I surveyed the various chroot helper tools available from freshmeat.net, hoping that they'd make things really easy.
I had a heck of a time trying to get the startup shell script to run under chroot_safe.
So I then tried Jail. I have a Lot of libraries in my/u/moz directory to support this.. The total size of my environment is around 172 MB.
My last stumbling block was not being able to run X apps because they cannot open/tmp/.X11-unix. I did a quick search and decided to move my jail to/tmp and do a hard link to the real version. That worked. While there was a core dump, I did get to interact with the quality feedback agent..
So.. Closer! Hopefully I can jump this final hurdle. Ideally, though, this would become an easy and supported way to install and run Mozilla/Firefox.
%./firefox *** nsExtensionManager::_disableObsoleteExtensions - failure, catching exception so finalize window can close *** loading the extensions datasource *** ExtensionManager:_updateManifests: no access privileges to application directory, skipping. *** loading the extensions datasource *** ExtensionManager:_updateManifests: no access privileges to application directory, skipping../run-mozilla.sh: line 451: 18744 Segmentation fault "$prog" ${1+"$@"}
Running Mozilla or Firefox in a chroot environment would greatly enhance security.
I recently tried to get this working but didn't have much luck (haven't given up yet). There isn't much info on the web.
I currently run Firefox under a separate user ID, which is better than the default.
Any suggestions to get chroot working with Firefox?
Re:Still can't open message in a new window
on
Gmail Adds Features
·
· Score: 1
Yeah, it is a real 3 button. And I use one of those old IBM keyboards too.
But jokes about my input device aside, some folks just don't seem to 'get it' on this issue. I open web links in new windows by middle clicking (Firefox). Some folks prefer tabs. On a fast machine this happens very quickly. I have 12 virtual screens under Enlighenment and a 1600x1280 desktop. I have room for more windows and views into my mbox.
I want to view my list of messages in one window and quickly middle click them to open in a new window. I then close down those windows with alt-w. Is that method of working so unique?
Saying that this does not work because of javascript features is bogus. As if that makes it "okay" to only support a single window paradigm. Yahoo mail, crude as it may be compared to gmail, supports this just fine.
Moderation: My original posting quickly popped up to a +4. A few hours later was +2 and this morning was +1. Now it is +2. Whatever happened to "try to promote rather than demote"? Say something critical of gmail or google and get modded down?
Still can't open message in a new window
on
Gmail Adds Features
·
· Score: 2, Interesting
I still don't understand why I can't middle click on a message to open it in a new window...
Sounds like a problem with your kernel, not the drivers. Maybe you should file a support request on the lkml.
Actually, that is part of the challenge.
The kernel guys generally don't want to hear about closed source problems because they don't have code access. It is one thing to not have the hardware but quite another to not have the code.
Also, those types of problems tend to be extremely tedious to debug and support (aka "not fun"), so I don't blame them. Wouldn't you rather spend your donated time working on things that will have lasting value, like fixing the OSS driver?
For a few months I ran Nvidia's proprietary driver but found that their support was poor. Countless people would report the same problem and Nvidia would basically just shrug and not even reply to the postings on their website. Stuff like "not our problem". They were very slow to support 2.6.
And as a gentoo user, I hated the binary installation program.
I finally dumped their stuff and went to the OSS driver. It is much slower, even when just opening new browser windows or xterms. But not having to mess with nvidia installer hell each time I gen a new kernel (which is pretty rare, actually) makes it worth it.
This was a great article, however, because it shows just how much chance and luck there is in getting these drivers to work. Buying the latest and greatest MB and CPU for use with Linux is still a huge unknown for the novice and experienced Linux user alike. And then there is the very real fear of whether it will work after you upgrade your kernel, etc.
Sad to see that Nvidia is the most Linux friendly vendor??
I was trying to get Firefox working in a chroot jail just this week. Unfortunately, it is tricky and there doesn't seem to be much support for it or info on the web.
I already run my Firefox as user 'anon' and it cannot access my personal files directly. More support for priviledge separation would be nice.
I recently experienced some serious drop-out problems with my VoicePulse VOIP service.. So I decided to take some packet dumps and see what I could determine with ethereal.
Well, the protocol analysis was excellent. And, sure enough, the dump of the data produced an audio file easily played with XMMS. I was shocked at how easy this was (and once again at how good ethereal is). I no longer have any illusions of privacy due to the 'obscurity' or complexity of the protocols.
So, next time your VOIP provider plays dumb over drop outs, give them a protocol analysis and an audio record of the problem.
GFS has a troubled license history
on
Red Hat announces GFS
·
· Score: 4, Informative
GFS was well-liked at supercomputing centers I have worked with until Sistina dropped the GPL license in favor of proprietary. They did this very suddenly and without warning. It pissed off a lot of potential users and the open source community. It has since fallen out of favor.
This move by Red Hat gives new life (and resources) to GFS beyond the OpenGFS Project that has also been continuing to work on the code.
Another recent development in this area is HP's decision to productize Lustre. Lustre is perhaps the most prominent and promising HPC filesystem.
SGI also announced a major deal last week involving Luster:
The new file system is expected to sustain write rates in excess of 8GB/sec and demonstrate single client write rates of more than 600MB/sec. To achieve this performance, the new file system will leverage Lustre, an open source, object-oriented file system with development lead by Cluster File System Inc., with funding from DOE. Lustre currently is used on four of the top five supercomputers, including the PNNL cluster based on 1,900 Intel® Itanium® 2 processors.
I just checked my gmail with firefox - works like a charm. Maybe it is time for you to upgrade?
You know, I was so shocked by the page that I didn't even see it on their list.
But I am running firefox 0.8.
Gmail doesn't support firefox
on
Gmail in the News
·
· Score: 1, Troll
After this article, I figured I'd better use my invite and register.. Only to get the following..
We're sorry, but we don't seem to be compatible.
Our software suggests that you're using a browser incompatible with Gmail. Gmail currently supports the following:
* Microsoft IE 5.5 and newer (download: Windows)
* Netscape 7.1 and newer (download: Windows Macintosh Linux )
* Mozilla 1.4 and newer (download: Windows Macintosh Linux )
* Mozilla Firefox 0.8 and newer (download: Windows Macintosh Linux )
* Safari 1.2.1 and newer (download: Macintosh )
While we're still testing Gmail, you can also click here to use your unsupported browser, though you likely will encounter some areas that don't work as expected. You need to have Javascript and cookies enabled, regardless of the browser you use.
But hey, no worries. It seems to work. And it is fast as hell and looks pretty cool. Not that I'd ever use someone else's domain for serious email.
Yikes - big problem.. You can't middle-mouse click on a message to open it in a new window. That blows.
Included was a very cool tool, Phentropy, for visualizing arbitrary data using Strange Attractors. You may recall a paper on TCP/IP Sequence number analysis that highlighted the usefulness of Strange Attractors for data visualization.
Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS. Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space.
OpenQVIS is a neat package and could fill a lot of arbitrary data viz needs.. But damned if I have been able to get the thing to build under Linux. The project could really use some help, and I think a lot of good could come of it. The Phd types who wrote it seem to have mostly moved on..
AQMD found that that diesel soot accounted for 71% of the cancer risk, 1,3 butadiene (a byproduct of incomplete combustion in engines) 8% of the risk, benzene (mostly from motor vehicles) 7%, carbonyls (including formaldehyde and acetaldehydes from both mobile and stationary sources) 3%, and other pollutants (primarily from stationary sources) 11%.
I signed on with Voice Pulse at the beginning of April. I have used the service from two locations, both on Comcast..
I get drop-outs. Oddly, I even get drop-outs from the other party. That's odd given the 3 Mb down speed.
Their efforts to resolve the problem have been weak.
Further, Vonage has upped the stakes by lowering their unlimited service to $30 from $35. Vonage international rates are also much cheaper (.02 to Germany vs..06 for Voice Pulse - $4 on my last bill, so it adds up).
I asked Voice Pulse if they would be matching the Vonage pricing and they said "our prices are on our website". That is unfortunate because they are not otherwise differentiated from Vonage. If you are going to play in this disruptive market, you must react when disrupted.
I will be dumping them mid-June, probably for Vonage or Packet8.
I think the important thing in choosing a VOIP carrier is looking at what it will cost you to switch should the service quality dip or better pricing become available elsewhere.
Also, for two years I ran my own VOIP coast to coast using a pair of VOIP Blasters, using the open source Fobbit software, at a total cost of $60 in hardware. That solution was more reliable over two years than Voice Pulse has been in in 1.5 months. Those VOIP Blasters rock!
Drop-outs aside, I do like the Sipura hardware that Voice Pulse uses. It has two lines and they can each be provisioned to use a different carrier. Kinda slick, though I have not yet used it. Voice Pulse also has a more open model regarding hardware than most others.
Slashdot Mirror
Taking a step back, I find that I cannot yet run an xterm. It complains about a lack of ptys. Sure enough, my /dev is pretty bare.
I am beginning to wonder whether User Mode Linux would be a better way to do this. I did see some links on running UML under chroot too.
Question is, what would Firefox performance be like under UML?
Seems like a good reason to try UML.
Thank you for the suggestion.
/u/moz directory to support this.. The total size of my environment is around 172 MB.
/tmp/.X11-unix. I did a quick search and decided to move my jail to /tmp and do a hard link to the real version. That worked. While there was a core dump, I did get to interact with the quality feedback agent..
./run-mozilla.sh: line 451: 18744 Segmentation fault "$prog" ${1+"$@"}
I surveyed the various chroot helper tools available from freshmeat.net, hoping that they'd make things really easy.
I had a heck of a time trying to get the startup shell script to run under chroot_safe.
So I then tried Jail. I have a Lot of libraries in my
My last stumbling block was not being able to run X apps because they cannot open
So.. Closer! Hopefully I can jump this final hurdle. Ideally, though, this would become an easy and supported way to install and run Mozilla/Firefox.
%./firefox
*** nsExtensionManager::_disableObsoleteExtensions - failure, catching exception so finalize window can close
*** loading the extensions datasource
*** ExtensionManager:_updateManifests: no access privileges to application directory, skipping.
*** loading the extensions datasource
*** ExtensionManager:_updateManifests: no access privileges to application directory, skipping.
Running Mozilla or Firefox in a chroot environment would greatly enhance security.
I recently tried to get this working but didn't have much luck (haven't given up yet). There isn't much info on the web.
I currently run Firefox under a separate user ID, which is better than the default.
Any suggestions to get chroot working with Firefox?
Yeah, it is a real 3 button. And I use one of those old IBM keyboards too.
But jokes about my input device aside, some folks just don't seem to 'get it' on this issue. I open web links in new windows by middle clicking (Firefox). Some folks prefer tabs. On a fast machine this happens very quickly. I have 12 virtual screens under Enlighenment and a 1600x1280 desktop. I have room for more windows and views into my mbox.
I want to view my list of messages in one window and quickly middle click them to open in a new window. I then close down those windows with alt-w. Is that method of working so unique?
Saying that this does not work because of javascript features is bogus. As if that makes it "okay" to only support a single window paradigm. Yahoo mail, crude as it may be compared to gmail, supports this just fine.
Moderation: My original posting quickly popped up to a +4. A few hours later was +2 and this morning was +1. Now it is +2. Whatever happened to "try to promote rather than demote"? Say something critical of gmail or google and get modded down?
I still don't understand why I can't middle click on a message to open it in a new window...
A one window view into my mbox is not sufficient.
Sounds like a problem with your kernel, not the drivers. Maybe you should file a support request on the lkml.
Actually, that is part of the challenge.
The kernel guys generally don't want to hear about closed source problems because they don't have code access. It is one thing to not have the hardware but quite another to not have the code.
Also, those types of problems tend to be extremely tedious to debug and support (aka "not fun"), so I don't blame them. Wouldn't you rather spend your donated time working on things that will have lasting value, like fixing the OSS driver?
I have an Nforce2 based MB with built-in video..
For a few months I ran Nvidia's proprietary driver but found that their support was poor. Countless people would report the same problem and Nvidia would basically just shrug and not even reply to the postings on their website. Stuff like "not our problem". They were very slow to support 2.6.
And as a gentoo user, I hated the binary installation program.
I finally dumped their stuff and went to the OSS driver. It is much slower, even when just opening new browser windows or xterms. But not having to mess with nvidia installer hell each time I gen a new kernel (which is pretty rare, actually) makes it worth it.
This was a great article, however, because it shows just how much chance and luck there is in getting these drivers to work. Buying the latest and greatest MB and CPU for use with Linux is still a huge unknown for the novice and experienced Linux user alike. And then there is the very real fear of whether it will work after you upgrade your kernel, etc.
Sad to see that Nvidia is the most Linux friendly vendor??
I was trying to get Firefox working in a chroot jail just this week. Unfortunately, it is tricky and there doesn't seem to be much support for it or info on the web.
I already run my Firefox as user 'anon' and it cannot access my personal files directly. More support for priviledge separation would be nice.
Any tips?
Buy your Mom an in-ground sprinker system and convert it spray propane.
Don't forget to connect it to the motion detector.
Funny that the article didn't mention the $19.5 million series B round of funding received in June 2003...
That's gotta do something...
So how long until the kids are 'taught' to turn in their parents "to help them"?
Gotta love my tax dollars supporting this tripe.
When using WIFI, I generally always use an SSH port forward to encrypt and tunnel my traffic back to a 'safe' host.
At home, my AP is connected to a dedicated interface that only allows SSH. You could add port knocking for additional security.
Sure, SSH port forwards can still be disrupted or messed with. But not like plain HTTP.
BTW, nice hack!
I recently experienced some serious drop-out problems with my VoicePulse VOIP service.. So I decided to take some packet dumps and see what I could determine with ethereal.
Well, the protocol analysis was excellent. And, sure enough, the dump of the data produced an audio file easily played with XMMS. I was shocked at how easy this was (and once again at how good ethereal is). I no longer have any illusions of privacy due to the 'obscurity' or complexity of the protocols.
So, next time your VOIP provider plays dumb over drop outs, give them a protocol analysis and an audio record of the problem.
there have been court decisions that would affect using this without either an 'active situation' (hostages, &c) or a court order.
Just because they cannot use it as evidence in court does not mean that they will no longer use it.
Nice. Please mod parent up.
GFS was well-liked at supercomputing centers I have worked with until Sistina dropped the GPL license in favor of proprietary. They did this very suddenly and without warning. It pissed off a lot of potential users and the open source community. It has since fallen out of favor.
This move by Red Hat gives new life (and resources) to GFS beyond the OpenGFS Project that has also been continuing to work on the code.
Another recent development in this area is HP's decision to productize Lustre. Lustre is perhaps the most prominent and promising HPC filesystem.
SGI also announced a major deal last week involving Luster:
The new file system is expected to sustain write rates in excess of 8GB/sec and demonstrate single client write rates of more than 600MB/sec. To achieve this performance, the new file system will leverage Lustre, an open source, object-oriented file system with development lead by Cluster File System Inc., with funding from DOE. Lustre currently is used on four of the top five supercomputers, including the PNNL cluster based on 1,900 Intel® Itanium® 2 processors.
When they have the Monkey Man!!
1. Give people a website addr via bathroom wall to report/get speed trap info
2. Share the info via CB and text to speech
3. ???
4. Profit
Seriously, what do people use them for?
Are you kidding? For $50 my Leadtek rules for watching TV on my desktop in an arbitrarily sized window while I work or surf.
I watch almost no TV so this saves huge time. I haven't even bothered to get my TV out of storage.
I just checked my gmail with firefox - works like a charm. Maybe it is time for you to upgrade?
You know, I was so shocked by the page that I didn't even see it on their list.
But I am running firefox 0.8.
After this article, I figured I'd better use my invite and register.. Only to get the following..
We're sorry, but we don't seem to be compatible.
Our software suggests that you're using a browser incompatible with Gmail. Gmail currently supports the following:
* Microsoft IE 5.5 and newer (download: Windows)
* Netscape 7.1 and newer (download: Windows Macintosh Linux )
* Mozilla 1.4 and newer (download: Windows Macintosh Linux )
* Mozilla Firefox 0.8 and newer (download: Windows Macintosh Linux )
* Safari 1.2.1 and newer (download: Macintosh )
While we're still testing Gmail, you can also click here to use your unsupported browser, though you likely will encounter some areas that don't work as expected. You need to have Javascript and cookies enabled, regardless of the browser you use.
But hey, no worries. It seems to work. And it is fast as hell and looks pretty cool. Not that I'd ever use someone else's domain for serious email.
Yikes - big problem.. You can't middle-mouse click on a message to open it in a new window. That blows.
Bush falls off Segway
About 18 months ago, Slashdot posted an article The Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release with a nice collection of unconventional networking tools.
Included was a very cool tool, Phentropy, for visualizing arbitrary data using Strange Attractors. You may recall a paper on TCP/IP Sequence number analysis that highlighted the usefulness of Strange Attractors for data visualization.
Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS. Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space.
OpenQVIS is a neat package and could fill a lot of arbitrary data viz needs.. But damned if I have been able to get the thing to build under Linux. The project could really use some help, and I think a lot of good could come of it. The Phd types who wrote it seem to have mostly moved on..
Obviously, there is a strong economic incentive to ignore those study results and to not fund studies that look at the health problems of diesel.
The local grease frier as a source of fuel is nice, but grease fried food is not a solution.
MAJOR AIR TOXICS STUDY FINDS VEHICLES DOMINATE CANCER RISK
AQMD found that that diesel soot accounted for 71% of the cancer risk, 1,3 butadiene (a byproduct of incomplete combustion in engines) 8% of the risk, benzene (mostly from motor vehicles) 7%, carbonyls (including formaldehyde and acetaldehydes from both mobile and stationary sources) 3%, and other pollutants (primarily from stationary sources) 11%.
I signed on with Voice Pulse at the beginning of April. I have used the service from two locations, both on Comcast..
.06 for Voice Pulse - $4 on my last bill, so it adds up).
I get drop-outs. Oddly, I even get drop-outs from the other party. That's odd given the 3 Mb down speed.
Their efforts to resolve the problem have been weak.
Further, Vonage has upped the stakes by lowering their unlimited service to $30 from $35. Vonage international rates are also much cheaper (.02 to Germany vs.
I asked Voice Pulse if they would be matching the Vonage pricing and they said "our prices are on our website". That is unfortunate because they are not otherwise differentiated from Vonage. If you are going to play in this disruptive market, you must react when disrupted.
I will be dumping them mid-June, probably for Vonage or Packet8.
I think the important thing in choosing a VOIP carrier is looking at what it will cost you to switch should the service quality dip or better pricing become available elsewhere.
Also, for two years I ran my own VOIP coast to coast using a pair of VOIP Blasters, using the open source Fobbit software, at a total cost of $60 in hardware. That solution was more reliable over two years than Voice Pulse has been in in 1.5 months. Those VOIP Blasters rock!
Drop-outs aside, I do like the Sipura hardware that Voice Pulse uses. It has two lines and they can each be provisioned to use a different carrier. Kinda slick, though I have not yet used it. Voice Pulse also has a more open model regarding hardware than most others.