Re: Games on Linux
Hi, I don't know any serious games producer who considers Java anything but a comedy item. Oh RLY? I expected that sort of prejudiced comment... that´s why I had the following link up my sleeve... We were talking mobile... For desk accessories like angry birds maybe - but its too slow for things like physics engines in "real" games. Nowadays most talk about "java too slow" is just prejudice and/or obsolete information, from the platform early days. There are a few benchmarks that shows java fast enough (and actually faster than similar C apps) and there are also a few java game engines for FPS in the market. I'll leave for the readers to google them. :-) During the old days of JavaME (pré-smartphones) there were a lot of interactive action games written in Java. Of course this doesn't compare to PC, Playstation and X-Box games. Most Android games, including someones pretty heavy on phisics, are written in Java, but I guess this doesn't count as they use Android APIs (not portable) and the non-standard Android VM (can't remember the name), not the standard JVM. The biggest problem for Java in action games are GC pauses. But it looks like they found a way around that. And of course the fact that most Windows games need/use DirectX which isn't availabe on the JVM. But it looks they got nice results using OpenGPL-like APIs and hadware acceleration in more recent JVMs. Java could be a really nice platform for games, but Sun/Oracle/etc focused on the "EE" edition, the SE/ME editions didn't evolved quick enough to make a real impact on the games and desktop market. :-( []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Multiple default routes, same subnet
Hi, I have two internet links, from different ISPs for my office network, each one with it's own router (which is a linux PC) so I don't loose internet connectivity easily. One ISP has a much higher bandwitch, so usually all my computers use it as the default gateway. The other one is intended as a contingency link. Today I have to manually change the default gateway on all computers when the main link goes down. I want an automated way to do this. All how-to's I could find on google were such as: http://www.generationip.com/documentation/network-documentation/93-howto-setup-multiple-default-gateway-on-linux Where they use iproute2 so a single router/computer can switch between two internet links. While I can undersand this scenario, the single computer becomes a single point of failure. I don't want to setup a "cluster" using heartbeat, cluster suite and similars just to provide a router failover. It looks overkill. Other problem, all iproute2 samples I find thave those two gateways on different subnets and use the source address to route properly and avoid problems like "onion routing". I'd like to have two routers/computers on the same subnet, each one connected to it's own internet link, and have the network computers switch from the main one to the contingency one when needed. So a computer would have two default gateways on the same subnet. I can't find how to change the iproute2 samples setup so the gateways can be on the same subnet and everything works. I allways end up having all traffic going though one link and when it fails I loose internet connectivity. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Multiple default routes, same subnet
Hi other Fernando, I have two internet links, from different ISPs for my office network, each one with it's own router (which is a linux PC) so I don't loose internet connectivity easily. One ISP has a much higher bandwitch, so usually all my computers use it as the default gateway. The other one is intended as a contingency link. Another point of view for your problem. As one router/link is master and the other is backup and both are linux PC, you can configure VRRP in the LAN side of both of them using as virtual IP the IP configured as default gateway in all your computers. You can have in the master router a script that monitors the internet link and change the priority of the VRRP config according with the status of the internet link. I though of that and found a few howtos on google, but I also found those scripts a but unreliable and taking too long to switch from the primary link to the contingency one. It looks to me a reliable setup would be a real failover cluster, using LVS or pacemaker, something I'd like to avoid. I'm having trouble finding info about VRRP, and iproute2 (policy routing) is proving to be a complex subject. Are they related, or can I use VRRP without iproute2? My routers are not running Fedora. They run IPcop, a very nice trimmed-down Linux distro. I hoped Linux computers would be able to detect a broken default gateway and use another one with a higher metric, bust this just dosen't work, no matter how many pages on the net say it should. :-( []s, Fernando Lozano []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
How to make a block-level incremental backup using LVM?
Hi there, After evaluating a lot of backup solutions my employee, a small company, all of them very too expensive, I was wondering about the effort to emulate the workings of a "modern" backup solution using free software tools under Fedora Linux, CentOS and RHEL. We already have a few TB on file shares (Samba) and mailboxes (Zimba) and just moving those bits around for our weekly full backup is proving to be too slow for our Gb network and impossible for the hosted machines we use as contingency and off-site backup . Beisdes, incremental backups are taking a too long time just scanning the file systems searching for changed files. It looks Commvault, EMC, Symantec, etc are focusing block-level backups: copy used disk blocks for full backups and changed disk blocks for incremental ones. It looks they can get this information from many storage appliances, hypervisors and server OSes, but most focus on Windows Server, Exchange, Oracle, Sharepoint and big bucks storage appliances. Some of then talk about "continuous, forever incremental". We even have a few Windows servers, a small Oracle Standard database, and are evaluating am entry level storage, but for now one the big problem are our Linux file and mail servers and all proposals from vendors loooks like overfeatured and overpriced. We already evaluated Amanda and Bacula. Setup looks too complicated, managing and monitoring looks low-level (the boss wants some dashboard like we already have from Zabbix). But worse, it looks like they will have the same problems as our current backup scripts based on tar, gzip, scp and rsync. Sory for the long story, the question: could I implement block-level backups using dump, dd, and some LVM or ext utility? Maybe using inotify? Why no open source backup tool seems to be doing this? Would any option allow me to restore an individual file? (I guess we can live with restoring entire file systems, it's just a matter of segregating a few file trees instead of having everything on the same logical volume.) And maybe there is some open source solution or help to implement file archiving (moving old/unused files to a different volume so I can't forget about then on the daily backup). []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to make a block-level incremental backup using LVM?
Hi Alan, backups using dump, dd, and some LVM or ext utility? Maybe using inotify? Why no open source backup tool seems to be doing this? Because it turns out to be a dumb way of trying to do it. It's also near impossible to get a consistent image. Plus it's becoming clear that "block device" as a concept is on the way out. Current SSDs provide one for compatibility. I understand this -- my current backup scripts use Oracle plsql statements so I can get a consitent image of database data files. It's a pain in the ass to manage all redo log files generated during the backup, and which are needed for proper restore. But most comercial, high-end solutions seem to be going that way. Their approach may be best described as "logging" as you called, but anyway doing filesystem tree walks for every incremental backup is proving to be too expensive, and that's why I'm looking for an alternative to rsync. Would any option allow me to restore an individual file? (I guess we can live with restoring entire file systems, it's just a matter of segregating a few file trees instead of having everything on the same logical volume.) A block dump doesn't even guarantee you can restore the volume unless its an atomic snapshot of everything involved, including journals if they are on another device. Commercial tools promise this ability. How do they get the block-to-file mapping to do the restore? I was looking for a way to do that so I could do the same using LVM snapshots. But LVM snapshots are a "whole" disk. If I try to backup them using dd or rsync, they are the same as a full backup. How to backup just the snapshot changed blocks and later restore them (of course after restoring the full volume, or to a mirror)? A block dump may also be useless if you get fs corruption as your copy will have the same corruption if it's not caught early and is gradually spreading through the fs. Most times this is the same as a file-level backup: it's useless to restore corrupted files. I have to go back to the last non-corrupted file copy using an older backup. I really don't like a rsync-based backup because there's no way I can check the backup files like I can using a tar backup. I try to have both a tarball somewhere and a rsync "mirror" elsewhere. The problem is that both are taking too long to complete and even longer to restore. I have the same complaints about drdb: the only reliable way to check if the copy is fine is comparing with the source. There has to be a better way to restore a few TB of backup consisting of lots of small files. :-( Thanks for the tip about ceph. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to make a block-level incremental backup using LVM?
Hi, I've not dealt directly with the high end appliance stuff but the "cheap" (relatively speaking) software commercial backup on Linux I've touched has been uniformly dismal and not something I'd trust with my data. At least you had the change to deal with some "cheap" commercial solution. I can only get quotes from the high-end ones. Cannot move to a POC, only read product documentation and then stop the proccess because it's too expensive. :-( So I should stop being lasy and start learning and configuring Amanda or Bacula if I want something more manageable than my homemade scripts? ;-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to make a block-level incremental backup using LVM?
Hi Alan, Commercial tools promise this ability. How do they get the block-to-file mapping to do the restore? I was looking for a way to do that so I could do the same using LVM snapshots. you cannot go block to file. To start with when restoring the block may already have been reused for another file. I suppose they use something like inotify (or their own virtual file system driver over a real file system, like NFS or a loop fs) to learn about changed blocks, but they find to which file each block belongs to and salve this info in their backup catalog. If the changed block is filesystem (or md device, or lvm) metadata, they have to understand this and eithert log the change apropriately or ignore it as it's not file data. I can imagine something like this working and even how to program. And I'm a little scared about some backup tool being monitoring my file accesses all the time. ;-) So I won't find anything similar from open source tools, not even a kernel API to help me if I want to implement myself? You can go file to block list, but thats only for some file systems and not really reliable except for an unmounted snapshot. As far as the goal is to capture the data, I can't see why it couldn't be made in a realiable way. I'm not saying it would be trivial. But all file changes have to go though the kernel, even if they are kept in memory before going to the disk, so it should be possible for a daemon to be notified about all changes and get the data. It's just a matter of having a kernel API. I suppose inotify would be it. But LVM snapshots are a "whole" disk. If I try to backup them using dd or rsync, they are the same as a full backup. How to backup just the snapshot changed blocks and later restore them (of course after restoring the full volume, or to a mirror)? What the snapshot gives you is an atomic copy of the file system so you can do a full file system copy, or backup the snapshot without the stuff underneath changing. It's basically a way to get an unmounted, out of use copy cheaply that you can then use for stuff. No questions about this. I want to move further. Doing a dump or a rsync from a snapshot of a multiple TB filesystem is the same as doing to the original volume. I want to devise a way to do this in a faster way without sacrificing realiability. Correct - the only way to check any copy is valid is by comparing the original to the copy. That in fact (plus clever magic) is how rsync works, so in effect the way to check if an rsync copy is valid is to try and rsync it again. Doing a set of sha or md5sums on the two sides and comparing the output now and then ought to provide a further check. More time spent in what's already too slow. There could be a rsync or drdb tool that calculates, stores and sends hashes on-the-fly, so the remote copy could be checked per se. There has to be a better way to restore a few TB of backup consisting of lots of small files. :-( Is the issue backing up or restoring ? The main issue is backing up every day, even many times a day. But for me there's no value in a speedy backup which I cannot restore reliably, not just from the computer standpoint. Someone (people) has to find which backup sets are needed to do the restore. They need to be able to check these backup sets before or during the restore. If it is backing up then it may be possible to work out which blocks are different between two snapshots and transfer just those. How? Anyone on the list can provide hints? I don't know the innards of the LVM layer well enough to know if there is a clever way to do that. I'm also not sure it would help if the blocks are scattered about as it would still be a lot of seeking. That "clever way" seems to be what commercial tools promise, but they don't tell me what they use: which kernel API, their own driver, or if they work only this or that network storage... :-( I don't trust anything I can't understand how it works. All "magical" solutions I found previoulsy proved to be no solution at all. I'm seeing the file three walk is taking too long, just to find that most files weren't changed, even relying on last modification time, that if I could get a list of blocks to back up it should be faster (less disk seeks). It shouldn't be too hard to implement a deamon using inotify and some queueing strategy to deal with changed file blocks, add metadara, then compress and send elsewhere. On the same machine, if I read the changed block I should get it's correct data, even if they weren't synced yet. But I can't find anoyne who did as open source, so maybe threre's some problem I could not see yet. And I'd take too long to implement and debug myself alone. Any developers out there seeking for alfa testers for their new, revolutionary,
Re: How to make a block-level incremental backup using LVM?
Hi, So I should stop being lasy and start learning and configuring Amanda or Bacula if I want something more manageable than my homemade scripts? ;-) Or turn your scripts into a product 8) Unfortunately a bunch of shell scripts and crontabs won't make a product. :-( Remember the old days we Unix sysadmins did everything and had no need of management dashboards? Long gone... we can't even keep up with the alert mails from all the tools on a small busness data center. When was the last time you really checked your IDS logs? ;-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: LibreOffice version 4
Hi there, > LibreOffice v4 has been released > > http://blog.documentfoundation.org/2013/02/07/the-document-foundation-announces-libreoffice-4-0/ > > Is this a big deal? It would be nice to have a more graceful UI. > i think with "is it a big deal" was meant "would we get this in > F18/F19 or have we to wait months" > > I was hopping to get it on the next "yum update". ;-) But serious, is there a politic / decision by the Fedora Borard about when'll we get LibreOffice 4? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: importance of upgradeability
Hi, >>>> In my case, I found Fedora very expensive to upgrade. >>> That I can understand --- upgrading twice a year, especially when >>> it's questionable if the upgrade works --- can be painful, all the more >>> when you have many machines to upgrade. It gave me a lot to worry about >>> even with only one. If it helps, I upgraded a number of systems from F17 straight to F18 without a problem (except for a little packaging bug in openjdk). Some of those systems included packages from external repos like rpmforge. So you could upgrade once a year instead of twice. Upgrades from the network take a long time. It would help if we could point to a local DVD install media and use the updates repo at the same time, so fedup don't take so long downloading packages. Better yet, it could be possible to make a local mirror of the updates repo (rsync?) and point fedup to it. This local mirror could act as a "cache", with fedup checking if their packages are the latest and downloading from the net if not. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: ZoneMinder and ffmpeg
Hi Tim, > On Mon, 2013-07-15 at 13:33 -0300, Fernando Lozano wrote: >> Because the zoneminder package for Fedora will store only JPEG files, >> it uses up too much disk space and I can store only a a couple days. > CRON job to compile a daily movie out of the JPEGs, then delete them > afterwards? (Or delete them the day after, allowing you to keep shots > you may need to keep.) > I though about that, but could not manage to find how to do that yet. If you kbnow how (or can point me to a reference) i'd be thankful. Of course I looked up on zone minder web site and google, but foud nothing. That's not so trivial. Besides having to find the correct options for ffmpeg (or menconde, or whatever) to turn the jpeg frames into an animation, I'd have to purge those images and their corresponding events from zoneminder database. And although having the images and recordings sent to the web browser as individual jpeg files, it becomes slow (more like a bad slide show) when network connectivity is not good, as usual from 3G networks. It wold be very nice having the ability to stream live video and recorded video from Fedora ZoneMinder. Anyway ZoneMinder without video streaming / encoding support is already much better than the proprietary software provided as part of my video capture card. :-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: importance of upgradeability
Hi, It seems to work fine now, and I like to have recent NVIDIA drivers. I don't mind upgrading twice a year when it works, and it might have the advantage that per each upgrade, not as many changes are introduced as when upgrading less frequently. Until Fedora comes with a more radical change (like when it moved from Gnome 2 to Gnome 3) I guess we can be confident fedup will work. Upgrades from the network take a long time. It would help if we could point to a local DVD install media and use the updates repo at the same time, so fedup don't take so long downloading packages. One way or another, you need to download, which takes a while. Then all the packages need to be upgraded, and that also takes a while. While you run fedup to prepare for the upgrade, you can do other things just as if you were downloading a DVD image. Yes, I like the fact fedup only locks the machine after the necessary reboot. My ideas make sense only for repeating the processes on multiple machines. If I could download all packages / and store then in a DVD media or a shared disk beforehand, it would save time for the second machine and so. Like we can do today with the install media, but expanded for Fedora updates and third-party repos. Imagine if fedup worked using yum "keep cache" and then setup a http or nfs share for other machines to reuse all downloaded content. Then other machines wouldn't need to download / install anything to their local HDs before rebooting (except for the new grub, kernel and a few binaries kile yum), they would upgrade directly from the first one. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: importance of upgradeability
Hi, Imagine if fedup worked using yum "keep cache" and then setup a http or nfs share for other machines to reuse all downloaded content. Then other machines wouldn't need to download / install anything to their local HDs before rebooting (except for the new grub, kernel and a few binaries kile yum), they would upgrade directly from the first one. That would work, and work well if, and only if all of the machines had the same software. Your DNS server/s don't need apache, your SMTP servers probably don't need any database packages and the workstations have their own specific needs. What would probably work best is to create a local repo that contains all of the new packages for what one might call the core programs that all of your boxen need so that they only have to go to the Internet for the specialty packages. I wonder if there's a way to make fedup understand that. Imagine a bunch of desktops (or developer workstations) being upgraded using fedup. Their software would be very similar. And my idea is that fedup would download from the net anything missing (or newer) than the lan cache, so different configurations would be supported fine. A local mirrir of fedora repos would take care of more diverse setups, if fedup could use then as a cache. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedora 19 did not install boot record
Hi, I don't know if those are related, but I had one system where fedup did not updated grub... It ended up booting and running F19 ok, but grub menu dsiplaying the old F17 entries. And it boots to the F1 kernel, although I could not find a thing that didn't work so far. Maybe anaconda "forgot" to run grub2-install? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Fedora-users-br] Fedora 18: Nova versão, velhos problemas, velhas soluções não funcionam
Gabriel, Vou Ficar no aguardo Fernando, Tentei instalar o driver por varias vezes e simplesmente não consigo usar simplesmente não sobe mais o X. tbm não sei se e devido a placa grafica hibrida que tenho. Então não levanta o X com o driver proptietário? E com o driver open source funciona? Qual é exatamente o modelo da sua ATI e da Intel que está junto (já que é vídeo híbrido)? Em caso de dúvida, faz um "lspci | grep -i vga" Eu tenho um note sony vaio com placa híbrida e funciona ok []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Fedora-users-br] Fedora 18: Nova versão, velhos problemas, velhas soluções não funcionam
Gabriel, > lspci |grep -i vga > 00:02.0 VGA compatible controller: Intel Corporation 2nd Generation > Core Processor Family Integrated Graphics Controller (rev 09) > 01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. > [AMD/ATI] Whistler [Radeon HD 6630M/6650M/6750M/7670M/7690M] (rev ff) Parece ser igual à minha, vou conferir. > sobre o driver open source ele tem um problema chato que ele ativa as > duas placas detonando a bateria e aumentando muito a temperatura do > notebook. Acho que ocorre o mesmo com o meu, mas nunca me incomodou. Eu reparei que o aquecimento diminuiu com o F19, mas não conferi se agora ele liga e desliga as placas conforme a demanda. > A solução que encontrei foi criar um script na inicialização do > sistema usando o vgaswitchero e desativando a placa ati deixando > apenas a intel funcionando com o driver open source. Porque não fazer o contrário (para os jogos)? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedup upgrade from F17
Hi, Either upgrade release by release or do fresh install from f17 to f18. Although it might be possible do upgrade from f17 to f19, I don't recommend it because too much have changed between f17 and f19. I've done this twice. My laptop went perfectly. My desktop hung at about 60%, requiring me to use the reset button and clean up from a CLI. Just remember that you're more likely to hear from people who's upgrades don't go well than from those who's do. For me fedup from 17 to 19 worked fine for hal a dozen machines, with different CPUs, graphics cards and third-party apps. :-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Something compatible to MS Office on Fedora?
Hi, The solution: they forwarded the file to me -- the only one using OpenOffice, by the way under Fedora --- and I could read the file without garbage, or with little garbage and little formatting disruption. I fixed a few lines (if needed) and saved the file again as doc or docx so the rest of the team could continue. :-) Well, sure. That works, as long as you're willing to do everybody else's dirty work. Did you even try to get your friends to convert to OO, or did you just suck it up and let them take advantage of your good nature? In case you didn't noticed: this was an example of how sometines LibreOffice is more compatible with MS Word files than Word itself. :-) Of course I tried to convince them to switch. Some of them had company-owned notebooks and were'nt allowed to install software. Others simply didn't care. Hey, if "works better" resulted in "more people using" there would't be so many MS Windows users ou there. ;-) I can advocate free software and I do, but I can't force anyone to change, but I have to live with them to earn my money. On the other side, I already provided training for some companies which did the full switch: only open office (before there was libre office). []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Something compatible to MS Office on Fedora?
Hi, That is usually solved in all versions prior to office 2007 by installing the office 2007 compatibility pack. I even tried it in office 2000 and it read docx perfectly, but who knows... A few years ago I worked as editor-at-large for a computer magazine. Authors, editors and revisors worked from different locations, sharing files by e-mail. It was not unusual the same content going through changes by six or more different pepole. From time to time, word doc and docx files become garbled, after a few interations were different people changed the text using different ms office versions. Nobody could continue to work without signifficant effort retyíng and reformatting content from previous interactions. :-( The solution: they forwarded the file to me -- the only one using OpenOffice, by the way under Fedora --- and I could read the file without garbage, or with little garbage and little formatting disruption. I fixed a few lines (if needed) and saved the file again as doc or docx so the rest of the team could continue. :-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
More on virt-viewer for windows
Hi there, As the newer windows binaries kindly provided by teuf won't work because of missing DLLs, I returned to the latest binaries provided by spice-space.org. remove-viewer.exe works fine, after I foud where to put TLS certificates. Not that user-friendly though. :-) virt-viewer and virsh won't connect, although they are using the same certificates as a Linux client. The short-term goal is getting virt-manager to work, butI think it'd be easier to get virsh working first, but the solution would apply to virt-manager as well. Microsoft SystemInternals ProccessMonitor shows the certificates are being found and read (that's how I found where to put then). I assume that's ok. But after that nothing I can use for troubleshooting. Looks like a bug on the windows port networking code. But I finally found how to use libvirt own debugging features. So here's attached a log for the windows machine, which can't connect, and the linux machine, which connects fine to the same kvm host, using the same certificates and the same URL (to the same CentOS 6.3 kvm host). They are using different virsh and libvirt releases, so I added to the logs the output of "virsh -V". Both machines are on the same level-2 network, vlan and IP subnet. I hope this helps someone find the bug and provide me with new binaries to test. :-) If someone helps me getting the missing DLLs for teuf newer binaries, I can generate a log using them. It looks the missing DLLs is another bug per se. Of course, I hope someonte at Red Hat realizes a missing or broken windows ports hurts KVM and RHEL and RHEV market share and put more people on it. :-) PS: Someone offered helping me compiling the windows port. I'll give it a try, no promises, free time is very scarse. :-( []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Spice-devel] More on virt-viewer for windows
Hi, Still hoping someone takes my test results and fix the windows port. ;-) I configured my host to accept remote tcp libvirtd connections, once with sasl security and the seccond time without any security. Both setups were validated by a linux client, who could connect using virsh and virt-manager without problem. Bu then the windows port fails with the same error message it displayed when using TLS certificates: C:\Program Files\VirtViewer\bin>virsh -c qemu+tcp://kvmhost/system error: Unable to set close-on-exec flag: Success error: failed to connect to the hypervisor It looks there is a basic network client code error on the windows port, as using different authentication schemes do not make a difference. :-( If someone wants, I can generate libvirt debug logs and Proccess Monitor logs for those cases, but I guess they'd show more or less the same things as the TLS test I already sent. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [virt-tools-list] [Spice-devel] More on virt-viewer for windows
Hi Eric, Hi, Still hoping someone takes my test results and fix the windows port. ;-) I configured my host to accept remote tcp libvirtd connections, once with sasl security and the seccond time without any security. Both setups were validated by a linux client, who could connect using virsh and virt-manager without problem. Bu then the windows port fails with the same error message it displayed when using TLS certificates: C:\Program Files\VirtViewer\bin>virsh -c qemu+tcp://kvmhost/system error: Unable to set close-on-exec flag: Success error: failed to connect to the hypervisor What version of libvirt again? This error is not possible on the latest libvirt.git. That error message is printed ONLY by virnetsocket.c, after a failed call to virSetCloseExec(); but looking at src/util/virutil.c, virSetCloseExec() _always_ returns 0 for mingw. Looking further, it looks like commit fcfa4bfb in Oct 2012 was what changed things to always return 0 (instead of always failing); that commit is in v1.0.0, but not in v0.10.2. If your build of virsh comes from libvirt 0.10.2, that would explain your failure scenario, and it's just a simple matter of building a newer libvirt. At any rate, I've just now backported that particular commit to the v0.10.2-maint branch, so it will be included in the v0.10.2.8 build (hopefully out soon, because it fixes several CVEs). Yes, the libvirt comes grom 0.10.2. I'm running the latest windows binaries provided by spice-space.org: C:\Program Files\VirtViewer\bin>virsh -V Virsh command line tool of libvirt 0.10.2 See web site at http://libvirt.org/ Compiled with support for: Hypervisors: PHYP ESX Test Networking: Remote Storage: Miscellaneous: Debug If someone provides newer windows binaries -- which aren't missing dlls, like the ones at http://teuf.fedorapeople.org/virt-viewer-msi/ -- I will test then. It looks there is a basic network client code error on the windows port, as using different authentication schemes do not make a difference. :-( Rather, it is yet another case of Microsoft's environment being so woefully non-compliant with POSIX, and a case of our code assuming POSIX semantics and failing when the assumption didn't work. In this case, it was pretty easy to work around the assumption. Please someone give me newer binaries I can test! ;-) If someone wants, I can generate libvirt debug logs and Proccess Monitor logs for those cases, but I guess they'd show more or less the same things as the TLS test I already sent. Process Monitor is only useful if you make system calls; but libvirt is choking even before attempting the system calls because mingw is just such a hostile programming environment to programs that assume POSIX. That's precisely mingw advantage over cigwin: mingw binaries are native windows binaries, using native windows semantics, not unix emulation. They provide a better experience for windows users. Welcome to the wonderful world of cross-platform developent! ;-) Gnulib has helped a lot, and often times, it is just a matter of someone running under gdb to see where an assumption went wrong to make a quick patch to fix an issue. Where it gets tricky is that it is hard to find developers willing to do volunteer work on issues for a platform where you typically have to pay money before you can even use it. Also, the fact that you are using a pre-built version of a relatively old libvirt, instead of building your own from the latest sources, makes it hard to know what OTHER issues may have been fixed in the meantime (when given a choice, developers prefer to debug issues in the latest source, rather than trying to figure out which patches to backport to older branches). I understand that, but I'm trying to be useful as a (windows) tester. If I could I'd try to help as a developer. cross-compiling is not for the faint of heart, and learning the first steps require a significant investment in time. :-( Is there a how-to I can follow to generate binaries from the latest sources? I do have Linux expertize, I use fedora on my personal computer, but as C developer I can only run "configure; make; sudo make install". []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Strange behaviour using qemu+ssh on virt-manager
Hi there, I am experimenting with different security settings for libvirtd, so I can give sysadmins administrative access to the KVM hypervisor without giving them root access on the host. I had success using TLS (with client-certs) and SASL, but have not managed to make polkit and ssh to work so far. If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw a local virsh connection gets this error: "Authorization requires authentication but no agent is available" Thus I'm using "sasl" for tcp and "none" for the unix socket. When I try a "qemu+ssh" remote virsh connection evething works fine. But then I try the same URL using virt-manager, and then try to open a guest console, virt-manager prompts multiple times for a ssh login password. Shoudn't virt-manager resue the same ssh connection for guest console access? And even if it needs to open a new ssh connection for the spice connection, this should require only one additional ssh login. But I tried many times, carefully typing the password each time, and I'm sure they were not typos: virt-manager is actually asking for the ssh login password many times! Maybe people who use ssh keys (passwordless) logins didn't notice, but I think virt-manager should't require more than one addtional ssh connection per guest console. Is this a bug? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [virt-tools-list] [Spice-devel] More on virt-viewer for windows
Hi Christophe, On Tue, Sep 17, 2013 at 02:57:04PM -0300, Fernando Lozano wrote: If someone provides newer windows binaries -- which aren't missing dlls, like the ones at http://teuf.fedorapeople.org/virt-viewer-msi/ -- I will test then. [...] Please someone give me newer binaries I can test! ;-) I gave you links to RPMs containing the missing dlls (rpm2cpio foo.dll | cpio -id will unpack them on linux) in https://www.redhat.com/archives/virt-tools-list/2013-September/msg00037.html, did you try adding these dlls in the place the installer put the other ones to see if this helps? My mistake, I read as if those were Fedora binaries I'd use to cross-compile the whose thing. I'll try unpacking those and copying the binaries to your latest msi install. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Spice-devel] [virt-tools-list] Strange behaviour using qemu+ssh on virt-manager
Hi there, >>> When I try a "qemu+ssh" remote virsh connection evething works fine. >>> But then I try the same URL using virt-manager, and then try to open >>> a guest console, virt-manager prompts multiple times for a ssh login >>> password. >>> >>> Is this a bug? >> Each console rquires that we setup a new SSH tunnel, since every >> console is on a different socket on the remote host and we don't >> know them all ahead of time. So far, that's expected, but it should require only one password prompt for each console. > This is particularly bad with spice, which wants multiple fds for each channel > (display, audio, usb redirection, a few others). Each channel requires an ssh > connection, so if you are only using a default ssh setup it will launch > askpass many times. That's my case, using SPICE for guest consoles. While now I understand why all those password prompts, that's very bad from a usability perspective. And I guess it's also bad from a network perspective (having multiple TCP connections for the same interative remote user session). Couln't all SPICE channels be multiplexed on the same TCP connection, and so use the same SSH connection? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
libvirtd auth for qemu+ssh connections
Hi, I asked this before but as it was mixed with another question on the same message I guess nobody noticed: >>> I am experimenting with different security settings for libvirtd, so >>> I can give sysadmins administrative access to the KVM hypervisor >>> without giving them root access on the host. I had success using TLS >>> (with client-certs) and SASL, but have not managed to make polkit >>> and ssh to work so far. >>> >>> If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw a >>> local virsh connection gets this error: >>> >>> "Authorization requires authentication but no agent is available" >>> >>> Thus I'm using "sasl" for tcp and "none" for the unix socket. What should I have for libvirtd polkit authentication? I'd like to use regular user PAM passwords (either from local files or from LDAP). But I only managed to get working the other options: no auth, client-cert (TLS) or SASL digest-md5 own password database. >>> When I try a "qemu+ssh" remote virsh connection evething works fine. I found no auth configuration on /etc/libvirt/libvirtd.conf for ssh connections. This means they are using unix sockets, like they were local connections? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Spice-devel] [virt-tools-list] More on virt-viewer for windows
Hi, >>> Can someone from the Spice community chime in? Why is >>> spice-space.org shipping a Fedora 18 build of libvirt (0.10.2.x) >>> rather than Fedora 19 (1.0.5.x)? Who does the builds, and how often >>> are they updated? >> I do builds when releasing new virt-viewer versions, and I use the latest >> stable Fedora available at that time. We've not done any virt-viewer >> release since F19 came out. >> >> There's no reason why I couldn't do bug fix re-builds of the installer >> though at any time if deemed neccessary. > It would be nice to do a bug fix rebuild as soon as 0.10.2.8 is > released, as that would pick up the patch for mingw refusing to create > sockets, and hopefully get people a lot further at actually being able > to use virsh on mingw. I got confused by those release numbers: if Fedora has libvirt 1.0.5.x why should the next windows build use older 0.10.2.8? I though development were being done only on the latest releases. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
progress on virt-viewer for windows
Hi Christophe, If someone provides newer windows binaries -- which aren't missing dlls, like the ones at http://teuf.fedorapeople.org/virt-viewer-msi/ -- I will test then. I gave you links to RPMs containing the missing dlls (rpm2cpio foo.dll | cpio -id will unpack them on linux) in https://www.redhat.com/archives/virt-tools-list/2013-September/msg00037.html, did you try adding these dlls in the place the installer put the other ones to see if this helps? The first missing DLL was libvirt-lxc-0.dll. After I put it on the virt-viewer install dir, I got the error: C:\Program Files\VirtViewer\bin>virsh -c qemu+tcp://kvmhost/system error: failed to connect to the hypervisor error: authentication failed: unsupported authentication type 1 Nice, there wan't other missing DLLs. :-) It looks like the windows port can't do SASL auth over TCP. So I changed libvirtd.conf to allow unauthenticated connections over TCP. It worked! Quickly changed libvirtd.conf to allow only TLS connections, not to let my host insecure. Then tried again: C:\Program Files\VirtViewer\bin>virsh -c qemu+tls://kvmhost/system It worked!!! Thanks a lot for your help, and I'm eager to try the next release you are about to build. PS: Would it be hard to add SASL support to the windows port? It's much easier to setup than TLS. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: progress on virt-viewer for windows
Hi, My first tests using virsh from http://teuf.fedorapeople.org/virt-viewer-msi/ were based on the 64-bit (x86_64) binaries. I'll try the 32-bit binaries and report on the results. After having success with a few comands using virsh, I decided to try virt-viewer. It reported missing libssp-0.dll, so I copied as per previous intructions by Christophe. Now when I try: C:\Program Files\VirtViewer\bin>virt-viewer -c qemu+tls://kvmhost/system guest1 It locks up. No output, no error, no remote-viewer window. :-( As both virsh and remote-viewer were woking now, I kinda expected virt-viewer should work, or at least give an error we could debug. Changing the connection URL to: C:\Program Files\VirtViewer\bin>virt-viewer -c qemu+tcp://kvmhost/system guest1 Which would give an "unsupported authentication type 1" on virsh, but locks up virt-viewer the same way as using TLS. It looks like virt-viewer is locking up *before* connecting to libvirtd to find the remote display config for "guest1". Adding --debug to virt-viewer with tls shows: (virt-viewer.exe:23376): virt-viewer-DEBUG: Insert window 0 00A240A0 (virt-viewer.exe:23376): virt-viewer-DEBUG: fullscreen display 0: 0 (virt-viewer.exe:23376): virt-viewer-DEBUG: connecting ... (virt-viewer.exe:23376): virt-viewer-DEBUG: Opening connection to libvirt with U RI qemu+tls://kvmhost/system (virt-viewer.exe:23376): virt-viewer-DEBUG: Add handle 3 1 03684A90 If I try --debug but using a qemu+tcp URL, I get the same output (with different memory addresses, of course) Attached is another virt-maanger try (using qemu+tls, which should work for libvirt) but with LIBVIRT_DEBUG=debug. This log shows that libvirt has connected and was authenticated (the RPC_TLS_CONTEXT_SESSION_ALLOW entry means that, right?). How strange. So I also attached also a debug log for the qemu+tcp url. Hope this helps making virt-viewer work on windows. []s, Fernando Lozano []s, Fernando Lozano C:\Program Files\VirtViewer\bin>virt-viewer --debug -c qemu+tcp://kvmhost/sys tem guest1 2013-09-19 19:23:09.589+: 22716: info : libvirt version: 1.1.2 2013-09-19 19:23:09.589+: 22716: debug : virLogParseOutputs:1336 : outputs=" 1:file:virt-viewer.log" 2013-09-19 19:23:09.590+: 22716: warning : virLogParseOutputs:1401 : Ignorin g invalid log output setting. 2013-09-19 19:23:09.599+: 22716: debug : virGlobalInit:438 : register driver s 2013-09-19 19:23:09.599+: 22716: debug : virRegisterDriver:764 : driver= 6CDBAA60 name=Test 2013-09-19 19:23:09.600+: 22716: debug : virRegisterDriver:776 : registering Test as driver 0 2013-09-19 19:23:09.600+: 22716: debug : virRegisterNetworkDriver:611 : regi stering Test as network driver 0 2013-09-19 19:23:09.600+: 22716: debug : virRegisterInterfaceDriver:638 : re gistering Test as interface driver 0 2013-09-19 19:23:09.600+: 22716: debug : virRegisterStorageDriver:665 : regi stering Test as storage driver 0 2013-09-19 19:23:09.601+: 22716: debug : virRegisterNodeDeviceDriver:692 : r egistering Test as device driver 0 2013-09-19 19:23:09.601+: 22716: debug : virRegisterSecretDriver:719 : regis tering Test as secret driver 0 2013-09-19 19:23:09.601+: 22716: debug : virRegisterNWFilterDriver:746 : reg istering Test as network filter driver 0 2013-09-19 19:23:09.601+: 22716: debug : virRegisterDriver:764 : driver= 6CDBBF20 name=PHYP 2013-09-19 19:23:09.601+: 22716: debug : virRegisterDriver:776 : registering PHYP as driver 1 2013-09-19 19:23:09.601+: 22716: debug : virRegisterStorageDriver:665 : regi stering PHYP as storage driver 1 2013-09-19 19:23:09.601+: 22716: debug : virRegisterInterfaceDriver:638 : re gistering PHYP as interface driver 1 2013-09-19 19:23:09.602+: 22716: debug : virRegisterDriver:764 : driver= 6CDBC540 name=ESX 2013-09-19 19:23:09.602+: 22716: debug : virRegisterDriver:776 : registering ESX as driver 2 2013-09-19 19:23:09.602+: 22716: debug : virRegisterInterfaceDriver:638 : re gistering ESX as interface driver 2 2013-09-19 19:23:09.602+: 22716: debug : virRegisterNetworkDriver:611 : regi stering ESX as network driver 1 2013-09-19 19:23:09.602+: 22716: debug : virRegisterStorageDriver:665 : regi stering ESX as storage driver 2 2013-09-19 19:23:09.602+: 22716: debug : virRegisterNodeDeviceDriver:692 : r egistering ESX as device driver 1 2013-09-19 19:23:09.602+: 22716: debug : virRegisterSecretDriver:719 : regis tering ESX as secret driver 1 2013-09-19 19:23:09.603+: 22716: debug : virRegisterNWFilterDriver:746 : reg istering ESX as network filter driver 1 2013-09-19 19:23:09.603+: 22716: debug : virRegisterDriver:764 : driver= 6CDBB4A0 name=remote 2013-09-19 19:23:09.603+: 22716: debug : virRegisterDriver:776 : registering remote as driver 3 2013-09-19 19:23:09.603+: 22716: debug : virRegisterNetworkDriver:6
Re: [Spice-devel] progress on virt-viewer for windows
Hi Marc, C:\Program Files\VirtViewer\bin>virsh -c qemu+tcp://kvmhost/system error: failed to connect to the hypervisor error: authentication failed: unsupported authentication type 1 It looks like the windows port can't do SASL auth over TCP. So I changed libvirtd.conf to allow unauthenticated connections over TCP. It worked! Some time ago, I tried to port cyrus-sasl to mingw (mostly for fun), I remember I was very sadden by their build-sys which would really need some serious love. There are some binary distribution for Windows around, so it must be doable, but not so easily imho. What mechanism would you rely on? Testing all of them can be tedious too. I tried only digest-md5. I guess most people would use either that or Kerberos. Is the "authentication type 1" from the error message a libvirtd authentication type or a SASL one? I was not able to setup "polkit" on the host. It complains about a missing agent. For libvirtd, the auth options are "none", "sasl" and "polkit". When I manage to get "polkit" working for a linux client, I'll try on the windows port. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: progress on virt-viewer for windows
Hi, My first tests using virsh from http://teuf.fedorapeople.org/virt-viewer-msi/ were based on the 64-bit (x86_64) binaries. I'll try the 32-bit binaries and report on the results. The 32-bit binaries needed the same DLLs (of course the 32-bit ones) and gave the same results: virsh works with TLS and TCP (noauth), virt-viewer locks up. Remote-viewer was woking before and continues working. I have not tried alternative authentications schemes for spice, just TLS and the fixed (shared) password. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
idea: lapdock for smartphones
Hi, After reading about multiseat support for F17: http://0pointer.de/blog/projects/multi-seat.html I'm deaming on a differente use for the hardware: why not having one of those "usb docking stations" connected to my android smartphone and using it as a desktop, instead of using proprietary and expensive hardware like the altrix. Maybe a "Fedora for Android" like the "Ubuntu for Android"? :-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: End of 32-bit support?
Hi, > The proposal is being considered because there really isn't anyone > testing stuff on i686 machines, No one tunning atom (32-bit only) netbooks? I guess most tests could use a 64-bit hardware but 32-bit kernel etc. Few issues would show up only on real 32-bits only hardware. But if a commited Fedora developer would like to have a 32-bits only hardware for testing I'd hapily donate an eeepc netbook I have that still works fine. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Linux and Skype Video
This message is probably spam Symbol: ONCE_RECEIVED(1.00) X-Virus-Scanned: clamav-milter 0.98.4 at mcbain0012 X-Virus-Status: Clean Hi Mickey, I use skype for video calls regularly on many notebooks and desktops. Currenty all then are at F21 but I can't remember issues when they were at F20. I used to google for tutorials on installing Skype on Fedora, it's rpm package doesn't state all deps, but I didn't had to to this since F18 or 19, maybe because I used fedup since them. I had a few troubles years ago with a sound card and usb video camera that weren't supported by Linux but this wasn't specific to skype. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Latest Java-openjdk upgrade
Hi, I do heavy Java development and never had issues with OpenJDK on Fedora. And I have OpenJDK on RHEL at many production sites. So don't bother switching to Oracle Java. Instead try unistall and reinstall OpenJDK Packages because it looks you have either a corrupted file. Other option is you have other Java installations besides the Fedora-provided OpenJDK and you PATH or CLASSPATH have entries for different installations. This happen a lot when you have both GCJ and OpenJDK or Oracle Java and OpenJDK. Maybe you left your browser install Java (from Oracle) instead of configuring the Fedora-provided Java plugin. Check which java, javac and etc are configured using alternatives and check you env vars. Make sure you are using commands, jars and libraries from the same installation. []s, Fernando Lozano > > Here a link that explains the */java.lang.ClassFormatError/*: > http://craftingjava.blogspot.co.il/2012/07/reason-for-javalangclassformaterror.html > > > "*/this error would be thrown when the java virtual machine attempts > to read a class file and founds that the class file has been altered > in such a way that it loses its integrity./*" > > Here they are trying to say that */"if a class file has been modified > in a complicated way then this error would be thrown." /* > > There may be two possible ways a class file can get corrupted as far i > know. > > 1.May be the compiler have some unresolved bugs in it. > 2.The programmer may intentionally change the class file for some reasons. > -- > > In your case this error does not seem to depend on your code. > > So, I can suggest you to useOracle JDK instead OpenJDK,this because I > had some problems using NetBeans and then I got that suggestion, that > helped me. > > > Angelo > > On Tue, Jan 27, 2015 at 1:35 AM, Kevin Cummings > mailto:cummi...@kjchome.homeip.net>> wrote: > > I updated to java-1.7.0-openjdk.x86_64 1:1.7.0.75-2.5.4.2.fc20 today > (along with the java-1.7.0-openjdk-headless and > java-1.7.0-openjdk-devel > packages). After the upgrade, nothing java related would run. > (not the > compiler, not the jar command, and I couldn't run any pre-built > .jars.) > The error was: > > > Error occurred during initialization of VM > > java/lang/ClassFormatError: Unknown constant tag 99 in class > file java/lang/Class > > Downgrading back to java-1.7.0-openjdk.x86_64 > 1:1.7.0.60-2.4.3.0.fc20 et > al fixed the problem. > > -- > Kevin J. Cummings > kjch...@verizon.net <mailto:kjch...@verizon.net> > cummi...@kjchome.homeip.net <mailto:cummi...@kjchome.homeip.net> > cummi...@kjc386.framingham.ma.us > <mailto:cummi...@kjc386.framingham.ma.us> > Registered Linux User #1232 (http://www.linuxcounter.net/) > -- > users mailing list > users@lists.fedoraproject.org <mailto:users@lists.fedoraproject.org> > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > > > > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Linux and Skype Video
This message is probably spam Symbol: ONCE_RECEIVED(1.00) X-Virus-Scanned: clamav-milter 0.98.4 at mcbain0012 X-Virus-Status: Clean Hi, I haven't needed the LD_PRELOAD trick for quite some time, I guess at least since F19. In my experience Skype should just work if your hw is supported by recent fedora releases. Have you tried your webcan with cheese or some other linux tool? Have you tried your mic with gnome-sound-recorder or something elase? Does skype echo service works (only for audio)? []s, Fernando Lozano > On 01/27/2015 11:35 AM, Tim wrote: >> Allegedly, on or about 27 January 2015, Mickey sent: >>> Fedora 20/KDE >>> >>> Can Fedora use a webcam on Skype ? >> I was using Mate on Fedora 20, but it worked for me. And with less >> stuffing around than with Fedora 17, which required launching it from a >> script, pasted below. I think I may be using 32 bit OS on 20, though. >> I can't remember. >> >> #!/bin/bash >> # >> # force 32 bit video for linux 1 compatiblity library for video for linux 2 >> >> LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skype >> > that didn't work for me, and I haven't been able to use Skype in a long > time. No audio.. it used to crash the PAvolume control when I tried to > adjust it. Now it just doesn't have any sound. > $ LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skype > ERROR: ld.so: object '/usr/lib/libv4l/v4l1compat.so' from LD_PRELOAD > cannot be preloaded (cannot open shared object file): ignored. > > > I tried yum provides v4l1compat.so, no match found. > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Latest Java-openjdk upgrade
Hi, > > Check which java, javac and etc are configured using alternatives and > > check you env vars. Make sure you are using commands, jars and libraries > > from the same installation. > Interesting suggestion. I did note that I have been having > "alternative" warnings during previous updates of java openjdk, but > things were working properly. What other packages might conflict? How > do I check that the alternatives are set correctly? I don't remeber exactly which ones, try at least java, javac and libjavaplugin.so or something like that. For example, "sudo alternatives --config java" But also check you env vars. If you have PATH, LD_LIBRARY_PATH and/or CLASSPATH changed they'll override alternatives selection. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: not able of booting into rescue mode
Hi Angelo. > Yes (for installing Fedora) I am using a live CD..; and I know that it is also a possibility to use DVD iso (about that I have to learn). > > However I was able to get the prompt pressing "Escape" > Anyway I still not was been able to enter in recovery mode from the prompt, because both the command: "linux rescue" and "init.rescue" were not recognized by the interpreter. Every Linux boot media can display the prompt, but the commands available have to be included on the media itself. The rescue commands are not provided by Fedora LiveCDs. So you need to download a non-liveCD Fedora installation media, boot from it and then use the prompt. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: not able of booting into rescue mode
Angelo, Working with CD or DVD images is basically the same. You download the install DVD from the same place you download the LiveCD and burn it the same way. Of course you need a DVD drive with write capability, but I hope your computer is not so old to have only a CD drive. When you enter fedoraproject.org, clik on the "Server" link, then "Download now". It provides a DVD install iso image, while the "Workstaion" link on the home page provides a LiveCD image. Also note the "Other downloads" on the same page: it provides the netinst isos someone else talked about. Those are much smaller than the DVD images but provides the rescue option if that's all you need. If you need an older Fedora release, the lastest Fedora Project web site doesn't provide easy links anymore. But you can copy any of the download links for the latest release and strip from the file name until the release number, for example: http://download.fedoraproject.org/pub/fedora/linux/releases/21/Server/x86_64/iso/Fedora-Server-DVD-x86_64-21.iso becomes http://download.fedoraproject.org/pub/fedora/linux/releases/ Then you can click on the release number you want and browse until you find the install or netinst image you want. For example, if you need Fedora 18, you'd click 18/Fedora/x86_64/iso/ to get the DVD and netinst iso images. Please be aware some mirrors won't provide all releases. In this case, start over from until you get directed to a http://download.fedoraproject.org/pub/fedora/linux/releases/ mirrior that has the release you want. If you need a relase that's too old and most mirrors have already deleted it, go to: http://archives.fedoraproject.org/pub/archive/fedora/ []s, Fernando Lozano > Hi Fernando > > that I would like know ... > > Unfortunately I am not experienced how to do it...; could > you give me a good reference where I could learn, please ? > Thank you > > On Fri, Jan 30, 2015 at 3:32 PM, Fernando Lozano wrote: > >> Hi Angelo. >> >>> Yes (for installing Fedora) I am using a live CD..; and I know that it is also a possibility to use DVD iso (about that I have to learn). >>> >>> However I was able to get the prompt pressing "Escape" >>> Anyway I still not was been able to enter in recovery mode from the prompt, because both the command: "linux rescue" and "init.rescue" were not recognized by the interpreter. >> >> Every Linux boot media can display the prompt, but the commands available have to be included on the media itself. >> The rescue commands are not provided by Fedora LiveCDs. So you need to download a non-liveCD Fedora installation media, boot from it and then use the prompt. >> >> []s, Fernando Lozano >> >> -- >> users mailing list >> users@lists.fedoraproject.org >> To unsubscribe or change subscription options: >> https://admin.fedoraproject.org/mailman/listinfo/users [1] >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct [2] >> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines [3] >> Have a question? Ask away: http://ask.fedoraproject.org [4] Links: -- [1] https://admin.fedoraproject.org/mailman/listinfo/users [2] http://fedoraproject.org/code-of-conduct [3] http://fedoraproject.org/wiki/Mailing_list_guidelines [4] http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Fedora and HP Pavillion11 x360 notebook
Hi there, In need of a cheap and very portable notebook, but able to run a few VMs, i got a HP Pavillion11 x360. Can't go wrong with a "standard" Celeron machine, right? ;-) Hope anyone else has tried that machine and can give me hints. If not, I'll start digging to try to provide useful bug reports. Started using the F20 Live CD, ends ups to a blank (actually dark) screen. Caps lock doesn't light up, Ctrl+Alt+FX won't work, I guess it's frozen. Got the F21 Beta live CD and it works fine! After all, with little over a week for final release, it should be quite stable. Screen resolution correct, sound, wireless, touch screen... mounted the windows C: partition and installed Minecraft there (I have kids), very playable. So I installed F21Beta to the hard drive (not worried if it ended up erasing Windows 8, but it didn't). After installing needed apps (LibreOffice, Gimp, Skype) followed by yum update and reboot problems started: frozen during boot -- almost at finish, the progress image almost full. Hopefully selecting the older kernel the system boots... most of the time. How can I find where exactly boot is frozen? WiFi became unstable -- I don't understand why, it looked fine at first, downloading updates with no problem. Tried disabling the internal wifi card (reviews on the net says it's crap) and using a usb dongle. A tenda one showed no improvement (but never failed me under F19) and a linksys one looked better, but I still had a few disconnects. Another machine using F19 was using wifi fine at the same time, besides many android devices, so it doesn't looks like Internet link or AP problems. The trackpad cant detect taps (clicks). I never liked trackpads, always use an external wireless mouse, but it would be nice having the trackpad working. Finally shutdown doesn't turns the computer of. It drops to the text screen showing "powering off" but I have to keep pressed the on/off button to actually power it of. I'm spoiled, used to have no hardware problems with Fedora over the latest few years... :-) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
How to install OpenJDK6 on F17
Hi there, I was surprized that F17 uses OpenJDK7 by default but does not includes OpenJDK6 packages also, like F16 did. If I have some app which cannot run on Java 7, what should I do? I know I can download the proprietary JDK6 from Oracle, but I'd rather use OpenJDK. I tried installing OpenJDK6 packages from F16 but yum complains they are obsoleted by OpenJDK7. I also tried downloading IcedTea6 sources and compiling, but they stop with an "internal compiler error". Any hints? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to install OpenJDK6 on F17
Hi Andrew, I find this design decision very odd, exactly for the reasons you mentioned. Java 7 is, to my knowledge, far from universally supported. I would have waited for at least another release or two before phasing out Java 6. We did think about it, but OpenJDK 6 is going to be EOL'd this year, with a complete cessation of updates. Andrew. I can understand you wish to compile everything using OpenJDK7, but why don't keep OpenJDK6 on the repos as an option, just like you did with java-1.5.0-gcj ? Can I --force installing OpenJDK6 packages from F16 on F17? Won't this mess up with OpenJDK7? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to install OpenJDK6 on F17
Hi Andrew, I tried installing OpenJDK6 packages from F16 but yum complains they are obsoleted by OpenJDK7. I also tried downloading IcedTea6 sources and compiling, but they stop with an "internal compiler error". That should work. I'd like to know more. It indicates a pretty major gcc bug. Andrew. Using icedtea6-1.11.2 sources. Run ./configure without any options, installed libs as it complained, and installed gcj for use as the bootstrap (or starter?) jdk. Then make. I everything run a seccond time to get the error messages but now it worked. But I did a yum update beteen two tries. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to install OpenJDK6 on F17
Hi Deepak, java-1.6.0-openjdk and java-1.7.0-openjdk can co-exist side by side happily -- you can even use alternatives to switch the default if you really want to. We just cannot ship 6 in F17 because it will EOL well before F17 does and we cannot ship a known insecure version. Thanks for the info, I feel better with RPM packages (even if I have to reinstall after upgrades) than custom-built binaries. So I'll give it a try. But about the EOL date, I could only find on google an EOL date of Nov/2012 for Oracle JDK, which is the proprietary, commercialy supported build by Oracle. I could not find any EOL for the OpenJDK project or the IcedTea project. My expectation, based on current use of Java by developers I know, and past experience with other Java updates, is that JDK6 will be the most used JDK release for much longer than the Oracle EOL date. Nothing prevents the open source communities to continue supporing OpenJDK and IcedTea past Oracle EOL date. I see there's strong demand for that. So why not doing? Too few people working on that outside of Oracle? You could at least package OpenJDK7 in a way it doesn't obsoletes OpenJDK6, so if anyone wants to mantain an OpenJDK6 repo for F17 and beyond they can do so. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: How to install OpenJDK6 on F17
Hi Deepak, First, thaks a lot for you patience explaining things you and other OpenJDK developers should already have discussed to exaustion. OpenJDK6 will no longer get security updates after November 2012: http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html A large part of the problem is that we will not have access to all the security vulnerability information as it is not made public. That will make it very difficult to fix the underlying issues. I am guessing that a lot of people who will use the Oracle JDK6 beyond the EOL date will probably run the version last available before EOL. We cannot ship such insecure versions in Fedora though. I don't understand why Oracle JDK EOF affects OpenJDK. I suppose code is commited to OpenJDK and then moved to Oracle JDK as with most sane open source projects with a commercial edition. Am I wrong, and Oracle developers their JDK at closed doors, and later pushes their patches to OpenJDK? And couldn't / shouldn't OpenJDK have its own bug track system, and should't it be the primary one, instead of the Oracle bug tracking? You could at least package OpenJDK7 in a way it doesn't obsoletes OpenJDK6, so if anyone wants to mantain an OpenJDK6 repo for F17 and beyond they can do so. The obsoletes was added on purpose. It was added because many packages require java>= 1:1.6.0. If 7 does not not obsolete 6, older systems (F15/16) that have 6 will not necessarily pull in 7 as 6 will satisfy this dependency. However the package will not actually work with 6 because all new packages are being compiled with 7 which produces a newer bytecode that 6 does not understand. This was the bug that prompted obsoleting of 6: https://bugzilla.redhat.com/show_bug.cgi?id=817516 For me it looks like the real fix would be updating the require statatement on each package spec. But even using your rationale, why GCJ, which is Java 5, is still in Fedora 17? The same resons to purge OpenJDK6 would be valid to purge GCJ. If GCJ can be kept, although not being able to run the java packages included as part of the distro, OpenJDK6 could be kept also. I am used to open source communities, for example apache tomcat and postgresql, supporting older releases much longer than commercial counterparts, for example websphere and oracle db, because this meets a real user need. I can't understand why OpenJDK / IcedTea cannot do the same, and have to bown down to Oracle EOL. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Eclipse WTP and Fedora
Hi, Fedora has for a long time included Eclipse, Tomcat and (bits of) Geronimo and Glassfish. And now F17 provides JBoss AS. But why Fedora Eclipse doesn't includes WST? Is there anything that prevents Fedora to provide the Eclipse IDE for Java EE developers as part of the distro? Am I supposed to download a fresh new Eclipse from Eclipse.org for Java EE development, instead of using Fedora Eclipse? Or is that just a question of manpower to package and test so many plugins and their dependencies? Most users will have trouble finding how to enable Eclipse.org update sites to get those missing features. :-( (By the way, who should I contact to volunteer to write those docs and put the on Fedora web site / wiki?) []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: searching for Fedora-compliant packages of rar and unrar
Hi, It's unusual because rar and its file format are closed (maybe patented). The vendor provides an open source unrar utility, and that's it. There are MUCH BETTER options, like 7-zip.org (p7zip is part of Fedora and is part of RHEL or can be added through EPEL, and is supported by File-Roller and Nautilus). Better compression rate, speedier, all open source. The windows GUI version is also much better than WinRAR. So it's enough for me to have an unrar to open files in this format by people who don't know there's better alternatives. []s, Fernando Lozano On Thu, 5 Jul 2012, Aaron Konstam wrote: On Thu, 2012-07-05 at 14:15 -0400, Max Pyziur wrote: Greetings, I'm searching for Fedora-compliant packages of rar and unrar. I know that they can be found at Repoforge (http://repoforge.org/). However, they are for CentOS and RHEL. Are there any repos where rpm packages of rar/unrar that can be found and useable on Fedora 17? Much thanks. Max Pyziur p...@brama.com unrar is available in rpmfusion-nonfree-updates. But no rar. Seems either unfair or unsymmetrical. Or even unusual. Much thanks for all of the replies. MP p...@brama.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Linux on tablets [was: installing fedora linux on Arnova 10]
Hi, On Sun, Sep 02, 2012 at 01:28:31PM -0500, Ranjan Maitra wrote: I have access to a somewhat old (by about 2 years) thoroughly crappy Arnova 10 tablet. I wanted to try my hand at installing fedora (or any linux distribution for that matter) on Arnova 10. Why not install a tablet specific OS like Android? It should be simpler to find instructions for that on the Internet. Yes, it would be much simpler to install Android (and maybe a regular Linux over Android -- there's Ubuntu for Android and Google Play lists a number of "debian linux installers"). But it would be much more fun (from a hacker perspective) to have a real Linux. ;-) I myself would be happier with a real community-developed tablet OS than the current "somewat" open source Andoid. And of course I'm curious to see wether the new ideas from Gnome 3 actually work (or not) on a real tablet, instead of a touch-enabled PC. Now that ARM is a primary architecture for Fedora, maybe the developers could think about a "tablet spin" or even an "installer" on Google Play. Nowadays there a lot of very cheap tablets, cheaper than a Kindle Fire or a Google Nexus, but with nice specs for hacking. I m positively surpised with some Genius modelsI got for my kids to play (GT725S for example -- 7" low-res display, 1GB RAM, 4GB storage, explandable to more 32GB using the microSDHC slot, 1.2GHz Cortex processor and GPU, almost the same specs as a Sansumg Galaxy S2 -- and the 10" model has bigger resolution, same as a standard netbook). Some people report having success with usb mouses, keyboards, printers and 3G modems (yes, the Genius models have a standard PC-like USB port -- I haven't tried yet). []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
virsh ok with TLS but virt-viewer not
Hi there, I folowed instructions on: http://wiki.libvirt.org/page/TLSSetup To setup TLS conections to a qemu+kvm host, for remote administration. I guess I did everything right, because sudo virsh -c qemu+tls://myhost/system Works fine. So far every command I tried is ok. Giving the same URL to virt-manager also works. But I cannot open any guest console, be it from virt-manager or from virt-viewer. If I try: sudo virt-viewer -c qemu+tls://myhost/system 1 I get an error pop-up telling "Unable to connect to graphics server myhost:5900" And from virt-manager, the guest console shows "Connecting to graphical console for guest" and nothing happens. No error message, not even timeout. :-( But I can inspect and even change the guest details. On the guest details, it shows "Display Spice" at addres 127.0.0.1 and port 5900 with auto TLS port, and no password. Should I change those settings to get remote access to a guest console? If so, how, as I cannot find info at either libvirt.org nor virt-manager.org. If I use a qemu+ssh URL it works for virsh and virt-manager, including gest consoles, but using virt-viewer won't work even using ssh. So I suppose something is missing, but I have no idea what. The end goal is being able to use both virsh and virt-viewer under Windows, and their README state that ssh connections won't work yet. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: virsh ok with TLS but virt-viewer not
Hi there, I folowed instructions on: http://wiki.libvirt.org/page/TLSSetup To setup TLS conections to a qemu+kvm host, for remote administration. I guess I did everything right, because sudo virsh -c qemu+tls://myhost/system But I cannot open any guest console, be it from virt-manager or from virt-viewer. sudo virt-viewer -c qemu+tls://myhost/system 1 I get an error pop-up telling "Unable to connect to graphics server myhost:5900" Use the virsh command to get to one of the machines and then do a netstat -lpnt and verify you have something listening on port 5900. If you don't, then the virt console won't work (probably that the vnc server didn't start on the guest machine). All qemu-kvm processes were listening on ports 590x, but on loopback only. Now it makes sense: virsh / virt-manager conect to libvirtd, but virt-viewer connect to qemu-kvm. That's why one can work while the other can't. I found there's "another" virt-manager web site. Followed the instructions on http://virt-manager.et.redhat.com/page/RemoteTLS And now I can get remote console access from either virt-viewer or virt-manager. But also got another serious problem: now each active VM listens on two ports (For example, 5900 and 5902 for guest 1). One accepts plain text vnc or spice connections. The other accepts TLS connections, as seen on virt-manager guest details. My wish is to enable only TLS connections. Can't do that using iptables rules because port assignment is dynamic. Worse yet, I found using netstat that virt-viewer and virt-manager connects to the non-secure port. :-( I found no way of connecting using remote-viewer to the TLS port, only to the non-secure port. So I don't really know if my vnc/spice TLS setup is working. On the Windows side, I got virsh working with TLS. But not virt-viewer. The windows port of virt-viewer seems unable to recognize "qemu+tls" urls, as I did on Linux. :-( And as I don't know how to make TLS connections using remote-viewer, I haven't got secure guest console access from windows clients. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Samba] Samba 4 Packages Available for Download
Hi there, [Sorry for cross-posting, I hope I didn't violated any list policies] this is just a heads-up that SerNet does provide Samba 4 packages (including AD DC package) now. It was told on the fedora user's list that the kerberos implementation used by Fedora, RHEL and CentOS conflicts with the samba one, and so Fedora was providing samba4 binaries without AD DC support. This was related to the use of FreeIPA by Fedora and RHEL. So I wasn't expecting to see packages with AD DC support for RHEL and CentOS so soon. Thanks a lot! But how did you manage the kerberos problem? I see you repo provides only samba4 packages, and do not replace any other library or daemin from CentOS and RHEL. Or would the problem be present only on newer Fedora releases, and not on RHEL6 (yet)? Would this be related to the fact servnet does not provide samba4 packages for Fedora, or you simply don't package anything for Fedora? Another question: if my CentOS server is using samba3 from sernet repos, may I upgrade them using sernet samba4? Or should I uninstall samba3 and do a clean install of samba4, redoing all configuration manually? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Samba vs NAS vs NFSv4
Hi there, Here we have been using Samba (2 & 3) for yeas as the main file server and also as PDC (integrated with LDAP) so we have centralized account management for both Linux and Windows server and clients. Now we intent to put most of our data on centralized storage, and are evaluating many entry-level SAN products lie HP P2000G3 and Dell MD3200. We are also intrigued with some ebtry-level NAS solutions from Iomega, EMC and IBM. Maybe someone on the list can share his/her experience about NAS servers vs Samba3: - Will a NAS server provide SMB/CIFS shares, integrated with Samba domain security? Or will then need a Microsoft Active Domain Controller? - Moving to Samba4 (or FreeIPA) would solve those issues, if I can't use the current Samba3 PDC and BDC with a NAS server? - NFS access to the NAS server will be compatible with latest NFSv4 security, or will it require the "trust-based" weak security model from NFSv3 and v2? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, > On Tue, 2013-07-09 at 10:58 +0200, j.witvl...@mindef.nl wrote: >> Once in a while I see people suggesting the disabling of IPv6 to cope >> with some issue. >> >> My I _kindly_ ask not to do that anymore? >> Even though such trick might take away the symptoms for you and me, it >> is a technical overkill and only tackles the symptoms. > In my case, I have a completely IPv4 network, and a complete > impossibility to do IPv6 over the internet (I'd need an IP6 to 4 proxy > *OUTSIDE* of my ISP). So... > > Somtimes we techinicians give advice based on an ideal world. :-) But on the real world disabling IPv6 everywhere is the *right* thing to do for many companies. if you don't have the need, don't have the knowledge and your hardware/software doesn't support it well, IPv6 is not only overhead with no added value but also may present a significant security risk. Just like you should disable any system service (specially network services) that you don't need to reduce a hacker attack surface on your network and servers. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, > > > disabling IPv6 everywhere is the *right* thing to do for > > > many companies. if you don't have the need, don't have the > knowledge and > > > your hardware/software doesn't support it well, IPv6 is not only > > > overhead with no added value but also may present a significant > security > > > risk. Just like you should disable any system service (specially > network > > > services) that you don't need to reduce a hacker attack surface on > your > > > network and servers. > > > Is it possible to give the end-user the option whether to go IVP4 or IPV6? > I haven't found yet an OS clearly showing how to disable IPv6 in a way most non-techinical users can find. But all them have this option somewhere, alongside other "esotheric" options like level 2 security. Given IPv6 current state, where many vulnerabilities are related to autoconfiguration for home and small networks, and given the fact many ISPs still doesn't support IPv6 at all, IMHO the default setting should be IPv6 disabled. Any end user or sysadmin should take action only to enable IPv6, not to remove the threads it represents today. Actually having IPv6 enabled by default is against security best practices. But even security experts forget this because everyone wants to lobby for broader IPv6 adoption. The end user pays the price for technologican evolution. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, > The last time I did this, I found IPv6 had a little more latency than > IPv4. > After deciding the ISP and router were still "not there", I disabled IPv6. > I haven't tried this recently, but this thread makes me want to try again. > Hopefully the router has better firmware and the ISP IPv6 support has > improved. > The problem is not just ISP support. Unless you have a pure IPv6 path end-to-end to the final destination (say google), your packets will travel through an IPv6-toIPv4 gateway, which add latency. So, it won't bother your particular ISP supports IPv6 well, unless most internet sites you connect to also supports, and their own ISPs, load balancers, DNS mirrors, also supports IPv6 well. Another question is that IPv4 has years of large-scale deployments, so well-optimized firmwares, OS stacks, firewalls, etc. IPv6 ones have less optimzation simply because they have been exposed to less real use and even less large scale use. IPv6 per se (larger address size, larger headers, different semantics) requires more CPU power, memmory, buffers... so a product that works well with IPv6 may not work so well with IPv6. And the vendor has more pressure from customer for good performance on IPv4 than IPv6. Bottom line: you won't use IPv6 because it's better. We may find out in the future it's actually much worse, but we will only know when it's as widely use as IPv4. We all know IPv6 is inevitable given the expansion of the Internet, but IPv6 is not need by most right now. Maybe we'll end up with a "different" IPv6, like current IPv4 with CIDR and NAT is very different than the original class-based IPv4. For the time beign, I restrict IPv6 to test networks, to gain knowledge and evaulate product support, but keep it out of my production network. And keep a close eye to security issues and new RFCs still being drafted by the IETF about IPv6. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
About NAS versus Samba
Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about "Active Directory support" and nothing else. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself. So I'm asking if someone there has had any real experience, be it using Fedora, CentOS or RHEL as the Samba3 PDC or Samba4 DC. PS: I'm cross-posting because I asked before on the samba mailing list and nobody cared to answer. Or nobody has had any real experience. I'm hoing many sysadmins on the Fedora list also works on companies with RHEL or CentOS and had a real experience to share. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Samba] About NAS versus Samba
Hi, Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC This was not my question. I'm ok running samba 3 DCs. :-) oh but it was! PDC means NT4 style, so samba PDC means samba 3 domain! If you're searching for information, this kind of nitpicky detail is important for an accurate answer. Well, I know how to setup a Samba 3 PDC, with other "BDCs" using LDAP replication. Fortunately I do not need help doing this. And I was not asking what is a Samba PDC, I know that, I know MSAD and etc I'm not asking the IT manager in you and other list members, I'm asking the network admins and sysadmins about wich products worked or didn't work based on their real-world experience. My question is wether a NAS (which one) will be able to become a member server on the samba NT-style domain, of if it will work only as member of a real MSAD domain from a Windows Server. Do you know the answer, I talked about "even a Samba 4 DC" because if someone answers me "won't work for a samba 3 pdc, but should work with a samba 4 DC" I'll seriously think about moving my test-lab samba 4 setup into production, otherwise I was not willing to do this just for the NAS. I'm even open to IPA, a software I've never tried. It looks like can replace my Samba3 DCs with advantes, and is well supported by Red Hat, while Samba 4 is not. Today I'd rather run Samba 4 without support than learning an entirely new network login solution. But if the new solution makes using a NAS easier I may change my mind. AFAIK it shouldn't matter, from a technical perspective, [Fedora vs RHEL] I agree. But you're asking questions that show us that you assume that this is not the case. If that's your concern, then the disto you're using is important since they all put in their own patches, or not, and that's where issues raise. For now it only matters to me if sometone tells "i tried with ACME NAS and RHEL and it worked, but tried the same NAS with Fedora and it didn't" or vice-versa. I can compile samba myself if needed, or get packages from a repo outisde the official distro ones. if you can verify the samba version on the nas, that should have your answer since those issues are well tracked. Generally, if it supports AD, it supports a samba AD. Bugs are possible, but bugs can also be fixed. If I had the NAS box here I'd verify. But I'm still evaluating which one to buy, and for small purchages / small companies no one gives me a box for a POC. I wish information on with products / vendors have a track record of working (or not working) as member servers to a samba 3 domain, so I won't loose time talking to those vendors or evaluating those products. As I said in the previous messages, trying to get this information from the vendors themselves was a failure, so I'm appealing to the list. Unfortunately, as nobody besides you, on both lists, replied to me, I must assume that no NAS in the market was ever proven to work using a Samba PDC, and so buying any NAS is out of question for me. :-( Maybe I'll instead buy a DAS box to which I can connect 4 to 8 server machines using SAS links, and let the file servers running as samba processes inside linux VMs. []s, Fernando Lozano []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Samba] About NAS versus Samba
Hi, No, they all write their own these days. None available to license as far as I'm aware. Most times the "proprietary" NAS software is simply a web interface over a standard Linux/FreeBSD OS using Samba. If you know Samba and Linux, the web interface may be a hurdle, not allowing access to features you know how to configure from the shell or, worse yet, overwriting those settings, if they provide a shell at all. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi Tim, Many ISPs will, also, have to buy new equipment. For some of them, at great expense. They're not going to do that unless they have to. Some have been avoiding it just because the technicalities of it are a new nightmare that they don't want to have to deal with (new security issues, new network configuring, new customer support issues). Here ISPs are not well known for spending in training. :-( I'd guess big corporations will adopt IPv6 before most ISPs. I don't think it's the time for SMBs to try (fight with) IPv6, they should wait until products mature and best practices to emerge. In the mean time, vendors should be honest and disable IPv6 (not remove, just disable) The interim solution has been to grab back already allocated, but currently un-used, IPv4 addresses. This solution will be short-lived, but I haven't seen an predictions for when it'll run out of available IPv4 addresses. If manufacturers and software programmers don't pull their fingers out, we'll be faced with even more ISPs subjecting their clients to NAT. Would this be so bad? Most people at work have been working using NAT for years. NAT increases security. Most internet users don't need to run servers. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: AW: [Samba] About NAS versus Samba
Hi, what about the samba running on your NAS. I did a lot of NAS hacking pointing a running samba/winbind config of the vendor to my nt-style samba/ldap domain . But if you do so be aware you are loosing your support :-). So if you can change the samba on your NAS you are up and running. I don't have the NAS box yet. I wish advice on which one to buy based on compatibility with a Samba 3 PDC (or Samba 4 DC, or IPA). Vendors I talked to tell me it won't work, I'd have to use Microsoft AD. Knowing the Linux and Windows side (protocols, software) this doesn't make sense to me, I'm guessing the sales people I talked to simply doesn't know and doesn't want to learn. And it's not easy to tell the boss I'll buy a somewhat expensive box (for a small business) just to hack and see if it'll work the way I want. :-( It would help if you simply tell me which NAS you had success and which one was easier, out-of-the-box, or had to hack. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, On 07/10/2013 09:14 PM, ferna...@lozano.eti.br wrote: And while we work out IPv6 and improve it, all users should be vulnerable to current IPv6 problems? Are they supposed to be guinea pigs for ipv6 development? No, of course not. I never said that everybody should have IPv6 active. What I did say is that it should be possible for an experienced user to activate it if they want to and that it's not only possible, it's easy if you're using Network Manager. And, to respond to something later in your post, I did not, in fact, disable IPv6; I simply declined to enable it, which is completely different. (And, I think, the default.) AFAIK all recent Windows releases and Linux distros have IPv6 enabled by default. Complete with auto-configuration, default MAC-based global addresses, route discovery and other "ease of use", but potentialy dangerous, features enabled. I have not checked Fedora 19 yet. Didi it changed anything? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, Would this be so bad? Most people at work have been working using NAT for years. NAT increases security. Most internet users don't need to run servers. NAT does NOT increase security. NAT is a combination of a stateful firewall with a packet mangler; the security comes from the firewall, not the mangler. Leave out the packet mangling; use a firewall and "real" IPs. If NAT prevents anyone from the internet to try to connect to my computer, this is increased security. After all, don't we configure firewalls exactly to prevent unwanted connections? Of course NAT alone does not brings security. But as I understand TCP/IP networks, NAT does help security. Not having NAT means having everyone, every device and computer with a real, public internet address. This means more potential targets for hackers. Lots of Internet users run servers and don't even know it; any peer to peer system is a server on one end. Look at all the hoops software has to jump through to try to work through NAT (and especially multiple layers of NAT), sometimes failing and frustrating users. NAT is a fact today, has been for years, and people have been using Bittorrent and Skype regardless. For home users and SMBs, NAT is something that was taken care of. IPv6 is a whole new bunch of risks. I am not against IPv6 per se. I am against wide use of IPv6 right now. Let it mature. As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which adds layers of NAT that break things like P2P applications and IPSec. I'll happily trade IPSec for OpenVPN. ;-) In any case, IPv6 should be enabled by default because users may connect to IPv6 networks and need it to "just work", just like IPv4. They aren't power users that know how to tweak hidden options, they just want to use the network. To just use the network they need only IPv4. They don't need the security risks that current IPv6 implementation and default configurations adds. Today, IPv6 is far from "just works". You are advocating using all end users as guiena pigs for IPv6 evolution. I advocate evolving IPv6 before exposing end users to ti. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Samba] About NAS versus Samba
Hi Tony, RE: [Samba] About NAS versus Samba I've had experience with a Western Digital "MyBook Live DUO", and it does NOT support any type of network authentication. Users must be created and deleted on that device. Thanks. May good for home use, but not for my employee. Anyway a vendor told me "this works with linux" but was unable to give details about authentication. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fwd: OpenJDK packaging bug in Fedora 19
Hi Jiri, Luckily (or not? - because it passed update test) this do not happen always. And unluckily this was bugged after the f19 freeze - https://bugzilla.redhat.com/show_bug.cgi?id=979128 I think I will abandon whole update alternatives process and come with direct remove/add as this is not firs time when alternatives behaved .. as they do. But until now it was always catch in time. Please don't drop alternatives from OpenJDK. ;-) But why is the bug marked as "CLOSED WORKSFORME"? I think it's a real problem if a user installs/upgrade and can't run "java" out of the box. Created bug #983677. Hope this time someone will fix the packages instead of closing without resolution. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Better alternatives [Was: OpenJDK packaging bug in Fedora 19]
Hi, I think I will abandon whole update alternatives process and come with direct remove/add as this is not firs time when alternatives behaved .. as they do. But until now it was always catch in time. Please don't drop alternatives from OpenJDK. ;-) It's a really messy way to get the wanted result (swapable java stacks). I think we can do better. (...) I always find $ rpm -qf `which java` file /usr/bin/java is not owned by any package to be very frustrating. We need a better which, that follow symlinks ? ;-) I guess here the problem is with RPM. It won't allow the same file being owned by multipla packages. Pardon if I'm talking about something you've already tried. If you package a set of alternative configs as their own package, and make other Java packages depends on it? If I understand alternatives, it relies on symlinks that point to other symlinks. So the "top level" symlinks, like /usr/bin/java and /etc/alternatives/java, would be part of that java-alternatives package. Them the symlinks that point to real binaries would be owned by the specific jre or jdk package. As anyone could install alternatives-java per se, it would have a dummy script that echoes "no default java selected" and exit an error code. Am I being to simplicist? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi Tim, Many ISPs will, also, have to buy new equipment. For some of them, at great expense. They're not going to do that unless they have to. Some have been avoiding it just because the technicalities of it are a new nightmare that they don't want to have to deal with (new security issues, new network configuring, new customer support issues). I don't know there, but here ISPs are not well known for investing in human resources. :-( I'd guess some big corporations will really adopt IPv6 before most ISPs. I just don't think it's time for SMBs to work (fight) with IPv6, they should wait for product to mature and best practives to be agreed to. The interim solution has been to grab back already allocated, but currently un-used, IPv4 addresses. This solution will be short-lived, but I haven't seen an predictions for when it'll run out of available IPv4 addresses. If manufacturers and software programmers don't pull their fingers out, we'll be faced with even more ISPs subjecting their clients to NAT. It seems the first test is very simple, seeing if there is an DNS record. Then there is a second test which I did not understand. But no site that failed the test came good in the second. If there is no IPv6 IP address for something, then there can be no IPv6 type of connection to it. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
new rant of the day: anaconda and fedup are...
GREAT ;-) Thanks a lot Fedora developers. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: R: F18 ti F19: can't create a Java virtual machine
Hi, Please see bug https://bugzilla.redhat.com/show_bug.cgi?id=983677 for a description of the same issue and a workaround. The default java configured on alternatives doesn't exists. Just change the default to the openjdk entrey ending in ".i386" []s, Fernando Lozano Computer n.1 says alternatives --config java Ci sono 3 programmi che forniscono 'java'. SelezioneComando --- *+ 1 /usr/lib/jvm/jre-1.7.0-openjdk/bin/java 2 /usr/lib/jvm/jre-1.5.0-gcj/bin/java 3 /usr/lib/jvm/jre-1.7.0-openjdk.i386/bin/java Invio per mantenere l'attuale selezione[+], o inserire il numero di selezione: Computer n.2 says Ci sono 2 programmi che forniscono 'java'. SelezioneComando --- 1 /usr/lib/jvm/jre-1.5.0-gcj/bin/java *+ 2 /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java Invio per mantenere l'attuale selezione[+], o inserire il numero di selezione: Computer n.3 says Ci sono 2 programmi che forniscono 'java'. SelezioneComando --- *+ 1 /usr/lib/jvm/jre-1.7.0-openjdk/bin/java 2 /usr/lib/jvm/jre-1.7.0-openjdk.i386/bin/java Computer n.3 cannot open the Java virtual machine... Messaggio originale Da: antonio.montagn...@alice.it Data: 12-lug-2013 6.44 A: "Community support for Fedora users" Ogg: F18 ti F19: can't create a Java virtual machine We made un update to a laptop, fedup worked very well but now user when starts arduino gets a message (we can see it in a terminal) that can't create a Java virtual machine. Same Arduino worked fine in F18 Any idea??? -- Antonio M Skype: amontag52 Linux Fedora F19(Schroedinger's cat) on Acer 5720 http://lugsaronno.altervista.org http://www.campingmonterosa.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, You keep talking about IPv6 security risks (over IPv4), but haven't cited any. While I don't know of security risks of IPv6, itself, there is this: If you follow IPv6 on the net you should have found lots of articles about this, and how it affects specially home users and SMBs. Here are some introductory links: http://thepcsecurity.com/ipv6-security-issues-concerns-transition/ http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks http://searchsecurity.techtarget.com/tip/IPv6-myths-Debunking-misconceptions-regarding-IPv6-security-features Most vendors and ISPs won't talk about his -- IPv6 is a selling point -- but here's buried inside an AT&T white paper: http://www.webtorials.com/main/resource/papers/att/paper28/IPv6_impact_network.pdf "According to the National Institute of Standards and Technology (NIST): Prevention of unauthorized access to IPv6 networks will likely be more difficult in the early years of IPv6 deployments. IPv6 adds more components to be filtered than IPv4, such as extension headers, multicast addressing, and increased use of ICMP. These extended capabilities of IPv6, as well as the possibility of an IPv6 host having a number of global IPv6 addresses, potentially provides an environment that will make network-level access easier for attackers due to improper deployment of IPv6 access controls. Moreover, security related tools and accepted best practices have been slow to accommodate IPv6. Either these items do not exist or have not been stress tested in an IPv6 environment" For more techinical content, you can visit http://www.gont.com.ar/ which is Fernando Gont home page (author of some IETF RFCs), and see theslides at http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf How is your firewall set up? That's not the question. I am an experienced sysadmin and networking expert, I know where to search for information and what to look for. But today most computer users, not just Fedora users, do not have this expertise and won't spend enough time researching. They expect to get minimally secure default from vendors and open source projects. something most DO NOT provide currenty, regarding IPv6. :-( The fact is: today, even most experienced network admins do not know enough about IPv6 security. Most ones I talked to still believe "IPv6 is more secure by design" which it isn't. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi Chris, The best practices have largely been agreed to (as much as any best practices ever are). IPv6 is as mature as it can get until a billion end-users get on it. Large ISPs around the world have rolled it out in production. Major OSes support it out-of-the-box. If you don't even try to understand it, you are being left behind already. IPv6 has alot of "under the carpet" issues because vendors fear too much discussion about this will delay large-scale use even more. Every sane person agree the world needs to move to IPv6, but IMHO this is not being done in the most responsible manner. I propose we let the billion dollars companies do the hard work, but at the same protect SMBs from IPv6. The Fedora Project could do their part by disabling IPv6 by default. Please see my message providing links about IPv6 security threats, including recent slides (this year!) from IETF members. I do my homework before making statements on the net. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, Tim: If manufacturers and software programmers don't pull their fingers out, we'll be faced with even more ISPs subjecting their clients to NAT. Fernando Lozano: Would this be so bad? Most people at work have been working using NAT for years. NAT increases security. Most internet users don't need to run servers. Yes it would. NAT doesn't really increase security. It gives the illusion of doing so, because it usually breaks networking, but not always (just one reason why you shouldn't pretend it's a firewall). IMHO globaly-addressable client devices increase security risks. NAT make some things more complicated, but I'd rather improve NAT technologies and application protocols to work with then. Many experts argue in favor of NAT even for IPv6 networks, see for example: http://searchenterprisewan.techtarget.com/tip/Why-IPv6-wont-rid-the-Internet-of-Network-Address-Translation Users do things that act like servers, and require connections to get through to them. IMHO they shouldn't. End users will never know enough to implement proper network security. Cloud services would provide better alternatives to most "server-like" things users would want to do, with cheap and free options. Just a few things that become nightmarish with NAT: Using some FTP servers. It's a protocol broken by design, with connection call-back connections. I'd eliminate FTP altogether. Sending files through instant messenger clients. Put Dropbox, Google Drive or the like suppport in IM clients. Push for a standard REST API for this kind of services, so IM developers don't have to write code for a myriad different services. Voice over IP. Improve VoIP protocols. Most VoIP users will anyway depend on centralized servers for realiability (like Skype supernodes), presence, authentication, or interoperability with POTS and cell services. Using any type of peer-to-peer software. IMHO peer-to-peer in general is a boken concept. It's nice for experimentation, good for politics (you won't depend on a big corporation) but increases network security risk. There are technical alternatives to peer-to-peer designs that IMHO lend to better security and QoS. On the political side, standards and ONGs should prevent dominance by big corporations. Cloud VPN services would allow end-users to get connections to their home machines if they want, at the same without exposing them to scans and attacks from the whole Internet. I'd focus on improving those offering. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedup from 17 -> 19 okay?
Me also, except for the Java issue (which is easy to fix using alternatives). If anyone is interested, it worked fine. On Thu, Jul 11, 2013 at 1:59 PM, Robert Arkiletian wrote: Can I skip 18 and upgrade from 17 to 19 with fedup? Has anyone tried this with success or failure? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [Samba] About NAS versus Samba
Hi Andrew, I work on a NAS product myself, and at this vendor and my previous vendor Samba 4.0 as an AD DC was all I ever needed to use to test the AD integration features of the NAS. Thanks, Andrew Bartlett Please tell me which product this is, so I can contact the local reseller. :-) You can send me in pvt if you think it would not be ethical to advertise your employee on the list. Sales people here (and their "technical" consultants) don't know / don't care about Samba. Every time I ask about samba compatibility they try to sell me Windows and VmWare licenses. They even lie trying to make my employee buy those licenses and ditch Linux altogether. I am only saved because of some previous incidents where I told my boss "either they are lying or they don't know", showing technical references from vendors themselves and standards bodies, but was overruled. Later my boss found I was right the had way: products didn't worked as expected, company lost money. Most non-IT people, even many IT people, wrongly believe the vendor people should be the better experts and so any conflict of opinion they should be right. When it fails, the IT manager or the business area manager hide it, so they don't take blame for the wrong decision consequences. :-( If I someone tell me "this product works" I can by knowing if something bad happens it's something I can solve. Sometimes the management interface for a product won't let you do things the embebed software could do, so I don't want to risk a product without someone telling me "this one worked for me". []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, NAT is a fact today, has been for years, and people have been using Bittorrent and Skype regardless. And sometimes they (and other applications) don't work, because of things like layered NAT. Fix NAT issues instead of ditch it altogether. For home users and SMBs, NAT is something that was taken care of. IPv6 is a whole new bunch of risks. I am not against IPv6 per se. I am against wide use of IPv6 right now. Let it mature. How will it "mature" if nobody tries it? Fedora is a leading-edge operating system, and full IPv6 support is part of that. Fedora servers many different kinds of users, some of then are not network people and would be hurt by current IPv6 problems. The network people can enable IPv6, other should't have to disable it. That's the same principle as don't let TCP ports open by default on iptables. As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which adds layers of NAT that break things like P2P applications and IPSec. I'll happily trade IPSec for OpenVPN. ;-) That's nice, but in the real world, users have to connect to VPNs configured by others (and many businesses need hardware VPN concentrators, which OpenVPN won't work with). In the real world, ISPs should fix their Carrier Grande NAT. There are lots of ways wrong network configs can 0impact apps. To just use the network they need only IPv4. That is not true in some places (and the number of such places is increasing all the time). Defaults should focus most users, not the exceptions. When most users need IPv6, it's ok to have it enabled by default. Plese note I ain't proposing removing IPv6 support from the Fedora Linux Kernel. I'm just proposing the default network configurations should have IPv6 disabled, and those who want to use it should have to take action (just click a checkbox) to enable. They don't need the security risks that current IPv6 implementation and default configurations adds. Today, IPv6 is far from "just works". You are advocating using all end users as guiena pigs for IPv6 evolution. I advocate evolving IPv6 before exposing end users to ti. You are several years behind the curve on IPv6. You keep talking about IPv6 security risks (over IPv4), but haven't cited any. Please see my other message about them, won't repeat the links here. You could just google "IPv6 security risks" to see articles from the current year about then. And follow IETF RFCs to see how many proposals about them are in Draft and not implement by most products yet. PLease don't assume people who disagree with you no clue what they are talking about. IPv6 does "just work" in many places; there are a lot of people that are using IPv6 and don't even know it And those are exposed to the security risks. We haven't see a high-profile (media coverage) IPv6 attach yet just because so few peple actually use it that it's not very attractive to hackers. But as ISPs move on implements proper IPv6 support (without tunnels internally) those ISP users are becoming so vulnerable. Whether you like it or not, IPv6 is here today and is here to stay. There is no practical alternative. Will there be bugs? Yes, of course; people are still finding IPv4 bugs as well. Will tell again: I'm bot against IPv6 per se. I agree it has to be deployed. But I can't agree using end users and SMBs as guinea pigs, waiting to see how hackers use it to create new attacks. Let the big companies work this before giving IPv6 enabled by default in Fedora, Windows, Mac and other OSes. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi Chris, [As I changed the subject, let me clear: IPv6 still compiled in the kernel. Just the network interfaces configs that should come with IPv6 disabled by default, if the user wants it should be easy to enable] Once upon a time, Fernando Lozano said: IPv6 has alot of "under the carpet" issues because vendors fear too much discussion about this will delay large-scale use even more. Again: citation needed. Without any actual issues sited, you are just spreading FUD. Works both ways. You can't claim I'm just spreading FUD withou evidence to corroborate your claim. Anyway I've alread sent to the list evidence that the IPv6 security issues are real. As for "vendors fear too much discussion" it's really my personal interpretation of their silence, fell free to disagree. But please don't deny anymore there are IPv6 security issues, this is a hard fact. I propose we let the billion dollars companies do the hard work, but at the same protect SMBs from IPv6. The Fedora Project could do their part by disabling IPv6 by default. Again, you are years too late. Fedora would be greatly regressing (and falling far behind mainstream OSes) by disabling IPv6. Fedora should take the lead and be more responsible to their users. It would be an improvement, not a regression. Please see my message providing links about IPv6 security threats, including recent slides (this year!) from IETF members. I do my homework before making statements on the net. I took a look at a couple, but just saw more FUD and stopped. Fell free to ignore reallity when it doesn't agree with your personal opinion. But be warned reallity will hurt you anyway. Or will you tell me that IETF people don't know what they are talking about? See for example: http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard-implementation-07 http://tools.ietf.org/html/draft-gont-6man-flowlabel-security-03 http://tools.ietf.org/html/draft-ietf-6man-nd-extension-headers-05 Papers from them, and even very recent RFCs on the security issues, can be foud if you take the time to follow my links and the links contained in them. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, I took me time to recover this one, another more techinical content about IPv6 security: http://w3.antd.nist.gov/iip_pubs/Montgomery-ipv6-security-findings.doc []s, Fernando Lozano Hi, You keep talking about IPv6 security risks (over IPv4), but haven't cited any. While I don't know of security risks of IPv6, itself, there is this: If you follow IPv6 on the net you should have found lots of articles about this, and how it affects specially home users and SMBs. Here are some introductory links: http://thepcsecurity.com/ipv6-security-issues-concerns-transition/ http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks http://searchsecurity.techtarget.com/tip/IPv6-myths-Debunking-misconceptions-regarding-IPv6-security-features Most vendors and ISPs won't talk about his -- IPv6 is a selling point -- but here's buried inside an AT&T white paper: http://www.webtorials.com/main/resource/papers/att/paper28/IPv6_impact_network.pdf "According to the National Institute of Standards and Technology (NIST): Prevention of unauthorized access to IPv6 networks will likely be more difficult in the early years of IPv6 deployments. IPv6 adds more components to be filtered than IPv4, such as extension headers, multicast addressing, and increased use of ICMP. These extended capabilities of IPv6, as well as the possibility of an IPv6 host having a number of global IPv6 addresses, potentially provides an environment that will make network-level access easier for attackers due to improper deployment of IPv6 access controls. Moreover, security related tools and accepted best practices have been slow to accommodate IPv6. Either these items do not exist or have not been stress tested in an IPv6 environment" For more techinical content, you can visit http://www.gont.com.ar/ which is Fernando Gont home page (author of some IETF RFCs), and see theslides at http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf How is your firewall set up? That's not the question. I am an experienced sysadmin and networking expert, I know where to search for information and what to look for. But today most computer users, not just Fedora users, do not have this expertise and won't spend enough time researching. They expect to get minimally secure default from vendors and open source projects. something most DO NOT provide currenty, regarding IPv6. :-( The fact is: today, even most experienced network admins do not know enough about IPv6 security. Most ones I talked to still believe "IPv6 is more secure by design" which it isn't. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv4/6 disabled by default [was: Re: Disabling ipv6]
Hi, If you got scared, why not keep the entire network down? If you want it, sure you can enable it ;-) By your reasoning, Fedora doesn't need to provide secure installation defaults. Anyone could craft their own iptables rules and selinux policies if they feed a need for better security. And by the way, why having trouble provinding services pre-packaged using chroot? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi, [As I changed the subject, let me clear: IPv6 still compiled in the kernel. Just the network interfaces configs that should come with IPv6 disabled by default, if the user wants it should be easy to enable] exactly *that* is my point it is ridiculous that i bave a clearly static ipv4 config using network.service as well as "ipv6disable=1" as kernel param and on a F19 machine with 3.10.0-1.fc20.x86_64 eth0 comes up with "inet6 fe80::20c:29ff:fe30:82b9" this is not a matter of ipv6 security / yes / no / don't know it is a matter of if ipv6 would make sense for the network and would enable and *properly* configure it but this is not the case because the gateway is for sure not ipv6 capable i do not need to see any ip-address (ipv4 or ipv6) on a statically interface which was not explicitly configured Having a smarter ifconfig / ip tool or ethernet device driver would be a way to implement my proposal. But, by the IPv6 RTFs, just having IPv6 enabled means there is an IPv6 address for that interface. IPv6 provides local auto-configuration for network intefaces, without DHCP or any other infrastrucure being present. That's one thing that creates security risks: you don't know you could be reached by that address. So, ifconfig or ip or whatever would have to disable IPv6 for any interface that does not having an explicit IPv6 address. I'd think it would be easier to have the default eth*-cfg files and Network Manager disable IPv6 unless the user tells them to enable. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, hence it would be enough if "ifup" would respect the configuration i can not see "just having IPv6 enabled means there is an IPv6 address" below - where is there ipv6 enabled? there is even a "IPV6INIT=no" I have overlooked that. I'm not a Fedora developer, have to check if IPV6INIT means what me and you think it means, but I guess this is a bug. Have you checked https://bugzilla.redhat.com/show_bug.cgi?id=982740 ? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi, >> Perhaps Fedora is the wrong distribution for you. >> >> The whole idea behind Fedora is for it to be an "engineering proving >> ground" where new technologies (like IPv6) are rolled out for real world >> use. Not all Fedora users work in the networking fields. Many are developers who doesn't care about networking. Even most web, client-server and mobile developers are not close to being security experts and would configure a very insecure system if left by thenselves. This does not exclude them from being superb C, Java, PHP, Python, etc developers. I don't think it's a good policy to exclude some users because of others. And I don't thing people are understanding how real and serious are current IPv6 vulnerabilities. Biut I ask: would it be so hard for networking people to click once on anaconda or Network Manager to enable IPv6 if? I think it's harder for non-networking people to understand they should disable IPv6 else know how to configure IPv6 in a secure way. >> the main problem is not be able to *disable* it if >> you know what you are doing and know why therese >> is no need for ipv6 in your environment >> https://bugzilla.redhat.com/show_bug.cgi?id=982740 IMHO those are two distinct issue, although related: 1. Users should be able to disable IPv6. Today they can't and this is a bug that hopefully will be solved soon. I think no one ever intended IPv6 to be mandatory. ;-) 2. The secure installation default should be IPv6 disabled. That's my proposal. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Disabling ipv6
Hi, >> Have you checked https://bugzilla.redhat.com/show_bug.cgi?id=982740? > yes i have "NETWORKING_IPV6=no" since virtually forever > in "/etc/sysconfig/network" as well as "IPV6INIT=false" > in the interface configurations > > this was most time ignored I wasn't aware this bug was so serious. Please add your findings to the bug, so Fedora developers can test all scenarios when releasing a fix. > since this also does not work in recent environments my simple > question by starting the thread was "which magic is now the best" > and i was *not* interested in evangelists explaining how > superiour ipv6 is as answer because it is *off-topic* for networks > behind gateways which are not ipv6 capable and opens only *security > problems* in LAN environments > > you need not a security hole in the protocl - the simple presence of > it is one in environments where it is not needed is a security > problem and violates best practices "disable anything which is > not actively used" - period That's the reason I proposed IPv6 disabled by default. Sorry for mixing it up with your question. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi joe, > On 07/12/2013 02:17 PM, Fernando Lozano wrote: >> 1. Users should be able to disable IPv6. Today they can't and this is a >> bug that hopefully will be solved soon. I think no one ever intended >> IPv6 to be mandatory. ;-) > > Actually, they can, but they have to take the time to configure the > connection instead of just accepting the defaults. When you use > Network Manager, if you edit the connection there's a tab for IPv6 and > you can set it to Ignore, as I have. Easy, simple, clear, but as I > said, you have to look for it. Should Ignore be the default? I don't > know, honestly. If you see the bug cited earlier current Fedora (19) has a bug where settings to disable IPv6 are ignored. But IMHO that's a different question, a simple bug that can (will) be fixed. IMHO "have to look" should not be required by most users. IPv6 today serves networing people. Fedora is not only for networking people, and I from my experience most Fedora users are not networking people. Do we have data about Fedora user demographics? []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi, > On 12.07.2013 18:44, Fernando Lozano wrote: > … >> So, ifconfig or ip or whatever would have to disable IPv6 for any >> interface that does not having an explicit IPv6 address. I'd think it >> would be easier to have the default eth*-cfg files and Network Manager >> disable IPv6 unless the user tells them to enable. > Looks like you're reading a lot of documents, so it wouldn't be bad to > also read these[1] quite simple guidelines. > Take into consideration that some of distro binaries are built with an > IPv6 on mind. > > [1] https://www.kernel.org/doc/Documentation/networking/ipv6.txt Your "guidelines" are none at all. Those are docs for a kernel module, their options. Important docs, but just "command reference", not guidelines. Unfortunately those module options are currently not being honored (bug already opened). Changing those defaults (specifically, disabled=1 being the new default) would be a way to implement what I propose. But I guess it would not be easy for NetworkManager to change this and reload ipv6 module. Maybe I'm wrong abou that. About binaries requiring ipv6, that's like expecting a package that needs a database to create the database as part of its install. Most ones I tried won't -- they will depend on the database client package, but will need the user/sysadmin to setup the database before starting the software included on the package. IPv6 disabled would be just like that: whoever installs something that requires IPv6 enabled would simply have to enable it. Defaults should suit most users. Not a minority that requires IPv6 enabled and how how to manage it. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi, >> Unfortunately those module options are currently not being honored (bug >> already opened). > What is written in the 'ipv6.txt' certainly works. Have you tried? Because there are other people on the list claiming it isn't working. >> About binaries requiring ipv6, that's like expecting a package that >> needs a database to create the database as part of its install. Most >> ones I tried won't -- they will depend on the database client package, >> but will need the user/sysadmin to setup the database before starting >> the software included on the package. IPv6 disabled would be just like >> that: whoever installs something that requires IPv6 enabled would simply >> have to enable it. > The whole thing about the choice of version isn't simple at all. Choosing between IPv4 and IPv6 is not like choosing PostgreSQL 8 or 9. It's like choosing MySQL or PostgreSQL. Different software, that require different configuration before any app can use them. I was making the analogy that a PostgreSQL app may install ok from RPM but require the sysadmin to configure the database (creating users, schema, importing initial data). So requiring a sysadmin to setup IPv6 (like enabling it for a network card) would be similar. Disabling IPv6 by default would not make it harder IMHO to install binaries that require IPv6. >> Defaults should suit most users. Not a minority that requires IPv6 >> enabled and how how to manage it. > Are you a representative of the majority of users? :) Of course not. :-) I can only talk about the ones I know and see if my sample is similar to others on the list. > BTW, I recommend this issue to present to 'fedora-devel', otherwise > people will take all of this as a good joke. :) If people on the users list don't agree with me, there's no point submiting to developers. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Hi, > > i disagree also that it should be default disabled > > *but* it should be disabled if you are on a network > > with only a DHCP4 server and no DHCP6 or if you > > have a static configuration without ipv6 > > > > currently you get a link-local address > > > > This is by design. And with ipv6 incoming (big in Asia and basis ISPs > are beginning to enabled it now for home users in the US such as > Comcast. Windows will work out of the box. MacOSX will work out of the > box. Fedora (or Ubuntu etc) also need to work out of the box. > I don't think anything is the "right thing" just because Windows and MacOS will do. In this specific case, my optinion is that they shouln't, the same way Fedora shouldnt'. If sometone needs IPv6 working out-of-the-box, it could be a check box on anaconda. > > > IPv6 is designed to be autoconfiguring > > > > and *that* is a problem inside a ipv4 only LAN > > > > Not if you are sane with your policies as an admin anyway. > Cannot hope that with most home LANS and SMBs. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Etiquette and changing of threads
Hi Reindl, > first: my intention is *not* to start another epic thread > > since i am always the unholy prick here after i lose patience > maybe others should also reconsider *not* hijacking threads by Thanks for clarification. Changing the subject (and keeping the original one with a [Re:]) is standard procedures in many mailing lists, I didn't know it was not accepted here. My apologies. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
ZoneMinder and ffmpeg
Hi there, I have a desktop machine running Fedora 17 and a DVR card connected to six surveilance cameras, managed by ZoneMinder. I use the package from Fedora Project, it works veru well, but I miss the ability to store videos envoded as mpeg or some other format that uses less disk space. Because the zoneminder package for Fedora will store only JPEG files, it uses up too much disk space and I can store only a a couple days. I was wondering if upgrading to Fedora 19 to get the latest package would improve this. I found nothing on the change log about this issue, which AFAIK is related to the ffmpeg release used by Fedora. Can anyone tell me if now ZoneMinder from Fedora can store encoded video instead of individual jpeg frames? If not, I won't take the effort to upgrade the machine right now. []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
