What is Ghost i.e security hole in the Linux?
Hi, Can someone describe in detail about the Ghost security hole. And is there any patch or a solution to fix it? Thanks, Norah Jones -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Linux and Skype Video
Can you stop posting this at the top of your replies: This message is probably spam Symbol: ONCE_RECEIVED(1.00) X-Virus-Scanned: clamav-milter 0.98.4 at mcbain0012 X-Virus-Status: Clean The spam indication is obviously wrong, something declaring that it's not a virus is not trustworthy to other people (here, run the attached file, because I say it's safe), and very annoying in general. -- All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On Wed, 28 Jan 2015 14:21:41 + Norah Jones wrote: Hi, Can someone describe in detail about the Ghost security hole. And is there any patch or a solution to fix it? You should read https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability --Frank -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: No sound in Skype on Fedora 20 64-bit
On 28 January 2015 at 02:53, Jim Lewis j...@jklewis.com wrote: On 01/27/2015 06:37 PM, Jim Lewis wrote: Okay, so I installed lpf-skype on Fedora 20 and also got the no sound problem. When I tried to fix it by doing what I did on F21: yum -y install pulseaudio-libs.i686 alsa-plugins-pulseaudio.i686 Protected multilib versions: pulseaudio-libs-5.0-25.fc20.i686 != pulseaudio-libs-5.0-7.fc20.x86_64 How do I fix that one? jd1008: So, how did you install lpf-skype? If you used yum, yum would have resolved all dependencies, so you would not have had to install anything afterwards. I used yum to install lpf-skype. It sounds like lpf-skype has its dependencies wrong as it probably should be listing 32bit pulse (it'll run without it, but wont perform its major function). Your immediate problem though is getting the 32 bit pulse installed. The bit you snipped from the error is telling you more about it Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. For some reason yum has determined it would be trying to install a different version of 32bit pulseaudio-libs (5.0-25) to the 64bit one (5.0-7). Normally it would just update the 64bit one so both are the same version, something is preventing it from doing that. Possibilities: Something with a dependency on the older 64 bit version that doesn't have an update available. Third party repositories or packages installed without a repository are the likely culprits. - In this case if you can find and remove the blocking package then you'll be able to update, but you may not be able to reinstall. Repo metadata is not properly updated yet and the newer 32bit library is visible while the newer 64bit is not. In this case just waiting and trying again later will probably work. In either case you could get around it by installing the older 32bit version, telling yum to install pulseaudio-libs-5.0-7.fc20.i686 (provided it's still available), though if something is holding you at the older version you will run into it again at some point. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On 01/28/2015 09:21 AM, Norah Jones wrote: Hi, Can someone describe in detail about the Ghost security hole. And is there any patch or a solution to fix it? Thanks, Norah Jones The following is repeated verbatim from the PCLinuxOS Forum: (Posted by jzakiya) glibc vulnerbility « on: Yesterday at 04:28:36 PM » Quote Articles outlines security bug in pre glibc-2.17 (pclos at glibc-2.16-7) http://www.openwall.com/lists/oss-security/2015/01/27/9 http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/ An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions. The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed Ghost by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What's more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come. The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module. “A lot of collateral damage on the Internet” The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals. Besides Exim, other Linux components or apps that are potentially vulnerable to Ghost include MySQL servers, Secure Shell servers, form submission apps, and other types of mail servers. If [researchers] were able to remotely exploit a pretty modern version of Exim with full exploit mitigations, that's pretty severe, said Jon Oberheide, a Linux security expert and the CTO of two-factor authentication service Duo Security. There could be a lot of collateral damage on the Internet if this exploit gets published publicly, which it looks like they plan to do, and if other people start to write exploits for other targets. The bug affects virtually all Linux-based software that performs domain name resolution. As result, it most likely can be exploited not only against servers but also client applications. Word of the vulnerability appears to have caught developers of the Ubuntu, Debian, and Red Hat distributions of Linux off guard. At the time this post was being prepared they appeared to be aware of the bug but had not yet distributed a ready-made fix. People who administer Linux systems should closely monitor official channels for information about how specific distributions are affected and whether a patch is available. Admins should also prepare for the inevitable reboots that will be required after installing the patch. Report to moderator Logged -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
kded issue
Hi all, I have a laptop with Fedora 20 (IIRC I had F19 and upgraded like 6 or 7 months ago to F20) and everything was working great til a few weeks ago. The problem is that every now and then, when I try to sent the laptop to sleep, by closing the top or pressing Fn+F4, it doesn't full finish the sleep process. Let me explain this last thing: It takes some time for the laptop to sleep, and when you open the top and press any key it wakes up but the screen isn't blocked and kded is draining the CPU (I mean kded is hanged). This means that most kde applications won't work (NM won't authenticate, for example) The only way to get back is to kill -9 kded (yes, kill -15 doesn't kill it), and start it again. I'm going to install debugging symbols now so that next time I can gdb on the process. Anyway, has anybody else experienced this? -- Martín Marqués select 'martin.marques' || '@' || 'gmail.com' DBA, Programador, Administrador -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] Searching for userCertificate - what encoding is used in the query filter?
On 01/27/2015 05:56 PM, Graham Leggett wrote: Hi all, I have a query filter that looks like this: (userCertificate={0}${1}) I am trying to search for an explicit certificate in a directory, based on the serial number and the issuer DN. Can anyone confirm what encoding these values need to be in, and hat java library might help provide that encoding? Regards, Graham — -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users it is usually a base 64 of ASN.1 DER encoded. if the the CA is either Red Hat Certificate System or Dogtag from http://pki.fedoraproject.org/ the LDAP search base could be ou=certificateRepository, ou=ca,dc=ca1.example.com-pki-ca and the filter like serialno=0518300 (where the 05 is the number of digits of the serial itself) and attributes: dn subjectName certStatus serialno userCertificate the issuer would till have to be decoded from the based 64 ASN.1 blob of the attribute userCertificate;binary:: Thanks, M. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: kded issue
Looks like this is realted to my issue, but updated packages are not yet available, so I'll just wait a few days: https://bugzilla.redhat.com/show_bug.cgi?id=1180886 2015-01-28 17:45 GMT-03:00 Martín Marqués martin.marq...@gmail.com: Hi all, I have a laptop with Fedora 20 (IIRC I had F19 and upgraded like 6 or 7 months ago to F20) and everything was working great til a few weeks ago. The problem is that every now and then, when I try to sent the laptop to sleep, by closing the top or pressing Fn+F4, it doesn't full finish the sleep process. Let me explain this last thing: It takes some time for the laptop to sleep, and when you open the top and press any key it wakes up but the screen isn't blocked and kded is draining the CPU (I mean kded is hanged). This means that most kde applications won't work (NM won't authenticate, for example) The only way to get back is to kill -9 kded (yes, kill -15 doesn't kill it), and start it again. I'm going to install debugging symbols now so that next time I can gdb on the process. Anyway, has anybody else experienced this? -- Martín Marqués select 'martin.marques' || '@' || 'gmail.com' DBA, Programador, Administrador -- Martín Marqués select 'martin.marques' || '@' || 'gmail.com' DBA, Programador, Administrador -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
rpm option --import
is not shown in the manpage nor is it displayed when running rpm --help Hope the devs lurking on this list see this and look into other undocumented options and document them in the man page. I gamble that there are many *nix* and *nux* man pages and help menus that have this issue. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
On 28.01.2015, Patrick Dupre wrote: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors First, you should backup the whole drive, if it contains important data. Then, you could do a smartctl -t long /dev/sdc and see if it completes without error. Most probably, you'll need a new drive. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
CurrentPendingSector
Hello, I get: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors How can I manage this issue? Thank. === Patrick DUPRÉ | | email: pdu...@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France === -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rpm option --import
On Wed, 28 Jan 2015 14:29:50 -0700, jd1008 wrote: is not shown in the manpage nor is it displayed when running rpm --help Hope the devs lurking on this list see this and look into other undocumented options and document them in the man page. I gamble that there are many *nix* and *nux* man pages and help menus that have this issue. man rpmkeys it's an alias for rpmkeys --import -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On Wed, 2015-01-28 at 13:24 -0500, Kevin Cummings wrote: On 01/28/2015 01:19 PM, Matthew Miller wrote: On Wed, Jan 28, 2015 at 02:21:41PM +, Norah Jones wrote: Can someone describe in detail about the Ghost security hole. And is there any patch or a solution to fix it? This was a problem fixed in glibc 2.18, so that version, as shipped in F20, and 2.20, as we have in F21, are not vulnerable. If you are running F19 or earlier, you should update. I installed the F20 glibc on my F19 system. The ghosttest.c test program now shows my F19 as no longer vulnerable. # yum --releasever=20 update glibc YMMV If you're running (a supported version of) a different Linux distribution with an old version, patches are likely available. Even though you fixed this yourself, F19 has already been EOLed and will therefore not receive even critical security updates such as this one. That's why it's important for people to stay current with the supported versions, or switch to a distro with long-term support. poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On 01/28/2015 12:29 PM, Patrick O'Callaghan wrote: Even though you fixed this yourself, F19 has already been EOLed and will therefore not receive even critical security updates such as this one. That's why it's important for people to stay current with the supported versions, or switch to a distro with long-term support. My desktop is still using F19, because the power supply is flaky and I'm not willing to risk an upgrade until my hardware geek can replace it. (RSN) The other day I needed to run yumex, to check something in the configuration and was astonished to find an update: adobe had packaged the latest flash update for F19. Will wonders ever cease? On a side note, I've never had fedup work properly on this box, although it does on my laptop. (Preupgrade worked just fine for me.) This time, I'm going to try update-fedora and see how it works. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rpm option --import
What is the output of: 'rpm --version' 'yum info rpm' and 'cat /etc/issue' ? On Wed, Jan 28, 2015 at 1:29 PM, jd1008 jd1...@gmail.com wrote: is not shown in the manpage nor is it displayed when running rpm --help Hope the devs lurking on this list see this and look into other undocumented options and document them in the man page. I gamble that there are many *nix* and *nux* man pages and help menus that have this issue. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
On 01/28/2015 04:06 PM, Patrick Dupre wrote: Hello, I get: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors How can I manage this issue? Buy a new disk drive? Seriously, pending sectors are disk write errors and the disk has run out of extra blocks to write/re-map them to. The error occurs later when you later attempt to read from them. It is a sign that the disk is is on its way out. Description Current Pending Sector Count S.M.A.R.T. parameter is a critical parameter and indicates the current count of unstable sectors (waiting for remapping). The raw value of this attribute indicates the total number of sectors waiting for remapping. Later, when some of these sectors are read successfully, the value is decreased. If errors still occur when reading some sector, the hard drive will try to restore the data, transfer it to the reserved disk area (spare area) and mark this sector as remapped. Please also consult your machines's or hard disks documentation. Recommendations This is a critical parameter. Degradation of this parameter may indicate imminent drive failure. Urgent data backup and hardware replacement is recommended. Good Luck! Thank. === Patrick DUPRÉ | | email: pdu...@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France === -- Kevin J. Cummings kjch...@verizon.net cummi...@kjchome.homeip.net cummi...@kjc386.framingham.ma.us Registered Linux User #1232 (http://www.linuxcounter.net/) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
Hello, Here is the log file: Complete error log: SMART Error Log Version: 1 ATA Error Count: 2 CR = Command Register [HEX] FR = Features Register [HEX] SC = Sector Count Register [HEX] SN = Sector Number Register [HEX] CL = Cylinder Low Register [HEX] CH = Cylinder High Register [HEX] DH = Device/Head Register [HEX] DC = Device Command Register [HEX] ER = Error register [HEX] ST = Status register [HEX] Powered_Up_Time is measured from power on, and printed as DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes, SS=sec, and sss=millisec. It wraps after 49.710 days. Error 2 occurred at disk power-on lifetime: 6854 hours (285 days + 14 hours) When the command that caused the error occurred, the device was active or idle. After command completion occurred, registers were: ER ST SC SN CL CH DH -- -- -- -- -- -- -- 40 51 27 f2 ab d5 00 Error: UNC 39 sectors at LBA = 0x00d5abf2 = 14003186 Commands leading to the command that caused the error were: CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name -- -- -- -- -- -- -- -- c8 00 b8 61 ab d5 e6 08 3d+05:49:05.047 READ DMA ea 00 00 50 ab d5 a0 08 3d+05:49:04.952 FLUSH CACHE EXT c8 00 18 39 ab d5 e6 08 3d+05:49:04.866 READ DMA ca 00 08 39 0b 4a e5 08 3d+05:49:04.864 WRITE DMA c8 00 00 41 48 06 e5 08 3d+05:49:04.792 READ DMA Error 1 occurred at disk power-on lifetime: 6839 hours (284 days + 23 hours) When the command that caused the error occurred, the device was active or idle. After command completion occurred, registers were: ER ST SC SN CL CH DH -- -- -- -- -- -- -- 40 51 27 f2 ab d5 00 Error: UNC 39 sectors at LBA = 0x00d5abf2 = 14003186 Commands leading to the command that caused the error were: CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name -- -- -- -- -- -- -- -- c8 00 b8 61 ab d5 e6 08 49d+05:52:51.329 READ DMA c8 00 18 39 ab d5 e6 08 49d+05:52:51.256 READ DMA c8 00 00 e9 83 ae e4 08 49d+05:52:50.544 READ DMA ca 00 08 81 38 06 e6 08 49d+05:52:50.456 WRITE DMA ca 00 08 19 38 06 e6 08 49d+05:52:50.433 WRITE DMA smartctl -t long /dev/sdc is running for 38 mn === Patrick DUPRÉ | | email: pdu...@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France === Sent: Thursday, January 29, 2015 at 12:52 AM From: Chris Murphy li...@colorremedies.com To: Community support for Fedora users users@lists.fedoraproject.org Subject: Re: CurrentPendingSector On Wed, Jan 28, 2015 at 4:19 PM, Patrick Dupre pdu...@gmx.com wrote: 197 Current_Pending_Sector 0x0022 100 100 000Old_age Always - 1 Right. So just use smartctl -t long on the drive. In the next section you didn't paste in, it'll tell you the LBA for the bad sector and that's what you need to write over to fix this. The smartmontools resource previously cited has useful information on how to find out what you've lost in this sector. If it's filesystem metadata it's rather important to e2fsck -f the file system (or xfs_repair, or btrfs scrub) to fix this so it doesn't end up causing worse problems down the road. A block of missing metadata can usually be reconstructed - but not always. Better to find out now. -- Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Why does Anaconda overrides user decisions?
On Wed, Jan 28, 2015 at 9:20 AM, Matthew Miller mat...@fedoraproject.org wrote: On Sat, Jan 24, 2015 at 05:15:53AM -0600, Glenn Holmer wrote: Anacoda is the weakest link in Fedora toolchain. The non-linear UI is completely non-intuitive +1, the partitioner is the worst I've seen in 20 years of using Linux. It also covers more cases more simply than any other storage manager you've seen. You really can't have everything, here. This installer's manual partitioning works differently than other installers. This makes some tasks simpler, but it makes other tasks more difficult. My contemporary example: bootloader partitions. It's not just more difficult in Anaconda, it's unnecessarily more difficult, as in doing the right thing would be easier for the installer team, QA, and ultimately the end user. But the current behavior is being defended, and instead users are being blamed for the consequences. Once upon a time, there was just the MBR gap as the unofficial bootloader partition. The user wasn't ever asked to create it, and couldn't ever delete it. Even at the command line level, the gap creation was built into the CLI partition tool. It was not user domain, it was installer, bootloader, and firmware domain. Today, BIOSBoot and EFI System partitions are literal partitions with official standing. But for reasons unknown, the user is now burdened with required knowledge about them. The installer's manual partitioning now makes a required partition the responsibility of the user to create, and avoid inadvertently deleting. And that's a bad design. https://bugzilla.redhat.com/show_bug.cgi?id=1022316 https://bugzilla.redhat.com/show_bug.cgi?id=1183880 Central to the problem is the installer team believes users should know what they're doing in manual partitioning. It's exactly backwards logic. They have to know this because the installer wrongly involves the user in something that previously wasn't ever their domain, and shouldn't be now either just because it has an explicit partition. Even developers using kickstart wish the installer handled this automatically. I argued this very same thing in the above closed bug 1022316 over a year ago, but it was closed as notabug just like it's not a bug that the user is invited into easily deleting the EFI System partition without warning. https://bugzilla.redhat.com/show_bug.cgi?id=1108393#c12 Windows and OS X totally abstract the EFI System partition from the user. It's always created when required. It's never mounted at boot time. And no dynamic configuration data is stored there. We do the opposite of each of these. In every case where the more difficult, fragile, and confusing thing can be done, that's what we've chosen to do. We're doing it wrong, across the board. It's on thing to make mistakes, identify, and fix them. But that's not what's happening here. Instead we have a sclerotic installer team, defending bad design, and then blaming the user for the ensuing problems and confusion. Why? Because they expect the user to know what they're doing. A user who's using a GUI installer should know what they're doing. Oh my god it's just comical! Guess what? I expect the installer team to know what they're doing. And rule #1 for GUI installer developers is to not blame the user! Why? Because doing that is impudent betrayal, and that causes a loss of trust. The installer team is tone deaf on this issue. So Matthew, on this one particular narrow aspect of the installer? It is not simpler. It's viciously, egregiously, more difficult and dangerous. It's this way by choice, by design, and it's being defended, and now the user is being blamed. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
=== Patrick DUPRÉ | | email: pdu...@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France === Sent: Wednesday, January 28, 2015 at 11:47 PM From: Robert Nichols rnicholsnos...@comcast.net To: users@lists.fedoraproject.org Subject: Re: CurrentPendingSector On 01/28/2015 03:14 PM, Kevin Cummings wrote: On 01/28/2015 04:06 PM, Patrick Dupre wrote: Hello, I get: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors How can I manage this issue? Buy a new disk drive? Seriously, pending sectors are disk write errors and the disk has run out of extra blocks to write/re-map them to. The error occurs later when you later attempt to read from them. It is a sign that the disk is is on its way out. Quote from the FAQ at http://www.smartmontools.org/wiki/FAQ : Normally when an uncorrectable sector is found, the disk puts this onto a 'pending sector list' to indicate that it should be replaced with a spare good sector. However this replacement won't take place until either the disk can read the data on the bad sector, or is instructed to write new data to that bad sector. Pay attention to the However First, if you can, look at the overall health of the drive by running smartctl -A /dev/sdc. Attributes 5 (Reallocated_Sector_Ct) and 197 (Current_Pending_Sector) are of interest. If the RAW_VALUE numbers for either of those is not small, it's time to replace the drive. The result is: SMART Attributes Data Structure revision number: 16 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x000b 100 100 016Pre-fail Always - 0 2 Throughput_Performance 0x0005 122 122 054Pre-fail Offline - 147 3 Spin_Up_Time0x0007 113 113 024Pre-fail Always - 208 (Average 199) 4 Start_Stop_Count0x0012 100 100 000Old_age Always - 1326 5 Reallocated_Sector_Ct 0x0033 100 100 005Pre-fail Always - 0 7 Seek_Error_Rate 0x000b 100 100 067Pre-fail Always - 0 8 Seek_Time_Performance 0x0005 134 134 020Pre-fail Offline - 33 9 Power_On_Hours 0x0012 099 099 000Old_age Always - 7046 10 Spin_Retry_Count0x0013 100 100 060Pre-fail Always - 0 12 Power_Cycle_Count 0x0032 100 100 000Old_age Always - 1326 192 Power-Off_Retract_Count 0x0032 099 099 000Old_age Always - 1522 193 Load_Cycle_Count0x0012 099 099 000Old_age Always - 1522 194 Temperature_Celsius 0x0002 253 253 000Old_age Always - 22 (Min/Max 9/39) 196 Reallocated_Event_Count 0x0032 100 100 000Old_age Always - 0 197 Current_Pending_Sector 0x0022 100 100 000Old_age Always - 1 198 Offline_Uncorrectable 0x0008 100 100 000Old_age Offline - 0 199 UDMA_CRC_Error_Count0x000a 200 200 000Old_age Always - 0 If those numbers _are_ small, the Bad Block HOWTO at http://smartmontools.sourceforge.net/badblockhowto.html has instructions for locating and fixing sectors that are pending reallocation. If there are more than a handful of pending sectors, you probably won't want to go through that fairly tedious procedure for each one. In that case you can back up all the data that is recoverable and simply overwrite the whole drive with zeros to get all those sectors reallocated. If you continue to get new pending sectors or if the number of reallocated sectors continues to increase, then the drive should be replaced. SMART won't declare the drive as failing or near failing until it _has_used up nearly all its spare sectors, and by then it is long past the time it should have been replaced. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription
Re: CurrentPendingSector
Please provide the output from the parted command mentioned previously. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rpm option --import
On 01/28/2015 02:40 PM, Michael Schwendt wrote: On Wed, 28 Jan 2015 14:29:50 -0700, jd1008 wrote: is not shown in the manpage nor is it displayed when running rpm --help Hope the devs lurking on this list see this and look into other undocumented options and document them in the man page. I gamble that there are many *nix* and *nux* man pages and help menus that have this issue. man rpmkeys it's an alias for rpmkeys --import Thanx. It should still be documented in the rpm man page because rpm accepts --import as a valid arg. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
On Wed, Jan 28, 2015 at 4:19 PM, Patrick Dupre pdu...@gmx.com wrote: 197 Current_Pending_Sector 0x0022 100 100 000Old_age Always - 1 Right. So just use smartctl -t long on the drive. In the next section you didn't paste in, it'll tell you the LBA for the bad sector and that's what you need to write over to fix this. The smartmontools resource previously cited has useful information on how to find out what you've lost in this sector. If it's filesystem metadata it's rather important to e2fsck -f the file system (or xfs_repair, or btrfs scrub) to fix this so it doesn't end up causing worse problems down the road. A block of missing metadata can usually be reconstructed - but not always. Better to find out now. -- Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rpm option --import
$ rpm -q rpm rpm-4.12.0.1-4.fc21.x86_64 On 01/28/2015 02:35 PM, Philip Keogh wrote: What is the output of: 'rpm --version' 'yum info rpm' and 'cat /etc/issue' ? On Wed, Jan 28, 2015 at 1:29 PM, jd1008 jd1...@gmail.com wrote: is not shown in the manpage nor is it displayed when running rpm --help Hope the devs lurking on this list see this and look into other undocumented options and document them in the man page. I gamble that there are many *nix* and *nux* man pages and help menus that have this issue. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Latest Java-openjdk upgrade [SOLVED?]
On 01/27/2015 12:55 PM, Kevin Cummings wrote: On 01/27/2015 10:49 AM, Patrick O'Callaghan wrote: On Tue, 2015-01-27 at 12:09 -0200, Fernando Lozano wrote: I do heavy Java development and never had issues with OpenJDK on Fedora. And I have OpenJDK on RHEL at many production sites. So don't bother switching to Oracle Java. Instead try unistall and reinstall OpenJDK Packages because it looks you have either a corrupted file. Use rpm --verify to check for corruption before just blindly removing and reinstalling packages. If I upgrade again, and it fails, I will check this. Thanks. Well, what do you know, java got bundled into last night's upgrade along with 1 perl package upgrade. When I checked, all was functioning normally. Go figure. If something had become corrupted during the first attempt, I would think that should be a bug in yum (it goes to great extents to verify everything that gets updated before, during, and after the update)! But, this time, all is well, I am running the .75 packages without a hitch. wow Thanks for all the suggestions poc -- Kevin J. Cummings kjch...@verizon.net cummi...@kjchome.homeip.net cummi...@kjc386.framingham.ma.us Registered Linux User #1232 (http://www.linuxcounter.net/) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Does anyone have fake flash drives?
Hi all, I've added some initial functionality to gnome-multi-writer yesterday to detect fake flash drives. If anyone has any USB storage drives that they know misreport their true capacity, or that they suspect might be counterfeit, I'd appreciate some testing of a new command line tool. See http://blogs.gnome.org/hughsie/2015/01/28/detecting-fake-flash/ for details. If it works, I'll probably move the code down into udisks so that it can be used from gnome-disks as well, but I'm hesitant to do that until I've had more people test it. Thanks, Richard. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Suddenly can't get nameserver resolution on FC21 after ...
On 28.01.2015 16:02, William W. Austin wrote: ... I did have to system-config-network-gui to set the network parameters correctly and for two days it ran fine. $ repoquery --whatprovides system-config-network-gui -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Does anyone have fake flash drives?
On 28.01.2015 15:50, Richard Hughes wrote: Hi all, I've added some initial functionality to gnome-multi-writer yesterday to detect fake flash drives. If anyone has any USB storage drives that they know misreport their true capacity, or that they suspect might be counterfeit, I'd appreciate some testing of a new command line tool. See http://blogs.gnome.org/hughsie/2015/01/28/detecting-fake-flash/ for details. If it works, I'll probably move the code down into udisks so that it can be used from gnome-disks as well, but I'm hesitant to do that until I've had more people test it. Thanks, Richard. pIf you#8217;ve got access to gnome-multi-writer from git (either from jhbuild, or from a /my repo/a) then please could you try this:/p my repo is actually what? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Does anyone have fake flash drives?
On 28 January 2015 at 15:40, poma pomidorabelis...@gmail.com wrote: my repo is actually what? Fixed, thanks! It's actually pointing to http://people.freedesktop.org/~hughsient/fedora/21/x86_64/ Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
On Wed, Jan 28, 2015 at 2:06 PM, Patrick Dupre pdu...@gmx.com wrote: Hello, I get: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors How can I manage this issue? You can write over the affected sector, and if it's a genuinely bad sector (persistent write failure) the LBA will be mapped to a reserve sector. And at that point it'll continue to work. There's not much evidence a one off bad sector is a big problem, other than of course the data that was on it is lost. But sector failures tend to come in groups and once multiple bad sectors start to happen, there's a lot of evidence this is probably a drive pre-fail indication. The procedure to write over the affected sector depends on whether the drive is 512n or 512e, which can be determined with: parted /dev/sdc u s p You'll see a line for logical and physical sector size in bytes. If it's 512/512 then it's a 512n drive and you can write over that single sector using dd with a count of 1 and the default bs, and the LBA value is used as the dd seek value. If it's 512/4096 then it's a 512e drive and you'll need to define bs=4096 and you'll need to divide the bad sector LBA value by 4096 to get the proper seek= value, and use a count of 1. (If you try to use the default bs and count of 1 (or even 8) the drive actually tries to read the sector which will result in a read error. It won't even attempt to write and thus the problem can't be fixed this way.) -- Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: CurrentPendingSector
On 01/28/2015 03:14 PM, Kevin Cummings wrote: On 01/28/2015 04:06 PM, Patrick Dupre wrote: Hello, I get: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors How can I manage this issue? Buy a new disk drive? Seriously, pending sectors are disk write errors and the disk has run out of extra blocks to write/re-map them to. The error occurs later when you later attempt to read from them. It is a sign that the disk is is on its way out. Quote from the FAQ at http://www.smartmontools.org/wiki/FAQ : Normally when an uncorrectable sector is found, the disk puts this onto a 'pending sector list' to indicate that it should be replaced with a spare good sector. However this replacement won't take place until either the disk can read the data on the bad sector, or is instructed to write new data to that bad sector. Pay attention to the However First, if you can, look at the overall health of the drive by running smartctl -A /dev/sdc. Attributes 5 (Reallocated_Sector_Ct) and 197 (Current_Pending_Sector) are of interest. If the RAW_VALUE numbers for either of those is not small, it's time to replace the drive. If those numbers _are_ small, the Bad Block HOWTO at http://smartmontools.sourceforge.net/badblockhowto.html has instructions for locating and fixing sectors that are pending reallocation. If there are more than a handful of pending sectors, you probably won't want to go through that fairly tedious procedure for each one. In that case you can back up all the data that is recoverable and simply overwrite the whole drive with zeros to get all those sectors reallocated. If you continue to get new pending sectors or if the number of reallocated sectors continues to increase, then the drive should be replaced. SMART won't declare the drive as failing or near failing until it _has_used up nearly all its spare sectors, and by then it is long past the time it should have been replaced. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On 01/28/2015 07:17 PM, Tim wrote: Allegedly, on or about 28 January 2015, Doug sent: ... A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application All these security flaws come with the usual flaw allows escalation of privileges, able to execute arbitrary commands... red flags, but rarely give an understandable note about how easily an external hack can begin the attempt while the user is doing something ordinary that exposes them to the thing. i.e. It's all jargon aimed at programmers. In the dim and distant past, when I had a brief dalliance with Windows before Linux became realistically usable, you'd commonly get warnings about flaws which gave understandable information. e.g. Opening a malicious attachment, or even just reading a malicious email, with version of particular program less than x.y, allows the hacker to do destructive things to your system. I know I've vagued-up the example, but you've got a sample of something that you might actually do - simply read an email, not even do anything with the attachments, get a virus because your email program stupidly executes something embedded in it. That's probably less of a risk to Linux users, because we've never had stupid software like Outlook or Outlook express. But we've certainly got browsers with flash plug-ins installed, which (flash) has always been a security nightmare, and it's just not feasible to simply forbid it; so many websites that we regularly want to use would simply fail to work. It's for our own good, Tim, to not know the tech details of how the exploit is accomplished :) :) :) P.S. try not to feel like mushroom :) :) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Anaconda illegal address
On Wed, Jan 28, 2015 at 7:12 PM, CLOSE Dave dave.cl...@us.thalesgroup.com wrote: When anaconda complains about an illegal IP address string passed to inet_aton, how can I discover what the bad string contains? So far as I can see, all the configured addresses are perfectly valid. Here's a copy of the traceback: http://ur1.ca/jkjvw. If you let the bug report dialog file this bug for you, it will check for duplicates and that bug might have a work around. Pretty much anytime the installer crashes like this rather than giving you a coherent error message (and failing gracefully) it's a bug. -- Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Recovering a Crashed Fedora
I have a Fedora 15 hard drive that crashed and I want save the Users files. I have a Fedora 20 Live Cd on the computer and I can read the users home directory. I want to do a tar -cvf on the Users home directory and temporyly store it on my PC until I do a complete install of fedora 20 on the crashed drive. I'm going to remove the hard drive from the crashed computer to my PC and tar -cvf from there and tempory store the tar file there until I make the new install. But what I'm concerned about is that Root will change the owner of the Tar files. after i do the new install it will have the same user on the crashed drive. Then I will put the user files back onto the new Fedora 20 install. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Recovering a Crashed Fedora
On 01/28/2015 08:53 PM, Mickey wrote: I have a Fedora 15 hard drive that crashed and I want save the Users files. I have a Fedora 20 Live Cd on the computer and I can read the users home directory. I want to do a tar -cvf on the Users home directory and temporyly store it on my PC until I do a complete install of fedora 20 on the crashed drive. I'm going to remove the hard drive from the crashed computer to my PC and tar -cvf from there and tempory store the tar file there until I make the new install. But what I'm concerned about is that Root will change the owner of the Tar files. after i do the new install it will have the same user on the crashed drive. Then I will put the user files back onto the new Fedora 20 install. Tar should preserve ownership. I suggest that before you untar user dirs, you create those users in the new system, then untar the user dirs. Good luck. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Anaconda illegal address
When anaconda complains about an illegal IP address string passed to inet_aton, how can I discover what the bad string contains? So far as I can see, all the configured addresses are perfectly valid. Here's a copy of the traceback: http://ur1.ca/jkjvw. -- Dave Close, Thales Avionics, Irvine California USA. cell +1 949 394 2124, dave.cl...@us.thalesgroup.com If a cluttered desk is a sign of a cluttered mind, of what then is an empty desk? --Albert Einstein -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
Allegedly, on or about 28 January 2015, Doug sent: ... A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application All these security flaws come with the usual flaw allows escalation of privileges, able to execute arbitrary commands... red flags, but rarely give an understandable note about how easily an external hack can begin the attempt while the user is doing something ordinary that exposes them to the thing. i.e. It's all jargon aimed at programmers. In the dim and distant past, when I had a brief dalliance with Windows before Linux became realistically usable, you'd commonly get warnings about flaws which gave understandable information. e.g. Opening a malicious attachment, or even just reading a malicious email, with version of particular program less than x.y, allows the hacker to do destructive things to your system. I know I've vagued-up the example, but you've got a sample of something that you might actually do - simply read an email, not even do anything with the attachments, get a virus because your email program stupidly executes something embedded in it. That's probably less of a risk to Linux users, because we've never had stupid software like Outlook or Outlook express. But we've certainly got browsers with flash plug-ins installed, which (flash) has always been a security nightmare, and it's just not feasible to simply forbid it; so many websites that we regularly want to use would simply fail to work. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. ZNQR LBH YBBX -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Wireless can't ping wireless (SOLVED)
For those following this thread I solved the problem by getting a new router. Here's a quick recap: - I found I couldn't ping a wireless device from another wireless device. - I could not ping a wireless device from a wired device unless I pinged the wired device from the wireless device first (try saying that 3 times fast). - I then started noticing other strange things, a wireless device that could ping a wired device a few moments ago could not now do it. - Eventually all of my wireless stuff decided they didn't want to see my printer anymore. I was originally using a LinkSys E3000 which I have had for many years. I could have attempted to upgrade the firmware but chose not to do it. I bought a Netgear R6200 (AC1200) Dual Band Gigabit router. So far it has solved all of the above problems. It seems to be a bit faster than the old router as well. So, thanks to all who helped me with this. I will try to return the favor someday. Jim Lewis -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Recovering a Crashed Fedora
On 29.01.2015, Mickey wrote: But what I'm concerned about is that Root will change the owner of the Tar files. after i do the new install it will have the same user on the crashed drive. Never ever compress backup data which contains valuable data. One single bit flip will render your whole archive useless. This one does not compress and preserves all important attributes: rsync -avxHSAX /source/ /target Note the trailing slash at the end of the source directory. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: rpm option --import
On Wed, 28 Jan 2015 18:00:55 -0700, jd1008 wrote: man rpmkeys it's an alias for rpmkeys --import Thanx. It should still be documented in the rpm man page because rpm accepts --import as a valid arg. Default aliases are a matter of configuration defaults that have been added out of convenience and for compatibility with older RPM. Rather you should be running rpmkeys and other tools directly, which have been split off. Take a look at /usr/lib/rpm/rpmpopt* -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: End of 32-bit support?
On Sat, Jan 24, 2015 at 08:37:59AM +0100, Ralf Corsepius wrote: Hatters, or from Red Hatters working in their spare time. (Of course, as RH often does, many of the high-output contributors end up applying for and getting RH jobs, skewing the picture.) Well, I am observing quite a few people from major enterprises (RH business partners?) who are working on secondary archtectures, but I've very rarely (I don't recall any such incident) tripped over community folks who are working on them. Sometimes Red Hat business partners, but that doesn't mean that it's at Red Hat's direction. Overall, this is one of the few areas where we have money and paid effort flowing into the project that *isn't* coming from Red Hat, and I don't think that's a bad thing. These are community folks too, at least if we're doing it right. Additionally, I'm not privy to Red Hat's architecture strategy, but as far as I know, 32 bit ARM — currently our only primary non-x86 arch! — is not of particular corporate interest. It's obvious to me the aarch64 is RH's business interest. But aarch64 and 32-bit arm are _completely_ different architectures. I also think it's a little unfair to frame this as a conflict, overall. It may be the case that Red Hat is less interested in paying people to work on 32-bit x86 (although I don't actually know that to be a fact). But this is just like any other contributor to the community — you can't make people do work they're not interested in. Right, but that's not my point: My points are: - I once more feel pushed/tossed around by RH's interest and RH-Fedora-people who obviously don't properly separate RH and Community. I can't argue with feelings, but I also am not really sure what separation you're looking for here and how it would affect this. - Support for i386 falls out as a by-product at almost Zero-costs of the existing process. I don't think that's true at all. It signficantly increases QA load, and we're struggling a lot with release engineering being able to cope with Fedora at its current scale. Cutting back here has an clear benefit (whether or not it's significant enough to outweigh the other wide isn't settled, of course). More significantly, the Fedora kernel team tells me that _they_ don't feel like they have the resources to really honestly support the 32-bit kernel — and the rest all falls out from that. - Making the i386 a secondary arch will cause additional costs and effort. As does any change, sure. -- Matthew Miller mat...@fedoraproject.org Fedora Project Leader -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Why does Anaconda overrides user decisions?
On Sat, Jan 24, 2015 at 05:15:53AM -0600, Glenn Holmer wrote: Anacoda is the weakest link in Fedora toolchain. The non-linear UI is completely non-intuitive +1, the partitioner is the worst I've seen in 20 years of using Linux. It also covers more cases more simply than any other storage manager you've seen. You really can't have everything, here. -- Matthew Miller mat...@fedoraproject.org Fedora Project Leader -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Does anyone have fake flash drives?
On 28 January 2015 at 16:30, poma pomidorabelis...@gmail.com wrote: (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: Disk reports to be 14762MB in size Device is FAKE: Failed to verify data at 1248MB Do you still get this if you unmount the drive before running the test? We should probably do that anyway I guess. Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] 389ds and certificateExactMatch - is it supported?
On 28 Jan 2015, at 6:33 PM, Rich Megginson rmegg...@redhat.com wrote: Does 389ds offer certificateExactMatch support as per the RFCs? No, that's why it is commented out. We do not have support for the certificate* matching rules. That's why we just use octetString i.e. it just does a memcmp(). I’ve been trying the option of using octetStringMatch with a filter that looks like this: (userCertificate=#308203aa3082[snip]) The error I get back is: LDAP: error code 11 - Administrative Limit Exceeded A number of questions: - The encoding was obtained from the java javax.naming.ldap.Rdn class, which seems to want to encode the DER byte array of the certificate being searched for as a hash symbol followed by hex digits, as opposed to \00\11\22 (etc) as seen in many examples online. Is this encoding correct? (I assume it is). - I noticed that no index existed for userCertificate, so I added an index on equality. The searches still take a very long time (with Directory Manager) and Administrative limit exceeded with normal users. Am I right in understanding that userCertificate searches are not filtered? Regards, Graham — -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] 389ds and certificateExactMatch - is it supported?
On 01/28/2015 09:09 AM, Graham Leggett wrote: Hi all, After struggling to get a certificateExactMatch query to work, I’ve discovered that in 389ds the certificateExactMatch rule in the schema has been marked as commented out like this: # TODO - Add Certificate syntax #attributeTypes: ( 2.5.4.36 NAME 'userCertificate' # DESC 'X.509 user certificate' # EQUALITY certificateExactMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523’) Does 389ds offer certificateExactMatch support as per the RFCs? No, that's why it is commented out. We do not have support for the certificate* matching rules. That's why we just use octetString i.e. it just does a memcmp(). Simply uncommenting out the above results in startup failure below: [28/Jan/2015:15:55:53 +] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-monica/schema/05rfc4523.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type userCertificate: Unknown attribute syntax OID “1.3.6.1.4.1.1466.115.121.1.8 Regards, Graham — -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: Does anyone have fake flash drives?
On 28.01.2015 17:26, Richard Hughes wrote: On 28 January 2015 at 16:05, poma pomidorabelis...@gmail.com wrote: # gnome-multi-writer-probe --verbose /dev/sde Failed to scan device: Failed to open /dev/sde Hmm, you're root -- do you have any SELinux messages? I'm basically trying to do open(block_dev, O_RDWR | O_SYNC) Richard That device is gone, precisely NAND ist kaputt. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] 389ds and certificateExactMatch - is it supported?
On 01/28/2015 09:43 AM, Graham Leggett wrote: On 28 Jan 2015, at 6:33 PM, Rich Megginson rmegg...@redhat.com wrote: Does 389ds offer certificateExactMatch support as per the RFCs? No, that's why it is commented out. We do not have support for the certificate* matching rules. That's why we just use octetString i.e. it just does a memcmp(). I’ve been trying the option of using octetStringMatch with a filter that looks like this: (userCertificate=#308203aa3082[snip]) The error I get back is: LDAP: error code 11 - Administrative Limit Exceeded A number of questions: - The encoding was obtained from the java javax.naming.ldap.Rdn class, which seems to want to encode the DER byte array of the certificate being searched for as a hash symbol followed by hex digits, That might be ok for DN/RDN values - see http://tools.ietf.org/html/rfc4514 as opposed to \00\11\22 (etc) as seen in many examples online. Is this encoding correct? (I assume it is). No. In order to use the value in an LDAP search filter, you must use http://tools.ietf.org/html/rfc4515 encoding. - I noticed that no index existed for userCertificate, so I added an index on equality What were the exact steps you performed? Because below sounds like there is no index e.g. created by doing a db2index[.pl], and it is falling back to looking through every entry, and you are hitting the lookthrough limit. The searches still take a very long time (with Directory Manager) and Administrative limit exceeded with normal users. Am I right in understanding that userCertificate searches are not filtered? Regards, Graham — -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: Does anyone have fake flash drives?
On 28.01.2015 16:48, Richard Hughes wrote: On 28 January 2015 at 15:40, poma pomidorabelis...@gmail.com wrote: my repo is actually what? Fixed, thanks! It's actually pointing to http://people.freedesktop.org/~hughsient/fedora/21/x86_64/ Richard # udisksctl info --block-device /dev/sde /org/freedesktop/UDisks2/block_devices/sde: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice:'/' Device: /dev/sde DeviceNumber: 2112 Drive: '/org/freedesktop/UDisks2/drives/USB_Flash_Disk_USB_Flash_Disk_0_3a0' HintAuto: true HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: false Id: IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice:/dev/sde ReadOnly: false Size: 0 Symlinks: /dev/disk/by-id/usb-USB_Flash_Disk-0:0 /dev/disk/by-path/pci-:00:04.1-usb-0:1:1.0-scsi-0:0:0:0 # gnome-multi-writer-probe --verbose /dev/sde Failed to scan device: Failed to open /dev/sde -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
[389-users] 389ds and certificateExactMatch - is it supported?
Hi all, After struggling to get a certificateExactMatch query to work, I’ve discovered that in 389ds the certificateExactMatch rule in the schema has been marked as commented out like this: # TODO - Add Certificate syntax #attributeTypes: ( 2.5.4.36 NAME 'userCertificate' # DESC 'X.509 user certificate' # EQUALITY certificateExactMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523’) Does 389ds offer certificateExactMatch support as per the RFCs? Simply uncommenting out the above results in startup failure below: [28/Jan/2015:15:55:53 +] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-monica/schema/05rfc4523.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type userCertificate: Unknown attribute syntax OID “1.3.6.1.4.1.1466.115.121.1.8 Regards, Graham — -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: Does anyone have fake flash drives?
On 28 January 2015 at 16:05, poma pomidorabelis...@gmail.com wrote: # gnome-multi-writer-probe --verbose /dev/sde Failed to scan device: Failed to open /dev/sde Hmm, you're root -- do you have any SELinux messages? I'm basically trying to do open(block_dev, O_RDWR | O_SYNC) Richard -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Does anyone have fake flash drives?
# udisksctl info --block-device /dev/sde /org/freedesktop/UDisks2/block_devices/sde: org.freedesktop.UDisks2.Block: Configuration: [] CryptoBackingDevice:'/' Device: /dev/sde DeviceNumber: 2112 Drive: '/org/freedesktop/UDisks2/drives/Manufacturer_Product_SerialNumber' HintAuto: true HintIconName: HintIgnore: false HintName: HintPartitionable: true HintSymbolicIconName: HintSystem: false Id: by-id-usb-Manufacturer_Product_SerialNumber-0:0 IdLabel: IdType: IdUUID: IdUsage: IdVersion: MDRaid: '/' MDRaidMember: '/' PreferredDevice:/dev/sde ReadOnly: false Size: 15479597056 Symlinks: /dev/disk/by-id/usb-Manufacturer_Product_SerialNumber-0:0 /dev/disk/by-path/pci-:00:04.1-usb-0:1:1.0-scsi-0:0:0:0 org.freedesktop.UDisks2.PartitionTable: Type: dos # gnome-multi-writer-probe --verbose /dev/sde (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: Disk reports to be 14762MB in size (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 32MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 64MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 96MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 128MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 160MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 192MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 224MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 256MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 288MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 320MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 352MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 384MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 416MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 448MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 480MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 512MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 544MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 576MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 608MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 640MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 672MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 704MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 736MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 768MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 800MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 832MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 864MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 896MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 928MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 960MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 992MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1024MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1056MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1088MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1120MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1152MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1184MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1216MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: read 32768 @ 1248MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768 @ 32MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768 @ 64MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768 @ 96MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768 @ 128MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768 @ 160MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768 @ 192MB (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: wrote 32768
SMS VMG reader
Greetings, Is there a Linux-based RPM-distributed reader of VMG files. From what I can tell, SMS messages are stored in VMG files, a text file that is marked-up similarly to VCF files. Much thanks! Max Pyziur p...@brama.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Does anyone have fake flash drives?
On 28.01.2015 17:37, Richard Hughes wrote: On 28 January 2015 at 16:30, poma pomidorabelis...@gmail.com wrote: (gnome-multi-writer-probe:11677): GnomeMultiWriter-DEBUG: Disk reports to be 14762MB in size Device is FAKE: Failed to verify data at 1248MB Do you still get this if you unmount the drive before running the test? We should probably do that anyway I guess. Richard Unmounted: Device is FAKE: Failed to verify data at 1248MB Mounted: Device is GOOD -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On Wed, Jan 28, 2015 at 02:21:41PM +, Norah Jones wrote: Can someone describe in detail about the Ghost security hole. And is there any patch or a solution to fix it? This was a problem fixed in glibc 2.18, so that version, as shipped in F20, and 2.20, as we have in F21, are not vulnerable. If you are running F19 or earlier, you should update. If you're running (a supported version of) a different Linux distribution with an old version, patches are likely available. -- Matthew Miller mat...@fedoraproject.org Fedora Project Leader -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: What is Ghost i.e security hole in the Linux?
On 01/28/2015 01:19 PM, Matthew Miller wrote: On Wed, Jan 28, 2015 at 02:21:41PM +, Norah Jones wrote: Can someone describe in detail about the Ghost security hole. And is there any patch or a solution to fix it? This was a problem fixed in glibc 2.18, so that version, as shipped in F20, and 2.20, as we have in F21, are not vulnerable. If you are running F19 or earlier, you should update. I installed the F20 glibc on my F19 system. The ghosttest.c test program now shows my F19 as no longer vulnerable. # yum --releasever=20 update glibc YMMV If you're running (a supported version of) a different Linux distribution with an old version, patches are likely available. -- Kevin J. Cummings kjch...@verizon.net cummi...@kjchome.homeip.net cummi...@kjc386.framingham.ma.us Registered Linux User #1232 (http://www.linuxcounter.net/) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Suddenly can't get nameserver resolution on FC21 after ...
I have a Linux workstation with 2 network cards - one to get to the internet (so that I can work remotely from my home office) and one for my local lan (other machines, printers, etc.) About a week ago I updated it from FC20 to FC21 and had absolutely no problems. Everything was working smoothly and I was able to use both networks with no problems. Then one of my 2 network cards died (SIDS I think) and I replaced it with another of a different model. I did have to system-config-network-gui to set the network parameters correctly and for two days it ran fine. However I had a system crash (bad disk) yesterday (user files - nothing related to the system) and after that I replaced the drive and rebooted. However from that point on I no longer get name resolution from my ISP's 2 name servers. The new card is still working correctly (and if I know the IP address I can get to my office, web pages, etc. However if I try to do a ping host or nslookup host or traceroute host, I have to wait until the command times out (or hit delete and kill the command) and eventually I get a variation on CANNOT CONNECT TO HOST or some such. I have checked my ifcfg-* files under /etc/sysconfig/ (all 3 links of each of the 2 nics) and they are unchanged. My /etc/hosts file is unchanged, and there is nothing in /var/log messages to indicate what the problem is (nor does dmesg show anything unexpected). In short I have a heavy-duty workstation which should be able to connect to the internet but can't. Any suggestions will be appreciated, and any requests for further information will be answered. This one is driving me crazy at this point. Thanks in advance, - wwa -- william w. austin aire...@att.net life is just another phase i'm going through. this time, anyway ... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: End of 32-bit support?
On 28.01.2015 17:17, Matthew Miller wrote: On Sat, Jan 24, 2015 at 08:37:59AM +0100, Ralf Corsepius wrote: Hatters, or from Red Hatters working in their spare time. (Of course, as RH often does, many of the high-output contributors end up applying for and getting RH jobs, skewing the picture.) Well, I am observing quite a few people from major enterprises (RH business partners?) who are working on secondary archtectures, but I've very rarely (I don't recall any such incident) tripped over community folks who are working on them. Sometimes Red Hat business partners, but that doesn't mean that it's at Red Hat's direction. Overall, this is one of the few areas where we have money and paid effort flowing into the project that *isn't* coming from Red Hat, and I don't think that's a bad thing. These are community folks too, at least if we're doing it right. Additionally, I'm not privy to Red Hat's architecture strategy, but as far as I know, 32 bit ARM — currently our only primary non-x86 arch! — is not of particular corporate interest. It's obvious to me the aarch64 is RH's business interest. But aarch64 and 32-bit arm are _completely_ different architectures. I also think it's a little unfair to frame this as a conflict, overall. It may be the case that Red Hat is less interested in paying people to work on 32-bit x86 (although I don't actually know that to be a fact). But this is just like any other contributor to the community — you can't make people do work they're not interested in. Right, but that's not my point: My points are: - I once more feel pushed/tossed around by RH's interest and RH-Fedora-people who obviously don't properly separate RH and Community. I can't argue with feelings, but I also am not really sure what separation you're looking for here and how it would affect this. - Support for i386 falls out as a by-product at almost Zero-costs of the existing process. I don't think that's true at all. It signficantly increases QA load, and we're struggling a lot with release engineering being able to cope with Fedora at its current scale. Cutting back here has an clear benefit (whether or not it's significant enough to outweigh the other wide isn't settled, of course). More significantly, the Fedora kernel team tells me that _they_ don't feel like they have the resources to really honestly support the 32-bit kernel — and the rest all falls out from that. You write as if you - Fedora/Red Hat lack people capable of maintaining the kernel as if it were something special - they are not kernel developers. What Josh works except to maintains the kernel? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Suddenly can't get nameserver resolution on FC21 after ...
On 01/28/2015 07:02 AM, William W. Austin wrote: I have checked my ifcfg-* files under/etc/sysconfig/ (all 3 links of each of the 2 nics) and they are unchanged. My /etc/hosts file is unchanged DNS is configured in /etc/resolv.conf. Look there. Attempt to ping your DNS servers to verify they are reachable. Use dig to query them directly: dig @dns IP address hostname -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: top command question
On 01/27/2015 05:51 PM, jd1008 wrote: Is there a version of top that will show per cpu loads? Press '1' on your keyboard to see per-CPU utilization in the standard 'top' application. Note that load is not a measure of CPU utilization. Load is simply the average number of processes in a non-sleeping state over a given period of time, usually 1, 5, and 15 minutes. A process counts toward load if it is running (using CPU) or in an IO call (usually to disk or network), or in another syscall. Load applies to a host as a whole. There is no such thing as per-cpu load. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Net install of Fedora 21: use local installation source
On 01/27/2015 08:24 PM, Chris Stankevitz wrote: Thank you very much for the reply. However I am asking about which URL I should place in the installation source field when installing a fresh copy of Fedora 21 server. this is when I am installing fedora before I have a proper file system. Use the os URL as the source. You can specify additional sources as well. If you provide the updates URL as an additional source, Anaconda will install the newest package available, so that the installed system should be fully updated. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: WiFi - Atheros - miniPCIe
On 01/28/2015 09:09 AM, poma wrote: On 27.01.2015 21:42, Stephen Morris wrote: On 01/28/2015 03:17 AM, poma wrote: On 25.01.2015 13:46, poma wrote: On 25.01.2015 00:05, Stephen Morris wrote: ... pci adapter. The only problem I have now is that it is very hard to get devices that support Linux from retail stores. Help yourself with these two references to search: http://wireless.kernel.org https://wikidevi.com Another reference: https://www.thinkpenguin.com/catalog/wireless-networking-gnulinux It seems Atheros is popular, - USB: AR9271 AR7010+AR9280 https://wireless.wiki.kernel.org/en/users/drivers/ath9k_htc http://linuxwireless.sipsolutions.net/en/users/Drivers/ath9k_htc https://wikidevi.com/wiki/Atheros_AR9271 https://wikidevi.com/wiki/Atheros_AR7010 - (Mini)PCI(e): AR9223 AR9227 AR9281 AR9285 AR9382 https://wireless.wiki.kernel.org/en/users/drivers/ath9k http://linuxwireless.sipsolutions.net/en/users/Drivers/ath9k https://wikidevi.com/wiki/Atheros Thanks poma, I looked at those pages but none of the devices that I can see listed there are ac devices they all appear to be only up to n. I'm trying to get ac support in Linux. Data(modelchipset) for these two devices are matched: http://linuxwireless.sipsolutions.net/en/users/Drivers/ath10k/#Supported_Devices ath10k supports Qualcomm Atheros 802.11ac QCA98xx hw2.0 based devices, ... - QCA9882 Version 2 found in Compex acWave: WLE600V5-23 - QCA9880 Version 2 found in Compex acWave: WLE900V5-23 http://www.compexshop.com/index.php/cPath/57_103 Atheros miniPCIe 802.11ac cards 5GHz - COMPEX WLE600V5-23 miniPCIe module, AR9882, 802.11ac, 2*2MIMO http://compexshop.com/product_info.php/cPath/57_103/products_id/447 - COMPEX WLE900V5-23 miniPCIe module, AR9880, 802.11ac, 3*3MIMO http://compexshop.com/product_info.php/cPath/57_103/products_id/445 Undoubtedly try to contact devs to confirm you these devices are truly supported. Good Luck! Thanks poma, I missed this info when I looked yesterday morning. Its looking like I'm going to have to go back to my N pci wireless card that is using the ATH9K driver as the rtl8812AU driver you pointed me at on git seems to be frequently crashing the kernel (I get frequent kernel core abends that can't be reported because the kernel is tainted). It may be coincidence but when immediately after the kernel issue the wifi interface activates I'm assuming its that driver that caused the issue. attachment: samorris.vcf-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org