Re: A call to drop gnome as the default desktop

[Keith Bainbridge]

On 17/4/19 5:26 pm, Ansgar Burchardt wrote:

Keith Bainbridge writes:

I see the point that people who like gnome should be allowed to use it
-
so withdraw the drop gnome from debian.  I believe the change to the
subject line will keep the discussion together. I'll re-send if it
opens a new topic.


Why should GNOME not stay the default desktop?  Because it supports
using either of Wayland or X11?

To quote your original mail this was one of the two main reasons you
proposed GNOME to be dropped after all (besides not being able to move
some toolbar):

| [...] gnome is insisting that we like a new video process, just
| because the team have decided to like it lots.
|
| I say this is NOT freedom.

How is supporting *only* X11 freedom, but supporting *both* Wayland and
X11 NOT freedom?

Wouldn't it be more logical to drop all desktop environments that
support *only* X11 to give more freedom?

Ansgar



Ansgar

The snips in my original post were other peoples' quotes. I used them to 
support my reason to claim that gnome does not allow users who can't 
write very high level code, at least one option that I consider 
important. It is this extreme difficulty to do what is simple elsewhere 
that I am calling out - it is NOT freedom.



If I wanted to try Wayland I'd have to accept the restrictions that come 
with it. I recall that one live .iso I tried, offered it as an option. 
That was so long ago that I forget if I get around to trying it - maybe 
early last year, like Feb, with pre-release ubuntu 18.04.   It wouldn't 
really count anyway, as it was in vbox.


Hence, I relented from my position of removing gnome from debian; I 
accepted that I was denying those who wanted it, the option.



I felt a twinge when I read that Wayland needs testers; but I run 
developer versions of office and Firefox and similar Thunderbird as my 
contribution to testing. I'd answer more questions here, but clearly 
most users here know more than I do.   (perhaps the questions about 
super key were tongue in cheek?)


I also drew some comfort from people who said end users shouldn't be 
guinea pigs.



I think that it's ironical that I use a desktop that was gnome just a 
couple of years ago.



--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: A call to drop gnome

[Keith Bainbridge]

On 18/4/19 5:11 am, rhkra...@gmail.com wrote:

What is the magic Super key, and / or how do I find it on a typical 104 (or
similar) key keyboard?



It is another 'shift' key, like ctrl, alt. Generally near the left set 
of these. My laptop also has a fn key here.   It can be set to act on 
its own as well - often opens the Menu


--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Wed, 17 Apr 2019 18:41:46 -0400
Michael Stone  wrote:

> On Wed, Apr 17, 2019 at 06:11:43PM -0400, Celejar wrote:
> >In other words, with IPv4, there's no *practical* solution, since a
> >typical end user isn't going to get arbitrary numbers of IP addresses.
> 
> So use IPv6.

You make it sound like it's a trivial, straightforward change. Is it?
Will all my applications work correctly over IPv6 without much work? Is
there clear documentation, suitable for a non-expert, explaining how to
transition a Debian system to IPv6? [The Debian Wiki page doesn't seem
that comprehensive.]

Celejar

Re: soluções para vários arquivos copia

[Ricardo Kaê]

É, uma solução que eu acho até bem simples pra esse caso é ter um servidor
web (apache) acessível pela rede local e os arquivos estarem categorizados
por pastas nesse servidor. Qualquer terminal indenpendente (máquinas
clientes) acessariam pelo navegador, baixariam os arquivos e têm que haver
um formulário de upload, que pode ser escrito em PHP, pra upar a
modificação do arquivo na pasta certa. Acho que é uma solução rápida,
simples e funcional. Possível de ser implementada agora, basta uma máquina
Linux, a instalação e configuração do apache, a categorização dos arquivos
e a escrita do *form* em PHP.

Uma solução em JAVA com GUI, acho que demanda mais esforço. As máquinas
clientes teriam que ter a máquina virtual Java também pra rodar, ficaria
muito mais pesado.

E quanto as soluções acima, para usarem o Samba. Sinceramente, nunca usei.
Mas acho mais simples trabalhar com protocolo HTTP do que com o SMB, até
pela existência de mais tutoriais etc.

Re: Liste des fabricants de portable qui ne mettent pas de whitelist

[Gaëtan Perrier]

Salut,

Tu peux aussi regarder sur bios-mods.com pour trouver des bios modifiés pour 
retirer la whitelist.

A+

Gaëtan

Le 17 avril 2019 07:51:51 GMT+02:00, Benoit B  a écrit :
>
>Il semblerait que certains fabricants mettent des whitelist dans le
>bios...
>Existe-il une liste des fabricants de portable qui ne mettent pas de
>whitelist ? ;)
>


-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re : Re: Liste des fabricants de portable qui ne mettent pas de whitelist

[k6dedijon]

Bonjour Benoît,
Vous écrivez :
mais le wifi est rarement fonctionnel en libre.

Je ne vois pas ce qui vous fait affirmer ça.
Depuis 2006, je suis sous Linux et équipé 100% en Open Source.

Passez une bonne nuit
Cassis


- Mail d'origine -
De: Benoit B 
À: debian-user-french@lists.debian.org
Cc: debian-user-french 
Envoyé: Wed, 17 Apr 2019 07:51:51 +0200 (CEST)
Objet: Re: Liste des fabricants de portable qui ne mettent pas de whitelist

Merci pour ta réponse je rechercher là.
J'ai aussi cherché sur https://wiki.debian.org/InstallingDebianOn mais
le wifi est rarement fonctionnel en libre.

Une autre solution que j'ai testée sur mon portable actuel serait de
simplement changer le composant wifi...
Mais mon ordi n'a pas été plus loin que le Power-on self-test.
Impossible de le démarrer tant que le composant s'y trouvait.
Il semblerait que certains fabricants mettent des whitelist dans le bios...
Existe-il une liste des fabricants de portable qui ne mettent pas de
whitelist ? ;)

Merci d'avance

--
Benoit

Le mar. 16 avr. 2019 à 22:58, F. Dubois  a écrit :
>
> Le 16/04/2019 à 22:41, Benoit B a écrit :
> > Bonjour
> >
> > Tout est dans le titre...
> > Avant d'acheter un ordinateur portable,comment par exemple, vérifier
> > que le wifi va fonctionner avec des pilotes/firmwares libres ?
> >
> > Existe-t-il un site ou on peut rechercher un composant et vérifier son
> > bon fonctionnement ?
> >
> > Merci d'avance.
> >
> > Benoit
> >
> Bonsoir, déjà pour le wifi.
>
> https://wireless.wiki.kernel.org/welcome
>
> http://linuxwireless.sipsolutions.net/
>
> Après suffit de choisir la/les machine/s potentielles et chercher la
> compatibilité des différents sous-systèmes selon les composants.
>
> N'importe quel moteur de recherche (https://duckduckgo.com/ par exemple)
> donne plein de réponses (in english it's better and more up to date of
> course)
>
> Fabien
>

Re: soluções para vários arquivos copia

[Vitor Hugo]

Entendi esta solução esta em uso em uma das unidades, com um servidor 
FreeNAS; outra solução recomendada foi um aplicação em Java com a base 
de dados em MongoDB pois os arquivos do Word geralmente possuem um 
tamanho de 1.5MB a 2MB.

Em 14/04/2019 22:33, Humberto A. Sousa escreveu:
> Estuda aí o SAMBA que vai dar certo.
> É que a solução nos pareceu tão simples que despertou dúvidas no pessoal.
>
>
> Saudações,
>
>
>
> Humberto Araujo de Sousa
> humbe...@dontec.com.br
>
> Em 11/04/2019 14:22, Vitor Hugo escreveu:
>> Onde esta confuso?
>>
>> Em 11/04/2019 14:01, Leandro Guimarães Faria Corcete DUTRA escreveu:
>>> Le jeudi 11 avril 2019 à 16:57 +, Vitor Hugo a écrit :
 deveria haver um servidor para armazenar estes arquivos e as 10
 maquinas puxarem deste servidor para fazer a edição e salvamento do
 arquivo direto no servidor
>>> Continua confuso, mas parece que basta um servidor de arquivos Samba.
>>> Estuda-o um pouco e testa, depois relata o resultado — na lista.
>>>
>>>
>>>
>

Re: Sudden “operation not permitted”

[David Christensen]

On 4/17/19 1:19 PM, Marc Auslander wrote:

David Christensen  writes:


On 4/16/19 11:25 PM, Mark Fletcher wrote:

(Apologies if this mail comes through poorly formatted for the list; my
main machine is unavailable due to this problem and I’m writing on an
iPad...)

Running Stretch on a circa-2009 self-built machine which has run happily
without serious issues since it was built, apart from the odd annoyance
with Bluetooth audio which the list has already had the pleasure of hearing
about.

This morning I unlocked it before leaving home, and noticed that load was
fairly constant at about 1.0 when it should have been at 0 as the machine
should have been idle. I listed processes with top and noticed that upowerd
was taking up a whole CPU to itself. Normally I wouldn’t notice this daemon
doing its thing.

Google turned up nothing relevant.

I decided to try a reboot, which cleared the upowerd problem and returned
load to 0 or close to it. But now, network activity is not working. Any
attempt to ping an IP address (eg my router) results in “Operation not
permitted” even when run as root. Attempt to access any web page results in
failing to find the site. Attempting to ping a text domain (eg
www.google.com) results in an error message (instantly) saying could not
resolve...

It seems like networking is bejiggered suddenly on this machine. I did not
install updates before rebooting, last time updates were installed was
Sunday, and all has been well since then until this morning, although I did
not reboot during that period until this morning. The machine is attached
to my network via an Ethernet cable running to a WiFi+wired router. That is
obviously working as the machine was able to get an IP address by DHCP
after the reboot (ip route after reboot showed IP address correctly
assigned) but unable to resolve any address and unable to ping an IP
address of the form 192.168.xx.yy with the “Operation not permitted” error.

All the pinging I’ve been trying worked without issues before this problem
occurred, both as root and as an unprivileged user.

Looking through the journalctl since my reboot, I do not see anything that
obviously points to the problem. Network Manager seems to start OK, as far
as I can tell. I don’t see any significant errors except postgreSQL failing
to start, which is normal and I don’t use it. The first sign of trouble (to
my eye, anyway) in the boot log is when services that want the network eg
ntp start trying to interact with it, and failing.

A second reboot produced exactly the same result. Other devices on my
network are working fine.

Putting the upowerd behavior together with the suddenness of this problem,
I’m very afraid that this isn’t really permissions and is in fact some sort
of hardware issue — the machine is 10 years old, was built by me, and has
been in continuous use since it was built... Any suggestions for what I can
do to diagnose?

Thanks in advance

Mark


If you updated/ upgraded but did not reboot, then there could be a
problem with one or more upgrades.  (I try to reboot immediately after
upgrading to avoid delayed surprises.)


I would pull the system drive, put it into a second machine, boot it,
and see if the problems persist.  I would also run the system drive
manufacturer's diagnostic tool and test the system drive.


While testing the system drive in another machine, I would test the
first machine -- e.g. verify all cables fully seated, test the power
supply with a hardware tester, run any motherboard firmware
diagnostics, run software memory diagnostics, etc..


David


Wouldn't it make more sense to boot a rescue CD and see if the hardware
works - specifically the networking?


Using a rescue CD, live CD, another system drive (USB or SATA), etc., 
would all be additional options for "test the first machine".



David

Re: Accessing a host with variable IP addresses / connection types

[Michael Stone]

On Wed, Apr 17, 2019 at 06:11:43PM -0400, Celejar wrote:

In other words, with IPv4, there's no *practical* solution, since a
typical end user isn't going to get arbitrary numbers of IP addresses.


So use IPv6.

Re: [résolu] HS: iptables interface de sortie par la même que l'entrée.

[Jérémy Prego]

Le 17/04/2019 à 23:49, Pascal Hambourg a écrit :
> Le 17/04/2019 à 22:07, Jérémy Prego a écrit :
>> Le 17/04/2019 à 21:51, Pascal Hambourg a écrit :
> )
 Par contre, l'inconvénient est que du coup j'ai 2 lignes par host au
 lieu d'une seul du coup ça va me doubler toute les rules. Je ne pense
 pas qu'on puisse réduire ça en une ligne ?
>>>
>>> Comment ça, par host ? Il y en a d'autres ?
>>
>> oui, quelques uns.
>>> Combien ?
>>
>> plusieurs centaine.
>
> Alors ipset est probablement plus efficace que des centaines de règles.

oui je suis en train de regarder, ça semble plus optimisé en effet :) et
pas difficile a mettre en place.
>
>>> Tu peux factoriser l'adresse grâce à une autre chaîne utilisateur.
>>
>> ???
>
> iptables -t mangle -N ROUTING-POLICY
> iptables -t mangle -N ROUTING-POLICY-2
>
> iptables -t mangle -A ROUTING-POLICY -d adresse1 -j ROUTING-POLICY-2
> iptables -t mangle -A ROUTING-POLICY -d adresse2 -j ROUTING-POLICY-2
> iptables -t mangle -A ROUTING-POLICY -d adresse3 -j ROUTING-POLICY-2
> ...
> iptables -t mangle -A ROUTING-POLICY-2 -m conntrack --ctstate NEW -j
> CONNMARK --set-mark 0x1
> iptables -t mangle -A ROUTING-POLICY-2 -j CONNMARK --restore-mark
>

merci beaucoup pour tout !

Jerem

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Wed, 17 Apr 2019 12:42:06 -0400
Michael Stone  wrote:

> On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:
> >On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone  wrote:
> >
> >> On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
> >> >Thanks. When I first set up the VPN, I did some reading about this, and
> >> >I was rather shocked to see that there was no definitive solution to
> >> >avoid address collisions
> >>
> >> Sure there is--globally unique IPs.
> >
> >I assume you're referring to IPv6? I was referring to IPv4.
> 
> It applies to both, though we've run out of IPv4. There's no other way 

In other words, with IPv4, there's no *practical* solution, since a
typical end user isn't going to get arbitrary numbers of IP addresses.

> to guarantee the absence of network collisions.

Celejar

Re: [quasi résolu] HS: iptables interface de sortie par la même que l'entrée.

[Pascal Hambourg]

Le 17/04/2019 à 22:07, Jérémy Prego a écrit :

Le 17/04/2019 à 21:51, Pascal Hambourg a écrit :

)

Par contre, l'inconvénient est que du coup j'ai 2 lignes par host au
lieu d'une seul du coup ça va me doubler toute les rules. Je ne pense
pas qu'on puisse réduire ça en une ligne ?


Comment ça, par host ? Il y en a d'autres ?


oui, quelques uns.

Combien ?


plusieurs centaine.


Alors ipset est probablement plus efficace que des centaines de règles.


Tu peux factoriser l'adresse grâce à une autre chaîne utilisateur.


???


iptables -t mangle -N ROUTING-POLICY
iptables -t mangle -N ROUTING-POLICY-2

iptables -t mangle -A ROUTING-POLICY -d adresse1 -j ROUTING-POLICY-2
iptables -t mangle -A ROUTING-POLICY -d adresse2 -j ROUTING-POLICY-2
iptables -t mangle -A ROUTING-POLICY -d adresse3 -j ROUTING-POLICY-2
...
iptables -t mangle -A ROUTING-POLICY-2 -m conntrack --ctstate NEW -j 
CONNMARK --set-mark 0x1

iptables -t mangle -A ROUTING-POLICY-2 -j CONNMARK --restore-mark

Re: INFO: task blocked for more than 120 seconds

[Étienne Mollier]

Bonjour,

Je crois que je commence à sécher.  Ça vaudrait le coup d'ouvrir
un rapport à propos du noyau via reportbug.  Si ce comportement
est connu d'un mainteneur, alors peut-être qu'il aura une
solution, sinon ce sera toujours bien d'en avoir une trace.

Steve, au 2019-04-17 :
> Le 16-04-2019, à 21:09:29 +0200, Étienne Mollier a écrit :
> > Toutefois, je ne sais pas si vous vous êtes retrouvé dans la
> > situation décrite par le changelog, ni si corruption il y a ;
> > je crois qu'il y aurait aussi des erreurs relatives à votre
> > système de fichier dans `dmesg` dans ce cas.
>
> J'ai bien peur que non. J'aimerais bien avoir plus d'information dans
> les différents fichiers journaux mais je ne sais pas trop comment et
> quoi activer.

Les message relatif au noyau et ses sous-systèmes apparaissent
en sortie de la commande `dmesg`.  En dehors, je ne vois pas, à
part des copies dans les différents agrégateurs de journaux.
Il est éventuellement possible d'augmenter la verbosité de
certains modules noyau, via des options du type module.debug=1,
mais pas certain que ça aide dans votre cas.  Je n'exclue pas
d'avoir loupé quelque chose moi-même.

Dans le doute, la force brute est aussi une solution valide pour
chercher une aiguille dans une botte de foin:

# rgrep -i 'ext4\|raid\|md[0-2]' /var/

> uname -a
>
> Linux box.maison.mrs 4.19.0-0.bpo.4-amd64 #1 SMP Debian 4.19.28-2~bpo9+1 
> (2019-03-27) x86_64 GNU/Linux

4.19.28-2~bpo9+1, ça devrait être bon.  :)

Dans le doute, j'ajouterais un incrément dans les backups avant
reconstruction, au cas où...

> Voilà, j'ai essayé avec le driver « nouveau ». Impossible de charger
> xorg, faut dire que j'ai une carte assez récente (GeForce GTX 1080 Ti).

Ça vient probablement du fichier /etc/X11/xorg.conf, produit par
nvidia-xconfig ou nvidia-settings, lors de l'installation et la
configuration du pilote respectivement.  Avec un peu de chance,
le serveur X démarrera si ce fichier n'existe plus, par exemple
en le renommant /etc/X11/xorg.conf.nvidia-bck.

Si vraiment c'est « nouveau » qui coince, alors il est toujours
possible de le replacer en liste noire, le pilote nvidiafb
pourra éventuellement prendre le relai ; ceci étant j'ai déjà vu
ce pilote coincer méchamment sur carte Quadro, avec la console
coincée sur une fonte blanche à fond vert…  L'écran vert de la
mort ?

> En éteignant la machine, j'ai observé un truc étrange:
>
> Failed unmounting /var
>
> et /var est monté sur /dev/md0.
>
> Je ne sais pas si ça peut corrompre ce système de fichiers si la machine
> s'éteint avant que cette partition ne soit démontée. Une piste ?

À première vue, ça aurait pu expliquer les erreurs corrigées par
fsck, que vous avez mentionné un peu plus tôt dans le file de
discussion.  Toutefois, si le système de fichier ne s'était pas
correctement démonté à l'arrêt de la machine, je crois que le
fsck aurait dû se déclencher au démarrage suivant.

> Les erreurs BIOS, et bien, sont des erreurs BIOS (mis à jour très
> récemment, ce qui a diminué leur nombre).

L'essentiel est effectivement du bruit, mais c'est bien pensé,
le coup de mettre à jour le Bios.

Amicalement,
-- 
Étienne Mollier 

Re: A call to drop gnome

[Ric Moore]

On 4/16/19 11:32 PM, Keith Bainbridge wrote:

I tried java about 15 years ago, and failed miserably. Perhaps a bad 
choice, but what the Uni course I was trying to get into required. I can 
write a script and alias's in .bashrc, the odd macro in Calc. I keep 
telling my friends it's never too late to learn, but at 71, I figure I 
can serenely claim that's enough.



I'm pushing 70 and the last time I programmed anything was "Hunt the 
Wumpus" in AppleSoft basic on a plugin card on my Integer Basic Apple][ 
in 1978. Yoho! Ric

Re: Sudden “operation not permitted”

[Marc Auslander]

David Christensen  writes:

>On 4/16/19 11:25 PM, Mark Fletcher wrote:
>> (Apologies if this mail comes through poorly formatted for the list; my
>> main machine is unavailable due to this problem and I’m writing on an
>> iPad...)
>>
>> Running Stretch on a circa-2009 self-built machine which has run happily
>> without serious issues since it was built, apart from the odd annoyance
>> with Bluetooth audio which the list has already had the pleasure of hearing
>> about.
>>
>> This morning I unlocked it before leaving home, and noticed that load was
>> fairly constant at about 1.0 when it should have been at 0 as the machine
>> should have been idle. I listed processes with top and noticed that upowerd
>> was taking up a whole CPU to itself. Normally I wouldn’t notice this daemon
>> doing its thing.
>>
>> Google turned up nothing relevant.
>>
>> I decided to try a reboot, which cleared the upowerd problem and returned
>> load to 0 or close to it. But now, network activity is not working. Any
>> attempt to ping an IP address (eg my router) results in “Operation not
>> permitted” even when run as root. Attempt to access any web page results in
>> failing to find the site. Attempting to ping a text domain (eg
>> www.google.com) results in an error message (instantly) saying could not
>> resolve...
>>
>> It seems like networking is bejiggered suddenly on this machine. I did not
>> install updates before rebooting, last time updates were installed was
>> Sunday, and all has been well since then until this morning, although I did
>> not reboot during that period until this morning. The machine is attached
>> to my network via an Ethernet cable running to a WiFi+wired router. That is
>> obviously working as the machine was able to get an IP address by DHCP
>> after the reboot (ip route after reboot showed IP address correctly
>> assigned) but unable to resolve any address and unable to ping an IP
>> address of the form 192.168.xx.yy with the “Operation not permitted” error.
>>
>> All the pinging I’ve been trying worked without issues before this problem
>> occurred, both as root and as an unprivileged user.
>>
>> Looking through the journalctl since my reboot, I do not see anything that
>> obviously points to the problem. Network Manager seems to start OK, as far
>> as I can tell. I don’t see any significant errors except postgreSQL failing
>> to start, which is normal and I don’t use it. The first sign of trouble (to
>> my eye, anyway) in the boot log is when services that want the network eg
>> ntp start trying to interact with it, and failing.
>>
>> A second reboot produced exactly the same result. Other devices on my
>> network are working fine.
>>
>> Putting the upowerd behavior together with the suddenness of this problem,
>> I’m very afraid that this isn’t really permissions and is in fact some sort
>> of hardware issue — the machine is 10 years old, was built by me, and has
>> been in continuous use since it was built... Any suggestions for what I can
>> do to diagnose?
>>
>> Thanks in advance
>>
>> Mark
>
>If you updated/ upgraded but did not reboot, then there could be a
>problem with one or more upgrades.  (I try to reboot immediately after
>upgrading to avoid delayed surprises.)
>
>
>I would pull the system drive, put it into a second machine, boot it,
>and see if the problems persist.  I would also run the system drive
>manufacturer's diagnostic tool and test the system drive.
>
>
>While testing the system drive in another machine, I would test the
>first machine -- e.g. verify all cables fully seated, test the power
>supply with a hardware tester, run any motherboard firmware
>diagnostics, run software memory diagnostics, etc..
>
>
>David

Wouldn't it make more sense to boot a rescue CD and see if the hardware
works - specifically the networking?

Re: [quasi résolu] HS: iptables interface de sortie par la même que l'entrée.

[Jérémy Prego]

Le 17/04/2019 à 21:51, Pascal Hambourg a écrit :
>>> )
>> Par contre, l'inconvénient est que du coup j'ai 2 lignes par host au
>> lieu d'une seul du coup ça va me doubler toute les rules. Je ne pense
>> pas qu'on puisse réduire ça en une ligne ?
>
> Comment ça, par host ? Il y en a d'autres ? 

oui, quelques uns.
> Combien ? 

plusieurs centaine. en fait, je fais passer des services par des
connexion différentes, mais il arrive que ces mêmes service doivent
pouvoir contacter la connexion principal du routeur. ssh, http, dns ...

> La liste est fixe ou dynamique ?
>

plutot fixe, il m'arrive parfois d'ajouter des adresses mais ça ne
change pas souvent.

> Tu peux factoriser l'adresse grâce à une autre chaîne utilisateur.

???

> Tu peux utiliser ipset pour gérer une liste d'adresses.

Merci, je vais regarder.

Jerem

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Curt]

On 2019-04-17, Pascal Hambourg  wrote:
> Le 17/04/2019 à 18:42, Michael Stone a écrit :
>> On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:
>>> On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone  
>>> wrote:
>>>
 On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
 >I was rather shocked to see that there was no definitive solution to
 >avoid address collisions

 Sure there is--globally unique IPs.
>>>
>>> I assume you're referring to IPv6? I was referring to IPv4.
>> 
>> It applies to both, though we've run out of IPv4. There's no other way 
>> to guarantee the absence of network collisions.
>
> A properly generated IPv6 ULA (Unique Local Address) prefix is unlikely 
> to have collisions.
>

I thought that was exactly what he was saying.

Re: [quasi résolu] HS: iptables interface de sortie par la même que l'entrée.

[Pascal Hambourg]

Le 17/04/2019 à 18:14, Jérémy Prego a écrit :

Le 17/04/2019 à 07:27, Pascal Hambourg a écrit :

Le 16/04/2019 à 18:44, Jérémy Prego a écrit :

iptables -t mangle -A ROUTING-POLICY -d jeremy.domain.net -m conntrack
--ctstate NEW -j CONNMARK --set-mark 0x1
iptables -t mangle -A ROUTING-POLICY -d jeremy.domain.net -j CONNMARK
--restore-markc(...)

Par contre, l'inconvénient est que du coup j'ai 2 lignes par host au
lieu d'une seul du coup ça va me doubler toute les rules. Je ne pense
pas qu'on puisse réduire ça en une ligne ?


Comment ça, par host ? Il y en a d'autres ? Combien ? La liste est fixe 
ou dynamique ?


Tu peux factoriser l'adresse grâce à une autre chaîne utilisateur.
Tu peux utiliser ipset pour gérer une liste d'adresses.

[OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Pascal Hambourg]

Le 17/04/2019 à 18:42, Michael Stone a écrit :

On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:
On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone  
wrote:



On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
>I was rather shocked to see that there was no definitive solution to
>avoid address collisions

Sure there is--globally unique IPs.


I assume you're referring to IPv6? I was referring to IPv4.


It applies to both, though we've run out of IPv4. There's no other way 
to guarantee the absence of network collisions.


A properly generated IPv6 ULA (Unique Local Address) prefix is unlikely 
to have collisions.

Re: A call to drop gnome

[rhkramer]

On Tuesday, April 16, 2019 01:32:38 PM Ansgar Burchardt wrote:
> You press the magic Super key, 

What is the magic Super key, and / or how do I find it on a typical 104 (or 
similar) key keyboard?


> then type "Terminal" on the keyboard (or
> at least the beginning), then press Enter.  GNOME feels pretty much
> designed to not be used by a mouse alone ;-)
> 
> Ansgar

Re: Sudden “operation not permitted”

[David Christensen]

On 4/16/19 11:25 PM, Mark Fletcher wrote:

(Apologies if this mail comes through poorly formatted for the list; my
main machine is unavailable due to this problem and I’m writing on an
iPad...)

Running Stretch on a circa-2009 self-built machine which has run happily
without serious issues since it was built, apart from the odd annoyance
with Bluetooth audio which the list has already had the pleasure of hearing
about.

This morning I unlocked it before leaving home, and noticed that load was
fairly constant at about 1.0 when it should have been at 0 as the machine
should have been idle. I listed processes with top and noticed that upowerd
was taking up a whole CPU to itself. Normally I wouldn’t notice this daemon
doing its thing.

Google turned up nothing relevant.

I decided to try a reboot, which cleared the upowerd problem and returned
load to 0 or close to it. But now, network activity is not working. Any
attempt to ping an IP address (eg my router) results in “Operation not
permitted” even when run as root. Attempt to access any web page results in
failing to find the site. Attempting to ping a text domain (eg
www.google.com) results in an error message (instantly) saying could not
resolve...

It seems like networking is bejiggered suddenly on this machine. I did not
install updates before rebooting, last time updates were installed was
Sunday, and all has been well since then until this morning, although I did
not reboot during that period until this morning. The machine is attached
to my network via an Ethernet cable running to a WiFi+wired router. That is
obviously working as the machine was able to get an IP address by DHCP
after the reboot (ip route after reboot showed IP address correctly
assigned) but unable to resolve any address and unable to ping an IP
address of the form 192.168.xx.yy with the “Operation not permitted” error.

All the pinging I’ve been trying worked without issues before this problem
occurred, both as root and as an unprivileged user.

Looking through the journalctl since my reboot, I do not see anything that
obviously points to the problem. Network Manager seems to start OK, as far
as I can tell. I don’t see any significant errors except postgreSQL failing
to start, which is normal and I don’t use it. The first sign of trouble (to
my eye, anyway) in the boot log is when services that want the network eg
ntp start trying to interact with it, and failing.

A second reboot produced exactly the same result. Other devices on my
network are working fine.

Putting the upowerd behavior together with the suddenness of this problem,
I’m very afraid that this isn’t really permissions and is in fact some sort
of hardware issue — the machine is 10 years old, was built by me, and has
been in continuous use since it was built... Any suggestions for what I can
do to diagnose?

Thanks in advance

Mark


If you updated/ upgraded but did not reboot, then there could be a 
problem with one or more upgrades.  (I try to reboot immediately after 
upgrading to avoid delayed surprises.)



I would pull the system drive, put it into a second machine, boot it, 
and see if the problems persist.  I would also run the system drive 
manufacturer's diagnostic tool and test the system drive.



While testing the system drive in another machine, I would test the 
first machine -- e.g. verify all cables fully seated, test the power 
supply with a hardware tester, run any motherboard firmware diagnostics, 
run software memory diagnostics, etc..



David

Re: is xdvi broken?

[rlharris]

On 2019.04.17 12:38, Kushal Kumaran wrote:

You may be able to configure your window manager to disallow certain
kinds of windows from stealing focus.


I had forgotten about the concept of focus; I thank you for reminding 
me, and for pointing me to the window manager.  So many things in Debian 
"just work" without attention that it is easy to lose familiarity with 
the mechanisms involved.

Re: is xdvi broken?

[Kushal Kumaran]

rlhar...@oplink.net writes:

> 
>
> A month ago I was using latexmk with the same options on this machine.
> I seem to recall an occasional jump back to the xdvi window, but not
> the constant jumping back I was seeing today.  So I think that the new
> Cherry keyboard must be the culprit.

You may be able to configure your window manager to disallow certain
kinds of windows from stealing focus.  KDE/Plasma has something called
"Window Rules" that seems to fit the bill, but that I've never had
occasion to try myself.

Alternatively, if you have a large enough display, you can tile your
windows so that emacs and xdvi are both visible at the same time.  Not
sure whether xdvi will steal focus away from emacs in that case.

Won't help if your keyboard is actually sending unexpected input, of
course.

-- 
regards,
kushal

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Thu, 18 Apr 2019 04:49:56 +1200
Richard Hector  wrote:

> On 18/04/19 12:15 AM, Celejar wrote:
> > Currently, my LAN is 192.168.0.0/24, which is also the addressing
> > scheme of some of the networks out of my control that I'm setting up a
> > VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
> > address collisions with these other networks. It did occur to me to
> > consider using a different address space, for the VPN or perhaps for the
> > whole home LAN, but I'd rather not take that step just to solve what
> > seems a relatively simple problem unless absolutely necessary
> 
> I ran into that - needing to VPN between 2 networks which clashed, and
> neither of which I could renumber. In the end I gave up on IPv4, and all
> my VPNs are now IPv6-only. It took some learning, but that was really an
> added advantage.

I've been toying with this, since IPv6 is probably worth moving to
anyway, but for the current problem, it still seems like overkill - the
crude solution of just editing /etc/hosts by hand just works ;)

Celejar

Re: Accessing a host with variable IP addresses / connection types

[Richard Hector]

On 18/04/19 12:15 AM, Celejar wrote:
> Currently, my LAN is 192.168.0.0/24, which is also the addressing
> scheme of some of the networks out of my control that I'm setting up a
> VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
> address collisions with these other networks. It did occur to me to
> consider using a different address space, for the VPN or perhaps for the
> whole home LAN, but I'd rather not take that step just to solve what
> seems a relatively simple problem unless absolutely necessary

I ran into that - needing to VPN between 2 networks which clashed, and
neither of which I could renumber. In the end I gave up on IPv4, and all
my VPNs are now IPv6-only. It took some learning, but that was really an
added advantage.

Richard



signature.asc
Description: OpenPGP digital signature

Re: Remote Access

[Francisco M Neto]

Hello!

Thanks for all the replies; indeed the first option I found when
searching for alternatives was AnyDesk; however it falls under the same scope as
TeamViewer, of limiting free usage (as in "free beer") for "personal usage"
while charging for "commercial" use.

As much as I don't want to, I might have to go with the VPN option.
Which might be troublesome since some of these systems are located in remove
areas (literally - like the middle of the Amazon forest or high up in the Andes
Mountain Range).

Cheers,
Francisco

-- 
[]'s,

Francisco M Neto

GPG: 4096R/D692FBF0

On Wed, 2019-04-17 at 20:39 +0500, Alexander V. Makartsev wrote:
> On 17.04.2019 18:35, Francisco M Neto wrote:
> > Greetings!
> > 
> > At work, we have several computers that are located at different
> > locations throughout the country. Some of them are highly inaccessible by
> > usual
> > means, and it requires a certain planning to reach them to have direct
> > access.
> > Therefore, we have been using TeamViewer software to access those machines
> > remotely. 
> > 
> > However, the "powers that be" have decided that TeamViewer is not worth
> > the investment on a commercial license for unrestricted use, and therefore I
> > have been asked to find a replacement.
> > 
> > Do any of you good fellows know of some software (or service for that
> > matter) that might perform the same task? Regular VNC (e.g. tigervnc) is not
> > quite enough, since each site runs inside the infrastructure of other
> > people,
> > and therefore we do not have control over their networking environment; some
> > of
> > the have real IPs, and others are behind firewalls and NATs, which render a
> > regular direct connection impossible.
> > 
> > Thanks in advance,
> > Francisco
> > 
>  If your aim is to get one, completely free of charge, software for remote
> access to your "mixed bag" of hosts and environments, then I'm pretty sure
> you're out of luck.
> You will have to pick from many different solutions, for each remote
> environment and each host and manage them all by yourself.
> TeamViewer and AnyDesk are probably the only solutions (at least trustworthy)
> that could run on multiple OS and allow remote access by IDs, instead of IPs,
> which is essential in your use-case.
> There are other less trustworthy and secure solutions available, like "Ammyy
> Admin" and "AeroAdmin", but they look and feel really sloppy and have many
> feature limitations.
> 
> There is also a possibility of creating tunnel VPN connections from each host
> to one VPN server (remote hosts will initiate connections), so you will be
> able to access different networks and hosts on them over the Internet.
> This is of course depends on how strict firewalls on remote locations will be,
> but if you will go that route, you can use essentially any remote management
> software you like.
> For that case, personally I recommend NoMachine, which could be used for free,
> on any major OS and also it is the only remote desktop solution in the World
> that allows you to authenticate by private-key.
> I think, you can achieve this by using OpenVPN, since it is less firewall
> dependent than IPSec.
> 
> 
> 



signature.asc
Description: This is a digitally signed message part

Re: Accessing a host with variable IP addresses / connection types

[Michael Stone]

On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:

On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone  wrote:


On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
>Thanks. When I first set up the VPN, I did some reading about this, and
>I was rather shocked to see that there was no definitive solution to
>avoid address collisions

Sure there is--globally unique IPs.


I assume you're referring to IPv6? I was referring to IPv4.


It applies to both, though we've run out of IPv4. There's no other way 
to guarantee the absence of network collisions.

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Wed, 17 Apr 2019 12:10:56 -0400
Michael Stone  wrote:

> On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
> >Thanks. When I first set up the VPN, I did some reading about this, and
> >I was rather shocked to see that there was no definitive solution to
> >avoid address collisions
> 
> Sure there is--globally unique IPs.

I assume you're referring to IPv6? I was referring to IPv4.

Celejar

Re: [quasi résolu] HS: iptables interface de sortie par la même que l'entrée.

[Jérémy Prego]

Le 17/04/2019 à 07:27, Pascal Hambourg a écrit :
>> Le 16/04/2019 à 18:44, Jérémy Prego a écrit :
>>> j'ai testé ça qui ne fonctionne pas non plus:
>>> iptables -t mangle -D ROUTING-POLICY -d jeremy.domain.net -m conntrack
>>> --ctstate NEW -j CONNMARK --set-mark 0x1
>>> iptables -t mangle -A ROUTING-POLICY -d jeremy.domain.net -j CONNMARK
>>> --restore-markc
>> Je suppose que -D et --restore-markc sont des erreurs de copier-coller ?
> oui
>
>> Qu'est-ce qui se passe exactement ?
>>
> ça ne sort pas du tout ... c'est pour ça que j'aimerai bien un peu
> d'aide sur les règles a appliquer vraiment pour comprendre parce que là
> je patauge vraiment. j'ai aucune idée de ce qu'est une bonne règle dans
> ce cas précis.

re,

bon alors, voyant que ça ne fonctionnait pas j'ai décidé de partir sur
une vm fraîche pour faire des tests et effectivement ça fonctionne ! du
coup, merci beaucoup !
Par contre, l'inconvénient est que du coup j'ai 2 lignes par host au
lieu d'une seul du coup ça va me doubler toute les rules. Je ne pense
pas qu'on puisse réduire ça en une ligne ?
> Jerem

Re: Accessing a host with variable IP addresses / connection types

[Michael Stone]

On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:

Thanks. When I first set up the VPN, I did some reading about this, and
I was rather shocked to see that there was no definitive solution to
avoid address collisions


Sure there is--globally unique IPs.

Re: A call to drop gnome

[Kenneth Parker]

On Wed, Apr 17, 2019, 11:13 AM 황병희 
wrote:

> > So, I am asking that gnome be dropped as an installation option (not
>
> FYI; Ubuntu 18.04 use GNOME as default desktop. Ah yes i'm fan of GNOME.
>

Only if it's called "Ubuntu".   One of my Machines runs Xubuntu, with
XFCE.  And there are quite a variety of "leading letters", including K (for
KDE) and L (LXCD).

>
> Sincerely, Byung-Hee from South Korea.
>
> --
> ^고맙습니다 _地平天成_ 감사합니다_^))//
>

Kenneth Parker

>
>

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Wed, 17 Apr 2019 14:59:53 +0100
Joe  wrote:

> On Wed, 17 Apr 2019 08:15:09 -0400
> Celejar  wrote:
> 
> 
> > Currently, my LAN is 192.168.0.0/24, which is also the addressing
> > scheme of some of the networks out of my control that I'm setting up a
> > VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
> > address collisions with these other networks. It did occur to me to
> > consider using a different address space, for the VPN or perhaps for
> > the whole home LAN, but I'd rather not take that step just to solve
> > what seems a relatively simple problem unless absolutely necessary
> > 
> 
> If you do get pushed to doing that, there are a few commonly used
> networks that you should avoid. 10. is often used with a netmask of
> /24 or /8, and the latter precludes all 10. variants. Of the 192.168.
> groups, 0, 1, 8, 16 and 254 are often used, best use something quite
> random like 192.168.137.0/24.
> 
> Probably better still is one of the 172.16-172.31 groups, which don't
> seem to be used as defaults very often.

Thanks. When I first set up the VPN, I did some reading about this, and
I was rather shocked to see that there was no definitive solution to
avoid address collisions, just recommendations like yours to try to
make a good guess about it ...

Celejar

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Wed, 17 Apr 2019 15:29:50 +0200
Kevin DAGNEAUX  wrote:

> 
> Le 17/04/2019 à 14:15, Celejar a écrit :
> > On Wed, 17 Apr 2019 08:37:20 +0200
> > Kevin DAGNEAUX  wrote:
> >
> >>> Hi,
> >>>
> >>> I've been bedeviled by this question for a while, but have been unable
> >>> to figure out a clean, non-hackish solution. It may be an XY problem ...
> >>>
> >>> I have a system (laptop, running Debian) that is sometimes connected
> >>> directly to my LAN, and sometimes connected via VPN (wireguard, to the
> >>> local router, running OpenWrt). The LAN is 192.168.0.0/24, with the
> >>> laptop having a fixed, static address in that range (although I'm
> >>> certainly open to using DHCP, possibly with a fixed address
> >>> reservation). The VPN is 10.0.0.0/24, with the laptop getting a fixed,
> >>> static address in that range (and wireguard apparently doesn't work
> >>> with dhcp).
> >>>
> >>> I currently have an entry in /etc/hosts on the various LAN hosts
> >>> assigning a hostname to the laptop's fixed local address, and the LAN
> >>> hosts can access the laptop via that hostname. [I could alternatively
> >>> use dnsmasq, which is running on the router regardless.] This obviously
> >>> doesn't work when the laptop is connected via VPN. [The laptop can
> >>> access the LAN hosts fine via their hostnames, so I seem to have the
> >>> routing correctly configured on the laptop and the router.]
> >>>
> >>> What I seem to want (but maybe XY?) is some way to adjust the host
> >>> files (or dnsmasq's information) so that the hostname will resolve to
> >>> the LAN address when the laptop is connected to the LAN, and the VPN
> >>> address when it's connected via VPN. If everything was using DHCP, this
> >>> would be straightforward enough, but as I said, the VPN apparently
> >>> needs to be configured statically, and not via DHCP. I could obviously
> >>> use some custom script (using, say, ageas, to modify host files) but
> >>> this seems hackish. What is a standard, 'correct' way to do this, or
> >>> more generally, to enable the LAN hosts to access the laptop
> >>> seamlessly regardless of its IP address and connection type?
> >>>
> >>> Celejar
> >>>
> >> Hi,
> >>
> >> A possible solution is to use a bridged VPN, in this case, your laptop
> >> will always have the same IP.
> > Thanks. I can't seem to find much information about this - can you
> > elaborate, or point me to a link? [I'm not a networking expert.]
> >
> > Currently, my LAN is 192.168.0.0/24, which is also the addressing
> > scheme of some of the networks out of my control that I'm setting up a
> > VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
> > address collisions with these other networks. It did occur to me to
> > consider using a different address space, for the VPN or perhaps for the
> > whole home LAN, but I'd rather not take that step just to solve what
> > seems a relatively simple problem unless absolutely necessary
> >
> > Celejar
> >
> Celjar,
> 
> You can find some explaination at 
> https://openvpn.net/community-resources/ethernet-bridging/

Thanks. I'm trying to figure out whether Wireguard, and OpenWrt's
implementation of it in particular, supports bridging.

> Using common network adressing will often give address collisions when 
> using VPN (routed or bridged VPN), like if on your home network and 
> remote network you have 2 machin with same IP, one of them will not be 
> reachable (depending of your routing table).

I think that this won't be much of an issue - when I'm on remote
networks, there typically aren't any hosts on those networks that I need
to access.

Celejar

Re: Remote Access

[Alexander V. Makartsev]

On 17.04.2019 18:35, Francisco M Neto wrote:
> Greetings!
>
>   At work, we have several computers that are located at different
> locations throughout the country. Some of them are highly inaccessible by 
> usual
> means, and it requires a certain planning to reach them to have direct access.
> Therefore, we have been using TeamViewer software to access those machines
> remotely. 
>
>   However, the "powers that be" have decided that TeamViewer is not worth
> the investment on a commercial license for unrestricted use, and therefore I
> have been asked to find a replacement.
>
>   Do any of you good fellows know of some software (or service for that
> matter) that might perform the same task? Regular VNC (e.g. tigervnc) is not
> quite enough, since each site runs inside the infrastructure of other people,
> and therefore we do not have control over their networking environment; some 
> of
> the have real IPs, and others are behind firewalls and NATs, which render a
> regular direct connection impossible.
>
> Thanks in advance,
> Francisco
>
If your aim is to get one, completely free of charge, software for
remote access to your "mixed bag" of hosts and environments, then I'm
pretty sure you're out of luck.
You will have to pick from many different solutions, for each remote
environment and each host and manage them all by yourself.
TeamViewer and AnyDesk are probably the only solutions (at least
trustworthy) that could run on multiple OS and allow remote access by
IDs, instead of IPs, which is essential in your use-case.
There are other less trustworthy and secure solutions available, like
"Ammyy Admin" and "AeroAdmin", but they look and feel really sloppy and
have many feature limitations.

There is also a possibility of creating tunnel VPN connections from each
host to one VPN server (remote hosts will initiate connections), so you
will be able to access different networks and hosts on them over the
Internet.
This is of course depends on how strict firewalls on remote locations
will be, but if you will go that route, you can use essentially any
remote management software you like.
For that case, personally I recommend NoMachine, which could be used for
free, on any major OS and also it is the only remote desktop solution in
the World that allows you to authenticate by private-key.
I think, you can achieve this by using OpenVPN, since it is less
firewall dependent than IPSec.



-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: [HS] Conseil changer disque dur portable pour un ssd

[Belaïd]

Bonjour,

Généralement les Sata 3 sont compatibles avec les Sata 2 , hormis  quelques
exceptions.  Je suis déjà tomber sur une marque SSD chinoise pas connu (de
moi en tous cas) en sata 3 qui n'était pas directement  compatible sur du
Sata 2, il fallait charger un pilote compatible (La marque SSD Sunbow par
exemple,  exotique mais qui ne m'a pas déçu pour le moment).


Le mer. 17 avr. 2019 12:40, ajh-valmer  a écrit :

> On Wednesday 17 April 2019 11:15:23 F. Wong wrote:
> > Les SSD sont vendus avec le nécessaire pour le maintien parfait en lieu
> > et place du disque dur 2,5 pouces existant.
>
> Merci pour toutes vos réponses.
>
> Y a t-il une compatibilité entre les connecteurs disques durs,
> SATA-2 et SATA-3 ?
> Les DD SSD demandent une connexion SATA-3, semble t-il,
> et mon portable est en SATA-2.
> Interface stockage : Serial ATA II
>
> Merci.
>
>
> > Le 17/04/2019 à 10:49, ajh-valmer a écrit :,
> > > J'ai un portable Acer 7741G.
> > > Je souhaite remplacer le disque actuel par un SSD.
> > > Je crains que le SSD soit plus petit,
> > > donc, comment le maintenir dans le boîtier ? :
> > > les attaches vissées de l'ancien DD risquent de ne plus
> > > correspondre avec celles du nouveau.
>
>

Re: A call to drop gnome

[황병희]

> So, I am asking that gnome be dropped as an installation option (not

FYI; Ubuntu 18.04 use GNOME as default desktop. Ah yes i'm fan of GNOME.

Sincerely, Byung-Hee from South Korea.

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

Re: Remote Access

[Dan Ritter]

Francisco M Neto wrote: 
> Greetings!
> 
>   At work, we have several computers that are located at different
> locations throughout the country. Some of them are highly inaccessible by 
> usual
> means, and it requires a certain planning to reach them to have direct access.
> Therefore, we have been using TeamViewer software to access those machines
> remotely. 
> 
>   However, the "powers that be" have decided that TeamViewer is not worth
> the investment on a commercial license for unrestricted use, and therefore I
> have been asked to find a replacement.
> 
>   Do any of you good fellows know of some software (or service for that
> matter) that might perform the same task? Regular VNC (e.g. tigervnc) is not
> quite enough, since each site runs inside the infrastructure of other people,
> and therefore we do not have control over their networking environment; some 
> of
> the have real IPs, and others are behind firewalls and NATs, which render a
> regular direct connection impossible.

It sounds like what you really want is a VPN connecting the
remote machines to your management network. Then you can use
VNC or whatever else.

-dsr-

RESOLVED: Sudden “operation not permitted”

[Mark Fletcher]

On Wed, Apr 17, 2019 at 11:17:04AM +0300, Reco wrote:
>   Hi.
> 
> On Wed, Apr 17, 2019 at 03:25:39PM +0900, Mark Fletcher wrote:
> > I decided to try a reboot, which cleared the upowerd problem and returned
> > load to 0 or close to it. But now, network activity is not working.
> 
> Seems like a coincidence to me.

You were right -- see below

> 
> 
> > Any attempt to ping an IP address (eg my router) results in “Operation not
> > permitted” even when run as root.
> 
> This. About the only known (for me, at least) way to achieve this is to
> send back ICMP Type 3 (Destination Unreachable) Code 9 or 10
> (network/host administratively prohibited).
> It *could* be a SELinux or Apparmor misconfiguration, of course, but
> we'll deal with it later.
> 
> The main question is, who sends ICMP back to your host.
> 

No one -- as it turns out. The cause turned out to be that recent 
changes I had made to this machine to support making its MTA available 
to my VPN introduced a buggy iptables startup script which left my 
iptables settings in a stupid state on boot (blocking EVERYTHING). I'd 
never have thought of that if you hadn't asked me for the output of 
iptables-save. Soon as my eye landed on "iptables" I was like, 
"ohhh, sh*t".

Fixing the bug in the startup script and rebooting (to make sure it will 
work next time) -- all is now well. No hardware fault, I'm very pleased 
to report.

I don't know what caused upowerd to go nuts and probably never will, but 
right now I'm just happy my machine is back up and running properly.

Thanks Reco

Mark

Re: Remote Access

[Kevin DAGNEAUX]

Le 17/04/2019 à 15:35, Francisco M Neto a écrit :

Greetings!

At work, we have several computers that are located at different
locations throughout the country. Some of them are highly inaccessible by usual
means, and it requires a certain planning to reach them to have direct access.
Therefore, we have been using TeamViewer software to access those machines
remotely.

However, the "powers that be" have decided that TeamViewer is not worth
the investment on a commercial license for unrestricted use, and therefore I
have been asked to find a replacement.

Do any of you good fellows know of some software (or service for that
matter) that might perform the same task? Regular VNC (e.g. tigervnc) is not
quite enough, since each site runs inside the infrastructure of other people,
and therefore we do not have control over their networking environment; some of
the have real IPs, and others are behind firewalls and NATs, which render a
regular direct connection impossible.

Thanks in advance,
Francisco


Hi,

You can take a look at anydesk

Kevin

<>

Re: Accessing a host with variable IP addresses / connection types

[Joe]

On Wed, 17 Apr 2019 08:15:09 -0400
Celejar  wrote:


> Currently, my LAN is 192.168.0.0/24, which is also the addressing
> scheme of some of the networks out of my control that I'm setting up a
> VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
> address collisions with these other networks. It did occur to me to
> consider using a different address space, for the VPN or perhaps for
> the whole home LAN, but I'd rather not take that step just to solve
> what seems a relatively simple problem unless absolutely necessary
> 

If you do get pushed to doing that, there are a few commonly used
networks that you should avoid. 10. is often used with a netmask of
/24 or /8, and the latter precludes all 10. variants. Of the 192.168.
groups, 0, 1, 8, 16 and 254 are often used, best use something quite
random like 192.168.137.0/24.

Probably better still is one of the 172.16-172.31 groups, which don't
seem to be used as defaults very often.

-- 
Joe

Remote Access

[Francisco M Neto]

Greetings!

At work, we have several computers that are located at different
locations throughout the country. Some of them are highly inaccessible by usual
means, and it requires a certain planning to reach them to have direct access.
Therefore, we have been using TeamViewer software to access those machines
remotely. 

However, the "powers that be" have decided that TeamViewer is not worth
the investment on a commercial license for unrestricted use, and therefore I
have been asked to find a replacement.

Do any of you good fellows know of some software (or service for that
matter) that might perform the same task? Regular VNC (e.g. tigervnc) is not
quite enough, since each site runs inside the infrastructure of other people,
and therefore we do not have control over their networking environment; some of
the have real IPs, and others are behind firewalls and NATs, which render a
regular direct connection impossible.

Thanks in advance,
Francisco

-- 
[]'s,

Francisco M Neto

GPG: 4096R/D692FBF0


signature.asc
Description: This is a digitally signed message part

Una línea de teléfono de chat en 2 o más pc's

[Julio Jiménez]

Hola estimados amigos:

Alguien sabe de alguna aplicación open source para conectar una línea de 
teléfono a 2 o más pc's de escritorio?.

Problemática:
Canalizar la atención de clientes  que solicitan pedidos por chat (What'sapp- 1 
Línea) y que sea atendida por varios ejecutivos de ventas.

Tengo una línea de what'sapp business y quiero se puedan tener sesiones 
simultaneas en varias pc's de escritorio a fin de que sea atendida por varios 
vendedores.


Alguien tiene algo así trabajando o funcionando en algún lado?.

Saludos desde Guadalajara, Jalisco México

Re: Accessing a host with variable IP addresses / connection types

[Kevin DAGNEAUX]

Le 17/04/2019 à 14:15, Celejar a écrit :

On Wed, 17 Apr 2019 08:37:20 +0200
Kevin DAGNEAUX  wrote:


Hi,

I've been bedeviled by this question for a while, but have been unable
to figure out a clean, non-hackish solution. It may be an XY problem ...

I have a system (laptop, running Debian) that is sometimes connected
directly to my LAN, and sometimes connected via VPN (wireguard, to the
local router, running OpenWrt). The LAN is 192.168.0.0/24, with the
laptop having a fixed, static address in that range (although I'm
certainly open to using DHCP, possibly with a fixed address
reservation). The VPN is 10.0.0.0/24, with the laptop getting a fixed,
static address in that range (and wireguard apparently doesn't work
with dhcp).

I currently have an entry in /etc/hosts on the various LAN hosts
assigning a hostname to the laptop's fixed local address, and the LAN
hosts can access the laptop via that hostname. [I could alternatively
use dnsmasq, which is running on the router regardless.] This obviously
doesn't work when the laptop is connected via VPN. [The laptop can
access the LAN hosts fine via their hostnames, so I seem to have the
routing correctly configured on the laptop and the router.]

What I seem to want (but maybe XY?) is some way to adjust the host
files (or dnsmasq's information) so that the hostname will resolve to
the LAN address when the laptop is connected to the LAN, and the VPN
address when it's connected via VPN. If everything was using DHCP, this
would be straightforward enough, but as I said, the VPN apparently
needs to be configured statically, and not via DHCP. I could obviously
use some custom script (using, say, ageas, to modify host files) but
this seems hackish. What is a standard, 'correct' way to do this, or
more generally, to enable the LAN hosts to access the laptop
seamlessly regardless of its IP address and connection type?

Celejar


Hi,

A possible solution is to use a bridged VPN, in this case, your laptop
will always have the same IP.

Thanks. I can't seem to find much information about this - can you
elaborate, or point me to a link? [I'm not a networking expert.]

Currently, my LAN is 192.168.0.0/24, which is also the addressing
scheme of some of the networks out of my control that I'm setting up a
VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
address collisions with these other networks. It did occur to me to
consider using a different address space, for the VPN or perhaps for the
whole home LAN, but I'd rather not take that step just to solve what
seems a relatively simple problem unless absolutely necessary

Celejar


Celjar,

You can find some explaination at 
https://openvpn.net/community-resources/ethernet-bridging/


Using common network adressing will often give address collisions when 
using VPN (routed or bridged VPN), like if on your home network and 
remote network you have 2 machin with same IP, one of them will not be 
reachable (depending of your routing table).


Kevin

<>

Re: A call to drop gnome

[songbird]

Gene Heskett wrote:
...
> This is still wheezy, because except for firefox, it Just Works.  Theres 
> another 2T drive with the latest stretch installed on it in this machine 
> and I was in the process of moving my stuff to it with the intention of 
> updating to Buster when it was declared stable. That came to a 
> screeching halt when I read that synaptic was gone from buster.

  what?  synaptic is a GUI interface to package installation
and removal.  why should this block anything?  dpkg and apt
do those tasks just fine in a terminal.  i only used synaptic
in the past to get a quick access to lists of files installed 
and locations which i now get another way.  it certainly isn't
a requirement...

  as far as a windowing desktop that does what i want i have
been using MATE since i got whiplashed by KDE (i liked it
and finally got my desktop set up how i wanted it and then
they ruined that so i switched to GNOME and just had that
set up and going how i wanted it and they f'd that up too).

  i don't need a lot of flashy window stuff, i just want it
to work and be reliable enough that i don't have to relearn
a new interface or keystrokes every time the next version
comes along.


> What I 
> do next is still open for discussion. 3 of the 4 other machine tool 
> driving machines on my network are also on wheezy, with the 4th, an 
> r-pi-3b running a 3/4 ton lathe, running jessie, poorly. Good, realtime 
> kernels and armhf are not on the best of terms, yet I get power failure 
> to power failure uptimes.

  you must be on fairly good power supply if running that 
large a machine...

  also above i'm not sure what you mean by tabbed?  i have
text terminal windows here with tabs without problems.


  songbird

Re: Accessing a host with variable IP addresses / connection types

[Celejar]

On Wed, 17 Apr 2019 08:37:20 +0200
Kevin DAGNEAUX  wrote:

> 
> > Hi,
> >
> > I've been bedeviled by this question for a while, but have been unable
> > to figure out a clean, non-hackish solution. It may be an XY problem ...
> >
> > I have a system (laptop, running Debian) that is sometimes connected
> > directly to my LAN, and sometimes connected via VPN (wireguard, to the
> > local router, running OpenWrt). The LAN is 192.168.0.0/24, with the
> > laptop having a fixed, static address in that range (although I'm
> > certainly open to using DHCP, possibly with a fixed address
> > reservation). The VPN is 10.0.0.0/24, with the laptop getting a fixed,
> > static address in that range (and wireguard apparently doesn't work
> > with dhcp).
> >
> > I currently have an entry in /etc/hosts on the various LAN hosts
> > assigning a hostname to the laptop's fixed local address, and the LAN
> > hosts can access the laptop via that hostname. [I could alternatively
> > use dnsmasq, which is running on the router regardless.] This obviously
> > doesn't work when the laptop is connected via VPN. [The laptop can
> > access the LAN hosts fine via their hostnames, so I seem to have the
> > routing correctly configured on the laptop and the router.]
> >
> > What I seem to want (but maybe XY?) is some way to adjust the host
> > files (or dnsmasq's information) so that the hostname will resolve to
> > the LAN address when the laptop is connected to the LAN, and the VPN
> > address when it's connected via VPN. If everything was using DHCP, this
> > would be straightforward enough, but as I said, the VPN apparently
> > needs to be configured statically, and not via DHCP. I could obviously
> > use some custom script (using, say, ageas, to modify host files) but
> > this seems hackish. What is a standard, 'correct' way to do this, or
> > more generally, to enable the LAN hosts to access the laptop
> > seamlessly regardless of its IP address and connection type?
> >
> > Celejar
> >
> Hi,
> 
> A possible solution is to use a bridged VPN, in this case, your laptop 
> will always have the same IP.

Thanks. I can't seem to find much information about this - can you
elaborate, or point me to a link? [I'm not a networking expert.]

Currently, my LAN is 192.168.0.0/24, which is also the addressing
scheme of some of the networks out of my control that I'm setting up a
VPN link from. I deliberately used 10.0.0.0/24 for the VPN to avoid
address collisions with these other networks. It did occur to me to
consider using a different address space, for the VPN or perhaps for the
whole home LAN, but I'd rather not take that step just to solve what
seems a relatively simple problem unless absolutely necessary

Celejar

Re: [HS] Conseil changer disque dur portable pour un ssd

[didier gaumet]

Le 17/04/2019 à 12:39, ajh-valmer a écrit :

> Merci pour toutes vos réponses.
> 
> Y a t-il une compatibilité entre les connecteurs disques durs,
> SATA-2 et SATA-3 ?
> Les DD SSD demandent une connexion SATA-3, semble t-il,
> et mon portable est en SATA-2.
> Interface stockage : Serial ATA II 

D'après Wikipedia(1), je cite:
- "Un élément SATA I, II ou III peut être branché sur une carte mère
SATA I, II ou III. Le débit obtenu sera alors celui de l'élément le plus
lent.
Par exemple, un disque dur SATA III sur une carte mère SATA II aura un
débit limité par la carte mère à 300 Mo/s3."
- "En 2012, une part croissante des SSD saturent le débit maximal offert
que ce soit en lecture ou en écriture. En raison de la démocratisation
des SSD, équipant au moins les PC moyenne gamme en disque système, la
norme SATA III tend à devenir obsolète, à peine généralisée. Ainsi, le
PCI Express semble être le successeur du SATA, au moins pour les SSD"

D'après Wikipedia(2), il a des SSD SATA et des SSD PCI-E, les seconds
plus performants que les premiers à cause de l'inreface

Tout ceci d'après moi, qui ne possède pas encore de SSD, donc pas très
au courant de tout ça (donc: à vérifier) ;-)

1) https://fr.wikipedia.org/wiki/Serial_ATA#Compatibilit%C3%A9
2)
https://fr.wikipedia.org/wiki/SSD_(Informatique)#Diff%C3%A9rentes_formes_de_SSD

Re: A few questions (buster and presentation)

[Richard Owlett]

On 04/16/2019 12:36 PM, Matthew Crews wrote:

On 4/16/19 10:32 AM, Michael Stone wrote:

On Tue, Apr 16, 2019 at 06:27:34PM +0100, Paul Sutton wrote:

There are 3 main ways to install packages,  I have tried to explain this
in the presentation as

Apt - 1.8.0 - command line tool (universal)
Gnome-packagekit - used for gnome desktop environment
Synaptic - 0.84.5 used for most other Desktop Environment(s)


There's also aptitude, which actually works well.



FYI, Synaptic is not available in Debian Buster.


There is an important implication of that.
If Synaptic (or an acceptable alternative) is not available then there 
are users who wait for a usable Debian (or other) release.


I for one. I use MATE, IIRC I skipped a release after Gnome3 presented 
an unacceptable UI.

Re: [HS] Conseil changer disque dur portable pour un ssd

[ajh-valmer]

On Wednesday 17 April 2019 11:15:23 F. Wong wrote:
> Les SSD sont vendus avec le nécessaire pour le maintien parfait en lieu 
> et place du disque dur 2,5 pouces existant.

Merci pour toutes vos réponses.

Y a t-il une compatibilité entre les connecteurs disques durs,
SATA-2 et SATA-3 ?
Les DD SSD demandent une connexion SATA-3, semble t-il,
et mon portable est en SATA-2.
Interface stockage : Serial ATA II 

Merci.


> Le 17/04/2019 à 10:49, ajh-valmer a écrit :,
> > J'ai un portable Acer 7741G.
> > Je souhaite remplacer le disque actuel par un SSD.
> > Je crains que le SSD soit plus petit,
> > donc, comment le maintenir dans le boîtier ? :
> > les attaches vissées de l'ancien DD risquent de ne plus
> > correspondre avec celles du nouveau.

Re: New laptop: need advice on choice of file system types

[Jonathan Dowland]

On Tue, Apr 16, 2019 at 08:39:25PM +0200, Pascal Hambourg wrote:
If you intend to use guided partitioning on the whole disk, I repeat 
that LVM is worthless unless you plan to add disks in the future.


I'd agree that It's utility is very much diminished by d-i allocating the
entire VG with its guided schemes.

Re: Need help analyzing (kernel?) memory usage and reclaiming RAM (Debian Stretch)

[Martin Schwarz]

On Tue, Apr 16, 2019 at 04:39:32PM +0200, Peter Wiersig wrote:
>rss RSS   resident set size, the non-swapped physical 
> memory that a task has used (in kiloBytes).
>  (alias rssize, rsz).
> ...
>vsz VSZ   virtual memory size of the process in KiB 
> (1024-byte units).  Device mappings are currently
>  excluded; this is subject to change. (alias 
> vsize)."""
> 

Thanks for pointing out the difference. However, in this case I'm trying
to find out what consumes RAM specifically, not virtual memory in
general. Besides, from all I can see, the high memory usage is NOT
caused user space processes. So the output from ps was just to show that
even though some hundred MB of RAM (!) are used, just some few MB are
consumed by processes.

Kind regards
Martin

-- 
Martin Schwarz * Karlsruhe, Germany * http://kuroi.de/

Re: [HS] Conseil changer disque dur portable pour un ssd

[Michel]

Le 17/04/2019 à 11:00, ajh-valmer a écrit :
> Bonjour,
> 
> J'ai un portable Acer 7741G.
> 
> Je souhaite remplacer le disque actuel par un SSD.
> 
> Je crains que le SSD soit plus petit,
> donc, comment le maintenir dans le boîtier ? :
> les attaches vissées de l'ancien DD risquent de ne plus 
> correspondre avec celles du nouveau.
> 
> Merci d'un conseil.
> 
> A. Valmer
> 
As tu la référence du SSD? La plupart sont en 2.5", comme les HDD.

[HS] VPN , VPC , AWS ?

[ptilou]

Bonjour,

J'ai envie de telecharger via aws des logiciel sur platform US.

Je me connecte a un compte il me demande une IP, puis un Gateway, et la je ne 
comprend pas, je DL, la doc sur amazon , et première question qui me vient 
c'est quoi un ASN ( Autonomous System Number ) ?

J'ai essayé de demarrer un serveur W server 2019, pff, de la BNF, je n'ai pas 
de connexion, je renseigne et cela ne fonctionne pas 

Quelqu'un a réussi à le configurer ?

merci 

-- 
ptilou

Re: just mail forwarding to smart mailer

[Curt]

On 2019-04-16, Bonno Bloksma  wrote:
> Hi,
>
>>> > I am looking for an "easy light weight just empty the local queue 
>>> > and very very very easy thing: https://wiki.debian.org/sSMTP
>>
>> Note that sSMTP does not perform server certificate verification, thus 
>> allowing, e.g., credential stealing via MITM attacks. Furthermore, it 
>> neglects to document this failing, although we're working on this ;)
>>
>
> That is not a problem for me, all mail traffic will be inside out own LAN.
> The wiki has very little info. Like, if it is not a daemon then how does the 
> mail even leave the system? When will the program become active to send the 
> mail to the smarthost?

ssmtp seems more a lightweight solution for handing off email to an
*external* smarthost. There is no local queue or daemon.

Maybe for your lan-only case opensmtpd might be the ticket.

https://wiki.archlinux.org/index.php/OpenSMTPD

> Where can I find more info? It seems this might be my lightweight solution. 
> Using Google for ssmtp gives mostly links to secure smtp.
>
> Bonno Bloksma
>


-- 
“Let us again pretend that life is a solid substance, shaped like a globe,
which we turn about in our fingers. Let us pretend that we can make out a plain
and logical story, so that when one matter is despatched--love for instance--
we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves

Re: [HS] Conseil changer disque dur portable pour un ssd

[Michel Memeteau - EKIMIA]

Si ton DD etait 9.5 mm , le SSD est 7 mm don  oui il te faut une cale
souvent livré avec SSD , sinon des simple mousses suffisent
<-->
Michel Memeteau  - Directeur.


Notre Boutique Ordinateurs GNU/Linux : http://shop.ekimia.fr
Batiment Cambuza Rond Point plaine de joucques 13420 Gemenos - France.
Fixe :  +33 (0) 972308334   Mobile : +33(0) 624808051
<-->


Le mer. 17 avr. 2019 à 10:50, ajh-valmer  a écrit :

> Bonjour,
>
> J'ai un portable Acer 7741G.
>
> Je souhaite remplacer le disque actuel par un SSD.
>
> Je crains que le SSD soit plus petit,
> donc, comment le maintenir dans le boîtier ? :
> les attaches vissées de l'ancien DD risquent de ne plus
> correspondre avec celles du nouveau.
>
> Merci d'un conseil.
>
> A. Valmer
>
>

[HS] Conseil changer disque dur portable pour un ssd

[ajh-valmer]

Bonjour,

J'ai un portable Acer 7741G.

Je souhaite remplacer le disque actuel par un SSD.

Je crains que le SSD soit plus petit,
donc, comment le maintenir dans le boîtier ? :
les attaches vissées de l'ancien DD risquent de ne plus 
correspondre avec celles du nouveau.

Merci d'un conseil.

A. Valmer

Re: INFO: task blocked for more than 120 seconds

[steve]

Logwatch me sort aussi:

- Kernel Begin 


WARNING:  Segmentation Faults in these executables
   sendmail :  3 Time(s)

WARNING:  Kernel Errors Present
   ACPI BIOS Error (bug): Failure c ...:  1 Time(s)
   ACPI Error: AE_ALREADY_EXIS ...:  1 Time(s)
   ACPI Error: Skip parsing op ...:  1 Time(s)
   [Firmware Bug]: TSC ADJUST differs within socket(s), fixing all errors ...:  
1 Time(s)
   wil6210 :02:00.0: Direct firmware load for wil6210.fw failed with error 
-2 ...:  1 Time(s)

-- Kernel End -


Le sendmail du segfault est celui du paquet dma (Dragonfly mail agent).

Les erreurs BIOS, et bien, sont des erreurs BIOS (mis à jour très
récemment, ce qui a diminué leur nombre).

L'erreur sur le driver wil6210 n'a plus lieu d'être car j'ai désactivé
le wifi dans le BIOS vu que je ne l'utilise pas (encore).

Re: INFO: task blocked for more than 120 seconds

[steve]

Le 16-04-2019, à 21:09:29 +0200, Étienne Mollier a écrit :


Au début, j'ai compris « Oui ça vaudrait le coup d'essayer! »
Mais peut-être qu'il s'agit plutôt de « Oui, le problème se
reproduit avec un noyau non teinté! »


Voilà, j'ai essayé avec le driver « nouveau ». Impossible de charger
xorg, faut dire que j'ai une carte assez récente (GeForce GTX 1080 Ti).

Je suis donc repassé sur le driver proprio nvidia…

En éteignant la machine, j'ai observé un truc étrange:

Failed unmounting /var

et /var est monté sur /dev/md0.

Je ne sais pas si ça peut corrompre ce système de fichiers si la machine
s'éteint avant que cette partition ne soit démontée. Une piste ?

Re: Sudden “operation not permitted”

[Reco]

Hi.

On Wed, Apr 17, 2019 at 03:25:39PM +0900, Mark Fletcher wrote:
> I decided to try a reboot, which cleared the upowerd problem and returned
> load to 0 or close to it. But now, network activity is not working.

Seems like a coincidence to me.


> Any attempt to ping an IP address (eg my router) results in “Operation not
> permitted” even when run as root.

This. About the only known (for me, at least) way to achieve this is to
send back ICMP Type 3 (Destination Unreachable) Code 9 or 10
(network/host administratively prohibited).
It *could* be a SELinux or Apparmor misconfiguration, of course, but
we'll deal with it later.

The main question is, who sends ICMP back to your host.

Can you please post the output of "iptables-save" (needs to be run as
root)?
And do you have "tcpdump" installed?


> Looking through the journalctl since my reboot, I do not see anything that
> obviously points to the problem. Network Manager seems to start OK, as far
> as I can tell.

It means nothing. The thing is always "starting". Whenever it's doing
anything useful or harmful is entirely different matter.


Reco

Re: A call to drop gnome

[Reco]

On Wed, Apr 17, 2019 at 07:11:52AM +, Gian Uberto Lauri wrote:
> > "R" == Reco   writes:
> 
> R> That's very simplistic point of view.  What about Wayland on
> R> non-x86, like ARM or MIPS (a hint - it does not work there, X
> R> does)?
> 
> MIPS (Silicon Graphics), SPARC (Sun)...

A good point. I have sparc64 server with this:

https://pci-ids.ucw.cz/read/PC/1a03/2000

Reco

Re: INFO: task blocked for more than 120 seconds

[steve]

Le 16-04-2019, à 21:09:29 +0200, Étienne Mollier a écrit :


> > Je pourrais en effet essayer le driver libre « nouveau ». Mais la
> > dernière fois que j'ai essayé, ce n'était vraiment pas très concluant.
>
> Ça vaudrait peut-être quand même le coup de voir si le noyau est
> toujours teinté sans ce pilote, et si le problème se pose à nouveau.

Oui.


Bonjour,

Au début, j'ai compris « Oui ça vaudrait le coup d'essayer! »
Mais peut-être qu'il s'agit plutôt de « Oui, le problème se
reproduit avec un noyau non teinté! »


Non :)

Je n'ai pas encore essayé avec un noyau non teinté, mais je vais le
faire quand j'aurais un peu plus de temps. Là j'ai besoin de la machine
pour travailler.




En dehors des freezes et des traces dans `dmesg`, tout me semble
correct, donc la piste du bug noyau me semble envisageable.  En
jetant un œil aux changelogs, j'ai remarqué que Linux 4.19.24 a
été publié avec une correction relative à la reconstruction de
Raid 1 [0] indiquant notamment des risques de corruption, en cas
d'interruption de la reconstruction notamment.

[0] https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.24


Merci pour le lien. Mais il ne me semble pas que ça soit proche de ma
situation.


Toutefois, je ne sais pas si vous vous êtes retrouvé dans la
situation décrite par le changelog, ni si corruption il y a ;
je crois qu'il y aurait aussi des erreurs relatives à votre
système de fichier dans `dmesg` dans ce cas.


J'ai bien peur que non. J'aimerais bien avoir plus d'information dans
les différents fichiers journaux mais je ne sais pas trop comment et
quoi activer.


J'ai acheté un disque supplémentaire mais n'ai pas encore eu le temps de
l'installer.


Si cette histoire de corruption à la reconstruction est avérée,
alors je délayerais la reconstruction au moins à après mise à
jour vers la dernière version de Linux 4.19 mise à disposition
dans les backports.


uname -a

Linux box.maison.mrs 4.19.0-0.bpo.4-amd64 #1 SMP Debian 4.19.28-2~bpo9+1 
(2019-03-27) x86_64 GNU/Linux

Encore merci pour l'intérêt et les discussions intéressantes.

Steve

Re: A call to drop gnome

[Keith Bainbridge]

On 17/4/19 9:37 am, Patrick Bartek wrote:

On Tue, 16 Apr 2019 16:54:02 +1000
Keith Bainbridge  wrote:


I've never been a fan of gnome, and I can only say that in the beginning
it was simply because I didn't yet know about themes etc. I settled for
KDE, in the 1990's.  I now know that it was the slowest of all, but I
found my way around easiest.

[snip]


So, don't install GNOME.  Choose another DE.  Just because it's "the
default" means nothing. Or do what I did 7 years ago when I first
installed Wheezy after using Fedore/GNOME for a number of years: Abandon
the desktop environment all-together and use a window manager. (I chose
Openbox.) You'll be amazed at how much smoother and more responsive
everything is without doing anything other than getting rid of all
DE background crap you don't really need.

B



I see a few others agree that I need only a window manager. I will try 
this, in the interest of 'looking for a better way'.



I don't believe I'm not looking for smother performance. My hardware is 
more than capable: 8G ram, 2016 version i7 processor, ssd claims 5x 
Faster than hdd Often as not vbox guests run as quick/smooth as the 
guest system.


But I am up for a surprise.



--
Keith Bainbridge

ke1th3...@gmail.com
+61 (0)447 667 468

Re: A call to drop gnome

[Gene Heskett]

On Wednesday 17 April 2019 03:17:22 Ansgar Burchardt wrote:

> Gene Heskett writes:
> > On Tuesday 16 April 2019 13:32:38 Ansgar Burchardt wrote:
> >> Gene Heskett writes:
> >> > Where the heck in its confusing menu's can I find a tab
> >> > supporting terminal so I can get something done? Go ahead, find
> >> > it, my coffee needs to cool anyway..
> >>
> >> You press the magic Super key, then type "Terminal" on the keyboard
> >> (or at least the beginning), then press Enter.  GNOME feels pretty
> >> much designed to not be used by a mouse alone ;-)
> >
> > And that magic Super key is?
>
> https://en.wikipedia.org/wiki/Super_key_(keyboard_button)
>
> On many keyboards it is also known as this:
>
> https://en.wikipedia.org/wiki/Windows_key
>
> In my opinion GNOME is not really usable without using that key, so
> that might partly explain you being uncomfortable with it.
>
> > And does it do tabs?
>
> https://en.wikipedia.org/wiki/GNOME_Terminal#Tabs
>
> Ansgar

Thats nice.  The terminals it has offered me from its menu's however have 
been stripped of such useful features. And since I've not owned a 
windows machine since 2002 that key with the squares on it has never 
been a usefull key to me. And I just checked, it does nothing here.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: A call to drop gnome

[Curt]

On 2019-04-16, Matthew Crews  wrote:
>
> On this mailing list, though, I could see a progression from "why is
> synaptic removed from Debian Buster?" to "Lets remove Gnome", hence why
> I brought it up.

You saw an obvious troll post supported by a large party of one and
decided to run with it, in point of fact.

Re: A call to drop gnome as the default desktop

[Ansgar Burchardt]

Keith Bainbridge writes:
> I see the point that people who like gnome should be allowed to use it
> - 
> so withdraw the drop gnome from debian.  I believe the change to the
> subject line will keep the discussion together. I'll re-send if it
> opens a new topic.

Why should GNOME not stay the default desktop?  Because it supports
using either of Wayland or X11?

To quote your original mail this was one of the two main reasons you
proposed GNOME to be dropped after all (besides not being able to move
some toolbar):

| [...] gnome is insisting that we like a new video process, just
| because the team have decided to like it lots.
|
| I say this is NOT freedom.

How is supporting *only* X11 freedom, but supporting *both* Wayland and
X11 NOT freedom?

Wouldn't it be more logical to drop all desktop environments that
support *only* X11 to give more freedom?

Ansgar

Re: A call to drop gnome

[Ansgar Burchardt]

Gene Heskett writes:
> On Tuesday 16 April 2019 13:32:38 Ansgar Burchardt wrote:
>> Gene Heskett writes:
>> > Where the heck in its confusing menu's can I find a tab supporting
>> > terminal so I can get something done? Go ahead, find it, my coffee
>> > needs to cool anyway..
>>
>> You press the magic Super key, then type "Terminal" on the keyboard
>> (or at least the beginning), then press Enter.  GNOME feels pretty
>> much designed to not be used by a mouse alone ;-)
>
> And that magic Super key is?

https://en.wikipedia.org/wiki/Super_key_(keyboard_button)

On many keyboards it is also known as this:

https://en.wikipedia.org/wiki/Windows_key

In my opinion GNOME is not really usable without using that key, so that
might partly explain you being uncomfortable with it.

> And does it do tabs?

https://en.wikipedia.org/wiki/GNOME_Terminal#Tabs

Ansgar

Re: A few questions (buster and presentation)

[Jonas Smedegaard]

Quoting Jonas Smedegaard (2019-04-16 20:19:15)
> Quoting Paul Sutton (2019-04-16 19:27:34)
> > There are 3 main ways to install packages,  I have tried to explain this
> > in the presentation as
> > 
> > Apt - 1.8.0 - command line tool (universal)
> > Gnome-packagekit - used for gnome desktop environment
> > Synaptic - 0.84.5 used for most other Desktop Environment(s)
> 
> There are more - these are the ones I know of (registered with boxer):

Here's an updated list (drop listaller; add gnome-software, isenkram, 
plasma-discover, cockpit-packagekit, and packagekit-command-not-found; 
fix section for software-properties-gtk; fix section name "automated"):

command-line:
  * apt
  * packagekit-tools
  * cupt
  * wajig
  * packagekit-command-not-found

command-line and scripted:
  * apt-get

automated:
  * unattended-upgrades
  * cron-apt

command-line and curses (fullscreen text):
  * aptitude

GNOME:
  * gnome-software
  * gnome-packagekit

GTK
  * synaptic (not in Buster)
  * software-properties-gtk

KDE:
  * plasma-discover
  * software-properties-kde
  * apper
  * muon
  * qapt-utils

Web:
  * cockpit-packagekit


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: A call to drop gnome

[Joe]

On Wed, 17 Apr 2019 13:58:34 +1000
Keith Bainbridge  wrote:

> On 17/4/19 12:06 am, Reco wrote:
> > They write and distribute free (as in freedom) software. It's
> > popular, whenever it's due to the design or in spite of it.  
> 
> I happened across this a Wikipedia while clarifying another comment
> here: <<
> GNOME 3 is the default desktop environment on many major Linux 
> distributions including Fedora, Debian, Ubuntu, SUSE Linux Enterprise 
> (exclusively), Red Hat Enterprise Linux, CentOS, Oracle Linux, 
> Scientific Linux, SteamOS, Tails, Kali Linux, Antergos and Endless
> OS; it is also default on Solaris, a major Unix operating system.
> Also, the continued fork of the last GNOME 2 release that goes under
> the name MATE is default on many distributions that targets low usage
> of system resources.
>  >>  
> If so many distro's ship with gnome as default, no wonder it is
> popular.
> 

To say that something is 'default' for many distributions is not the
same thing as saying 'many, many people use it'. I still use a few bits
of Gnome, including Network Manager on my portables, but the last time I
used the DE was at the introduction of Gnome 3, when a sid upgrade left
me with a command prompt. I do expect sid to have occasional issues,but
not to the extent of the complete and permanent loss of graphical
capability. 'We won't support legacy video hardware', said Gnome, and I
said 'fair enough, I won't support Gnome'.

I found later that my video stuff did have hardware acceleration, that
I had never known about or needed, but that isn't the point. Debian is
first and foremost known for its continuous upgrade path, which is
unusual, but then also for its ability to use old hardware. Gnome 3
cannot by definition use hardware which is moderately old.

-- 
Joe

Re: A call to drop gnome

[Gian Uberto Lauri]

> "R" == Reco   writes:

R> That's very simplistic point of view.  What about Wayland on
R> non-x86, like ARM or MIPS (a hint - it does not work there, X
R> does)?

MIPS (Silicon Graphics), SPARC (Sun)...


-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO

Re: Stretch with MATE DE - odd new file association problem

[Andy Smith]

Hello,

On Wed, Apr 17, 2019 at 10:53:34AM +0500, Alexander V. Makartsev wrote:
> It looks like Synaptic starts with user privileges as a wrapper and
> PolicyKit asks for root privileges to spawn actual synaptic process.

Ah okay, my mistake. Synaptic is another piece of software I've
never really used and had only got the impression from another
thread that it was having some issues with running under Wayland as
it is a GUI app that wants to do things as root. Good to hear that
it uses some privilege separation and isn't in fact running the
whole app as root.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Liste des fabricants de portable qui ne mettent pas de whitelist

[Daniel Huhardeaux]

Le 17/04/2019 à 08:22, Daniel Caillibaud a écrit :

Le 17/04/19 à 07:51, Benoit B  a écrit :

Une autre solution que j'ai testée sur mon portable actuel serait de
simplement changer le composant wifi...


Ça parait vraiment compliqué, autant acheter directement du matériel
compatible.


Mais mon ordi n'a pas été plus loin que le Power-on self-test.
Impossible de le démarrer tant que le composant s'y trouvait.
Il semblerait que certains fabricants mettent des whitelist dans le
bios... Existe-il une liste des fabricants de portable qui ne mettent pas
de whitelist ? ;)


Je sais pas, mais autant encourager les vendeurs qui livrent du matériel
préinstallé avec un linux, au moins tu es sûr de la compatibilité matérielle
https://bons-vendeurs-ordinateurs.info/
(je sais pas si la liste est à jour mais c'est un bon début)



Dell vend des portables avec Linux pré installé.

Daniel

Re: Réduire les logs d'icinga2

[Eric Degenetais]

Bonjour,
Le mar. 16 avr. 2019 21:57, Migrec  a écrit :

> Le 16/04/2019 à 17:23, Daniel Caillibaud a écrit :
>
[... ]

>
> > Tu pourrais modifier directement /etc/systemd/system/icinga2.service mais
>
> Bonjour,
>
> Parfait ! Je n'ai plus du tout pensé que c'était systemd qui gérait ça
> maintenant, mon serveur est à jour mais je l'oublie un peu tellement il
> fonctionne "bien".
> Donc j'ai du farfouiller un peu car le script est dans
> /etc/systemd/system/multi-user.target.wants.
>
En fait, il s'agit là d'un symlink créé à l'activation du service. Cela
indique que le système doit démarrer incinga pour atteindre la cible (un
état du système, qui se rapproche d'un runlevel, bien qu'il y ait des
différences) "multi-user".
La commande
systemctl cat 
donne le connu et l'emplacement de son unit-file, sauf erreur de ma part.

> J'ai du mal à comprendre l'imbrication de tout ça mais je viens de
> trouver l'occasion de comprendre. Les scripts /etc/init.d/ ne servent
> plus du tout ?
>
Pas directement, mais il y a une couche de compatibilité avec les services
non-migrés qui génère des unit systemd par défaut à partir des init.d
installés.

>
> Les logs sont désormais plus lisibles !
>
> Merci.
> --
> Migrec
>

Éric Dégenètais

Re: A few questions (buster and presentation)

[Jonas Smedegaard]

Quoting Richard Hector (2019-04-17 03:55:44)
> On 17/04/19 6:19 AM, Jonas Smedegaard wrote:
> > GTK
> >   * listaller
> >   * synaptic (but not in Buster)
> 
> Just looked up listaller.
> 
> It seems to be
>  * not in buster
>  * only on arm64?
>  * an installer for its own kind of packages, not debs.
> 
> That's just from reading its page on packages.debian.org. Further
> reading suggests maybe it can do other package types as well, but that's
> not its core purpose?

Ah, you are right - that package is gone: 
https://tracker.debian.org/pkg/listaller

Sorry for not checking properly before sharing!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Accessing a host with variable IP addresses / connection types

[Kevin DAGNEAUX]

Hi,

I've been bedeviled by this question for a while, but have been unable
to figure out a clean, non-hackish solution. It may be an XY problem ...

I have a system (laptop, running Debian) that is sometimes connected
directly to my LAN, and sometimes connected via VPN (wireguard, to the
local router, running OpenWrt). The LAN is 192.168.0.0/24, with the
laptop having a fixed, static address in that range (although I'm
certainly open to using DHCP, possibly with a fixed address
reservation). The VPN is 10.0.0.0/24, with the laptop getting a fixed,
static address in that range (and wireguard apparently doesn't work
with dhcp).

I currently have an entry in /etc/hosts on the various LAN hosts
assigning a hostname to the laptop's fixed local address, and the LAN
hosts can access the laptop via that hostname. [I could alternatively
use dnsmasq, which is running on the router regardless.] This obviously
doesn't work when the laptop is connected via VPN. [The laptop can
access the LAN hosts fine via their hostnames, so I seem to have the
routing correctly configured on the laptop and the router.]

What I seem to want (but maybe XY?) is some way to adjust the host
files (or dnsmasq's information) so that the hostname will resolve to
the LAN address when the laptop is connected to the LAN, and the VPN
address when it's connected via VPN. If everything was using DHCP, this
would be straightforward enough, but as I said, the VPN apparently
needs to be configured statically, and not via DHCP. I could obviously
use some custom script (using, say, ageas, to modify host files) but
this seems hackish. What is a standard, 'correct' way to do this, or
more generally, to enable the LAN hosts to access the laptop
seamlessly regardless of its IP address and connection type?

Celejar


Hi,

A possible solution is to use a bridged VPN, in this case, your laptop 
will always have the same IP.


Kevin

<>

Sudden “operation not permitted”

[Mark Fletcher]

(Apologies if this mail comes through poorly formatted for the list; my
main machine is unavailable due to this problem and I’m writing on an
iPad...)

Running Stretch on a circa-2009 self-built machine which has run happily
without serious issues since it was built, apart from the odd annoyance
with Bluetooth audio which the list has already had the pleasure of hearing
about.

This morning I unlocked it before leaving home, and noticed that load was
fairly constant at about 1.0 when it should have been at 0 as the machine
should have been idle. I listed processes with top and noticed that upowerd
was taking up a whole CPU to itself. Normally I wouldn’t notice this daemon
doing its thing.

Google turned up nothing relevant.

I decided to try a reboot, which cleared the upowerd problem and returned
load to 0 or close to it. But now, network activity is not working. Any
attempt to ping an IP address (eg my router) results in “Operation not
permitted” even when run as root. Attempt to access any web page results in
failing to find the site. Attempting to ping a text domain (eg
www.google.com) results in an error message (instantly) saying could not
resolve...

It seems like networking is bejiggered suddenly on this machine. I did not
install updates before rebooting, last time updates were installed was
Sunday, and all has been well since then until this morning, although I did
not reboot during that period until this morning. The machine is attached
to my network via an Ethernet cable running to a WiFi+wired router. That is
obviously working as the machine was able to get an IP address by DHCP
after the reboot (ip route after reboot showed IP address correctly
assigned) but unable to resolve any address and unable to ping an IP
address of the form 192.168.xx.yy with the “Operation not permitted” error.

All the pinging I’ve been trying worked without issues before this problem
occurred, both as root and as an unprivileged user.

Looking through the journalctl since my reboot, I do not see anything that
obviously points to the problem. Network Manager seems to start OK, as far
as I can tell. I don’t see any significant errors except postgreSQL failing
to start, which is normal and I don’t use it. The first sign of trouble (to
my eye, anyway) in the boot log is when services that want the network eg
ntp start trying to interact with it, and failing.

A second reboot produced exactly the same result. Other devices on my
network are working fine.

Putting the upowerd behavior together with the suddenness of this problem,
I’m very afraid that this isn’t really permissions and is in fact some sort
of hardware issue — the machine is 10 years old, was built by me, and has
been in continuous use since it was built... Any suggestions for what I can
do to diagnose?

Thanks in advance

Mark

Re: Liste des fabricants de portable qui ne mettent pas de whitelist

[Daniel Caillibaud]

Le 17/04/19 à 07:51, Benoit B  a écrit :
> Une autre solution que j'ai testée sur mon portable actuel serait de
> simplement changer le composant wifi...

Ça parait vraiment compliqué, autant acheter directement du matériel
compatible.

> Mais mon ordi n'a pas été plus loin que le Power-on self-test.
> Impossible de le démarrer tant que le composant s'y trouvait.
> Il semblerait que certains fabricants mettent des whitelist dans le
> bios... Existe-il une liste des fabricants de portable qui ne mettent pas
> de whitelist ? ;)

Je sais pas, mais autant encourager les vendeurs qui livrent du matériel
préinstallé avec un linux, au moins tu es sûr de la compatibilité matérielle
https://bons-vendeurs-ordinateurs.info/
(je sais pas si la liste est à jour mais c'est un bon début)

-- 
Daniel

I ♥ rien, I'm parisien

Re: Liste des fabricants de portable qui ne mettent pas de whitelist

[Michel Memeteau - EKIMIA]

Quelques assembleurs ici qui se conforment a cette règle :

https://doc.ubuntu-fr.org/ordinateur_vendu_avec_ubuntu

Pour les firmware , oui une majorité des assembleurs utilisent des cartes
Intel Wifi , simplement car ce sont les seules qui ne produisent pas de
surprise sur les futurs Kernel.


<-->
Michel Memeteau  - Directeur.


Notre Boutique Ordinateurs GNU/Linux : http://shop.ekimia.fr
Batiment Cambuza Rond Point plaine de joucques 13420 Gemenos - France.
Fixe :  +33 (0) 972308334   Mobile : +33(0) 624808051
<-->


Le mer. 17 avr. 2019 à 07:52, Benoit B  a écrit :

> Merci pour ta réponse je rechercher là.
> J'ai aussi cherché sur https://wiki.debian.org/InstallingDebianOn mais
> le wifi est rarement fonctionnel en libre.
>
> Une autre solution que j'ai testée sur mon portable actuel serait de
> simplement changer le composant wifi...
> Mais mon ordi n'a pas été plus loin que le Power-on self-test.
> Impossible de le démarrer tant que le composant s'y trouvait.
> Il semblerait que certains fabricants mettent des whitelist dans le bios...
> Existe-il une liste des fabricants de portable qui ne mettent pas de
> whitelist ? ;)
>
> Merci d'avance
>
> --
> Benoit
>
> Le mar. 16 avr. 2019 à 22:58, F. Dubois  a écrit :
> >
> > Le 16/04/2019 à 22:41, Benoit B a écrit :
> > > Bonjour
> > >
> > > Tout est dans le titre...
> > > Avant d'acheter un ordinateur portable,comment par exemple, vérifier
> > > que le wifi va fonctionner avec des pilotes/firmwares libres ?
> > >
> > > Existe-t-il un site ou on peut rechercher un composant et vérifier son
> > > bon fonctionnement ?
> > >
> > > Merci d'avance.
> > >
> > > Benoit
> > >
> > Bonsoir, déjà pour le wifi.
> >
> > https://wireless.wiki.kernel.org/welcome
> >
> > http://linuxwireless.sipsolutions.net/
> >
> > Après suffit de choisir la/les machine/s potentielles et chercher la
> > compatibilité des différents sous-systèmes selon les composants.
> >
> > N'importe quel moteur de recherche (https://duckduckgo.com/ par exemple)
> > donne plein de réponses (in english it's better and more up to date of
> > course)
> >
> > Fabien
> >
>
>

Re: Réduire les logs d'icinga2

[Daniel Caillibaud]

Le 16/04/19 à 21:56, Migrec  a écrit :
> Donc j'ai du farfouiller un peu car le script est dans 
> /etc/systemd/system/multi-user.target.wants.

Ah oui, dsl, parfois le script est dans /etc/systemd/system/leService.service
et il est activé par un symlink 
  /etc/systemd/system/multi-user.target.wants/leService.service -> 
../leService.service
et parfois c'est directement un symlink de multi-user.target.wants (ou une 
autre dépendance)
vers /lib/systemd/system

Ce lien est créé ou supprimé par systemctl enable|disable leService

> J'ai du mal à comprendre l'imbrication de tout ça mais je viens de 
> trouver l'occasion de comprendre. Les scripts /etc/init.d/ ne servent 
> plus du tout ?

Ça dépend ;-)

Si tu as le paquet systemd-sysv, systemd va gérer les services qui n'existent 
pas dans /etc/systemd/ mais qui ont un fichier dans /etc/init.d à travers ce 
dernier.

Si tu n'as pas ce paquet, /etc/init.d est complètement ignoré.

Pour /etc/default je sais pas, à priori c'est plutôt pour sysv mais rien 
n'empêcherait un
service systemd de sourcer /etc/default, je sais pas si certains le font.

-- 
Daniel

On ne peut pas tout avoir. Où le mettrait on ?
Steven Wright