Re: Flash plugin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The 64 bit version I installed an hour or so ago from the Adobe yum repo is: flash-plugin-11.0.1.152-release.x86_64 Dag Wieers wrote: | On Thu, 6 Oct 2011, Yasha Karant wrote: | | On 10/06/2011 04:37 PM, Dag Wieers wrote: | On Thu, 6 Oct 2011, Yasha Karant wrote: | | I realise that except for the Fermilab/CERN staff persons, almost all | of the rest of those maintaining material for SL are unpaid | volunteers. With that stated, what is the | typical/average/median/whatever delay from the Adobe release until | the | SL compatible port for the flash plugin? |In some cases, Adobe adds functionality -- but in most cases it | is a | matter of bug and security-hole fixes -- and the sooner one | installs a | valid security fix, the better. | | Do you have proof that this is a security fix. Because I track the RHEL | packages and no such update has come through their channels. It | seems as | if the release was simply their official Flash Player 11 release, | rather | than a security fix. | | If it is a security fix, even Red Hat is behind. Somehow I don't | believe | that, but for you to provide proof of what you state. Thanks. | | I use the direct Mozilla (and OpenOffice) distributions and updates. | For Firefox 7.x (that the Firefox update on Help -- About Firefox | reports as up to date), I ran an update check on the addons, including | plugins using Tools -- Add ons and URL | https://www.mozilla.org/en-US/plugincheck/ and the following was | displayed: | | Vulnerable plugins: | Plugin Icon | Shockwave Flash | Shockwave Flash 11.0 r1 Vulnerable (more info) | | (11.0.1.129 is what actually is installed) | | Again, without any information it is hard to determine whether the | plugincheck is mainly checking the version against the latest (known) | available, or whether it actually knows about vulnerabilities. | | I bet the first option is what is implemented (because the second adds | complexity without any real gain). Their aim is to have people running | the latest. | | ALso, if we look at TUV, they still offer | flash-plugin-10.3.183.10-1.el6, which is most likely not vulnerable (and | which was the version offered by Repoforge until this morning too). In | other words, we are now disconnected from the RHSA information. | | If you noticed a flash-plugin update from Adobe, feel free to let us | know so we can update our flash-plugin package too. | | Thanks in advance, - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFOjqn/OMIGC6x7/XQRAhFvAJ9QBWWochI/ODbT+jfTvfM8YpxjLwCgrOxG qdBTZXJirs0EQgmSn2XL/Eg= =gp6S -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
xsane crashes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With a 64 bit sl6 install a once working scanner (under sl5) now crashes xsane. I am using twinview and xinerama (three screens and two video cards) with the nvidia proprietary drivers so maybe it's me. Anyone else have this problem? It barfs: (xsane:332): Gtk-WARNING **: GtkSpinButton: setting an adjustment with non-zero page size is deprecated (xsane:332): Gtk-WARNING **: GtkSpinButton: setting an adjustment with non-zero page size is deprecated (xsane:332): Gtk-WARNING **: GtkSpinButton: setting an adjustment with non-zero page size is deprecated Gdk-ERROR **: The program 'xsane' received an X Window System error. This probably reflects a bug in the program. The error was 'BadMatch (invalid parameter attributes)'. (Details: serial 30980 error_code 8 request_code 150 minor_code 5) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) aborting... Abort - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk3gJfMACgkQOMIGC6x7/XQPQgCdExlol+zYWQnp3ohJjxwI0VDV /8kAnAqjruAqvp9W5VPRt7ddmAOqakDl =HfsV -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
is there a javaws in java-1.6.0-openjdk?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Taking a lead from a comment about not needing the oracle jdk for java services and noticing that once again the jdk needs an update, I removed the oracle jdk. I installed java-1.6.0-openjdk (after much futsing since the oracle jdk seemed to have broken things). Alas without javaws EVO will not work and yet yum told me this package has javaws: yum whatprovides indicates (among other stuff): 1:java-1.6.0-openjdk-1.6.0.0-1.21.b17.el6.x86_64 : OpenJDK Runtime Environment Repo: sl Matched from: Filename: /usr/share/pixmaps/javaws.png Filename: /usr/share/applications/javaws.desktop Filename: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/javaws after installing this package an ls /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin indicates java orbd policytool rmiregistry tnameserv keytool pack200 rmidservertool unpack200 no javaws! rpm --verify java-1.6.0-openjdk doesn't indicate any missing files rpm -ql java-1.6.0-openjdk|grep javaws yields nothing. What am I missing here? - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk3W11AACgkQOMIGC6x7/XQ55wCfWI4NFGgRLIBeohiGV3r0m0bR 4ggAoL8PcNJiy3WfqMBTQ6MXJpSBJkTp =EWO0 -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: is there a javaws in java-1.6.0-openjdk?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Acck! I just noticed the changelog. I gather javaws was removed for some reason (I guess yum is telling me that an old version has javaws). Am I doomed to go begging back to oracle? On 05/20/2011 04:04 PM, Robert E. Blair wrote: Taking a lead from a comment about not needing the oracle jdk for java services and noticing that once again the jdk needs an update, I removed the oracle jdk. I installed java-1.6.0-openjdk (after much futsing since the oracle jdk seemed to have broken things). Alas without javaws EVO will not work and yet yum told me this package has javaws: yum whatprovides indicates (among other stuff): 1:java-1.6.0-openjdk-1.6.0.0-1.21.b17.el6.x86_64 : OpenJDK Runtime Environment Repo: sl Matched from: Filename: /usr/share/pixmaps/javaws.png Filename: /usr/share/applications/javaws.desktop Filename: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/javaws after installing this package an ls /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin indicates java orbd policytool rmiregistry tnameserv keytool pack200 rmidservertool unpack200 no javaws! rpm --verify java-1.6.0-openjdk doesn't indicate any missing files rpm -ql java-1.6.0-openjdk|grep javaws yields nothing. What am I missing here? - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk3W2CUACgkQOMIGC6x7/XSAagCaA/RoUHc3MCVp+lm9WBRfp604 efgAn1SpM2l+ZmoGF0FEp1qEEqftQ0rv =3z3W -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Upstream fault? sshd re-chkconfiging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have noticed several times now that when sshd gets updated it chkconfig's itself to start at boot. I need sshd on my laptop for some occasions when I run atlas tdaq software (which communicates via ssh), but I do not care to have it on by default. Whenever there is an update of openssh-server the update does an chkconfig --add sshd. Should this be reported as a bug to redhat? I'm sure I'm not the only one who finds this annoying and potentially insecure. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNsHNhOMIGC6x7/XQRAmxVAKDBqI24kYRKm3qC3IdVaX9SouVJGwCfWij+ DAtG71EdZy3XxEdJ9U8hBkE= =uuhn -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: RHEL/SL and iptables
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is a sourceforge project called firestarter which has a rather nice script that does lots of iptables config and provides a gui monitor of firewall activity. On 04/16/2011 03:39 PM, Phil Perry wrote: On 16/04/11 20:34, Vaclav Mocek wrote: On 04/16/2011 08:13 PM, Nicolas Kovacs wrote: Hi, Until recently, I've only been using the system-config-securitylevel-tui utility, because it's easy to use while covering all my needs. Now I have to switch to a manual iptables configuration, because 1) the system-config-securitylevel-tui utility has been dumbed down, and 2) some of the things I want to do need a more fine-grained control. What's the most orthodox (e. g. clean) solution to configure iptables manually (in a script, somewhere) with SL ? Cheers, Niki Kovacs A custom script. Very nice how to for RH and Fedora could be find here: http://fedoraunity.org/Members/kanarip/iptables-howto Yes, definitely easiest to control iptables with a short/simple script IMHO. Also take a look at the CentOS Wiki iptables howto page which shows in detail how to implement such a script: http://wiki.centos.org/HowTos/Network/IPTables Once you've created your script, making changes to your firewall are as simple as making a quick edit to the script in your favourite text editor and (re)running the script. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk2tvhUACgkQOMIGC6x7/XSFPACfWcucOqTe8ihAdEA6Q4O+5+nH ZSAAn3cxs4NCSebqDLBeod8CykGhQZyp =i4HN -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: software partitionable RAID1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have set up a system with just raid 1 arrays for everything (including /) with SL6 and have seen only one issue. The first boot after install fails, but this can be dealt with by running a live dvd/cd and then rerunning grub-install. I think the fully raided setup seems to confuse the boot installation and the boot sector gets installed on one of the two disks (the wrong one in my case). Adrian Sevcenco wrote: | On 04/07/2011 12:02 AM, Florian Philipp wrote: | Am 06.04.2011 22:54, schrieb Adrian Sevcenco: | Hi! Have anyone some idea about this subject? | i mean is there still need for the mkinitrd patch described here: | http://wiki.centos.org/HowTos/Install_On_Partitionable_RAID1 | http://wiki.centos.org/HowTos/Install_On_Partitionable_RAID1?action=AttachFiledo=gettarget=mkinitrd-md_d0.patch | | | corresponding to http://bugs.centos.org/view.php?id=3566 | | Thanks! | Adrian | Hi! | | The SL-5 and SL-6 installer allows you to create a RAID, an LVM volume | group on the RAID and then partitions (logical volumes) in the volume | yeah i know .. | | group. Logical volumes can be used for everything except /boot. I'd | advice you to do this unless you have really good reasons for not | doing so. | well.. my first principle in doing something is keeping everything as | simple it can .. so the question is : why should i use lvm? i read so | much about it and so far (many years passed) i didn't found a reason to | use it... | so back to may subject : i found that is simpler to just make a raid1 | over all the device than use the lvm configuration. | which brings out the my question again : what is the status in mkinitrd | of TUV OS 6? | | I can walk you through the installation steps but I don't think this | will be necessary. | yeap .. done it already a couple of time to see how it goes .. | | Thanks! | Adrian | - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNn1ZMOMIGC6x7/XQRAirUAJ92RlMwuojOlLM8cvkmY+1FfFaAVACgoI48 G2OA8m4lvnoBZYtPTTkdRpA= =AOXe -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: repos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It is also possible in the other repos to exclude packages which is often a good idea if you have packages that overlap between the repos you enable: An example from my sl.base (because I use a more recent OO and oracle's jdk): exclude=jdk openoffice* ooobas* Orion Poplawski wrote: | On 04/01/2011 07:06 AM, Urs Beyerle wrote: | On 04/01/2011 01:02 PM, Bluejay Adametz wrote: | | I keep these generally disabled and do a | | yum list --enablerepo=\* | | I would also strongly recommend to disable all external repos per | default! | | You can also specify only the packages you want in the repo file, e.g.: | | [rpmforge-extras] | name = Red Hat Enterprise $releasever - RPMforge.net - dag | baseurl=http://rpmforge.cora.nwra.com/redhat/el$releasever/en/$basearch/extras/ | | enabled = 1 | protect = 0 | gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag | gpgcheck = 1 | includepkgs = clam* subversion* mod_dav_svn *fuse* | | - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFNlfLVOMIGC6x7/XQRAjNaAJ0UMmgDlQl5Tx0RQkdMyYV8HiVfpwCfYuHh 48mDJkwzl0KWvRlu7BQ5Hmo= =/tPx -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
public keys and SL6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I came across an odd feature in sl6 and maybe someone understands what causes this. It seems that SL6 has an agent that does an ssh-add when you log in. Unfortunately, it appears to snarf up any key you happen to have in your .ssh area even ones with nonstandard names. It has the rather disturbing feature that if you do a ssh-add -l immediately after logging in it shows your encrypted private key as being loaded. It seems not to be really since when you try to use it it then asks for the pass phrase with a gui popup. I'm guessing that it just looks at the pub part and recognizes that you might use it later. In my case I keep some specialized unencrypted keys for specific functions (i.e. in the remote authorized_keys file these guys allow execution of a single rather harmless command). It seems that these get ssh-add'ed automatically at login and they are presented to the remote hosts in ways that preclude my using public key access on the second hop in a chain of ssh's (yes initially the real encrypted key gets used but on the second hop it appears the specialized ones get presented and force a failure for an actual login). I googled and found that there is an openssh agent in the startup applications that appears to have a related function but I don't seem to have that enabled so configuring is likely futile. I do have a workaround (simply move all these keys to some other area than .ssh) but I'm curious as to what is doing this and it seems like something people might want to be aware of. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAk2CgIsACgkQOMIGC6x7/XQrfACgl/SAarLpTYwNB/OYyJiHcTU6 wsYAn20O6f3wytPmBLxTASgTxhtdP2a8 =Ir7x -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: Hyper-V Synthetic drivers on SL6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not sure what the Centos plan is for a release based on RHEL6 but in the past they had kernels that match the usual SL5 ones but with more drivers enabled under the centosplus repository. The repository here works fine for SL5.5: [centosplus] name=CentOS-$releasever - Plus #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=centosplus baseurl=http://mirror.anl.gov/centos/5.5/centosplus/$basearch includepkgs=kernel* gpgcheck=1 enabled=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 Of course you need to do some excludes in the usual SL repos. On 03/03/2011 01:22 PM, Troy Dawson wrote: On 03/03/2011 12:14 PM, Dave Capone wrote: Hi, Is there a way to enable to the Hyper-V synthetic drivers in the SL6 kernel similiar to Ubuntu? Can they be enabled with a recompile? I currently don't know, I'll leave that for others to answer. If so, would the SL developers/contributors consider publishing 2 versions of the distribution, one with the drivers enabled and another with them disabled? I am admittedly unfamiliar with recompiling linux kernels to add this support. That I can answer. The answer is no. It has been the tradition of Scientific Linux to never mess with the kernel. It's not a matter of not knowing how to recompile the kernel, it's a matter of support. We don't have the resources to support a second kernel. Troy - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTW/s0vQM1KNWz8QaAQJJJAgAwQig1EApGONMKbu9G/U0S7lC01dVcVPF 9pycI9sytdhE4SSR1J/qaJbdaJYRR61A8ZWG4gPKHbijBplM54VixWq3Luvei7yG 9qP3BYcJhVTrPLaA6bvBONn26SGlC4LAyc5CGalnmQMe2GbTnMhnx76Jm32zqZh/ QQVCom30Tb5kkB/bawvi3S4ZlZam42atUC3+S11bZeH5kjsr/YrkJD/L/9ombr62 yTJ5vFa9FgkLwWG/pkXx/0DnP2u1suoO6ld5btCAMY0EwObxer/GhRWVo1Ld/GDH u5bov5fI5i/tyN3oa1Azz9/o8GzNEf+Caz/ltMUutdGtQZV91hnC4A== =EJN2 -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: OpenSHH update disables remote SSH X11 port forwarding connection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This sounds like a configuration issue (and consistent with previous releases). In the past it was always necessary to add: X11Forwarding yes to /etc/ssh/sshd_config for the display forwarding to work correctly on the server end. On 02/24/2011 02:21 PM, Francisco J. Guzmán wrote: Hello: Please notice OpenSSH update from 4.3p2-4*1*.el5 to 4.3p2-4*2*.sl5 causes user's environment variable DISPLAY not being set automatically and therefore remote SSH connections using X11 port forwarding do not work regardless if the variable is set manually. Downgrade of the package reestablishes proper functionality. I wonder if you have seem this behavior and if there is a workaround/solution. Thanks /*- Francisco*/ - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTWbCu/QM1KNWz8QaAQJMJAf/XdZuCMTNx2IZC61PaqBnnhTELCD0+R7r 43mrNrzfOBornZDpuFYbPYm9YmkhxUClM0yyDo1WYpxuUPND02lvOUOKsKC8HxQJ ExgBhuFUiY2J01H4Mia02LoRK/WryXbDHHfYJvOtTvkIUosNoSzE+++BrmAyD9bl BtHj2CvD1l37KKzRzk1DNRxHcoCciTdr6Gvl4QDrJzgJgbNqYrJkWJtE7dz+hkib 5Octpb9jNy9MzejmUMW8Qv2wJ+2hwL7u/NRWmP33P61VC7eHTFHBakzVeHAD/MTj r8Gc5UEdP0cP4daWFrnITwanliUCr73YFxOm/N4nMhzZSk3jnrMzuw== =ivtn -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Re: A quick reality check request.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Of course, in this case the support is not from Dell anyway. Michael Tiernan wrote: On 4/23/10 1:33 PM, Connie Sieh wrote: So what is a supported platform? Pure Red Hat only. As a matter of fact, they're pretty tightly coupled. I just noticed that you can purchase a machine from Dell with a RH license and when you go to the RH support site, you can/have to enter the Dell system's ID and they check it against the Dell DB (somewhere). - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFL0eOSOMIGC6x7/XQRAi/PAKC/oaISwzXGFgEf+/5Li5pvQ7177wCfRD+k u3p5Hwsgs8GuSkhuwG/0ISU= =/dlj -END PGP SIGNATURE- attachment: reb.vcf smime.p7s Description: S/MIME Cryptographic Signature
Nit regarding web file serving
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have been lately quite annoyed by the fact that sometimes (not always) the new versions of powerpoint files (.pptx ones) do not cause openoffice to come up. You often need to save the file and then open it locally. It just dawned on my why. Many (ours included) web servers do not have pptx in the /etc/mime.types file so the files are not properly labeled as powerpoint. I believe that adding the following to the /etc/mime.types file of our web servers will fix it: change: application/vnd.ms-powerpoint ppt instead it should read: application/vnd.ms-powerpoint ppt pptx Similar changes are needed for doc-doc docx and for xls-xls xlsx Without this the web server identifies the files as binary and a browser that respects this simply allows you to download and not to open the file. It would be great if TUV would incorporate this into future releases of the mailcap rpm. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFLsmqTOMIGC6x7/XQRAtCiAJ46+M9FQdaoUdPp0JNjnsoJwQJuBACgtZD8 jrsVT6+O3hIPE1K5U/A+vn8= =79M6 -END PGP SIGNATURE- attachment: reb.vcf
Re: Serious New Install problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is the shared volume mounted squashroot (i.e. does root actually have read/write access)? Larry Linder wrote: | There is a problem with installing new users in a directory other than /home | Most of us work from our home directory some use a meg and some use many G. | | In our scheme to isolate users from OS's we have a number of large disk set up | as engr1, engr2, engrnn. A number of users have their login directory in | something other than /home. | | Red Hat some how got this messed up. | | If you install it, login as root, make a new user account that is like the old | account. /engr10/users/llinder. you will not be able to login as linder. | Not only that if you use the new user GUI and remove a user it will remove the | users directory that it couldn't find for a login | | The message you get is totally bogus. | | Your home directory is listed as | '/engr/users/llinder' | but it does not appear to exist. Do you want to | login with /root directory? | It unlikely anything will work . . . | unless you use a failsafe | no yes | | | To prove the point I added a new user bogus and it a / home/bogus directory | was created. Interesting because there was never a /home directory set up | during an install. So where is this magic /home directory. | | It looks like to use SL you have to assign a Tera byte drives to /home and let | the garbage pile up, Without much hope of doing an intelligent back up | | What we are planning to do till we can get this sorted out is to install Open | Suse 9.3 as 10.3 screwed up with LVM trash. | | Larry Linder - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFLTiS5OMIGC6x7/XQRAi/pAJwP8JkFd2BKWjTj2by1jdV9L8q7KQCfTtDX QquR+8gXnjTYJGMc6uN08yI= =EAJm -END PGP SIGNATURE- attachment: reb.vcf
Re: Logo Contest for SL6 extended
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The only thing that might improve it is if the electrons were little Tux's oriented every which way careening with delight with joyful expressions to offset the puzzlement on the nucleus. Michael Tiernan wrote: | On 10/1/09 5:18 PM, martin@stfc.ac.uk wrote: | I like number 9 - though Tux has an expreession that I can't quite | define (other than cross-eyed!). Needs the extra electron though. | | That expression is WTF? Who loaded Vista on this system? :) | (I'm kidding, not trying to ignite a religious war.) | Whomever did it did a nice job though! (He does look cross eyed.) | | Entry #7 isn't published fully, we can't get at it properly. | | I think: | #7 has some symmetry that catches my eye for some reason. | #1 Is growing on me a bit. | | And special cases: | #9 is good for a small icon. | #8 (a b) are nice for small icons too, not for larger splash screens, | etc. | - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKxiJSOMIGC6x7/XQRAlglAKC2ffTRaDJysxYY1hpgO8OaXY1WvwCePmMA bUoNvgpubNXg7sOQa1Sao5M= =+nYh -END PGP SIGNATURE- attachment: reb.vcf
Re: new signing key issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I see the same problem. It is a bit of a mess because I too always set gpgcheck=1 and that means a hand edit of all the repo files to recover since many have changed in other ways as well. It seems like asking for trouble to set gpgcheck=0 as is the default. Kelvin Raywood wrote: | Now that a couple of package updates (libtiff, libtiff-devel) have been | signed with the new SL signing key, a couple of issues have arisen that | are causing automatic updates to fail. | | In SL 5.1 (and possibly SL 5.0) the release number of the sl-release | package was not incremented and so those systems did not receive the new | keys. | | r...@sl-5.1host rpm -q --changelog sl-release | * Fri May 23 2008 Troy Dawson daw...@fnal.gov - 5.1-2 | - Changed sources to be 51 instead of 5rolling | | ... | | ie, sl-release has been at at 5.1-2 since May 2008 | | The new version of the package is the same release number and the May | 23, 2008 entry from the changelog has disappeared. | | Another cause of update failures is that if the yum repo files have been | modified (e.g. to enable signature checking), then the update to | yum-conf added created .rpmnew files but left the modified files in | place. This is correct behaviour but it means that the path to the new | key is not in the .repo files and so security updates fail because the | repository now has packages signed with the new key. | | For some systems it is not sufficient to just fix the .repo files. If | they have missed the update to sl-release because they've been | offline, or because of the release number problem above, then updates | will continue to fail because they don't have the new key. The solutions | on any individual system is fairly straight forward; disable signature | checking or import the new keys manually. However at TRIUMF (and I | suspect other institutions) there are a large number of desktop PCs | managed by their owners; some of whom are less than diligent about | reading email sent to root about failing yum updates. | | When Fedora changed their signing key last year, they created new | repositories (i386.newkey, x86_64.newkey) and systems were updated in a | two-step. First the yum-conf package installed new .repo files pointing | at the new repositories. Then all new updates went to the new | repositories. This avoided update failures because of missing keys. | | Do most people just leave their signature checking disabled and so don't | have the problem or have I missed something obvious here? | | I'm a little surprised that this issue has not already been raised. | | Kel Raywood | TRIUMF - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKaKcwOMIGC6x7/XQRAlFHAKDD9DAyuNHC0H+jMkk09i7wF/bDzgCeOKrP hzO5h/5JYdHm2lPvFUDc6co= =Uk/X -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: How to configure Xen-3.4.0 on SL 4.7?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I can not comment on Xen. I gave up on setting it up. I have used sun's virtualbox in a few cases. It is simple and works beautifully. VmWare server is a little klunkier and heavier weight but also works okay. Bill Lutter wrote: | At the risk of being off subject, how does Xen compare (it seems to be | nontrivial to setup) relative to SUN's new offering? | | http://www.virtualbox.org/ | | Bill Lutter - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKOiHQOMIGC6x7/XQRAruqAJ4wM45Bid9Y4gHw457EUztkCUVn/ACePZNa FW+Fm/UOlCqIurshrEb1rgA= =r0X5 -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: plugin problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It is easier than it used to be. The trick is to use/install nspluginwrapper which makes 32 bit plugins available to x86_64 installed firefox. Java can be installed from a current sun java release by symbolically linking the file /usr/java/jre1.6.0_13/lib/amd64/libnpjp2.so into your ~/.mozilla/plugins directory. Steven Timm wrote: Hi Vivek--did you install x86_64 version or i386 version. A lot of plugins are hard to find for the x86_64 version. Steve Timm On Mon, 1 Jun 2009, vivek chal wrote: hello everyone! i have installed scientific linux 4.5 in my system but i m not able to install plugins in my firefox browser.i cant open sites which needs plugins. which package i have to install? Please suggest. thanks Vivek Chalotra GRID Project Associate, High Energy Physics Group, Department of Physics Electronics, University of Jammu, Jammu 180006, INDIA. - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5047 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKI+wgOMIGC6x7/XQRAiCZAJ9dm32ts321sTOvU6rOz1HqX2O/NACgrUYB Ubw4OQxwb8B2f7I7kEQnFTw= =AYjx -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Lab;HEP adr:;;9700 S. Cass Ave.;Argonne;IL;60439;USA email;internet:r...@anl.gov tel;work:630-252-7545 tel;fax:630-252-5782 x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard smime.p7s Description: S/MIME Cryptographic Signature
Re: problem with port forwarding and new kernel?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Okay - maybe the issue is more complex. It appears that a reboot solved the immediate problem. Robert E. Blair wrote: | After the latest kernel upgrade (2.6.18-128.1.10.el5) ssh appears not to | be able to do port forwarding. It fails to open the local port for | listening: | | debug1: Local connections to LOCALHOST:10025 forwarded to remote | address xxx.hep.anl.gov:25 | | debug1: Local forwarding listening on 127.0.0.1 port 10025. | | bind: Cannot assign requested address | | debug1: Local forwarding listening on ::1 port 10025. | | bind: Cannot assign requested address | | channel_setup_fwd_listener: cannot listen to port: 10025 | | Could not request local forwarding. | | Has anyone else seen this. Is this a kernel bug or a feature? - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKDTaXOMIGC6x7/XQRAsDIAJ9RKyYvYlXmhYJc1hlhxXgbJ1onYgCffXzO r/22Jh8oSEg+U1J91nZhd2k= =B9Rx -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: How can I install Skype on SL 5.0 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 skype-2.0.0.72-centos.i586 works fine on sl5.2 Pedro Ferreira wrote: Hello all, I dont't know how to install skype on my SL5. I don't even know which distribution I should download, since there are no Red Hat versions. Which dependencies will I need to install? Thanks, Pedro Ferreira. Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10 http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/ - Celebridades http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/celebridades/ - Música http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/m%C3%BAsica/ - Esportes http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/esportes/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJt78dOMIGC6x7/XQRAtCFAKCC2INEfmFLahTY5MOvmuUG46n8tQCgvRFH t1VlFgUIUNQCXz/FEZh08lw= =0IMR -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Lab;HEP adr:;;9700 S. Cass Ave.;Argonne;IL;60439;USA email;internet:r...@anl.gov tel;work:630-252-7545 tel;fax:630-252-5782 x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard smime.p7s Description: S/MIME Cryptographic Signature
Re: kernel 2.6.18-128.1.1.el5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm confused on this. I have cpuspeed installed - this contains no nodules. It only has an executable and a startup script. What has this to do with a kernel change? I did try installing the rpm and /sbin/modprobe powernow-k8 resulted in: FATAL: Error inserting powernow_k8 (/lib/modules/2.6.18-128.1.1.el5/kernel/arch/x86_64/kernel/cpufreq/powernow-k8.ko): No such device Troy Dawson wrote: | I *think* what has to happen is we need to push out the new cpuspeed | that is in SL 5.3 to everyone | | https://bugzilla.redhat.com/show_bug.cgi?id=459441 | http://rhn.redhat.com/errata/RHEA-2009-0098.html | | Basically, it looks like what happened was the powernow-k8 changes from | being built into the kernel to a kernel module. And the cpuspeed needed | to be changed to understand this. | | Can someone test this out and see if it works for them. | | i386: | http://ftp.scientificlinux.org/linux/scientific/5rolling/i386/SL/cpuspeed-1.2.1-5.el5.i386.rpm | | x86_64: | http://ftp.scientificlinux.org/linux/scientific/5rolling/x86_64/SL/cpuspeed-1.2.1-5.el5.x86_64.rpm | | | Troy | | Dusan Bruncko wrote: | Dear Troy, | | it is true also for i386 ... | | Dusan | | J S Jayakumar wrote: | Dear Troy, | |unfortunately kernel 2.6.18-128.1.1.el5 does not support cpu | frequency scaling on AMD64 cpus. We were using this feature on all | of our machines with the previous kernels. Any solution to this | problem? | | J S Jayakumar | | - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJqEVJOMIGC6x7/XQRAvYFAKCX/qoYWYQSHqEUo1IVUPN8kWSdjwCeOrPa DrIoOMSorGWDPxTscf+cdmI= =IDH0 -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: bug in boost?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe all that needs to be done is to add an ||defined(__amd64__) where the similar __i386__ test is done in the /usr/include/boost/detail/endian.hpp . My only caveat is that gnash, while it built with this change, appears to segfault on every flash file I try it on so while I believe the proper endianness was selected the application is stillborn. My guess is there is some more subtle issue somewhere else. Troy Dawson wrote: | Robert E. Blair wrote: | | I ran across the following in trying to build gnash (a desperate attempt | to recover flashplayer capability after updating to SLC5.2 and | installing flash-plugin, but that's another story). The file from | boost-devel.x86_64 /usr/include/boost/detail/endian.hpp depends on | __i386__ being set, but this is not set with the release compiler. | Instead __amd64__ is set. The fix is clear, but gnash still doesn't | work after compiling with a kluge to this file. This should be reported | to TUV. I didn't check whether it has been. The fix is trivial so if | it was reported it is a 30 sec. fix. | | | | Hi, | Sorry, but since I don't use boost (that I know of) I'm still a little | fuzzy on the fix. | | Is it that | /usr/include/boost/detail/endian.hpp needs to be fixed so that it get's | thr proper architecture? | | And what is the proper fix? | 30 seconds to you, might be 2 or 3 hours to someone else. | | Troy - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJnYr7OMIGC6x7/XQRAuHCAJ9i/yYDigKnA/by7z+Lpc7oQCqSDQCghOcr 5RkjDvdR73baAkqPVV7yf8c= =o4VW -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: TESTING - security kernel for SL5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You're quite right Troy. It's not as simple as what I put forth. I hadn't appreciated how many kernel\*s there were! My point was that using update leaves you with only the testing kernel and removes your present working one. If the testing kernel works out okay then all is well. If not you are in a bit of a fix. The conflict is the kernel\* versus a specific kernel and its support pieces, not the update versus install. As for me, I got lucky. Cheers, Bob Blair Troy Dawson wrote: | Hi, | Sorry to contradict you, but if someone does what you say, they will | install all* the kernels and *all* the kernel-modules. | No, do *not* substitute update for install, they mean two totally | different things. | Robert, Please explain what happened to you. | Thanks | Troy | | Robert E. Blair wrote: | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | Don't follow Troy's instructions like I did - how about: | | yum --enablerepo=sl-testing install kernel\* | | instead of update | | So far it's okay for me but you might not fare as well! | | Troy Dawson wrote: | | Hello, | | There is a new security kernel out for SL5. | | It is based off the new kernel from Update 3, and hense, has all it's | | changes, including driver updates. | | I'm still a little nervous about pushing this out, so I'd like it to be | | tested a bit more. | | One of the new changes that it has is updated Intel Wireless drivers. | | I have the Updated Firmware for these in the same testing area. | | I have also included new Intel Firmware we didn't have before, because | | it appeared to have the drivers in the kernel now. | | I also have the new aufs in that directory. | | | | To test | | | | SL5 | | --- | | yum --enablerepo=sl-testing update kernel\* | | | | or download | | | http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/kernel/ | | | | | | | http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/kernel/ | | | | | | | | New Things in the directory | | aufs | | kernel-module-aufs | | | | xfs-filesystem | | kernel-module-xfs | | | | iwlwifi-3945-ucode | | iwlwifi-4965-ucode | | iwlwifi-5000-ucode | | | | Thanks | | Troy | | -- | | - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJlb/SOMIGC6x7/XQRArpHAJ91bv4bdD5H19Kwi8D8B+g8II6HFwCgw57N Ps8SVWQlB1N+/xWZcsb+/qo= =9y/Z -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: TESTING - security kernel for SL5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It could be - I presume this is the province of the /usr/lib/yum-plugins/kernel-module.py plugin? Troy must know what this does since I see his name in it. It looks more like a module seeker outer. I don't see kernels singled out in the configuration files for yum. I also don't see it in man yum either. Akemi Yagi wrote: | On Fri, Feb 13, 2009 at 10:45 AM, Robert E. Blair r...@anl.gov wrote: | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | You're quite right Troy. It's not as simple as what I put forth. I | hadn't appreciated how many kernel\*s there were! My point was that | using update leaves you with only the testing kernel and removes your | present working one. If the testing kernel works out okay then all is | well. If not you are in a bit of a fix. | | 'yum update kernel' will not remove all older kernels. kernel is a | special case. I think the default is to keep 3 kernels (in 5.2) but | this depends on the setup as well as the version of yum. | | Akemi - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJlcmAOMIGC6x7/XQRAuO7AJ9v0aW1Xb9LT/gj8dOc94vD3NYHUwCbBRLM PTknmMIRMeoMtNpIfMeo/PQ= =s01e -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: TESTING - security kernel for SL5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks. | installonlypkgs | List of packages that should only ever be installed, never | updated. Kernels in particular fall into this category. Defaults | to kernel, kernel-smp, kernel-bigmem, kernel-enterprise, kernel- | debug, kernel-unsupported. So in fact update really means install ;- Akemi Yagi wrote: | On Fri, Feb 13, 2009 at 11:26 AM, Robert E. Blair r...@anl.gov wrote: | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | It could be - I presume this is the province of the | /usr/lib/yum-plugins/kernel-module.py plugin? Troy must know what this | does since I see his name in it. It looks more like a module seeker | outer. I don't see kernels singled out in the configuration files for | yum. I also don't see it in man yum either. | | Please try man yum.conf | | Akemi - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFJlcxFOMIGC6x7/XQRAhiyAJ9vts4NgeRjOUFsz4X2R1+zgjGBfACdGolV 4ALgIMV1GkR8DzNsuBbna7U= =lNxl -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:r...@anl.gov title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: running 32bit Firefox on SL5.x x86_64 machines
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A user level install is always a fallback. Simply copying the release from www.mozilla.org yields a version the user can install and maintain in their own personal area. It automatically updates itself so keeping it up to date does not require the yum updating mechanism. Matthias Schroeder wrote: Hi Jayakumar, J S Jayakumar wrote: Dear All, As you know, on starting Firefox on x86_64 machines, by default the 64bit version starts. This version does not support lava fully and hence many sites are not displayed properly. How to start the 32 bit Firefox on such systems. I hae found no way to do it. First of you would have to install the 32 bit version. That is the easy part. But then it does conflict with the 64bit evolution packages. The dependencies for these do not specify the architecture, so for yum, rpm etc the 64 bit versions that are already installed appear to be fine. But the 32 bit firefox does not work with them. Ok, I thought, remove the 64 bit evolution stuff and install the 32 bit versions. That can be done, but it does not work. Some methods are not found. I had also tried to install the 64bit and the 32bit evolution stuff in parallel. That needs some rpm options to achieve that, but also that does not help. So I gave up on this... Matthias Jayakumar. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFI9KNcOMIGC6x7/XQRAuwxAJ4j4kUBTvRMR6eP1AMiOZh6ph2eCQCfeFDf ZKOq2fxqNn+3bv5FR+mPjU8= =A/he -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Lab;HEP adr:;;9700 S. Cass Ave.;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] tel;work:630-252-7545 tel;fax:630-252-5782 x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard smime.p7s Description: S/MIME Cryptographic Signature
Re: Security Breach
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Another alternative is to turn off password authentication and allow only public key. This way the brute forcers can guess all they want and never get lucky. If you need a card you can always put your encrypted private key / public key pair on a thumb drive which is a very low cost option that fits on your keychain. I believe this approach is reasonably platform independent (but I don't us windows so I do not speak with authority on this). Cheers, Bob Blair Brett Viren wrote: Faye Gibbins [EMAIL PROTECTED] writes: Dr Andrew C Aitchison wrote: ssh-agent means that although the ssh keys aren't stored on disk they *are* held in memory much of the time. Given that many laptops are suspended and rarely rebooted, do you have a way of ensuring that the machine regularly reconfirms the user's identity ? Kerberosized ssh. Another, somewhat arcane, option is to use OpenPGP smart cards along with GnuPG's gpg-agent. The keys remain on the card and the card does the PGP authentication. Take the card out of the reader and no subsequent authentication can be done. I've evaluated this method and it does work but requires some amount of effort to set up. As far as I know there is only one supplier[1]. I also don't expect it to work on non-Linux platforms. But, besides all these negatives, it is a nice solution that also gives the user the usual benefits of PGP. -Brett. [1] http://www.g10code.com/p-card.html - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFI5NenOMIGC6x7/XQRAr+zAJ9mWyN9D06N49OiQEdwT1A1NMhA0ACgumk9 odDk4dw+dAWr0Q88RTmTGF4= =1PEQ -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: Scientific Linux LHC ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Certainly for ATLAS up to tier-0 (and I believe all that follows until a user plots a root file on a windows system or linux depending on preference and convenience) is all SLC4 (the C is for CERN). We have some windows systems for the slow controls but all analysis/trigger/daq including SBCs use SLC4. The grid is too, but for all I know some of it may run under XEN or some other emulation, so I suppose it could be SL4 under something else. Christopher Hunter wrote: Out of curiousity, how much of LHC computing is done with scientific linux: - detector event recording (ie. ATLAS) ? - Tier-0 storage backend ? - grid computing ? - (desktop) data analysis Cheers, - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFI2/P+OMIGC6x7/XQRArImAKDFVLgzfafuRL38K1tuxuaVKPE17QCeNL9M vHn+OgAMflOEeMWSM+0T584= =sMIR -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
skge driver problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have an asus a8v that is running a recent install of SL5.1 X86_64 (an athlon X2 3800+). It has two gigabit ethernet cards which are both served by the skge driver. This system ran flawlessly under SL4.5. Now the first adapter (the onboard one) stops working after a while (not clear how frequent but maybe ~1 hr.). The driver reports that the adapter link is not up when you try an ifdown/ifup cycle. Ifdown'ing both and removing and reinstalling the driver then ifup'ing both does not fix the situation. After running for a while the log has a bunch of NET WATCH errors about the adapter (what is Net Watch?). It appears that rebooting does restore the interface for a while. I've checked cable/switch and even tried a 100Mb switch as a fallback but no luck. I don't see anything in the RH knowledgebase but find lots of hints that other distros have had problems of this sort with the skge driver (perhaps only on 64bit kernels = 2.6.23). Has anyone else seen this and found a workaround? Is the upstream vendor working on this (the absence of a knowledgebase entry doesn't bode well but maybe someone with a subscription can check in more depth)? - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFH2UYfOMIGC6x7/XQRAqx+AKCGQldx7WFeeDTnV+lvVpvaXtlMfACfSWc3 I8vvQpfziamGqmV+Ex0mdS4= =oLR4 -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: skype for SL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The only one for 4.5 I could find is an old one for FC3 (skype-1.3.0.53-fc3.i586.rpm). If you are using SL5 you can find (on the skype site) a beta for centos 5 which will work. Rachid Ayad wrote: Hello, It seems in the skype web site: no skype rpm for SL, so what I should download as linux (fedora ..) for skype? Regards, rachid ayad. === Rachid Ayad Barton Hall, Temple Univ. 1900 N. 13-th ST. Phila., PA 19122-6082 Tel: +1 (215) 204 1503 or 3180 Fax: +1 (215) 204 5652 == - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFH1+wXOMIGC6x7/XQRAjdoAKCqoq7cTtmquNso4GLTzZnrph1G1ACgwB2S 8sZ7P5Lr3EGWTDnEXAia4No= =Hz+E -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
nvidia-glx??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am trying to kick the nvidia custom binaries direct from nvidia on an x86-64 SL4.5 system. When I try to yum install kernel-module-nvidia I get: yum --enablerepo=sl-contrib install kernel-module-nvidia Loading kernel-module plugin Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies - -- Populating transaction set with selected packages. Please wait. - --- Package kernel-module-nvidia-2.6.9-67.EL.x86_64 0:1.0.7676-0.SL.2 set to be updated - -- Running transaction check - -- Processing Dependency: nvidia-glx = 0:1.0.7676 for package: kernel-module-nvidia-2.6.9-67.EL - -- Processing Dependency: /usr/sbin/nvidia-config-display for package: kernel-module-nvidia-2.6.9-67.EL - -- Finished Dependency Resolution Error: Missing Dependency: nvidia-glx = 0:1.0.7676 is needed by package kernel-module-nvidia-2.6.9-67.EL Error: Missing Dependency: /usr/sbin/nvidia-config-display is needed by package kernel-module-nvidia-2.6.9-67.EL This does not depend on enabling the sl-contrib repo (i.e. same result without the --enablerepo...). How does one resolve these dependencies? Dag has one but not the other. CERN has one but not the other. No combination appears to work. Should the rest of the nvidia stuff be somewhere in SL4.5? Is there a proprietary piece I need to get? Thanks in advance for any help, Bob Blair - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFHzFgOOMIGC6x7/XQRAiFmAKCJ0tp7n265Arl6SV7U2rFj4KLeeQCgrp41 rcAnTHHVRVmijpIOX5DaTsc= =/pkN -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: nvidia-glx??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks! That fixed the problem. Troy Dawson wrote: Evidently people don't use the nvidia drivers much on x86_64. We were missing nvidia-glx and nvidia-glx-devel. They are there now and you should be able to do the install. yum --enablerepo=sl-contrib clean all yum --enablerepo=sl-contrib install kernel-module-nvidia-`uname -r` Troy Troy Dawson wrote: Looks like something got missed ... just a minute Troy Robert E. Blair wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am trying to kick the nvidia custom binaries direct from nvidia on an x86-64 SL4.5 system. When I try to yum install kernel-module-nvidia I get: yum --enablerepo=sl-contrib install kernel-module-nvidia Loading kernel-module plugin Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies - -- Populating transaction set with selected packages. Please wait. - --- Package kernel-module-nvidia-2.6.9-67.EL.x86_64 0:1.0.7676-0.SL.2 set to be updated - -- Running transaction check - -- Processing Dependency: nvidia-glx = 0:1.0.7676 for package: kernel-module-nvidia-2.6.9-67.EL - -- Processing Dependency: /usr/sbin/nvidia-config-display for package: kernel-module-nvidia-2.6.9-67.EL - -- Finished Dependency Resolution Error: Missing Dependency: nvidia-glx = 0:1.0.7676 is needed by package kernel-module-nvidia-2.6.9-67.EL Error: Missing Dependency: /usr/sbin/nvidia-config-display is needed by package kernel-module-nvidia-2.6.9-67.EL This does not depend on enabling the sl-contrib repo (i.e. same result without the --enablerepo...). How does one resolve these dependencies? Dag has one but not the other. CERN has one but not the other. No combination appears to work. Should the rest of the nvidia stuff be somewhere in SL4.5? Is there a proprietary piece I need to get? Thanks in advance for any help, Bob Blair -- __ Troy Dawson [EMAIL PROTECTED] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __ - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFHzHQvOMIGC6x7/XQRAp6AAJ0R+aXQEHbxAFNC3g5KKFhDl/G4eACgimOK Lq0yEOX/gjc/rmL1YubK/E0= =tWWV -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: kernel upgrade problem in SL-5.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You might try hda=none if you have only scsi-like (i.e. serial ata) on this system. This was required on my dell laptop. Mani A wrote: The kernel upgrade from the original *18* to *53* kernel causes boot failure in my ACER aspire 4520 laptop (64-bit AMD). It is due to the hard disk driver change. Can any option be passed to the upgraded kernel ? I have both kernels installed now. all_generic_hda does not work. Thanks A. Mani - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFHgj4nCDBz0lN+7YcRAnRQAKCtJ01HwvEEwrTaAZgFojqK0OHdJACfViyH EVPDZzVMHRMHtpYwei9BBUA= =a0kV -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
Re: Skype for SL4?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The one for FC3 (skype-1.3.0.53-fc3.i586.rpm) works. Tom Rockwell wrote: Hi, We'd like to use Skype on SL4. Is anyone doing this? Skype seems to update their software frequently and supply it only for the latest Linux distributions. There is not currently a Skype version available from the official site that runs on SL4. Any suggestions on supporting Skype users on SL4 machines? Thanks, Tom Rockwell Michigan State U. - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGuf+UCDBz0lN+7YcRAqMuAJ9FJrJZwFx27rH8T31svZLFECKurgCgkwxE emJTweocKpqOjJ/p0ulT0Ow= =h43F -END PGP SIGNATURE- begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard