[gentoo-user] Can't compile opal.

[Mike Diehl]

Hi

I'm trying to finish an emerge world and I'm stumbling on getting opal to 
compile so it can continue.

I'm running on an AMD proc with i686 arch in my make.conf file.  So, the no 
such instruction error message is baffleing.

It seems to die with slightly different instruction errors each time, but it 
never finishes compiling/linking this file.

Any ideas would be welcome.

Thanx,
Mike.

Here are the compiler/linker errors:
===
i686-pc-linux-gnu-g++ -D_REENTRANT -Wall  -fPIC -DPIC -DPASN_NOPRINTON 
-DPASN_LEANANDMEAN 
-I/var/tmp/portage/net-libs/opal-2.2.11/work/opal-2.2.11/include  
-DPASN_NOPRINTON   -O2 -mtune=i686 -pipe  -c 
/var/tmp/portage/net-libs/opal-2.2.11/work/opal-2.2.11/src/asn/h245_1.cxx -o 
/var/tmp/portage/net-libs/opal-2.2.11/work/opal-2.2.11/lib/obj_linux_x86_n/h245_1.o
{standard input}: Assembler messages:
{standard input}:134929: Warning: end of file not at end of a line; newline 
inserted
{standard input}:135642: Error: no such instruction: `mo'
i686-pc-linux-gnu-g++: Internal error: Killed (program cc1plus)
Please submit a full bug report.
See http://bugs.gentoo.org/> for instructions.
make: *** 
[/var/tmp/portage/net-libs/opal-2.2.11/work/opal-2.2.11/lib/obj_linux_x86_n/h225_2.o]
 
Error 1
make: *** Waiting for unfinished jobs
 *
 * ERROR: net-libs/opal-2.2.11 failed.
 * Call stack:
 *   ebuild.sh, line   46:  Called src_compile
 * environment, line 2326:  Called die
 * The specific snippet of code:
 *   emake ${makeopts} opt || diefunc "$FUNCNAME" "$LINENO" "$?" "make 
failed"
 *  The die message:
 *   make failed
 *
 * If you need support, post the topmost build error, and the call stack if 
relevant.
 * A complete build log is located 
at '/var/tmp/portage/net-libs/opal-2.2.11/temp/build.log'.
 * The ebuild environment file is located 
at '/var/tmp/portage/net-libs/opal-2.2.11/temp/environment'.

-- 
Mike Diehl
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Creating a restricted user

[Mick]

On Wednesday 12 December 2007, Dirk Heinrichs wrote:
> Am Mittwoch, 12. Dezember 2007 schrieb Grant:

> > I've noticed when adding this kind of a user in the past they are able to
> > look at files all around the system that I'd prefer they can't.
>
> Why? System directories look nearly the same on any Linux system, so it
> doesn't really make sense to restrict read access to them. For other,
> private directories you could take away permissions for "others" (i.e.
> chmod 750 mydir) and in addition _don't_ put that user in the users group,
> or use ACLs for more fine grained access control (see man getfacl, man
> setfacl).

Only to add to the above that as an alternative to having a users group for 
all your users you can instead create a  group for each user_name.  
This way you isolate your users from each other as long as the 
user_name:users ownerships become user_name:user_name.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] DMZ on an vmware gentoo guest running on winXP host

[Mick]

On Thursday 13 December 2007, [EMAIL PROTECTED] wrote:
> Setup:
> Home Lan with principle desktop machine running Gentoo.
> Three other machines running WinXP that are a trio of video and sound
> editing machines.  And finally my wifes WinXP machine in antoher room.
> All connected by Gigabit lan thru a netgear FVP318 router/firewall.
>
> I want to begin scanning thru the traffic that bounces off my
> router/firewall.
>
> The router logs themselves are in a bad cumbersom format.  And if I
> use an available option to output them to a lan System logger the
> information is greatly truncated and nearly useless.
>
> Router logs can be emailed but again they are cumbersom and clunky.
> That how I currently look through them.
>
> So cutting to the chase, I don't want to even mess around with those
> methods.  Been there done that... didn't like it.
>
> The router has an option to route traffic to a DMZ machine.  In the
> past when I got this same urge 2 or so years ago  I setup an Openbsd
> OS on an older PC.  Buttoned it down what little I knew to do and had
> lots of fun with incoming traffic I mean just studying and being
> amazed etc.
>
> I want to do that again but don't have that old machine anymore and
> don't want the unfamiliar hassle of relearning whatever I knew about
> OpenBSD.
>
> I don't want the hassle of hardening my main desktop... preferring to
> keep it pretty loose behind the firewall. Running a lan webserver and
> the like.
>
> I wondered if any of the security buffs here could tell me if a vmware
> gentoo guest running on one of the winXP boxes could be setup to have
> an independant tap on the Firewall as DMZ and not be offering every
> hack whiz out there a shot at my home lan.
>
> As I remember you can setup vmware with its own network address, not
> sharing its hosts address to some degree.
>
> But I wondered.., since any traffic is really going thru that WinXP
> hosts nic one way or another if it would be as safe as a truly
> independant host with its own ethernet wire to the router. (which is
> switched).
>
> Would I likely be opening my lan up for some christmas shopping by
> having a gentoo guest on a WinXP host running as a DMZ machine?
> It would be pretty barebones with a IPTABLE setup for logging and
> tagging or whatever I get interested in doing with the traffic.
>
> No X server or other frills.

A rather simpler solution to do this would be to get hold of hub, connect it 
to the firewall and watch everything that passes through it.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Hardening a laptop for travel

[Grant]

> > I don't know, now that I've set up shorewall on my router it seems
> > like a simple matter to set it up on another machine.  I should only
> > need to edit a few config files with very light additions.
> >
> > - Grant
>
> Understand - to be honest I have moved to shorewall on almost all my
> machines for uniformity, even though its rather more complex than
> needed.
>
>
> BillK

How does this /etc/shorewall/rules look for my router?

DNS/ACCEPT  $FW net
Ping/REJECT net $FW
DNATnet loc:192.168.0.3 tcp 5
DNATnet loc:192.168.0.3 udp 5
ACCEPT  $FW loc icmp
ACCEPT  $FW net icmp

Does this reject ssh requests from the net zone or do I need to
specify that?  It looks like maybe there is another set of basic
ACCEPT/REJECT configs that this is modifying.  Does anyone know which
file that might reside in?  If this looks good I'll set up something
similar on the laptop.

- Grant
-- 
[EMAIL PROTECTED] mailing list

[gentoo-user] Re: Creating a restricted user

[Grant]

> I'd like to create a really restricted user on my laptop.  I don't
> want the user to be able to do much of anything but browse the web,
> use skype, and maybe look at photos on a CD or something.  I did this:
>
> useradd -m -G users,audio,cdrom -s /sbin/nologin newuser
>
> How does that look?  I've noticed when adding this kind of a user in
> the past they are able to look at files all around the system that I'd
> prefer they can't.  Is there a good method for restricting that?
> Maybe remove the users group?  Is a weak password OK with this setup
> since there's no shell access?

Apparently -s /sbin/nologin wasn't such a good idea since the user
then can't log in via GDM.  Makes sense.  I want the user to be able
to log in via GDM but not via ssh.  Is that configured in ssh?

- Grant
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Re: Creating a restricted user

[Rumen Yotov]

Grant написа:
>> I'd like to create a really restricted user on my laptop.  I don't
>> want the user to be able to do much of anything but browse the web,
>> use skype, and maybe look at photos on a CD or something.  I did this:
>>
>> useradd -m -G users,audio,cdrom -s /sbin/nologin newuser
>>
>> How does that look?  I've noticed when adding this kind of a user in
>> the past they are able to look at files all around the system that I'd
>> prefer they can't.  Is there a good method for restricting that?
>> Maybe remove the users group?  Is a weak password OK with this setup
>> since there's no shell access?
> 
> Apparently -s /sbin/nologin wasn't such a good idea since the user
> then can't log in via GDM.  Makes sense.  I want the user to be able
> to log in via GDM but not via ssh.  Is that configured in ssh?
> 
> - Grant
Hi Grant,

Googling with 'restricted shell' returns some hints:
1.rsh (restricted shell) - looks that it's rather easy exit from it;
2.rssh - works with openssh (allows scp, sftp, rdist, rsync, and cvs);
3. rbash or bash with --restricted IIRC option;
4. check "zsh -r" vaguely remember the syntax, check about festures.
HTH. Rumen



smime.p7s
Description: S/MIME Cryptographic Signature

[gentoo-user] gaming kernel

[James]

Hello,


I use the gentoo kernel series for my production systems.
On my gaming system, I have a 2.6.22-gentoo-r8 kernel
that works very well for gaming (bzflag). It an amd64
with 2 gig of ram.


I've tried to build a 2.6.23-getnoo-r3 kernel for gaming
and it performs very poorly with no other changes except
to recompile the ati-drivers and bzflag. (too much jitter
and too much lag). The game jerks around the updates to the
graphics and the game kicks me off for too much jitter 
and lag.

I can revert back to the 2.6.22-gentoo-r8 kernel and everything
is still fast  without issues. I build and keep several kernels
so building one for testing evaluation is not a problem,
(gotta love grub). At first I made no changes between the 2
kernels. Now I have tried to lower the clock settings and such
to make things more real time. Nothing I have tried seems to work
as good and the old setting (2.6.22-r8) and those setting do
not work for 2.6.23-r3.+

Here are some of the config-2.6.23-gentoo-r3 kernel settings for 
kernel-2.6.23-gentoo-r3.


I'm looking for suggestion on kernel build parameters to change,
or an explanation as to how to build (optimize) a kernel for gaming.



CONFIG_X86_64=y
CONFIG_64BIT=y
CONFIG_X86=y
CONFIG_GENERIC_TIME=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_GENERIC_CMOS_UPDATE=y
CONFIG_ZONE_DMA32=y
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_MMU=y
CONFIG_ZONE_DMA=y
CONFIG_RWSEM_GENERIC_SPINLOCK=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_X86_CMPXCHG=y
CONFIG_EARLY_PRINTK=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_IOMAP=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_ARCH_POPULATES_NODE_MAP=y
CONFIG_DMI=y
CONFIG_AUDIT_ARCH=y
CONFIG_GENERIC_BUG=y
# CONFIG_ARCH_HAS_ILOG2_U32 is not set
# CONFIG_ARCH_HAS_ILOG2_U64 is not set
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"


# General setup
#
CONFIG_EXPERIMENTAL=y
CONFIG_LOCK_KERNEL=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
# CONFIG_BSD_PROCESS_ACCT is not set
# CONFIG_TASKSTATS is not set
# CONFIG_USER_NS is not set
# CONFIG_AUDIT is not set
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=15
# CONFIG_CPUSETS is not set
CONFIG_SYSFS_DEPRECATED=y
# CONFIG_RELAY is not set
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_SYSCTL=y
# CONFIG_EMBEDDED is not set
CONFIG_UID16=y
CONFIG_SYSCTL_SYSCALL=y
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_EXTRA_PASS is not set
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_ANON_INODES=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
# CONFIG_SLOB is not set
CONFIG_RT_MUTEXES=y
# CONFIG_TINY_SHMEM is not set
CONFIG_BASE_SMALL=0
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
CONFIG_KMOD=y
CONFIG_STOP_MACHINE=y
CONFIG_BLOCK=y
# CONFIG_BLK_DEV_IO_TRACE is not set
# CONFIG_BLK_DEV_BSG is not set

# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
# CONFIG_IOSCHED_AS is not set
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
# CONFIG_DEFAULT_AS is not set
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="cfq"
# Processor type and features
#
CONFIG_X86_PC=y
# CONFIG_X86_VSMP is not set
CONFIG_MK8=y
# CONFIG_MPSC is not set
# CONFIG_MCORE2 is not set
# CONFIG_GENERIC_CPU is not set
CONFIG_X86_L1_CACHE_BYTES=64
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_INTERNODE_CACHE_BYTES=64
CONFIG_X86_TSC=y
CONFIG_X86_GOOD_APIC=y
CONFIG_MICROCODE=y
CONFIG_MICROCODE_OLD_INTERFACE=y
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_MTRR=y
CONFIG_SMP=y
CONFIG_SCHED_SMT=y
CONFIG_SCHED_MC=y
# CONFIG_PREEMPT_NONE is not set
# CONFIG_PREEMPT_VOLUNTARY is not set
CONFIG_PREEMPT=y
CONFIG_PREEMPT_BKL=y
CONFIG_NUMA=y
CONFIG_K8_NUMA=y
CONFIG_NODES_SHIFT=6
CONFIG_X86_64_ACPI_NUMA=y
CONFIG_NUMA_EMU=y
CONFIG_ARCH_DISCONTIGMEM_ENABLE=y
CONFIG_ARCH_DISCONTIGMEM_DEFAULT=y
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_SELECT_MEMORY_MODEL=y
# CONFIG_FLATMEM_MANUAL is not set
CONFIG_DISCONTIGMEM_MANUAL=y
# CONFIG_SPARSEMEM_MANUAL is not set
CONFIG_DISCONTIGMEM=y
CONFIG_FLAT_NODE_MEM_MAP=y
CONFIG_NEED_MULTIPLE_NODES=y
# CONFIG_SPARSEMEM_STATIC is not set
# CONFIG_MEMORY_HOTPLUG is not set
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_MIGRATION=y
CONFIG_RESOURCES_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
CONFIG_HAVE_ARCH_EARLY_PFN_TO_NID=y
CONFIG_OUT_OF_LINE_PFN_TO_PAGE=y
CONFIG_NR_CPUS=32
CONFIG_PHYSICAL_ALIGN=0x20
CONFIG_HOTPLUG_CPU=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_HPET_TIMER=y
# CONFIG_HPET_EMULATE_RTC is not set
CONFIG_IOMMU=y
# CONFIG_CALGARY_IOMMU is not set
CONFIG_SWIOTLB=y
CONF

Re: [gentoo-user] Hardening a laptop for travel

[Grant]

> > > I don't know, now that I've set up shorewall on my router it seems
> > > like a simple matter to set it up on another machine.  I should only
> > > need to edit a few config files with very light additions.
> > >
> > > - Grant
> >
> > Understand - to be honest I have moved to shorewall on almost all my
> > machines for uniformity, even though its rather more complex than
> > needed.
> >
> >
> > BillK
>
> How does this /etc/shorewall/rules look for my router?
>
> DNS/ACCEPT  $FW net
> Ping/REJECT net $FW
> DNATnet loc:192.168.0.3 tcp 5
> DNATnet loc:192.168.0.3 udp 5
> ACCEPT  $FW loc icmp
> ACCEPT  $FW net icmp
>
> Does this reject ssh requests from the net zone or do I need to
> specify that?  It looks like maybe there is another set of basic
> ACCEPT/REJECT configs that this is modifying.  Does anyone know which
> file that might reside in?  If this looks good I'll set up something
> similar on the laptop.
>
> - Grant

I was looking for the /etc/shorewall/policy file.  Something weird
though.  I have this in my policy file:

net $FW DROP
net loc DROP
net all DROP

And yet I'm able to ssh from a machine on the local network to the
router via the external IP address.  Does the router still know I'm
coming from the inside and thus allow it or is something wrong here?

- Grant
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] gaming kernel

[Hemmann, Volker Armin]

On Donnerstag, 13. Dezember 2007, James wrote:

> # CONFIG_PREEMPT_VOLUNTARY is not set

betwen 2.6.22 and 2.6.23 the new scheduler was introduced. Most people (like 
me) have had positive results related to gaming. But maybe bzflag is stupidly 
coded?

Nonetheless you should try 'voluntary' preemption, stop using numa if you 
don't have a numa box, stop using smt, if you don't have intel hyperthreading 
cpus nd try a vanilla kernel.org kernel like 2.6.23.9.
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] DMZ on an vmware gentoo guest running on winXP host

[Shawn Haggett]

[EMAIL PROTECTED] wrote:

Setup:
Home Lan with principle desktop machine running Gentoo. 
Three other machines running WinXP that are a trio of video and sound

editing machines.  And finally my wifes WinXP machine in antoher room.
All connected by Gigabit lan thru a netgear FVP318 router/firewall.

I want to begin scanning thru the traffic that bounces off my
router/firewall.

The router logs themselves are in a bad cumbersom format.  And if I
use an available option to output them to a lan System logger the
information is greatly truncated and nearly useless.

Router logs can be emailed but again they are cumbersom and clunky.
That how I currently look through them.

So cutting to the chase, I don't want to even mess around with those
methods.  Been there done that... didn't like it.

The router has an option to route traffic to a DMZ machine.  In the
past when I got this same urge 2 or so years ago  I setup an Openbsd
OS on an older PC.  Buttoned it down what little I knew to do and had
lots of fun with incoming traffic I mean just studying and being
amazed etc. 


I want to do that again but don't have that old machine anymore and
don't want the unfamiliar hassle of relearning whatever I knew about
OpenBSD.

I don't want the hassle of hardening my main desktop... preferring to
keep it pretty loose behind the firewall. Running a lan webserver and
the like.

I wondered if any of the security buffs here could tell me if a vmware
gentoo guest running on one of the winXP boxes could be setup to have
an independant tap on the Firewall as DMZ and not be offering every
hack whiz out there a shot at my home lan.

As I remember you can setup vmware with its own network address, not
sharing its hosts address to some degree.


Yes, vmware allows you to run it in bridged mode for networking. This 
means that while you just have the one physical network card, it appears 
from the point of view of the rest of the network to be two devices, 
with different MAC addresses and IP address.



But I wondered.., since any traffic is really going thru that WinXP
hosts nic one way or another if it would be as safe as a truly
independant host with its own ethernet wire to the router. (which is
switched). 


I'm not a security expert, but my gut feeling here is that it *should* 
be fine. The windows host should never really "see" the traffic, beyond 
the driver level I suspect, as the driver will see the packet has a 
different MAC address on it, and pass it to vmware to deal with. Of 
course that's not to say some specially crafted packet couldn't exist to 
break this. Or that if they can exploit your vmware machine, they might 
some how from there exploit vmware itself and then execute code on the 
windows machine. Depends how paranoid you want to be...



Would I likely be opening my lan up for some christmas shopping by
having a gentoo guest on a WinXP host running as a DMZ machine?
It would be pretty barebones with a IPTABLE setup for logging and
tagging or whatever I get interested in doing with the traffic.

No X server or other frills.


Just to make sure here, the only traffic that is going to arrive at the 
DMZ host will be inbound packets that aren't routed to another host (due 
to port forwarding or PnP rules). Traffic between the other machines and 
the internet will NEVER be seen, since it will travel from that machine 
straight to the router, and return packets will go straight back to that 
machine, not the DMZ system.


If all your wanting to do is see what people are doorknocking on your 
system (like the people that keep trying to guess passwords for my ssh 
server), then this should work.


Shawn
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] gaming kernel

[Shawn Haggett]

CONFIG_HZ_100=y
# CONFIG_HZ_250 is not set
# CONFIG_HZ_300 is not set
# CONFIG_HZ_1000 is not set
CONFIG_HZ=100


Smaller numbers here actually mean less clock interrupts per second. 
This means that the CPU doesn't have to spend as much time switching 
between processes. However it also means that a process will have to 
wait longer if another one is currently using the CPU. Higher numbers 
tend to be good for getting faster responses, since the process on 
average shouldn't have to wait as long to actually get back on the CPU.


I believe the help messages suggest 100Hz for a server, where 
responsiveness is not a problem, you just don't want the CPU wasting 
time switching processes lots. 250Hz and 300Hz are for more for desktop 
machines, and the 1000Hz for a really low latency desktop machine. So 
have you tried the high speeds?


Shawn

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] gaming kernel

[Philip Webb]

071214 Shawn Haggett wrote:
>> CONFIG_HZ_100=y
>> # CONFIG_HZ_250 is not set
>> # CONFIG_HZ_300 is not set
>> # CONFIG_HZ_1000 is not set
>> CONFIG_HZ=100
> Smaller numbers here actually mean less clock interrupts per second.
> ie the CPU doesn't have to spend as much time switching between processes,
> but also a process will have to wait longer
> if another is currently using the CPU.
> Higher numbers tend to be good for getting faster responses,
> since the process on average shouldn't have to wait as long
> to actually get back on the CPU.
> 1000Hz for a really low latency desktop machine.

I don't play games, but I've long had my desktop box using HZ_1000
& it has always been very responsive (now Intel Core 2 Duo, 2.6.23-r3).
That's certainly the first thing to try.

-- 
,,
SUPPORT ___//___,  Philip Webb : [EMAIL PROTECTED]
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT`-O--O---'  University of Toronto
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] gaming kernel

[Randy Barlow]

Philip Webb wrote:
> I don't play games, but I've long had my desktop box using HZ_1000
> & it has always been very responsive (now Intel Core 2 Duo, 2.6.23-r3).
> That's certainly the first thing to try.

I use 100 Hz on an old P3 desktop/server.  It's not a high traffic
server, but it does my web/email/taking over the world.  The desktop
environment can be pretty sluggish at times, but I keep it at 100 just
for efficiency.  Would I be best off to up the interrupt rate, or would
that hurt my serverness on my aging system?  The desktop sluggishness is
livable, but I wouldn't want any tcp connections to time out from not
being serviced (how long is a typical timeout anyhow?)

-- 
Randy Barlow
http://electronsweatshop.com
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] gaming kernel

[Hemmann, Volker Armin]

On Donnerstag, 13. Dezember 2007, Philip Webb wrote:
> 071214 Shawn Haggett wrote:
> >> CONFIG_HZ_100=y
> >> # CONFIG_HZ_250 is not set
> >> # CONFIG_HZ_300 is not set
> >> # CONFIG_HZ_1000 is not set
> >> CONFIG_HZ=100
> >
> > Smaller numbers here actually mean less clock interrupts per second.
> > ie the CPU doesn't have to spend as much time switching between
> > processes, but also a process will have to wait longer
> > if another is currently using the CPU.
> > Higher numbers tend to be good for getting faster responses,
> > since the process on average shouldn't have to wait as long
> > to actually get back on the CPU.
> > 1000Hz for a really low latency desktop machine.
>
> I don't play games, but I've long had my desktop box using HZ_1000
> & it has always been very responsive (now Intel Core 2 Duo, 2.6.23-r3).
> That's certainly the first thing to try.


I have the best results with 300Hz. With 1000Hz the kernel wastes to much time 
context switching. Compiling is slower, gaming FPS lower ...
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Re: Router/Firewall strangeness

[Dan Farrell]

On Thu, 06 Dec 2007 09:50:58 -0500
Billy Holmes <[EMAIL PROTECTED]> wrote:

> also look for entries where is says eth0 has entered promiscuous
> mode  
> - that's a sure fire sign you've been hacked.. unless you're running
> a virtual machine with a bridge, or your own packet sniffer/traffic  
> monitor - like ntop.


I have several machines that give that message, but I don't believe
they've been hacked.  Insight?  
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Re: Router/Firewall strangeness

[Dan Farrell]

On Thu, 6 Dec 2007 10:44:35 -0800
Grant <[EMAIL PROTECTED]> wrote:

> I'm going
> to try 2006.1 and Knoppix.
> 
> - Grant

You don't use minimals, grant?  I'm surprised.  I would never put a
liveCD in a computer if I could avoid it, myself.  
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Re: Router/Firewall strangeness

[Grant]

> > I'm going
> > to try 2006.1 and Knoppix.
> >
> > - Grant
>
> You don't use minimals, grant?  I'm surprised.  I would never put a
> liveCD in a computer if I could avoid it, myself.

What do you mean?

- Grant
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Silicon Image 3112 Raid Controller on Kernel 2.6.22 and 2.6.23 not working.

[Dan Farrell]

On Sat, 08 Dec 2007 15:51:31 +0100
Norman Rieß <[EMAIL PROTECTED]> wrote:

> David Relson schrieb:
> >
> >
> >
> > Hello Norman,
> >
> > I, too, have one of their controllers (identified by lspci as "RAID
> > bus controller: Silicon Image, Inc. PCI0680 Ultra ATA-133 Host
> > Controller (rev 02)".  It works ... kind of ...
> > 
> > read then reported "can't find cdrom device".  Not good!

the kernel might not have had drivers compiled in for the card, or
maybe it just wasn't where it expected.  I would recommend to anyone
not to put ATAPI cd rom drives on PCI or PCI-X boards -- it seems to
make them unhappy.  My SIL 680 wouldn't even let the computer boot with
a  CDRW on the off-board controller.  

> > To upgrade to 64-bit gentoo, I had to recable my box so that my
> > primary HD and the SONY were attached to the mobo.

yeah...

> > My rating of the SII card?  "OK -- sort of".

I have good things to say about the  PCI0680 Ultra ATA-133 Host
Controller (rev 02).  I bought it about 3 years ago, and use it for
important data on my server.  I am also very happy with the   SiI 3512
[SATALink/SATARaid] Serial ATA Controller (rev 01).  It looks like the
version number is quite a bit higher than yours, but I didn't have any
nasty problems with it, and have been running 2.6.22 from Nov 6, but
don't use any RAID and, as I said, the model is different.  

I still think of the Silicon Image line of budget controllers to be a
good choice for value buys.  The SATA I bought is now selling for
$10.85 on newegg: 
http://www.newegg.com/Product/Product.asp?Item=N82E16815124006R

> > Regards,
> >
> > David
> >
> >   
> Hello,
> 
> problem is, that my mobo has no other SATA Ports. Standard-ATA ports
> of the Motherboard is PATA.
> And i sort of can not blame the controller because the 2.6.20 kernel
> works perfectly. (As this post proofs :-)).
> 
> Regards,
> Norman
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Re: Hardening a laptop for travel

[Dan Farrell]

On Tue, 11 Dec 2007 08:22:45 +
Mick <[EMAIL PROTECTED]> wrote:

> Given that systems like e.g. Ubuntu server do not even have a
> firewall running would make you think so.  The fact that while on the
> road you only stay connected for short periods of time would improve
> your chances too.  However, every time you start an internet
> connection to a server you have open ports at random which could be
> discovered and exploited.  It only takes a few seconds over broadband
> with a well crafted script.

This is true; however, the actual "exploitability" of something like
this seems pretty low to me.  The biggest problem that I see here is
MITM/Spoofing probably, and it's a problem that firewalls only help
treat, but certainly don't cure completely.  
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Hardening a laptop for travel

[Dan Farrell]

On Mon, 10 Dec 2007 15:58:02 -0800
Grant <[EMAIL PROTECTED]> wrote:

> I don't know, now that I've set up shorewall on my router it seems
> like a simple matter to set it up on another machine.  I should only
> need to edit a few config files with very light additions.
> 
> - Grant

Either way you go, I wouldn't think it would take very long for you to
get a firewall up and running.  I personally use iptables manually
because I think it's easier than using shorewall to automatically
congfigure it.  But more abstraction _should_ make it easier, although
things don't always work out like that.  
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] OT: recommendation for C2D motherboard

[Kenneth Prugh]

On Thu, 13 Dec 2007 00:16:10 -0300
Norberto Bensa <[EMAIL PROTECTED]> wrote:

> Hello list,
> 
> I'm sorry for this very off-topic post but my MSI-P965 Platinum have  
> wreck it's first PCI-e slot and so did my NVidia 7900GS (I don't
> know which one died first but I'm pretty sure both are dead)
> 
> Although the motherboard is SLI and I could just buy a new GFX card,  
> the second slot -which is working BTW- is only 4X, and its position  
> would make impossible to use one of the two available PCI slots
> (there I've attached a SB Live 5.1 and a TV tunner.)
> 
> So the question is: which good motherboard would you recommend for
> an Intel Core2 Duo E6600?
> 
> (Less than a year, and these very expensive -here in Argentina-
> pieces are now junk. D*mn!)
> 
> 
> Many many many thanks in advance to everyone,
> Norberto
> 
> 
> 
> This message was sent using IMP, the Internet Messaging Program.
> 
> 

I use a Gigabyte P965-DS3 for my E6600. A good mobo, but beware of it's
marvell NIC if your using a pre .23 kernel.


signature.asc
Description: PGP signature

[gentoo-user] Kernel schedulers

[Jason Carson]

Greetings,

Where in the kernel config (make menuconfig) do I find the choice for
schedulers. The one I am currently using is "Anticipatory". What is the
newest and latest scheduler for 2.6.23?

Regards,

Jason Carson

-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Re: Router/Firewall strangeness

[Mick]

On Thursday 13 December 2007, Dan Farrell wrote:
> On Thu, 06 Dec 2007 09:50:58 -0500
>
> Billy Holmes <[EMAIL PROTECTED]> wrote:
> > also look for entries where is says eth0 has entered promiscuous
> > mode
> > - that's a sure fire sign you've been hacked.. unless you're running
> > a virtual machine with a bridge, or your own packet sniffer/traffic
> > monitor - like ntop.
>
> I have several machines that give that message, but I don't believe
> they've been hacked.  Insight?

Well, certain apps will put your interface into a promiscuous mode if they are 
trying to listen to the traffic arriving at it; e.g. tcpdump, ntop, 
wireshark, etc.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Kernel schedulers

[Andrey Falko]

On Dec 13, 2007 3:27 PM, Jason Carson <[EMAIL PROTECTED]> wrote:

> Greetings,
>
> Where in the kernel config (make menuconfig) do I find the choice for
> schedulers. The one I am currently using is "Anticipatory". What is the
> newest and latest scheduler for 2.6.23?
>
> Regards,
>
> Jason Carson
>
> --
> [EMAIL PROTECTED] mailing list
>
>

You probably want to use CFQ as it is currently the fastest; find it here:
Enable the block layer  --->
   IO Schedulers  --->

Re: [gentoo-user] Kernel schedulers

[Philip Webb]

071213 Jason Carson wrote:
> Where in 'make menuconfig' do I find the choice for schedulers.
> The one I am currently using is "Anticipatory". 
> What is the newest and latest scheduler for 2.6.23?

Try '/sched', which will get you started & lead you to
'Enable block layer -> IO Schedulers -> whatever you want'.
'?' get you help on the options ...

I seem to be using 'CFQ', which is apparently the default:
my desktop system is performing admirably.

-- 
,,
SUPPORT ___//___,  Philip Webb : [EMAIL PROTECTED]
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT`-O--O---'  University of Toronto
-- 
[EMAIL PROTECTED] mailing list

[gentoo-user] Kernel 2.6.23 and bcm4311 802.11b/g?

[Marzan, Richard non Unisys]

 

 

I'm trying to get my Broadcom 4311 b/g card to work with the native
kernel driver (bcm43xx) and b43-fwcutter but it's does not work. I
placed the extracted firmware code in /lib/firmware and dmesg states
that it failed to load the module. Has anyone gotten this card to work
and how? Any link or pointers would be greatly appreciated. 

 

 

Regards,

 

Richard

 

Re: [gentoo-user] Kernel schedulers

[Jason Carson]

I was reading this article (http://lwn.net/Articles/114770/) which says...

AS (Anticipatory Scheduler) still seems to be better for desktop systems
and IDE disks

... I have a server, not a desktop system but am using an IDE disk so
which scheduler is better for a server. Should I stay with anticipatory
because I am using an IDE disk or switch to something else because my
system is a server?


> 071213 Jason Carson wrote:
>> Where in 'make menuconfig' do I find the choice for schedulers.
>> The one I am currently using is "Anticipatory".
>> What is the newest and latest scheduler for 2.6.23?
>
> Try '/sched', which will get you started & lead you to
> 'Enable block layer -> IO Schedulers -> whatever you want'.
> '?' get you help on the options ...
>
> I seem to be using 'CFQ', which is apparently the default:
> my desktop system is performing admirably.
>
> --
> ,,
> SUPPORT ___//___,  Philip Webb : [EMAIL PROTECTED]
> ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
> TRANSIT`-O--O---'  University of Toronto
> --
> [EMAIL PROTECTED] mailing list
>
>


-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel schedulers

[Hemmann, Volker Armin]

On Donnerstag, 13. Dezember 2007, Jason Carson wrote:
> I was reading this article (http://lwn.net/Articles/114770/) which says...
>
> AS (Anticipatory Scheduler) still seems to be better for desktop systems
> and IDE disks
>
> ... I have a server, not a desktop system but am using an IDE disk so
> which scheduler is better for a server. Should I stay with anticipatory
> because I am using an IDE disk or switch to something else because my
> system is a server?

this article is acient.

Nowadays CFQ and deadline are the best choices. CFQ is the best choice for 
most desktops and most servers and for some servers and some selected 
desktops deadline is the best choice. 

Why not built all three and switch between them with the apropriate kernel 
command line. That way you can easily test which one is the best for you.
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel schedulers

[Joshua Doll]

Jason Carson wrote:

I was reading this article (http://lwn.net/Articles/114770/) which says...

AS (Anticipatory Scheduler) still seems to be better for desktop systems
and IDE disks

... I have a server, not a desktop system but am using an IDE disk so
which scheduler is better for a server. Should I stay with anticipatory
because I am using an IDE disk or switch to something else because my
system is a server?


  
That article is before the work began on the CFS/CFQ scheduler. There 
has been a lot of improvements made to the CFQ scheduler in the past year.


http://kerneltrap.org/node/8059

I don't know which one would be better for a server. If you aren't 
having any issues with the scheduler now I don't see a reason to switch.



--Joshua Doll

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel schedulers

[Andrey Falko]

On Dec 13, 2007 3:57 PM, Jason Carson <[EMAIL PROTECTED]> wrote:

> I was reading this article (http://lwn.net/Articles/114770/) which says...
>
The article is very old, take a look at this, newer one:
http://www.redhat.com/magazine/008jun05/features/schedulers/

>
> AS (Anticipatory Scheduler) still seems to be better for desktop systems
> and IDE disks
>
> ... I have a server, not a desktop system but am using an IDE disk so
> which scheduler is better for a server. Should I stay with anticipatory
> because I am using an IDE disk or switch to something else because my
> system is a server?
>
>
> > 071213 Jason Carson wrote:
> >> Where in 'make menuconfig' do I find the choice for schedulers.
> >> The one I am currently using is "Anticipatory".
> >> What is the newest and latest scheduler for 2.6.23?
> >
> > Try '/sched', which will get you started & lead you to
> > 'Enable block layer -> IO Schedulers -> whatever you want'.
> > '?' get you help on the options ...
> >
> > I seem to be using 'CFQ', which is apparently the default:
> > my desktop system is performing admirably.
> >
> > --
> > ,,
> > SUPPORT ___//___,  Philip Webb : [EMAIL PROTECTED]
> > ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
> > TRANSIT`-O--O---'  University of Toronto
> > --
> > [EMAIL PROTECTED] mailing list
> >
> >
>
>
> --
> [EMAIL PROTECTED] mailing list
>
>

Re: [gentoo-user] Hardening a laptop for travel

[William Kenworthy]

On Thu, 2007-12-13 at 13:09 -0600, Dan Farrell wrote:
> On Sat, 8 Dec 2007 13:41:06 -0500

> 
> I don't run iptables on my laptops.  Instead, I choose to run only a
> few secure services and then proceed to not worry about it.  
> 
hmmm - another target.

Firewalls can be viewed as a waste of time on a perfect system - but
what system is ever perfect?

Can you guarantee that no services that are untrustworthy will EVER run
on the machine - think accidental installs?  A couple of years back we
(local lug) had an incidence of a windows virus listening on a network
port of a linux machine - apparently something to do with running an
infected application under wine.  Its what you dont know that will bite
you.

Can you guarantee that there is never a bug in your software that might
leave you exposed?

Can you guarantee that you have have NEVER mis-configured a service or
application?

Thought not ...

Think layered defences
BillK


-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel schedulers

[Hemmann, Volker Armin]

On Donnerstag, 13. Dezember 2007, Joshua Doll wrote:
> Jason Carson wrote:
> > I was reading this article (http://lwn.net/Articles/114770/) which
> > says...
> >
> > AS (Anticipatory Scheduler) still seems to be better for desktop systems
> > and IDE disks
> >
> > ... I have a server, not a desktop system but am using an IDE disk so
> > which scheduler is better for a server. Should I stay with anticipatory
> > because I am using an IDE disk or switch to something else because my
> > system is a server?
>
> That article is before the work began on the CFS/CFQ scheduler. There
> has been a lot of improvements made to the CFQ scheduler in the past year.
>
> http://kerneltrap.org/node/8059

CFS and CFQ have NOTHING IN COMMON.

CFS is a TASK scheduler.

CFQ is a BLOCK IO scheduler.

Two completly different fields.

Please stop confusing this stuff, ok?

deadline/cfq/as is block IO stuff

cfs is about 'what app runs next' stuff.
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel schedulers

[Joshua Doll]

Hemmann, Volker Armin wrote:

On Donnerstag, 13. Dezember 2007, Joshua Doll wrote:
  

Jason Carson wrote:


I was reading this article (http://lwn.net/Articles/114770/) which
says...

AS (Anticipatory Scheduler) still seems to be better for desktop systems
and IDE disks

... I have a server, not a desktop system but am using an IDE disk so
which scheduler is better for a server. Should I stay with anticipatory
because I am using an IDE disk or switch to something else because my
system is a server?
  

That article is before the work began on the CFS/CFQ scheduler. There
has been a lot of improvements made to the CFQ scheduler in the past year.

http://kerneltrap.org/node/8059



CFS and CFQ have NOTHING IN COMMON.

CFS is a TASK scheduler.

CFQ is a BLOCK IO scheduler.

Two completly different fields.

Please stop confusing this stuff, ok?

deadline/cfq/as is block IO stuff

cfs is about 'what app runs next' stuff.
  

My mistake. Thanks for clearing that up for me.

--Joshua Doll
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel schedulers

[Hemmann, Volker Armin]

On Freitag, 14. Dezember 2007, Joshua Doll wrote:
> Hemmann, Volker Armin wrote:
> > On Donnerstag, 13. Dezember 2007, Joshua Doll wrote:
> >> Jason Carson wrote:
> >>> I was reading this article (http://lwn.net/Articles/114770/) which
> >>> says...
> >>>
> >>> AS (Anticipatory Scheduler) still seems to be better for desktop
> >>> systems and IDE disks
> >>>
> >>> ... I have a server, not a desktop system but am using an IDE disk so
> >>> which scheduler is better for a server. Should I stay with anticipatory
> >>> because I am using an IDE disk or switch to something else because my
> >>> system is a server?
> >>
> >> That article is before the work began on the CFS/CFQ scheduler. There
> >> has been a lot of improvements made to the CFQ scheduler in the past
> >> year.
> >>
> >> http://kerneltrap.org/node/8059
> >
> > CFS and CFQ have NOTHING IN COMMON.
> >
> > CFS is a TASK scheduler.
> >
> > CFQ is a BLOCK IO scheduler.
> >
> > Two completly different fields.
> >
> > Please stop confusing this stuff, ok?
> >
> > deadline/cfq/as is block IO stuff
> >
> > cfs is about 'what app runs next' stuff.
>
> My mistake. Thanks for clearing that up for me.
>
> --Joshua Doll

sorry for sounding agressive. That was not my intent *sigh*

-- 
Conclusions 
 In a straight-up fight, the Empire squashes the Federation like a bug. Even 
with its numerical advantage removed, the Empire would still squash the 
Federation like a bug. Accept it. -Michael Wong 
-- 
[EMAIL PROTECTED] mailing list

[gentoo-user] kernel configuration problems

[Jeff Cranmer]

I am presently having problems compiling suspend2 kernel 2.6.22.
It compiles with genkernel, but if I try to use make and customise a special 
kernel, it will not find my hard drive.  The error message reports that the 
ide-cdrom on hda is the only drive present.

The computer is a Toshiba L45-7409 laptop.
Can anyone offer me any guidance as to which kernel options to engage, whether 
to use modules or compiled-in, etc.

Thanks

Jeff
-- 
[EMAIL PROTECTED] mailing list

[gentoo-user] Re: gaming kernel

[James]

Hemmann, Volker Armin  tu-clausthal.de> writes:


> I have the best results with 300Hz. With 1000Hz the kernel wastes to much 
> time 
> context switching. Compiling is slower, gaming FPS lower ...


OK, I have read all that was posted and I'm experimenting with new kernels.


Thanks for all of the input from everyone. I'll post something in a few days,
If I'm unable to build a successful kernel for bzflag.


thx,


James




-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Kernel 2.6.23 and bcm4311 802.11b/g?

[Stroller]

On 13 Dec 2007, at 20:53, Marzan, Richard non Unisys wrote:


I'm trying to get my Broadcom 4311 b/g card to work with the native  
kernel driver (bcm43xx) and b43-fwcutter but it's does not work. I  
placed the extracted firmware code in /lib/firmware and dmesg  
states that it failed to load the module. Has anyone gotten this  
card to work and how? Any link or pointers would be greatly  
appreciated.


From 

  When starting a new thread don't just reply to a message sent by
  someone else and clear the subject line. Not all e-mail and news
  clients behave like yours and will thread messages correctly based
  on the "Message-ID:", "In-Reply-To:" and "References:" headers
  embedded in the messages. Only programs which don't comply with
  Internet standards sort messages by subject and call that  
"threading".

  When you simply change the subject of a message, all of the threading
  information remains intact and your new "thread" simply continues
  at the end of the old one. This is called thread hijacking.

  By doing this, you're shooting yourself in the foot twice over.
  First of all, people following a thread don't want to see unrelated
  messages cropping up in the middle of it. The most complacent will
  just delete your message without reading it, others will killfile
  you, some having complained to you asking you to learn how to post.
  Secondly, those who aren't interested in the hijacked thread and
  who have set their programs to ignore it won't even see your message.

  If you want to start a new thread then use your mailer's/newsreader's
  "New Message" function. This will start a fresh thread of your own
  without any traces of previous threads.

And:

   Do not post in HTML. There are several reasons why posting in HTML
   is a bad idea. These links should help convince you why:
   http://www.georgedillon.com/web/html_email_is_evil_still.shtml
   http://www.birdhouse.org/etc/evilmail.html
   http://asciiribbon.org/

Sorry I'm unable to help with your problem.

Stroller.
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] kernel configuration problems

[Daniel Barkalow]

On Thu, 13 Dec 2007, Jeff Cranmer wrote:

> I am presently having problems compiling suspend2 kernel 2.6.22.
> It compiles with genkernel, but if I try to use make and customise a special 
> kernel, it will not find my hard drive.  The error message reports that the 
> ide-cdrom on hda is the only drive present.
> 
> The computer is a Toshiba L45-7409 laptop.
> Can anyone offer me any guidance as to which kernel options to engage, 
> whether 
> to use modules or compiled-in, etc.

You might try boting with the genkernel kernel and looking at 
/proc/config.gz; I don't know if genkernel sets the option to create it, 
but, if it does, that's the configuration for the running kernel. Then you 
can import it into the source tree ("cd usr/src/linux; zcat 
/proc/config.gz > .config; make oldconfig"), and then customize further 
from a working configuration.

-Daniel
*This .sig left intentionally blank*
-- 
[EMAIL PROTECTED] mailing list

[gentoo-user] Re: DMZ on an vmware gentoo guest running on winXP host

[reader]

Mick <[EMAIL PROTECTED]> writes:

>> Would I likely be opening my lan up for some christmas shopping by
>> having a gentoo guest on a WinXP host running as a DMZ machine?
>> It would be pretty barebones with a IPTABLE setup for logging and
>> tagging or whatever I get interested in doing with the traffic.
>>
>> No X server or other frills.
>
> A rather simpler solution to do this would be to get hold of hub, connect it 
> to the firewall and watch everything that passes through it.

I do have an older hub, but not sure what you mean here.  The hub has
no network address and  of course is not switched so anything going
thru it can be filtered with tcpdump.  But the router is switched.
Not sure how a hub would see the outfacing address.  I'd be able to
see all the lan machines that were going thru it, but how about the
traffic that the firewall is rejecting?  Thats what I'm after. 

Can you elaborate a little?

Maybe you mean something different by `hub'.

-- 
[EMAIL PROTECTED] mailing list