuff; but I
do not ever recall it requiring specific versions of software. 


I required that you be up to date on all your software.
On the Windows side, I run Kaspersky's "vulnerability Scan"
which looks at all your installed software and lets you know
what is out of date (Acrobat Reader, Java, Firefox, Java,
etc.).  Without Kaspersky. I'd have to go through each
program one at a time, which is pain in the neck.


I do
remember it saying something about running up-to-date OS and
applications though.  Firefox ESR releases are the browser equivalent to
"Enterprise Linux".  So ESR releases should really fit the bill for 
PCI-DSS.


On an EL Linux install only.  On Windows, no one will put up
with all the bugs and missing features.  This is why I have
to stay current.

The ESR would probably get you off the hook liability wise,
but since PCI is not about security, but rather about liability
shifting, if you get hacked, the lawyers could make a case that
you knowingly used a version of Firefox with know security flaws.

The lawyers are trying to make the case that you should have to
pick up the financial liability for all the costs of the breach.
It could be argued back that the ESR slipstreams security
patches into its release, but it would be counter argues that
in reality, they seldom do.


https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/
lists 17 security fixes in ESR 52.3
(OK, the equivalent page for firefox 55 lists more fixes
but they may be fixing bug in new code.)

More generally compare the advisories listed in
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
and
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/

If you need to worry that much about the lawyers,
shouldn't you be paying Red Hat and keeping uptodate with their
recommendations.

More significantly, perhaps you shouldn't run a browser (or a mail 
reader) on the same machine as the credit-card handling ...



Until I get this figured out, I have been using weird old Midori.
Maybe I will go to the dark side and install Chromium

Do you know anyway to uninstall the recent updates that
caused this?


I'd try
yum downgrade firefox-52.2.0
or
yum downgrade firefox-45.8.0

- just like yum update but it works even when a newer version is
currently installed.

Re: Regular loss of DNS name resolution on SL7.3 machine

2017-08-18 Thread Andrew C Aitchison


On Fri, 18 Aug 2017, Dan wrote:


Dear All,

I wonder if anyone can help with the following strange network problem
I'm having on my SL7.3 machine, please:

Every day, just after midday, I suddenly lose access to DNS name
resolution, and therefore become unable to interact with any remote
hosts, even though my network interface is still up.  Manually taking
the network interface down then up again restores name resolution
(although bringing the interface back up is surprisingly slow), but
only for a few minutes before it fails again.  These cycles go on
until about 1pm, after which all is fine once more.


This could be a red herring, so beware of wild goose chases.

You appear to be on timezone +0100 (from other header info I'm
going to assume BST). I've seen software break for just that one hour
when there has been a confusion over BST/GMT.
(IIRC the reason was that the date/time was rounded to the nearest day
by adding 12hrs and truncating.)


If I try to ping the nameserver (by IP address) during one of the
periods of name resolution failure, I'm met with ICMP "destination
unreachable" packets originating from my own IP address on the
relevant interface.  (Whereas pinging the nameserver at any other time
produces successful responses.)


Does ping -n have the same problem ?

Re: [SCIENTIFIC-LINUX-USERS] Security ERRATA Important: jasper on SL6.x, SL7.x i386/x86_64

2017-07-26 Thread Andrew C Aitchison

On Wed, 26 Jul 2017, Pat Riehecky wrote:

Not sure why they didn't make it out, should be there now.

Thanks.

On 07/26/2017 08:32 AM, Andrew C Aitchison wrote:

 On Wed, 10 May 2017, Pat Riehecky wrote:

>  Synopsis:  Important: jasper security update
>  Advisory ID:   SLSA-2017:1208-1
>  Issue Date:2017-05-09

>  SL6
>   x86_64
> jasper-1.900.1-21.el6_9.x86_64.rpm
> jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
> jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm

 I can find most of these, but not the jasp-debuginfo packages.
 If they could be added to the usual places that would be great.

> jasper-libs-1.900.1-21.el6_9.i686.rpm
> jasper-libs-1.900.1-21.el6_9.x86_64.rpm
> jasper-devel-1.900.1-21.el6_9.i686.rpm
> jasper-devel-1.900.1-21.el6_9.x86_64.rpm
> jasper-utils-1.900.1-21.el6_9.x86_64.rpm

Re: Security ERRATA Important: jasper on SL6.x, SL7.x i386/x86_64

2017-07-26 Thread Andrew C Aitchison


On Wed, 10 May 2017, Pat Riehecky wrote:


Synopsis:  Important: jasper security update
Advisory ID:   SLSA-2017:1208-1
Issue Date:2017-05-09



SL6
 x86_64
   jasper-1.900.1-21.el6_9.x86_64.rpm
   jasper-debuginfo-1.900.1-21.el6_9.i686.rpm
   jasper-debuginfo-1.900.1-21.el6_9.x86_64.rpm


I can find most of these, but not the jasp-debuginfo packages.
If they could be added to the usual places that would be great.


   jasper-libs-1.900.1-21.el6_9.i686.rpm
   jasper-libs-1.900.1-21.el6_9.x86_64.rpm
   jasper-devel-1.900.1-21.el6_9.i686.rpm
   jasper-devel-1.900.1-21.el6_9.x86_64.rpm
   jasper-utils-1.900.1-21.el6_9.x86_64.rpm


Thanks,

--
Andrew C. Aitchison Cambridge, UK
and...@aitchison.me.uk

Re: selinux preventing access to directory net

2017-07-18 Thread Andrew C Aitchison


On Tue, 18 Jul 2017, Stephen Isard wrote:


On Mon, 17 Jul 2017 23:52:22 +0200, Maarten <mailingli...@feedmebits.nl> wrote:


The process exim running with the the selinux context exim_t is trying
to access the directory /proc/net which has the selinux context
sysctl_net_t.

Causing selinux to block access to directory, because the source context
is different from the destination context.


Yes, thank you, I've got that part.  As I said earlier, what I am wondering now 
is why exim is trying to search that directory, and whether I want it to.
It happens at - to me - unpredictable times, apparently unrelated to any 
messages being sent or received.


Looking at the upstream source for exim 4.89, there are two lots of 
references to /proc
1) /proc/loadavg 
2) /proc/net/if_inet6

unsuprisingly exim uses these to determine load average and
IPv6 address etc...

I don't know whether the binary rpms add any other uses of /proc
- which version of exim are you using - the one from epel ?

--
Andrew C Aitchison  Cambridge, UK

Re: tip: Secondary Selection clipboard

2017-06-27 Thread Andrew C Aitchison


On Tue, 27 Jun 2017, Tom H wrote:


On Tue, Jun 20, 2017 at 4:38 PM, ToddAndMargo <toddandma...@zoho.com> wrote:


I have been using UNIX and Linux for over 25 years and did not realize
X11 has four clipboards. I recently discovered the Secondary Selection
keyboard.

It really saves a bunch of time when I am programming as I don't lose
my cursor's hot spot.

Here is a great 8 minute video demonstrating all four clipboards. It
is must learn for anyone using Linux.

http://www.cs.man.ac.uk/~chl/Secondary-Selection.mp4

To support this clipboard, your program has to use the GTK Toolkit.


Thanks. I didn't know about this secondary clipboard. I've just tried
it on my laptop running Ubuntu 17.10 but it didn't work. I suspect
that it's been deep-sixed in Gnome Shell and Unity.


I was interested in the secondary clipboard too, and looked at
  http://www.cs.man.ac.uk/~chl/secondary-selection.html
which makes clear that this is not a standard gtk feature;
there are experimental modified gtk3 libraries which support
secondary selection (no source yet).

gtk3 means it doesn't run on SL6, so I haven't been able to explore 
further.


--
Andrew C Aitchison  Cambridge, UK

Re: Proper forum suggestion?

2017-06-26 Thread Andrew C Aitchison


On Mon, 26 Jun 2017, Stan Orlov wrote:


Greetings,

We've just installed Scientific Linux with the hope to migrate some
of our solutions from Windows to Linux. I ran into a problem with
VNC and posted to this list, but nobody replied to it.


Hmm.
According to the headers as I received them, your original message 
was received by the list server at

   Mon, 26 Jun 2017 14:04:35 -0500
and the message to which I am replying at
   Mon, 26 Jun 2017 13:00:31 -0500
- over an hour *earlier*. You complained that no-one had replied
before many of our mailboxes will have received your question.

Given that we are spread around the world and have other things to do,
I always allow at least 24 hours before I start thinking that no-one
has replied.


 I am stuck and really hope to find guidance online. Can anyone
 suggest a list/forum that would be better suited for such
 questions?


There is a forum for Scientific Linux at
  https://scientificlinuxforum.org/
which might be able to help you in real-time
(I've never used it).

--
Andrew C Aitchison  Cambridge, UK

Re: Cad package move to 6.9

2017-06-25 Thread Andrew C Aitchison


On Sun, 25 Jun 2017, Francesco M. Taurino wrote:


Hi, if you only require 2d cad, take a look to draftsight, from dassault
systemes. I don't know if new versions run on so 6.x, but it's basically
free and worth a try.


I tried that; draftsight installs as an .rpm which is nice, but sadly
it fails to run on SL6, wanting /lib64/libc.so.6 version 'GLIBC_2.14'
but SL6 only has libc upto 'GLIBC_2.12'.

--
Andrew C Aitchison

Re: Cad package move to 6.9

2017-06-24 Thread Andrew C Aitchison


On Sat, 24 Jun 2017, Larry Linder wrote:


As usual we are always behind.

We own a cad package that runs fine on SL 5.11 but will not run on SL
6.9.  When you run it on 6.9 It complains about missing libs. If you do
a "whereis" on the "the missing lib" - it finds it.

From what I could get from google searches it apears that the cad

package is using 32 libraries.  Is thee any way around this problem.  If
I get the 32 bit libs and put them in /usr/lib it would destroy
the  /usr/lib libraries that are already present.


On SL6 64bit libraries should be in /usr/lib64/ and 32 bit in /usr/lib/


Does setting LD_LIBRAY_PATH and/or LIBRARY_PATH
t include the directory with these libraries help ?
(Bash: export LD_LIBRARY_PATH=/my/cad/libraries:$LD_LIBRARY_PATH
 T/csh: setenv LD_LIBRARY_PATH /my/cad/libraries:$LD_LIBRARY_PATH  -- IIRC)



Is there anyway to determine if a lib is 32 bits or 64 bits without
recompiling sorce and making new libs.


# file /lib*/libc-2*.so
/lib64/libc-2.12.so: ELF 64-bit LSB shared object, x86-64, version 1 
(GNU/Linux), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not 
stripped
/lib/libc-2.12.so:   ELF 32-bit LSB shared object, Intel 80386, version 1 
(GNU/Linux), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not 
stripped

If the library is a symbolic link you may need 'file -l' or to give file 
the name of the real file.


--
Andre C Aitchison

Re: firefox 52esr, SL6.9 segmentation fault

2017-05-10 Thread Andrew C Aitchison


On Tue, 9 May 2017, Keith Lofstrom wrote:


Since the mid-April update, firefox 52.1.0 (32-bit) "esr"
has been crashing often, on three similar SL6.9 machines.

segmentation fault, no debugging information, also in
firefox -safe-mode

Has anyone else solved this?


I've seen no problems with firefox-52.1.0 64bit
on 64bit SL6.9.

Firefox does use a *lot* of RAM (currently top says
5871m virt and 3.2g res) though I haven't noticed
this increase rfom 48esr to 52esr.
You might be hitting the memory limit for a 32bit binary.


No crashes with two SL7.3 64 bit machines.

I can spend a few hours going through the debugging
steps, or waste a few months upgrading all machines
to SL 7.3 (hundreds of 32 bit programs to recompile).


Are your SL6 machines running SL6 32 or 64 bit ?
You can run 32bit programs on SL6-64bit if that
makes migration easier (or are you using 32bit hardware?)


But if anyone else has solved this, it will save
some time for me and perhaps others.

Thank you!

Keith

PS: "ESR" used to be older versions compiled for LTS
distros with older libraries, like RHEL/SL/CentOS.
Why the sudden jump from 39 to 52?


Hmm. You should be jumping from 45 to 52 -
Firefox 45ESR replace 38ESR in April 2016.

The idea of ESR is that you only have a major update
about once a year (with 12 weeks of overlap*)
and for that year the ESR release gets security updates.

* although RHEL removed the first 6 weeks of the overlap
by not releasing also 52.0 when 45.8 came out.

Re: Scientific Linux 6.9 now Released for i386/x86_64

2017-04-18 Thread Andrew C Aitchison


On Mon, 17 Apr 2017, Pat Riehecky wrote:


Scientific Linux 6.9 i386/x86_64   Apr 17, 2017

SL 6x users:
  Please run   yum clean expire-cache


That did not work for me, but
yum clean metadata
did.

Sorry, I have lost the original error message, but it was to the effect 
that the cached metadata was newer than the downloaded metadata

and I was using a server or mirror at ftp.scientificlinux.org.




SL Mirrors should consider running a sync at this time.

Re: GDAL on SL 7.3

2017-04-15 Thread Andrew C Aitchison


On Sat, 15 Apr 2017, Roxana Tesileanu wrote:


Hi!

I'm trying to access GDAL in Python and tried "sudo pip install GDAL". But an 
error comes out. I've downloaded also the packege from the GDAL website but 
still doesn't work. Could you please help me out? Many thanks! Roxana


I use gdal on SL6 not SL7, don't use python much and pip not at all,
but I'll ty to help.

Where did you get gdal from -
rpmquery -i gdal
might say, if you don't know.

The cpl_port.h missing error suggests that pip assumes
you already have gdal installed (in the place it is looking
and probably the expected version).
Since you do have gdalinfo installed I guess that pip isn't
looking for cpl_port.h in the right place; mine is at
  /usr/include/gdal/cpl_port.h
but I think from the exact error below that pip expects it at
  /usr/include/cpl_port.h
while there various ways of hacking a solution to this
specific error, I'd expect they would only lead to
the real issue causing more errors.

My guess that you have installed gdal from epel,
but not the gdal-python package that goes with it.
Could you try

sudo yum --enablerepo=epel install gdal-python
?


PS: Here is the output from the Terminal:

[rtesileanu@localhost ~]$ gdalinfo --version
GDAL 1.11.4, released 2016/01/25
[rtesileanu@localhost ~]$ sudo pip install GDAL=1.11.4
[sudo] password for rtesileanu:
Invalid requirement: 'GDAL=1.11.4'
= is not a valid operator. Did you mean == ?
[rtesileanu@localhost ~]$ sudo pip install GDAL==1.11.4
Collecting GDAL==1.11.4
 Could not find a version that satisfies the requirement GDAL==1.11.4 (from 
versions: 1.5.0, 1.5.2, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.8.1, 1.9.0, 1.9.1, 
1.10.0, 1.11.0, 1.11.1, 1.11.2, 2.0.0, 2.0.1, 2.1.0, 2.1.3)

No matching distribution found for GDAL==1.11.4
[rtesileanu@localhost ~]$ sudo pip install GDAL==2.1.3
Collecting GDAL==2.1.3
 Using cached GDAL-2.1.3.tar.gz
Installing collected packages: GDAL
  Running setup.py install for GDAL ... error
   Complete output from command /usr/bin/python2 -u -c "import setuptools, 
tokenize;__file__='/tmp/pip-build-9uzTW8/GDAL/setup.py';f=getattr(tokenize, 
'open', open)(__file__);code=f.read().replace('\r\n', 
'\n');f.close();exec(compile(code, __file__, 'exec'))" install --record 
/tmp/pip-JC4z_K-record/install-record.txt --single-version-externally-managed 
--compile:

running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.7
copying gdal.py -> build/lib.linux-x86_64-2.7
copying ogr.py -> build/lib.linux-x86_64-2.7
copying osr.py -> build/lib.linux-x86_64-2.7
copying gdalconst.py -> build/lib.linux-x86_64-2.7
copying gdalnumeric.py -> build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/osgeo
copying osgeo/gdalnumeric.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/gnm.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/gdal_array.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/gdalconst.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/__init__.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/ogr.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/osr.py -> build/lib.linux-x86_64-2.7/osgeo
copying osgeo/gdal.py -> build/lib.linux-x86_64-2.7/osgeo
running build_ext
building 'osgeo._gdal' extension
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/extensions
gcc -pthread -fno-strict-aliasing -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic 
-D_GNU_SOURCE -fPIC -fwrapv -DNDEBUG -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic 
-D_GNU_SOURCE -fPIC -fwrapv -fPIC -I../../port -I../../gcore -I../../alg 
-I../../ogr/ -I../../ogr/ogrsf_frmts -I../../gnm -I../../apps 
-I/usr/include/python2.7 
-I/usr/lib64/python2.7/site-packages/numpy/core/include -I/usr/include -c 
extensions/gdal_wrap.cpp -o 
build/temp.linux-x86_64-2.7/extensions/gdal_wrap.o
   extensions/gdal_wrap.cpp:3085:22: fatal error: cpl_port.h: No such file 
or directory

#include "cpl_port.h"
  ^
compilation terminated.
error: command 'gcc' failed with exit status 1

   
Command "/usr/bin/python2 -u -c "import setuptools, 
tokenize;__file__='/tmp/pip-build-9uzTW8/GDAL/setup.py';f=getattr(tokenize, 
'open', open)(__file__);code=f.read().replace('\r\n', 
'\n');f.close();exec(compile(code, __file__, 'exec'))" install --record 
/tmp/pip-JC4z_K-record/install-record.txt --single-version-externally-managed 
--compile" failed with error code 1 in /tmp/pip-build-9uzTW8/GDAL/

Re: Book/Paper technical illustrations - inkscape?

2017-04-06 Thread Andrew C Aitchison


On Wed, 5 Apr 2017, Keith Lofstrom wrote:


I am considering Inkscape as a technical illustration
tool for latex documents (papers and book chapters).
Suggestions for better tools?


Inkscape would be my first choice, but I'd also consider
xfig(included in SL6; for SL7 you may need to get it from epel)
dia www.gnome.org/projects/dia
Zirkel / CaR (Compass and ruler)
http://car.rene-grothmann.de/

One interesting feature of dia is that it can be used
to generate sql schema.


--
Andrew C Aitchison  Cambridge, UK

Re: Server going to uncommanded sleep or suspend

2017-03-09 Thread Andrew C Aitchison


On Thu, 9 Mar 2017, Konstantin Olchanski wrote:


Hi, there. I wonder if anybody else is seeing the same problem with el7:

The symptoms are: no ping, dead video, dead keyboard. After power cycle,
syslog shows that the system has attempted to go into sleep or suspend
or whatever they call it.

This is very strange, usualy a system will go into suspend mode when you
close the laptop lid, but these are not laptops. They are normal desktop
machines (and at least in one case, there is no local user to blame for
pressing the "sleep" button).

So what's in the syslog:
- normal activity (systemd spam)
- network manager reports "sleep requested"
- some kind of nm_dispatcher activity
- systemd reaches sleep and suspend targets.
- continues spewing sundry messages, never recovers (never goes into actual 
sleep).

The machine is effectively dead after network manager put the network 
interfaces to sleep.


Can the machine be made to respond to wake-on-lan ?
If so, setting that up *might* reduce the pain when this happens again ...

Re: Which C hooks go to which clipboard?

2017-03-08 Thread Andrew C Aitchison


On Wed, 8 Mar 2017, ToddAndMargo wrote:


Hi All,

Looking at "man XStoreBuffer XFetchBuffer XRotateBuffers",
which clipboard is the ctrl-c/v clipboard ("clipboard")
and which is the mouse over and center click clipboard
("primary")?


Sorry, it seems that those routines are obsolete hangovers from X10 !

https://www.jwz.org/doc/x-cut-and-paste.html
seems to be particularly clear;

there are also more formal references like:
https://en.wikipedia.org/wiki/X_Window_selection
https://tronche.com/gui/x/xlib/utilities/using-cut-buffers.html
https://tronche.com/gui/x/xlib/window-information/selection.html

Sorry I pointed you in the wrong direction to start with.

--
Andrew C Aitchison

Re: Anyone know a reference to X11's clipboard hooks?

2017-03-08 Thread Andrew C Aitchison


On Tue, 7 Mar 2017, ToddAndMargo wrote:


Hi All,

Can anyone point me to a reference to the hooks for
reading and writing into both of X11's clipboards?


For the cut and paste buffers:
man XStoreBuffer XFetchBuffer XRotateBuffers
(all the same page)

man xcutsel
man xclipboard
and
man XmClipboard

might also be useful start points.

--
Andre C Aitchison

Re: Cannot find openssl

2017-02-21 Thread Andrew C Aitchison


On Tue, 21 Feb 2017, Al Russell wrote:

I have been unable to get the SL6 openssl update to 8.4 that was announced in 
today's Scientific-Linux-Errata. When I check the SL6 sl-security repository 
all I find is the openssl-1.0.1e-48.el6_8.3.i686.rpm family. Is there a 
problem or am I missing something?


I see openssl-1.0.1.el6_8.4.i686.rpm
but since I have openssl-1.0.1.sl6_8.3.i686 installed,
the 8.4 version is not seen as newer (sl... > el...).

Worse, having managed to install the 8.4 (with
   yum downgrade openssl*1.0.1e-48.el6_8.4
)
yum wants to "upgrade" me back to 8.3 :-(

el6 or sl6 in (openssl) rpm packege release numbers ?

2017-02-21 Thread Andrew C Aitchison


On Mon, 20 Feb 2017, Pat Riehecky wrote:

Synopsis:  Moderate: openssl security update
Advisory ID:   SLSA-2017:0286-1
Issue Date:2017-02-20
CVE Numbers:   CVE-2016-8610
  CVE-2017-3731
--

... ...

SL6
 x86_64
   openssl-1.0.1e-48.el6_8.4.i686.rpm
   openssl-1.0.1e-48.el6_8.4.x86_64.rpm
   openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
   openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm
   openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
   openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm
   openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm
   openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
 i386
   openssl-1.0.1e-48.el6_8.4.i686.rpm
   openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
   openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
   openssl-perl-1.0.1e-48.el6_8.4.i686.rpm
   openssl-static-1.0.1e-48.el6_8.4.i686.rpm



This update hasn't arrived at my end yet, so I went poking:
# yum --enablerepo=sl-security --showduplicates list openssl

Loaded plugins: auto-update-debuginfo, fastestmirror, refresh-packagekit,
  : security
Loading mirror speeds from cached hostfile
 * elrepo: mirrors.coreix.net
 * epel: www.mirrorservice.org
 * epel-debuginfo: www.mirrorservice.org
 * sl: ftp1.scientificlinux.org
 * sl-debuginfo: ftp1.scientificlinux.org
 * sl-fastbugs: ftp1.scientificlinux.org
 * sl-security: ftp1.scientificlinux.org
 * sl6x: ftp1.scientificlinux.org
 * sl6x-fastbugs: ftp1.scientificlinux.org
 * sl6x-security: ftp1.scientificlinux.org
Installed Packages
openssl.i6861.0.1e-48.sl6_8.3  @sl-security 
openssl.x86_64  1.0.1e-48.sl6_8.3  @sl-security 
Available Packages
openssl.i6861.0.1e-48.el6  sl 
openssl.i6861.0.1e-48.el6  sl6x 
openssl.x86_64  1.0.1e-48.el6  sl 
openssl.x86_64  1.0.1e-48.el6  sl6x 
openssl.i6861.0.1e-48.el6_8.1  sl-security 
openssl.i6861.0.1e-48.el6_8.1  sl6x-security
openssl.x86_64  1.0.1e-48.el6_8.1  sl-security 
openssl.x86_64  1.0.1e-48.el6_8.1  sl6x-security
openssl.i6861.0.1e-48.el6_8.4  sl-security 
openssl.i6861.0.1e-48.el6_8.4  sl6x-security
openssl.x86_64  1.0.1e-48.el6_8.4  sl-security 
openssl.x86_64  1.0.1e-48.el6_8.4  sl6x-security
openssl.i6861.0.1e-48.sl6_8.3  sl-security 
openssl.i6861.0.1e-48.sl6_8.3  sl6x-security
openssl.x86_64  1.0.1e-48.sl6_8.3  sl-security 
openssl.x86_64  1.0.1e-48.sl6_8.3  sl6x-security



I note that the 6_8.3 versions are el..., whereas the 6_8.4 are all sl...
Of course sl6_8.3 comes after el6_8.4 so the updates are ignored :-(

I'm now confused, should they be el6... or sl6... ?

(I'm also confused about whether I should be using sl-security or 
sl6-security, but that is less important).


Thanks,

--
Andrew C Aitchison

Re: OpenSSL in SL6 ?

2017-02-10 Thread Andrew C Aitchison


On Sat, 4 Feb 2017, Steven Haigh wrote:


On 04/02/17 03:22, Andrew C Aitchison wrote:

https://access.redhat.com/solutions/1530413
explains Red Hat's position on this, but it can only be read by
those with a Red Hat contract.


You don't have to have a contract, only an account. Anyone can register,
and there's also free 'developer' accounts if you wish.


Thanks.

After more effort than it was worth, I now have an account
and am able to read the page and see now little Red Hat had to say.

I had hoped that since OpenSSL minor releases aren't supposed
to break binary compatibility, RH would just switch to v1.0.2.

Given that it is three months until the end of RHEL6, Production Phase 2 
(May 10, 2017, see https://access.redhat.com/support/policy/updates/errata/ )

I can see that it is time to determine my stretegy for migrating
from SL6. (I'm down to one machine and SL7 is very different from SL6
so I shall consider several options).

Thanks again,

Andrew C Aitchison

OpenSSL in SL6 ?

2017-02-03 Thread Andrew C Aitchison


SL6 uses OpenSSL v1.0.1, which is no longer supported by OpenSSL
( https://www.openssl.org/policies/releasestrat.html ).
v1.0.2 which may be a drop in replacement is supported until the end of 
2019.


https://access.redhat.com/solutions/1530413
explains Red Hat's position on this, but it can only be read by
those with a Red Hat contract.

Could SL make a similar statement which is available to anyone who
has access to SL ?

I'm particularly asking since I'm trying to build the latest exim,
which does not support openssl v1.0.1
https://lists.exim.org/lurker/message/20170131.025153.592b38db.en.html
   As we are into 2017, the oldest OpenSSL supported by the OpenSSL project
   is 1.0.2, so that is now the oldest version which the Exim Maintainers
   formally "support" for Exim. As of yet, I do not believe that any
   changes have been merged which would break support for older OpenSSL,
   but you are on your own if you try to use such.
I can of course build a local OpenSSL v1.0.2 for exim, but if there were
a system version it would be simpler for me.

Thanks,

--
Andrew C Aitchison

Re: 6.6 to 6.x (6.8 now, I guess)

2017-01-27 Thread Andrew C Aitchison


On Fri, 27 Jan 2017, jdow wrote:


Ran yum --releasever=6.7 update sl-release

Same error going 6.6 to 6.7 as 6,6 to 6.x (6.8).

Transaction Check Error:
 file /lib64/libasound.so.2.0.0 from install of alsa-lib-1.1.0-4.el6.x86_64 
conflicts with file from package libasound2-1.0.24.1-35.el6.x86_64


I can't find libasound2 in the SL tree, although it is in ATrpms.

You may be trying to mix too many repos ...


What now?
{^_^}

On 2017-01-27 15:03, jdow wrote:

 It gets through downloading a half gigabyte, trundles a bit and whines:

 Transaction Check Error:
   file /lib64/libasound.so.2.0.0 from install of
 alsa-lib-1.1.0-4.el6.x86_64
 conflicts with file from package libasound2-1.0.24.1-35.el6.x86_64

 
 Trying a hail Mary yum --releasever=6.11 update sl-release

 {o.o}

Re: Integration with Apple iPad 2 air

2017-01-21 Thread Andrew C Aitchison


On Sun, 15 Jan 2017, Yasha Karant wrote:

I understand that this not an Apple forum.  However, my spouse has been 
assigned an Apple iPad 2 Air from our university administration, and she was 
reluctant for political reasons to demand a Linux or Android "equivalent" of 
this unit.


I have been attempting to configure it .  I have found that Mozilla does not 
support this platform:  (quoting from Mozilla) Mozilla.org 
 does not have any version of Thunderbird and Firefox for 
iOS due to Apple's restrictions on the JavaScript and browser engines that 
can be used.


Would a request for an Apple laptop be be politically acceptable ?

In my experience a tablet is read-mostly; a university should
understand that people may need a device which allows meaningful
content to be created/modified even when the internet is not available.

Re: Security ERRATA Critical: firefox on SL5.x, SL6.x, SL7.x i386/x86_64

2016-12-15 Thread Andrew C Aitchison


On Wed, 14 Dec 2016, Scott Reid wrote:


Synopsis:  Critical: firefox security update
Advisory ID:   SLSA-2016:2843-1
Issue Date:2016-12-01
CVE Numbers:   CVE-2016-9079
--

This update upgrades Firefox to version 45.5.1 ESR.


At least in SL6, we seem to have got Firefox 45.6.0 ESR
- which is even better.

Thanks,


SL6
 x86_64
   firefox-45.5.1-1.el6_8.x86_64.rpm
   firefox-debuginfo-45.5.1-1.el6_8.x86_64.rpm
   firefox-45.5.1-1.el6_8.i686.rpm
   firefox-debuginfo-45.5.1-1.el6_8.i686.rpm
 i386
   firefox-45.5.1-1.el6_8.i686.rpm
   firefox-debuginfo-45.5.1-1.el6_8.i686.rpm


--
Andrew C Aitchison

Firefox 45.5.0

2016-11-18 Thread Andrew C Aitchison


When should we expect the critical security update firefox 45.5.0
   https://rhn.redhat.com/errata/RHSA-2016-2780.html
?

Thanks,
Andrew C Aitchison

Re: MacOS X Mac Mail with SL Thunderbird issues

2016-11-11 Thread Andrew C Aitchison


On Thu, 10 Nov 2016, Yasha Karant wrote:


From a colleague:

Your mail client doesn’t play nicely with mine (Mac Mail).
As you can see by the screen snap, it doesn’t wrap text


Toggle Word Wrap :: Add-on
https://addons.mozilla.org/en-GB/thunderbird/addon/toggle-word-wrap/
might do what you want.


and includes the long version of headers on forwarded messages.
As a result, I sometimes don’t read stuff from you because it’s too annoying 
to scroll and scroll…


End quote.

A web search does not reveal anything about this issue.  I do not have an 
Apple MacOS X box; all Linux and MS Win Thunderbird users do not report this 
issue. I am using IMAP for reading email, and an external SMTP server for 
sending email.  Is there a (SL) Thunderbird configuration that is more Mac 
Mail friendly?

RE: ACL Problem in SL7.2

2016-11-08 Thread Andrew C Aitchison


On Tue, 8 Nov 2016, Bill Maidment wrote:


Hi again
My research has revealed that nfs in SL 7.2 is translating the
POSIX ACL to NFSv4 ACL (a completely different format).


I wondered if that was the problem. Sun was working hard to be compatible 
with Microsoft when the NFSv4 ACL spec was written.



vi appears to recognise NFSv4 ACL, but Nautilus, ls and probably other 
programs, only seem to recognise POSIX ACL.

So I have the following alternatives:
1. Stop nfs translating to NFSv4 ACL
2. Change the guest mount to translate NFSv4 ACL back to POSIX ACL
3. Change Nautilus, etc to recognise NFSv4 ACL
4. Use Samba instead of nfs

I'm not sure if 1. or 2. are possible and 3. may happen one day.
Does anyone know of a practical solution/workaround?


Since NFS ACLs are Microsoft-like, Samba may not solve the issue -
https://wiki.samba.org/index.php/Shares_with_POSIX_ACLs#File_system_ACLs
does not appear to mention setfacl or getfacl ...

Do you need to use ACLs, or can you get by with unix user/group/other ?

You may get more reliable behaviour if you work on a directory nearer the 
branches. Permissions on the mount-point directory are often "interesting" 
edge cases and often different between client and server and can change 
when the remote tree is mounted or unmounted. An automounter will add an 
extra layer of complication.



Cheers
Bill

-Original message-

From:Bill Maidment 
Sent: Sunday 6th November 2016 19:56
To: Karel Lang AFD ; SCIENTIFIC-LINUX-USERS@FNAL.GOV
Subject: RE: ACL Problem in SL7.2

Thanks for the response Karel.
umask is the standard 0022 and this is a top level directory on the host 
machine.
I am using SL 6.8 to access the directory via nfs share.
It looks like there is no problem if the file is created with vi
But if I use Nautilus then that's when I get the issue.
So Nautilus on SL 6.8 seems to be the culprit (or is it caused by nfs?)
Cheers
Bill

-Original message-

From:Karel Lang AFD 
Sent: Sunday 6th November 2016 16:16
To: Bill Maidment ; SCIENTIFIC-LINUX-USERS@FNAL.GOV
Subject: Re: ACL Problem in SL7.2

Hi Bill
just pasted your work here to CLI and works OK on SL 6.7 and SL 7.2 here...
It has to be something else .. umask? or inherited from directory higher up?
Maybe strace would help to see whats happening exactly?

cheers

On 11/06/2016 03:58 AM, Bill Maidment wrote:

Hi
I am trying to set up ACL on a directory such that any new file created in the 
directory has permissions of 0660.
However, when I create a new file, the permissions are set as 0664 (see 
test.txt file below)
Is this a bug or am I doing something wrong?

These are the commands I used:

chmod -R u+rwX,g+rwXs,o-rwx /pictures

setfacl -d -m u::rwx,g::rwx,o::--- /pictures

getfacl /pictures
getfacl: Removing leading '/' from absolute path names
# file: pictures
# owner: nfs01
# group: nfs01
# flags: -s-
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---

ls -latrh /pictures
total 4.0K
dr-xr-xr-x. 22 root  root  4.0K Nov  6 12:41 ..
drwxrws---+  2 nfs01 nfs01   21 Nov  6 13:10 Testing
-rw-rw-r--   1 nfs01 nfs010 Nov  6 13:44 test.txt
drwxrws---+  3 nfs01 nfs01   35 Nov  6 13:44 .

Cheers
Bill Maidment

Re: SNMP scanner?

2016-08-01 Thread Andrew C Aitchison


On Sun, 31 Jul 2016, ToddAndMargo wrote:


2016-08-01 8:23 GMT+03:00 ToddAndMargo :
  On 07/31/2016 10:15 PM, Jon Brinkmann wrote:
'nmap -sX 192.168.1.1-255 10.1-255.1-255.1-255 ...'?


  That is still scanning IP's over a range.  :'(



On 07/31/2016 10:42 PM, Eero Volotinen wrote:

Eh. Try scanning network: 192.168.1.0/25

Eero

That is still IP address dependent.  If there was two or three networks
on the same interface, it  would only scan the network.


A broadcast ping
ping -b 255.255.255.255
might get you some useful information, but 
I think you are looking for a "sniffer" rather than a "scanner".

Since you don't know what addresses you are interested in,
you can't sacan them. You need to listen/sniff for traffic
perhaps encouraging it first, which is what the btroadcast does.

The interface will need to be in "promiscuous" mode,
the right tool will do that for you provided you are root.

Re: Python 2.7 OS requirements

2016-07-31 Thread Andrew C Aitchison


On Sun, 31 Jul 2016, ~Stack~ wrote:


I have the exact same problem. Don't try to replace 2.6.6. It broke ALL
KINDS of things including RPM when I tried it...did not go well at all
(but a good learning experience! :-).

Here are three solutions:

1) Software Collections: https://www.softwarecollections.org/en/
Upside, A certain favored upstream vendor backs a lot of these packages
(just no support). Downside, they run in a special environment which can
be tricky depending on the application. It basically runs in a subshell
and that confuses my users at least



 Same with SCL. We use it elsewhere too, but
anything that the users have to interact with, we found they get
frustrated because of the weird subshell-environment it uses.


If your users are used to environment modules, the SCL pythons
can be made to work with those rather than SCL sub-shells
- here is our python27 module:

#%Module2013
#
# $Id: python27,v 1.2 2016/07/31 19:54:12 werdna Exp $
#

conflict python33

if [ file isfile /opt/rh/python27/root/usr/bin/python ] {
module-whatis "Loads python27"

set pythonroot /opt/rh/python27/root

prepend-path  PATH $pythonroot/usr/bin
prepend-path  LD_LIBRARY_PATH $pythonroot/usr/lib64
prepend-path  MANPATH $pythonroot/usr/share/man
# For systemtap
prepend-path  XDG_DATA_DIRS $pythonroot/usr/share
# For pkg-config
prepend-path  PKG_CONFIG_PATH $pythonroot/usr/lib64/pkgconfig
} else {
module-whatis "Python 27 not installed on this machine"
set helpmsg "Python 27 not installed on this machine"
if [ expr [ module-info mode load ] || [ module-info mode display ] ] {
# bring in new version
puts stderr "Python 27 not installed on [uname nodename]"
}
}


--
Andrew C Aitchison

Re: Python 2.7 OS requirements

2016-07-31 Thread Andrew C Aitchison


On Sat, 30 Jul 2016, P. Larry Nelson wrote:


Hi all,

Please don't shoot the questioner (me), as I have no experience with
Python, other than knowing "what" it is and that my SL6.8 systems have
version 2.6.6 installed.

I have been asked by one of our Professors that one of his grad students
apparently needs Python 2.7.x installed on our cluster (optimally in
/usr/local, which is an NFS mounted dir everywhere).




If the solution is indeed simple, I might proceed, otherwise, I'm
of a tendency to reply to the Professor and student, "No way - won't work."
I think the student probably has access to CERN systems that probably
have what he's looking for.


I see that Larry's requirement may have gone away, but for others
with the same request:

The slc6-scl "Software Collections Library" repo has a suite of packages
python27-* which can be installed alongside the system python 2.6.

They also have python33-* although those who want python3 may
want bleeding edge which is, IIRC, 3.4.something.
(Hmm bleeding edge is 3.6.0a3, latest is 3.5.2).

Re: Firefox 45.2 ETA ?

2016-06-17 Thread Andrew C Aitchison


Kevin and gang,

Thanks for releasing the firefox 45.2.0 security update.

Firefox 45.2 ETA ?

2016-06-15 Thread Andrew C Aitchison


I some problem holding up an SL release of Firefox 45.2.0 ESR ?

Red Hat released this critical security update almost a week ago:
https://rhn.redhat.com/errata/RHSA-2016-1217.html

Thanks,

Re: Need specific LaTeX utiliities for EL7

2016-06-15 Thread Andrew C Aitchison


On Tue, 14 Jun 2016, Yasha Karant wrote:


WYSIWYG (not LyX that produces LaTeX but internally is not LaTeX)?  Thus far,
I have not found such a WYSIWYG.


EPEL includs Kile
http://kile.sourceforge.net/
(possibly an abbreviation of KDE Integrated LaTeX Environment).

Re: Failure to update flash-plugin in SL7.2

2016-05-21 Thread Andrew C Aitchison


On Sat, 21 May 2016, John Pilkington wrote:

For the past 3 days I've had 'Yum: Failed to install updates' emails about 
this:


---> Package flash-plugin.x86_64 0:11.2.202.616-release will be updated
---> Package flash-plugin.x86_64 0:11.2.202.621-release will be an update

http://linuxdownload.adobe.com/linux/x86_64/flash-plugin-11.2.202.621-release.x86_64.rpm: 
[Errno 14] HTTP Error 404 - Not Found


I've done 'yum clean all' and 'yum check-update'

Firefox says I don't have permission to access the site.  Is it just me?


Which repo are you using ?

I'm on SL6 and both my existing adobe repo and the repo in the RPM 
package

https://get.adobe.com/flashplayer/download/?installer=Flash_Player_11.2_for_other_Linux_(YUM)_64-bit=1
(with baseurl=http://linuxdownload.adobe.com/linux/x86_64/ )
both still show version "11.2.202.616-release".

However on the page
  https://get.adobe.com/flashplayer/
if I select ".rpm for other linux", I do get
flash-plugin-11.2.202.621-release.x86_64.rpm
The link appears to be
https://fpdownload.adobe.com/get/flashplayer/pdc/11.2.202.621/flash-plugin-11.2.202.621-release.x86_64.rpm

Looks like Adobe have released the new rpm but not yet updated their 
yum repo.


--
Andrew C Aitchison

Re: Add another executable to update-alternatives java

2014-03-24 Thread Dr Andrew C Aitchison


On Sat, 22 Mar 2014, Joseph Areeda wrote:


On 03/22/2014 09:17 AM, Orion Poplawski wrote:

On 03/22/2014 07:44 AM, Joseph Areeda wrote:

Hi All,

My immediate problem is that the utility jar is not in my path and
update-alternatives --config java does not set up the symbolic link.  I
currently have /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java selected.
This is as installed.

Do you have java-1.7.0-openjdk-devel installed?  That is where jar lives.


Hi Orion,

My problem is not running jar, but rather switching between different JDK's. 
I have OpenJDK 6 and 7 and Oracle's 6 and 7 and use


update-alternatives --config java

to switch between them for testing.  Unfortunately I can't seem to convince 
everybody to use my favorite JDK ;-)


The problem is that the alternative setup in the RPMs is not complete.  jar, 
javadoc, javah and jstack are the ones I use the most which are are not 
there.


What I'm wondering is if I have to build the install sets from scratch or if 
there's a way to just slave files to existing sets?


Like Nico I'm wary of switching the default java machine-wide.

Instead of alternatives I suggest that you use either
scl-utils or environment-modules, both of which
allow you to change the default version of a command
within some (inherited) context, setting all necessary environment.

I prefer environment-modules (mostly because it updates the existing
shell rather than starting a new one with the altered state)
but Red Hat use scl-utils for some of the packages which they ship.

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

Re: Security advisory on java, how to update?

2013-11-21 Thread Dr Andrew C Aitchison


On Wed, 20 Nov 2013, Mark Stodola wrote:


On 11/20/2013 04:27 PM, ToddAndMargo wrote:

On 11/20/2013 01:50 PM, Chris Schanzle wrote:

On 11/20/2013 04:34 PM, ToddAndMargo wrote:

Hi All,

Just got a security advisory on java-1.6.0-openjdk (MDVSA-2013:266)
and java-1.7.0-openjdk (MDVSA-2013:267).

Went to try to upgrade it and can't figure out how.

# rpm -qa \*openjdk\*
java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64

How do you do a yum when the name has a moving target
(number) in the middle of the name?


The number in the middle of the name is either 1.6.0 (Java 6)
or 1.7.0 (Java 7). As long as you remember that there are two
they aren't really moving targets.



I did a yum whatprovides to see if they had another
name for it and that has numbers in it too.

Many thanks,
-T


$ rpm -qa --queryformat=%{name}\t%{version}\t%{release}\n '*openjdk*'
java-1.6.0-openjdk-devel 1.6.0.0 1.65.1.11.14.el6_4
java-1.6.0-openjdk-javadoc 1.6.0.0 1.65.1.11.14.el6_4
java-1.7.0-openjdk 1.7.0.45 2.4.3.2.el6_4
java-1.6.0-openjdk 1.6.0.0 1.65.1.11.14.el6_4


Would this work for you?
yum update java\*


Hi Chris,

Never thought of escaping the asterisk.

Apparently, we are still waiting on the fix action
to java.

Thank you!
-T

# yum --enablerepo=* upgrade java\*
Loaded plugins: priorities, refresh-packagekit, security
38 packages excluded due to repository priority protections
Setting up Upgrade Process
No Packages marked for Update


The security advisories you reference are for Mandriva.  Don't expect updated 
packages until TUV gets around to handling the underlying CVEs.  It also 
takes a small amount of time between TUV and Pat/Connie getting them built 
for SL.


Comparing 
http://www.mandriva.com/fr/support/security/advisories/advisory/MDVSA-2013:267/

and
  https://rhn.redhat.com/errata/RHSA-2013-1451.html
TUV and SL appear to have fixed these vunerabiliites in
java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4 and friends
(I haven't checked java-1.6.0... or SL5 but wouldn't be
surprised if they are fixed too).

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

RE: question about scipy

2013-10-30 Thread Dr Andrew C Aitchison


On Mon, 28 Oct 2013, Kraus, Dave (GE Healthcare) wrote:


Scipy came into TUV (and SL) in 6.4.


... and for 6.3 it is in epel.


-Original Message-
From: owner-scientific-linux-us...@listserv.fnal.gov 
[mailto:owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Ken Teh
Sent: Monday, October 28, 2013 4:13 PM
To: scientific-linux-users
Subject: question about scipy

I see we have numpy but no scipy.  I looked on the scipy home page; it 
describes scipy as an ecosystem of packages including numpy and matplotlib.  
What's the recipe for getting scipy?

For the moment I need numpy and matplotlib which I can install piecemeal.  But 
if I install the scipy stack from its home site will I run into problems with 
numpy and matplotlib?  Anyone tried installing just the scipy package from its 
home?

Thanks!



--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

Re: Google chrome stable 28.0 installation problem

2013-07-04 Thread Dr Andrew C Aitchison


On Thu, 4 Jul 2013, Yasha Karant wrote:

Unfortunately, I did not keep a copy of the last working Google chrome rpm 
(release 27).  Does anyone have a copy of the IA-32 version and the X86-64 
version?


I don't seem to have a 32bit version, but I've put two different
64bit releases of google-chrome-stable-27 in
https://www.dpmms.cam.ac.uk/~werdna/google-chrome/

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

Re: Flash and Chrome - was Re: FireFox Error

2013-04-03 Thread Dr Andrew C Aitchison


On Tue, 2 Apr 2013, Konstantin Olchanski wrote:


On Tue, Apr 02, 2013 at 10:09:45AM +0100, Dr Andrew C Aitchison wrote:


2) For those who haven't heard this, some links:
http://support.google.com/chrome/bin/answer.py?hl=en-GBanswer=95411


RHEL/SL/SLC are not listed at all. No announcement anywhere on google
about adding or dropping support for any specific version of RHEL/SL.


http://www.muktware.com/5203/google-says-red-hat-enterprise-linux-6-obsolete


Information at above link is factually incorrect.
Updates of google-chrome for SL6 have not stopped.

Latest update is google-chrome-stable-26.0.1410.43-189671.x86_64
with build date Thu Mar 21 12:41:44 2013.


Ever since I installed that version, google-chrome warns me that
it has stopped supporting this version of my operating system
- I'm running Scientific Linux release 6.3 (Carbon).

yum --enablerepo=google-chrome list does list
google-chrome-beta.x86_64   26.0.1410.43-189671  google-chrome
google-chrome-unstable.x86_64   27.0.1453.12-191631  google-chrome
so there may be more releases to come, but it is worth noting that
google-chrome-beta and google-chrome-stable are curently the same version.
The unstables are still being updated nightly (but is that a script on
auto-pilot?)

Updates may be continuing but Google *is* telling me,
in a very obvious way, that they have stopped

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

nfs+xfs - was Re: SL6.3 2.6.32-358.2.1.el6.x86_64 kernel panic

2013-03-18 Thread Dr Andrew C Aitchison


On Sun, 17 Mar 2013, Nico Kadel-Garcia wrote:


Also, *why* are you mixing xfs and nfs services in the same
envirnment? And what kind of NFS and XFS servers are you using?


Out of curiosity, why not ?

In theory the choice of disk filesystem and network file sharing
protocol should be independent.

How different is the practice ?

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

Re: java in firefox

2013-03-08 Thread Dr Andrew C Aitchison


On Thu, 7 Mar 2013, Yasha Karant wrote:

We have bioinformatics visualization applications that require a java plugin 
enabled web browser.   The only plugin from Oracle/Sun Java that works is:


URL:  http://java.com/en/download/linux_manual.jsp
Java Downloads for Linux
Recommended Version 7 Update 17

	Linux RPM filesize: 54.7 MB 	Instructions 	After installing 
Java, you will need to enable Java in your browser.

Linux filesize: 45.9 MB Instructions
Linux x64 * filesize: 44.6 MB   Instructions
	Linux x64 RPM * filesize: 52.8 MB 	Instructions32-bit version 
for Java applet and Java Web Start suppor

* Please use the 32-bit version for Java applet and Java Web Start support.

End quote from java.com


I think that is out of date

On my SL6.3 laptop, With the *64*bit 7u17 jdk rpm from oracle (
  http://www.oracle.com/technetwork/java/javase/downloads/index.html
follow the DOWNLOAD link and agree hthe licence)
and 64 bit firefox-17.0.3
 http://www.javatester.org/version.html says I'm running 
Jave Version: 1.7.0_17 from Oracle Corporation.


You may have to disable Iced-Tea in firefox/addons/plugins, but you
I didn't need to restart firefox to switch between the oracle and openjdk
java plugins.

--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
a.c.aitchi...@dpmms.cam.ac.uk   http://www.dpmms.cam.ac.uk/~werdna

77 matches

Mail list logo