On Sat, 2010-01-16 at 16:49 +0800, Ed Greshko wrote:
> My ISP is a pure IPv4 ISP. My ADSL modem doesn't know a thing about
> IPv6. Yet....
>
> [egreshko@f12 ~]$ ping6 2001:4860:c004::68
I haven't done anything more than a quick check recently, but my ISP
*didn't* support IPv6, hasn't made any announcements about supporting it
that I can recall, nor does any other ISP I know of (bar one), nor does
any domestic networking hardware that I know of support it (here in
Australia).
My ADSL router/modem is a standalone device, I don't use it as a raw
modem (relying on a computer, behind it, to do all the authentication
and routing), *it* has to be able to handle whatever I try to put
through it. And that is how I want to run my network.
On the computer I haven't deliberately disabled IPv6:
$ ping6 2001:4860:c004::68
connect: Network is unreachable
On the computer I deliberately disabled IPv6:
$ ping6 2001:4860:c004::68
socket: Address family not supported by protocol
Both do exactly what I expect them to. The same sort of error as I'd
expect if I'd tried to do something with an unreachable IPv4 address on
my network.
The only way IPv6 can be used, is if there is a working IPv6 network
between you and them, or you have something acting as your proxy
bridging the gap. That proxy has to be somewhere where it *can* bridge
the gap. It's no good putting one where it's still isolated. And what
happens when someone wants to connect back to you at your IPv6 address?
Proxying/tunnelling are semantics for the same thing - doing one through
the other, but neither is direct. I view having to use a tunnel as
being just about as bad as having to use NAT, and some of the IPv6 to
IPv4 conversions are virtually the same as NAT (making at least one use
of IPv6 pretty pointless, as IPv6 is one solution to avoid having to use
NAT with IPv4). Leaving us with yet another mess to have to deal with,
instead of just doing things directly (i.e. IPv6 on my MODEM/router and
ISP).
Simply finding the IPv4 address from the dual addresses for something
that has both v4 and v6 isn't using IPv6, at all. And for a lot of
people (probably including those who think IPv6 is working for them),
that's all that they'll be doing. For instance, mplayer will do that
when you try to connect to a stream over the net, first it'll try IPv6,
then it'll fallback to IPv4. In some cases, there's an annoying delay
before the fallback. Or no fallback, as it finds an address, but simply
can't connect to it, and aborts trying anything else.
Before someone gives me it in the neck. I do see the point of view that
it's a solution looking for a problem, but the problem does exist (IPv4
address exhaustion), it's just *when* it will be a problem is still
debatable. And it would be good to get it working ahead of time. But
this is not helped by manufacturers who continue to produce IPv4-only
equipment (many years after we knew of this situation), and sell no
additional/alternative IPv6 domestic equipment, making it next to
impossible for all but true geeks to use IPv6.
I see v6 bringing a myriad of its own problems, the chief ones being
firewalling and address assignment. Many of us are quite familiar at
defining the division between WAN and LAN with IPv4, so we can control
our network. I've seen a dearth of clearly coherent information about
the same sort of thing with IPv6, so I expect an awful lot of security
problems down to network boundaries and firewall rule errors when it
becomes available to the great unwashed. Many of whom, currently,
unwittingly rely on NAT /breaking/ networking to provide some insecure
isolation from the rest of the world. But will, then, have to set up
dual rules (you'll need to have separate rules for IPv4 and IPv6
addresses, if you want to firewall things). And I wonder whether
Windows will spend years repeating the mistakes it's done in the past,
such as sharing out your LAN to all and sundry, by default.
Not to mention the fun and games we'll have to go through to learn how
to manage our own networks (address assignment; name resolution; having
consistent name resolution when your assigned IPv6 address may be
variable and assigned by something with little, or no,
user-configuration possible; DHCP configuration, etc., etc., etc.). And
there'll probably some price gouging by webhosts and domain registrars
for you to have an IPv6 address as well as your IPv4 one.
I'd make an educated guess that our ISPs are avoiding implementing it
because they want to avoid the additional work to do so. Not to mention
having to replace equipment that simply can't support it.
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
01-16-2010, 10:33 PM
Ed Greshko
Tim wrote:
> On Sat, 2010-01-16 at 16:49 +0800, Ed Greshko wrote:
>
>> My ISP is a pure IPv4 ISP. My ADSL modem doesn't know a thing about
>> IPv6. Yet....
>>
>> [egreshko@f12 ~]$ ping6 2001:4860:c004::68
>>
>
> I haven't done anything more than a quick check recently, but my ISP
> *didn't* support IPv6, hasn't made any announcements about supporting it
> that I can recall, nor does any other ISP I know of (bar one), nor does
> any domestic networking hardware that I know of support it (here in
> Australia).
>
> My ADSL router/modem is a standalone device, I don't use it as a raw
> modem (relying on a computer, behind it, to do all the authentication
> and routing), *it* has to be able to handle whatever I try to put
> through it. And that is how I want to run my network.
>
> On the computer I haven't deliberately disabled IPv6:
> $ ping6 2001:4860:c004::68
> connect: Network is unreachable
>
> On the computer I deliberately disabled IPv6:
> $ ping6 2001:4860:c004::68
> socket: Address family not supported by protocol
>
> Both do exactly what I expect them to. The same sort of error as I'd
> expect if I'd tried to do something with an unreachable IPv4 address on
> my network.
>
> The only way IPv6 can be used, is if there is a working IPv6 network
> between you and them, or you have something acting as your proxy
> bridging the gap. That proxy has to be somewhere where it *can* bridge
> the gap. It's no good putting one where it's still isolated. And what
> happens when someone wants to connect back to you at your IPv6 address?
>
That is where I think you need to do a bit of research.
As I have said.... My ISP is pure IPv4. My ISP....just like
yours...*doesn't* support IPv6.
All you need to do is go to a tunnel broker such as
http://tunnelbroker.net/ and create a tunnel and then configure your
IPv6 stack accordingly. You will then have a valid IPv6 Global IPv6
address and be able to access all IPv6 hosts and all IPv6 hosts will be
able to access *your* address. There is *no* NAT of any sort.
Simple....
> Proxying/tunnelling are semantics for the same thing - doing one through
> the other, but neither is direct. I view having to use a tunnel as
> being just about as bad as having to use NAT, and some of the IPv6 to
> IPv4 conversions are virtually the same as NAT (making at least one use
> of IPv6 pretty pointless, as IPv6 is one solution to avoid having to use
> NAT with IPv4). Leaving us with yet another mess to have to deal with,
> instead of just doing things directly (i.e. IPv6 on my MODEM/router and
> ISP).
>
That is also were I feel your view is incorrect.
To demonstrate....
I have 2 hosts with tunnels defined...
2001:470:1f04:735::2 and 2001:470:1f04:736::2
They are physically touching one another....
[egreshko@f12 scsi]$ traceroute6 2001:470:1f04:736::2
traceroute to 2001:470:1f04:736::2 (2001:470:1f04:736::2), 30 hops max,
80 byte packets
1 egreshko-1.tunnel.tserv3.fmt2.ipv6.he.net (2001:470:1f04:735::1)
216.329 ms 222.104 ms 228.257 ms
2 egreshko-2-pt.tunnel.tserv3.fmt2.ipv6.he.net (2001:470:1f04:736::2)
438.855 ms 441.324 ms 445.163 ms
Notice the trip times.
I don't know another person with a valid IPv6 address to better
examples. But, they could connect to my webserver just fine using those
IPv6 addresses.
Anyway this demonstrates a full IPv6 connection...
traceroute to ipv6.l.google.com (2001:4860:c004::68), 30 hops max, 80
byte packets
1 egreshko-1.tunnel.tserv3.fmt2.ipv6.he.net (2001:470:1f04:735::1)
215.810 ms 221.422 ms 225.343 ms
2 1g-3-20.core1.fmt2.ipv6.he.net (2001:470:0:45::1) 226.193 ms
226.803 ms 227.612 ms
3 10g-1-2.core1.pao1.ipv6.he.net (2001:470:0:30::2) 228.395 ms
228.333 ms 229.418 ms
4 core2-1-1-0.pao.net.google.com (2001:504:d::1f) 229.704 ms 232.472
ms 234.285 ms
5 2001:4860::1:0:7ea (2001:4860::1:0:7ea) 245.935 ms 246.659 ms
2001:4860::1:0:21 (2001:4860::1:0:21) 242.394 ms
6 2001:4860::1:0:a9d (2001:4860::1:0:a9d) 262.085 ms
2001:4860::1:0:77d (2001:4860::1:0:77d) 282.670 ms 2001:4860::1:0:a9d
(2001:4860::1:0:a9d) 229.794 ms
7 2001:4860::1:0:610 (2001:4860::1:0:610) 229.791 ms
2001:4860::1:0:795 (2001:4860::1:0:795) 248.668 ms 2001:4860::1:0:610
(2001:4860::1:0:610) 229.500 ms
8 2001:4860::1:0:298 (2001:4860::1:0:298) 327.540 ms 328.372 ms
331.515 ms
9 2001:4860::1:0:794 (2001:4860::1:0:794) 385.779 ms 376.836 ms
382.525 ms
10 2001:4860::2a (2001:4860::2a) 404.631 ms 411.900 ms 2001:4860::29
(2001:4860::29) 382.330 ms
11 tx-in-x68.1e100.net (2001:4860:c004::68) 381.468 ms 383.952 ms
384.785 ms
> Simply finding the IPv4 address from the dual addresses for something
> that has both v4 and v6 isn't using IPv6, at all. And for a lot of
> people (probably including those who think IPv6 is working for them),
> that's all that they'll be doing. For instance, mplayer will do that
> when you try to connect to a stream over the net, first it'll try IPv6,
> then it'll fallback to IPv4. In some cases, there's an annoying delay
> before the fallback. Or no fallback, as it finds an address, but simply
> can't connect to it, and aborts trying anything else.
>
First, I am talking about a situation where a given resource has only a
IPv6 address. Not sure why you keep introducing the "dual" IPv4/IPv6 model.
I also don't know of any concept of "fall back".
If you were to use http://ipv6.google.com on a system that didn't have
IPv6 available, it would fail. This is because....
[egreshko@f12 scsi]$ host ipv6.google.com
ipv6.google.com is an alias for ipv6.l.google.com.
ipv6.l.google.com has IPv6 address 2001:4860:c004::68
egreshko@f12 scsi]$ host ipv6.l.google.com
ipv6.l.google.com has IPv6 address 2001:4860:c004::68
[egreshko@f12 scsi]$ host -t a ipv6.l.google.com
ipv6.l.google.com has no A record
As you can see.... ipv6.l.google.com has no IPv4 address so ... nothing
to fall back on.
> Before someone gives me it in the neck. I do see the point of view that
> it's a solution looking for a problem, but the problem does exist (IPv4
> address exhaustion), it's just *when* it will be a problem is still
> debatable. And it would be good to get it working ahead of time. But
> this is not helped by manufacturers who continue to produce IPv4-only
> equipment (many years after we knew of this situation), and sell no
> additional/alternative IPv6 domestic equipment, making it next to
> impossible for all but true geeks to use IPv6.
>
> I see v6 bringing a myriad of its own problems, the chief ones being
> firewalling and address assignment. Many of us are quite familiar at
> defining the division between WAN and LAN with IPv4, so we can control
> our network. I've seen a dearth of clearly coherent information about
> the same sort of thing with IPv6, so I expect an awful lot of security
> problems down to network boundaries and firewall rule errors when it
> becomes available to the great unwashed. Many of whom, currently,
> unwittingly rely on NAT /breaking/ networking to provide some insecure
> isolation from the rest of the world. But will, then, have to set up
> dual rules (you'll need to have separate rules for IPv4 and IPv6
> addresses, if you want to firewall things). And I wonder whether
> Windows will spend years repeating the mistakes it's done in the past,
> such as sharing out your LAN to all and sundry, by default.
>
> Not to mention the fun and games we'll have to go through to learn how
> to manage our own networks (address assignment; name resolution; having
> consistent name resolution when your assigned IPv6 address may be
> variable and assigned by something with little, or no,
> user-configuration possible; DHCP configuration, etc., etc., etc.). And
> there'll probably some price gouging by webhosts and domain registrars
> for you to have an IPv6 address as well as your IPv4 one.
>
> I'd make an educated guess that our ISPs are avoiding implementing it
> because they want to avoid the additional work to do so. Not to mention
> having to replace equipment that simply can't support it.
>
>
There is no doubt that IPv6 adoption and implementation is slow for
various reasons. As an end point for the average user and even for
Internet connectivity it is years away. But, that wasn't the point.
--
The brotherhood of man is not a mere poet's dream; it is a most
depressing and humiliating reality. -- Oscar Wilde
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
01-19-2010, 07:05 AM
Stefan Bader
-------- Original Message --------
Subject: Stable kernel tree status, January 18, 2010
Date: Mon, 18 Jan 2010 11:09:39 -0800
From: Greg KH <greg@kroah.com>
To: linux-kernel@vger.kernel.org
CC: stable@kernel.org
Here's the state of the -stable kernel trees, as of January 18, 2010.
2.6.27-stable
The 2.6.27-stable kernel tree is still living on, as a "long-term"
stable release. But, I do have to warn users of this tree, the older it
gets, the less viable it becomes. Not all bugfixes are being backported
to this kernel version due to massive code changes in the over 2 years
since this kernel has been released. I am doing my best to backport
fixes that I become aware of, and I encourage anyone who does fix any
types of bugs in the main kernel tree to let me know if the change
should be applied to this older kernel version.
I'll probably keep maintaining it for at least 6-8 more months, but
after that, I can not guarantee it's viability. Note, one other
developer has volunteered to pick up the tree after I am finished with
it, but I can not speak for him at this time.
2.6.31-stable
Today the last 2.6.31-stable kernel was released, all users of this
kernel series are strongly encouraged to switch to the 2.6.32 kernel
series, as there will not be any more updates for this branch in the
future.
2.6.32-stable
I'd like to announce that the 2.6.32-stable tree is also going to be
maintained as a "long-term" stable release, living for 2-3 years, like
the 2.6.27 kernel is. This is because a number (i.e. more than 2) Linux
distributions are basing their "enterprise" releases on this kernel
version, and it will make their lives easier if I keep it alive.
Note, the viability of me keeping this tree alive for such a length of
time relies on the developers working for those distros to keep me
informed of patches that need to be backported and applied to it.
Without their help, I will have no problem in stopping the maintenance
of the tree.
Submitting patches for stable trees
Again, the easiest way to get your patch into a -stable tree is to
merely add the line:
Cc: stable <stable@kernel.org>
to the Signed-off-by: area of your patch. When the patch goes into
Linus's tree, it will be automatically sent to the stable address, and I
will know to apply it to the trees. If I have any problem applying it
at that time, I will email the author and reviewers of the patch about
it.
If you forgot to add this line to the patch, or you have found a patch
written by someone else that you wish to have applied to the stable
trees, email the git commit id of the patch as it shows up in Linus's
tree to the stable@kernel.org email address. Any stable correspondence
sent to my personal accounts has the chance of being lost in the
shuffle, so please try to not do that.
If a patch needs to be backported to one of the stable trees because it
does not apply directly, please send the backported patch, along with
the git commit id of the original patch, to the stable@kernel.org
address, with a description of which kernel tree it should be applied
to.
If anyone has any other questions about stable releases, please let me
know.
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
01-19-2010, 08:14 AM
TSmith
NO
Dale Konsevitch wrote:
> Please remove my name from your mailing lists.
>
> Thank you.
>
>
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
01-19-2010, 08:15 AM
Jozsef
On Tue, 19 Jan 2010 13:14:10 +0400, TSmith <valhalla2100@comcast.net>
wrote:
> NO
>
> Dale Konsevitch wrote:
>> Please remove my name from your mailing lists.
>>
>> Thank you.
>>
>>
>
>
lol
--
Best,
Jozsef
"Fear God, and give Him glory, because the hour of His judgment has
come..."
Revelation 14:7
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
01-19-2010, 09:39 AM
Stefan Bader
Found on stable. We only have it =m for amd64 but for consistency might want to
disable it commonly.
-Stefan
-------- Original Message --------
Subject: RFC: deprecate CONFIG_X86_CPU_DEBUG and schedule it for rapid removal
Date: Sun, 17 Jan 2010 17:26:53 -0800
From: H. Peter Anvin <hpa@zytor.com>
To: Rafael J. Wysocki <rjw@sisk.pl>
CC: Ozan Çağlayan <ozan@pardus.org.tr>, Yinghai Lu <yinghai@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
mingo@elte.hu, a.p.zijlstra@chello.nl, stable@kernel.org, Linus Torvalds
<torvalds@linux-foundation.org>, Andrew Morton
<akpm@linux-foundation.org>, Jaswinder Singh Rajput
<jaswinder@kernel.org>, Ingo Molnar <mingo@elte.hu>, Thomas Gleixner
<tglx@linutronix.de>
References: <4B4E1633.8010700@pardus.org.tr> <201001162312.34189.rjw@sisk.pl>
<4B52D6E2.8000904@pardus.org.tr> <201001171444.14551.rjw@sisk.pl>
CONFIG_X86_CPU_DEBUG really seems to be causing more problems than it
ever solved. This is an RFC for immediately deprecating it, and
schedule it for removal in the 2.6.34 cycle.
If this was a high value feature, it would be different -- but it's not
even close.
Posting this as an RFC just on the offchance someone actually depends on
this.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
01-19-2010, 04:55 PM
walt
On 01/18/2010 04:41 PM, walt wrote:
Here is what I see on both machines:
$su
Password: <===== I type Ctrl-d here
Segmentation fault
I've traced this problem to the pam_ssh package, which is supposed
to return a charstring containing the typed password, but it instead
returns a null pointer when I type Ctrl-d. Calamity ensues.
The key here is the pam_ssh package, which apparently the rest of you
don't use for authentication. I've added "auth sufficient pam_ssh.so"
to the pam system-auth file so I can ssh between local machines using
my ssh private key for authentication.
Thanks for testing.
01-19-2010, 05:26 PM
Nikos Chantziaras
On 01/19/2010 07:55 PM, walt wrote:
On 01/18/2010 04:41 PM, walt wrote:
Here is what I see on both machines:
$su
Password: <===== I type Ctrl-d here
Segmentation fault
I've traced this problem to the pam_ssh package, which is supposed
to return a charstring containing the typed password, but it instead
returns a null pointer when I type Ctrl-d. Calamity ensues.
The key here is the pam_ssh package, which apparently the rest of you
don't use for authentication.
Just a quick question: what do you need PAM for? No it's not a
rhetorical question. I always wondered what PAM is good for; to find
out, I completely removed everything PAM related from my system ("-pam"
in make.conf and then rebuild everything and then depclean.) The system
works exactly the same as before. So I'm left wondering what PAM was
doing in the first place?
01-20-2010, 03:47 AM
Steve Rippl
(Sorry - meant to send to list...)
Scott Balneaves wrote:
> Duh.
>
> https://wiki.ubuntu.com/Edubuntu/NewUserAdminTool
>
> How can you tell I'm getting tired?
>
> Scot
That looks potentially very useful. The idea of having plugin scripts
is excellent. Have you though about rights delegation? I'm thinking a
sysadmin might for example control adding and removing users (by
whatever method, this tool or otherwise), but might want to allow a
teacher to reset passwords, group kids, or change some other attribute
of students in their class. Could certain users just be able to use
certain "commands". Could this be handled via groups perhaps? All
'teachers' get these rights, all 'power-teachers' get those etc.
Steve
--
Steve Rippl
Technology Director
Woodland Public Schools
360 225 9451 x326
--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
01-20-2010, 06:07 AM
"David C. Rankin"
On 01/19/2010 01:37 PM, Arvid Picciani wrote:
> On 01/19/2010 08:09 PM, Dimitrios Apostolou wrote:
>
>> sorry for hijacking your thread but speaking of dark themes, I have been
>> looking for ages for a nice reverse theme for gtk+ but every single one
>> I remember wasn't perfect... Anyone 100% happy with a reverse theme?
>
> i like NOX from murrine-themes-collection, couldnt say if its perfect,
> since i only have like 2 gui apps, but it looks very polished to me.
> Works fine on qt apps too.
>
>> And most importantly, how the /heck/ do you handle the *bright* *white*
>> pages of the web... I'd tried creating a custom CSS for me, but it broke
>> too many pages...
>
> with proper environment light. i find that only unbearable at night when
> i turned the lights off already.
>
I stumbled into a part solution to the problem for firefox and other mozilla apps. Basically there is a new type of "skin" you can use called user space skins that use the 'stylish' addon that allows for the easy changing of the titlebar (and all other aspects) of the browser window.
(2) either load an existing theme that does what you want or create a new one in the new Tools -> Addons -> User Styles tab. The first theme I downloaded sucked. It did what I wanted as far as affecting the font of the addressbar and search bar, but looked horrible due to the background drawn being rectangular while the normal theme I have being a 'rounded' rectangle. I got rid of the background color designations, changed the colors and stripped the superfluous stuff out and now I can see the addresses and search phrases perfectly. Man, I've been wanting to do something like this for a while.
The original user theme was:
http://userstyles.org/styles/7962
My simpler one follows. I left the original elements in the theme (commented out), just in case you want to mess with them. To install it, just click on the new User Styles tab, choose 'Write New Style' and then just copy and paste what follows into the dialog:
