documented sudo?
I'm transitioning some machines to SL7.x from ancient RHEL 5.x. I am encountering selinux, firewalld, systemd, and other command-line configured tools, which produce many little disconnected XML files, rather than the /etc configuration files I am used to. I put lots of comments with observations, intent, hints, helpful webpages, and other useful information in my config files, and use those comments to get up to speed years later, when I repair or upgrade those files. This is difficult to do with the *d command-line tools. I would expect there would be something like a "dodo" command, pronounced "dew-dew" (*), an abbreviation for "documented do". This would help document every sudo, timed and in context with every other dodo, per subsystem and in sequence. Syntax errors would be treated separately, FMM(**) corrections aided. This seems like an obvious help tool for sysadmin using the new config-file-free tools, so it probably exists. What is it called? If it does not exist, would someone please earn fame and fortune by writing it? Keith (*) dodo pronounced "dew-dew" indicates cognoscenti who've got their s**t together. Pronounced "doe-doe", like the extinct flightless bird, indicates a clueless newbie. I hope this is an additional incentive to snarky tool writers to write this for me. (**) FMM == frequently made mistakes . I tend to repeat typing errors and other brain-o's. If I make the same mistake a second time, perhaps months later, dodo could offer my prior correction. -- Keith Lofstrom kei...@keithl.com
Re: SL6, firefox, flash, and upgrade failures
(On) 2016-03-22 -0700 à (at) 10:03:03 Keith Lofstrom écrivit (wrote): -- > Is there a way to TURN OFF Firefox "flash is insecure" nagging, > or FORCE "Always Activate" when it is grayed out in about:addons? On Wed, 23 Mar 2016, Franchisseur Robert wrote: > I had the same issue and I put the following line in my > ~/.bash_logout > > \rm $HOME/.mozilla/firefox/X.default/pluginreg.dat On Wed, Mar 23, 2016 at 08:23:52AM +, Andrew C Aitchison wrote: > I am, however, uneasy about simply removing the file completely, as > that removes all the user's plugin customizations; so if they have > disabled any plugins they may be reenabled. Thanks for all the help! There's good people here :-) Andrew is right, there is a lot of config stuff in pluginreg.dat. Proverb: "don't throw the baby out with the bathwater." I'm trying a hack on one of the machines. I found these lines in pluginreg.dat: ... libflashplayer.so:$ /usr/lib/flash-plugin/libflashplayer.so:$ 11.2.202.577:$ 1456079269000:0:0:0:$ Shockwave Flash 11.2 r202:$ ... As an experiment, I changed "11.2.202.577" to "11.9.999.999", without changing anything else. Firefox and flash still run, and the flash player test on the Adobe website still reports 11.2.202.577 . Firefox about:addons reports 11.9.999.999 but does not complain about it. I'll report what happens when the next flash upgrade occurs, probably in a week or two, given Adobe's bug-churn rate. If everything still works, I will write a script that patches all the pluginreg.dat files it can locate, on all the machines (after backups, of course). Keith -- Keith Lofstrom kei...@keithl.com
SL6, firefox, flash, and upgrade failures
Is there a way to TURN OFF Firefox "flash is insecure" nagging, or FORCE "Always Activate" when it is grayed out in about:addons? I run 32 bit SL6.x on most of my machines, which means running the older enterprise version of Firefox. Three experimental machines are slowly being upgraded to 64 bit SL7.2, fixing legacy incompatabilities and gratuitious behavior changes before upgrading the rest. Google Chrome is no longer supported for 32 bits, and Google spyware is an issue anyway. One frustrating timesink is dealing frequent Adobe flash security upgrades and Firefox's failure to recognize that the upgrades have already occured on the SL6.x machines. For example, though a recent YUM update automatically updated /usr/lib/flash-plugin/libflashplayer.so from 11.2.202.569 to 11.2.202.577, Firefox insists the plugin is still at 569. The only way I've found to fix that is to: 1) Stop all running instances of Firefox in all windows 2) yum erase flash-plugin 3) start Firefox (it recognizes that flash is gone) 4) stop Firefox 5) yum install flash-plugin 6) restart Firefox (recognizing the new flash version) This takes about 10 minutes per machine (mostly (1), mostly documenting browser state), and occurs about once a month. Somewhere in the code, Firefox is asking some server about the latest version of Firefox and flash (more spyware) but not actually detecting the running version of flash. I don't expect the Firefox team to fix this ( they say "use the latest version of mainline Firefox, use a newer distro, buy newer machines" - personal conversations with Firefox team members), so it may be up to us to fix this. Hopefully there is a configuration option that turns off the spyware. Perhaps we zero out the internet address used by the spyware (which seems like a gaping security hole anyway). We are blessed with reliable distro updates, we don't need Firefox nagging. I am upgrading to 7.2 mostly to push out the date of the reemergence of similar sociopathic nonsense, but the Firefox team will probably make more incompatible library changes in the future that require enterprise Firefox versions for 7.x, which they will subsequently fail to properly support. How can we protect and extend the functional lifetime of our longterm-supported distro, so we can focus on productive work? Keith -- Keith Lofstrom kei...@keithl.com
RHEL 5/6/7 "rosetta stone"
"W.L." provided this URL, for a poster that shows commonly used commands for RHEL 5, 6, and 7: https://access.redhat.com/sites/default/files/attachments/rhel_5_6_7_cheatsheet_27x36_1014_jcs_web.pdf It is a large poster (approaching the Rosetta Stone in size), but it is very useful for understanding what's what in RHEL7. This, plus the man pages for the tools, is a good approximation of what I was asking for. Reducing it to manageable size might involve: 1) Using Imagemagick "convert" with increased density to convert the image into a huge png. 2) Using "gimp" to move chunks of the image around, then crop them into 4 page size png images. 3) Using "convert" again to make a 4 page pdf out of those images. This may be a violation of copyright, so I would never ever EVER do this. If copies of a 4 page rhel pdf ever show up in your mailbox, do the right thing with them. Keith -- Keith Lofstrom kei...@keithl.com
SL6 to SL7 transition guides?
Is there a transition guide from 4,5,6 distros to 7 distros? Something like "if you used to do XXX with init, this is how to do XXXd with systemd", for all the bits of the distro that made large behavioral changes with RHEL7/CENTOS7/SL7 ? The transition from SL6x to SL7x is challenging for those of us who set up our Linux environments with init, Gnome2, etc. years ago and copied them mostly intact from distro to distro (and turned off selinux, which was easier than learning it). I accept that with SL7 I must learn systemd, selinux, new versions of applications such as firefox, evince instead of acrobat, and how to compile and maintain mate because gnome3 designers favor glitz over preserving procedural workflows. The sparse documentation I've seen explains RHEL7 in terms of itself, not in terms of transitions, especially for applications added by customers on top of the distro. The libraries changed also, so I will be porting, rewriting, even abandoning some of those applications. As much work as this is, it is better to do it now, before more applications are added. So - are there any documents, useful magazine articles, websites, that make the transition less difficult, that explain how to redesign procedures and port applications? Keith P.S. Getting angry and vengeful is tempting but not productive. Decades ago I worked for Tektronix, when the flagship 7000 series of oscilloscopes was replaced by the new and very different 11000 series. Sales of both series plunged when customers realized that Tektronix would not support their workflows in the future, and bought predictable lab and production instrumentation elsewhere. I wonder if a similar sales plunge is happening at Redhat now? I had such hopes for Ubuntu/Canonical, but they have the same disease. -- Keith Lofstrom kei...@keithl.com
Which version of OpenACC?
I will mentor a physics student this year, making some numerical models of diverse physics problems. Since I looked a couple of years ago, a few semi-complete F/OSS implementations of OpenACC have appeared. Does anyone here use OpenACC? Which of the implementations is most promising? I hope we can use a toolset that will improve and be supported for a while, hopefully lasting through the student's graduate school years and beyond. Keith -- Keith Lofstrom kei...@keithl.com
Tutorial for SL7 X
Where are the best X tutorials, howtos, user forums? I have a pesky and seemingly unlogged intermittent display error with SL7 and Intel HD graphics controller. X has worked out-of-the-box for years, so I've forgotten how to debug it. The arrangements of config files is different for Xorg 1.15.0 than what I vaguely remember (xorg.conf is not a file, Xorg.0.log doesn't tell me what modeline is actually being used, etc.). Without getting into the details (yet), I should learn how X works in 2015 so I can ask intelligent questions in the right forums. Google is becoming useless for literal search queries, so I'll ask you folks where the best websites and howtos are to spend perhaps eight hours reading, so I can get some sense of how SL7 X should be configured, how to turn on debug logging, how to force modelines (like a lower refresh rate), etc. After I've learned and experimented and taken notes and failed some more, I'll come back with frustrating questions; or else I'll report a solution or two to help others. Thanks, Keith Software: it works because we say it works. We don't need no stinking testing. -- Keith Lofstrom kei...@keithl.com
systemd - resolved for me
Without repeating all of Vladimir's message, he resolved my questions pretty well. There's no doubt that systemd is different, and I'll need to learn new ideas to use it safely and effectively, but unlike UI changes, systemd appears to expand capabilities overall, without upsetting my daily usage. I do have a lot to learn, though, and I learn more slowly these days, so I'll be looking at lots of tutorials and howtos and checklists before I find some I can understand. I apologize for the word "brainfart" - this is an international list and humor doesn't often translate. Keith -- Keith Lofstrom kei...@keithl.com
64 bit VME SBC
On Mon, Dec 22, 2014 at 01:15:43PM -0800, Konstantin Olchanski wrote: > ... > Upgrading to new hardware depends on the depth of your pockets of course, > but we also see technical problems - some new 2GHz+ 64-bit SBCs overwhelm > power supplies originally built to run 0.1GHz motorola 68020 SBCs. > ... No low power 64 bit SBCs? This sounds like a market opportunity! Modern deep-submicron processes permit both very fast (Intel i7) and very low power (Atom) processors, the latter preferable when power and cooling is limited. I am preparing a Zotac ZBOX small computer with SL7 for my wife's office; 64 bit dual core Atom, 5600 "bogomips", two displays, terabyte HD, 8 GB RAM ... all drawing 9 to 14 watts. $220 for ZBOX and addons from newegg. It has a cheap low-speed fan, but I can't hear it running. Noctua.at makes the lowest noise fans. I don't know if an FPGA can drive a VME backplane, but those have evolved towards lower power per gate-MHz, too. With all those extra gates, and live reconfiguration, a VME board could have BIST (built in self test) capabilities for on-line failure detection and debug. If there is sufficient demand for a quiet low-power VME SBC replacement, I know consultants who can design one. Bringing this back on topic, if it can be further optimized by kernel modules, I can think of a distro that could support them... Keith -- Keith Lofstrom kei...@keithl.com
Open Tech laptops
FYI - and perhaps straying back vaguely towards on-topic - is this open technology "laptop" project: https://www.crowdsupply.com/kosagi/novena-open-laptop This is not yet a durable road-warrior device, but perhaps it can evolve towards an excellent platform for experimental lab hardware. It won't run x86 code like the compiled SL distro, but source can be recompiled, and the modular design can accept a substitute low power x86 board using and Intel Atom or AMD Geode. Just in case, I'm stashing some surplus keyboards with trackpoint. Keith -- Keith Lofstrom kei...@keithl.com
Re: Longest LTS - still SL/RHEL?
On Tue, Dec 16, 2014 at 09:55:19AM +0100, Karel Lang AFD wrote: > If I might ask, why do you need 32b for T61? I run 6yrs old > R61 and I run 64b on it from the start. > I'm not sure about T60, but it had 64b CPUs ready too? This is a helpful thought. The T60 laptops are Socket M. Although the T60 I first tested SL7 on silently failed, it had a T2500 Core Duo processor, 32 bits. I just scrounged up a T7200 Core *2* Duo processor, 64 bits, and installed it in that T60. SL7 is installing on that machine now. I just ordered some allegedly new T7200s for $8 each, and those (plus spare complete laptops, and spare screens, fans, AC adapters, docking cradles, and keyboards) should last my wife and I until our brains shrivel. I'll occasionally test with the latest Fedora Live distro for early warning of future incompatibility. The T7600 is 16% faster, but 6x more expensive, and probably burns more power. The T7200 seems the lowest risk. The batteries will die soonest, but we should be able to get the old batteries refurbished with new cells (there are companies that do this for power tools). After that, electromigration of copper up through gold plating on connectors, then oxidation, will doom these machines. And who knows? After everyone has bought their wide screen (AKA vertically challenged) laptops, manufacturers will probably start pushing tall screens again. Or headmounts. Or brain implants. The current fad is bigger and bigger handhelds with asymptotically vanishing sound quality - laptops will become popular again in order to make voice telephone calls. Keith -- Keith Lofstrom kei...@keithl.com
Re: Longest LTS - still SL/RHEL?
On Mon, Dec 15, 2014 at 04:46:29PM +0100, Karel Lang AFD wrote: > The laptops you talk about are 6+ yrs old now ... will be 12yrs then. > After that its museum piece :]. Again - the reason for 32 bit is not that I cherish old CPUs with inadequate RAM - but that I am currently looking at a 15 inch diagonal (12x9 inch) 2048x1536 matt finish screen on a laptop, and such useful screens are no longer made. Indeed, I start with 1600x1200 production laptops and replace the displays with ultra-high resolution NEC prototypes that some friends and I bought when Microsoft refused to support them. They just happen to fit the T60 after some firmware hacking. Production laptops are now made for watching movies and playing games when the boss isn't looking. I do crazy stuff like write A or A4 size papers, construct high resolution graphs, and fill screens with lots of xterms with beautifully rendered text. Chromebook is interesting, but the screen is small and my visual acuity is decreasing. I guess that makes me a museum piece, too. :-) There is a promising local startup that hopes to custom build laptops, using a kit of plug-together boards fit into a 3D-printed case (!!!). But I don't understand how they will survive, much less where I will find more 12x9 inch LCDs in the future. That is why I stockpiled what I have, and accept reduced rendering speed. And that is why I ask here; if anybody runs old machines for compatibility reasons, it would be experimental scientists running multi-year data collections. Perhaps scientists doing very high resolution imaging. There appear to be Thinkpad T60s deployed all over the International Space Station in the pictures I've seen. Yet another museum piece ... Keith -- Keith Lofstrom kei...@keithl.com
Longest LTS - still SL/RHEL?
I was sad to learn that there will not be a 32 bit version of SL7 / RHEL7 . I run older T60 laptops with 3x4 aspect ratio screens, and have a stockpile of spares and screens and keyboards that should last a long time. I dislike "runt screen" AKA wide screen displays. However, my venerable laptops use 32 bit processors. I hope to have enough 3x4 goodness to last as long as I do, and machines that will keep working for my wife (and her business) who will likely outlive me. However, Redhat stops providing security support of the 6 series of distros after 2023. I love the SL community, and would love to keep upgrading SL distros forever, and also keep using the old 32 bit machines, but it appears that I must give up one or the other soon, or deal with some big changes when I no longer have the ability to adapt to them. Are there other distros with even longer LTS policies than SL and RHEL? Is there some way to keep supporting SL6x with security updates long after RH stops providing them? Some in our community may have built measurement systems around 32 bit CPUs that must keep collecting data far into the future - what is the plan? Keith -- Keith Lofstrom kei...@kl-ic.com
PCIe to USB3 cards, test results
No problems, instead a hardware review that might help. I use two machines as servers, one acts as an offsite hot spare for the other. They have external Seagate USB3 drives for backups, and connect through PCIe to USB3 interface cards. After good luck with a Plugable card that is no longer made, and bad luck with a BYTECC card that should never have been made, I ordered a couple of cards from Newegg to see which one works better with my ancient RHEL 6 linux (2.6.32 kernel) and mobos. The winner is a Siig JU-P40212-S1, $30 from Newegg (on sale? and free shipping - "7 day egg saver" was one day from so.Cal. to Oregon). TI chipset, xhci driver. More information at http://wiki.keithl.com/USB3Test Keith P.S. Yes, I know the Seagate externals are unreliable. But they are cheap and 8 watts and fast, and two of them on separate wall warts is more survivable than an internal drive sharing the same power supply as a drive I want to back up. I plan to power them through a USB-controlled power switch, so they are powered off and inaccessable and difficult to hack when I am not actively using one of them at a time, ping-pong alternate days. What, me paranoid? -- Keith Lofstrom kei...@keithl.com
Re: DICOM medical image display?
On Mon, Mar 17, 2014 at 08:17:11AM +0100, Francesco M. Taurino wrote: > ginkgo cadx works flawlessly on sl6, on 32 and 64 bit pcs. > it's an open source project, but if you need, there is also > a certified version for diagnostic use: > > http://ginkgo-cadx.com/en/ Thanks, Francesco! I saw ginkgo - perhaps I am missing something, but I only found free binaries for Windoze, binaries for Win/Mac/Linux, and open source only for Mac. Maybe there is a way to compile Mac sources without Cocoa and other Mac-only libraries, but that seemed like too much to tackle. Since my last posting, I found more programs that didn't work, and some free open source tools that /actually do work/. http://xmedcon.sourceforge.net displays some of the images I have (using gtk), while http://www.dclunie.com/dicom3tools.html translates many different versions of DICOM to standard image formats like PNG. I used the latter to look at some Siemens/Acuson ultrasound images that choked xmedcon. I've barely scratched the surface of either tool. Fedora 17+, and someday SL7 will be able to run versions of GIMP and ImageMagick that can convert some DICOM images. My wife's clinic runs the Open EMR medical records software (on SL6 of course), and we are customizing/optimizing it to meet the needs of her unique patients. http://www.open-emr.org Incorporating images in the charts, exporting images with explanations on the patient portal, this will take a long time to get working, but eventually we will automatically construct secure patient documents on the EL6-derived outside server, as well as export information for research studies for those patients who choose to opt in to them. Someday, the biggest science use of Scientific Linux will be bioscience. Keith -- Keith Lofstrom kei...@keithl.com
DICOM medical image display?
Any SL6.x 32 bit users with a known-good viewer for DICOM (.dcm, .dicom) medical images? I've downloaded many different source packages, and they fail to compile with SL6 libraries, or fail to work properly, at least with the 3 known-good image sets I have. I can install a Fedora guest under virtualbox, there are programs tuned to various older or newer distros than ours, but I prefer to run natively. Keith -- Keith Lofstrom kei...@keithl.com
Upgrading kernel only from SL5.6 to SL6.2
I'm running S.L. 5.6 on a few machines, and have grown somewhat dependent on it. However, there are features in the kernel that comes with 6.2 (like USB3) which I would like to have. Is it possible to upgrade just the kernel and associated modules and "miscellaneous"? I assume this is tricky, and fraught with dangers, and the usual cautions (make backups, work on a copy of the disk, tweak yum updates so they won't regress the 2.6.32 kernel, etc) apply. For now, I just want to know whether this is worthy of further consideration, or instead I should set aside a few weeks to upgrade everything then rebuild a lot of poorly written custom apps. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Bluetooth tutorials, websites, ?
I am experimenting with bluetooth with SL5.4 (yes, I know it is not the latest) and having trouble locating relevant tutorials, documentation, etc. on the web. Most linux bluetooth info is missing, out of date, KDE/debian/ubuntu centric, etc. Bluetooth may "just work" if the hardware is right. But a list of currently available and linux compatable USB bluetooth dongles is also missing. For example, the iogear GBU421 I just bought has a different USB ID than that claimed to work on one of the linux USB device lists. Any suggestions for RHEL/SL/CentOS 5 linux bluetooth docs, tutorials, interpretation of error messages, etc? When I've read the relevant information, I can start asking proper questions. Keith PS: And no, I'm not going to upgrade SL until I have a month to do so. I use too many fragile apps that are broken by upgrades and dependency conflicts, and fixing them takes time. If I wanted to spend my life upgrading distros instead of doing something productive, I would run Fedora. -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Slightly OT - nVidia for scientific computation
The nVidia graphics card coprocessors with the closed-but-zero-cost CUDA programming language are a cheap way to buy a few teraflops of single precision array computation. I am considering some of those for some nanoparticle surface bombardment calculations, and also for some phased array antenna calculations. The learning curve looks steep, though. Is anyone on this list familiar with these? Are there repositories of open source example tools, calculations, discussion lists, etc? And (hope against hope) is there an open source replacement for CUDA out there? Other suggestions to lower the learning curve? Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Gnome panel missing after glibc update on 6th of April (3)
On Thu, Apr 07, 2011 at 04:56:11PM +0200, Haendel Kristina wrote: > our automatic nightly yum update has loaded glibc 2.5-58. > Since this morning, some users on some machines sometimes (I can't say > It more clear) have no gnome panel. The following is not a proper repair, but after some hours of trying a few things, I am back to a working panel and desktop. The problem appears to be the improperly tested update to glibc-2.5.58. I used rpmbone to find and download the following rpms in a directory ( ~/downloads/glibc for me ): glibc-2.5-49.el5_5.7.i386.rpm glibc-common-2.5-49.el5_5.7.i386.rpm glibc-devel-2.5-49.el5_5.7.i386.rpm glibc-headers-2.5-49.el5_5.7.i386.rpm nscd-2.5-49.el5_5.7.i386.rpm I used rpm --oldpackage -Uvh * to install these. However, some of my personal gnome .directories were still messed up. I use dirvish for backups, so I went to my April 4th nightly image, and restored the data from these directories: .gconf/ .gconfd/ .gnome2/ .metacity/ .nautilus/ I don't know which of those was actually needed, but I liked my desktop on April 4 a lot better than this morning, so I removed and replaced all those recently changed directories on my machine. I hope someone can tell us what files really need changing, and what can be left as-is. Now to do that to a few other broken machines, and to turn off updates for glibc and nscd until a better update comes along, by adding this line to /etc/yum.conf: exclude glibc* nscd* While I realize that I may lose some security protection this way, it is better to run insecure than to not be able to work. I hope I don't have to wait long before we get a new update that actually works: Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
compiling gnuplot, using libgd
Has anyone here compiled gnuplot from source? Does anyone use libgd, used by gnuplot to make .png files? With www.libgd.org down (and unattended to since 2007), I'm worried that these tools will start to suffer from dependency rot. I hope to compile some static versions. The problems encountered so far are beyond my current skills. I can describe the problems in more detail off the list. My major concern is that many on this list may be using these tools, and there may be problems with them in the future. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Firefox 4 - apology
On Sat, Mar 26, 2011 at 01:42:20AM -0700, Keith Lofstrom wrote: > The firefox developers, in their reciprocally infinite wisdom, ... > Or perhaps the firefox developers should be encouraged (with > red hot encouragement irons) to support the older library, > and proper upgrades. Abandoning millions of Linux users > who want long term support is ... Microsoft-ish. > > Grump, growl. That was uncalled for, and I apologize to the firefox developers. They are doing good things in a global software ecosystem which places little value on standards compliance, complexity management, backwards compatability, or rigor. They are competing with M$ eructations that are fast because they skip the code checks. In such a dangerous environment, survival can depend on abandoning the old and the weak, and not looking back. Perhaps I need another piece of code which automatically holds any email sent after midnight until I've confirmed it 8 hours later. That would help with sleep-deprived oropedal insertion, and might be helpful for security, too. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5, Firefox 4 and libstdc++
The firefox developers, in their reciprocally infinite wisdom, are pushing Firefox 4, which requires libstdc++.so.6 with GLIBCXX_3.4.9 . The available libstdc++.i386 0:4.1.2-50.el5 RPM contains only GLIBCXX_3.4.8 . You can read more about it here: http://forums.mozillazine.org/viewtopic.php?f=23&t=2075033 The mozillazine moderator helpfully reminds us that our distribution, though upgraded late last year, is out of date. The moderator needs an attitude adjustment. The hack mentioned (installing a newer version of libstdc++ in the firefox4 directory) doesn't seem very upgradable. It is also not complete - in the binary directory (I've put mine at /opt/firefox) you not only need to add the libstdc++.so.6.0.10, you also must softlink it to libstdc++.so.6 so firefox can see it. Firefox 4 also can't find my firefox 3.6x passwords, customizations, etc. Back to 3.6.16 for now. 3.6.15 currently launches a security nag box to upgrade to 3.6.16, but that gets redirected to 4.0 at the firefox website. 3.6.16 is hidden here: /pub/mozilla.org/firefox/releases/3.6.16/linux-i686/en-US/ Given the way they've structured things, there may not be a 3.6.17 and subsequent security upgrades. So ... what to do? Perhaps SL4x and SL5x need a mildly hacked version of Firefox 4 with the included library. Adding to the maintenance effort for SL, sigh. Perhaps T.U.V. will do this. Or perhaps the firefox developers should be encouraged (with red hot encouragement irons) to support the older library, and proper upgrades. Abandoning millions of Linux users who want long term support is ... Microsoft-ish. Grump, growl. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
yum update, exclude single files?
I know how to exclude packages from automatic yum updates, but how do I exclude single files? In this case, /etc/X11/xorg.conf . I am using the fglrx driver, which although closed source (sigh) is about 20x faster (glxgears) than the open source r500 driver for ATI graphics chips. The update package for x11 wants to update xorg.conf for me, and force me to use r500, bless its pointy little head. I can probably set xorg.conf to read only and chattr it to immutable, but yum might get vexed, now or after some future update of yum itself. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Apache httpd.conf and extra modules
SL (and I presume the upstream distro) ships with an Apache httpd.conf file that loads something like 60 modules. The windows philosophy - throw in everything rather than risk a tech support question about something obscure that doesn't work. Ivan Ristic's book "Apache Security" points out that every unneeded module opens a potential security hole. I run almost a dozen virtual websites on my server, with wikis, mailing lists, password-accessed web pages, subversion, redirects, rewrites, and many other features, yet I was able to reduce the number of loaded modules down to 17 (and possibly 13, if I remove a seldom used webapp that uses caching). I don't know for sure that apache is faster or more secure after the slim-down, but I feel better. :-) I won't reveal to the world (and evildoers) what modules I am still using, but those interested can contact me off the list. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Fixed T60 slow ultrabay problem
Not a problem, but perhaps this will help someone else. Background: My Thinkpad T60 has a 500GB SATA drive. When I travel with it, I bring along an identical 500GB drive in an Ultrabay swap tray for backups. I could dd copy the main drive to the swap drive in about 3 hours, overnight. Then something went wrong. On the last trip, it took >4 days. hdparm -t for the main drive is 50MB/s . The Ultrabay drive ran at an abysmal 1.3MB/s. I could not set dma mode with hdparm -d1 . After some failed debugging, I ordered a SATA enclosure and Expressbus SATA card, which will arrive today. Last night, I found the problem. The BIOS settings for the SATA controller somehow got changed from AHCI mode to Compatability mode. When I set the BIOS to AHCI, hdparm -t went back to 79MB/sec. Back to 3 hours. Some windoze folks have problems with AHCI unless they load the right Intel drivers. So the default is Compatability mode, even if it makes the Ultrabay slow as hell. BTW, the T60 Ultrabay actually has a PATA interface, and the swap tray has a translator chip to SATA in it. Kludge! The newer Thinkpads feed both SATA and PATA to the Ultrabay, IIRC. I expect the SATAII connection will be quite a bit faster, since I will be using different buses to stream the data from drive to drive. But since the goal was to back up the drive overnight when travelling, shaving the time under 3 hours is not an urgent need. Maybe faster will be needful when I upgrade to >1TB laptop drives, though I'm using "only" 140GB now. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Problems with external monitor
On Sun, Sep 19, 2010 at 05:28:28PM +0200, Elio Fabri wrote: > Hi, I own an old notebook (ASUS A2 series) with installed Red Hat 9 and > SL 5.4. > With SL I have problems driving external monitors, whereas Red Hat never > gave problems. x.org went through some changes in how it talks to some chipsets, and how it detects monitor hotplugging. Unfortunately, RHEL5 was frozen in the middle of this transition, and some chipsets suffer, such as that in my older Thinkpad T30. One painful method that usually works on the T30 is to reboot with the projector attached. Before SL5, hotplug would Just Work. I hope SL6 will Just Work, like recent versions of Ubuntu do. With my newer T60, and the fglrx driver, I can enable the screen with xrandr . I have a 2048x1536 screen, and I need to set it to 1024x768 mode for the 1024x768 projector to work right with that driver (which only does windowing, not resizing, and only does mouse pan). The next step, after you get some functionality, is dealing with some kinds of video, which may render as a black rectangle on the projector, depending on the driver. After that, rendering speed. I use lots of full screen flash animations in my web-based presentations ( see http://server-sky.com/wydiwys ) and spend a lot of time tweaking compression and frame rates. Since RHEL (and therefore SL) is targeted for servers, insufficent effort was spent making video on laptops work right. Still, it can be fixed, with research and tweaking. The other advantages of SL make up for the extra laptop setup time. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Anybody else at OSCON?
OSCON is back in Portland this week. I'm presenting on Friday. Any other Scientific Linux folk there? Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Off topic - Server sky presentations, Fermilabs, CERN?
Off topic, but: I mentioned my current project, Server Sky http://server-sky.com on this list about a year ago. Data centers in orbit, powered by space solar energy. I give many presentations these days, at conferences, companies, and scientific labs. I will be presenting at a space conference in Chicago at the end of May, and would be glad to present at Fermilabs if someone there can sponsor a seminar. Later in the year, I expect to attend some meetings in Geneva Switzerland and could present at CERN or ETHZ if that is of interest. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
forwarded: [PLUG] spamassassin or spamass-milter exploit
The following may indicate a security hole. Paul is a competent fellow, so I'm taking this seriously. Perhaps somebody more competent than both of us has a more informed opinion. Keith - Forwarded message from Paul Heinlein - This is a heads-up that there might be an actively exploited vulnerability in either the spamassassin or spamass-milter package. I'm still unsure where the problem lies, but here's what I know. The system described below runs x86_64 release of CentOS 5.4. SELinux was, at the time, in Permissive mode. The packages involved, as far as I can tell, are * spamassassin-3.2.5-1.el5.rf (rpmforge) * spamass-milter-0.3.1-1.el5.rf (rpmforge) * sendmail-8.13.8-2.el5 (centos) Mar 15 05:47 (times are PDT): Several messages arrived with suspicious recipients: http://61.100.185.177/busy-1.php";> http://61.100.185.177/busy-2.php";> http://61.100.185.177/busy-3.php";> Sendmail recognized the addresses as syntactically evil, but a process running under the spamass_milter_t context ran wget, GET, and curl and connected to the IP address in the addresses above. The file(s) downloaded by these processes executed a shell script. It did several things, the highlights of which are 1. It downloaded, uncompressed, and untar-ed a file named xS.tar.gz. The resulting directory name was /xS. 2. It tried to add a unix group and user named "sshd"; the attempt failed, probably because there's already an sshd user and group on the system. 3. It installed 32-bit Linux executables in place of /usr/bin/ssh and /usr/sbin/sshd. The new executables were dynamically linked against a small number of libraries, but most of the supporting libraries had been compiled directly into the applications. 4. It installed a minimal /etc/ssh/sshd_config and an empty /etc/ssh/ssh_config. 5. After verifying that sshd was in the process table, it removed the /xS directory. 6. It created an empty file name /dev/devno 7. It restarted sshd using /sbin/service Again, this was all done under the spamass_milter_t security context. I don't know enough about the sendmail <-> spamass-milter <-> spamd pipeline to have a definitive idea about what application misparsed the piped e-mail addresses and executed them. I saw the attack again this morning, but by then I'd cleaned things up and gotten SELinux back into Enforcing mode, which prevented the exploit from working again. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ - End forwarded message ----- -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Foomatic, HP2600n, foo2hp driver
I recently added a second color printer. Unlike my HP2605dn, the HP2600n does not offer Postscript, but is a glorified winprinter using the Zenographics ZjStream protocol. The best driver is the foo2hp at http://foo2hp.rkkda.com/ . I compiled and ran it on one of my SL5 systems. I also upgraded ghostscript to version 8.70 (in /usr/local/bin ) for the best rendering. There was a problem - the foo2hp PPD file has options for vertically offsetting the CMY colors relative to black, between plus or minus 100 lines, 1/6 of an inch. With the SL5 version of foomatic, that works for all nonzero offsets, but it turns an offset of zero into an offset of -100 lines. The same code and PPD does work on Ubuntu Hardy - the difference seems to be foomatic. Replacing foomatic in SL5 is problematic - if it gets an automatic update, I lose the fix. I may want other features of the upgrade, if there is a security fix, for instance. The easiest thing to do was to hack a new and simplified version of the PPD file. I took out the entire Group describing the offsets, then reconfigured the printer. If I need offsets for some bizarre reason, I can still use the original driver. For more information, see my wiki: http://wiki.keithl.com/index.cgi?foo2hp and the foo2hp forum: http://foo2zjs.rkkda.com/forum/read.php?5,2446,2455 Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
spamassassin bug
OK, so I haven't upgraded spamassassin for a while, just distro updates. I just learned it has been throwing out many emails dated 2010 . Fortunately, there is an easy fix: In /usr/share/spamassassin/72_active.cf : --- ##{ FH_DATE_PAST_20XX header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]^M describe FH_DATE_PAST_20XX The date is grossly in the future.^M ##} FH_DATE_PAST_20XX --- The header line should be: --- header FH_DATE_PAST_20XX Date =~ /20[0-9][0-9]/ [if-unset: 2006]^M --- No time to do much more with that; if someone else wants to track this down, see how prevalent it is, submit a bug report, etc. that would help us all. I've got about 8 days of unanswered emails to deal with! Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: any record of SL working on asus eeepc?
On Wed, Dec 30, 2009 at 11:20:57AM -0300, feddds wrote: > One issue remaining is to make SL run on my asus eeepc. Anyone tried? > Would SL boot from usb-drive on this type of machine? Don't know about the USB drive. I run SL5 on a eeePC "Box", the desktop/screenback version of the device. I recall jumping through some hoops getting the intel video driver working with a 1400x1050 screen. I also opened the box (voiding the warranty) to add RAM and a larger hard drive. Other than that, no problems. I attached two "boxes" on the back of my wife's LCD monitor at work, with a DVI video switch. One box runs WinXP and is disconnected from everything except the peripherals and a USB backup drive. Used for medical dictation with Dragon Naturally Speaking. The other box runs SL5 and connects to the world, the VPN, etc. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
QXGA laptop upgrade
I recently purchased a slightly-used Thinkpad T60 laptop with a 15 inch standard screen, and upgraded the display to a QXGA ( 2048x1536 ) screen. 0.15mm pixels, slightly smaller than an iPhone . Very crisp characters in the xterms. Still learning how to set some things up. Many apps are not designed to work with such high resolution or with "large" fonts. Firefox gets confused, and sometimes the display is slow with webapps like Google Maps. Opera renders better, but has many other issues. I run the machine in 1024x768 double-pixel mode to work with my computer projector. I set up a separate user account to do that, so it does not mess up my usual desktop. The upgrade instructions I followed are here: http://www.thinkwiki.org/wiki/Installing_a_QXGA_display_in_a_R/T60_or_61 The instructions use the Windoze app "Powerstrip" to rewrite the EDID nvram in the display, and require getting a secret password from the app vendor. Thinkpads require special EDID codes. Perhaps one of the I2Ctools will do the rewrite, but the documentation is poor and I did not have time to figure out what to do. After brief windoze pollution, the machine is running SL5.4 now. If anyone has suggestions for using I2Ctools on the next one I build, or speeding up the radeon driver, or wants help building their own Frankenstein QXGA T60, please contact me. Hopefully, the T60s will last until business users realize they've been defrauded by "wide" (that is, vertically reduced) displays, and demand that manufacturers start making standard-sized displays again. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Top 500 - why no SL?
I'm at SC09 this week. Awesome hardware, awesome people. The Top500 for the month was announced, Linux runs on 446+ of them, no surprise there. What is a surprise is the nonappearance of Scientific Linux on this list: http://www.top500.org/stats/list/34/os I would assume SL would be running on many, if not most, of the big iron X86 array systems. I would also assume more celebrity SL deployments means more funding for our heros at Fermi. Is this a "don't ask, don't tell" thing? Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Supercomputing 09 in Portland
Supercomputing'09 is at the Oregon Convention Center in Portland next week ( Nov 14-21 ). I won't be at the whole conference, but I have an exhibits pass and may attempt to organize an offsite BOF or two. I'm local and have a car. The Portland Linux/Unix group has two events of note that week: (1) Linux Clinic, Sunday 1PM at Free Geek ( http://freegeek.org ) Helping folks with Linux problems, RH/SL/Fedora or Ubuntu . (2) PLUG Advanced Topics, Thursday 630PM at Club 915 . I haven't heard who the speaker is yet - perhaps we will host an SC09 BOF or two. If either event sounds interesting, or you just want to hang out and discuss SL, contact me. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Hardware change. SL5/5.3? 32/64?
I'm upgrading desktop hardware from a 2003 P4/1GB/PATA SL5.0 system to a new mobo (Intel DG43NB ) with 4GB and SATA drives and a low-end Core duo . The new case will be an Antec Sonata silent case. Reasons for upgrade include quiet, power savings, a bit more speed, and escaping RAMBUS memory size limits. This machine manages mail and backups, and is the general purpose desktop. I use other machines (running 64 bit) for big numerical jobs, so I don't need to maximize speed. I have full image backups of the old machine. 1) I will probably stay with the 32 bit distro - 64 bits is a little faster but a hassle. I also have a lot of custom apps in /opt and /usr/local, some of which could get broken by the switchover. But if 64 bits is much better and the migration is easier than I fear, I can make the change. Suggestions? 2) I am torn between installing 5.0 (with updates) and 5.3 . If I do 5.0, then I can just use the live CD and rsync my changes from the old machine on top of the new one, plus or minus fiddling. I'm not sure I get away with that for 5.3 . Suggestions? 3) The old machine uses LVM. I've never been fond of LVM, and I am considering making the new machine use straight ext3 . But I imagine the transition will be error prone. If the live CD can work with the LVM partitions on the new machine, I will probably just leave well enough alone. Otherwise, I will need to do surgery, and I'm not sure what to change besides grub menus and /etc/fstab (which I have to do anyway, from hd to sd for SATA). Suggestions? BTW, the DG43NB has GB ethernet, but needs a new driver module from Intel. I will start out by turning off the onboard ethernet, and use an old PCI 100MB ethernet board instead, during the transition. After things are working properly, I will compile and add the new module. Everything else seems to work. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Fwd: CentOS Project Administrator Goes AWOL
This affects us. Imagine that all the CentOS users show up to use Scientific Linux. Imagine all their maintainers and developers show up, too. Keith forwarded message --- (http://linux.slashdot.org/story/09/07/30/130249/CentOS-Project-Administrator-Goes-AWOL): Lance Davis, the main project administrator for CentOS, a popular free 'rebuild' of Red Hat's Enterprise Linux, appears to have gone AWOL. In an open letter* from his fellow CentOS developers, they describe the precarious situation the project has been put in. There have been attempts to contact him for some time now, as he's the sole administrator for the centos.org domain, the IRC channels, and apparently, CentOS funds. One can only hope that Lance gets in contact with them and gets things sorted out. * Open Letter (http://www.centos.org/): July 30, 2009 04:39 UTC This is an Open Letter to Lance Davis from fellow CentOS Developers It is regrettable that we are forced to send this letter but we are left with no other options. For some time now we have been attempting to resolve these problems: You seem to have crawled into a hole ... and this is not acceptable. You have long promised a statement of CentOS project funds; to this date this has not appeared. You hold sole control of the centos.org domain with no deputy; this is not proper. You have, it seems, sole 'Founders' rights in the IRC channels with no deputy ; this is not proper. When I (Russ) try to call the phone numbers for UK Linux, and for you individually, I get a telco intercept 'Lines are temporarily busy' for the last two weeks. Finally yesterday, a voicemail in your voice picked up, and I left a message urgently requesting a reply. Karanbir also reports calling and leaving messages without your reply. Please do not kill CentOS through your fear of shared management of the project. Clearly the project dies if all the developers walk away. Please contact me, or any other signer of this letter at once, to arrange for the required information to keep the project alive at the 'centos.org' domain. Sincerely, Russ Herrold Ralph Angenendt Karanbir Singh Jim Perrin Donavan Nelson Tim Verhoeven Tru Huynh Johnny Hughes -- Sincerely, Michael Lauzon -- The Toronto Linux Users Group. Meetings: http://gtalug.org/ TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists - end forwarded message --- -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Flashplayer 10 vs 9
Summary: Flashplayer 10 sucks. Use Flashplayer 9. I have been building webslide presentations with lots of flash animations in them ( made with www.swftools.org ) and have been plagued with slow flash animations on my main laptop ( SL5 with ancient xorg 1.1.1 ). A supposedly 10 second flash animation was taking 36 seconds. On a similar laptop running Ubuntu 8.04 with a newer xorg 1.4.1, the animation was taking 11.4 seconds, nearly correct. To fix the SL5 laptop, I was about to load in a newer X server (with all the pain that implies). While testing, I tried "glxgears", which renders 3 spinning gears as fast as it can. On both the Ubuntu and the SL5 laptops, it spun reasonably fast, 750 frames a second. Hmmm - maybe it isn't X ... To make a long story short, the problem turned out to be that the Ubuntu laptop was running Adobe Flash Plugin 9 and the SL5 laptop was running the latest and allegedly greatest Flash Plugin 10. When I downgraded the SL5 laptop to version 9 (save those old RPMs, kiddies, they aren't available on line anymore!) the animation sped up from 36 to 10.8 seconds, slightly faster than the Ubuntu machine. Well, there may be stuff out there that won't run with Flash Player 9.0 r124, but it works fine with the obvious stuff. I still have 10 around, and I can symlink to it from a different instance of firefox if needed. Keith P.S. The pesky animation is here: http://server-sky.com/slides/bridge2009jun16_1024/aposkew_pretty_D_orbit.html http://snurl.com/l3f7e Time the white row crossing the centerline, 5 turns and divide by 5. -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
WYDIWYS web slide presenter
http://www.server-sky.com/wydiwys WYDIWYS ( What You Draw is What You See ) is a Perl program that reads a text command/display file and a series of images and SWF animations, then makes a slide show out of them. I wrote it because both Powerpoint and OpenOffice Impress are lousy at producing and displaying graphics-heavy technical slide shows. WYDIWYS emits a directory full of images and lots of little HTML/javascript navigation pages. These can be displayed and navigated with any browser on any platform. They can even be navigated embedded in a website (though that is a lot slower, better to download all the content with wget first). While a presentation can be clicked through as a linear slide deck with FORWARD and BACK and BEGIN and END, WYDIWYS also uses ENTER to navigate up and down through a hierarchical tree of sections and subsections. For example, I could organize a one week class by day, then have different topic sessions per day as navigable sections. I can use an RF remote clicker to rapidly move among dozens of sections and hundreds of slides. On operating systems with hard links (Linux, BSD, Mac, etc) WYDIWYS can make one or many links from images in many different source directories to many different presentation directories. This means that an update of an image propagates to all the versions of presentations that use it. The control/design file is a simple html-ish looking text file, so I can use vi to design/sequence a presentation, then duplicate and modify and evolve that text file to many different versions (for the boss, for high school students, 15 minute, 2 hour). I can even include WYDIWYS in a make file, though with the hardlinks I don't need make to update single images and have them propagate to targets. I used WYDIWYS to build a presentation about Server Sky for the Open Source Bridge conference today. The audience (some software, some hardware, and even a movie director) was impressed with the results. The presentation contained 21 full screen SWF animations totalling 200MB. The presentation launched with the shell script ~/bin/br, which launches firefox, pointed at a hardlink (index.html) to the first slide in the directory. That takes about 3 seconds on my laptop. The animations were produced with C programs driving the libGD library, and combined into animations with "swftools". This is alpha code, but it does my job. Indeed, while WYDIWYS took a couple of days to write, it saved me more time than that preparing this one slide show, compared to a previous presentation of similar material using openoffice. I hope to be handing the project off to a more competent programmer, for syntactic improvements and better error handling. But as is, WYDIWYS may already be useful to those of you who produce big presentations with lots of animated data, complicated equations, big/odd fonts, and all the other things that OpenOffice handles poorly. Look it over (including the partly written perldoc) and see if it might help you present your data. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Space software
I'm playing with something wild - see: http://www.server-sky.com 30 gram, 40cm wide, 100 micron thick silicon Earth-orbit satellites. Of course, most of the work is software simulation right now, and there might be people on this list working with open source tools that I can co-opt. I'm looking for: 1) Orbital simulation (numerical engines, not GUI eye candy) 2) radiation models of the magnetosphere 3) hypervelocity impact simulation 4) phased-array simulation 5) Animation tools compatable with openoffice I am doing a lot of work right now with gnuplot, and libgd. Some of the large array calculations will be done on an Nvidia GPU programmed with CUDA, so I would like to hear from people working with those. And of course, I am always looking for volunteers ... Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Disabling Avahi & fake dhcp when disconnected
The Avahi daemon, installed by default with SL5.x , is the program that configures a 169.254.xxx.xxx address on disconnected ethernet ports - such as the one on your laptop when you are away from a hard connection for a while, or the ones on your desktops when your router's power goes out. Avahi is a version of zeroconf, and related to something called "link local". It is allegedly useful for connecting two ethernet ports with a crossover cable. However, it is also persistent, and when a DHCP server becomes available, ready to assign a proper address, the previously assigned (and useless) 169.254.xxx.xxx address persists. Avahi also sends out frequent discovery packets, adding noise to tcpdump debugging sessions. This is a bug, not a feature. I disabled it on my laptop with System -> Administration -> Server Settings -> Services , but I'm wondering if there is something needful that breaks when I disable Avahi . Otherwise, I will turn it off on all my machines. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: ASUS EEE PC Box, R8168B, and RPMForge
On Mon, Jan 26, 2009 at 1:03 AM, Keith Lofstrom wrote: > > Keith wrote ... > >> driver works fine in 5.2 . The EEE also needed a patched > >> ethernet driver with 5.0, while the driver in 5.2 worked fine. > > > > I spoke too soon. After a reboot, the network went away - or else > > I was not paying attention previously. The EEE PC Box uses a > > Realtek 8168B, but for some reason the (updated) SL5.2 kernel calls > > for the 8169 driver, which does not work. So I added rpmforge to > > my yum repositories, then installed the dkms-8168 driver. I'm not > > sure I did everything right - during boot it talks about the driver > > already being loaded - but it works now. The steps: On Mon, Jan 26, 2009 at 07:31:45AM -0800, Akemi Yagi wrote: > You might want to take a look at this CentOS wiki: > > http://wiki.centos.org/AdditionalResources/HardwareList/RealTekRTL8111b > > In the section "Solution", look for (3) that offers the kmod package > for this driver. A little more detail will be found in this CentOS > forum thread: > > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=17854&forum=39&post_id=64799#forumpost64799 Thanks, Yagi-san! Indeed, I saw that first wiki page, and chose a streamlined version of solution (2) rather than solution (3), as (2) seemed more likely to tolerate kernel updates. Besides, the RPMforge repo looks like it is where all the Cool Kids (Dag, Dries, etc.) are hanging out, and the setup is very easy at https://rpmrepo.org/RPMforge/Using So thanks for reading that first page into the record. I suggest everyone with RealTek ethernet driver issues read it, as it explains them pretty well. (3) is a useful solution too, and the forum post you suggest covers a lot of the issues involved. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
ASUS EEE PC Box, R8168B, and RPMForge
Keith wrote ... > driver works fine in 5.2 . The EEE also needed a patched > ethernet driver with 5.0, while the driver in 5.2 worked fine. I spoke too soon. After a reboot, the network went away - or else I was not paying attention previously. The EEE PC Box uses a Realtek 8168B, but for some reason the (updated) SL5.2 kernel calls for the 8169 driver, which does not work. So I added rpmforge to my yum repositories, then installed the dkms-8168 driver. I'm not sure I did everything right - during boot it talks about the driver already being loaded - but it works now. The steps: 1) With the network not working, I temporarily connected through a USB-to-ethernet adapter, which automounted as eth2 when I plugged it in. I've used three different adapters in the past, all worked out of the box. This time I used an ancient Farallon Netline PN976 ( 07a6:0986 ADMtek, Inc. AN986 Pegasus Ethernet). In the past I've used a cheapo AirLink and a 3Com, model numbers not at hand. 2) I used firefox to go to https://rpmrepo.org/RPMforge, clicked "Using RPMforge" to go to https://rpmrepo.org/RPMforge/Using , then clicked the "RHEL5 / CentOS-5 i386" rpm link. That downloaded some stuff that added RPMforge to the yum repositories. 3) I then did a "yum install dkms-r8168" and got a working driver. eth1 came up, and I could unplug the USB-to-ethernet adapter. I may have remembered something incorrectly. Please correct me if so. I plan to add my notes to my wiki in a few days: http://wiki.keithl.com/index.cgi?SL5eee So you can add stuff there in a week or so, too. BTW, I plan to build the EEE Box to come up with a very simple SL5.2 host OS, and two VMware guests, one full-featured SL5.2 (for surfing the web, vpn, ssh, and the usual applications) and a Windows 2000 guest with Dragon Naturally Speaking Medical. The win2K guest will have networking, file sharing, browsers etc. turned off). Dragon will be used by my doctor wife for dictating patient records, and I will do my damndest to keep the Windows guest isolated from the internet to protect patient privacy. Since there will be 3 OSes running, I needed more memory. I voided the warranty of the EEE by opening it up (no easy task, look for instructions on YouTube) and installed 2GB of 667MHz SoDIMM RAM to replace the 1GB that it came with. I also replaced the original 160GB XP drive with a 250GB Seagate SATA notebook drive (not one of the drives with the bricking problem). Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Intel graphics again
On Fri, Jan 23, 2009 at 11:00:40AM -0600, Troy Dawson wrote: > Is there a reason why you are using SL 5.0 instead of SL 5.2? > Graphics is one of the things that was updated. You might get your newer > kernel, but without the newer xorg stuff that goes with it, it might not be > working correctly. > If you want to try it via live, you can use our livecd to give it a try. > http://ftp.scientificlinux.org/linux/scientific/livecd/52/ I reloaded the EEE PC Box with a fresh install of SL5.2, and that did the trick. An upgrade didn't for some reason, but I haven't installed user data yet, so a rebuild from scratch is easy. The machine came up with the intel driver in the wrong resolution. (unlike the live CD, which Just Worked). After using the GUI display configuration tool, a reboot seemed to be needed for the X configuration to "take", but other than that the intel driver works fine in 5.2 . The EEE also needed a patched ethernet driver with 5.0, while the driver in 5.2 worked fine. I was attempting to keep everthing 5.0 , the same as all the other machines. But I guess I will install 5.2 on whatever new ones turn up. Next - VMWare! Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Intel graphics again
Pursuing my obsession for lower electrical power, I have been attempting to get an ASUS EEE Box (the desktop, not the micro-notebook) working with SL5.0 . The box draws only 16 watts, up to 20 with some USB peripherals added. However, it is a bit of a driver nightmare, and a few things are implemented wrong (2.8V on the microphone input? Should be 5V to power electret microphones). I've got most of the problems solved, but the graphics is still driving me a bit nuts. It uses an Intel 945GM chipset. I have a 1400x1050 monitor, and have been fiddling around with 915resolution and xorg.conf and modelines, but X insists on bringing up the display in ugly 1280x1024 mode using the vesa driver in SL5.0 with the updated 2.6.18-92.1.18.el5 kernel and X version 7.1.1 . Playing with the i810 or i915 driver prevents X from starting. I am quite ignorant of what I am doing, but don't know which portion of my ignorance to correct in order to get this running. The EEE and the 1400x1050 display works fine with the delivered WinXP (on a different hard drive) and with installed Ubuntu 8.04 Hardy Heron (on yet a different drive). It also works directly off a live CD with Ubuntu 9.04alpha3 Jaunty Jackalope. I've been looking at the Xorg log from that for clues, but I suspect that X and the drivers are so much newer than SL5 that there is little knowledge that ports backwards. The eee will eventually end up in my wife's office, with a 1280x1024 display anyway - so I am probably wasting time trying to get the larger monitor working properly. However, there might be folks here interested in the eee, so I will continue attempting to do resolution hacks if that is of interest. Does anybody care enough about this for me to spend a few more hours banging my head against this wall? If so, can anyone point me at successful usages of Centos5/SL5 X with Intel graphics chipsets and this non-standard VESA resolution? BTW, I plan to run a VMware Win2K client on the SL5/EEE, with Dragon Naturally Speaking 10 Professional running, copying a similar setup from my T30 laptop. The next task is to compile a custom kernel with some realtime timing hacks so that the sound processing is smoother. I will be using a USB mike, bypassing the stupidly designed analog input. With the Intel graphics sucking bandwidth out of the main memory, I wonder if the speech recognition will fail? Since the T30 uses a 2GHz P4 with PC2200 RAM, and the EEE uses a 1.6GHz Atom with PC5300 DDR2 RAM, I suspect there will be more overall bandwidth available for computation on the EEE. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Notes - Re: SL5 running on 4 Watt ALIX SBC
> Keith Lofstrom wrote: > > > >I recently purchased an ALIX 2D3 single board computer ( designed > >by PC Engines of Switzerland, http://www.pcengines.ch/alix2d3.htm On Tue, Jan 06, 2009 at 09:36:54AM -0600, Troy Dawson wrote: > I don't know about other people, but I for one would love to read how you > did it. I've been wanting to make a couple of ultra low power machines and > it would be great to see some instructions for something other than debian. Here is the start of my writeup: http://wiki.keithl.com/index.cgi?SL5Alix It covers installing to the flash, configuring for flash friendliness and setting up the serial port console. With this you should be able to get a root prompt on the ALIX serial console, and do a lot of the network configuration. I hope to add more stuff for setting the ALIX up as a router/firewall, including: - BIND - SSL certs - dyndns/ddclient - OpenVPN - nocat - DenyHosts - patching the linux kernel for the Geode AES engine - power options (car battery, solar) It looks like I have the start of a magazine article here, so I got greedy and put a copyright notice on it. Go ahead and link to it, though. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
EEE PC - Re: SL5 running on 4 Watt ALIX SBC
On Tue, Jan 06, 2009 at 09:48:43AM -0600, Glenn Horton-Smith wrote: > We recently needed a small PC for a slow monitoring application, and ended > up getting an Asus Eee PC 1000 HD mini notebook. An SBD like the ALIX 2D3 > would have been another option, but we liked that the Eee came with its own > monitor, hard drive, and integrated "uninterruptible power supply" (i.e., > batteries). We just got it yesterday, still trying to figure out whether to > stick with the preinstalled Xandros OS or try installing SL instead. Glenn - I hope you don't mind me sharing this on the list. I think we will get some useful contributions from others. First, an interesting idea for the ALIX: the input power supply will run on the 12 to 14 volts from a car battery. Hence, you could use an ALIX with a battery, a solar panel and a miniPCI wifi card with a high gain antenna, and you have something that you can place miles from the power grid. That would be hard to do with an EEE, though if wall power is available 23.9x7 the EEE is an easier way to get the job done. Either way, you get to run the same software. Second, regards the EEE: I help run a monthly Linux Clinic. One of our "clients" brought in a pair of ASUS EEE PCs, one with the preinstalled Xandros on a solid state drive, and another with preinstalled WinXP on a SATA hard drive. We blew away the XP and installed Ubuntu 8.04 Hardy. We ran into a problem with networking - the built-in CAT5 and wireless ethernet interfaces were not handled by the drivers provided with Ubuntu. We limped through the install and updating with USB ethernet and USB wireless (using a cheap ZyDAS wireless adapter). The client found drivers for the native hardware. I suggest that you make an external image of the Xandros drive, or else set the machine up dual boot, so you can pull drivers from it as necessary. If it is a SATA drive, you can replace it with a similarly-sized spare and install SL5 on that. The Ubuntu 8.04 kernel and x.org are about a year more advanced than SL5, so there may be more driver problems with SL5, but these can be fixed. The EEE PC is just the thing for what you want to do - it would be better for many applications than the ALIX. And SL5 is a much better distro for any kind of scientific work. In fact, I am planning to purchase an EEE Box (not the microlaptop, but the hardback-sized computer box) for my wife's office, to replace the power-hungry and unreliable Shuttle ITX system she has now - and of course I will run SL5 on it. So please share your own experiences with the SL5 install. Given the positive response I've gotten (especially from Troy - Oh boy, I get to pay back a little!) I plan to put the ALIX instructions on my wiki at wiki.keithl.com. You are welcome to use that if KSU Physics doesn't already have a good place for your own contributions. At the very least, we will link to each other! Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5 running on 4 Watt ALIX SBC
I have been using an old laptop as my firewall - running SL5 like all my other computers. I recently purchased an ALIX 2D3 single board computer ( designed by PC Engines of Switzerland, http://www.pcengines.ch/alix2d3.htm and sold by netgate.com for $180 with case and power supply). The board has 3 ethernet ports ( WAN, LAN, DMZ ), 256MB of RAM, and uses a 500MHz AMD Geode X86-compatible processor with built-in AES crypto engine (for speeding up VPN links). It uses a Compact Flash card for "disk" though it also has a header that can connect to a PATA hard drive. No video display, though there are USB connectors and a mini-PCI slot on the board where a display card can be added. The board draws less than 4 watts operating. So it is about 3X faster than the old laptop, and 10x less power. Some people are setting these up with the OpenWRT distro, but that is optimized for small flash footprint, and has too many bugs IMHO. I tried that for a few frustrating days, and gave up. I attached the CF card to a USB adapter, attached that to a diskless desktop computer, and installed from the SL5 DVD. After tweaking /etc/fstab , /boot/grub/menu.lst , and /etc/inittab for a serial console and different drive names, the card booted fine on the ALIX. I made some flash-friendly changes (noatime, remote logging, ramdisk /tmp, etc). I also added a rc file to copy the MAC address of my old WAN connection. I am moving the config files from the old firewall laptop now, and will deploy soon. Which raises a question - is anybody else on this list interested in my notes on how I am doing this? I can put a write-up on my wiki if so, otherwise I may forget some of what I did. With SL5 driving massive computation clusters consuming megawatts at the high end of the spectrum, it is nice to know that SL5 is also useful at the low power end, too. Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5 and JFFS?
I run SL5 on 6 machines, and am considering building a low power browsing/email machine running SL5. It will probably use an Atom mini-ITX board and a 30GB solid state drive - no moving parts, and using less than 40 watts. I will do the usual /tmp in ramdisk and "noatime" in /etc/fstab, among other flash-friendly tweaks. Although the boot partition will be ext2/3 , I am considering making the main partition with the JFFS file system - the Journalling Flash File System. That is not built into the SL5 kernel ... it is a module instead. I'm wondering if the system will be able to find the JFFS module if /etc and /lib and /bin are stored as JFFS. Probably not. Does anyone know? I can compile my own kernel, of course, but I lose the advantage of automated updates. I can also build the main partition with ext2/3, and move the frequently varying stuff like /var and /home into separate JFFS partitions. I would rather use JFFS for as much as I can, though. Updates could be extremely slow if too much of the system is ext2/3 . Ideas? Keith -- Keith Lofstrom kei...@keithl.com Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Adding USB IDs to Wireless USB driver
I just got wireless USB working on my SL5 laptop. There was a lot to figure out, so I am sharing it here. I have a MyEssentials ME-1001-USB wireless adapter, which contains a Zydas zd1211b wireless chipset ( bought from Fry's on saturday October 4 2008. Note that chipsets change without warning!). The device is plug and play on an Ubuntu Heron 8.04 system (with kernel 2.6.24) but not so with Scientific Linux 5 kernel 2.6.18-8.1.6.el5 . The SL5 zd1211rw.ko driver is missing most of recent the USB device IDs. So, it needs recompiling with some additions as shown here: http://linuxwireless.org/en/users/Drivers/zd1211rw/AddID What follows is the recipe that works for Red Hat style RPM systems, and something similar will probably work for SUSE.I will let you Ubuntu Debian Slackware Gentoo folks figure it out on your own. CentOS documentation refers to /usr/src/rpmbuild instead of /usr/src/redhat , but the latter is where the files show up. I found the source files for my kernel here: ftp://fr.rpmfind.net/linux/sourceforge/l/li/linux-ntfs/kernel-2.6.18-8.1.6.el5.src.rpm Then the standard redhat style kernel preparation, as root: rpm -Uvh kernel-2.6.18-8.1.6.el5.src.rpm cd /usr/src/redhat/SPECS/ rpmbuild -bp --target=i686 kernel-2.6.spec cd /usr/src/redhat/BUILD/kernel-2.6.18 chmod a+w -R *# this allows you to work as a normal user # do these as a normal user cd /usr/src/redhat/BUILD/kernel-2.6.18/linux-2.6.18.i686/drivers/net/wireless/zd1211rw/ cp -a zd_usb.c zd_usb.c.orig # option one # download http://www.keithl.com/zd_usb.c # which contains the current device list as of 2008-Oct-05 # option two --- # edit the zd_usb.c file yourself, copying lines from the most recent # version here: http://wireless.kernel.org/download/compat-wireless-2.6/compat-wireless-2.6.tar.bz2 # Untar that into a handy place. You will be needing the file zd_usb.c # to patch the similar file that comes with the kernel. Otherwise, this # driver source requires a much more recent kernel. # # copy all the the DEVICE_ZD1211 and DEVICE_ZD1211B lines from the recent # version zd_usb.c and patch them into the kernel sourcezd_usb.c # compile the module, as a normal user -- # using the recipe in http://wiki.centos.org/HowTos/BuildingKernelModules cd /usr/src/redhat/BUILD/kernel-2.6.18/linux-2.6.18.i686/ make clean make oldconfig make menuconfig make prepare make modules_prepare make M=drivers/net/wireless/zd1211rw/ su root cp drivers/net/wireless/zd1211rw/*ko /lib/modules/2.6.18-8.1.6.el5/extra/ /sbin/depmod -a # all done! The Wireless USB should now be plug-and-play as eth1. I did not have to play with /etc/sysconfig or /etc/modprobe.conf Note, this version of the driver, as well as the one running on Ubuntu 8.04 , does not provide signal strength to Network Manager. The most recent version of this recipe can be found at: http://wiki.keithl.com/index.cgi?Zd1211WR Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Horribly Broken RHEL5/SL5 Perl (2)
On Tue, 26 Aug 2008, Keith Lofstrom wrote: > Since some of the scientific community (especially the life sciences) > are running huge amounts of Perl, this is probably a Big Deal. We > should explore the problem further with TUV and the CentOS community. > If a fix is not forthcoming from TUV, I reluctantly suggest that we > get together with the CentOS people and fork this portion of the > distro, perhaps standardizing on Perl 5.10 . There are people > in the Perl community ready to assist us. On Tue, Aug 26, 2008 at 11:39:41AM -0500, Connie Sieh wrote: > There is merit in having your own "application" perl vs using the "system" > perl for everything. That way you can "decide" . > > It is NOT a good idea to replace the "system" perl. I brought this up with the Portland perlmongers group (which seems to include half the world's principal perlistas) and they agreed with Connie; two versions of Perl, because you never know what Perl bugs and version hacks that critical system software is dependent on. Now the raging discussion is about HOW to set up "application" Perl (/opt/ ? /usr/local/bin/ ? ), how to mod the programs to call the correct versions of Perl and libraries, and how to keep things updated semi-automatically. Since a "contrib" RPM seems like the best way to share the update effort, perhaps we ought to see if there is any consensus here on where to install, which Perl version, etc., and figure out some way to make the security updates track what TUV and SL are doing. One of the reasons I love SL is the excellently maintained updates, and a community of similar users finding the bugs and learning the workarounds before I do. Some perlmongers suggested that larger or critical Perl apps (living in /opt/ ) should be paired with their very own optimized version of Perl and modules, all updated together. This makes sense, though I don't expect to be doing that for my apps. Apache, maybe. Still, I wish TUV would get their Perl act together. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Horribly Broken RHEL5/SL5 Perl
This just in: http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/ Summary: The Upstream Vendor version of Perl has a patch to the "bless[]" function that makes it /extremely/ slow. Most of us do not write that kind of of fancy Perl, but a lot of us use one of the 1500+ CPAN modules that do. The slowdown can be over 100x with some programs. This affects Fedora 9 as well as the various version 5 distros. TUV-patched Perl version 5.8.8 also breaks the Math::GSL package that I wrote about a few days ago. It runs fine with 5.10 . What to do? Some people are downloading and recompiling Perl; we have version 5.8.8, while version 5.10 is available . A few are abandoning Perl. A few are abandoning TUV-inspired distros. A few are buying way more hardware than they would otherwise need. Since some of the scientific community (especially the life sciences) are running huge amounts of Perl, this is probably a Big Deal. We should explore the problem further with TUV and the CentOS community. If a fix is not forthcoming from TUV, I reluctantly suggest that we get together with the CentOS people and fork this portion of the distro, perhaps standardizing on Perl 5.10 . There are people in the Perl community ready to assist us. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Scientific Computing with Perl
Jonathan Leto and student Thierry Moisan are working on the Perl CPAN module Math::GSL , which is a SWIG+XS implementation of GSL, the GNU Scientific Library. Most of the work was done over the last three months, funded by the Google Summer of Code. Work continues. Almost all the modules are working and extensively tested, with a few of the function handlers (integration, convolution, etc.) still needing work. Jonathan gave a presentation about SWIG at our user group tonight, and we hijacked it to talk about scientific computation instead. Jonathan just set up a Google Group to discuss Math::GSL and other topics related to Perl and scientific computing, and I expect others on this list will be interested. Sign up for Google Groups, get a free Gmail account, and go to: http://groups.google.com/group/perl-scientific-computing You may also be interested in helping with Math::GSL : http://groups.google.com/group/math-gsl-dev When Math::GSL gets a little further along, it will make a nice add-on to Scientific Linux. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Linux at LIGO
I was at LIGO, the Large Interferometer Gravitational Observatory, this weekend. Their control room uses mostly Sun, but also Linux: http://www.keithl.com/ligolinux.jpg http://www.keithl.com/ligolinux1.jpg Poorly focused and taken quickly, (and I scrubbed the filenames out, just in case) but you can see the Gnome desktop and Firefox. This was a standard desktop background for clones of Redhat Enterprise, I think version 4. Perhaps SL4? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: DNS changes?
On Wed, Jul 23, 2008 at 12:07:06AM -0700, Keith Lofstrom wrote: > > There was a flurry of upgrades to BIND/named about a week ago. Over > the last few days, I have noticed a few DNS failures (but that may > be coincidental). I am learning to read debug output and developing > a better understanding of named.conf (set up by a consultant 5 years > ago) and so on, but meanwhile, is anyone else having problems? > > Try "dig ns1.hostica.com +trace" and see if it fails. > > Keith In my case, it turned out to me a couple of things. The DNS UDP packets seem to be a bit longer now. I am currently connected to Verizon FIOS through an Actiontec cable modem/router, which some websites say truncates UDP packets to 512 bytes, in accordance with RFC negative 666. :-) That caused problems with hostica and others. I changed /etc/named.conf to a policy of forward first, and used the Verizon nameservers as forwarders, taking out the lookup through the root nameservers. Verizon does some goofy things with nonexistent URLs, but I can live with that for now. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL users at OSCON?
The O'Reilly Open Source convention is in Portland Oregon this week. I'm local, and will be helping staff the Portland Linux/Unix Group booth; stop by and say hello, ask about Portland, the best parties, etc. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
DNS changes?
There was a flurry of upgrades to BIND/named about a week ago. Over the last few days, I have noticed a few DNS failures (but that may be coincidental). I am learning to read debug output and developing a better understanding of named.conf (set up by a consultant 5 years ago) and so on, but meanwhile, is anyone else having problems? Try "dig ns1.hostica.com +trace" and see if it fails. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Ubuntu Hardy Heron and the new X.org - when in SL?
I run SL5 almost exclusively on my machines, but I recommend Ubuntu for the newbies that I work with. The latest version, Hardy Heron 8.04LTS (long term support) is out, and I booted it from a live CD. 8.04 is built on the latest Gnome and the latest 7.3 X.org . The new X.org fixes some pesky problems that cropped up when Linux moved to HAL (Hardware Abstraction Layer), like recognizing hotplug video devices such as computer projectors. The Radeon chipset on my Thinkpad T30 requires a reboot to recognize a projector with the X.org 7.1.1 (12 May 2006) that comes with the Scientific Linux 5.0 . 5.1 and 5.2(beta) also run 7.1.X X.org, right? This leads to a prediction question - involving crystal balls and tea leaves, perhaps. How likely is it that T.U.V. EL 5.3 (and thus SL5.3) will upgrade to X.org 7.3? If that is not likely to happen before EL6, what kind of pain is it to make a local upgrade to X.org 7.3 and maintain it outside of the automated update process? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5 and [TUV] Enterprise Linux 5 - compatability?
I will be setting up a server for Cadence chip design software, and that company specifies Enterprise Linux 5 from "The Upstream Vendor" for the OS, accept no substitutes. The cost of [T.U.V.] EL5, with support, is miniscule compared to the CAD tool licenses, so I have no problem with running that. The other half dozen existing machines are SL5 (and one CentOS5), and will not be running Cadence, so they will stay with SL5. I am assuming that these machines will coexist peacefully; I will keep them separate, and not ask TUV tech support any SL5 questions. With my SLx experience, I probably won't need any tech support at all. I assume Cadence specifies an EL5 support contract so that Cadence isn't saddled with OS vendor questions from newbies. So, the question is, does anyone know of any technical or legal or business reasons why mixing SL5 and "TUVEL5" is difficult? Or is this going to be very easy, like I expect? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
problem with perl-5.8.8-10.el5_0.2.i386.rpm
I run SL5 on all my machines except for my offsite virtual server, which is running a Xen-ified version of CentOS-5 provided by the hosting service. At 0400GMT on November 8, the server yum update process downloaded perl-5.8.8-10.el5_0.2.i386.rpm , which was probably generated by The Upstream Vendor. Yum/RPM proceeded to scribble over the 84841 byte file: /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/List/Util/Util.so ... with a truncated 36168 byte version that breaks Kwiki and Spoon,pm among other things. A CPAN "force install" of Scalar::Util fixed it. Although this list is focused on Scientific Linux and not TUV Enterprise 5 or CentOS 5, Perl users here may suffer the same fate I did if/when this file gets updated for us. Something to watch out for. Who should I contact at TUV and CentOS about this? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
gnuplot 4.2.2 and checkinstall
On Fri, Oct 19, 2007 at 04:38:42PM -0700, Keith Lofstrom wrote: > ... If I > can figure out how to make minor tick gridlines do what I want, > I will be 99% satisfied. I prefer dense minor gridlines, plotted > in faint bluegreen ( rgb #C0FFEE ) like the graph paper of my youth. I figured out how to do that - the magic tricks are "set style line", "set m*tics", and "set grid". Here is an example that prints some dense graph paper beneath the plots: set style line 8 lt 1 lw 1 lc rgb "#C0FFEE" set style line 9 lt 1 lw 0.5 lc rgb "#C0FFEE" set mxtics 10 set mytics 10 set grid xtics ytics mxtics mytics ls 8 , ls 9 This looks great on an HP2605dtn color laser printer. For your amusement, the entire gnuplot script I use ( for plotting the DC characteristics of a typical TSMC 0.13um diode connected PFET and an NFET ) is at http://www.kl-ic.com/gnuplot_example . > I would prefer to install from an RPM, but I couldn't find any and > I do not know an easy way to make one. Separate subject, is there > a magical tool that will take a standard "automake" package ( using > the mantra "./configure, make, make install" that we all know and > love ) and auto-magically produce an RPM? Some helpful people suggested "checkinstall", and that works fine, so I built a gnuplot rpm for SL5: http://www.kl-ic.com/gnuplot-4.2.2-1.sl5.i386.rpm This version will not make PDFs, as my system does not have libpdf and I did not want to build in the dependency. I don't know how much attention checkinstall pays to dependencies, so I don't know how portable this rpm is. But it might be useful as a "contrib" for SL5, if somebody wants to add it to the archive. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Scriptable plotting, gnuplot 4.2.2 or ???
On Thu, 18 Oct 2007 22:56:37 -0700, Keith Lofstrom wrote: > Should I be compiling and installing gnuplot 4.2.2 ? Is there a > better open source alternative ( scriptable, controllable ) for > my needs, perhaps something in the distro I haven't noticed? On Fri, Oct 19, 2007 at 07:33:50AM -0400, Ricardo Franklin wrote: > I don't know other way, but I have installed SL 4 and SL 5 and I > installed gnuplot 4.2.2 and in both cases works very good. Keith writes: Indeed, the gnuplot 4.2.2 source (from the gnuplot site and sourceforge) was quite easy to compile. The compile process does not find libpdf, but the package will make postscript and I can make PDFs from that. The program is much improved over 4.0.0. I am making 60 graphs from a pile of raw data, in one big gnuplot script - MUCH faster than doing it manually with Open Office Chart. The new version allows individual control of line color for plots. No more yellow and light green lines on a white background! If I can figure out how to make minor tick gridlines do what I want, I will be 99% satisfied. I prefer dense minor gridlines, plotted in faint bluegreen ( rgb #C0FFEE ) like the graph paper of my youth. I would prefer to install from an RPM, but I couldn't find any and I do not know an easy way to make one. Separate subject, is there a magical tool that will take a standard "automake" package ( using the mantra "./configure, make, make install" that we all know and love ) and auto-magically produce an RPM? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Scriptable plotting, gnuplot 4.2.2 or ???
In January, there was some discussion of graphing/plotting/math packages. I need a scriptable plot maker with good control over appearance to multiple outputs. gnuplot 4.2.X looks usable, but the default package with SL5 is gnuplot 4.0.X (April 2004). Old! Should I be compiling and installing gnuplot 4.2.2 ? Is there a better open source alternative ( scriptable, controllable ) for my needs, perhaps something in the distro I haven't noticed? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SATA hot swap, PATA bridge
I rotate backup drives. With 2.4 kernels, I could hotswap PATA (40 pin Parallel ATA IDE) drives directly, using hdparm to tristate the bus. 2.6 doesn't permit this, so I use USB2 hot swap cages instead (see http://wiki.dirvish.org/index.cgi?USB2Drives ). I have been experimenting with SATA hot swap. I will be keeping my PATA drives for the next few years, but I can use a SATA to PATA IDE bridge board (JMicron JM20330 chipset, about $20) to connect the PATA drive to a SATA cable to a SATA board. This works at the same speed as direct connect PATA, 30MB/s, much faster than USB2 at 10 to 20MB/s. I've been running a "mount-write-read-erase-unmount" loop, 100GB at a time, about 1 hour per cycle, for the last 3 days with no lockups. Some USB2 bridge chipsets lock up after 5-50GB of transfer. I am confident enough to try making backups through the SATA path. Many different SATA-PATA bridge boards are available. Perhaps some of you would like to try some of the other possibilities. With all the different options, I expect some will fail, either immediately or after a few hours, but it would help to learn what works. If this does work, I may be ditching a bunch of USB2 hardware. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SATA hot swap
Are any of you running SATA drives? Do you know whether they can be hotswapped in Linux, perhaps with some "hdparm" action before and after? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
OT: any RHEL consultants out there?
A friend in Washington state needs some short term consulting help with some RHEL Server 3 and Server 4 systems. Non-tech mixed-OS company, about 100 users. Alpha geeks please. Email me for more info, off the list (please forgive the OT list abuse). Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Scientific Linux 5.0 64bit version: which AMD processors?
Benjamin Ooghe-Tabanou wrote: ... >Dell proposes these CPU: >for desktops: AMD Athlon™ 64 X2 Dual-Core 3800+ and faster >and for laptops: AMD Turion^TM 64x2 Dual-Core Mobile technology TL-50 >and bigger >or AMD Turion^TM 64 Mobile technology MK-36 Processor > >Did any of you successfully install SL on any of those processors? >Otherwise would you know any detail which would comfort me in choosing >one of these? I am running SL5 on a dual core Athlon FX-2 3800 desktop, for technical computing. The 64 bit versus 32 bit versioning issues can occasionally trip one up, and could be an issue if you want to load lots of obscure software and drivers. This might be especially true for wireless and graphics drivers for a laptop. For a desktop, with a small software load and a wide choice of peripherals, this is not a problem. So, the REAL question for a laptop is not "is an Athlon a problem" (all processors run Linux) but "are there good 64 bit drivers for the peripherals", especially the graphics driver. The wireless driver for the built-in wireless is often a problem, even for 32 bit CPUs, but the 5mW junk they build into laptops is often useless anyway; use an Atheros PCMCIA card instead. Check the Linux on Laptops site at www.linux-laptop.net and see if someone else has had success for that exact model. And if you are ordering from Dell, they allegedly offer Linux preinstalled, don't they? If you are not confident of your Linux install skills, it is better to pay extra and go the preinstalled route, either from the manufacturer or from a reseller company like Emperor Linux. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Does SELinux really worth it?
On Mon, Jul 23, 2007 at 04:38:49PM -0700, Zhi-Wei Lu wrote: > ... > Many times, one does not think that it is an SELinux related issue > and waste a lot of energy trying to debug the problem. I am just > wondering how people are coping with SELinux: love it, hate it, > disable it, disable some transactions. I would really like to hear > the words of wisdom on this topic. I, too, am worried about SELINUX. I would work with it more, but there seems to be little accurate information about configuring it for new apps (such as OpenVPN). I set it to permissive, and may turn it off entirely unless I can find better info about configuration with SL5. Local acquaintance Crispin Cowan developed AppArmor, now a part of Novell/SUSE. Crispin makes a convincing ease-of-use case for the now-free-and-open AppArmor, and I might use that instead of SELINUX if the config files become available for SL5. Crispin will be at OSCON this week, and I expect to see him a few times; if anyone wants me to ask him more questions about AppArmor, I can. AppArmor might prove an interesting alternative for the SL5 user community to develop and use as an add-on package. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
OSCON / Ubuntu Live in Portland
OSCON and Ubuntu Live in Portland Oregon this week! I'm a Portland area local. I can't afford OSCON, but I will be hanging out much of the time. Anyone else from the list attending? Email or call the number below. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
sd save directory alias
A cute trick for bash and xterm: I work with a lot of xterms. For years, I have been using pwd, cd, and mouse-cut-and-paste to copy the working directory from one window to another. Now I have a better way, involving some aliases in .bashrc: alias sd='pwd > ~/.sd' alias ds='cd `cat ~/.sd`' I type 'sd' in the xterm I want to copy the working directory from, and 'ds' in the xterm that I want to copy the working directory to. It is actually secure - the backtick'ed cat feeds directly to cd, so even if .sd is corrupted somehow, it cannot execute arbitrary code. I use 'sd' and 'ds' because I am left handed; 'kl' and 'lk' might be easier for right handers, and I will humbly accept the honor of being immortalized in the initials. ;-) Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
subtle problems with postfix
For those of you using Postfix: Sendmail is the MTA of choice for RH-style distros. Instead, I use Postfix for reasons I won't get into here. Last night, Postfix stopped working, with a "mail to loops back to myself" error. The fix turned out to be properly setting up the "match-clients" line in a /etc/named.conf file on the internal name server machine. This drove me nuts, because ping and traceroute on the Postfix machine found my mailserver (via /etc/hosts), but Postfix could not, because it wants to talk to the internal DNS server (and couldn't). That is broken (or at least misleading) behavior, IMHO. So, this message is a warning to any of the rest of you having Postfix problems to verify your DNS behavior with "dig", and to not rely on /etc/hosts. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Solving problems (was Scanner problem and cure
> Finally, in this case, no response to the reset switch; > THAT is a lockup indeed! It took a power interruption to > bring the machine back. On Wed, Jun 27, 2007 at 11:14:00PM -0700, Radu-Cristian FOTESCU wrote: > IMNSHO, this is not a software problem, at least not at the OS level. Software doesn't have problems, and hardware doesn't have problems. People have problems when they are disappointed by unexpected behavior, and the solution to those problems can be improvements of hardware or of software, or improvments of technique. Technique is the easiest solution, software is harder, and only a few people like me are capable of redesigning the chips! That is why publishing an easy solution ( replacing the .xsane config directory ) to the problem (xsane plus hardware locking up hard), is the Right Thing To Do. We hope that other users, assisted by Google, will have an easier time solving it. I prefer to publish solutions proactively when I find and solve a problem, because this maximizes the information flow for other users. Another preference is for accurate subject lines as discussions stray from the original subject. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Scanner problem and cure
On Wed, Jun 27, 2007 at 12:42:18PM -0700, Radu-Cristian FOTESCU wrote: > > ... but I am curious: how are you determining that a Linux box is frozen? First, the clock on the gnome panel freezes. After a minute of that, no response to ctrl-alt-backspace. Then, no response to ping from another machine. Finally, in this case, no response to the reset switch; THAT is a lockup indeed! It took a power interruption to bring the machine back. I'm guessing the problem is due to the Adaptec 2940 SCSI card doing something really nasty to the bus, perhaps trying to DMA an infinite-length record. Given the enormous data files that a a scanner can potentially produce, an driver that does not do proper bounds checking, or does not recover from bus errors (the cable approaches the length limit) might freeze the bus this way. It is interesting that an obsolete user configuration can bring this about. This is all rank speculation, of course. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Scanner problem and cure
One of my older machines has a UMax 1200 SCSI scanner on it. Three years ago, I upgraded it from RedHat 9 to Fedora Core 1. Two weeks ago, I upgraded it from FC1 to SL5. When I tried to use the scanner yesterday, the machine froze hard; it wouldn't even respond to the reset button, I had to pull the plug. After frobbing around a bit, the cure was to delete the .xsane directory (probably originally for RH9) in my home directory, and let the current version of xsane build a new one. It irks me that a user-space program can lock up the machine (that is so, so M$ ), but at least there is a cure. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Where is the SELINUX src/policy ?
I am slowly getting up to speed about SELINUX. One semi-useful document is the Deployment Guide PDF from The Upstream Vendor. It mentions "/etc/selinux/targeted/src/policy/domains/program" on page 701 of the guide. That is not there, and src is not found by "yum whatprovides /etc/selinux/" . This directory is also mentioned in the book SELINUX by McCarty . SELINUX is somewhat hard to figure out - harder if there are pieces missing. Is the documentation wrong or obsolete, or is {TUV}-5 missing this directory, or is SL5 missing this directory? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
logging for crashes
I am getting frequent crashes on my SL5 laptop; the only data I have is that a couple of indicator lights are flashing. Such crashes were rare with SL4.4 before I converted the machine. Sometimes, the crashes are while I am using the laptop, but more often they occur between 1 and 4 am (most of my cron.daily jobs kick off at 4am). Often, the machine is logged in with a few browser windows up and apps windows open. What can I do to log the crashes, so I can tell the state of the machine and see what is running when the crash occurs? I'm not a coder, so crash dumps will probably be too hard to use without a lot of additional study. I can write a script that dumps a "ps" and a "free" into a date-named file in a log directory every minute or so, but there is probably a more intelligent way. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: prelink
On Sat, Jun 23, 2007 at 09:28:01PM +0800, John Summerfield wrote: > > It provides no benefit at all once a program's up and running. I expect > it to be most useful in desktop environments, and of least use in > dedicated database servers. The typical text window stuff - vi, ls, less - loads pretty quickly anyway. I imagine prelink would save a few milliseconds each time, perhaps adding up to a few minutes per year. The "pigs" - the really slow-loading desktop stuff - are firefox2, openoffice, vmware, and some of my CAD tools. Most of these live in /opt/, and prelink doesn't do much for them. If I was a typical code jockey, running the C compiler a thousand times per makefile, a hundred makefiles per week, then prelink would be very helpful, as does its work mostly in /bin and /usr/bin. Another place prelink might be handy is for the perl-based wiki I run on my offsite virtual server. That is straight /usr/bin/perl, which is probably launched very often when a spider is traversing the wiki. But if I get worried about performance, it is better to learn about modperl and use that. So in general I agree with your statement, the value of prelink is highly situational. However, if it makes it harder to run my security and backup tools, it is probably better to invest in slightly faster hardware than in jumping through hoops to accomodate prelink. I'm glad it is easy and safe to disable. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
prelink
There is a program called "prelink" that works with the program loader to rewrite the symbol tables in libraries and executables for faster loading. It is turned on by default in Red Hat derived systems like Scientific Linux. Yikes! I do disk-to-disk backups with dirvish/rsync (I like dirvish so much, I host www.dirvish.org ;-) ) and have started doing file integrity monitoring with osiris. It appears that "prelink" changes the binaries and libaries while leaving ctime/mtime at previous values. Just like a virus does, so prelink sets off all sorts of alarms. Sorry, I would rather have slow, stable and safe instead of fast and fragile, so bye-bye prelink . I plan to remove /etc/cron.daily/prelink, revert my binaries and libraries with "prelink -au", then comment out all the "-l" lines in /etc/prelink.conf so that the loader doesn't attempt to do it. Then I will rebuild my backups, and reinitialize osiris. Any flaws in my thinking? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
mutt (or other text mail reader), html, and w3m
OK, I am one of those ancient fossils who hates html email, which is the spawn of Satan and his evil minions. It is distracting, a path for viruses to attack fragile html viewers, incompatable with some ssh tunnels, and included files like graphics break privacy when they are uploaded. In order to read html email with fewer risks, I use w3m, which is included in SL5 and earlier distros. w3m presents the html as formatted ascii text. It can be made to download graphics and other inclusions, but I leave that nonsense turned off. I had forgotten how to configure it when I upgraded my mail server from Redhat-Prehistoric to SL5. For those of you who have also forgotten, you edit /etc/mailcap: ### text/html; /usr/bin/htmlview %s ; copiousoutput text/html; /usr/bin/w3m -T text/html %s ; copiousoutput Now html email shows up as text in your text email browser (I use mutt, but this probably also works in elm and pine). Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
/etc/yum.d/yum.cron.excludes - don't extend to multiple lines
The standard yum.cron exclude clause permits multiple lines: --- exclude = fee fi fo fum foo bar baz --- The /etc/yum.d/yum.cron.excludes file is not so permissive; the second line causes a sed script around line 151 in /etc/cron.daily/yum.cron to barf. I could fix that with an inline perl script, but I don't know how to conditionally concatenate lines with the tools already in the script, and hate introducing another dependency. So the easiest thing is, don't use multiple lines in the excludes file! Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: 2.6.xx HAL automounting CD with cd volume name - yuk
On Mon, Jun 18, 2007 at 10:48:56AM -0700, Keith Lofstrom wrote: > > Color me old-fashioned, but the new 2.6xx Hardware Abstraction Layer > (HAL) behavior of mounting a CDROM in /media using the CD's volume > name is annoying (and hard to write scripts for). For example, if > the CD is named "New Volume", it mounts as "/media/New Volume" (a > filename including a space). > > Is there something I can tweak so that the CD on /dev/cdrom always > mounts as /media/cdrom or /mnt/cdrom ? > > Keith I have learned more. The automounting does not occur when my machine is running level 3. This is actually something that gnome (specifically gnome-volume-manager) does in cooperation with HAL, so I can turn off the automounting with : gnome -> System -> Preferences -> Removeable Drives and Media And there are no options besides turning media automount on and off, none that I can find with the configuration editor, either. Fooey. I just turned it off, and built some shell scripts to do it (and sudo'd mount, umount, and eject so I can drive them as a user). Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5: automounting CD with cd volume name - yuk
Color me old-fashioned, but the new SL5 behavior of mounting a CDROM in /media using the CD's volume name is annoying (and hard to write scripts for). For example, if the CD is named "New Volume", it mounts as "/media/New Volume" (a filename including a space). This could be especially nasty if two CDROMs or two USB keys have the same volume name. Is there something I can tweak so that the CD on /dev/cdrom always mounts as /media/cdrom or /mnt/cdrom ? I imagine this has to do with autofs, but the documentation on that is sparse. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Firefox printing problem
This snippet of html renders fine on Firefox 1.5.0.12, and "page previews" fine, but does not generate valid postscript during printing. The error also occurs with Firefox 1.5.0.10, but does not occur with firefox 2.0.0.4, firefox 3.0a5, or with other browsers on other systems. --- Test05 Test05 Blah blah. --- You can also usehttp://www.keithl.com/test05.htm The "align=justify" causes all the text in the second paragraph to get smooshed on top of the first character. Align center, left, and right work fine, as does the previous paragraph. The output prints smooshed on two different postscript printers and with ghostview ("gv"), with different default fonts, and two different installations of SL5. Align=justify is not common in html, but this bug does screw up the printing of pages it does occur on. Anyone else what to give this a try, and see if it is reproducable for other printer types and setups? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: Seamonkey on SL5
On Sat, Jun 16, 2007 at 08:53:10AM +0800, John Summerfield wrote: > > My immediate problem is my preferred browser is Mozilla - er - > Seamonkey. I couldn't find it with yum, nor with Google, nor can I see > that anyone's asked about it for SL5. Here's the kinda-sad story, from an up-to-a-week-ago Seamonkey ( -er- Mozilla ) user. The Seamonkey RPMs (from elsewhere) tend to step on top of the Firefox RPMs. I'm sure someone smarter than I could resolve the dependency conflicts. But you need to run Firefox 1.5.x from the SL5 distro, because it comes packaged with gecko-libs, which some of the other packages depend on. If you don't use the canonical packages, the automated updates get scrambled. This "wise" choice was apparently made by the Upstream Vendor. So for now, we are kinda stuck with Firefox 1.5.x as our browser. The story is only kinda sad because Firefox isn't too bad, and it installs plugins ( -er- extensions ) very nicely compared to the hassles of Mozilla -er- Seamonkey. I am growing to like it better. I still need to remember how to make it pop up a text window running "mutt" when it is given a "mailto", but I will configure that Real Soon Now (after installing w3m, and finishing configuring osiris, and installing some CAD packages, etc, etc.). SL5 is different. But after a few package updates, and some getting used to, I think I will like it better. Network Manager is awesome, for example. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Re: /etc/resolv.conf and two interfaces
On Tue, Jun 12, 2007 at 07:57:25AM -0400, Brent L. Bates wrote: > If you are running named on your system, you do not need Comcast's name > servers. named will find the information on its own. ... Slap forehead ... of course! Thanks for gently reminding me of the obvious. I made the changes to /etc/named.conf and restarted named, then simplified /etc/resolv.conf to my nameserver only. I don't trust the dhclient tool to leave that file alone, so after fixing it I changed it back to chattr +i . Next ... chroot for named! Serving a small internal network only, I don't worry too much about exploits, but it is the Right Thing To Do. Thanks, Brent! Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
/etc/resolv.conf and two interfaces
My firewall has an inside "green" interface on eth0, and an outside "red" interface on eth1. eth1 is connected to a dynamic address at comcast. The firewall also has a bind (named) and dhcpd server on it, providing name service and dynamic addresses for the internal green network.named is also configured to respond to 127.0.0.1, so in theory the firewall itself can get dns service from the named running on it. dhcpd and logging need the internal name service. Perhaps I have nsswitch set up incorrectly. Or something. When the green interface eth0 starts, /sbin/dhclient-script puts the appropriate information in /etc/resolv.conf. That seems to be the only way the firewall internal programs know about the name server. /etc/resolve.conf is almost immediately written over when the red interface eth1 starts, with the comcast name servers replacing (instead of appending to) the eth0 information. So the firewall no longer knows about dns for internal machines. I can write everything into /etc/hosts, but that is Yet Another File to maintain. There must be a better way. As a temporary hack kludge, I combined the information from both name servers into /etc/resolve.conf by hand, then set it to chmod 444 and chattr +i . I can still turn the interfaces on and off, but dchlient-script leaves /etc/resolv.conf alone. This will work until comcast moves their name servers. Does anyone know of a better way? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
yelp now needs gecko-libs
I've been getting this message from the yum.cron update job for a few days: YUM - security Error: Missing Dependency: gecko-libs = 1.8.0.12 is needed by package yelp ... so yelp has been updated, and now it needs gecko-libs. That should be added to the repositories somehere - a "yum list | grep gecko" lists nothing. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Alternate distro for i586 (Pentium 5 MMX) firewall
I intended to bring all my machines up to SL5, but that only supports kernels for i686 and x86_64 AFAIK. My firewall machine for my small network is an old P5 laptop. Other alternatives required. I want to stay rpm/yum based, and would like to keep the familiar Red Hat architecture and file layout. I would also like to have automated updates forever, or the best approximation possible. Three alternatives look OK so far: 1) Rebuild the SL5 kernel and glibc and a few other packages for i586, and exclude them from yum updates. 2) Go to a security-based small distro such as Openwall. 3) Go to a firewall distro such as Endian. GUI config and excessive package count disturbing, though. Any superior alternatives? I would like something as close to fire-and-forget as possible that will support the old laptop. Keith P.S. - I use an old laptop for a firewall because it is x86, but draws a trickle of power compared to a desktop PC. That is eco-friendly, but frankly the more important reasons are that it is quiet and cool, and it will live for a LONG time on a UPS during a power failure. -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Disk to Disk backups (Was Tape Backups ...)
On Tue, Jun 05, 2007 at 03:35:17PM -0400, Brent L. Bates wrote: ... > Tape backups suddenly started taking forever or never finishing because ... An alternative to tape backup is disk-to-disk backup with rsync. I maintain a package called dirvish, a perl wrapper around rsync, which you can find at http://www.dirvish.org . Rsync uses hard links to minimize needless duplication of data, and moves only the changed portions of files the network. Thus, I can back up 100GB of data on 7 systems on my network (including two systems 3000km away) in about an hour every night. Because I am extra paranoid, the target backup drives are in USB2 hot swap cages, and get swapped to a fireproof safe every few days. I can generally get about 100 full (hard linked) images of the 100GB on a 300GB backup drive, and so I have backups, every day the last 3 years, on 12 hard drives in offsite fireproof storage. Dirvish is used to back up thousands of systems, ranging from small same-machine backups to large clusters like the Oregon State University Open Source Labs, hosting kernel.org, mozilla.org, and other major open source projects. Dirvish is very well tested and stable. There are other rsync-based backup disk-to-disk systems that are also worth a look. Consider packing away those tapes and tape drives, and moving to denser, cheaper, faster media like commodity hard drives. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5 update - adds scim, which breaks acroread7
Another SL5 upgrade lesson: Updating from SL4.4 to SL5 added "scim". Annoying and probably unecessary, this is not part of a fresh install of SL5. To add insult to injury, scim adds the environment variable: GTK_IM_MODULE=scim which causes Acrobat reader version 7 to silently fail. Unsetting it with "unset GTK_IM_MODULE" made acrobat work. I did a "yum erase scim", and everything still seems to work work work work work work work work work work work work work work work work work work work work work work :-) Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5 gnome: ctrl-alt-shift-arrow broken for left alt key
Still finding minor stuff broken in SL5 gnome. Another way to move the window currently in focus between workspaces in gnome is "Ctrl-Alt-Shift" and then one of the four arrow keys to move it to a neighboring workspace. This works with any combination of Ctrl and Alt and Shift (left and right keys) for SL4.4 and the three most recent Ubuntus (Dapper using gnome 2.14, Edgy using 2.16, and Feisty using 2.18). However, gnome window move does *not* respond to the left Alt key for SL5, on three different machines (two laptops and a desktop) for both upgrade and fresh install. Another minor annoyance; having to hit four keys only on the right side of the keyboard gets a little crowded. I don't know whether this is also broken in RHEL5 or CentOS5 or FC6. Note, xev shows that the keystrokes are all responding properly, so the problem is downstream of keyboard decoding. I haven't found a fix. I suspect there is a configuration file somewhere that needs a minor tweak. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL5/gnome 2.16 workspace switcher
The next major gnome frustration is the pointer change when dragging windows in the workspace-switcher in the gnome panel. For some odd reason, starting with gnome 2.16 and continuing with gnome 2.18, when dragging a window from workspace to workspace, the pointer changes to the complex global pointer used for moving applets around the panel. This results in a BIG block of stuff that obscures most of the workspace switcher. On gnome 2.14 and earlier (SL4.4 uses gnome 2.8), the pointer remains the standard "north-north-west-arrow" pointer, which is a lot easier to use. This is not restricted to SL5/Centos/RHEL; it also appears in Ubuntu Edgy (gnome 2.16) and Feisty (gnome 2.18). Both use metacity like SL. I probably need to pester the gnome-panel wncklet maintainer ( Vincent Untz of Grenoble ? ) to get that repaired, unless I want to learn far more about gnome panel programming than any normal mortal needs to know. Suggestions welcome, including how to submit a bug to gnome or how to communicate nicely directly with M. Untz . -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
gnome-session-save
Older versions of SL before SL5 had a button in the logout popup for "Save current setup". That button is missing from gnome 2.16.1 which comes with SL5. If you want to start up with a particular collection of gnome-aware applications in your workspaces, you can set them all up and then run the text command "gnome-session-save". That will save a snapshot of the session at that instant, and the next time you log in under gnome the windows will be restored. I normally start up with a 2x7 array of workspaces set up in workspace switcher, with the workspaces containing 12 gnome-terminals of misc. sizes. The menu item "System->Preferences->More Preferences->Sessions" does not seem to work reliably, and the saved session often gets messed up if you restart a frozen display with "control-alt-backspace". Perhaps I just don't understand how Sessions are supposed to be saved; the documentation for gnome was last updated at version 2.14 . But another frustration is resolved. This is taking an incredibly long time, but I am slowly getting SL5 set up the way I like it. Next I will copy the setup (and the knowledge) to many machines, and leave them to slowly updating semi-forever. In another three or four years, I get to play "where did it go?" again. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
selinux and permissions
Any selinux experts here? SL5 comes with a suggestion to set selinux to "enforced" mode, so I tried it. Later, I installed openvpn (2.0.9-1.el5.rf from dag) and lzo2 (2.02-2.el5.rf) to work with it. When I ran openvpn (as root), I got an error message (linewraps added by me): Starting openvpn: /usr/sbin/openvpn: error while loading shared \ libraries: liblzo2.so.2: cannot enable executable stack as shared \ object requires: Permission denied When I set /etc/selinux/config to "permissive", the error goes away, and openvpn works fine, but that is less secure, I assume. Is there something simple I can do to so that selinux is happy with this library, now and after some potential update in the future? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Laptops, Battstat, and gnome-power-manager
For SL5 laptop users: A number of things have changed with SL5. One thing that is missing from the current gnome-panel version 2.16.1 is battstat, the battery notification applet. I was a upset by this, until I found the gnome-power-manager package, which is used in conjunction with the "notification area" applet. gnome-power-manager keeps track of the battery, and also manages power, shutdown, hibernate, etc. A very handy tool for laptop users. To use this, make sure that gnome-power-manager is installed ( "yum list gnome-power-manager") and right click the panel to "add to panel" the "notification area" applet. In my case, it came up with a power icon and (for some reason) an SCIM icon. I went to Menu->System->Preferences->More Preferences->SCIM Input Method Setup to turn off the tray icon (click GTK to bring up the menu with the button that disables the tray icon). This maximizes the panel space available for other things. I went to Menu->System Tools->Configuration Editor and selected apps->gnome-power-manager to do some tweaking. I turned on "battery_event_when_closed" so the laptop suspends when the AC adaptor is removed while the lid is closed. I turned off "notify_ac_adapter" and "notify_fully_charged". I have my Thinkpad T30 laptop set up with ACPI. I added a new section to /boot/grub/grub.conf that is like the others, with "acpi=off" removed, and set the default boot to that (If needed, at boot time I can select the original section with "acpi=off" to load apm instead). ACPI provides much richer information to gnome-power-manager; look at /proc/acpi/ for all the information provided - the file /proc/apm provides only one line. ACPI did not work well for my thinkpad with kernels before 2.6.18, but works just fine now. In any case, gnome-power-manager uses all that information to keep obsessive amounts of information about the battery and the system power usage and state, like graphs of charge history. Just the thing for obsessive information junkies like me. I shouldn't be telling all the empirical scientists reading this list - they may spend too much time looking at the data and too little time doing real science, sigh. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
Sans 9 Application Font and Open Office menus
Here's a little one hour hair puller (much less for those in the know, I'm sure). While testing OpenOffice after upgrading to SL5, I saw that the letter "r" in the menus was rendered incorrectly, looking closer to a flaky "n", as if the first column of pixels was being displayed last. Only on OpenOffice, not on other applications, menu bars, etc. At first I thought it was an OO bug, and spent a long time frobbing on that. I won't bore you with more details. It turned out to be a bad interaction between OO and the "Sans 9" font used as the application font. I changed the application font to "Sans 10" in System > Preference > Font, and it is larger but clean. Keith P.S. And larger in a bunch of other things, so a little less desktop space. -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
dd vs rsync (was) SL44 to SL5 observations
On Sat, May 26, 2007 at 09:50:41PM +0200, Pfenniger Daniel wrote: > Keith Lofstrom wrote: > >Thanks for SL5! > > > >I am currently upgrading two systems from SL44 to SL5 (the rest > >are getting fresh installs). > ... > >I do each upgrade on a "dd" copy of the original hard drive onto > >a spare; backing out of a failed upgrade is easier that way. > > The "wisdom" I have gathered is not to use dd for such > disk duplication, but to use fdisk for partitioning, and > "rsync -ax /orginal/ /target/" for file copy > (be careful with the trailing /'s). > > The first reason is that dd copies bad blocks, and > the second reason is that rsync over a blanck partition defrags the > files. A second rsync allows to check fast the first copy. The third > argument is that often disks are not strictly equal, and > then dd is anyway not recommended. > > Some use tar instead of rsync. I do this with two identical, modern drives, which seem to internally manage the bad blocks. The problem with rsync is that it sometimes does not copy metadata properly - even the mod dates for softlinks are not properly set. tar is less capable than rsync. Also, this way I get identical bits for the boot blocks. Otherwise I need to fool around with grub. I can do the copy in about 5 minutes of setup (mostly booting to single user and doing a sync first), two lines of typing, followed by a copy time of one hour per 150GB or so. The rsync approach involves a lot more setup and fiddling, even with automated scripts. Indeed, I used rsync and the automated approach to merge partitions. I missed a few things, and had to do it a couple of times to remember to find every bit of data, and to exclude things like /sys and /dev and /proc and /media (and of course the target drive) . Either way, it is important to use identical drive models. There should be identical spare drives anyway, because someday you will need to restore a backup to one, and that should be practiced beforehand. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
SL44 to SL5 observations
Thanks for SL5! I am currently upgrading two systems from SL44 to SL5 (the rest are getting fresh installs). Some surprises, so far: If the SL44 machine is partitioned into a half dozen partitions (it was easy to dump onto tape), it may crash during upgrade (red screen covered with cyrillic yellow text. Hah!). After six attempts failed (different drives, machines, DVDs, etc) I merged everything but /boot into /, and the upgrade finally worked. It is hard to draw firm conclusions from one success and many failures, but if you have problems upgrading a multi-partition system, try merging them. I do each upgrade on a "dd" copy of the original hard drive onto a spare; backing out of a failed upgrade is easier that way. The upgrade added some packages I don't want; a LOT of language packs for OpenOffice.org, for example, as well as evolution and spamassassin (which I don't need on my laptop, and add unnecessary dependencies). I will see what "yum remove" allows me to do. The upgrade process paused for about 20 minutes in the middle while loading "selinux-policy-targeted", and again after the last package was loaded. At first, I thought it was another failure, but there was some random disk light activity, so I assume it was busy making encrypted hashes (or sending my personal data to the NSA). The upgraded machine tries to use Red Hat Network. I stopped that by removing the file /etc/yum/pluginconf.d/rhnplugin.conf . More as I learn about it; perhaps those observations will help others. Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
suggested verification steps for yum update of security tools
I run ancient old tripwire nightly on my machines. Yesterday, on my SL4.4 laptop, I noticed that it had found changes to "vipw" and other security related tools. A little concerned, I downloaded the latest version of chkrootkit and ran it, finding no problems. I looked at the yum logs, and found a yum upgrade of util-linux from sl-errata; the header file shows that vipw and the rest had been updated. False alarm, I am probably safe, assuming no outbreak of evil at SL or TUV (=The Upstream Vendor in North Carolina, for those wondering). I will react similarly if I ever see a change of the basic security programs. Is there anything else a prudent administrator should check when these programs change? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs