Re: unable to boot with systemd (works with sysvinit)
Hi, Quoting Selim T. Erdoğan (2015-01-12 22:38:08) > On Sat, Jan 10, 2015 at 12:33:36PM +0100, Johannes Schauer wrote: > > I'm unable to boot my laptop with systemd which worked before. I'm unable to > > tell the changes I made since the last time it worked because according to > > my > > uptime, the last time I rebooted was September last year. > > I see you already have a bug report, so including it for the list: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758808 this is the right bug report. Downgrading to 204-14 fixes the problem I encountered in my first email. My apologies for not having supplied that bug report in my initial email. I honestly forgot that I already faced the same problem in August last year. > It looks to me like it's not fsck as much as not being able to access /boot, > /home and swap. If you want to check this, you can probably tell systemd not > to run fsck at boot. (How to do this was the topic of some recent threads on > debian-user, but I didn't follow them so I can't help with that.) Searching the archives you might've meant to add fsck.mode=skip to my kernel command line. I tried that but it didn't fix the problem. > I wonder if the problem is with decryption (under systemd), which then leads > to the timeout when accessing everything inside it? Unfortunately, I don't > know enough to suggest a good way to test this. This is a possibility. Thank you for your help! cheers, josch signature.asc Description: signature
Re: Fwd: Re: Have I been hacked?
2015/01/13 5:04 "Ric Moore" : > > On 01/12/2015 11:50 AM, Jerry Stuckle wrote: > >> >> You should learn from some REAL security experts, not the internet. > > > Like who? There are compromises all over the net, with consumer security files lying in the open like gutted bleeding fish. I don't think anyone is a "REAL security expert", except the ones breaking in. Any advances we have now is result of closing the barn doors after the cow got out. I guess we owe the BlackHats that much. :/ Ric > Can I read you as saying that the black hats may be the closest thing to security experts that we have? I was thinking I agree. But I also think we are letting them define security. I keep forgetting that I don't like the definitions they seem to want to impose on us. Joel Rees
Re: i386 MultiArch: Am I Right or Wrong?
On 01/12/2015 at 05:17 PM, Patrick Bartek wrote: > As I understand on an AMD64 system, when i386 multi-architecture is > "enabled" and apt-get update is run, nothing gets installed until one > installs some 386 app, etc., and then only those i386 dependencies > specific to, and necessary for THAT app are installed. Nothing else. > > So, for example, a 386 app XYZ has a single 386 library dependency of > abc.lib. ONLY that 386 lib will be installed. Right? Correct. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Wheezy: motion app error: "Unable to find a compatible palette format"
Hi, Am trying to get my webcam to work with the motion app. The webcam is working fine with VLC, I can save the webcam's output to a file without any problems, but the motion app fails with the same webcam with "Unable to find a compatible palette format" error (see [1] below). Some people seem to be able to resolve this error by preloading v4l1compat.so, tried that, the error message seems a bit different but the app still doesn't work for me (see [2] below). Any ideas? Thanks $ cat /proc/version Linux version 3.2.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.63-2+deb7u2 [1] $ /usr/bin/motion -n [0] Processing thread 0 - config file /etc/motion/motion.conf [0] Motion 3.2.12 Started [0] ffmpeg LIBAVCODEC_BUILD 3482368 LIBAVFORMAT_BUILD 3478785 [0] Thread 1 is from /etc/motion/motion.conf [0] motion-httpd/3.2.12 running, accepting connections [0] motion-httpd: waiting for data on port TCP 8080 [1] Thread 1 started [1] cap.driver: "uvcvideo" [1] cap.card: "GENERAL - UVC " [1] cap.bus_info: "usb-:00:12.2-1" [1] cap.capabilities=0x0401 [1] - VIDEO_CAPTURE [1] - STREAMING [1] Config palette index 8 (YU12) doesn't work. [1] Supported palettes: [1] 0: MJPG (MJPEG) [1] Selected palette MJPG [1] VIDIOC_TRY_FMT failed for format MJPG: Input/output error [1] Unable to find a compatible palette format. [1] ioctl (VIDIOCGCAP): Invalid argument [1] Could not fetch initial image from camera [1] Motion continues using width and height from config file(s) [1] Resizing pre_capture buffer to 1 items [1] Started stream webcam server in port 8081 [1] Retrying until successful connection with camera [1] cap.driver: "uvcvideo" [1] cap.card: "GENERAL - UVC " [1] cap.bus_info: "usb-:00:12.2-1" [1] cap.capabilities=0x0401 [1] - VIDEO_CAPTURE [1] - STREAMING [1] Config palette index 8 (YU12) doesn't work. [1] Supported palettes: [1] 0: MJPG (MJPEG) [1] Selected palette MJPG [1] VIDIOC_TRY_FMT failed for format MJPG: Input/output error [1] Unable to find a compatible palette format. [1] ioctl (VIDIOCGCAP): Invalid argument [1] Retrying until successful connection with camera [1] cap.driver: "uvcvideo" [1] cap.card: "GENERAL - UVC " [1] cap.bus_info: "usb-:00:12.2-1" [1] cap.capabilities=0x0401 [1] - VIDEO_CAPTURE [1] - STREAMING [1] Config palette index 8 (YU12) doesn't work. [1] Supported palettes: [1] 0: MJPG (MJPEG) [1] Selected palette MJPG [1] VIDIOC_TRY_FMT failed for format MJPG: Input/output error [1] Unable to find a compatible palette format. [1] ioctl (VIDIOCGCAP): Invalid argument ^C[1] Thread exiting [0] httpd - Finishing [0] httpd Closing [0] httpd thread exit [0] Motion terminating [2] $ LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libv4l/v4l1compat.so /usr/bin/motion -n [0] Processing thread 0 - config file /etc/motion/motion.conf [0] Motion 3.2.12 Started [0] ffmpeg LIBAVCODEC_BUILD 3482368 LIBAVFORMAT_BUILD 3478785 [0] Thread 1 is from /etc/motion/motion.conf [1] Thread 1 started [0] motion-httpd/3.2.12 running, accepting connections [0] motion-httpd: waiting for data on port TCP 8080 [1] cap.driver: "uvcvideo" [1] cap.card: "GENERAL - UVC " [1] cap.bus_info: "usb-:00:12.2-1" [1] cap.capabilities=0x0501 [1] - VIDEO_CAPTURE [1] - READWRITE [1] - STREAMING [1] Test palette YU12 (320x240) libv4l2: error setting pixformat: Input/output error [1] Error setting pixel format VIDIOC_S_FMT: Input/output error [1] Config palette index 8 (YU12) doesn't work. [1] Supported palettes: [1] 0: MJPG (MJPEG) [1] 1: RGB3 (RGB3) [1] 2: BGR3 (BGR3) [1] 3: YU12 (YU12) [1] 4: YV12 (YV12) [1] Selected palette YU12 [1] Test palette YU12 (320x240) libv4l2: error setting pixformat: Input/output error [1] Error setting pixel format VIDIOC_S_FMT: Input/output error [1] VIDIOC_TRY_FMT failed for format YU12: Input/output error [1] Unable to find a compatible palette format. libv4l2: error setting pixformat: Input/output error libv4l1: error setting pixformat: Input/output error [1] Failed with YUV420P, trying YUV422 palette: Input/output error [1] Failed with YUV422, trying YUYV palette: Invalid argument [1] Failed with YUYV, trying RGB24 palette: Invalid argument libv4l2: error setting pixformat: Input/output error libv4l1: error setting pixformat: Input/output error [1] Failed with RGB24, trying GREYSCALE palette: Input/output error [1] Failed with all supported palettes - giving up: Invalid argument [1] Could not fetch initial image from camera [1] Motion continues using width and height from config file(s) [1] Resizing pre_capture buffer to 1 items [1] Started stream webcam server in port 8081 [1] Retrying until successful connection with camera [1] cap.driver: "uvcvideo" [1] cap.card: "GENERAL - UVC " [1] cap.bus_info: "usb-:00:12.2-1" [1] cap.capabilities=0x0501 [1] - VIDEO_CAPTURE [1] - READWRITE [1] - STREAMING [1] Test palette YU12 (320x240) libv4l2: error setting pixformat: Input/output error [1] Error setting pixel format VIDIOC_S_FMT
Re: VPN IPSec (Cisco vpnc)
Hajder Rabiee wrote: > Trying to connect to VPN at work but keep getting: "vpnc: no response from > target". This is a typical response when the group name/password are incorrect. IPSec ID IPSec secret Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/h1pbobxuhc@news.roaima.co.uk
Several dracut problems (keymap, luks passphrase, resume from hibernate) in wheezy(-backports)
Hi, Bear with me, this is a long email. Ideally, if you're reading it, you're involved or interested in dracut. If you don't think anybody will read it here, please point me to the right place. My setup is: / is unencrypted, on /sdd1. /sdd2 contains a luks volume, which in turn contains an lvm volume with swap (and another partition.) Lots of things happened, I'm going to try to summarize: I'm using wheezy with wheezy backports. Installing kernel 3.16.0 (suspend and hibernate don't work for me in 3.2.0) pulled in dracut. Out of the box, dracut's initrd prompted me for a password, but the keyboard was not active (generic logitech wired usb keyboard.) Thankfully, the 3.2.0 kernel booted, without passphrase prompt (init system's cryptdisks-early.sh unlocked the luks volume.) Googling led to me including hid-generic in /etc/dracut.conf. However, 3.2.0 doesn't know about hid-generic, and now "dpkg-reconfigure dracut" won't create a new initrd for it. (which was good, since I had a working initrd dracut refused to mess up, but it's still undesired behaviour in general.) But it will generate a new initrd for 3.16.0. With hid-generic and 3.16.0, the keyboard worked, and I could type in my pass phrase. After typing it in, nothing happened (at all, even with kopts rdshell rinitdebug and no quiet.) I could also type and see the input, and noticed the keymap was the wrong one (I'm using Dvorak, this was ANSI.) I got dracut to boot the 3.16.0 kernel by enabling host-only mode. Now dracut complains when making initrds: E: i18n_vars not set! Please set up i18n_vars in configuration file. E: No KEYMAP. Debian bugs #640101 [0] and #664678 [1] suggest this shouldn't happen. I don't know how to remedy the situation. Now I know for sure that the wrong keymap will be loaded, if any! Regardless, dracut doesn't prompt me for a passphrase (root volume is NOT encrypted) and /etc/init.d/cryptdisks-early.sh is run only after some initial console initialization, so I could easily give my pass phrase and boot. At this point, suspend works, but hibernate doesn't. When I hibernate, the disk image gets written correctly (kernel log messages tell me so.) On boot, dracut ignores the image, and just does a normal init. A Fedora bug [2] led me to include resume=UUID= in kopts. Since I have debug messages on, I see dracut outputting a large-ish amount of shell code to the console (this doesn't seem to get logged to a file.) It ends in "sleep 0.5." Predictably, it flickers every half a second as it is being reprinted several times. It seems there is a max counter on this, as after some iterations it just falls back into cold boot, which works and brings me to my system's login screen. This [3] is probably the code in question. To summarize my problems: * Dracut requires hid-generic to recognize usb keyboard at initrd boot * hid-generic is applied to all kernels on dpkg-reconfigure dracut, which will then fail on older kernels. * Even with a recognized keyboard dracut doesn't seem to check the pass phrase correctly, or continue booting * The keymap isn't getting set correctly * host-only mode seems to be required to boot my particular setup at all * host-only mode seems to interfere with Debian's custom way of setting the keymap (which doesn't seem to be working in the first place.) * Out of the box, resume doesn't work * Including the resume= kopt does not work either I'm happy to have a working system, but I'm unhappy with the amount of work it took, and I'm also unhappy that hibernate is not working. Should I report any/all of the above bullet points as bugs? How can I get dracut to resume from hibernate on my setup? Versions, as reported by apt-cache show: dracut: 020-2 linux-image-3.16.0-0.bpo.4-amd64: 3.16.7-ckt2-1~bpo70+1 lvm2: 2.02.95-8 cryptsetup: 2:1.4.3-4 (all in wheezy or wheezy-backports) I'm not using systemd. I've attached some relevant config and log files. dracut.log is from last initrd creation, kern.log from last boot. Configuration files are in the current (bootable with 3.16.0, but not hibernateable state) If any additional information should be provided, please do tell me. Thanks! Regards, Aleks [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640101 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664678 [2] https://bugzilla.redhat.com/show_bug.cgi?id=781728 [3] https://github.com/haraldh/dracut/blob/bea41b898a93e4437640817964861bbb694b01e6/modules.d/99base/init.sh#L174 # If you change this file, run 'update-grub' afterwards to update # /boot/grub/grub.cfg. # For full documentation of the options in this file, see: # info -f grub -n 'Simple configuration' GRUB_DEFAULT=0 GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="rdshell rdinitdebug resume=UUID=8981a3b5-07d4-4ceb-a7b2-f4f5865970b1" GRUB_CMDLINE_LINUX="" # Uncomment to enable BadRAM filtering, modify to suit your needs # This works with Linux (no patch required)
Re: Have I been hacked?
2015/01/13 5:45 "Ric Moore" : > > On 01/12/2015 02:47 AM, Joel Rees wrote: >> >> On Sun, Jan 11, 2015 at 4:37 AM, Ric Moore wrote: >>> >>> You all may wish to read this, from ars technica: >>> http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/1/ >>> >>> Very interesting. So interesting that I downloaded cudahashcat. I have 96 >>> cuda cores, and it was running the sample program quickly as it tore into 6 >>> char / 2 numeral paaswd combinations. :) Ric >> >> >> Good for you. >> >> That article did a much better job of talking about cracking >> pswords/passcodes/passphrases than my ramble did. >> >>> p/s for the sake of $deity, please TRIM these posts!! >> >> >> Heh. >> >> Still trying to figure out how I pasted that post into the middle of >> the post. I was dozing of, I'm sure that had something to do with it. > > > I humbly apologize to you as that rant was directed at ALL who let the thread be untrimmed, not you solely. :) Ric > No problem. I was just taking the opportunity to attempt to apologize to the list for failing to catch that before I posted it. I'm sure the attempt at sleep-recursing didn't make the ramble more comprehensible. Heh. Unfortunately, I'm not sure it makes it less comprehensible. :/ Security, with all that we conflate onto it, is a hard concept to pin down. Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
Re: wireless USB adopter installation
On Monday 12 January 2015 20:59:07 zaheer ahmed wrote: > hi > i am using compaq 32bit desktop. i am new user of debian 5. i am using wifi > USB TL- WN727N its woks fine in xp but not working in debain5. i am new in > linux debian5 plz tell me all steps which i follow and easily install > driver. tell me installation process with complete commands. Why are you using Debian 5? Like XP it is not receiving security updates, and hasn't done for the last two years. The current Debian Stable is 7.7 and Debian 8 will be released soon. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501122333.06777.lisi.re...@gmail.com
Re: Speed up a WiFI interface ??
On Tue, Dec 30, 2014 at 07:14:19PM +0100, Bernhard Frühmesser wrote: > Hello, > > For a friend i setup a small RAID-1 config using Wheezy on one of his old > machines, just to backup his most important stuff. Unfortunately the > location where the box is placed can not be reached via cable because of > building conditions, so only Wireless is possible. > > I have installed package "firmware-ralink" for the network card and these > modules are loaded after reboot: > > rt2800pci > rt2800lib > rt2x00pci > > After using wpa_passphrase and adding wlan0 to /etc/network/interfaces all > works so far, the client get´s an ip from the dhcp server, can copy stuff > and so on. > > The Problem is that it´s extremely slow. > > The WLAN-Router is setup to support 11bgn mixed mode, channel bandwith > "audo" and max transfer rate 150Mbit/s. > > But when i check the client side with iwconfig i get this: > > wlan0 IEEE 802.11bgn ESSID:"My friends SSID" > Mode:Managed Frequency:2.462 GHz Access Point:MAC-Adress > Bit Rate=58.5 Mb/s Tx-Power=20 dBm > Retry long limit:7 RTS thr:off Fragment thr:off > Encryption key:off > Power Management:off > Link Quality=45/70 Signal level=-65 dBm > Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > Tx excessive retries:5788 Invalid misc:58 Missed beacon:0 > > The wlan-card is supposed to support 150Mbit/s as well. > > I have tested and position the box right next to the wlan-Router but this > doesn´t help much except the Link Quality is then 70/70. > > I have used iptraf to check for the data rates and the overall input rate > for this interface is about 5,8 Mbit/s which is not even 5% of the max > (theoretical) speed. I know that the max speed of a WLAN is never reached > but 5,8 Mbit/s overall speed seems very slow to me - no? > > Anything i can do to speed this up? It seems to me that the ralink cards are not great, and in some cases the rt2x00 drivers (at least when certain options are set/selected) are much slower than the other drivers, but I don't remember details. You could try asking for help on the rt2x00-users list: us...@rt2x00.serialmonkey.com http://rt2x00.serialmonkey.com/mailman/listinfo/users_rt2x00.serialmonkey.com (It's not really a very active list, though you might look through the archives to see if anyone reported problems/work-arounds/solutions with your card. http://rt2x00.serialmonkey.com/pipermail/users_rt2x00.serialmonkey.com/) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112223802.GA12139@side
i386 MultiArch: Am I Right or Wrong?
As I understand on an AMD64 system, when i386 multi-architecture is "enabled" and apt-get update is run, nothing gets installed until one installs some 386 app, etc., and then only those i386 dependencies specific to, and necessary for THAT app are installed. Nothing else. So, for example, a 386 app XYZ has a single 386 library dependency of abc.lib. ONLY that 386 lib will be installed. Right? This is different from my Fedora days where you got almost a complete 386 system installed beside your 64-bit one -- all libraries, configs, etc. Only a few system things like the kernel didn't get mirrored. Almost doubled the size of an install. Don't want this to happen with my 64-bit Wheezy set up. So I'm checking first. A lot to go through just to run one app that's only available in 32-bit. But what can you do? B -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112141723.69770...@debian7.boseck208.net
Re: unable to boot with systemd (works with sysvinit)
On Sat, Jan 10, 2015 at 12:33:36PM +0100, Johannes Schauer wrote: > > I'm not subscribed, so please keep me CC-ed. > > I'm unable to boot my laptop with systemd which worked before. I'm unable to > tell the changes I made since the last time it worked because according to my > uptime, the last time I rebooted was September last year. I see you already have a bug report, so including it for the list: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758808 (Also for reference, your older bug report, where you first saw this issue, indicates that this might have arisen between systemd 204-14 and systemd 208-6: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755581) > The output of `journalctl -xb` in the systemd rescue console is here: > > https://mister-muffin.de/p/AabX.txt > > My system contains up-to-date package versions with Debian Jessie. This means > I'm running systemd and udev version 215-8. > > Since the problem seems to be related to a failed fsck job, according to above > log, here is my fstab (minus comment lines): It looks to me like it's not fsck as much as not being able to access /boot, /home and swap. If you want to check this, you can probably tell systemd not to run fsck at boot. (How to do this was the topic of some recent threads on debian-user, but I didn't follow them so I can't help with that.) > proc/proc procdefaults0 0 > /dev/mapper/volumegroup-root/ ext4errors=remount-ro 0 > 1 > UUID=ac034ff5-d28a-4ad1-8bac-97d554395e3e /boot ext2defaults > 0 2 > /dev/mapper/volumegroup-home /home ext4defaults0 2 > /dev/mapper/volumegroup-swap noneswapsw 0 0 > /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0 > cgroup /sys/fs/cgroup cgroup defaults 0 0 > tmpfs /tmptmpfs nodev,nosuid,size=8G 0 0 > tmpfs /runtmpfs nodev,nosuid,size=8G 0 0 > > I also booted my system into the initramfs busybox by passing "break" to the > kernel command line and did an `fsck -f` on my root and home partitions and > everything seems to be clean. > > Booting my laptop with sysvinit instead works fine, so my fstab should be > correct. > > How can I further debug this problem? The journalctl output seems > inconclusive. I wonder if the problem is with decryption (under systemd), which then leads to the timeout when accessing everything inside it? Unfortunately, I don't know enough to suggest a good way to test this. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112213808.GA11541@side
wireless usb adopter installation
hi i am using compaq 32bit desktop. i am new user of debian 5. i am using wifi USB TL- WN727N its woks fine in xp but not working in debain5. i am new in linux debian5 plz tell me all steps which i follow and easily install driver. tell me installation process with complete commands. thanx regards zaheer zaheerahmad...@gmail.com
Re: Have I been hacked?
On 01/12/2015 02:47 AM, Joel Rees wrote: On Sun, Jan 11, 2015 at 4:37 AM, Ric Moore wrote: You all may wish to read this, from ars technica: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/1/ Very interesting. So interesting that I downloaded cudahashcat. I have 96 cuda cores, and it was running the sample program quickly as it tore into 6 char / 2 numeral paaswd combinations. :) Ric Good for you. That article did a much better job of talking about cracking pswords/passcodes/passphrases than my ramble did. p/s for the sake of $deity, please TRIM these posts!! Heh. Still trying to figure out how I pasted that post into the middle of the post. I was dozing of, I'm sure that had something to do with it. I humbly apologize to you as that rant was directed at ALL who let the thread be untrimmed, not you solely. :) Ric -- My father, Victor Moore (Vic) used to say: "There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome." R.I.P. Dad. Linux user# 44256 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b43230.2060...@gmail.com
Re: Have I been hacked?
On 12/01/15 16:41, Jerry Stuckle wrote: On 1/12/2015 10:10 AM, Chris Bannister wrote: Oh, come on! http://www.thefreedictionary.com/context It is all about *who* you are, or claim to be. https://danielmiessler.com/blog/security-identification-authentication-and-authorization/ You have completely missed the point, Chris. And don't believe every blog you read on the internet. Pot, kettle, black In fact this blog pretty much describes what I am talking about. Seems to be falling on deaf ears though Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b42f25.4000...@thargoid.co.uk
Re: Fwd: Re: Have I been hacked?
On 12/01/15 16:50, Jerry Stuckle wrote: On 1/12/2015 11:36 AM, i...@thargoid.co.uk wrote: Forwarding to the list as I seemed to have managed to leave it off. Apologies. Knowledge is easier to duplicate than a physical item. You mentioned the ATM attack. Incorrect. Knowledge cannot be duplicated if there is no basis for that knowledge. For instance, it was not possible for archeologists to decipher ancient Egyption hieroglyphics before the discovery of the Rosetta Stone in 1799 - before this, there was no basis for knowledge of the language. Really? Are you honestly saying that because they did not know what the hieroglyphics meant, they were unable to copy them? They were unable to decipher them. It has nothing to do with copying. Since when is duplication not copying? I happen to agree with Joel here. I don't want to know the dictionary definition - I want to know YOUR definition of security. Semantics is a boring argument. If you wish, tell me yours and I will tell you mine (oooh err missus ;) You were asked first. How about putting up? Not playing that game. Joel wanted a definition I gave a definition that apparently was not good enough for you. Tough! ) my fingerprint (being something I am) You sure it's not something you have? Nope - I am pretty sure it is something I am, within the context of the above statement. A fingerprint is something you HAVE. It is present on your body; it is NOT something you are. You can leave a fingerprint on a glass, for instance, and it doesn't affect you at all. Jerry - just cos you shout does not mean you are more RIGHT. And repeating something ad nauseum doesn't make you right. Very true. Again, within the context of the above statement it is. You may disagree. Fair enough. You need to learn the difference between "is" and "has". They are two entirely different concepts, but you seem to have them mixed up. Not really. I can understand you not wanting to accept that, say, you iris scan is something you are. Surely your eye (and all it's unique properties) is something you have. I have 2 eyes. How can it be something I am? From the point of view of authentication, this is something you are because it is unique to you. Get it now? is more secure than a password. Unless someone chops your hand off to steal your BMW. Again - implementation. Is the hand warm? Is there a pulse? Not part of the fingerprint - but again, these can be duplicated - a latex glove with the fingerprint etched into it, for instance. May or may not work, depending on the implementation. It has been proven to work. That's one reason fingerprints alone are not used for government security. If you think I meant that fingerprints alone are more secure that a password, then of course this is not the case. As well, fingerprints are an _example_ of something you are. Oh, and we all know how secure governments are Also, an ssh-key (being something I have Now there's an interesting assertion. It seems reasonable, if one accepts certain implicit, arbitrary boundaries between the three classes of tokens invoked above. -- seems reasonable -- ) is more secure than a password. And, yet, it is no more secure than the user account on the machine in which it is stored. OK sure - but we are discussing how to authenticate to an account right? We are discussing how to authenticate an account on another machine. If your key is on your machine, and I steal your machine, I can break the passphrase your key uses. It may take a while, but it will be a lot faster than if that same passphrase were uses as a password to your server. Is this due to being limited over the network for the number of tries? What if I delete the key on the server when my machine is stolen? What if I generate new keys every week? It is so easy for me to prevent that it isn't even funny. All I need to do is copy the keyfile (or indeed, the entire disk) to another machine. In fact, that's what I'll probably do, anyway. That way I can access all of your data without even booting your machine. Jolly good. The public key from which you have the private key and are hacking away on to brake the passphrase has been removed from all machines. It is now completely useless to you. Of course, if your disk is encrypted, that becomes another problem. But then you have to use a password to decrypt the disk... Or a fingerprint ;) Something you have and something you are have to be digitised, to produce a token that can be used to prove your identity to a computer system. That is part of the implementation. Everything you have mentioned is something I "have". I "have" knowledge of a long, random password (not stored anywhere else). I "have" a key stored on my computer (protected by a password). I "have" a fingerprint. In your opinion. Not in mine (within the context of this discussion) You seem to have difficulty in understanding "have" versus "is". No
Re: Have I been hacked?
On Sun 11 Jan 2015 at 16:43:34 -0700, Bob Proulx wrote: > Brian wrote: > > Bob Proulx wrote: > > > Complete agreement. I want to go further and say that a password that > > > you can remember without needing to write it down is probably not a > > > good password. > > > > Security of an ssh login is aimed at allowing access to some but denying > > it to others. An authorised user who cannot remember his 20 character > > password has experienced a security failure. > > Security is the part of the system designed to make it not only hard > to use but the design goal is to prevent it from being used. Seeing that my argument that enforcing (if it is possible) an unmemorable password is not in the best interests of security doesn't gain any tracton, let me try a different tack. The password TwasBrilligAndTheSlithyToves strikes me as a pretty good one for an ssh login. (I have capitalised some letters for readability, not to add complexity). Personally, I find it easy to remember and associate with ssh and my account. I cannot see why it is not a good password for me. The automated probes wouldn't get close to cracking it. The danger might be a directed attack - from friends, associates, colleagues etc. If they knew about my fixation on Lewis Carroll they might have a go at breaking in. Actually, it would be ok as a password for banking access too. There surely cannot be a banking site which does not take action after a number of failed logins. Maybe not using fail2ban, but a similar approach which protects both parties. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/12012015193541.dea84e875...@desktop.copernicus.demon.co.uk
Re: Fwd: Re: Have I been hacked?
On 01/12/2015 11:50 AM, Jerry Stuckle wrote: You should learn from some REAL security experts, not the internet. Like who? There are compromises all over the net, with consumer security files lying in the open like gutted bleeding fish. I don't think anyone is a "REAL security expert", except the ones breaking in. Any advances we have now is result of closing the barn doors after the cow got out. I guess we owe the BlackHats that much. :/ Ric -- My father, Victor Moore (Vic) used to say: "There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome." R.I.P. Dad. Linux user# 44256 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b428aa.7060...@gmail.com
Re: debian/testing philosophie?
On Sat, Jan 10, 2015 at 02:09:02PM +0100, Hans wrote: > To all these thoughts, what do you advice me to install? Better unstable than > testing? I know, youi will now say "stable" but stable is sometimes just too > old for a desktop (for example I had problems with the installation on > notebooks, as the rather old kernel from debian/stable did not support some > modern hardware network card or the wlan-card). Have you checked wheezy-backports? Kernels up to 3.16 are available there for use with wheezy systems. -dsr- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112192417.gq30...@randomstring.org
Re: Fwd: Re: Have I been hacked?
On 1/12/2015 11:36 AM, i...@thargoid.co.uk wrote: > Forwarding to the list as I seemed to have managed to leave it off. > Apologies. > > >> >>> Knowledge is easier to duplicate than a physical item. You mentioned the >>> ATM attack. >> >> Incorrect. Knowledge cannot be duplicated if there is no basis for that >> knowledge. >> >> For instance, it was not possible for archeologists to decipher ancient >> Egyption hieroglyphics before the discovery of the Rosetta Stone in 1799 >> - before this, there was no basis for knowledge of the language. > > Really? Are you honestly saying that because they did not know what the > hieroglyphics meant, they were unable to copy them? They were unable to decipher them. It has nothing to do with copying. >> >> The same is true for passwords. If you don't have a basis for knowledge >> of the password's construction, it is impossible to duplicate that >> password in any reasonable length of time. >> >> For instance - let's see you duplicate the password to one of my >> servers. You won't be able to do it, because it's random and I don't >> have it written down anywhere. Even if you steal every one of my >> computers, it won't help you at all, because it's not stored on any of >> them. > > What if I stand over your shoulder with a video camera and video you > typing? Or I would shoot you. > indeed install a keylogger on your machine? > You'd first have to compromise my machine. And that you can't do. > You seem to be confusing duplicate with understand, or maybe you are > just confusing me :) > >> >>> How do you define security? >>> >>> I don't need to. There is already a definition in English for this: >>> >>> http://dictionary.cambridge.org/dictionary/british/security >> >> I happen to agree with Joel here. I don't want to know the dictionary >> definition - I want to know YOUR definition of security. >> > > Semantics is a boring argument. If you wish, tell me yours and I will > tell you mine (oooh err missus ;) > You were asked first. How about putting up? > >> >> > ) my fingerprint (being something I am) You sure it's not something you have? >>> >>> Nope - I am pretty sure it is something I am, within the context of the >>> above statement. >>> >> >> A fingerprint is something you HAVE. It is present on your body; it is >> NOT something you are. You can leave a fingerprint on a glass, for >> instance, and it doesn't affect you at all. > > Jerry - just cos you shout does not mean you are more RIGHT. > And repeating something ad nauseum doesn't make you right. > Again, within the context of the above statement it is. You may > disagree. Fair enough. > > You need to learn the difference between "is" and "has". They are two entirely different concepts, but you seem to have them mixed up. > is more > secure than a password. Unless someone chops your hand off to steal your BMW. >>> >>> Again - implementation. Is the hand warm? Is there a pulse? >>> >> >> Not part of the fingerprint - but again, these can be duplicated - a >> latex glove with the fingerprint etched into it, for instance. > > May or may not work, depending on the implementation. > It has been proven to work. That's one reason fingerprints alone are not used for government security. >> > Also, an ssh-key (being something I have Now there's an interesting assertion. It seems reasonable, if one accepts certain implicit, arbitrary boundaries between the three classes of tokens invoked above. -- seems reasonable -- > ) is more > secure than a password. And, yet, it is no more secure than the user account on the machine in which it is stored. >>> >>> OK sure - but we are discussing how to authenticate to an account right? >>> >> >> We are discussing how to authenticate an account on another machine. If >> your key is on your machine, and I steal your machine, I can break the >> passphrase your key uses. It may take a while, but it will be a lot >> faster than if that same passphrase were uses as a password to your >> server. > > Is this due to being limited over the network for the number of tries? > What if I delete > the key on the server when my machine is stolen? What if I generate new > keys every week? > It is so easy for me to prevent that it isn't even funny. All I need to do is copy the keyfile (or indeed, the entire disk) to another machine. In fact, that's what I'll probably do, anyway. That way I can access all of your data without even booting your machine. Of course, if your disk is encrypted, that becomes another problem. But then you have to use a password to decrypt the disk... >> >>> >>> Something you have and something you are have to be digitised, to >>> produce a >>> token that can be used to prove your identity to a computer system. >>> That is >>> part of the implementation. >>> >> >> Everything you have mentioned is something I "ha
Re: Have I been hacked?
On 1/12/2015 10:10 AM, Chris Bannister wrote: > On Mon, Jan 12, 2015 at 09:19:58AM -0500, Jerry Stuckle wrote: >> On 1/12/2015 8:05 AM, i...@thargoid.co.uk wrote: >>> >>> Nope - I am pretty sure it is something I am, within the context of the >>> above statement. >>> >> >> A fingerprint is something you HAVE. It is present on your body; it is >> NOT something you are. You can leave a fingerprint on a glass, for >> instance, and it doesn't affect you at all. > > Oh, come on! > http://www.thefreedictionary.com/context > > It is all about *who* you are, or claim to be. > > https://danielmiessler.com/blog/security-identification-authentication-and-authorization/ > You have completely missed the point, Chris. And don't believe every blog you read on the internet. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b3f931.8050...@gmail.com
Re: A capability in the IMAP protocol.
* From: Andrei POPESCU em concurrently. Someone might work with a smartphone and a desktop system concurrently for example. IMAP is useful there. In a simpler but similar case, an mbox file can be on a flash storage card which is shifted from one machine to another not too frequently. Then POP3 suffices to retrieve messages to the mbox. If a client system has only IMAP, the question of simulating POP3 arises. Regards,... Peter E. -- 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12 Tel +1 360 639 0202 http://carnot.yi.org/ Bcc: peter at easthope. ca -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/E1YAhXd-0002id-7i@dalton.invalid
Fwd: Re: Have I been hacked?
Forwarding to the list as I seemed to have managed to leave it off. Apologies. Knowledge is easier to duplicate than a physical item. You mentioned the ATM attack. Incorrect. Knowledge cannot be duplicated if there is no basis for that knowledge. For instance, it was not possible for archeologists to decipher ancient Egyption hieroglyphics before the discovery of the Rosetta Stone in 1799 - before this, there was no basis for knowledge of the language. Really? Are you honestly saying that because they did not know what the hieroglyphics meant, they were unable to copy them? The same is true for passwords. If you don't have a basis for knowledge of the password's construction, it is impossible to duplicate that password in any reasonable length of time. For instance - let's see you duplicate the password to one of my servers. You won't be able to do it, because it's random and I don't have it written down anywhere. Even if you steal every one of my computers, it won't help you at all, because it's not stored on any of them. What if I stand over your shoulder with a video camera and video you typing? Or indeed install a keylogger on your machine? You seem to be confusing duplicate with understand, or maybe you are just confusing me :) How do you define security? I don't need to. There is already a definition in English for this: http://dictionary.cambridge.org/dictionary/british/security I happen to agree with Joel here. I don't want to know the dictionary definition - I want to know YOUR definition of security. Semantics is a boring argument. If you wish, tell me yours and I will tell you mine (oooh err missus ;) ) my fingerprint (being something I am) You sure it's not something you have? Nope - I am pretty sure it is something I am, within the context of the above statement. A fingerprint is something you HAVE. It is present on your body; it is NOT something you are. You can leave a fingerprint on a glass, for instance, and it doesn't affect you at all. Jerry - just cos you shout does not mean you are more RIGHT. Again, within the context of the above statement it is. You may disagree. Fair enough. is more secure than a password. Unless someone chops your hand off to steal your BMW. Again - implementation. Is the hand warm? Is there a pulse? Not part of the fingerprint - but again, these can be duplicated - a latex glove with the fingerprint etched into it, for instance. May or may not work, depending on the implementation. Also, an ssh-key (being something I have Now there's an interesting assertion. It seems reasonable, if one accepts certain implicit, arbitrary boundaries between the three classes of tokens invoked above. -- seems reasonable -- ) is more secure than a password. And, yet, it is no more secure than the user account on the machine in which it is stored. OK sure - but we are discussing how to authenticate to an account right? We are discussing how to authenticate an account on another machine. If your key is on your machine, and I steal your machine, I can break the passphrase your key uses. It may take a while, but it will be a lot faster than if that same passphrase were uses as a password to your server. Is this due to being limited over the network for the number of tries? What if I delete the key on the server when my machine is stolen? What if I generate new keys every week? Something you have and something you are have to be digitised, to produce a token that can be used to prove your identity to a computer system. That is part of the implementation. Everything you have mentioned is something I "have". I "have" knowledge of a long, random password (not stored anywhere else). I "have" a key stored on my computer (protected by a password). I "have" a fingerprint. In your opinion. Not in mine (within the context of this discussion) And the security of these three items are in DESCENDING order. In your opinion. Again, shouting does not make you right. Iain Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2711d91488cf15ad4c87653734c35...@thargoid.co.uk
Re: A capability in the IMAP protocol.
> IMAP allows retrieving a message, and IMAP allows deleting a message, so > this can certainly be done. (As long as the server actually respects the > delete command, rather than archiving on delete or something like that, > but that would be server-specific.) > ... > I imagine that various other mail clients also provide sufficiently > capable message-filtering or other scripting functionality. No direct > support for this by IMAP itself should be necessary. Thanks. After some exporation and trial & error with the client it work nicely, Thanks again, ... Peter E. -- 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12 Tel +1 360 639 0202 http://carnot.yi.org/ Bcc: peter at easthope. ca -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/E1YAh3R-0002iC-Va@dalton.invalid
mounting a labeled filesystem
peter@dalton:~$ grep GRN /etc/fstab LABEL=GRNSDHC41 /home/peter/GR auto defaults,noauto,user,users 0 0 peter@dalton:~$ mount LABEL=GRNSDHC41 mount: must be superuser to use mount peter@dalton:~$ sudo mount LABEL=GRNSDHC41 [sudo] password for peter: peter@dalton:~$ mount | grep GR /dev/sda1 on /home/peter/GR type ext2 (rw,nosuid,nodev,noexec,relatime,errors=continue,user_xattr,acl) Does anyone have a clever way to allow a user to mount a storage part containing a labeled filesystem without giving a password? Thanks, ... Peter E. -- 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12 Tel +1 360 639 0202 http://carnot.yi.org/ Bcc: peter at easthope. ca -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/E1YAg9s-0002YN-Eo@dalton.invalid
Re: mounting a labeled filesystem
On Mon, Jan 12, 2015 at 06:18:13AM -0800, pe...@easthope.ca wrote: > peter@dalton:~$ grep GRN /etc/fstab > LABEL=GRNSDHC41 /home/peter/GR auto defaults,noauto,user,users 0 0 > > peter@dalton:~$ mount LABEL=GRNSDHC41 > mount: must be superuser to use mount The "user" option SHOULD allow this. What happens if you request the mount by mountpoint, rather than by label? $ mount /home/peter/GR Another alternative is to run "strace mount LABEL=GRNSDHC41" and then read the last few lines to see where the rejection is coming from (for example, is mount unable to read fstab, is the kernel rejecting the mount etc etc). > peter@dalton:~$ sudo mount LABEL=GRNSDHC41 > [sudo] password for peter: > peter@dalton:~$ mount | grep GR > /dev/sda1 on /home/peter/GR type ext2 > (rw,nosuid,nodev,noexec,relatime,errors=continue,user_xattr,acl) > > Does anyone have a clever way to allow a user to mount a storage > part containing a labeled filesystem without giving a password? > > Thanks, ... Peter E. > > -- > 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12 > Tel +1 360 639 0202 http://carnot.yi.org/ Bcc: peter at easthope. ca > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/E1YAfor-0002T2-Qg@dalton.invalid > signature.asc Description: Digital signature
Re: Have I been hacked?
On Mon, Jan 12, 2015 at 09:19:58AM -0500, Jerry Stuckle wrote: > On 1/12/2015 8:05 AM, i...@thargoid.co.uk wrote: > > > > Nope - I am pretty sure it is something I am, within the context of the > > above statement. > > > > A fingerprint is something you HAVE. It is present on your body; it is > NOT something you are. You can leave a fingerprint on a glass, for > instance, and it doesn't affect you at all. Oh, come on! http://www.thefreedictionary.com/context It is all about *who* you are, or claim to be. https://danielmiessler.com/blog/security-identification-authentication-and-authorization/ -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112151008.GA2954@tal
mounting a labeled filesystem
peter@dalton:~$ grep GRN /etc/fstab LABEL=GRNSDHC41 /home/peter/GR auto defaults,noauto,user,users 0 0 peter@dalton:~$ mount LABEL=GRNSDHC41 mount: must be superuser to use mount peter@dalton:~$ sudo mount LABEL=GRNSDHC41 [sudo] password for peter: peter@dalton:~$ mount | grep GR /dev/sda1 on /home/peter/GR type ext2 (rw,nosuid,nodev,noexec,relatime,errors=continue,user_xattr,acl) Does anyone have a clever way to allow a user to mount a storage part containing a labeled filesystem without giving a password? Thanks, ... Peter E. -- 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12 Tel +1 360 639 0202 http://carnot.yi.org/ Bcc: peter at easthope. ca -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/E1YAfor-0002T2-Qg@dalton.invalid
Re: Have I been hacked?
On 1/12/2015 8:05 AM, i...@thargoid.co.uk wrote: > > While it is possible to enforce certain password policies (e.g. must use > capital letters, numbers, symbols etc) these > do not necessarily dictate a secure password. I guess if I know you > phone number, if it is stored in my phone I have > it as well. Someone steals my phone they now also know and have your > number. If I do not add it to my phone, do I still > have it? > No different than having a key on your notebook and having the notebook stolen. > Knowledge is easier to duplicate than a physical item. You mentioned the > ATM attack. Incorrect. Knowledge cannot be duplicated if there is no basis for that knowledge. For instance, it was not possible for archeologists to decipher ancient Egyption hieroglyphics before the discovery of the Rosetta Stone in 1799 - before this, there was no basis for knowledge of the language. The same is true for passwords. If you don't have a basis for knowledge of the password's construction, it is impossible to duplicate that password in any reasonable length of time. For instance - let's see you duplicate the password to one of my servers. You won't be able to do it, because it's random and I don't have it written down anywhere. Even if you steal every one of my computers, it won't help you at all, because it's not stored on any of them. > >> >> How do you define security? > > I don't need to. There is already a definition in English for this: > > http://dictionary.cambridge.org/dictionary/british/security I happen to agree with Joel here. I don't want to know the dictionary definition - I want to know YOUR definition of security. >>> ) my fingerprint (being something I am) >> >> You sure it's not something you have? > > Nope - I am pretty sure it is something I am, within the context of the > above statement. > A fingerprint is something you HAVE. It is present on your body; it is NOT something you are. You can leave a fingerprint on a glass, for instance, and it doesn't affect you at all. Also, a fingerprint be duplicated from anywhere you leave it. Watch some of the CSI or similar TV shows, for instance. They take fingerprints off of surfaces all the time. And it's not much harder to make a duplicate of the fingerprint which can be used to access a system. It's already been done multiple times with the new IPhone fingerprint "security". >> >>> is more >>> secure than a password. >> >> Unless someone chops your hand off to steal your BMW. > > Again - implementation. Is the hand warm? Is there a pulse? > Not part of the fingerprint - but again, these can be duplicated - a latex glove with the fingerprint etched into it, for instance. >> >>> Also, an ssh-key (being something I have >> >> Now there's an interesting assertion. It seems reasonable, if one >> accepts certain implicit, arbitrary boundaries between the three >> classes of tokens invoked above. >> >> -- seems reasonable -- >> >>> ) is more >>> secure than a password. >> >> And, yet, it is no more secure than the user account on the machine in >> which it is stored. > > OK sure - but we are discussing how to authenticate to an account right? > We are discussing how to authenticate an account on another machine. If your key is on your machine, and I steal your machine, I can break the passphrase your key uses. It may take a while, but it will be a lot faster than if that same passphrase were uses as a password to your server. > > Something you have and something you are have to be digitised, to produce a > token that can be used to prove your identity to a computer system. That is > part of the implementation. > Everything you have mentioned is something I "have". I "have" knowledge of a long, random password (not stored anywhere else). I "have" a key stored on my computer (protected by a password). I "have" a fingerprint. And the security of these three items are in DESCENDING order. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b3d80e.3060...@gmail.com
Re: Choosing/Rotating screen for greeter
On Mon, 2015-01-12 at 11:01 +, Daniel Lintott wrote: > Hi, > > I've recently switched to using one of my screens in vertical > orientation. This is fine from the desktop (after login), but currently > the greeter displays on the vertical screen but on it's side. > > Is it possible to move the greeter to the other screen, which is > horizontal or rotate the greeter so it displays correctly? I found an old thread about this: http://ubuntuforums.org/showthread.php?t=1602481 It might still be possible to do something similar, but the configuration files have changed a bit. -- Cheers, Sven Arvidsson http://www.whiz.se PGP Key ID 760BDD22 signature.asc Description: This is a digitally signed message part
Screen refresh
Hi, I have an annoying refreshing/redrawing issue with my monitor screen LG Flatron L222WS on my Wheezy (Nvidia GT 640 with last proprietary driver installed). The screen, pretty much all the time, does not refresh the image (does not redraw it) : the screen stays idle for example when I change tabs in iceweasel, I have to resize, minimize and maximize the window to effectively see the screen to update the image. And that happens in every softwares installed as long as they have graphical interface, of course. :) Did anyone have the same issue or figure what could be the cause of that issue ? Thank you, -- “One original thought is worth a thousand mindless quotings.” “Le vrai n'est pas plus sûr que le probable.” Diogene Laerce signature.asc Description: OpenPGP digital signature
Re: Have I been hacked?
On 2015-01-12 08:24, Joel Rees wrote: On Mon, Jan 12, 2015 at 7:32 AM, Iain M Conochie wrote: On 10/01/15 20:31, Brian wrote: By all means advocate and use ssh keys. But at least provide some substantial reason for spurning password login for that particular situation. A blanket "don't use passwords" or "keys are better" doesn't cut it. There are 3 (current) factors in authentication: According to some models. Care to enlighten me about others? 1. What the user knows Knowledge is a thing which is had. It is potentially easy to duplicate, in smal pieces. The choice of which piece is used is hopefuly not so easily duplicated. This is the first assumed weakness of passwords, that most people are lazy about the choice. While it is possible to enforce certain password policies (e.g. must use capital letters, numbers, symbols etc) these do not necessarily dictate a secure password. I guess if I know you phone number, if it is stored in my phone I have it as well. Someone steals my phone they now also know and have your number. If I do not add it to my phone, do I still have it? 2. What the user has Typical example is a bank card. Unfortunately, this is easy to duplicate, if one is not careful about where one uses it. (ATM machines where the front panel has been augmented by atackers, and the reader slot has a second reader hiding in front of the real reader provide one example.) Physical keys, like the key to your front door or to the safe deposit box, are another example. Yup - I agree with this. 3. What the user is Try to define that in a way useful to authentication, without invoking either of the above concepts. These increase in security as you go higher up the number. How do prove that? Knowledge is easier to duplicate than a physical item. You mentioned the ATM attack. That requires particular equipment to successfully orchestrate, and in fact many ATM's have been modified to not allow said equipment to function. Of course, with the advent of 3D printing, duplicating physical items is much easier that it used to be. How do you define security? I don't need to. There is already a definition in English for this: http://dictionary.cambridge.org/dictionary/british/security So (assuming the implementation is secure Is "secure" here related to security above? Secure as in the implementation has as close to 0 defects as possible. ) my fingerprint (being something I am) You sure it's not something you have? Nope - I am pretty sure it is something I am, within the context of the above statement. is more secure than a password. Unless someone chops your hand off to steal your BMW. Again - implementation. Is the hand warm? Is there a pulse? Also, an ssh-key (being something I have Now there's an interesting assertion. It seems reasonable, if one accepts certain implicit, arbitrary boundaries between the three classes of tokens invoked above. -- seems reasonable -- ) is more secure than a password. And, yet, it is no more secure than the user account on the machine in which it is stored. OK sure - but we are discussing how to authenticate to an account right? (Noting, not coincidentally, that the computer storage device acts as a memory proxy.) In each case we have the _implementation_ among other things Please expand on other things to let us down. #1 is up to the user whereas #2 and #3 are up to the programmer. I can think of a number of ways in which what you appear to be talking about as something you have and something you are are as much under control of the user as under control of the programmer. Something you have and something you are have to be digitised, to produce a token that can be used to prove your identity to a computer system. That is part of the implementation. Who do you trust ;) I would prefer that we all learn to program. I would prefer that no-one would try and break into my machines to be honest, but we all know that is not going to happen any time soon. Cheers Iain -- Joel Rees The only truly secure computer is the one that you wrote all the OS and application code for. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/23baaf9183378cac13fcbef4f7762...@thargoid.co.uk
Re: Choosing/Rotating screen for greeter
On 12/01/15 11:48, Alex Mestiashvili wrote: > I use lightdm with option display-setup-script: > > display-setup-script=/etc/fixscreen.sh > > cat /etc/fixscreen.sh: > #!/bin/sh > /usr/bin/xrandr --output DP-1 --rotate left > > execute xrandr in your x session to get the output names. Thankyou Alex, I had found a similar post on askubuntu (after I sent the mail). Along with [1], I have added the command to the bottom of /etc/gdm3/Init/Default which seems to have resolved the issue! [1] http://unix.stackexchange.com/questions/42611/how-can-i-run-a-script-that-starts-before-my-login-screen signature.asc Description: OpenPGP digital signature
Re: zsh is pretty good
On Mon, Jan 12, 2015 at 12:46:55AM -0500, kamaraju kusumanchi wrote: > I have always used bash as it is the default shell on Debian. However, > I started using zsh couple of days ago and find it pretty impressive. Have a look at this: http://grml.org/zsh/zsh-lovers.html At the very end there's a list of links. -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112122337.GB32305@tal
Re: Choosing/Rotating screen for greeter
On 01/12/2015 12:01 PM, Daniel Lintott wrote: Hi, I've recently switched to using one of my screens in vertical orientation. This is fine from the desktop (after login), but currently the greeter displays on the vertical screen but on it's side. Is it possible to move the greeter to the other screen, which is horizontal or rotate the greeter so it displays correctly? Cheers Daniel PS: I'm not subscribed, so please CC me. Thanks I use lightdm with option display-setup-script: display-setup-script=/etc/fixscreen.sh cat /etc/fixscreen.sh: #!/bin/sh /usr/bin/xrandr --output DP-1 --rotate left execute xrandr in your x session to get the output names. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b3b3f8.5010...@biotec.tu-dresden.de
Re: Have I been hacked?
On Mon, Jan 12, 2015 at 09:18:10AM +, Joe wrote: > On Mon, 12 Jan 2015 17:24:41 +0900 > Joel Rees wrote: > > > > The only truly secure computer is the one that you wrote all the OS > > and application code for. > > *And* the compiler(s) and the rest of the build toolchain... *and* the > BIOS, *and* the code for any network hardware you use...*and* the > firmware of all of your hardware... Actually, I disagree with this. If I were to write all the OS and application code for my computer, and all that other stuff, I would actually expect it to be LESS secure than it currently is. Mostly because I don't know what I'm doing. And I *REALLY* don't want to have to sit my parents down at a completely dead computer and say "Happy Christmas. You'll have to start writing code to boot strap this computer I got you. You might need to start with writing an editor... somehow." Actually, where DO you start with that task? OK, I could get people to review it, apply fixes but if the reason I'm writing this all myself is because I don't trust other people, when why would I trust their judgement? No, the better solution is what we already have. The OS, the application code, the build toolchain, the BIOS, the hardware firmware etc etc, should be written by the people who know about these things. The code should then be made available for peer review along with methods to confirm that what's loaded onto the computer is what was reviewed. Personally, I don't mind if a company says "the BIOS will only accept a firmware update signed by our key" if they also timely update that firmware with community patches. Open source doesn't really *have* to mean "anyone can modify the code". "Anyone can suggest modifications, which the original developers will approve/deny" should be an acceptable step. > > -- > Joe > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > https://lists.debian.org/20150112091810.40d30...@jresid.jretrading.com > signature.asc Description: Digital signature
Re: Have I been hacked?
On 01/12/2015 04:18 AM, Joe wrote: On Mon, 12 Jan 2015 17:24:41 +0900 Joel Rees wrote: >The only truly secure computer is the one that you wrote all the OS >and application code for. *And* the compiler(s) and the rest of the build toolchain...*and* the BIOS,*and* the code for any network hardware you use...*and* the firmware of all of your hardware... -- Joe Good point, Joe. I'd add that, because IC chips contain code too, we'd also need to build quite a lot of our own hardware. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b3acca.3020...@mousecar.com
Re: Searching for information site
On Sun, Jan 11, 2015 at 11:38:58PM +0100, Hans wrote: > Hello list, > > is there an information site, which or where I can subscribe, to get > informed, > when packages are put off the repo and its reason for it? Yes. https://ftp-master.debian.org/removals.html > > Thanks for any infos. > > Best > > Hans > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/2353102.Q4ozpoJYfO@protheus2 > signature.asc Description: Digital signature
Choosing/Rotating screen for greeter
Hi, I've recently switched to using one of my screens in vertical orientation. This is fine from the desktop (after login), but currently the greeter displays on the vertical screen but on it's side. Is it possible to move the greeter to the other screen, which is horizontal or rotate the greeter so it displays correctly? Cheers Daniel PS: I'm not subscribed, so please CC me. Thanks signature.asc Description: OpenPGP digital signature
Re: Have I been hacked?
On Mon, 12 Jan 2015 17:24:41 +0900 Joel Rees wrote: > The only truly secure computer is the one that you wrote all the OS > and application code for. *And* the compiler(s) and the rest of the build toolchain... *and* the BIOS, *and* the code for any network hardware you use...*and* the firmware of all of your hardware... -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150112091810.40d30...@jresid.jretrading.com
Re: Have I been hacked?
On Mon, Jan 12, 2015 at 7:32 AM, Iain M Conochie wrote: > > On 10/01/15 20:31, Brian wrote: >> >> By all means advocate and use ssh keys. But at least provide some >> substantial reason for spurning password login for that particular >> situation. A blanket "don't use passwords" or "keys are better" doesn't cut >> it. > > > There are 3 (current) factors in authentication: According to some models. > 1. What the user knows Knowledge is a thing which is had. It is potentially easy to duplicate, in smal pieces. The choice of which piece is used is hopefuly not so easily duplicated. This is the first assumed weakness of passwords, that most people are lazy about the choice. > 2. What the user has Typical example is a bank card. Unfortunately, this is easy to duplicate, if one is not careful about where one uses it. (ATM machines where the front panel has been augmented by atackers, and the reader slot has a second reader hiding in front of the real reader provide one example.) Physical keys, like the key to your front door or to the safe deposit box, are another example. > 3. What the user is Try to define that in a way useful to authentication, without invoking either of the above concepts. > These increase in security as you go higher up the number. How do prove that? How do you define security? > So (assuming the > implementation is secure Is "secure" here related to security above? > ) my fingerprint (being something I am) You sure it's not something you have? > is more > secure than a password. Unless someone chops your hand off to steal your BMW. > Also, an ssh-key (being something I have Now there's an interesting assertion. It seems reasonable, if one accepts certain implicit, arbitrary boundaries between the three classes of tokens invoked above. -- seems reasonable -- > ) is more > secure than a password. And, yet, it is no more secure than the user account on the machine in which it is stored. (Noting, not coincidentally, that the computer storage device acts as a memory proxy.) > In each case we have the _implementation_ among other things > to let us down. #1 is up to the > user whereas #2 and #3 are up to the programmer. I can think of a number of ways in which what you appear to be talking about as something you have and something you are are as much under control of the user as under control of the programmer. > Who do you trust ;) I would prefer that we all learn to program. -- Joel Rees The only truly secure computer is the one that you wrote all the OS and application code for. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caar43iov07n20efsd2qqbxa_t_-utavabbbxg4fkyrew7c_...@mail.gmail.com
