OpenVPN + F28 =-> w/o [ IP | DNS ] leaks?
by Jack Craig
hi folks,
i have a static ip from att & am looking to make internet access safer.
i have been working to be able to ask questions that arent too stupid.
i wonder if anyone out there that has this working would be willing to chat?
how about DNSSEC ?
tia, jackc...
5 years, 1 month
Re: Scanning Problem HP4620
by R. G. Newbury
>Ed Greshko <ed.greshko(a)greshko.com> wrote:
>Well, it is possible that the printers are defined such that cups can
>access them but not
>in such a way that hplip recognizes them.
The scanner portion of the All-In-One machines is not handled by cups.
If the OP runs hp-setup, selects 'Network' then 'Advanced' and 'Manual
Discovery' and enters the IP address of the printer, it will be
discovered, and the URI will be shown, something like:
Model Host Name Device URI
HP Laserjet 3055 192.168.1.12 hp:/net/HP_Laserjet_3055?ip=192.168.1.12
Write down the URI. You can continue to set up the printer and fax as
you wish. Your system now knows where the scanner 'is' and hp-scan
should work without specifying the --device=<name> parameter.
HP-scan appears to only do one page at a time. You cannot use the adf
feature and get tiff/png outputs.
The hp scanning structure (and Hp-scan) is SANE based so scanimage is
instakked and works. It is easy to use in a script so you don't have to
remember the settings! Batch settings allow you to set the page start,
page count and count direction: +2 for the front of double sided pages
and -2 for the stack flipped over. These are not available with hp-scan.
Note that the command api is NOT the same with hp-scan, nor as featured.
My record is something above 300 pages in one pass with scanimage.
gscan2pdf is used to create the pdf file later, maybe after a pass using
unpaper to straighten the images, adjust contrast or whatever.
##################
##!/bin/bash
# script 'scanner'
export hp="hp:/net/HP_LaserJet_3055?ip=192.168.1.12"
# takes 5 parameters
cd $1
echo -e " Please wait while scanning commences.......\n"
# letter is -y 280, legal is -y 355
scanimage --device-name=$hp --source auto --resolution 150 --format
tiff --mode Color --contrast 125 -x 220 -y 290 --batch=$2%d.tiff
--batch-start=$3 --batch-count=$4 --batch-increment=$5
###############
Geoff
5 years, 1 month
Fedora 29 - Interaction with TLSv1/SSLv3 completely broken
by Charles Kozler
I am hoping I am missing something fairly obvious but it would appear any interaction via command line (or if overridden by another application policy) with a site presenting TLSv1/SSLv3 initially is completely broken in F29
Since I upgraded to F29, any site I come across via SSL functionality (ex: github) that initially presents TLSv1/SSLv3, my commands will forcefully exit with a generic error message
> curl https://github.com
curl: (35) error:1425F175:SSL routines:ssl_choose_client_version:inappropriate fallback
> openssl s_client -connect github.com:443
CONNECTED(00000004)
139888006719296:error:1425F175:SSL routines:ssl_choose_client_version:inappropriate fallback:ssl/statem/statem_lib.c:1929:
So I dug around a little bit and noticed it was because, in this example, github was first offering TLSv1/SSLv3
---
SSL handshake has read 3582 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
However, because there is a StrongCryptoSettings set to disallow < TLS 1.2, it completely bombs out of the low level C functions with this obscure message. When I forcefully disable access to TLSv1 or 1.1 I can see that support for renegotiation is off but I can now communicate securely with github
> openssl s_client -connect github.com:443 -no_tls1 -no_tls1_1 -no_tls1
{....}
---
SSL handshake has read 3621 bytes and written 382 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
My thought is that a better implementation would be to yes, continue to NOT support TLSv1/SSLv3 but do support renegotiating to > 1.2 rather than obscurely bombing out entirely...
So can anyone point me in the right direction to get this working again? I've reached out to github about the TLSv1/SSLv3 thing but I need a stopgap anyway. I cant seem to find a way to make git commands use something other than what openssl negotiates but if openssl libraries are bombing out before renegotiation then there seems to be very little I can do and I cant locate this policy that is referenced here https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
5 years, 1 month
f29 opencl can't be activated file missing
by François Patte
Bonjour,
On fedora 29 a file is missing to activate opencl with nvidia cards:
/etc/OpenCL/vendors/nvidia.icd
Without this file (inside, one line: libnvidia-opencl.so.1) darktable,
for instance, is unable to activate opencl.
Once upon a time this file used to exist on fedora (26? 27?) I don't
remember.
Could this be corrected?
Thank you.
PS I know, this mail should have been posted on rpmfusion forum, but I
can't post anything on this forum: mailman is not activated.... I don't
know why.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
5 years, 1 month
Fedora Install
by Thomas Dineen
Gentle People:
Today March third was a total waste of my time!!!
I attempted to down load and install your Fedora 28 release.
Over the course of the day I was able to install the build, add the
packages that i needed and
update the software. After spending the day installing and configuring
the software I attempted
a reboot. Result the system booted up to a blank grey screen! No error
messages no nothing.
Lets face the facts YOU HAVE A QUALITY PROBLEM!!! Fix it!
I have been able to successfully load and make use of CentOS,
Debian, and Ubantu releases
over the past 20 years with no problems!
But I have had only intermittent success with Fedora versions after 14.
You have a severe quality problem fix it.
A dedicated CentOS user.
5 years, 1 month
Re: Stuck Kernel Version.....
by Eddie G. O'Connor Jr.
Well, seems I don't have to sweat this anymore, as my 1 yr old niece
through her "overly active" curiosity, ensured that I will be needing to
buy a new SSD and having the insides of my T-420 "blow dried"!
LoL!......Thanks to all for the advice. And thank goodness for 2TB USB
drives and my rigorous backups schedule! (although I think I'm just gong
to nix all the customizations I had on there and will go with a plain
vanilla install and keep it that way!...I mean don't get me wrong the
Gnome extensions are awesome and all that ,but I have a feeling
SOMETHING caused my kernel to get stuck to begin with!) Plus I get to
install a fresh copy of F29 on my system!....so no more seeing the
fc27_x86-64 kernel in my boot up screens!
Cheers!
EGO II
5 years, 1 month
firefox 65 and tab bar
by François Patte
Bonjour,
I just updated firefox on fedora 29 and 65 version is installed. I had a
config in order to put the tab bar below other bars just above the
tabs.... I have a userChrome.css file in
.mozilla/firefox/ks.....default/chrome directory, with these lines which
used to make the job:
/* Tab bar below Navigation & Bookmarks Toolbars */
#nav-bar { /* main toolbar */
-moz-box-ordinal-group: 1 !important;
box-shadow: none !important;
}
#PersonalToolbar { /* bookmarks toolbar */
-moz-box-ordinal-group: 2 !important;
}
#TabsToolbar { /* tab bar */
-moz-box-ordinal-group: 3 !important;
padding-top: 0 !important;
}
This no longer works... What is the new syntax to correct this stupidity?
Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
5 years, 1 month
dnf didn't exclude and clobbered the package I wanted to keep - what
went wrong...?
by Morgan Read
OMG - GONE! WHAT THE F!!!
READ ON... OR, TO CUT A LONG(ISH) STORY SHORT(ER), JUMP STRAIGHT TO THE
BOTTOM...
I wanted to install master-pdf-editor-5.3.16-1.x86_64
Alongside master-pdf-editor-4.3.89-1.x86_64
Looking at the install of master-pdf-editor-4.3.89-1.x86_64 it all
seemed fairly self contained in /opt/masterpdfeditor4 and what was under
/usr all seemed to be suffixed by a '4'.
But, I knew that master-pdf-editor-5.3.16-1.x86_64 was likely to remove
master-pdf-editor-4.3.89-1.x86_64 (past experience).
So, I investigated the respective RPMs - no, scripts included that
looked like they'd remove earlier versions...
So, I ran:
$ rpm -qp --scripts master-pdf-editor-5.3.16_qt5.x86_64.rpm
postinstall scriptlet (using /bin/sh):
#!/bin/sh
set -e
# Automatically added by dh_installmenu
if [ -x "`which update-menus 2>/dev/null`" ]; then update-menus ; fi
# Automatically added by dh_installmime
if [ -x "`which update-mime-database 2>/dev/null`" ]; then
update-mime-database /usr/share/mime
fi
ln -s /opt/master-pdf-editor-5/masterpdfeditor5 /usr/bin/masterpdfeditor5
postuninstall scriptlet (using /bin/sh):
#!/bin/sh
set -e
# Automatically added by dh_installmenu
if [ "$1" = "configure" ] && [ -x "`which update-menus 2>/dev/null`" ]; then
update-menus
fi
# End automatically added section
rm -f /usr/bin/masterpdfeditor5
$
Which didn't seem to indicate the removal of
master-pdf-editor-4.3.89-1.x86_64.
However, I'm very suspicious... So, I investigated here:
https://www.systutorials.com/1661/making-dnf-yum-not-update-certain-packa...
And here:
https://dnf.readthedocs.io/en/latest/conf_ref.html
https://dnf.readthedocs.io/en/latest/command_ref.html#
Under 'excludepkgs'
And the man page, under 'excludepkgs'.
And so, wrote:
exclude=master-pdf-editor-4.3.89-1*
excludepkgs=master-pdf-editor-4.3.89-1*
To /etc/dnf/dnf.conf
And then ran 'dnf install ./master-pdf-editor-5.3.16_qt5.x86_64.rpm'
AND WHAT THE FRIGGING HELL HAPPENED??!!!
YUP, YOU GUEST IT master-pdf-editor-4.3.89-1.x86_64 GOT CLOBBERED!!!
So, what the f' do I have to do to prevent
master-pdf-editor-4.3.89-1.x86_64 from getting clobbered when installing
master-pdf-editor-5.3.16_qt5.x86_64.rpm
Thanks all
M
5 years, 1 month