Re: [gentoo-user] blocking facebook
Am Freitag, 11. Dezember 2015, 20:03:14 schrieb the...@sys-concept.com: > Does anybody have an idea how to block facebook? > > I'm using dd-wrt. The "access restriction" can block http but not https > and I'm not good in iptables :-/ > In addition users are using VirtualBox on the network as well. You need to inspect the traffic on layer 7. The best way to acchieve this to add the deep packet inspection library to netfilter. Then you can filter specific websites. Or you use a proxy and filter the site. Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] blocking facebook
On 12/12/2015 05:03, the...@sys-concept.com wrote: > Does anybody have an idea how to block facebook? > > I'm using dd-wrt. The "access restriction" can block http but not https > and I'm not good in iptables :-/ > In addition users are using VirtualBox on the network as well. > When you eventually get this in place, what are you going to do when the marketing people want to update the company's own Facebook page? Blocking facebook (or any other social site) is an exercise in futility. You will never get it right without expending vast effort and as many others have said people will always find ways around it. Including using their personal phones while sitting at their desk. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] blocking facebook
On Sat, 12 Dec 2015 01:29:20 -0500 waltd...@waltdnes.org wrote: > On Fri, Dec 11, 2015 at 08:03:14PM -0700, the...@sys-concept.com wrote > > Does anybody have an idea how to block facebook? > > > > I'm using dd-wrt. The "access restriction" can block http but not https > > and I'm not good in iptables :-/ > > In addition users are using VirtualBox on the network as well. > > An excerpt from my /var/lib/iptables/rules-save ruleset... > > [0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK > [154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK > [0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK > [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK > [0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK > [0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK > [0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK > [0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK > > [0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK > [3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK > [56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK > [0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK > [874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK > [0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK > [0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK > [3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK > [0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK > > [3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level > 6 > [3767715:226105098] -A FECESBOOK -j DROP +1. Just block their CIDR ranges. No need to do DPI like was suggested here. Of course smart users can use proxies or tunneling, so this is not 100% solution, but for the majority it will work. Just a tip here: use ipset hash:net for all this ranges and just a few iptables rules to check src and dst in FORWARD and/or INPUT/OUTPUT depending on whether host is router or target system, e.g. for dd-wrt will be sufficient: iptables -A FORWARD -m set --match-set facebook src -j DROP iptables -A FORWARD -m set --match-set facebook dst -j DROP A set can be created like this: ipset create facebook hash:net ipset add facebook 31.13.24.0/21 ... Of course logging may be enabled as above if desired. This way filtering will be much faster and blocklist may be updated without touching iptables rules. Gentoo init script support ipset rules save/load as well as iptables. Do not forget about ipv6 if it is enabled on your network. Best regards, Andrew Savchenko pgp4gZGYmgNxX.pgp Description: PGP signature
[gentoo-user] Why does portage want to downgrade Grub?
emerge -auDN @world ... [ebuild UD ] sys-boot/grub-2.00_p5107-r2 [2.02_beta2-r7] USE="-custom-cflags%" GRUB_PLATFORMS="-yeeloong%" I currently have 2.02_beta2-r7 installed. It's not masked or anything. But portage wants to downgrade to 2.00_p5107-r2. I don't have any clue why that is.
Re: [gentoo-user] Why does portage want to downgrade Grub?
On Sat, Dec 12, 2015 at 10:39 AM, Nikos Chantziaras wrote: > emerge -auDN @world > ... > [ebuild UD ] sys-boot/grub-2.00_p5107-r2 [2.02_beta2-r7] > USE="-custom-cflags%" GRUB_PLATFORMS="-yeeloong%" > > > I currently have 2.02_beta2-r7 installed. It's not masked or anything. But > portage wants to downgrade to 2.00_p5107-r2. > > I don't have any clue why that is. Possibly a bad Manifest entry. rsync has been pretty broken this week.
[gentoo-user] Re: Why does portage want to downgrade Grub?
On 12/12/15 18:02, Mike Gilbert wrote: On Sat, Dec 12, 2015 at 10:39 AM, Nikos Chantziaras wrote: emerge -auDN @world ... [ebuild UD ] sys-boot/grub-2.00_p5107-r2 [2.02_beta2-r7] USE="-custom-cflags%" GRUB_PLATFORMS="-yeeloong%" I currently have 2.02_beta2-r7 installed. It's not masked or anything. But portage wants to downgrade to 2.00_p5107-r2. I don't have any clue why that is. Possibly a bad Manifest entry. rsync has been pretty broken this week. Hm, indeed. grub-0.97-r16.ebuild was missing from the manifest, but it's weird that this would affect 2.02_beta2-r7. It shouldn't, right?
[gentoo-user] Midi problems...Oxygene 61 keyboard and neighbours]
Hi, I have a problem with my midi setup, which mainly consists of the following parts: jackd zynaddsubfx with a "jack aware" midi in and out QJackCtrl Qxygene 61 midi keyboard (every software s up to date) Normally I do as follows: Switch on the Oxygene 61 keyboard start QJackCtrl start Zynaddsubfx After opening the 'Connect'-dialog of QJackCtrl Zynaddsubfx shows up under the 'Audio'-tab (for audio output) and under the 'Midi'-Tab for its midi channel in- and outputs. However, the keyboard is missing under the 'Midi'- tab in 98% of all cases. The keyboard can be found under the 'Alsa'-Tab', from which I have to connect it to 'midi_through', go to the 'Midi'-tab and connect the 'midi_through' there with zynaddsubfx. I would like to find the keyboard under the 'Midi"- tab also, since it is the purest midi device I have. :) ...and it would frees the midi_through. I played around with a2j, but it give me no changes. Since I am newbie in this field ... I need the help of an expert ;) Thank you very much in advance for any help! Best regards, Meino
Re: [gentoo-user] dovecot imap-login
> On Sat, 12 December 2015, at 3:08 a.m., jens wefer > wrote: > > I set up a mail server, postfix/dovecot, ssl required. > test with mail-client, all ok > when I try to copy mails with imapsync (gentoo) comes timeout, > and imapsync will login again. > with each new login, a new process imap-login is generated. Sorry if this is a dumb question, but how do you know it's timing out? Could it just be slow, as it has to compile loads of messages in its first run? Looks like dovecot has a 30 minute timeout. [1] An old message on the Dovecot mailing list [2] suggests to set "verbose_proctitle = yes" in config to see why each process is open. It also suggests using high-performance mode, rather that the default. Stroller. [1] http://www.dovecot.org/list/dovecot/2010-October/053422.html [2] http://www.dovecot.org/list/dovecot/2013-August/092226.html
Re: [gentoo-user] Unknown problem causing incorrect mounting and daemons not starting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > It seems to me the root of your problems is fsck failing because (it > thinks) the partitions are already mounted. > > Is your mtab a symlink to /proc/mounts as it "should" be? Just checked, and mtab is not a symlink. It is a plain text file. Just tried takinga backup of mtab and symlinking /proc/mounts onto /etc/mtab yields no different results when trying `/etc/init.d/dbus start`. Is this something I fix somewhere else or maybe I just need to reboot the system after symlinking. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWbIDrAAoJEMUjE08Xv1s5xiMH/RHhiWklaZiMes7h5PSVLP7M JLJJ14jpqytxPfDujZfUznT+Yed/QxvwNSG2lK7YidxKxrTwB/F8cslFKHulDMc/ Sp4knftRAdHu9f21lkt+LWgfryu6ZxOu4lzCjGev/47yFU7nOb/5BWfBVinGm8vo lZVweuEQJOmqs1k7cl5EpYMbKzx6YYuQpkGddV5VK9Gq99r6zSCThpc/XkS49gLF DTblOWBXcJcmw3vWwsYHwdGz2eIAdCN5LJ0brRCwocWneZUXRouDuITBhGCtWL1W gnSp6W/WWY9khINvZmiJUxxP0Oe+YQ+88MBLly2f4ptn4NUVJFA+gRm6XOlw/50= =Wsr+ -END PGP SIGNATURE-
Re: [gentoo-user] Unknown problem causing incorrect mounting and daemons not starting
I wouldn't expect the symlink to fix anything without a reboot (since the main problem is at startup time). I'm not sure if the dbus issue is separate or not - if it is the same it seems odd that it won't start even after getting everything mounted by hand, anyway. -John Sent from my phone Thomas Sigurdsen wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 > >> It seems to me the root of your problems is fsck failing because (it >> thinks) the partitions are already mounted. >> >> Is your mtab a symlink to /proc/mounts as it "should" be? > >Just checked, and mtab is not a symlink. It is a plain text file. > >Just tried takinga backup of mtab and symlinking /proc/mounts onto >/etc/mtab yields no different results when trying `/etc/init.d/dbus >start`. Is this something I fix somewhere else or maybe I just need to >reboot the system after symlinking. > >-BEGIN PGP SIGNATURE- >Version: GnuPG v2 > >iQEcBAEBCAAGBQJWbIDrAAoJEMUjE08Xv1s5xiMH/RHhiWklaZiMes7h5PSVLP7M >JLJJ14jpqytxPfDujZfUznT+Yed/QxvwNSG2lK7YidxKxrTwB/F8cslFKHulDMc/ >Sp4knftRAdHu9f21lkt+LWgfryu6ZxOu4lzCjGev/47yFU7nOb/5BWfBVinGm8vo >lZVweuEQJOmqs1k7cl5EpYMbKzx6YYuQpkGddV5VK9Gq99r6zSCThpc/XkS49gLF >DTblOWBXcJcmw3vWwsYHwdGz2eIAdCN5LJ0brRCwocWneZUXRouDuITBhGCtWL1W >gnSp6W/WWY9khINvZmiJUxxP0Oe+YQ+88MBLly2f4ptn4NUVJFA+gRm6XOlw/50= >=Wsr+ >-END PGP SIGNATURE- >
Re: [gentoo-user] dovecot imap-login
Am Sat, 12 Dec 2015 17:53:04 + schrieb Stroller : > > > On Sat, 12 December 2015, at 3:08 a.m., jens wefer > > wrote: > > > > I set up a mail server, postfix/dovecot, ssl required. > > test with mail-client, all ok > > when I try to copy mails with imapsync (gentoo) comes timeout, > > and imapsync will login again. > > with each new login, a new process imap-login is generated. > > Sorry if this is a dumb question, but how do you know it's timing out? > > Could it just be slow, as it has to compile loads of messages in its > first run? > > Looks like dovecot has a 30 minute timeout. [1] > > An old message on the Dovecot mailing list [2] suggests to set > "verbose_proctitle = yes" in config to see why each process is open. > > It also suggests using high-performance mode, rather that the > default. > > Stroller. timeout comes from imapsync (default timeout 120 sec). after 10 minutes then running 5 Dovecot processes which want 100% CPU time. mail logfile: imap-login: Login: user = blablub, TLS ession, ..
Re: [gentoo-user] Re: Why does portage want to downgrade Grub?
On 12 December 2015 16:19:52 GMT+00:00, Nikos Chantziaras wrote: > On 12/12/15 18:02, Mike Gilbert wrote: > > On Sat, Dec 12, 2015 at 10:39 AM, Nikos Chantziaras > wrote: > >>emerge -auDN @world > >>... > >>[ebuild UD ] sys-boot/grub-2.00_p5107-r2 [2.02_beta2-r7] > >> USE="-custom-cflags%" GRUB_PLATFORMS="-yeeloong%" > >> > >> > >> I currently have 2.02_beta2-r7 installed. It's not masked or > anything. But > >> portage wants to downgrade to 2.00_p5107-r2. > >> > >> I don't have any clue why that is. > > > > Possibly a bad Manifest entry. rsync has been pretty broken this > week. > > Hm, indeed. grub-0.97-r16.ebuild was missing from the manifest, but > it's > weird that this would affect 2.02_beta2-r7. It shouldn't, right? If the manifest fails, all ebuilds in that directory are considered suspect. Is the version portage wants to downgrade to in an overlay? -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: [gentoo-user] Midi problems...Oxygene 61 keyboard and neighbours]
Hi Meino, I have a2jmidid start automaticaly in qjackctl. It's been a while since my midi played up, but I remember having issues like yours. Meino wrote: >I played around with a2j, but it give me no changes. What did you try? In Qjackctl Setup>Options tab I have "Execute script after startup" enable, and the line: /usr/bin/a2jmidid -e & .. and "Execute script on Shutdow" enabled, and the line: killall -s TERM a2jmidid cinder - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
[gentoo-user] Re: Why does portage want to downgrade Grub?
On 13/12/15 00:56, Neil Bothwick wrote: Hm, indeed. grub-0.97-r16.ebuild was missing from the manifest, but it's weird that this would affect 2.02_beta2-r7. It shouldn't, right? If the manifest fails, all ebuilds in that directory are considered suspect. Is the version portage wants to downgrade to in an overlay? Nope. Portage-tree only.
[gentoo-user] CPU frequency scaling Macbook Pro
Hello:) Since upgrading my kernel from 3.10.6-rt3 to 4.1.4-rt5 I can no longer scale my cpu frequency. I can't see any new or removed options in menuconfig regarding cpu frequncy scaling, but I don't have /sys/devices/system/cpu/cpuX/cpufreq/ directories any more. # dmesg |grep cpu: [0.00] Initializing cgroup subsys cpuset [0.00] Initializing cgroup subsys cpu [0.00] Initializing cgroup subsys cpuacct [0.00] setup_percpu: NR_CPUS:2 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1 [0.00] PERCPU: Embedded 33 pages/cpu @88013fc0 s94272 r8192 d32704 u1048576 [0.00] pcpu-alloc: s94272 r8192 d32704 u1048576 alloc=1*2097152 [0.00] pcpu-alloc: [0] 0 1 [0.087003] cpuidle: using governor ladder [0.096005] cpuidle: using governor menu [0.251100] HPET: 4 timers in total, 0 timers will be used for per-cpu timer [0.748213] ACPI: acpi_idle registered with cpuidl # lscpu |grep name: Model name:Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz # lspci |grep Host: 00:00.0 Host bridge: NVIDIA Corporation MCP89 HOST Bridge (rev a1) Any insight would be greatly appreciated. Thank you. cinder - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Re: [gentoo-user] Midi problems...Oxygene 61 keyboard and neighbours]
cinder [15-12-13 04:28]: > Hi Meino, I have a2jmidid start automaticaly in qjackctl. It's been a > while since my midi played up, but I remember having issues like yours. > > Meino wrote: > >I played around with a2j, but it give me no changes. > > What did you try? > > In Qjackctl Setup>Options tab I have "Execute script after startup" > enable, and the line: > > /usr/bin/a2jmidid -e & > > .. and "Execute script on Shutdow" enabled, and the line: > > killall -s TERM a2jmidid > > cinder > > - > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options! > Hi cinder, thanks for your reply ! :) I did, what you have suggested. Now my Oxygene 61 shows up under tab 'Midi' of QJackctrl hidden in entry an entry called "alsa_midi", which I have to unfold (doesn't matter, whether this one is "hidden"... I only describe this that detailed to make it comparable to what you have ...). Seq24 is still missing at all (and I forgot to mention this sequencer in my previous post...) Or is this seq24 handle all this Mysterious this world of midi is, confusing they are... Best regards, Meino
Re: [gentoo-user] Midi problems...Oxygene 61 keyboard and neighbours]
cinder [15-12-13 04:28]: > Hi Meino, I have a2jmidid start automaticaly in qjackctl. It's been a > while since my midi played up, but I remember having issues like yours. > > Meino wrote: > >I played around with a2j, but it give me no changes. > > What did you try? > > In Qjackctl Setup>Options tab I have "Execute script after startup" > enable, and the line: > > /usr/bin/a2jmidid -e & > > .. and "Execute script on Shutdow" enabled, and the line: > > killall -s TERM a2jmidid > > cinder > > - > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options! > ...and the setup does not work... :( Despite the fact, that the Oxygene 61 is connected under the Midi-tab (alsa_midi) to Zynaddsubfx and the channels are correctly set...Zyn does not react. Best regards, Meino
Re: [gentoo-user] Midi problems...Oxygene 61 keyboard and neighbours]
Seq24 is a cranky beast. I can only use it with the options "Jack Transport", "Transport Master, and "Master Conditional" enabled in "Jack Sync" tab of seq24 options. You need your patterns activated and routed to the right seq24 bus AND channel. I have everything in "Midi Clock" tab set to "On(Pos)". I have an expandable seq24 entry in my Qjackctl Alsa midi tab and a expandable a2j entry in jack midi tab containing the same seq24 bus's. Seq24 seems to only operately in any way reliably when it's the boss in regard to jack transport. Good luck:) cinder - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Re: [gentoo-user] Midi problems...Oxygene 61 keyboard and neighbours]
cinder [15-12-13 05:48]: > Seq24 is a cranky beast. I can only use it with the options "Jack > Transport", "Transport Master, and "Master Conditional" enabled in "Jack > Sync" tab of seq24 options. You need your patterns activated and routed > to the right seq24 bus AND channel. I have everything in "Midi Clock" > tab set to "On(Pos)". I have an expandable seq24 entry in my Qjackctl > Alsa midi tab and a expandable a2j entry in jack midi tab containing the > same seq24 bus's. Seq24 seems to only operately in any way reliably when > it's the boss in regard to jack transport. > > Good luck:) > > cinder > > - > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options! > Hi cinder, Thanks a lot - will try that ! Best regards, Meino
