redhat.com · Domains · Slashdot Mirror

Re:Computers have some solution right? by NeoMorphy · 2015-10-30 03:47 · Score: 1 · on Leap Second May Be On the Chopping Block (ieee.org)

The problem isn't the system, it is the software and databases that require millisecond accuracy.

There have been issues with the kernel in the past.

https://rhn.redhat.com/errata/...

The problem I saw was a lot of servers suddenly increased their cpu usage.To clear it you had to set the time to the current time(date -s "`date`").

Re:Seems to me by short · 2015-10-16 06:36 · Score: 3, Informative · on Report: Red Hat Buying DevOps Startup Ansible (venturebeat.com)

Red Hat Satellite is open source - Spacewalk.

Re:Seems to me by short · 2015-10-16 06:36 · Score: 3, Informative · on Report: Red Hat Buying DevOps Startup Ansible (venturebeat.com)

Red Hat Satellite is open source - Spacewalk.

Re:Seems to me by Penguinisto · 2015-10-16 01:55 · Score: 1 · on Report: Red Hat Buying DevOps Startup Ansible (venturebeat.com)

that Red Hat is controlling or attempting to control the direction of Linux subtly and not so subtly. Where Red Hat goes, so goes Linux in many ways.

Not exactly seeing folks cast off VMWare for RHEV - and they've had that for awhile now. ;)

It'll be interesting to see what they do with Ansible; I just hope they don't bork it up. I use Puppet mostly everywhere I've been (with one exception that had Chef, but I live in PDX so your mileage may vary), but Ansible does get used here and there, and seems pretty solid.

Maybe it'll be an impetus for Puppetlabs to step up its game (like that C-compiled variant they've been working on that runs hella faster, for starters.)

Re:But the real question is... by caseih · 2015-10-14 03:01 · Score: 1 · on Fedora 23 Final May Release As Planned On October 27

Umm, no. The problem has nothing to do with graphics, really, or how Gnome 3 is written. It appears to be an issue with PAM and session management when launching the desktop inside of Xvnc. https://bugzilla.redhat.com/sh... . As to why it's been broken for so long, I don't know. And it appears to still be broken, though there are some config files you can edit that seem to make it work. I imagine not many people remote over VNC. And no idea if Gnome3 works over X2Go but I would think it does.

Gnome 3's integral use of a compositor in no way makes Gnome badly written. And this "modern X just spams remote sessions with bitmaps" is pretty much how all toolkits work today. Built-in X widgets were obsolete over 20 years ago. X hasn't been very usable over ssh on anything but a LAN for as long as I've used Linux. I think the last app that I could remote over a modem link was an ancient version of XEmacs. Kind of fun. Of course X2Go can remote modern apps at a pretty usable and respectable speed by eliminating server round-trips and compressing the bitmap stream. Makes X apps as usable over a slow connection as rdp does. Pretty impressive.

Re:Photoshop by swv3752 · 2015-09-08 07:00 · Score: 1 · on Ask Slashdot: What Windows-Only Apps Would You Most Like To See On Linux?

Apps aren't the blocking element for the switch to Linux. I've said it before and I'll say it again: it's the ability to recover relatively painlessly that is lacking in Linux. As for apps, there are hundreds of business specific ones (TimeMatters for the legal profession, Photoshop for graphic artists, Final Cut Studio for film makers, and so on) the open source alternatives for these are woefully lacking - most don't exist and if they do they are pale imitations of the originals (GIMP vs Photoshop... there's just no comparison). First and foremost, something like the MS KB system for errors with the OS rather than 3rd hand forum jockeying. Remote & trusted diagnostics/fixes that do not reset personal settings. Online anti-virus/malware/etc akin to Panda Software's old 'Active Scan' so that when stupid user syndrome hits it can be dealt with *without* having to lock my system down with every anti-whatever under the sun.

Once it's easy to recover, people like me will make sure the people around us switch and with userbase come the app developers.

CorelDraw (and the companion app) were really nice programs. There was even a version proted to Linux back in the day. Problem was, they were not Photoshop. Does not matter how good the program is, it does not have the UI of Photoshop so people complain.

You want a Vendor supplied knowledge base? You mean like http://rhn.redhat.com/ ? Satellite, Puppet, or Chef can all automate and remote administrate machines. I am not aware of remote scanning for Linux, but not really needed if you enable SElinux.

None of this is available for cheap home use. If you want cheap, go do a web search for a solution to your problem.

Re:launchd not as bad as systemd by exomondo · 2015-08-30 11:41 · Score: 1 · on A FreeBSD "Spork" With Touches of NeXT and OS X: NeXTBSD

If the goal of systemd creators is to slowly move users back to Windows, these are all capabilities that need to be eliminated. So UNIX/Linux users can't use them as reasons not to move.

Yes it's all a big conspiracy! Red Hat isn't actually a supporter of Linux, despite being one of the top contributors to the Linux kernel and creating and supporting client and server distributions of Linux systems from which most of their revenue is derived they are actually trying to destroy Linux and drive people to Windows so they can kill their own business and profitability!

Re:read the man page by devent · 2015-08-30 01:27 · Score: 2 · on Systemd Absorbs "su" Command Functionality

Wasn't the point that chroot is as good, and not better, as the normal Unix permission/groups security feature? So, basically, chroot doesn't and isn't designed to add any additional security besides the normal Unix permission/groups security.

This means using a chroot is not less secure, but it is not more secure either. If you have proper permissions configured on your system, you are no safer inside a chroot than relying on system permissions to keep a user in check.

https://securityblog.redhat.co...

Re:read the man page by Anonymous Coward · 2015-08-29 20:27 · Score: -1 · on Systemd Absorbs "su" Command Functionality

>> In short: I think chroot is plenty good for security

> Check man chroot. The authors of chroot say it's useless for security.

That's funny because "man chroot | grep -i security" returns nothing. Since it's a GNU tool, they document using info, but the info page also contains nothing related to what you state. Have you even read the documentation?

Breaking out of a properly setup chroot jail if you're not root is not possible, barring a kernel exploit. That's the idea behind it.

>> There aren't going to be any /dev, /proc, or other special filesystems

> Gonna be kind of tthough to have a ahell without a tty, aka /dev/*tty*
> So yeah, you need /dev. Can't launch a process, including /bin/ls, without /proc, so you're going to need proc.

This tells me you have no idea how process launching works and have never set up a chrooted daemon in your life. Set one up, you might learn something.

> > mounted noexec

> Noexec is basically a suggestion, not an enforement mechanism . Just run ld /path/to/executable. ld is the loader/lilinker for elf binaries. Without ld ,you can't
> run bash, or ls. With ld, noexec is ignored.

This was fixed ages ago. Unless your linux installation is older than ten years it won't work if you try it.

> My company does IT security for banks. Meaning we show the banks how they can be hacked. When I say chroot is not a security control, I'm not guessing.

One thing is sure: I wouldn't hire you.

You can start by reading some proper information. chroot is a good harderning feature. It has it's flaws, but they arent' what you think they are.

Re:Patched on 7/28 (CentOS) by unrtst · 2015-07-31 11:48 · Score: 3, Informative · on Critical BIND Denial-of-Service Flaw Could Take Down DNS Servers

FWIW, it seems CentOS 6 was not updated (though there is an SRPM from RHEL for it).
CentOS 5 and 7 both have the update. Example mirror:
http://mirror.atlanticmetro.ne...
http://mirror.atlanticmetro.ne...
http://mirror.atlanticmetro.ne...

I also checked the mirror status: http://mirror-status.centos.or...
And checked one that was JUST updated: http://mirror.millry.co/CentOS...
No update!!!

RHEL page on their 6.x update: https://rhn.redhat.com/errata/...

Re:Spoiler by Forever+Wondering · 2015-07-25 09:12 · Score: 1 · on The OpenSSH Bug That Wasn't

Okay, just answered my own question. I also had "ChallengeResponseAuthentication no" in my sshd_config. When I changed this to "yes", I was able to reproduce the bug. In the original article, I had done a /. post with a link to a redhat page explaining why they used "no" and it is because of keyboard interactive [which tracks CRA].

My original slashdot post, with additional security I use and the logging of script kiddies I've been doing for years: http://slashdot.org/comments.p...

The redhat page: https://access.redhat.com/solu...

Re:Few Hackers Smart Enough to Take Advantage of i by Forever+Wondering · 2015-07-22 11:57 · Score: 1 · on Bug Exposes OpenSSH Servers To Brute-Force Password Guessing Attacks

Your data correlates with mine and I've been logging for years [I have 450,000 log entries at present and I have a non-published IP address, not tied to any DNS, so my traffic will be lower--just so I can login to my desktop from Starbuck's using my laptop]. More on this logger and my security config below.

Apparently, the keyboard interactive problem has been known [by Redhat] since at least July 2013, see https://access.redhat.com/solu... and it sets ChallengeResponseAuthentication to "no" to specifically disable keyboard interactive.

I added a line to /etc/pam.d/xsshd with pam_exec.so so I could invoke a custom logger I wrote. I also have CRA set to "no" [I can't remember where I found this originally]. The logger also adds a random delay, to slow down the script kiddies. Although not required, I've patched sshd to post the real bad password to the logger. The default action is to use a standard junk one if the username is invalid [to prevent timing attacks]. Since I add a random delay, the pw obliteration isn't required.

I've also use /etc/security/access.conf [used by PAM] to allow password logins from the local console or virtual terminal, X11, and local LAN. All else is denied.

Thus, ssh can only use pubkey authentication, so even if a valid login/pw combo is presented, it will fail.

From what I've seen in the logs, it isn't just common/simple passwords that get tried. It becomes obvious that some systems have been hacked, the /etc/passwd and /etc/shadow files have been taken, and the passwords cracked offline [e.g. via rainbow tables, etc.]. They are now being replayed from a database of known/valid combos. I've seen certain user/pw combos from years ago that show up again recently. Not just a single combo, but an entire sequence of them in the same exact order.

This actually provides a signature of the attacker that can be tracked. It appears there is some black market for these databases as they're too specific to be just "let's come up with a list of most probable common passwords". They're hoping that person A (using password B) created a login on system C and the person reused the login/pw on other systems (e.g. D)

The [Chinese] script kiddies are getting dumber [or smarter]. My logger used to do random delay of up to 40 seconds. This slowed them down and because they can only attack so many systems in parallel, this helped the victim community at large. It also prevented them from trying thousands of passwords/second on my system [which they did by having hundreds of separate ssh sessions].

Eventually, the "replay" list gets exhausted and the attacker moves on [possibly showing up years later, sometimes from a different IP address]. But, lately, if the delay is over a certain amount, the request gets timed out by the attacker and they will repeat the same login/pw in an infinite loop. This prevents them from progressing through their list, but it also means they will never stop hammering my system [because the list never gets exhausted]. So, now, I've set the delay to a smaller value, that still delays, but doesn't trigger the infinite loop.

Re:So I guess that leaves Mac by Penguinisto · 2015-07-17 03:16 · Score: 1 · on Windows 10 Home Updates To Be Automatic and Mandatory

Until a Windows security update breaks your VM app. "DOS ain't done till..."

How on Earth would a Windows Update break ESXi? the vSphere server maybe, but that's only because VMWare's UI/Utilities dev teams are retarded. Then again, VMWare ain't the only game in town anymore, either.

Personally, I'd love to see Foreman chained onto a working Linux-only virtual solution and cut Microsoft out of the picture entirely... oh, wait...

Re:that's it...thanks by Anonymous Coward · 2015-06-30 05:12 · Score: 0 · on How IKEA Patched Shellshock

Is a video of the presentation available online? So far, I've only found the entry of the presentation in the agenda for the redhat summit.

Re: that's it...thanks by Anonymous Coward · 2015-06-30 02:29 · Score: 0 · on How IKEA Patched Shellshock

Close - but it's not that video, that one is (Joshua Bresser's presentation ), the article refers to Magnus Glantz & Mattias Haern's presentation.

Can't see their video in RedHat's list though.

Re: that's it...thanks by Anonymous Coward · 2015-06-30 02:29 · Score: 0 · on How IKEA Patched Shellshock

Close - but it's not that video, that one is (Joshua Bresser's presentation ), the article refers to Magnus Glantz & Mattias Haern's presentation.

Can't see their video in RedHat's list though.

Re:What problem is this solving? by Eunuchswear · 2015-06-13 19:39 · Score: 2, Insightful · on Ask Slashdot: Feature Requests For Epoch Init System 1.3.0?

He does not understand UNIX. stderr output should never be ignored, much less deleted

Here is a link to a bug report dealing with the stdout / stderr problem. If you read through it, you will find that the systemd folks are very responsive, and fully agree that the bug existed and quickly had a fix.

Amazing, a bug report that almost matches their paranoid fantasies.

High points:

1. stderr was lost because it was written to the terminal, just like it would have been with sysvinit -- someone had overriden the systemd default of logging to syslog.

2. someone else found another case where errors were being lost due to a misconfiguration of selinux, an all-pervasive system written by the NSA, something the paranoid anti-systemd trolls never seem to worry about, even when they try to claim systemd is a NSA plot.

I'm sorry that you lost customers relating to systemd, but if they switched to systemd, and the only failures they had were your code, then I have to ask why that is. If they had other failures in the conversion, and still insisted that you were the problem (enough to drop you as a service provider), then I would worry that there was some other agenda going on.

If, on the other hand, you were the one who switched to systemd, and managed to have unstable code make it to a client... Thats a whole other ball game.

I very much doubt he has any customers.

Re:Does it ignore nonzero exit statuses, syslog... by geoskd · 2015-06-13 15:39 · Score: 1 · on Ask Slashdot: Feature Requests For Epoch Init System 1.3.0?

It doesn't save stderr messages to the journal.

It most certainly does.

There have been several bugs that have cropped up from time to time relating to logging, but they get fixed as soon as they are found. The far more common problem is that by default the logging now goes through journald, and rather than rtfm, people often seem inclined to claim its broken rather than seek out the answers. You can find a good description for how to find the logs here

Re:What problem is this solving? by geoskd · 2015-06-13 15:22 · Score: 3, Interesting · on Ask Slashdot: Feature Requests For Epoch Init System 1.3.0?

He does not understand UNIX. stderr output should never be ignored, much less deleted

Here is a link to a bug report dealing with the stdout / stderr problem. If you read through it, you will find that the systemd folks are very responsive, and fully agree that the bug existed and quickly had a fix.

I'm sorry that you lost customers relating to systemd, but if they switched to systemd, and the only failures they had were your code, then I have to ask why that is. If they had other failures in the conversion, and still insisted that you were the problem (enough to drop you as a service provider), then I would worry that there was some other agenda going on.

If, on the other hand, you were the one who switched to systemd, and managed to have unstable code make it to a client... Thats a whole other ball game.

Re:Don't care by Anonymous Coward · 2015-06-08 15:16 · Score: 0 · on Debian GNU/Linux 8.1 (Jessie) Officially Released

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.

Who uses NFS anyways :P (over wifi!) If this is for a desktop machine, mount nfs through nautilus/gvfs

Plenty of people run media servers and clients over Wi-Fi because it's convenient - or they cannot run cables through walls because they don't own the place. Having a systemd machine unable to shutdown cleanly because it's using NFS over Wi-Fi is retarded.

Re:Don't care by buchner.johannes · 2015-06-08 05:15 · Score: 2 · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.

Who uses NFS anyways :P (over wifi!) If this is for a desktop machine, mount nfs through nautilus/gvfs

lack of non-ascii support

That is not a systemd bug (as discussed in the bug), but a problem in redhats packaging of components or initialisation scripts.

systemd is sending wrong audit event

Apparently a bug in libselinux, not in systemd. Anyways, hardly a show-stopper to have the wrong audit log entry.

System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

This is the only one that is probably a systemd bug, or at least requires the workaround implemented in systemd.

Re:Don't care by buchner.johannes · 2015-06-08 05:15 · Score: 2 · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.

Who uses NFS anyways :P (over wifi!) If this is for a desktop machine, mount nfs through nautilus/gvfs

lack of non-ascii support

That is not a systemd bug (as discussed in the bug), but a problem in redhats packaging of components or initialisation scripts.

systemd is sending wrong audit event

Apparently a bug in libselinux, not in systemd. Anyways, hardly a show-stopper to have the wrong audit log entry.

System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

This is the only one that is probably a systemd bug, or at least requires the workaround implemented in systemd.

Re:Don't care by buchner.johannes · 2015-06-08 05:15 · Score: 2 · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.

Who uses NFS anyways :P (over wifi!) If this is for a desktop machine, mount nfs through nautilus/gvfs

lack of non-ascii support

That is not a systemd bug (as discussed in the bug), but a problem in redhats packaging of components or initialisation scripts.

systemd is sending wrong audit event

Apparently a bug in libselinux, not in systemd. Anyways, hardly a show-stopper to have the wrong audit log entry.

System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

This is the only one that is probably a systemd bug, or at least requires the workaround implemented in systemd.

Re:Don't care by buchner.johannes · 2015-06-08 05:15 · Score: 2 · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.

Who uses NFS anyways :P (over wifi!) If this is for a desktop machine, mount nfs through nautilus/gvfs

lack of non-ascii support

That is not a systemd bug (as discussed in the bug), but a problem in redhats packaging of components or initialisation scripts.

systemd is sending wrong audit event

Apparently a bug in libselinux, not in systemd. Anyways, hardly a show-stopper to have the wrong audit log entry.

System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

This is the only one that is probably a systemd bug, or at least requires the workaround implemented in systemd.

Re:Don't care by 0100010001010011 · 2015-06-08 04:02 · Score: 3, Interesting · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.
lack of non-ascii support
systemd is sending wrong audit event
System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

I've switched over to FreeBSD for all non-Windows machines in my house. If you go through the supported hardware list and pick good hardware everything 'just works'. Everything I've tried out so far is "Do or do not, there is no try". If you find hardware with vendor FreeBSD support it's good support. (Intel GigE vs RealTek GigE).

Jails is all I need for 'visualization'. I don't need an entire new ESXi or Xen instance. My FreeNAS server has 8-10 Jails running everything from Nginx for web development to Transmission+OpenVPN for torrents.

ZFS is a great filesystem for root. When I had a PSU take out a motherboard and 1 hard drive I was able to toss the remaining good drive in a new computer and my whole system booted like nothing happened. Replaced the degraded device and didn't lose anything. My Windows machine kept crashing on boot and required some drivers.

Re:Don't care by 0100010001010011 · 2015-06-08 04:02 · Score: 3, Interesting · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.
lack of non-ascii support
systemd is sending wrong audit event
System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

I've switched over to FreeBSD for all non-Windows machines in my house. If you go through the supported hardware list and pick good hardware everything 'just works'. Everything I've tried out so far is "Do or do not, there is no try". If you find hardware with vendor FreeBSD support it's good support. (Intel GigE vs RealTek GigE).

Jails is all I need for 'visualization'. I don't need an entire new ESXi or Xen instance. My FreeNAS server has 8-10 Jails running everything from Nginx for web development to Transmission+OpenVPN for torrents.

ZFS is a great filesystem for root. When I had a PSU take out a motherboard and 1 hard drive I was able to toss the remaining good drive in a new computer and my whole system booted like nothing happened. Replaced the degraded device and didn't lose anything. My Windows machine kept crashing on boot and required some drivers.

Re:Don't care by 0100010001010011 · 2015-06-08 04:02 · Score: 3, Interesting · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.
lack of non-ascii support
systemd is sending wrong audit event
System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

I've switched over to FreeBSD for all non-Windows machines in my house. If you go through the supported hardware list and pick good hardware everything 'just works'. Everything I've tried out so far is "Do or do not, there is no try". If you find hardware with vendor FreeBSD support it's good support. (Intel GigE vs RealTek GigE).

Jails is all I need for 'visualization'. I don't need an entire new ESXi or Xen instance. My FreeNAS server has 8-10 Jails running everything from Nginx for web development to Transmission+OpenVPN for torrents.

ZFS is a great filesystem for root. When I had a PSU take out a motherboard and 1 hard drive I was able to toss the remaining good drive in a new computer and my whole system booted like nothing happened. Replaced the degraded device and didn't lose anything. My Windows machine kept crashing on boot and required some drivers.

Re:Don't care by 0100010001010011 · 2015-06-08 04:02 · Score: 3, Interesting · on Debian GNU/Linux 8.1 (Jessie) Officially Released

How many of those 'plenty of people' use their Linux machines for more than desktops?

There are some serious open 'show stopping' bugs in systemd for power users.

NFS umount race condition causes systemd hang during shutdown Caused when NFS is mounted over Wifi.
lack of non-ascii support
systemd is sending wrong audit event
System with Intel firmware RAID-1 does not mount /home on boot (udev/systemd race with mdadm issue)

I've switched over to FreeBSD for all non-Windows machines in my house. If you go through the supported hardware list and pick good hardware everything 'just works'. Everything I've tried out so far is "Do or do not, there is no try". If you find hardware with vendor FreeBSD support it's good support. (Intel GigE vs RealTek GigE).

Jails is all I need for 'visualization'. I don't need an entire new ESXi or Xen instance. My FreeNAS server has 8-10 Jails running everything from Nginx for web development to Transmission+OpenVPN for torrents.

ZFS is a great filesystem for root. When I had a PSU take out a motherboard and 1 hard drive I was able to toss the remaining good drive in a new computer and my whole system booted like nothing happened. Replaced the degraded device and didn't lose anything. My Windows machine kept crashing on boot and required some drivers.

Re:Too much noise over SystemD by Anonymous Coward · 2015-04-26 00:38 · Score: 1 · on Debian 8 Jessie Released

We are approaching almost a year since RHEL switched - if it was that catastrophically bad, we would know by now.