[opensuse] 13.2 networking regressions, circular dependencies & lower security (was 'WARNING: iputils not fresh, upgrade ...)
Larry Finger wrote:
On 09/30/2015 07:51 PM, Linda Walsh wrote:
Does this mean the check in iputils is faulty w/r/t new kernels, or do new kernels have a *SERIOUS* regression?
The new kernels *DO NOT* have a serious regression, at least concerning this issue. If you search for this error message, you will see that it is printed for several of the network utilities if things like ping and other simple utilitoes are unable to reach their destination. Usually it means that you had some kind of network problem.
In this case 'serious network problem' simply meant that the host was unreachable -- which was why I was trying to 'ping' it in the first place (i.e. debugging what seemed to be a simplistic network problem). I didn't SERIOUSLY consider it likely that it was a kernel problem given the age of the utils -- just a bit odd that I'd never seen this message before with the opensuse13.1 release but then do with the 13.2 release. Does 13.2 ping come from a different package than 13.1 ping? Seems like at the very least networking in 13.2 took a step backwards (the various ifconfig/ifup/ifdown utils -- different package, no longer work either, as they did change package sources -- seems configuring network interfaces in 13.2 requires 'dbus' -- which doesn't work over networks. Sorta retarded that network relies on dbus which I've never been able to get to work over a network (i.e. desktop logging into suse machine that expects to use 'dbus' to talk to foreign (over network) dbus. Nice step backward. If a network is going to require dbus to work, might be nice to make sure dbus over a network works first... *sigh* Interesting article: http://darkmatters.norsecorp.com/2015/09/30/cellular-damage/ referring to 'cell phones', but pertinent to any self-updating software that increases the threat surface. Seems like having networking rely on 'dbus', is opening another layer of threat surface. Problem with PC-(linux+MS) SW devel today, is it's all about decreasing user control over their own devices and giving control to outsiders -- which creates new vectors that can also, often, be used for security breaches (even MS's update-channel has been used as an intrusion vector). Aren't the boundaries between dbus and kdbus in constant flux? I wonder how long it will be until PC's have as many threat vectors as cellphones? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2015-10-01 a las 15:51 -0700, Linda Walsh escribió:
-- seems configuring network interfaces in 13.2 requires 'dbus' -- which doesn't work over networks. Sorta retarded that network relies on dbus which I've never been able to get to work over a network (i.e. desktop logging into suse machine that expects to use 'dbus' to talk to foreign (over network) dbus.
Nice step backward. If a network is going to require dbus to work, might be nice to make sure dbus over a network works first... *sigh*
This does not compute. I don't see how you are going to configure the network, over the network. :-? You have got network to be running first. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlYNzPMACgkQja8UbcUWM1z0YAD/YSM9ovqaP1OMrTbdZbKxQFGP bDv+bDIe3xNclfh1hLQA/2z7NTpnaKR2rTsfm8WWE465IAz4ux9ZbloGiBO+Zguz =yTHO -----END PGP SIGNATURE-----
On 02/10/15 10:16, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2015-10-01 a las 15:51 -0700, Linda Walsh escribió:
-- seems configuring network interfaces in 13.2 requires 'dbus' -- which doesn't work over networks. Sorta retarded that network relies on dbus which I've never been able to get to work over a network (i.e. desktop logging into suse machine that expects to use 'dbus' to talk to foreign (over network) dbus.
Nice step backward. If a network is going to require dbus to work, might be nice to make sure dbus over a network works first... *sigh*
This does not compute. I don't see how you are going to configure the network, over the network. :-? You have got network to be running first.
I think the answer lies in, " (i.e. desktop logging into suse machine that expects to use 'dbus' to talk to foreign (over network) dbus. (*stet* = meaning there is a ')' missing :-) .) Or it may also mean that the problem occurs when you have one computer connected to another computer using a serial cable - I forgot what that is called! used to use it way back when..... oh alright, only back in the early 90s :-D ). All boils down to "definition" - which people often forget that "definition" is the cause of almost all (unnecessary and totally useless [Are you married, Carlos?]) arguments :-) . BC -- Using openSUSE 13.2, KDE 4.14.9 & kernel 4.2.2-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Basil Chupin wrote:
On 02/10/15 10:16, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2015-10-01 a las 15:51 -0700, Linda Walsh escribió:
-- seems configuring network interfaces in 13.2 requires 'dbus' -- which doesn't work over networks. Sorta retarded that network relies on dbus which I've never been able to get to work over a network (i.e. desktop logging into suse machine that expects to use 'dbus' to talk to foreign (over network) dbus.
Nice step backward. If a network is going to require dbus to work, might be nice to make sure dbus over a network works first... *sigh*
This does not compute. I don't see how you are going to configure the network, over the network. :-? You have got network to be running first.
I think the answer lies in, " (i.e. desktop logging into suse machine that expects to use 'dbus' to talk to foreign (over network) dbus. (*stet* = meaning there is a ')' missing :-) .)
You got it! Even though I am logged in over a network, I have yet to be able to get the dbus running on my desktop to talk to the dbus that I'm 'ssh'ed into. I.e. the dbus running on the suse linux machine doesn't work for anything, since it doesn't talk to the 'dbus' running on my desktop machine. Now to control network connections, 'dbus' is used by the newly broken ifconfig/ifup/ifdown. The connection I was 'ssh'ed' through was pre-setup with 'ifc' (a boot-time script) -- that configures the network connections to come up with reliable names (eth0, eth1...), channel binding (binding 2 networks together to function as 1) as well as setting up initial network addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Linda Walsh <suse@tlinx.org> schreef:
You got it!
Even though I am logged in over a network, I have yet to be able to get the dbus running on my desktop to talk to the dbus that I'm 'ssh'ed into. I.e. the dbus running on the suse linux machine doesn't work for anything, since it doesn't talk to the 'dbus' running on my desktop machine.
Linda, can you or anyone please explain to me what the deal is about dbus anyway? I have this slight impression that the architecture of it is broken although I have never looked into it. It is flouted as a "simple interprocess communication framework" but at the same time I rather despise everything uses it. For instance, what I've found from experience is that some programs may take a long time to start up because in the background there is DBUS activity going on, trying to catch up to something or anything. For instance just firing up KWrite from a konsole would give me all sorts of dbus messages related to /NetworkManager/ of all things. That is just a severely broken architecture. Something like that should never ever happen in any system that just features an IPC channel for applications. I feel that if I *were* to look into it I would pretty quickly discover what I so disagree with, or what so disagrees with me. I'm pretty good at software architecture you know, but so are you (I think). Instead of being a "caller in the desert" I feel perhaps you might be someone who has a thought on this? Regards, xx, Bart. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Basil Chupin -
Carlos E. R. -
Linda Walsh -
Xen