Re: [gentoo-user] Internet security.

On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky wrote: > The CA infrastructure was never secure. It exists to transfer money away > from website owners and into the bank accounts of the CAs and browser > makers. Security may be one of their goals, but it's certainly not the > motivating one. > W

Re: [gentoo-user] Internet security.

There's a lot FUD out there and equally there is some truth. the NSA "we can decrypt everything" statement was really very vague, and can easily be done if you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the level of security to something that is crackable. for 'compatibi

[gentoo-user] FlashPlayer crashes in FireFox

As of lately (I can not really remember since when) FlashPlayer has stopped working in FireFox. I'm running an "stable" AMD64 system with FireFox (www-client/firefox-17.0.8), FlasPlayer (www-plugins/adobe-flash-11.2.202.297) and NS-Plugin-Wraper (www-plugins/nspluginwrapper-1.4.4-r3). If I emerge

Re: [gentoo-user] re: can't find /boot/grub/grub.conf after kernel upgrade [3.10.7]

On Sat, Sep 07, 2013 at 09:53:28PM +0300, Alexander Kapshuk wrote: > > Based on the 'dmesg' output below, EXT2-fs attempted to mount the '/' > partition instead of the '/boot' one. > > box0 ~ # dmesg|grep 'EXT.*fs' > [2.444214] EXT2-fs (sda3): error: couldn't mount because of > unsupported opt

Re: [gentoo-user] GRE link state detection

asking the same question on the bird mailing list, was recommended some values to make bird down the GRE tunnels faster. multiple tunnels are required due to the very unreliable internet, so one tunnel goes over one dsl link, another goes over another. DPD timeouts are 30seconds minimum, which is t

Re: [gentoo-user] Internet security.

On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: > There's a lot FUD out there and equally there is some truth. the NSA > "we can decrypt everything" statement was really very vague, and can > easily be done if you have a lot of taps (ala PRISM) and start doing > mitm attacks to reduce t

Re: [gentoo-user] Internet security.

> When a top-post is that long did you read it before noticing? > > Well, if you opened this email, "All ur base r belong to us!" :$ oops, was more focussed on my rant than the etiquette

Re: [gentoo-user] re: can't find /boot/grub/grub.conf after kernel upgrade [3.10.7]

2013/9/9 Hinnerk van Bruinehsen > On Sat, Sep 07, 2013 at 09:53:28PM +0300, Alexander Kapshuk wrote: > > > > Based on the 'dmesg' output below, EXT2-fs attempted to mount the '/' > > partition instead of the '/boot' one. > > > > box0 ~ # dmesg|grep 'EXT.*fs' > > [2.444214] EXT2-fs (sda3): er

Re: [gentoo-user] Internet security.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 01:28 AM, Mick wrote: > > Are you saying that 2048 RSA keys are no good anymore? > They're probably fine, but when you're making them yourself, the extra bits are free. I would assume that the NSA can crack 1024-bit RSA[1], so why not

[gentoo-user] Portage 2.2.1 stabilized?

Wow... just noticed an update is available which, for me, means it has been stabilized (at least on amd64)... You'd think this would rate a news item and/or other major announcement, considering how long it has taken to get here... Anyway, really glad to see this happen, and thanks to the dev

Re: [gentoo-user] Internet security.

On 09/09/2013 02:50 AM, Adam Carter wrote: > [2] > > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php > . > > > I like to state some of what you say here as "website certificates are > only as trusted as the LEAST trustworthy CA in the trusted certificat

Re: [gentoo-user] Internet security.

On 09/09/2013 03:19 AM, Pavel Volkov wrote: > On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky > wrote: > > The CA infrastructure was never secure. It exists to transfer money away > from website owners and into the bank accounts of the CAs and browser > m

Re: [gentoo-user] Internet security.

On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: > There's a lot FUD out there and equally there is some truth.  the NSA "we can > decrypt everything" statement was really very vague, and can easily be done if > you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the

Re: [gentoo-user] Portage 2.2.1 stabilized?

On 9 September 2013 09:44, Tanstaafl wrote: > Wow... just noticed an update is available which, for me, means it has > been stabilized (at least on amd64)... > > You'd think this would rate a news item and/or other major announcement, > considering how long it has taken to get here... > > Anyway,

Re: [gentoo-user] Internet security.

On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: > >> i read in slashdot that there is a question mark over SELinux because it > >> came > >> from the NSA [4] but this is nonsense, as it is a means of securing > >> processes > >> not network connections. i find it difficult to believe

Re: [gentoo-user] Internet security.

>> i read in slashdot that there is a question mark over SELinux because it came >> from the NSA [4] but this is nonsense, as it is a means of securing processes >> not network connections. i find it difficult to believe that a backdoor in a >> locked cupboard in your house can somehow give access

Re: [gentoo-user] Internet security.

Dale wrote: > Someone found this and sent it to me. > > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html > > > SNIP > > Am I right on this, wrong or somewhere in the middle? > > Dale > > :-) :-) > I got this in my email today. https:

[gentoo-user] To be an update or not to be an update...

Hi, I submitted this command: eix-sync ; emerge --color=n --newuse --update --tree --deep world --keep-going -va and got (beside a lot other lines) this as result: Writing database file /var/cache/eix/portage.eix .. Database contains 16797 packages in 159 categories. * Calling eix-

Re: [gentoo-user] To be an update or not to be an update...

On Mon, Sep 09, 2013 at 06:01:26PM +0200, meino.cra...@gmx.de wrote: > > Hi, > > I submitted this command: > eix-sync ; emerge --color=n --newuse --update --tree --deep world > --keep-going -va > > and got (beside a lot other lines) this as result: > > Writing database file /var/cache/eix/port

Re: [gentoo-user] Internet security.

On 09/09/2013 05:04 PM, Hinnerk van Bruinehsen wrote: > On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: >> >> Interesting, I didn't realise LSM provisioned hooks for SELinux - >> thought it it was more modular (and less 'shoehorned') than that. >> I need to go read about that some more

Re: [gentoo-user] Internet security.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 01:36 PM, Pavel Volkov wrote: > > I noticed there's another GLEP which eliminates the mirror problem: > http://www.gentoo.org/proj/en/glep/glep-0058.html > > It's marked as accepted. I hope they'll implement it in reasonable > time. >

Re: [gentoo-user] Internet security.

On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: > On 09/09/2013 01:28 AM, Mick wrote: > > Are you saying that 2048 RSA keys are no good anymore? > > They're probably fine, but when you're making them yourself, the extra > bits are free. I would assume that the NSA can crack 1024-bit RSA[1],

Re: [gentoo-user] creating an image of the system

On 08:30 Mon 09 Sep , Michael Hampicke wrote: > Am 08.09.2013 20:51, schrieb Benjamin Block: > > Hej folks, > > > > I wonder what is a good way to create an image of a gentoo-system, so > > that one can apply it later to the same or other computers. > > > > In my case it is a rather simple se

Re: [gentoo-user] why does revdep-rebuild object to mounting /var on /mnt/var ?

On Mon, Sep 9, 2013 at 1:51 PM, wrote: > I use lvm and use it for /var. > In fstab I have > /dev/vg/var /mnt/var ext4 defaults 0 2 > I also have > lrwxrwxrwx 1 root root 7 Aug 31 16:13 /var -> mnt/var > > (Similar setup for /tmp and /opt) > > This has worked ok but revdep-rebuild is not h

[gentoo-user] why does revdep-rebuild object to mounting /var on /mnt/var ?

I use lvm and use it for /var. In fstab I have /dev/vg/var /mnt/var ext4 defaults 0 2 I also have lrwxrwxrwx 1 root root 7 Aug 31 16:13 /var -> mnt/var (Similar setup for /tmp and /opt) This has worked ok but revdep-rebuild is not happy root@E6510 cache # revdep-rebuild * Configuring se

Re: [gentoo-user] creating an image of the system

On 17:07 Sun 08 Sep , Dale wrote: > Mick wrote: > > On Sunday 08 Sep 2013 19:51:25 Benjamin Block wrote: > >> Hej folks, > >> > >> I wonder what is a good way to create an image of a gentoo-system, so > >> that one can apply it later to the same or other computers. > >> > >> In my case it is a

Re: [gentoo-user] GRE link state detection

On Monday 09 Sep 2013 11:12:47 thegeezer wrote: > asking the same question on the bird mailing list, was recommended some > values to make bird down the GRE tunnels faster. > multiple tunnels are required due to the very unreliable internet, so > one tunnel goes over one dsl link, another goes over

Re: [gentoo-user] creating an image of the system

Am 09.09.2013 21:05, schrieb Benjamin Block: > On 08:30 Mon 09 Sep , Michael Hampicke wrote: >> Am 08.09.2013 20:51, schrieb Benjamin Block: >>> Hej folks, >>> >>> I wonder what is a good way to create an image of a gentoo-system, so >>> that one can apply it later to the same or other computer

Re: [gentoo-user] Internet security.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 02:07 PM, Mick wrote: > On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: >> On 09/09/2013 01:28 AM, Mick wrote: >>> Are you saying that 2048 RSA keys are no good anymore? >> >> They're probably fine, but when you're making them you

Re: [gentoo-user] creating an image of the system

Michael Hampicke wrote: > Am 09.09.2013 21:05, schrieb Benjamin Block: >> On 08:30 Mon 09 Sep , Michael Hampicke wrote: >>> Am 08.09.2013 20:51, schrieb Benjamin Block: Hej folks, I wonder what is a good way to create an image of a gentoo-system, so that one can apply it lat

Re: [gentoo-user] Internet security.

On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: > No. There's a GLEP for some of these issues: > > https://www.gentoo.org/proj/en/glep/glep-0057.html > > The relevant part is, > > ...any non-Gentoo controlled rsync mirror can modify executable code; > as much of this code is p

Re: [gentoo-user] creating an image of the system

Benjamin Block wrote: > On 17:07 Sun 08 Sep , Dale wrote: >> >> http://www.gentoo-wiki.info/HOWTO_Custom_Stage4 >> >> http://wiki.gentoo.org/wiki/Backup >> >> One of those should help. If not, Google for "Gentoo starge4" without >> the quotes of course. >> > ok, thank you both for pointing out

Re: [gentoo-user] why does revdep-rebuild object to mounting /var on /mnt/var ?

On Mon, Sep 09 2013, Canek Peláez Valdés wrote: > On Mon, Sep 9, 2013 at 1:51 PM, wrote: >> In fstab I have >> /dev/vg/var /mnt/var ext4 defaults 0 2 >> I also have >> lrwxrwxrwx 1 root root 7 Aug 31 16:13 /var -> mnt/var >> >> This has worked ok but revdep-rebuild is not happy > > I thi

Re: [gentoo-user] why does revdep-rebuild object to mounting /var on /mnt/var ?

On 10/09/2013 00:26, gottl...@nyu.edu wrote: > On Mon, Sep 09 2013, Canek Peláez Valdés wrote: > >> On Mon, Sep 9, 2013 at 1:51 PM, wrote: >>> In fstab I have >>> /dev/vg/var /mnt/var ext4 defaults 0 2 >>> I also have >>> lrwxrwxrwx 1 root root 7 Aug 31 16:13 /var -> mnt/var >>> >>> This

Re: [gentoo-user] Internet security.

On Monday 09 Sep 2013 20:24:56 Michael Orlitzky wrote: > On 09/09/2013 02:07 PM, Mick wrote: > > On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: > >> On 09/09/2013 01:28 AM, Mick wrote: > >>> Are you saying that 2048 RSA keys are no good anymore? > >> > >> They're probably fine, but when yo