users September 2013

users@lists.fedoraproject.org

185 participants
243 discussions

Re: tls
by Patrick Dupre 10 Sep '13

10 Sep '13

> ----- Original Message ----- > From: Matthew J. Roth > Sent: 09/09/13 11:24 PM > To: Community support for Fedora users > Subject: Re: tls > > >>> Patrick Dupre wrote: > >>> > >>> ssh works fine. However, I have a possible explaination. > >>> This machine is behind a firewall and to be able to make ssh, I > >>> add to ask to have the ssh port open. Probably, the ftp port is > >>> closed. Should I ask to have it open to use ssl/tls? > >>> Is it port 21? or 990? how can I check the port 22 is open > >>> while the other ones are closed on the firewall (I do not have > >>> admin access to this machine). > >> > >> Matthew J. Roth wrote: > >> > >> Do you have a compelling reason to use FTPS. If not, SFTP provides the same > >> functionality (encrypted file transfers) and it runs over SSH, so it should > >> *just work* in your environment. > > > > Patrick Dupre wrote: > > > > Yes, I know, but ssh/tls seems more secure! Thank Matthew. I probably need to learn more how to use sftp for having best secure transfers using my own key. > > Patrick, > > Both FTPS and SFTP utilize essentially the same techniques to secure a > connection and provide similar levels of security. FTPS has a slight edge > when it comes to authentication, because it uses X.509 certificates while SFTP > uses SSH keys. However, this is only relevant if personally verifying the > authenticity of keys (e.g. issuing a key yourself or verbally confirming its > fingerprint by phone) isn't sufficient and you require a CA to verify the > authenticity of certificates instead. > > On the other hand, SFTP is easier to administer from a network perspective > since only port 22/tcp must be opened in the firewall. This is the same port > used by SSH, so in many cases (including yours) it's already open. > > In my opinion, FTPS is slightly less secure than SFTP because its risks (running > an additional daemon and opening multiple firewall ports) outweigh its benefit > (X.509 authentication). Considering that SFTP is probably already available on > your computer (it's enabled by default), it's the obvious choice unless you > absolutely require X.509 authentication for file transfers. > > Regards, > > Matthew Roth > InterMedia Marketing Solutions > Software Engineer and Systems Developer > -- > users mailing list > users(a)lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org =========================================================================== Patrick DUPRÉ | | email: pdupre(a)gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France ===========================================================================

2 1

Video Driver locking boot process
by Mickey 09 Sep '13

09 Sep '13

Fedora 18 Failed to start Wait for Plymouth Boot Screen to Quit. Systemctl Status- Plymouth-quit-wait.service. I'm sure it is the Video driver I installed using Fedora-utils. How can I disable this so I can get back into Desktop to use Fedora-utils to uninstall the driver ? It is not the Nvidia driver.

2 1

Re: tls
by Patrick Dupre 09 Sep '13

09 Sep '13

> ----- Original Message ----- > From: Matthew J. Roth > Sent: 09/09/13 04:55 PM > To: Community support for Fedora users > Subject: Re: tls > > Patrick Dupre wrote: > > > > ssh works fine. However, I have a possible explaination. > > This machine is behind a firewall and to be able to make ssh, I > > add to ask to have the ssh port open. Probably, the ftp port is > > closed. Should I ask to have it open to use ssl/tls? > > Is it port 21? or 990? how can I check the port 22 is open > > while the other ones are closed on the firewall (I do not have > > admin access to this machine). > > > Patrick, > > Do you have a compelling reason to use FTPS. If not, SFTP provides the same > functionality (encrypted file transfers) and it runs over SSH, so it should > *just work* in your environment. Yes, I know, but ssh/tls seems more secure! > > Regards, > > Matthew Roth > InterMedia Marketing Solutions > Software Engineer and Systems Developer > -- > users mailing list > users(a)lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org =========================================================================== Patrick DUPRÉ | | email: pdupre(a)gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France ===========================================================================

3 2

Kernel 3.11 and Fedora 19...
by Fernando Cassia 09 Sep '13

09 Sep '13

Hi folks, A few questions considering the nice improvements [1] in Kernel 3.11 1. Is there a kernel spec file for Fedora 19 that could be used to compile a 3.11 kernel with the same build parameters as the F19 one? 2. Which kernel does F20 expect to use? 3. Anyone on this list running kernel 3.11 with F19? Did you build it yourself or did you use one provided by someone else? In the latter case: who/where? :) Thanks in advance, FC [1] http://www.phoronix.com/scan.php?page=news_item&px=MTQ1MDI -- During times of Universal Deceit, telling the truth becomes a revolutionary act - George Orwell

7 15

Re: grub2 how to change menuentry's in 10_linux section of grub.cfg
by Jackson Byers 09 Sep '13

09 Sep '13

Lee, thanks for your response. I don't understand what you are saying. how does "just running mkconfig" do what you want? I routinely use mkconfig but only after I have made a change in grub.d/40_custom Jack

1 0

RE: free CA?
by J.Witvliet＠mindef.nl 09 Sep '13

09 Sep '13

-----Original Message----- From: users-bounces(a)lists.fedoraproject.org [mailto:users-bounces@lists.fedoraproject.org] On Behalf Of Mike Wright Sent: Saturday, September 07, 2013 8:02 PM To: Fedora Users Subject: free CA? Hi all, Does anybody know of a free CA (Certificate Authority) that is recognized by common browsers? I have some very low volume non-commercial sites and cannot justify spending $100/year on certificates for them. I tried CAcert by no matter what I did they said they could not contact my mail server in order to verify me. (Same server where my Fedora Users mail arrives w/o problems.) tcpdump shows they came and carried on some sort of conversation. Given all that I gave up on them. Any help would be greatly appreciated, Mike Wright -----Original Message----- Hi Mike, Perhaps worthwhile spending some more time on your email issue.... You did get certified? And subscribed to their M.L.? (there were some technical issues lately) At least your primary email-address should remain reachable by cacert. You can test that, by issuing a client certificate: you should get notified for that. In case there is something odd with the email-address itself: You can expect the same by other CA-providers, as anyone needs to be able to verify your address. Hans (in private live also assurer for CAcert) ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

2 1

Native Nvidia Optimus and Fedora 19
by Powell, Michael 09 Sep '13

09 Sep '13

Has anyone tried to get native Optimus running on a Fedora 19 box? When I attempt it, I get a blank black screen. I posted on the Nvidia forums, but no one has replied yet and I'm getting anxious ;-) The general consensus is that the kernel must be 3.9 or higher, and I am running 3.9.9-302. The Nvidia readme<http://us.download.nvidia.com/XFree86/Linux-x86-ARM/319.32/README/randr14.h…> indicates CONFIG_DRM has to be enabled and the following driver interfaces present: drm_gem_prime_export drm_gem_prime_import gem_prime_pin gem_prime_get_sg_table gem_prime_import_sg_table gem_prime_vmap gem_prime_vunmap I have verified that CONFIG_DRM is enabled within the kernel as a module and it's loaded, but when I attempted to verify the list of module symbols, I only found two (the ones in bold). The way I determined this information was through: `cat /boot/config-3.9.9-302.fc19.x86_64 | grep CONFIG_DRM` `cat /lib/modules/3.9.9-302.fc19.x86_64/modules.symbols | grep gem_prime` Am I missing something or does it appear that F19 kernel is missing vital parts for native Nvidia Optimus support? For those more interested, here is the post<https://devtalk.nvidia.com/default/topic/551709/linux/319-23-the-infamous-b…> on the nvidia forums.

7 16

Turning off SELINUX
by Javier Perez 09 Sep '13

09 Sep '13

After reading this, I am turning off SELINUX http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-secu… Until I hear of a thorough code review by a non-USA team of this code, I do not feel safe using it, privacy wise. It's a pity because SELINUX is a good idea. -- ------------------------------ /\_/\ |O O| pepebuho(a)gmail.com ~~~~ Javier Perez ~~~~ While the night runs ~~~~ toward the day... m m Pepebuho watches from his high perch.

21 42

grub2 how to change menuentry's in 10_linux section of grub.cfg
by Jackson Byers 09 Sep '13

09 Sep '13

from fedora docs: "Changes to grub.cfg are enacted by editing etc/default/grub and files in the etc/grub.d directory, particularly 10_linux and 40_custom, and then running the grub2-mkconfig command with root privileges." BUT 10_linux in /etc/grub.d has no menuentry's, just a lot of coding I don't understand and looks like it is not intended to be modified by normal users. I have no trouble modifying /etc/grub.d/40_custom and getting the changes to appear in grub.cfg But how to change 10_linux menuentry's? what am I missing? The documentation above clearly says /etc/grub.d/10_linux can be edited., but I can't see how. FWIW, still in f16, xfce had f17 working for awhile but it got messed up. now trying to clean up, in preparation for f19

2 1

Re: Fedora/Redhat and perfect forward secrecy
by Reindl Harald 09 Sep '13

09 Sep '13

Am 09.09.2013 18:12, schrieb Paul Wouters: > On Mon, 9 Sep 2013, Reindl Harald wrote: >>> I don't get it, either >> >> google "dhe versus ecdhe performance" >> >> http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html >>>> Let’s focus on the server part. Enabling DHE-RSA-AES128-SHA cipher suite >>>> hinders the performance of TLS handshakes by a factor of 3. Using >>>> ECDHE-RSA-AES128-SHA instead only adds an overhead of 27%. However, if we >>>> use the 64bit optimized version, the cost is only 15% >> >> is that enough to understand why nobody on this world is using DHE and so your >> "Current Fedora supports perfect forward secrecy just fine" is *far* away >> from the reality? > > Not for me. I thought TLS was latency bound. The above "factor 3" does > not state whether TLS client/server were in the same LAN (or even VMs on > the same host). it does not matter, the world measures CPU load here > For the client, clearly CPU is not the limiting factor if you stay on topic you realize that this does not matter you can't do PFS to *any* major website these days > For regular TLS servers, this should also not matter. For fully loaded TLS > servers or TLS accelerators, the factor 3 on the CPU load will matter, but > we're talking clusters of machines here. Dropping in a few extra machines > shouldn't be that hard to give your patent-encumbered endusers PFS. *you* are talking clusters here >> it does not help much support forward secrecy in a way *nobody* else on this >> planet is supporting it and so you repsonse below is uneducated - period > > Ignoring the obvious legal (and now potential backdoor) problems with > ECC is also not very educated we are speaking about the real world, not about therory *you can't* do PFS to *any* relevant target because nobody offers negotiation with DHE - so stay on topic and as long nothing is *proven* ignore it while it *is* proven that PFS doe snot work with Redhat/Fedora systems to the rest of the world

1 0

← Newer
1
...
16
17
18
19
20
21
22
...
25
Older →

Jump to page: