Re: Irony
Hi. On Sat, 9 Aug 2014 16:26:40 -0400 Steve Litt wrote: > Within months of my switch, oops, here comes systemd. Consider switching to the Debian/kFreeBSD. It's the same Debian, yet there won't be no systemd in the foreseeable future. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140810105130.b8e194270bd1187e3526e...@gmail.com
RE: System broken after full-upgrade: please help!
Hi, > On Sat, 09 Aug 2014 10:46:51 + Rodolfo Medina sent: > > > >> I've always used `halt' to shutdown the machine. Is `poweroff' >> proper to do that? >> >> Rodolfo > > poweroff doesn't work for me, but I tried it as root, next time I use it I > will try it as user and see if it works then. shutdown now does work as root. Rodolfo: Yes, poweroff is now the "proper way" to shutdown a machine. Wanderer: While using Wheezy starting to use poweroff is the proper way to migrate from halt. But I do agree, it might have been a good idea to communicate this in a better way. Charlie: According to the man pages all 3, halt, poweroff and reboot, use the shutdown command to perform the necessary steps when not starting in runlevel 0 or 6, which is pretty much always. So it is really weird that in your case poweroff does not work but shutdown does. - If halt or reboot is called when the system is not in runlevel 0 or 6, in other words when it's running normally, shutdown will be invoked instead (with the -h or -r flag). For more info see the shutdown(8) manpage. [...] Under older sysvinit releases , reboot and halt should never be called directly. From release 2.74 on halt and reboot invoke shutdown(8) if the system is not in runlevel 0 or 6. This means that if halt or reboot cannot find out the current runlevel (for example, when /var/run/utmp hasn't been initialized correctly) shutdown will be called, which might not be what you want. Use the -f flag if you want to do a hard halt or reboot. - Bonno Bloksma -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/89d1798a7351d040b4e74e0a043c69d79a916...@hglexch-01.tio.nl
Re: Mounting a FreeBSD USB Memory Stick Image rw
Hi. On Sat, 9 Aug 2014 20:34:35 +1000 Zenaan Harkness wrote: > Pity we don't have a generic FUSE module to run -all- filesystems in > userspace (as/when needed), so we could simply toggle 'experimental' > features on easily. Yet we do have UFS2 FUSE implementation :) http://sourceforge.net/projects/fuse-ufs2/ Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140810104159.892cb156ed3d465363689...@gmail.com
Re: understanding Debian support on ARM architecture
Hi. On Sun, 10 Aug 2014 04:40:05 +0300 Martin T wrote: > Hi, > > according to wiki, Debian is supported on little-endian ARM > architecture. However, then wiki lists some sub-architectures which > are supported. For example iop32x, ixp4xx, kirkwood and orion5x. Does > this mean that Debian ARM port works on fairly limited number of > sub-architectures? For example all the ARM-based embedded boards would > probably not work with Debian ARM port? There's a difference between x86 and ARM, and that difference is hardware enumeration. x86 provides OS with one, ARM does not. To boot any Linux on ARM and to work with any hardware, one does need so called 'device tree' ([1]) compiled into the kernel. So, to answer your question - you have 100% guarantee that booting any of armel Debian kernel won't be successful and will end with kernel panic in the best case for any of those ARM-based embedded boards. Now, if you manage to build a working kernel for that specific board and boot it - sure you can use any part of Debian with the board short of the stock kernel(s). [1] http://lwn.net/Articles/448502/ PS I'm happy user of kirkwood family Debian kernel :) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140810103916.2c514ecf0f51a27855c6d...@gmail.com
Re: disable keyboard outside of X Windows too
Hi. On Sun, 10 Aug 2014 11:02:13 +0800 積丹尼 Dan Jacobson wrote: > So how can I do it (and not zap the USB keyboard at the same time)? This should disable your PS/2 keyboard both in the console or X: echo -n manual > /sys/bus/serio/devices/serio0/bind_mode echo -n serio1 > /sys/bus/serio/drivers/atkbd/unbind To revert this change, you'll need this: echo -n atkbd > /sys/bus/serio/devices/serio0/drvctl echo -n auto > /sys/bus/serio/devices/serio0/bind_mode Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140810102800.5aadcc1d4ce06d3401df6...@gmail.com
Re: Fonts for all Unicode glyphs?
On Fri, Aug 08, 2014 at 06:49:10PM -0400, The Wanderer wrote:
> Is there any remotely straightforward way, in Debian, to install font
> packages to explicitly satisfy the goal of "provide suitable glyphs to
> cover the entire Unicode character space"? ('unifont' looks like it
> would get me started, but not cover everything, and I'd prefer to use
> some of the more specific fonts where applicable anyway.)
>
> If not, any idea(s) how to simplify or speed up the process of
> identifying appropriate font packages (or even font categories) on my
> own?
Interesting dilema.
I found these:
http://stackoverflow.com/questions/9834402/previewing-unicode-fonts-on-linux
http://unix.stackexchange.com/questions/14027/what-fonts-are-good-for-unicode-glyphs
Maybe there are other hits which may help:
http://www.google.com/search?q=what+fonts+provide+glyphs+Linux
--
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the
oppressing." --- Malcolm X
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140810052150.GJ17247@tal
Re: End of hypocrisy ?
Tom H wrote: > Bob Proulx wrote: > > I believe the point was that it should be "make before break". They > > should have allowed people to use systemd without preventing people > > from not using it. They didn't make a new system without breaking the > > old one. They broke the old one while trying to build the new one. > > That is the problem. You shouldn't burn down your old house while you > > are still designing and building your new house. > > Had Gnome not had to rely on systemd as pid 1, we might not have had a > CTTE bug, etc. But then the question becames did the GNOME 3 folks "had to rely" on systemd? Did they really have to do it? No. We have had a plethora of window managers and desktop systms for years and years and years without it. They didn't have to require it. I am not saying that there weren't corner cases with problems. I am saying that for all of those years we were apparently happy in spite of those corner case problems. Therefore I don't think GNOME 3 "had" to rely on systemd as pid 1. That is disproven by the last few decades without it. And somehow I think all of the happy *BSD users who don't have systemd will also disagree that it is a hard requirement. My point is that it would have been much easier if they had created a system that you could optionally migrate to without being *forced* onto it. Then if it turns out to be clearly superior people will desire to move to it. People would then move of their own volition because they would want to move to it. If they had done it that way it would have avoided much unpleasantness. Bob signature.asc Description: Digital signature
Re: Partitioning of new machine
AW wrote: > "B. M." wrote: > > optimal partitioning scheme which should last for the > > next 10 years :-) > > I've found that using lvm is a great idea. Resizing volumes is incredibly > easy. You can even easily resize a volume to occupy a portion of a new HDD. > So, my recommendation for new installs is always to use lvm. I almost always set up LVM on system these days. > > Is it still a good idea to put /var on an HDD, not a SSD? I am going to voice an opinion that is counter to what I have read through this thread. If it is a good quality SSD then I bet that SSD outlives the hard disk even if you have it on the busiest file system. With a mixed SSD and spinning hard disk I would probably put /var on the spinning hard disk. Mostly because I wouldn't care about the performance there and so the much slower hard disk would be fine. Leave the fast SSD for something you care about. > My understanding of SSD operation is that they are excellent for > write once, read often scenarios. Data that are going to be changed > often may not be good candidates for an SSD. Because there is so much caching involved the raw flash nand write performance is hidden. Instead because of all of the caching the SSD just seems like a very fast disk regardless of read versus write. I suppose one of us should run some file system performance tests for some real data. If only there were more time in the day to do all of these things. > There's also a tendency for SSD operation to slow if the drive is > re-written often. My information may be a bit outdated as SSD > technology has improved. If this is a problem it would be a vendor specific problem dependent upon the vendor and the firmware. This is definitely not a problem with the Intel SSDs I have been using. If your SSD slows down as it is used then mark that vendor as substandard and buy a better device from a different vendor. Early SSDs vendors that came up from the camera side of things had notable bad performance. Cameras have a completely different data flow from a computer system. But I think most vendors must have solved those problems by now and performance numbers will have converged significantly between vendors. There was a discussion of SSD performance just last month in this thread. https://lists.debian.org/debian-user/2014/07/msg00257.html > > /video HDD, btrfs, 560 GB > > for video editing or series, no backup, not encrypted > > /data HDD, btrfs, encrypted, keyfile, RAID1 (2 x 700 GB). > > With subvolumes for digikam archive, movie archive and music > > I don't know much about software RAID. I usually run a hardware RAID. > However, I'm not so sure it's a good idea to run a software RAID1 on a drive > that will also be used for video editing. It seems to me that the RAID1 > operation would drive down the performance of the HDD enough to significantly > affect video editing. I am surprised by your statement. Can you point to some benchmarks? Mirroring does not improve the write performance but neither does it significantly decrease it. Write performance is pretty much flat between a system with no mirroring, just one disk, and a system with two disks in a software RAID1 mirror. The data must be written to both disks. Read performance is increased with mirroring because the reads can use alternate spindles in parallel. Bob signature.asc Description: Digital signature
Re: IP Forwarding to Windows machine
Mike McClain wrote: > Pascal Hambourg wrote: > > Please describe your network topology. Where's the Win2k box ? > > __ > | Debian| LAN| Windows 2000 | > Inet|Linux|-| S40 | > (ppp) | 192.168.1.2 | cross-over| 192.168.1.3 | > |_| |___| It isn't 100% clear so I will ask. What IP address is the Debian box getting on the ppp connection? You only list one IP address for it but of course it must have another one for the upstream connection. And you left that one out leaving us guessing about it. Hopefully it isn't getting another 192.168.1.x IP address there from its upstream. If so then that would create routing problems for it. It would have the 192.168.1 subnet on both ports and that would cause it problems. For simple operation a router needs different IP subnets on the different ethernet ports. If the Debian box is getting a 192.168.1.x address from ppp then that would be a problem. In which case the downstream connection would need to change to a different subnet than the upstream subnet. Bob signature.asc Description: Digital signature
disable keyboard outside of X Windows too
Gentlemen, I wish to disable my built-in keyboard which is inhabited by a ghost occasionally typing bad things. I will instead use my USB keyboard. Of course in X windows, all that is needed is $ xinput --disable 'AT Translated Set 2 keyboard' The problem is I wish to disable the bad keyboard also in tty1 through tty6, i.e., outside of X Windows too! I found some things I could echo into: $ (cd /sys/devices/platform/i8042/serio0/ && find * -type f -perm /u=w) bind_mode drvctl extra force_release input/input0/power/control input/input0/power/async input/input0/power/autosuspend_delay_ms input/input0/event0/power/control input/input0/event0/power/async input/input0/event0/power/autosuspend_delay_ms input/input0/event0/uevent input/input0/uevent power/control power/async power/autosuspend_delay_ms scroll set softraw softrepeat uevent But looking in /usr/share/doc/linux-doc-3.14/Documentation/ABI/testing/ doesn't reveal how to actually turn it off! One might think that echo 0 > power/control would do it but answer would be way off! So how can I do it (and not zap the USB keyboard at the same time)? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mwbd6o96@jidanni.org
Re: Netflix in chrome-unstable on Debian Sid
On Sun, 10 Aug 2014 02:30:01 +0200 John Holland wrote: > working in Debian Sid VM by jtotheh @slashdot > http://entertainment.slashdot.org/comments.pl?sid=5512583&cid=47639701 netflix is going into Europe where Linux is widely used, especially in Germany. I believe they will have a .deb in the offing quite soon. -- CK -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/c4o3u4fpg6...@mid.individual.net
Re: Partitioning of new machine
On Sat, 09 Aug 2014, B. M. wrote: > Le 9 août 2014 à 05:44, Patrick Bartek a écrit : > > > On Fri, 08 Aug 2014, B. M. wrote: > > > >> Hi all, > >> > [snip] > >> > >> What do you think about the following: > >> > >> === SSD: === > >> /boot unencrypted, 300 MB > >> / ext4, encrypted, 25-30 GB > >> /home ext4, encrypted, keyfile, 220-225 GB > >> User data for two users > > > > I wouldn't put /home on the SSD. With all the writes involved, > > better to put it on a spinning disk. And by doing that, you don't > > need such a huge SSD. 64 to 100GB will more than do with > > just /boot and / on it. > > Well, my plan is to put /home on it, but without all database-related > stuff (e.g. digikam db) and iceweasel gets a cache size of 0. Maybe I > also move the downloads directory to the HDD together with one for > virtual machines. I don't think that there is much left which is > written so often, but maybe I'm wrong? Of course, it's your system, and you can configure it anyway you please, but you did ask for advice. However Why do you want /home on the SSD anyway? The main advantage of an SSD (on a desktop) is speed. Fast reads and writes. You've removed everything from /home that would take advantage of that speed. All that's left is user and app configs, trash, thumbnails, etc. Nothing that requires speedy response. So, there's no reason to have /home there. > > [snip] > > > > I wouldn't use btrfs. It's not ready for primetime, yet. Maybe, > > in a few years. Stick with ext4. It's proven and rock solid. If > > you want to "play" with brtfs, okay, but don't put any important > > files on it. > > > > Also ... You're RAID 1-ing two partitions on the SAME physical > > drive? For "auto-backup," I assume? Bad idea. If your one hard > > drive fails, both those RAIDed partitions are toast. Put one of > > those partitions on another HD. > > > > You might also look into using LVM instead of traditional > > partitioning, particularly if you plan on adding more hard drives. > > OK, I didn't mention that before, but my complete setup additionally > includes an external backup drive (of course) with hourly backups > of /etc and /home on one partition and a large second partition for > the backup of /data, so for /data I have the btrfs RAID1 internally > on the same drive which protects against bit rot plus one external > partition (so without RAID-redundancy) to protect against hardware > failure. I'm unsure if I should stick with ext4 for the external > backup because btrfs's integrated check summing is so appealing > (again the bit rot problem), but then there would still be the risk > of fs failures due to its experimental state - but as far as I found > out so far, btrfs should be ready as long as one doesn't use > snapshots and RAID 5+; its basic functionality seems to be safe. If you're backing up those RAIDed partitions hourly, you don't need RAID in the first place. As others here have mentioned: RAIDed partitions should be on different drives. And as far as btrfs is concerned: Even its developers don't recommend using it on production systems. It's not stable enough, yet. That's why it's called "experimental." Use at your own risk. > Currently I'm using LVM, but I'd like to get rid of this additional > complexity and keep things relatively simple. LVM does have its advantages, but I don't use it since I have no need for those advantages. Traditional partitioning works fine for me. I mentioned it because you talked about adding hard drives in the future to expand storage. With LVM, it's simple to add another drive (or more) to LVM'd drives. > Having a RAID1 on two partitions on the same disk is bad for r/w > performance, that's clear, but it's only for my photo archive which I > don't access so often (and writes are even less frequent); the > working part would reside inside /home, i.e. on the SSD (ext4). Poor performance? Yes. But more disadvantageous, it'll beat the drive head to death. > The alternative would be to put another HDD in the machine and set it > up as a RAID, but then my wife might complain about the additional > noise... What additional noise? My 8 year old system with two hard drives and three fans is VERY quiet even sitting next to it. 2 meters away? Barely audible. Of course, I used 125mm low speed, high volume fans. The CPU has an oversized fan, too. It's small, fast spinning fans that make noise, not hard drives. Unless, they're going bad. B -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809195259.56fdc...@debian7.boseck208.net
Re: Netflix in chrome-unstable on Debian Sid
John Holland wrote: working in Debian Sid VM by jtotheh @slashdot http://entertainment.slashdot.org/comments.pl?sid=5512583&cid=47639701 That does not say how Netflix support was installed. With pipelight-multi? And what is that "google-chrome-unstable deb"? Does that have a version number? Hugo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ls6mnt$e0a$1...@ger.gmane.org
Re: Software compatibility between different architectures?
> how compatible are drivers on ports for different CPU architectures, > e.g. I have a USB HSDPA modem which works great on Wheezy port for x86 > architecture, but can I expect it to work on Wheezy port for ARM? If your ARM platform's USB driver works, then yes, you can expect the exact same support for any USB device you plug into it. Stefan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/jwvk36hxdqi.fsf-monnier+gmane.linux.debian.u...@gnu.org
Re: clean up my system
On Sun, 10 Aug 2014 00:00:02 +0200 Floris wrote: > I want to clean up my system You could always install: bleachbit That will clean you out -- CK -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/c4o3gufpg6...@mid.individual.net
Re: clean up my system
Floris wrote: It has a out-of-the-box working multi-seat. Yes, even with the nvidia module it is a no pain configuration. In other words two (or more) computers for one price. Could you elaborate? You mean that if you connect, lets say a ps/2 keyboard and an USB keyboard, 2 Nvidia video cards with 2 monitors attached and 2 USB mice and I run systemd, then it will figure out how to make a 2-seater out of this. Meaning 2 users logged on simultaneously. Surely you must set up a proper xorg.conf, how much should it contain? Have you actually tried this or is it your conclusion that "systemd ought to do this"? Hugo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ls6lj2$5tv$1...@ger.gmane.org
Re: understanding Debian support on ARM architecture
On 8/9/2014 9:40 PM, Martin T wrote: > Hi, > > according to wiki, Debian is supported on little-endian ARM > architecture. However, then wiki lists some sub-architectures which > are supported. For example iop32x, ixp4xx, kirkwood and orion5x. Does > this mean that Debian ARM port works on fairly limited number of > sub-architectures? For example all the ARM-based embedded boards would > probably not work with Debian ARM port? > > > thanks, > Martin > > Martin, You're better off asking ARM questions on the Debian-arm list. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e6d19e.7090...@attglobal.net
understanding Debian support on ARM architecture
Hi, according to wiki, Debian is supported on little-endian ARM architecture. However, then wiki lists some sub-architectures which are supported. For example iop32x, ixp4xx, kirkwood and orion5x. Does this mean that Debian ARM port works on fairly limited number of sub-architectures? For example all the ARM-based embedded boards would probably not work with Debian ARM port? thanks, Martin -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cajx5yvgewxdqnlco4og8edpqnrcdd1ems4-0bpkmeraz1kx...@mail.gmail.com
Software compatibility between different architectures?
Hi, how compatible are drivers on ports for different CPU architectures, e.g. I have a USB HSDPA modem which works great on Wheezy port for x86 architecture, but can I expect it to work on Wheezy port for ARM? Can one expect the same options(modprobe parameters) for drivers on all platforms? What about firmware(for example firmware files for warious Wi-Fi adapters)? I guess all more or less not so hardware-related software(for example iptables/netfilter) works exactly the same between different ports? regards, Martin -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cajx5yve47sdkflgxufjmoff9yhdtpp3hyrxwgkfruo_qyxj...@mail.gmail.com
Re: par2
On 08/09/2014 12:24 PM, Gary Dale wrote: However I can see you wanting them to be out of the way. par2 actually puts them in the current directory unless you tell it differently so you could for example do: cd /mnt/datadrive/.par2/stuff par2 c files.par2 ../../stuff/* or just: par2 c /mnt/datadrive/.par2/stuff/files.par2 /mnt/datadrive/stuff/* or even: cd /mnt/datadrive/stuff par2 c ../.par2/stuff/files.par2 * Okay. I'll need to write a wrapper script to create and populate the tree. David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e6bd8a.6050...@holgerdanske.com
Netflix in chrome-unstable on Debian Sid
working in Debian Sid VM by jtotheh @slashdot http://entertainment.slashdot.org/comments.pl?sid=5512583&cid=47639701 -- John Holland jholl...@vin-dit.org gpg public key ID 0x9551CF2D signature.asc Description: PGP signature
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 09:13:23PM +0200, Pascal Hambourg wrote: > Hello, > > Mike McClain a ?crit : > > I've been trying to get my hand rolled iptables firewall to > > masquerade traffic on the LAN to/from a Win2K box. > > Please describe your network topology. Where's the Win2k box ? __ | Debian| LAN| Windows 2000 | Inet|Linux|-| S40 | (ppp) | 192.168.1.2 | cross-over| 192.168.1.3 | |_| |___| > What's S40 ? S40 short for south40 the name of the Win2K box. > > I've gotten it to > > the point that I can ping from the boxes both ways, > > Which boxes ? > > > smbclient can move files both ways > > Smbclient run on which box ? Smbclient run on the Linux box. > > and the Win2K box can ping Google's IP address but DNS > > lookup fails even though I've used the same DNS server in the Win2K > > box as on my Debian box which access the Inet via dialup. IE says > > "Cannot find server or DNS error." > > I've read every HOWTO and the iptables man pages several times but > > am at a loss. > > Suggestions? > > Same as Nemeth Gyorgy : restart without any filtering, just the IP > forwarding and masquerading. If it does not work, it's not due to > filtering. Then when everything works add the filtering. All suggestions appreciated. Thanks, Mike -- "Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden." - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2014081633.GE11824@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 08:24:11PM +0200, Nemeth Gyorgy wrote: > 2014-08-08 09:04 keltez?ssel, Mike McClain ?rta: > > I've been trying to get my hand rolled iptables firewall to > > masquerade traffic on the LAN to/from a Win2K box. I've gotten it to > > the point that I can ping from the boxes both ways, smbclient can move > > files both ways and the Win2K box can ping Google's IP address but DNS > > lookup fails even though I've used the same DNS server in the Win2K > > box as on my Debian box which access the Inet via dialup. IE says > > "Cannot find server or DNS error." < > > It's a rather complicated, sometimes overcomplicated script. But some > rules are missing and/or not in the correct order. I've little doubt you are correct, admittedly I'm flailing a bit. Trying this and that with little luck. I'd appreciate it if you'ld be a little more explicit as to what's missing and out of order. I'm running no external services. > To keep things more simple I suggest to do a minimal script and you can > make it more complicated later. I did exactly as you suggested, implimenting a minimalist set of rules, only the 5 you mentioned and saw improvement. now the Win2K box can ping google.com and get a reply but IE still can't connect to Google.com nor several other sites I tried, still reporting, "Cannot find server or DNS error." Thanks for your help. Any further suggestions? Mike -- "Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden." - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809234918.GD11824@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 09:16:05PM -0700, Matt Ventura wrote: > On 8/8/2014 12:04 AM, Mike McClain wrote: > > I've been trying to get my hand rolled iptables firewall to > >masquerade traffic on the LAN to/from a Win2K box. I've gotten it to > >the point that I can ping from the boxes both ways, smbclient can move > >files both ways and the Win2K box can ping Google's IP address but DNS > >lookup fails even though I've used the same DNS server in the Win2K > >box as on my Debian box which access the Inet via dialup. IE says > >"Cannot find server or DNS error." > > I've read every HOWTO and the iptables man pages several times but > >am at a loss. > > Suggestions? > >Thanks, > >Mike > Can you post the exact output of the nslookup attempt from the win2k box? > > Thanks, > Matt Ventura from a zsh prompt: Mike zsh:~> nslookup Default Server: resolver1.opendns.com Address: 208.67.222.222 > Didn't return. from a cmd.exe prompt: C:\WINNT\system32>nslookup DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 208.67.222.222: Timed out Default Server: resolver2.opendns.com Address: 208.67.220.220 > Didn't return. from a bash prompt: Mike@Win2k:~> nslookup Default Server: resolver1.opendns.com Address: 208.67.222.222 > Didn't return. I'm quite sure I didn't enter 'resolver1' or 'resolver2' in anything in Windows so the DNS lookup must have worked to some degree. Mike -- "Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden." - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809230007.GB11824@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 07:05:28PM -0700, David Christensen wrote: > On 08/08/2014 12:04 AM, Mike McClain wrote: > > I've been trying to get my hand rolled iptables firewall to > >masquerade traffic on the LAN to/from a Win2K box. > > I used to write my own firewall/ router rules, but then discovered > purpose-built firewall/ router FOSS distributions. I used IPCop for > many years, and was very pleased: > > http://www.ipcop.org/ > Hi David, I learn best by studying and doing. Maybe what I'll learn is that it's beyond me and give ipcop a try but not yet. Thanks for the idea, Mike -- "Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden." - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809225547.GA11824@playground
Re: Irony
On Sat 09 Aug 2014 at 16:47:54 -0400, AW wrote: > On Sat, 9 Aug 2014 16:26:40 -0400 > Steve Litt wrote: > > > Hi all, > > > > Some of the reasons I switched my desktop from Ubuntu to Debian were: > > > > 1) To do more config by editor and less by magical binary program. > > > > 2) To get rid of gratuitous boot gunge (in this case Plymouth) > > > > 3) To get closer to the Unix Philosophy > > > > Within months of my switch, oops, here comes systemd. > > > > Sometimes, you just have to laugh. > > > > SteveT > > A new thread... I chase this one, knowing full well that convincing anyone of > anything is nearly impossible. This is the second thread on the same topic started by the OP in a month. https://lists.debian.org/20140705142557.3b9a1...@mydesq2.domain.cxm That spawned 200+ replies, none of which has apparently satisfied the OP's appetite for further exposure. There is another OP thread on the same topic in the archives from earlier in the year, or late last year. The need for anyone to offer anything convincing in reply to this latest off-topic and self-serving post is minimal; its content is effectively zero. The technical aspects of systemd as they affect Debian users are in line with the aims of this list. Even an occasional complaint is acceptable. But frequent moaning? And honestly, does anyone care why any user chose to change from Ubuntu or if their expectations were met? A new list could be proposed for this purpose: debian-shoulders-to-cry-on@l.d.o -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809224936.ga22...@copernicus.demon.co.uk
Re: par2
On Sat, 09 Aug 2014 16:37:52 -0400 Gary Dale wrote: > The speed of the check is usually limited by the speed of reading the > file(s) from disk. A par2 check is more direct and will also > automatically repair any bit rot that has developed. Definitely not. For very small files nearly all methods of error checking are about the same. For large files, there are massive time differences between md5, sha1, par2. The longest time, by far, is par2 checking. I even did a simple check myself to ensure this is true... Here are the results: Summary: par2 verify about double time than sha1 for large files. sha1 verify about double time than md5 for large flies. par2 creation about 21 times longer than sha1 generation for large files. sha1 creation about double time than md5 for large files. Details: For check generation: 10 x 1024 files for md5sum generation Elapsed time is 0.00465393 seconds. 10 x 1024 files for sha1sum generation Elapsed time is 0.00407004 seconds. 3 x 1GB and 2 x 2GB files for md5sum generation Elapsed time is 13.0712 seconds. 3 x 1GB and 2 x 2GB files for sha1sum generation Elapsed time is 22.3703 seconds. 10 x 1024 files for par2 generation Elapsed time is 0.0724349 seconds. 3 x 1GB and 2 x 2GB files for par2 generation Elapsed time is 471.907 seconds. For verify of check: 10 x 1024 files for md5sum verify Elapsed time is 0.00395489 seconds. 10 x 1024 files for sha1sum verify Elapsed time is 0.00317788 seconds. 3 x 1GB and 2 x 2GB files for md5sum verify Elapsed time is 12.9887 seconds. 3 x 1GB and 2 x 2GB files for sha1sum verify Elapsed time is 22.6091 seconds. 10 x 1024 files for par2 verify Elapsed time is 0.019568 seconds. 3 x 1GB and 2 x 2GB files for par2 verify Elapsed time is 51.4989 seconds. CPU: Architecture: x86_64 CPU op-mode(s):32-bit, 64-bit Byte Order:Little Endian CPU(s):8 On-line CPU(s) list: 0-7 Thread(s) per core:2 Core(s) per socket:4 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family:6 Model: 26 Stepping: 5 CPU MHz: 1600.000 BogoMIPS: 6414.40 Virtualization:VT-x L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 8192K NUMA node0 CPU(s): 0-7 Memory: 24GB --Andrew -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809180230.66a9d8c0fca51961ba036...@1024bits.com
Re: clean up my system
Floris wrote: > Now I want to clean up my system. I know, it is not about disk space, > but more to get a neatly system. Is it possible to remove all the > /etc/rc*d directories? And which scripts are safe to remove from > /etc/init.d? Don't do this. Currently most of the needed services to run your Debian system are started via "legacy" LSB init scripts. If you remove them, your system will cease to function. Also the directories will be recreated once you install/upgrade a package which includes an init script. Right now it is far to early to try to remove anything SysV from your system. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/6at8qcqen...@mids.svenhartge.de
clean up my system
Hey, I know there are a lot off people who are skeptic about systemd, but I love it. It has a out-of-the-box working multi-seat. Yes, even with the nvidia module it is a no pain configuration. In other words two (or more) computers for one price. Now I want to clean up my system. I know, it is not about disk space, but more to get a neatly system. Is it possible to remove all the /etc/rc*d directories? And which scripts are safe to remove from /etc/init.d? thanks, floris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/op.xkchqez35k9...@jessica.jkfloris.demon.nl
Re: Irony
On Sat, 9 Aug 2014 16:26:40 -0400 Steve Litt wrote: > Hi all, > > Some of the reasons I switched my desktop from Ubuntu to Debian were: > > 1) To do more config by editor and less by magical binary program. > > 2) To get rid of gratuitous boot gunge (in this case Plymouth) > > 3) To get closer to the Unix Philosophy > > Within months of my switch, oops, here comes systemd. > > Sometimes, you just have to laugh. > > SteveT A new thread... I chase this one, knowing full well that convincing anyone of anything is nearly impossible. There remains only a few holdouts from the "major" distributions: Gentoo and Slackware. So, give 'em a go... However, I've spent a significant time over the last few days relearning much of what I thought I knew about rsyslog, what I knew I didn't know about systemd, and musing about what the future may hold... And I gotta say, I might have agreed with you several months ago -- but I no longer do... Systemd is going to take over, because it's - well - better than what existed in the past. And that's also what open source is about -- a meritocracy. I also learned that rsyslog, syslog-ng and company have had sql logging capability all along... silly me! I should just learn to look more thoroughly at what I have in front of me... and, I'm sure, if you take a good honest look at the whole of systemd and what the team is attempting, you'll come over to the dark-side as well... BTW, we have cookies. --Andrew -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809164754.2d1b8b6f2f5ce99bc45e8...@1024bits.com
[OT] [politics] Re: Skype access cancelled for Debian versions before 7
On 03/08/14 00:21, Joel Rees wrote: Google has too much money and is out of control. The NSA has too much money and is out of our control. I find it interesting that you feel more in control of a privately funded corporation than a legitimate arm of a sovereign government. It is obvious what the NSA want to do (snoop), I'm not so sure what google want to do. Almost 300 million US citizens have the ability to curtail the NSA's behaviour if enough of 'em want to make something of it; this is their constitutional right. Don't believe the hype, corporations are in no way in our control. Iain -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e687b8.1030...@thargoid.co.uk
Re: par2
On 09/08/14 04:20 PM, AW wrote: On Sat, 09 Aug 2014 16:08:41 -0400 Gary Dale wrote: > Whatever for? There are better checksums and md5 doesn't provide error > correction? Even the MD5 man page advises using sha checksums instead. md5sum provides a relatively quick check... if it fails, then use the "real" check, i.e. pars. This saves [or seems to save] computing resources... However, it was just a suggestion... --Andrew The speed of the check is usually limited by the speed of reading the file(s) from disk. A par2 check is more direct and will also automatically repair any bit rot that has developed. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e686a0.4010...@torfree.net
Irony
Hi all, Some of the reasons I switched my desktop from Ubuntu to Debian were: 1) To do more config by editor and less by magical binary program. 2) To get rid of gratuitous boot gunge (in this case Plymouth) 3) To get closer to the Unix Philosophy Within months of my switch, oops, here comes systemd. Sometimes, you just have to laugh. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809162640.1a94f...@mydesq2.domain.cxm
Re: par2
On Sat, 09 Aug 2014 16:08:41 -0400 Gary Dale wrote: > Whatever for? There are better checksums and md5 doesn't provide error > correction? Even the MD5 man page advises using sha checksums instead. md5sum provides a relatively quick check... if it fails, then use the "real" check, i.e. pars. This saves [or seems to save] computing resources... However, it was just a suggestion... --Andrew -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809162033.bdf0a3999e75e47c9408a...@1024bits.com
Re: TCP fast open & IPv6
On 08/09/2014 03:00 PM, Quentin Bourgeois wrote: > > > On 08/09/2014 11:36 AM, Georgi Naplatanov wrote: >> >> Hi everybody, >> > Hi, > >> I wonder if it is possible to enable/disable TCP fast open for IPv6 >> in Jessie (kernel 3.14) and how it can be done (if it's possible). >> >> In Jessie there is not /proc/sys/net/ipv6/tcp_fastopen >> > I think that TCP fast open was added for kernel 3.16[1] for IPv6. > >> Thanks in advance. >> >> Georgi >> >> > > [1]: http://lwn.net/Articles/602212/ Thanks for the clarification. I thought that IPv4 and IPv6 use the same implementation for TCP fast open and I just wondered why /proc/sys/net/ipv6/tcp_fastopen doesn't exist on my Jessie system. Georgi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e68018.8000...@oles.biz
Re: par2
On 09/08/14 03:56 PM, AW wrote: On Sat, 09 Aug 2014 15:24:49 -0400 Gary Dale wrote: > Assuming you have both a backup copy and a live copy plus some par2 > files, you should be safe with the 5% to 10% I suggested. If going with an external backup and pars... I'd also add md5sums to the list. I've had great success using external drives drives connected to a low power device like the Raspberry Pi. The full data system: CPU 0 - Original is on host drive. Pi 0 - Backup is RAID 1 [with two separate drives] Pi 1 - Repair data is on separate backup drive along with md5sum lists. All connected via network, rsync between machines. Cron scripts run nightly to retrieve, verify -- md5sum -c first, repair data. Additional cost is: $70 for 2xRPi $250 for 3x1GB drives --Andrew Whatever for? There are better checksums and md5 doesn't provide error correction? Even the MD5 man page advises using sha checksums instead. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e67fc9.7090...@torfree.net
Re: par2
On Sat, 09 Aug 2014 15:24:49 -0400 Gary Dale wrote: > Assuming you have both a backup copy and a live copy plus some par2 > files, you should be safe with the 5% to 10% I suggested. If going with an external backup and pars... I'd also add md5sums to the list. I've had great success using external drives drives connected to a low power device like the Raspberry Pi. The full data system: CPU 0 - Original is on host drive. Pi 0 - Backup is RAID 1 [with two separate drives] Pi 1 - Repair data is on separate backup drive along with md5sum lists. All connected via network, rsync between machines. Cron scripts run nightly to retrieve, verify -- md5sum -c first, repair data. Additional cost is: $70 for 2xRPi $250 for 3x1GB drives --Andrew -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809155614.3a2b3d3ce1f23f20a16cb...@1024bits.com
Re: NFS and iptables during bootup
Yes, I erroneously used "lo0" instead of "lo" in iptables rules. I use
FreeBSD on daily basis :) However, once I allowed traffic to loopback
interface and started NFS("/etc/init.d/nfs-common start"), I saw some
traffic on loopback interface:
48 560 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
During the statd start following traffic is seen on loopback interface:
20:39:48.789936 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 98: 127.0.0.1.997 > 127.0.0.1.111: UDP, length 56
20:39:48.790044 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 70: 127.0.0.1.111 > 127.0.0.1.997: UDP, length 28
20:39:48.790221 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 98: 127.0.0.1.997 > 127.0.0.1.111: UDP, length 56
20:39:48.790250 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 70: 127.0.0.1.111 > 127.0.0.1.997: UDP, length 28
20:39:48.790649 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 98: 127.0.0.1.997 > 127.0.0.1.111: UDP, length 56
20:39:48.790759 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 70: 127.0.0.1.111 > 127.0.0.1.997: UDP, length 28
20:39:48.791156 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 98: 127.0.0.1.997 > 127.0.0.1.111: UDP, length 56
20:39:48.791278 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4
(0x0800), length 70: 127.0.0.1.111 > 127.0.0.1.997: UDP, length 28
Once I save the iptables rules and restart the machine, it boots up
without issues. Thanks! In addition, I will look into
iptables-persistent package.
However, last but not least, in which situations one firewalls
loopback interface? Or is it a best practice just to allow everything
through the loopback interface like I did?
Martin
On Sat, Aug 9, 2014 at 6:33 AM, Tom H wrote:
> On Fri, Aug 8, 2014 at 11:47 AM, Martin T wrote:
>>
>> I moved the script from /etc/init.d to /etc/network directory and
>> changed the shebang line from /bin/bash to /bin/sh. /bin/sh on my
>> system points to /bin/dash. Thanks for those tips!
>>
>> Content of firewall rule-files can be seen here:
>>
>> # cat /etc/firewall.conf /etc/firewall6.conf
>> # Generated by iptables-save v1.4.8 on Tue Jul 1 10:41:45 2014
>> *filter
>> :INPUT DROP [17:1605]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [259:30520]
>> -A INPUT -s 10.10.10.0/24 -j ACCEPT
>> -A INPUT -s 8.8.8.8/32 -j ACCEPT
>> -A INPUT -s 8.8.4.4/32 -j ACCEPT
>> COMMIT
>> # Completed on Tue Jul 1 10:41:45 2014
>> # Generated by ip6tables-save v1.4.8 on Tue Jul 1 10:41:56 2014
>> *filter
>> :INPUT DROP [10518:992304]
>> :FORWARD DROP [0:0]
>> :OUTPUT DROP [0:0]
>> COMMIT
>> # Completed on Tue Jul 1 10:41:56 2014
>>
>> If I comment out just the "iptables-restore .." line from
>> firewall-script and leave the "ip6tables-restore .." line uncommented,
>> the machine also boots without problems, i.e. it's the IPv4 iptables
>> rules which seem to cause the statd to fail. I modified the IPv4
>> rules(/etc/firewall.conf file) in a following manner:
>>
>> # cat /etc/firewall.conf
>> # Generated by iptables-save v1.4.8 on Fri Aug 8 17:08:22 2014
>> *filter
>> :INPUT DROP [1:146]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [50:7006]
>> -A INPUT -s 10.10.10.0/24 -i eth0 -j ACCEPT
>> -A INPUT -s 8.8.8.8/32 -i eth0 -j ACCEPT
>> -A INPUT -s 8.8.4.4/32 -i eth0 -j ACCEPT
>> -A INPUT -i lo0 -j ACCEPT
>> COMMIT
>> # Completed on Fri Aug 8 17:08:22 2014
>
> Your problem's probably that there's no lo0 (a BSD loopback device
> name?). It's lo.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive:
> https://lists.debian.org/CAOdo=sxevvfggwlj5suae-6vfbjwkqm8gsbpjfgukxt5vno...@mail.gmail.com
>
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/cajx5yvh+vagoegeyqu5ga2jpguxgrtzyp7gptmu90vog2c3...@mail.gmail.com
Re: par2
On 09/08/14 11:35 AM, David Christensen wrote: On 08/09/2014 08:11 AM, Gary Dale wrote: To preserve your archive, I'd advise PAR2 redundancy files to fix any problems that may crop up. So long as your HD copies are good, you don't need to go to the PAR2 files, but should one develop a problem, you can fix it with the PAR2 files. Having 5% to 10% redundancy is a lot cheaper than RAID1. You can automate the PAR2 creation by checking for new files and creating PAR2s for them. RTFM, it looks like par2 places the parity files in the same directory as the source files. I'd prefer to have them in a parallel tree. For example, if my source files are in /mnt/datadrive/stuff, I'd like the par2 files to be in /mnt/datadrive/.par2/stuff. Is this possible? David Since your main objective is simply to repair bit-rot, it probably doesn't matter where they go. However I can see you wanting them to be out of the way. par2 actually puts them in the current directory unless you tell it differently so you could for example do: cd /mnt/datadrive/.par2/stuff par2 c files.par2 ../../stuff/* or just: par2 c /mnt/datadrive/.par2/stuff/files.par2 /mnt/datadrive/stuff/* or even: cd /mnt/datadrive/stuff par2 c ../.par2/stuff/files.par2 * The other consideration is the level of bit rot you want to be able to repair. While SMART monitoring will usually save you from catastrophic disk failure, it can't guaranty it won't happen. Good backups and/or RAID are needed for that. Btrfs is a good replacement for single-disk RAID but two-disk RAID1 or three-disk RAID5 is still safer. However using an external drive for daily backups along with par2 files should get you the ability to fully recover from a catastrophic HD failure and bit rot. The nice thing about par2 files is they can recover the entire file so long as the corruption is less than the amount of redundancy you have in the par2's. Assuming you have both a backup copy and a live copy plus some par2 files, you should be safe with the 5% to 10% I suggested. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e67581.5070...@torfree.net
Re: Question about dch
On 08/09/2014 07:16 PM, Tom H wrote: On Sat, Aug 9, 2014 at 10:52 AM, George Shuklin wrote: dch -i tool allows to add new version to debian/changelog file. When I add new version I make this: package (1.0.2-1myname1-ubuntu0) UNRELEASED; urgency=medium * -- signature and date package (1.0.2-1myname1) unstable; urgency=medium * old changes -- signature and date If version ends on 'ubuntu' it bumped properly (ubuntu1, ubuntu2, etc), and when I use my own suite, it just append 'ubuntu'. Where dch take sting 'ubuntu' to add to version? >From the man page: --increment, -i Increment either the final component of the Debian release num- ber or, if this is a native Debian package, the version number. On Ubuntu, this will also change the suffix from buildX to ubuntu1. ... Means it hardcoded? Thanks. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e665e4.1070...@gmail.com
Re: journalctl and old entries [was: End of hypocrisy ?]
Ahoj, Dňa Sat, 9 Aug 2014 17:23:31 +0200 Sven Hartge napísal: > Slavko wrote: > > > Please, how i can get the records from previous boot? > > Edit /etc/systemd/journald.conf and set "Storage=persistent" > Thanks for pointing. It works :) -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: Question about dch
On Sat, Aug 9, 2014 at 10:52 AM, George Shuklin wrote: > > dch -i tool allows to add new version to debian/changelog file. > > When I add new version I make this: > > package (1.0.2-1myname1-ubuntu0) UNRELEASED; urgency=medium > > * > -- signature and date > > package (1.0.2-1myname1) unstable; urgency=medium > > * old changes > > -- signature and date > > If version ends on 'ubuntu' it bumped properly (ubuntu1, ubuntu2, etc), and > when I use my own suite, it just append 'ubuntu'. > > Where dch take sting 'ubuntu' to add to version? >From the man page: --increment, -i Increment either the final component of the Debian release num- ber or, if this is a native Debian package, the version number. On Ubuntu, this will also change the suffix from buildX to ubuntu1. ... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOdo=sxawue+fi5mzqwrfab4y7ievowg7kbcexc0ccxvx5e...@mail.gmail.com
Re: End of hypocrisy ?
On Fri, Aug 8, 2014 at 4:19 PM, Bob Proulx wrote: > Zenaan Harkness wrote: >> Joel Rees wrote: >>> >>> This is precisely why systemd should have been brought up to speed in >>> a separate, parallel, volunteer-only distro. >>> >>> (If you don't understand what I mean by a separate, parallel, >>> volunteer-only distribution, think of kfreebsd, but a little closer to >>> home.) >>> >>> I'd still say there's time for debian to go for a course correction, >> >> Seriously? >> >> What is sid for? > > I believe the point was that it should be "make before break". They > should have allowed people to use systemd without preventing people > from not using it. They didn't make a new system without breaking the > old one. They broke the old one while trying to build the new one. > That is the problem. You shouldn't burn down your old house while you > are still designing and building your new house. Had Gnome not had to rely on systemd as pid 1, we might not have had a CTTE bug, etc. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOdo=Sy85acEdV_FtAT7BvobHjPS=f=9i-fejphuta3jeko...@mail.gmail.com
Re: Partitioning of new machine
Le 9 août 2014 à 05:44, Patrick Bartek a écrit : > On Fri, 08 Aug 2014, B. M. wrote: > >> Hi all, >> >> While I'm waiting for the components of my new machine >> (testing/jessie) I'm thinking about the optimal partitioning scheme >> which should last for the next 10 years :-) > > 10 years might be an overly optimistic expectation unless you plan on > upgrading a lot. 7 years is more realistic otherwise. > > My current desktop system -- built Dec 2006 -- is pushing 8 years for > the oldest parts. but it's been upgraded numerous times over those 8 > years: 3 CPUs (single to dual to quad-core, all 3.0 GHz), more RAM (2 to > 4 to 8 GB), 3 graphics cards, added a new HD just a couple months ago > and transferred OS to it -- original one is still working and in the > case, just not being used; 4 monitors, 3 keyboards, 3 mouses, 4 > operating systems (Fedora 6, 9, 12 and Wheezy, all 64-bit), and 2 > motherboards. Original one bit-the-dust after 3 years. > >> The system looks like: >> Haswell 3.4 GHz >> 8 GB RAM (later upgradeable up to 32 GB) >> 250 GB SSD >> 2 TB HDD >> >> What do you think about the following: >> >> === SSD: === >> /boot unencrypted, 300 MB >> / ext4, encrypted, 25-30 GB >> /home ext4, encrypted, keyfile, 220-225 GB >> User data for two users > > I wouldn't put /home on the SSD. With all the writes involved, > better to put it on a spinning disk. And by doing that, you don't need > such a huge SSD. 64 to 100GB will more than do with just /boot and / > on it. Well, my plan is to put /home on it, but without all database-related stuff (e.g. digikam db) and iceweasel gets a cache size of 0. Maybe I also move the downloads directory to the HDD together with one for virtual machines. I don't think that there is much left which is written so often, but maybe I'm wrong? > >> >> === HDD (in this order for performance reasons): === >> /varHDD, ext4, encrypted, keyfile, 25 GB >> It's so large because I want to add a directory /var/src below /var >> to compile a kernel on the HDD if necessary >> >> /databases HDD, ext4, encrypted, keyfile, barrier=0, 10 GB >> Used for the db's of digikam (1 user), akonadi and amarok >> (2 users each) >> >> swapHDD, swapfs, encrypted, 5 GB (not hibernation) > > Believe or not, I'd put swap on the SSD for speed. It won't be used all > that often, so there won't be excessive writes. My 8GB system rarely > uses it, and as a pro photographer, I batch process hundreds of images > each 16 to 24 MB at time on an almost daily basis. Is definitely worth to consider, thanks. > >> >> /video HDD, btrfs, 560 GB >> Subvolumes: >> /video/editing >> /video/series >> => for video editing or series, no backup, not encrypted >> >> /data HDD, btrfs, encrypted, keyfile, RAID1 (2 x 700 GB). >> With subvolumes for digikam archive, movie archive and music > > I wouldn't use btrfs. It's not ready for primetime, yet. Maybe, in a > few years. Stick with ext4. It's proven and rock solid. If you want > to "play" with brtfs, okay, but don't put any important files on it. > > Also ... You're RAID 1-ing two partitions on the SAME physical drive? > For "auto-backup," I assume? Bad idea. If your one hard drive fails, > both those RAIDed partitions are toast. Put one of those partitions on > another HD. > > You might also look into using LVM instead of traditional > partitioning, particularly if you plan on adding more hard drives. OK, I didn't mention that before, but my complete setup additionally includes an external backup drive (of course) with hourly backups of /etc and /home on one partition and a large second partition for the backup of /data, so for /data I have the btrfs RAID1 internally on the same drive which protects against bit rot plus one external partition (so without RAID-redundancy) to protect against hardware failure. I'm unsure if I should stick with ext4 for the external backup because btrfs's integrated check summing is so appealing (again the bit rot problem), but then there would still be the risk of fs failures due to its experimental state - but as far as I found out so far, btrfs should be ready as long as one doesn't use snapshots and RAID 5+; its basic functionality seems to be safe. Currently I'm using LVM, but I'd like to get rid of this additional complexity and keep things relatively simple. Having a RAID1 on two partitions on the same disk is bad for r/w performance, that's clear, but it's only for my photo archive which I don't access so often (and writes are even less frequent); the working part would reside inside /home, i.e. on the SSD (ext4). The alternative would be to put another HDD in the machine and set it up as a RAID, but then my wife might complain about the additional noise... Thanks a lot and all the best. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?
par2
On 08/09/2014 08:11 AM, Gary Dale wrote: To preserve your archive, I'd advise PAR2 redundancy files to fix any problems that may crop up. So long as your HD copies are good, you don't need to go to the PAR2 files, but should one develop a problem, you can fix it with the PAR2 files. Having 5% to 10% redundancy is a lot cheaper than RAID1. You can automate the PAR2 creation by checking for new files and creating PAR2s for them. RTFM, it looks like par2 places the parity files in the same directory as the source files. I'd prefer to have them in a parallel tree. For example, if my source files are in /mnt/datadrive/stuff, I'd like the par2 files to be in /mnt/datadrive/.par2/stuff. Is this possible? David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e63fc6.5090...@holgerdanske.com
Re: journalctl and old entries [was: End of hypocrisy ?]
Slavko wrote: > Please, how i can get the records from previous boot? Edit /etc/systemd/journald.conf and set "Storage=persistent" Debians default (currently) is to just store the journal in memory which is obviously lost in reboot. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5at8375en...@mids.svenhartge.de
journalctl and old entries [was: End of hypocrisy ?]
Ahoj, Dňa Sat, 9 Aug 2014 17:22:33 +0300 Andrei POPESCU napísal: > On Vi, 08 aug 14, 20:51:14, Steve Litt wrote: > > On Fri, 8 Aug 2014 22:52:36 +0300 > > Andrei POPESCU wrote: > > > > > On Vi, 08 aug 14, 10:34:24, Steve Litt wrote: > > > > > > > > 2) Write it to the screen. Relatively little happens before the > > > >filesystem comes up, anyway. > > > > > > It's "only" about 750 lines on my laptop... > > > > How'd you count the lines? Did you use a laptop as a serial console > > or something? > > No, I just checked the output of 'journalctl -alb'. Line 751 is: I have dedicated virtual machine to test and learn systemd, but when i try to see old entries i get, e.g.: journalctl --until 17:00 -- Logs begin at So 2014-08-09 17:09:23 CEST, end at So 2014-08-09 17:10:18 CEST. -- The 17:09 is the last boot time. Then i shutdown machine (by shutdown command), "power" it again and after boot i get: journalctl --until 17:00 -- Logs begin at So 2014-08-09 17:16:20 CEST, end at So 2014-08-09 17:16:30 CEST. -- Please, how i can get the records from previous boot? regards -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: Partitioning of new machine
On 09/08/14 03:08 AM, B. M. wrote: Le 9 août 2014 à 06:04, Gary Dale a écrit : On 08/08/14 06:14 AM, B. M. wrote: Hi all, While I'm waiting for the components of my new machine (testing/jessie) I'm thinking about the optimal partitioning scheme which should last for the next 10 years :-) The system looks like: Haswell 3.4 GHz 8 GB RAM (later upgradeable up to 32 GB) 250 GB SSD 2 TB HDD What do you think about the following: === SSD: === /boot unencrypted, 300 MB / ext4, encrypted, 25-30 GB /home ext4, encrypted, keyfile, 220-225 GB User data for two users === HDD (in this order for performance reasons): === /varHDD, ext4, encrypted, keyfile, 25 GB It's so large because I want to add a directory /var/src below /var to compile a kernel on the HDD if necessary /databases HDD, ext4, encrypted, keyfile, barrier=0, 10 GB Used for the db's of digikam (1 user), akonadi and amarok (2 users each) swapHDD, swapfs, encrypted, 5 GB (not hibernation) /video HDD, btrfs, 560 GB Subvolumes: /video/editing /video/series => for video editing or series, no backup, not encrypted /data HDD, btrfs, encrypted, keyfile, RAID1 (2 x 700 GB). With subvolumes for digikam archive, movie archive and music What do you think (sizes, file systems, number of partitions, ...)? Is it still a good idea to put /var on an HDD, not a SSD? Video editing is currently not required, it's more like an option for the future (1y or so) and might require a second HDD (source and target drive for rendering to increase r/w performance). To keep it simple and usable I'll use keyfiles for all partitions except /. Thanks for your inputs and all the best. Everyone has their own preferences on this but I actually have several machines with a very similar setup. The major difference is that I use RAID rather than single mechanical disks. My preference is to use the SSD for /, with an area left for for the GUID boot. I partition the larger drive/array as a single partition and mount it as /home. I've never really seen a need to engage in the multiple partitions that some people seem to like. You're never likely to fill the / partition and if you fill the /home with some of your data, then expand the RAID array. Some people like LVM but frankly with the good tools Linux has for resizing partitions, it's rarely needed. I don't like the idea of using two partitions on a single HD for RAID, which seems to be your plan. I'd opt instead to go immediately to RAID 5 with 3 drives. 1T drives are quite cheap these days so the cost difference isn't significant over a single 2T. If you want to save money, a 60G SSD is all you really need for / anyway. I'm also not concerned about wear on an SSD. I've been using them for years and have yet to have one fail. It will happen at some point, but I trust them more than I trust an HD. However since your SSD isn't in a RAID array, I wouldn't trust it with anything that can't be recovered with a fresh Linux install. Well, actually my idea is to have the a normal, hourly backup on an external /ext4-formatted drive for home and /etc. btrfs for /data in the RAID1 setup is to protect against bit rot (photo & movie archive which should be save for decades...); ontop of that I plan an additional partition for /data on the external drive as well to protect against hardware failure of the internal drive, so the only threat I currently see is a problem of the btrfs fs hurting both the internal RAID1 and the external btrfs. But if I use ext4 for the external /data backup I'm not easily protected against bit rot. Why not just use the capabilities of btrfs and avoid the hourly backup and RAID1 entirely then? A nightly backup along with perhaps some longer-term archiving backups would use fewer resources during periods when you are actually using your computer. To preserve your archive, I'd advise PAR2 redundancy files to fix any problems that may crop up. So long as your HD copies are good, you don't need to go to the PAR2 files, but should one develop a problem, you can fix it with the PAR2 files. Having 5% to 10% redundancy is a lot cheaper than RAID1. You can automate the PAR2 creation by checking for new files and creating PAR2s for them. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e63a0c.1020...@torfree.net
Re: How to install init scripts manually?
On Lu, 04 aug 14, 13:30:54, Martin T wrote:
>
> As a next step, I made the /etc/init.d/test-script file executable and
> added a symlink to /etc/rc3.d/("ln -s ../init.d/test-script
> /etc/rc3.d/S23test-script") directory and changed my runlevel from
> 2(default) to 3 with "init 3". However, the test-script was not
> started. Then I made a symlink to /etc/rc2.d/ directory:
>
> # file /etc/rc2.d/S23test-script
> /etc/rc2.d/S23test-script: symbolic link to `../init.d/test-script'
> #
>
> ..and reloaded the machine, but still the script was not started. If I
> install the script with insserv("insserv /etc/init.d/test-script")
> then the script is started if I reload the machine. Am I correct that
> both insserv and update-rc.d take some additional steps when enabling
> the script besides installing the symlinks and those steps are
> required by /sbin/init? I guess one thing is .depend.boot,
> .depend.start and .depend.stop files, but something else?
Most probably. Just run 'update-rc.d test-script defaults' to install
your initscript.
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt
signature.asc
Description: Digital signature
Re: Question about dch
Ahoj, Dňa Sat, 09 Aug 2014 17:52:15 +0300 George Shuklin napísal: > dch -i tool allows to add new version to debian/changelog file. > > When I add new version I make this: > > |package (1.0.2-1myname1-ubuntu0) UNRELEASED; urgency=medium > > * > -- signature and date > > package (1.0.2-1myname1) unstable; urgency=medium > >* old changes > > -- signature and date > | > > If version ends on 'ubuntu' it bumped properly (ubuntu1, ubuntu2, > etc), and when I use my own suite, it just append 'ubuntu'. > > Where dch take sting 'ubuntu' to add to version? > > (Sorry for 'ubuntu', but dch seems be debian in nature). > dch -l ubuntu some text regards -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: How to install init scripts manually?
On Lu, 04 aug 14, 11:37:08, Gary Dale wrote: > > OK. On Jessie it is a symbolic link to /bin/systemctl. The difference is > likely important to provide a standard way to change run levels despite not > everyone using init. Ditto for insserv which seems to have been created to > allow upstart and init to coexist. What? > update-rc.d seems to be an attempt to make updating the run-levels > easier. What? > I'd recommend staying with the tools and not doing it directly for the > simple reason that the old init system seems to be on its way out. The LSB > comment mechanism may become obsolete too with systemd apparently on track > to be the universal replacement for init and upstart. > > As for your specific problem, did you look at ownership and specific > permission differences between your manual s-links and the ones inserv and > update-rc.d created? That's the only thing I can think of that would prevent > a script from running when the symbolic links point to the correct file. Symlinks don't have permissions. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: aptitude / apt-get status output
On Du, 03 aug 14, 13:00:27, John Bleichert wrote: > > > On 08/03/2014 12:44 PM, Sven Joachim wrote: > >On 2014-08-03 18:04 +0200, John Bleichert wrote: > > >>root@boogie:~# aptitude upgrade > >><...> > >>Current status: 9 updates [-24]. > > > >24 packages have been upgraded, presumably the same 24 that became > >upgradable by "aptitude update", and 9 packages have been held back. > > > > Thanks, Sven. The "held back" number is the most curious. Seems to be an > apt-pinning artifact since this is a jessie box and I get some software > (VirtualBox) from the wheezy repos. Now I have something to read up on! You might need to run full-upgrade instead of (safe-)upgrade. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Question about dch
dch -i tool allows to add new version to debian/changelog file. When I add new version I make this: |package (1.0.2-1myname1-ubuntu0) UNRELEASED; urgency=medium * -- signature and date package (1.0.2-1myname1) unstable; urgency=medium * old changes -- signature and date | If version ends on 'ubuntu' it bumped properly (ubuntu1, ubuntu2, etc), and when I use my own suite, it just append 'ubuntu'. Where dch take sting 'ubuntu' to add to version? (Sorry for 'ubuntu', but dch seems be debian in nature).
Re: End of hypocrisy ?
On Vi, 08 aug 14, 20:51:14, Steve Litt wrote: > On Fri, 8 Aug 2014 22:52:36 +0300 > Andrei POPESCU wrote: > > > On Vi, 08 aug 14, 10:34:24, Steve Litt wrote: > > > > > > 2) Write it to the screen. Relatively little happens before the > > >filesystem comes up, anyway. > > > > It's "only" about 750 lines on my laptop... > > How'd you count the lines? Did you use a laptop as a serial console or > something? No, I just checked the output of 'journalctl -alb'. Line 751 is: aug 08 12:12:23 sid kernel: EXT4-fs (sda2): re-mounted. Opts: barrier=0,errors=remount-ro Hope this explains, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: End of hypocrisy ?
On 8/8/2014 9:53 PM, AW wrote: > On Fri, 8 Aug 2014 20:50:14 -0400 > Steve Litt wrote: > > > Seventh, there's 40 years of experience with text logs. Are they > > perfect? No. > > The thread that doesn't die --- misinformation all over the place, and some it > that my misinformation -- sorry 'bout that. > > Anyway, I feel prodded, so rebuttal... > > Perfect? I should definitely say not... > a decade or so of remote exploits in no particular order: > > http://www.securityfocus.com/bid/10684/discuss > http://xforce.iss.net/xforce/xfdb/43518 > http://cxsecurity.com/issue/WLB-2011020121 > http://www.securiteam.com/securitynews/5XP0K0U9GK.html > http://www.juniper.net/security/auto/vulnerabilities/vuln3498.html > http://www.linuxtoday.com/security/291801204SCRH > http://www.cvedetails.com/cve/CVE-2000-0917/ > http://securitytracker.com/id/1019105 > http://www.redhat.com/archives/linux-security/1999-November/msg00013.html > > systemd with its binary file format and buffered line to and from a service > daemon will [or should] nearly automatically take care of some very nasty > security problems that crop up from time to time... Now, imagine if the the > log > was kept in an sql database secured with a public key or password or something > dependent on the local machine, and the queries were properly escaped to > prevent sql injection - something that would only need to be done once... > > Of course all software is broken when it comes to security. However, that's > no > reason to lay down the welcome mat. > Pushed the wrong button and sent too early. And by completely changing the system, you are doing exactly that. Just because it's a service daemon does not mean there will not be security problems. And storing them in a SQL database may cure SOME security problems - but won't cure them all. And will add more problems (beyond hundreds of lines of new code). And now you're depending on the security of the SQL engine. Are you sure they are secure? Just the engine has many more LOC than the current logging facility. Which gives the potential for many more problems - both security and others. > BTW: To those complaining of Firefox's use of sqlite... > > https://en.wikipedia.org/wiki/SQLlite > > The browsers Google Chrome, Opera, Safari and the Android Browser all allow > for storing information in, and retrieving it from, a SQLite database within > the browser, using the Web SQL Database technology. Mozilla Firefox and > Mozilla > Thunderbird store a variety of configuration data (bookmarks, cookies, > contacts > etc.) in internally managed SQLite databases, and even offer an add-on to > manage SQLite databases. > > So, all major browsers except IE use sqlite. > > --Andrew > > So browsers use SQLite? They are applications, not system logging. Storing configuration data which will only be read by the application is much different than logging system messages. You are talking apples and oranges here. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e62491.1000...@attglobal.net
Re: End of hypocrisy ?
On 8/8/2014 9:53 PM, AW wrote: > On Fri, 8 Aug 2014 20:50:14 -0400 > Steve Litt wrote: > > > Seventh, there's 40 years of experience with text logs. Are they > > perfect? No. > > The thread that doesn't die --- misinformation all over the place, and some it > that my misinformation -- sorry 'bout that. > > Anyway, I feel prodded, so rebuttal... > > Perfect? I should definitely say not... > a decade or so of remote exploits in no particular order: > > http://www.securityfocus.com/bid/10684/discuss > http://xforce.iss.net/xforce/xfdb/43518 > http://cxsecurity.com/issue/WLB-2011020121 > http://www.securiteam.com/securitynews/5XP0K0U9GK.html > http://www.juniper.net/security/auto/vulnerabilities/vuln3498.html > http://www.linuxtoday.com/security/291801204SCRH > http://www.cvedetails.com/cve/CVE-2000-0917/ > http://securitytracker.com/id/1019105 > http://www.redhat.com/archives/linux-security/1999-November/msg00013.html > > systemd with its binary file format and buffered line to and from a service > daemon will [or should] nearly automatically take care of some very nasty > security problems that crop up from time to time... Now, imagine if the the > log > was kept in an sql database secured with a public key or password or something > dependent on the local machine, and the queries were properly escaped to > prevent sql injection - something that would only need to be done once... > > Of course all software is broken when it comes to security. However, that's > no > reason to lay down the welcome mat. > > BTW: To those complaining of Firefox's use of sqlite... > > https://en.wikipedia.org/wiki/SQLlite > > The browsers Google Chrome, Opera, Safari and the Android Browser all allow > for storing information in, and retrieving it from, a SQLite database within > the browser, using the Web SQL Database technology. Mozilla Firefox and > Mozilla > Thunderbird store a variety of configuration data (bookmarks, cookies, > contacts > etc.) in internally managed SQLite databases, and even offer an add-on to > manage SQLite databases. > > So, all major browsers except IE use sqlite. > > --Andrew > > So rather than fix the problems, you're suggesting replacing the current system with a different one which will not only have it's own set of problems (many more than the ones I listed - which can't be fixed), but won't necessarily fix the problems in the existing system. It makes sense - NOT! Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e6235c.8010...@attglobal.net
Re: System broken after full-upgrade: please help!
On Sat, 09 Aug 2014 10:46:51 + Rodolfo Medina sent: > I've always used `halt' to shutdown the machine. Is `poweroff' > proper to do that? > > Rodolfo poweroff doesn't work for me, but I tried it as root, next time I use it I will try it as user and see if it works then. shutdown now does work as root. Charlie -- Registered Linux User:- 329524 *** We perceive and are affected by changes too subtle to be described. .Henry David Thoreau *** Debian GNU/Linux - just the best way to create magic - -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809233311.0f04e4ab@taogypsy.wildlife
Re: TCP fast open & IPv6
On 08/09/2014 11:36 AM, Georgi Naplatanov wrote: > > Hi everybody, > Hi, > I wonder if it is possible to enable/disable TCP fast open for IPv6 > in Jessie (kernel 3.14) and how it can be done (if it's possible). > > In Jessie there is not /proc/sys/net/ipv6/tcp_fastopen > I think that TCP fast open was added for kernel 3.16[1] for IPv6. > Thanks in advance. > > Georgi > > [1]: http://lwn.net/Articles/602212/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e60d6e.3050...@bourgeois.eu
Re: System broken after full-upgrade: please help!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/08/2014 03:51 AM, Bonno Bloksma wrote: > Hi Rodolfo, > >> Two days ago, after full-upgrade, as explained, it was impossible >> to boot neither to reboot and I had to unplug the machine. Thanks >> to lister's help, the above commands through debian-installer in >> rescue mode managed to repair the system. But now two problems >> still remain: > > I can help you with 1 I think > >> 1) I can't halt the system. After the `halt' command, the system stops >> saying >>[.47.148880] reboot: System halted >> Then nothing happens and I have to unplug the machine; > > [..] > > It was explained a while ago here that a shutdown after halt was > actually a bug. Halt should just halt the system. > - > Don't shutdown with the halt(8) command, it is not supposed to power > off the machine, and the systemd maintainers consider it a bug[1] > that the sysvinit implementation does it anyway. Use the poweroff > command instead. > > 1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746650 > - I agree that it's good to have separate commands for these two behaviors, and I agree that it's intuitive from a linguistic perspective for the command meaning "don't actually power all the way off" to be 'halt'. However, I strongly disagree with changing the long-established semantics of the 'halt' command. Whether or not it *should* mean "power off", that is what it *has* meant, and people now expect it to mean that; changing that, especially without a long (probably years-long!) deprecation period and a well-publicized flag day, is IMO a very bad idea. For it to be done in that way by systemd is simply going to reinforce the perception of the systemd project and developers as high-handed and authoritarian. Providing a config file setting which lets you make 'halt' actually power off the system (probably overrideable with a command-line option), and having 'halt' print a "Warning, powering off using 'halt' is deprecated, please use 'poweroff' instead" type of message when invoked with that setting, would be a better way to go. Leaving it in that state for two or three years, then removing the setting, would be the right way to transition to the apparently "non-buggy" state. (Though just leaving the option indefinitely for people who want that behavior would IMO be even better.) - -- The Wanderer Secrecy is the beginning of tyranny. A government exists to serve its citizens, not to control them. -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJT5giPAAoJEASpNY00KDJr5c8P/1kqmej06nIDPl3S32jyAMZY vOTDUXlNci2dYeMOmIFI9wyHE2aO8OHS9ASyxjm4jqMvLrHgSA0fHAic5pJHt+zN 5odjZeRjz3QB5MUeqBZTfiz0uoi2nu87v2wxXr9H6BIaWPVumrfgcBdhMrnPka1S iC5Erliwc57Ggta3aar/gPlj0iisBYd0cvic57VTcm8IHdudp/ZEV7gCIF0kFJBe he40Dq0yh8D6Ljc09myk+0Ulii8XSLoiM5c9J/z4TvggTiOQnJYFbjlcw7SnWWdM SXajwOD85HFlxNMh4oTOge2X8/OXrNwhPccunSO1MabDLt4DPfF1Ln4TQs5vlk3j dUa0jzNBL0pCEDcfsLvRrx5WmTUMvfnuedO7nhAbKlR5Xv2No8UuqUudpxMtZHGZ 8uJ8VWCmsFUF4BcYtgGOsb5RYBeGEvlKWLdMN9DjnPTMCXsXgbLPi/OnRkg3rAoA DI1LXBRvCx8VBu8q7BPSHT/IINgeqh/kaRKh5gq6RZtKjI0A6iJWLxsajxVDQ2+o s/Wbn5iEBxprGXGmYiNcXz1KuycPVN4T1vnqwABnn7p0t51q0gpDDePibLiL+o39 Y8LaNEa1HxaRjeRNlH2Mquch/c2AZ1PEyRDRoITJ0K1cD+v4WXL4ZLv7kE4dKEfn 3bqj8DPdedH2nJztvtdv =qGTt -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e6088f.7010...@fastmail.fm
Re: System broken after full-upgrade: please help!
Brian writes: > On Fri 08 Aug 2014 at 13:20:40 +, Rodolfo Medina wrote: > >> Brian writes: >> >> > Boot into the OS on sda6. Read the documentation for the version of grub >> > on it, Try 'grub-install /dev/sda'. >> >> Thanks. The last command (grub-install /dev/sda) succeded in putting sda6 >> in master boot record, but, as the ones above with Grub prompt, has the >> effect of reproducing the problem for which the present thread was started: >> sda7 `breaks down' and needs beeing recovered. >> >> I also ran `full-upgrade' again in the hope a possible bug were removed, but >> nothing. It is true that the actual `problem', about who between sda6 or >> sda7 should be the root partition, is not so big after all; but I'd be >> curious to see what the matter is. > > You didn't say explicitly that sda6 has GRUB Legacy but, if it has, you > are doing yourself no favours by using it to boot multiple OSs. I'm not > saying it won't work but upstream has abandoned development and Debian > barely supports it. If 'grub-install' and 'update-grub' don't result in > the OS on sda7 booting my preference would be to use the grub on sda7. Maybe the it is due to the fact that on sda6 I have an old version of Debian whereas on sda7 is Sid? Or because I just saw that, in my Sid system on sda7 partition, the command `# grub' produces: -bash: grub: command not found Besides, the file /boot/grub/menu.lst is not present. Then where does the list of all the partitions that I see at boot come from? I've always had multiple boot on my computers, which is useful when you want to test other versions or distributions of Linux, and I hardly would do without it. Rodolfo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zjfekkg5@gmail.com
Re: System broken after full-upgrade: please help!
Bonno Bloksma writes: > Hi Rodolfo, > >> Two days ago, after full-upgrade, as explained, it was impossible to boot >> neither to reboot and I had to unplug the machine. Thanks to lister's help, >> the above commands through debian-installer in rescue mode managed to repair >> the system. But now two problems still remain: > > I can help you with 1 I think > >> 1) I can't halt the system. After the `halt' command, the system stops >> saying [. 47.148880] reboot: System halted Then nothing happens and I have >> to unplug the machine; > > [..] > > It was explained a while ago here that a shutdown after halt was actually a > bug. Halt should just halt the system. > - > Don't shutdown with the halt(8) command, it is not supposed to power off the > machine, and the systemd maintainers consider it a bug[1] that the sysvinit > implementation does it anyway. Use the poweroff command instead. > > 1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746650 > - > > Bonno Bloksma I've always used `halt' to shutdown the machine. Is `poweroff' proper to do that? Rodolfo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/878umylz38@gmail.com
Re: Mounting a FreeBSD USB Memory Stick Image rw
On 8/9/14, didier gaumet wrote: > Le 08/08/2014 22:40, Martin Smith a écrit : > [...] >> try mount -t ufs -rw -o ufstype=ufs2,loop >> FreeBSD-9.1-RELEASE-amd64-memstick-headless.img /mnt >> >> specifying ufstype works with bsd disks in the same machine so should >> hopefully work with yours. > [...] > > I' m a little bit puzzled: have you rebuild your kernel? > UFS write is still not enabled by default in the kernel (experimental): > > didier@hp-dm1:~$ grep UFS_FS_WRITE /boot/config-3.14-2-amd64 > # CONFIG_UFS_FS_WRITE is not set Gah! Well spotted! Pity we don't have a generic FUSE module to run -all- filesystems in userspace (as/when needed), so we could simply toggle 'experimental' features on easily. Martin, it looks like you'll have to recompile your kernel first sorry. * apt-get install linux-source kernel-package * find appropriate kernel-package man page * enable UFS write option in kernel config (although oldconfig/ old-config might need to be spotted) * run kernel-package build + install command(s) * reboot, choosing custom kernel * re-run your mount command. It's been too long since I've done it (not so much need to custom kernel compile these days), so I can't really tell you the exact steps sorry, but I found it pretty easy, "back in the day". Good luck, Zenaan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOsGNSRPGef7XRkO=pUKiX=gunjfmyyym0xga8wb6lypiwu...@mail.gmail.com
TCP fast open & IPv6
Hi everybody, I wonder if it is possible to enable/disable TCP fast open for IPv6 in Jessie (kernel 3.14) and how it can be done (if it's possible). In Jessie there is not /proc/sys/net/ipv6/tcp_fastopen Thanks in advance. Georgi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e5eb9d.5070...@oles.biz
Re: Mounting a FreeBSD USB Memory Stick Image rw
Le 08/08/2014 22:40, Martin Smith a écrit : [...] > try mount -t ufs -rw -o ufstype=ufs2,loop > FreeBSD-9.1-RELEASE-amd64-memstick-headless.img /mnt > > specifying ufstype works with bsd disks in the same machine so should > hopefully work with yours. [...] I' m a little bit puzzled: have you rebuild your kernel? UFS write is still not enabled by default in the kernel (experimental): didier@hp-dm1:~$ grep UFS_FS_WRITE /boot/config-3.14-2-amd64 # CONFIG_UFS_FS_WRITE is not set -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ls4j5u$skh$1...@ger.gmane.org
Re: Partitioning of new machine
Le 9 août 2014 à 06:04, Gary Dale a écrit : > On 08/08/14 06:14 AM, B. M. wrote: >> Hi all, >> >> While I'm waiting for the components of my new machine (testing/jessie) >> I'm thinking about the optimal partitioning scheme which should last for the >> next 10 years :-) >> >> The system looks like: >> Haswell 3.4 GHz >> 8 GB RAM (later upgradeable up to 32 GB) >> 250 GB SSD >> 2 TB HDD >> >> What do you think about the following: >> >> === SSD: === >> /boot unencrypted, 300 MB >> / ext4, encrypted, 25-30 GB >> /home ext4, encrypted, keyfile, 220-225 GB >> User data for two users >> >> >> === HDD (in this order for performance reasons): === >> /varHDD, ext4, encrypted, keyfile, 25 GB >> It's so large because I want to add a directory /var/src below /var >> to compile a kernel on the HDD if necessary >> >> /databases HDD, ext4, encrypted, keyfile, barrier=0, 10 GB >> Used for the db's of digikam (1 user), akonadi and amarok >> (2 users each) >> >> swapHDD, swapfs, encrypted, 5 GB (not hibernation) >> >> /video HDD, btrfs, 560 GB >> Subvolumes: >> /video/editing >> /video/series >> => for video editing or series, no backup, not encrypted >> >> /data HDD, btrfs, encrypted, keyfile, RAID1 (2 x 700 GB). >> With subvolumes for digikam archive, movie archive and music >> >> >> What do you think (sizes, file systems, number of partitions, ...)? >> Is it still a good idea to put /var on an HDD, not a SSD? >> Video editing is currently not required, it's more like an option for the >> future (1y or so) and might require a second HDD (source and target >> drive for rendering to increase r/w performance). >> To keep it simple and usable I'll use keyfiles for all partitions except >> /. >> >> Thanks for your inputs and all the best. > Everyone has their own preferences on this but I actually have several > machines with a very similar setup. The major difference is that I use RAID > rather than single mechanical disks. > > My preference is to use the SSD for /, with an area left for for the GUID > boot. > > I partition the larger drive/array as a single partition and mount it as > /home. I've never really seen a need to engage in the multiple partitions > that some people seem to like. You're never likely to fill the / partition > and if you fill the /home with some of your data, then expand the RAID array. > > Some people like LVM but frankly with the good tools Linux has for resizing > partitions, it's rarely needed. > > I don't like the idea of using two partitions on a single HD for RAID, which > seems to be your plan. I'd opt instead to go immediately to RAID 5 with 3 > drives. 1T drives are quite cheap these days so the cost difference isn't > significant over a single 2T. If you want to save money, a 60G SSD is all you > really need for / anyway. > > I'm also not concerned about wear on an SSD. I've been using them for years > and have yet to have one fail. It will happen at some point, but I trust them > more than I trust an HD. However since your SSD isn't in a RAID array, I > wouldn't trust it with anything that can't be recovered with a fresh Linux > install. > Well, actually my idea is to have the a normal, hourly backup on an external /ext4-formatted drive for home and /etc. btrfs for /data in the RAID1 setup is to protect against bit rot (photo & movie archive which should be save for decades...); ontop of that I plan an additional partition for /data on the external drive as well to protect against hardware failure of the internal drive, so the only threat I currently see is a problem of the btrfs fs hurting both the internal RAID1 and the external btrfs. But if I use ext4 for the external /data backup I'm not easily protected against bit rot. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/4071b3ce-a109-4855-97a9-38364975e...@gmx.ch
