Re: user authentication for a secure laptop.

[Scott Ferguson]

On 20/10/14 03:40, pe...@easthope.ca wrote:
> In wheezy, is there a routine means of allowing "login" on 
> the machine itself without a password, 

Do you mean using fingerprints as local authentication??

> while keeping traditional 
> password authentication for any remote login.  

Do you mean passphrase authenticated remote logins?

> From a superficial 
> understanding of PAM, I'd guess that it can provide this capability.
> 
> Thanks, ... Peter E.
> 
> 
> 
> 
> 

It depends on your definition of "secure". It's confusing in the context
that you use it. Could you expand on that please (do you have a
published standard you need to meet)??

By the definition of secure I'm familiar with - remote password
authenticated access is forbidden, so is local autologin, and
unencrypted drives. With single-user boxes (netbooks) LUKS is used as
login authentication - with auto user login. Remote login requires
passphrases (and enforces all domain ssh encryption).

Remote boot 'would' be possible (ssh server in initramfs) - but "secure"
but might be problematic without further explanation of the local
authentication method you will be deploying and standard of "secure".

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54441959.3040...@gmail.com

Re: linux-image-3.16-3-amd64

[Jimmy Johnson]

Sven Joachim wrote:

On 2014-10-19 20:46 +0200, Jimmy Johnson wrote:


No 'linux-headers-amd64' or 'linux-image-amd64' packages are available
for the new kernel(linux-image-3.16-3-amd64).


You had better report this on the debian-kernel mailinglist, or file a
bug report (reportbug --source linux-latest).



I sent an email..
--
Jimmy Johnson

Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5444267a.10...@gmail.com

Avoid reboot by loading initramfs again

[Jimmy Thrasibule]

Hello,

I wonder if one can avoid a complete reboot of the system just by
halting the operating system but right after load the initramfs and
restart from there?

Basically when we reboot, we only want to reset the operating system
state but rarely to do all the hardware checks again. And for a kernel
update, there is kexec.

___
Jimmy


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAMqSRmB8nUOj73n1u5mReXQKJenZr=2cghbpkp-qom-qjho...@mail.gmail.com

Re: linux-image-3.16-3-amd64

[Sven Joachim]

On 2014-10-19 20:46 +0200, Jimmy Johnson wrote:

> No 'linux-headers-amd64' or 'linux-image-amd64' packages are available
> for the new kernel(linux-image-3.16-3-amd64).

You had better report this on the debian-kernel mailinglist, or file a
bug report (reportbug --source linux-latest).

Cheers,
   Sven


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87bnp7refi@turtle.gmx.de

Re: libjpeg mess in testing

[Sven Joachim]

On 2014-10-19 17:39 +0200, Erwan David wrote:

> I hve dependencies which grap libjpeg-turbo-progs and libjpeg-progs
> which claim ownership of the same file.
>
> There are already bugs about this (764318, 764322,765667,765790) but I
> do not understand what I should do about this

Probably install libjpeg-turbo-progs and get rid of libjpeg-progs, but
it's also possible to do it the other way around.

> So, do someone have a hint ?

It's fixed in libjpeg-turbo 1:1.3.1-8 which has just transitioned to
testing[1], now libjpeg-turbo-progs both Conflicts: and Provides:
libjeg-progs, so you have to choose one implementation.

Cheers,
   Sven


1. https://packages.qa.debian.org/libj/libjpeg-turbo/news/20141019T163918Z.html


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87k33vreoh@turtle.gmx.de

linux-image-3.16-3-amd64

[Jimmy Johnson]

No 'linux-headers-amd64' or 'linux-image-amd64' packages are available 
for the new kernel(linux-image-3.16-3-amd64).

--
Jimmy Johnson

Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/54440716.1020...@gmail.com

Re: debian-installer: detection of Mobile Broadband even before installation?

[Don Armstrong]

On Sun, 19 Oct 2014, Jan David Mörike wrote:
> Wishlist: debian-installer: detection of Mobile Broadband even before
> installation?

[...]

> Question: Should the debian installer also offer netinst installation
> through Mobile Internet?

If you're interested in this, please file a wishlist bug against the 
debian-installer package using reportbug, and providing as much
information about what additional udebs would be required,
configuration, etc.

It would be even more valuable if you could step up and help do the work
to make it a reality; most everyone seems to use tethering instead of
actually having a local HSDPA or LTE device.

> And: Should this posting be crossposted to debian-testing mailing list?

No; that mailing list has nothing to do with the installer.

-- 
Don Armstrong  http://www.donarmstrong.com

A citizen of America will cross the ocean to fight for democracy, but
won't cross the street to vote in a national election.
 -- Bill Vaughan


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019183821.gp28...@teltox.donarmstrong.com

Re: GR proposed re: choice of init systems

[Marty]

On 10/19/2014 01:25 PM, Tanstaafl wrote:

On 10/17/2014 3:42 PM, Ric Moore  wrote:

The fun part will be to see who actually steps up to the plate to do all
of the extra work. Especially amongst all of those pledged seconds. I
hope someone is keeping a list. :) Ric



From what I read, it will be one all debian devs (package maintainers)

to fully support all supported init systems in debian in any packages
that they maintain.


I don't see anything like that in the resolution or discussion. The 
resolution prohibits exclusive dependence on a PID 1 init, ie it doesn't 
(directly) enforce "multi-init," but it prohibits init tying or 
"mono-init," I guess you could say. See the -vote discussion for the 
full explanation.



I see nothing wrong with this. It isn't forcing anything on anyone, in
that any debian package maintainer is free to step down (stop
maintaining debian packages) any time they want.

It is simply a rule of being a debian package maintainer.


It's also been Debian Policy for ages (9.1.1). The resolution may 
reinforce a policy seen as obsolete by some devs, but changing it 
requires a 2/3 vote which means that this doesn't really do much, and 
that or similar arguments were primary objections, if I followed it 
correctly (and as a user seeing for the first time how Debian sausages 
get made).


What it allegedly does, however, is clarifies policy over an application 
case where there seems to be lots of confusion and debate, making it a 
candidate for resolution. This point was generally not contested.





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/54440082.2080...@ix.netcom.com

Re: [exim4] Testing and making sense of smtp output

[Brian]

On Sun 19 Oct 2014 at 01:19:51 +0200, lee wrote:

> Brian  writes:
> 
> >> > An address literal is not the same as an IP address. An MTA should not
> >> > be rejecting mail on the basis that the HELO is an address literal.
> >> 
> >> Oh, then what is it?
> >
> > Using an example from RFC5321, an address literal is [123.255.37.2]. An
> > IP address would presumably be 123.255.37.2.
> 
> Hm, there's not much of a difference, or is there?  It's still an IP
> address and being used as one, only inside brackets for unknown reasons.
> Using IP literals when sending email used to work long ago ...

Earlier today I was using a dbus command and as part of it I typed

  boolean;true

The command didn't work.

Looking closer at the web page I changed it to

  boolean:true

Success! Not much of a difference surely; it's all punctuation.  :)

> >> > It's probably academic what the HELO is most of the time. Many ISPs
> >> > will accept any old rubbish for it.
> >> 
> >> That's a misconfiguration they should fix.
> >
> > You tell them. :) They might say they are not breaking any RFCs and will
> > accept any mail they feel like doing.
> 
> I'm not sure if they aren't.  The RFCs specify what the HELO must be
> like, and you could either argue that they comply with RFCs' policy that
> you should accept as much as possible or that you're breaking RFCs by
> using invalid HELO strings.
> 
> At least they are supporting others in breaking RFCs, and I wonder how
> that could not be against their own interests.  In any case, it
> classifies them as (at least potentially very) unreliable.

This is first time I've come across the concept of aiding and abetting
the breaking of RFCs.  :)

(The idea that you are unreliable because you act differently is a very
dangerous one).


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/19102014190328.bcd41da54...@desktop.copernicus.demon.co.uk

Re: GR proposed re: choice of init systems

[Jimmy Johnson]

Slavko wrote:

Ahoj,

Dňa Fri, 17 Oct 2014 16:09:59 -0400 Dan Ritter 
napísal:


On Fri, Oct 17, 2014 at 07:02:12PM +0100, Lisi Reisz wrote:

On Friday 17 October 2014 18:30:31 Andre N Batista wrote:

I cannot believe some people still
thinks [snip] that we should simply stick with
the TC's authority regardless what.

Surely no-one has ever said that??  References if someone has?


Sven Joachim.

"Because the people who do the work get to make the decisions,
that's the way Debian works."


All testing's users which are doing testing of the software and are
reporting the bugs are working on, despite if they are in some team or
not. But now it seems, that the regular users are on the last position
of the interest and particular part of the Social contract are only
words.

This is the reason why i suspend all my contributions for now. I know,
that the Debian was here without me and will be here without me too, but
i see no enough interest to contribute now. First i was in doubts: is
this only my wounded ego? But by last months doings i lost any doubts.



..the small man stands defiantly in front of the moving tank waving his 
flag of freedom..I don't blame you for moving out of the way, maybe some 
pieces will be left and you will still be here to help put them pieces 
back together again, or something new and better will come along, have 
faith my friend.

--
Jimmy Johnson

Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443ff7b.3030...@gmail.com

Re: Good news on claws-mail

[Peter Nieman]

On 19/10/14 15:04, Scott Ferguson wrote:

You hijacked the thread - and this is why that's considered bad form -
it muddies the discussion. Tangents deserve their own, appriately chosen
Subject line, threads - then they get the attention they deserve instead
of being passed over by reader on the basis that the subject has nothing
to do with the OP. It's also respectful to the OP - even if his posts
seems information-free spammy self-promotion.


Yes, Dad.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/m20tn4$b7r$1...@ger.gmane.org

Re: download files from iceweasel using kdialog

[Jimmy Johnson]

kamaraju kusumanchi wrote:



On Sun, Oct 19, 2014 at 12:40 PM, Jimmy Johnson 
mailto:field.engin...@gmail.com>> wrote:


kamaraju kusumanchi wrote:

When I download a file via chromium, it uses kdialog to figure
out where the file is supposed to be stored on the disk. I find
this GUI to be very intuitive compared to what iceweasel uses
for choosing the file location.

Is there any way to tell iceweasel to use kdialog to choose the
file location when I try to download something?



Have you made your settings in 'Paths', KDE/'systemsetting'/'Account
Details'?


May be I am missing something... But how is this related to the file 
dialog opened by iceweasel when downloading something?



Maybe..My system uses 'paths' for downloads. If my reply did not help 
then please ignore it and thank you.

--
Jimmy Johnson

Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443f95c.4040...@gmail.com

Re: download files from iceweasel using kdialog

[kamaraju kusumanchi]

On Sun, Oct 19, 2014 at 12:40 PM, Jimmy Johnson 
wrote:

> kamaraju kusumanchi wrote:
>
>> When I download a file via chromium, it uses kdialog to figure out where
>> the file is supposed to be stored on the disk. I find this GUI to be very
>> intuitive compared to what iceweasel uses for choosing the file location.
>>
>> Is there any way to tell iceweasel to use kdialog to choose the file
>> location when I try to download something?
>>
>
>
> Have you made your settings in 'Paths', KDE/'systemsetting'/'Account
> Details'?
>

May be I am missing something... But how is this related to the file dialog
opened by iceweasel when downloading something?

raju

Fwd: download files from iceweasel using kdialog

[kamaraju kusumanchi]

On Sun, Oct 19, 2014 at 8:29 AM, Scott Ferguson <
scott.ferguson.debian.u...@gmail.com> wrote:

> On 20/10/14 00:16, kamaraju kusumanchi wrote:
> >
> > I think you misunderstood my question.
>
> No, but I did split the post into two parts (hit send too early). See
> the second post for details on how to change the file chooser.
>
> ok.


> > I am aware of all this. But the
> > file dialog you get when trying to save the files (after doing all of
> > the above) is not very intuitive. Instead of this, I want kdialog to
> > popup. To understand what I mean, try downloading a file from chromium
> > and compare the widgets used by iceweasel.
>
> You're comparing GTK (old and crusty) with QT (new and fast). Apples and
> Oranges somewhat. Firefox has long been talking about refactoring and
> recoding with QT, and SUSe has done some work on integrating it with KDE
> more - but so far nothing easily workable has arrived.
>

I see. So, what I am looking for is probably not possible currently. In any
case thanks for the help.

raju
-- 
Kamaraju S Kusumanchi
http://malayamaarutham.blogspot.com/



-- 
Kamaraju S Kusumanchi
http://malayamaarutham.blogspot.com/

Fwd: download files from iceweasel using kdialog

[kamaraju kusumanchi]

On Sun, Oct 19, 2014 at 8:11 AM, Scott Ferguson <
scott.ferguson.debian.u...@gmail.com> wrote:

> Apologies - I forgot to include this this:-
>
> Previously I have had the *alternative* file picker thingy (I assume
> that's what you meant by "kdialog") working instead of the default
> iceweasel one - but the experience was flaky and breaks on upgrades.
>

Yes. That is what I am after.


> NOTE: it *still* uses GTK not QT. Use an Iceweasel theme and KDE QT
> configurator to make it "look" like QT.
>
> about:config -> filter for "ui.allow_platform_file_picker"
> set the boolean value to "false" (double-click on it)
>
> I tried this. The resulting file dialog is somewhat different but not same
as kdialog. For example, in the kdialog window opened from chromium, if I
click on the drop down where the directory name is displayed, it shows a
list of directories into which files were stored recently. This feature is
very useful.

However, after setting the ui.platform_file_picket to false, the
directories listed under "Look in:" are just directories under the same
tree. For example, they are as below
/home/username/dir1/dir2/dir3
/home/username/dir1/dir2/
/home/username/dir1/
/home/username/
 /home
/
This is rarely useful for me and involves multiple clicks before I get to
the correct destination directory.


-- 
Kamaraju S Kusumanchi
http://malayamaarutham.blogspot.com/

Re: GR proposed re: choice of init systems

[Tanstaafl]

On 10/17/2014 3:42 PM, Ric Moore  wrote:
> The fun part will be to see who actually steps up to the plate to do all 
> of the extra work. Especially amongst all of those pledged seconds. I 
> hope someone is keeping a list. :) Ric

>From what I read, it will be one all debian devs (package maintainers)
to fully support all supported init systems in debian in any packages
that they maintain.

I see nothing wrong with this. It isn't forcing anything on anyone, in
that any debian package maintainer is free to step down (stop
maintaining debian packages) any time they want.

It is simply a rule of being a debian package maintainer.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443f422.5050...@libertytrek.org

user authentication for a secure laptop.

[peter]

In wheezy, is there a routine means of allowing "login" on 
the machine itself without a password, while keeping traditional 
password authentication for any remote login.  From a superficial 
understanding of PAM, I'd guess that it can provide this capability.

Thanks, ... Peter E.





-- 
123456789 123456789 123456789 123456789 123456789 123456789 123456789 12
Tel +1 360 639 0202  http://carnot.yi.org/  Bcc: peter at easthope. ca


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/E1XftWl-pt-Ow@armada.invalid

Stuck in update

[Alan Greenberger]

This morning I tried to update a wheezy recently upgraded from squeeze.
It didn't work and I am stuck.

# aptitude update
# aptitude
 g
 u
 These packages could be upgraded, but they have been kept in their
 current state to avoid breaking dependencies.
 q
 b (just beeps)

There were some error messages about lilo
# dpkg -l lilo
 iF  lilo   1:23.2-4 amd64
# aptitude
 /lilo
 C lilo 1:23.2-4   1:23.2-4 

# dpkg-reconfigure lilo
 /usr/sbin/dpkg-reconfigure: lilo is broken or not fully installed

# aptitude install debsums
   debsums libfile-fnmatch-perl{a} 
The following partially installed packages will be configured:
  lilo
 ...
 Errors were encountered while processing:
 lilo

# debsums lilo
 debsums: package lilo is not installed

# aptitude reinstall lilo
The following packages will be REINSTALLED:
  lilo 
0 packages upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 50
 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
E: Internal Error, No file name for lilo:amd64

# apt-get --reinstall install lilo
Reading package lists... Done
Building dependency tree   
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 50 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
E: Internal Error, No file name for lilo:amd64

After this I updated another computer with a less recently upgraded
wheezy using the same sources.list .  It completed smoothly.

So I am stuck.  It did allow installation of debsums from the aptitude
command line, but interactive aptitude won't do anything.  Any ideas?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnm47p96.s6c.alanjg@archduke.router

Re: GR proposed re: choice of init systems

[Martin Read]

On 19/10/14 17:45, Rusi Mody wrote:

As for 'wounded ego':
Do you have a wounded ego if a dead branch falls and smashes the windshield
of your car?
Or a Tsunami knocks off your seafront house?

If you are taking offense, who are you offended by?
Debian is not a person (as far as I know!)


Debian is a project created by a group of people.

It is not a force of nature.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443eef9.2020...@zen.co.uk

Re: Moderated posts?

[Tanstaafl]

On 10/17/2014 9:24 PM, lee  wrote:
> You do not accept messages you can not deliver unless you are relaying
> them.

Absolutely wrong, this rule fully applies to relays just as it does
final destination servers.

Postfix allows you to do this even if you are unable to get/maintain a
local list of valid recipients for relay domains using
'recipient_verification'.

If a customer wishes you to provide relay services but refuses to either
provide an always up to date list of valid recipients, or worst case, to
perform recipient verification, then you simply should not perform relay
services for them, period.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443eda2.10...@libertytrek.org

Re: GR proposed re: choice of init systems

[Rusi Mody]

On Sunday, October 19, 2014 10:00:02 PM UTC+5:30, Slavko wrote:
> Ahoj,

> napísal:

> > On Fri, Oct 17, 2014 at 07:02:12PM +0100, Lisi Reisz wrote:
> > > On Friday 17 October 2014 18:30:31 Andre N Batista wrote:
> > > > I cannot believe some people still
> > > > thinks [snip] that we should simply stick with
> > > > the TC's authority regardless what.
> > > Surely no-one has ever said that??  References if someone has?
> > Sven Joachim.
> > "Because the people who do the work get to make the decisions,
> > that's the way Debian works."

> All testing's users which are doing testing of the software and are
> reporting the bugs are working on, despite if they are in some team or
> not. But now it seems, that the regular users are on the last position
> of the interest and particular part of the Social contract are only
> words.

> This is the reason why i suspend all my contributions for now. I know,
> that the Debian was here without me and will be here without me too, but
> i see no enough interest to contribute now. First i was in doubts: is
> this only my wounded ego? But by last months doings i lost any doubts.

Hi Slavko
You think you are the only one with concerns?  That would be very strange!!
My summary:

MS - Vista
Gnome -- Gnome 3
Ubuntu -- pulseaudio

And until now debian -- systemd
All likely mistakes -- expensive ones.

But as can be seen on the vote mailing list even though its a 
bit late, the devs are seeing ways to contain the mistake.

As for 'wounded ego':
Do you have a wounded ego if a dead branch falls and smashes the windshield 
of your car?
Or a Tsunami knocks off your seafront house?

If you are taking offense, who are you offended by?
Debian is not a person (as far as I know!)


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/a18482bc-86fd-4058-838f-696444ba3...@googlegroups.com

Re: download files from iceweasel using kdialog

[Jimmy Johnson]

kamaraju kusumanchi wrote:
When I download a file via chromium, it uses kdialog to figure out where 
the file is supposed to be stored on the disk. I find this GUI to be 
very intuitive compared to what iceweasel uses for choosing the file 
location.


Is there any way to tell iceweasel to use kdialog to choose the file 
location when I try to download something?



Have you made your settings in 'Paths', KDE/'systemsetting'/'Account 
Details'?

--
Jimmy Johnson

Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443e984.9050...@gmail.com

Re: libjpeg mess in testing

[Jimmy Johnson]

Erwan David wrote:

Hello,

I hve dependencies which grap libjpeg-turbo-progs and libjpeg-progs
which claim ownership of the same file.

There are already bugs about this (764318, 764322,765667,765790) but I
do not understand what I should do about this

So, do someone have a hint ?



I had the same with my two Jessie systems and got past it, the first was 
harder and the second was easy..Have you tried 'aptitude -f install'?

--
Jimmy Johnson

Debian Sid - KDE 4.14.1 - AMD64 - EXT4 at sda14
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443e6b4.6060...@gmail.com

Re: GR proposed re: choice of init systems

[Slavko]

Ahoj,

Dňa Fri, 17 Oct 2014 16:09:59 -0400 Dan Ritter 
napísal:

> On Fri, Oct 17, 2014 at 07:02:12PM +0100, Lisi Reisz wrote:
> > On Friday 17 October 2014 18:30:31 Andre N Batista wrote:
> > > I cannot believe some people still
> > > thinks [snip] that we should simply stick with
> > > the TC's authority regardless what.
> > 
> > Surely no-one has ever said that??  References if someone has?
> > 
> 
> Sven Joachim.
> 
> "Because the people who do the work get to make the decisions,
> that's the way Debian works."

All testing's users which are doing testing of the software and are
reporting the bugs are working on, despite if they are in some team or
not. But now it seems, that the regular users are on the last position
of the interest and particular part of the Social contract are only
words.

This is the reason why i suspend all my contributions for now. I know,
that the Debian was here without me and will be here without me too, but
i see no enough interest to contribute now. First i was in doubts: is
this only my wounded ego? But by last months doings i lost any doubts.

regards

-- 
Slavko
http://slavino.sk


signature.asc
Description: PGP signature

libjpeg mess in testing

[Erwan David]

Hello,

I hve dependencies which grap libjpeg-turbo-progs and libjpeg-progs
which claim ownership of the same file.

There are already bugs about this (764318, 764322,765667,765790) but I
do not understand what I should do about this

So, do someone have a hint ?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443db45.8030...@rail.eu.org

Re: [exim4] Testing and making sense of smtp output

[Brian]

[I may be misunderstanding how your mail system works but your Date:
header doesn't look right]


On Sun 19 Oct 2014 at 00:53:44 +0200, lee wrote:

> Brian  writes:
> 
> > On Fri 17 Oct 2014 at 03:15:49 +0200, lee wrote:
> >
> >> There is no mentioning of /etc/mailname here.  Perhaps that's an
> >> ideosyncrasy of the automatic configuration.
> >
> > No. It's because there is no connection between /etc/mailname and
> > primary_hostname.
> 
> Then how does it happen that Debian manages to configure exim in such a
> way that the contents of /etc/mailname are being used instead of the
> hostname?  Is that another option exim has, and if so, how's it called?

The contents of mailname are not used for the HELO.

If /etc/mailname exists exim will not touch it when it is installed. If
it does not exist it makes the assumption that canonical_hostname in the
hosts file is correct and uses that as the mailname. The installation is
at priority low or medium (I forget which) and no questions are asked.

Suppose the hosts file has

   127.0.1.1debian.lan  debian

This probably doesn't matter for most things the machine is used for but
for an MTA it may be crucial. Any unqualified address will be qualified
with debian.lan; user becomes u...@debian.lan. You can see the possible
routeing problems which could arise for a mail envelope with this in the
To or From.

Exim also HELOs with debian.lan; it looks like mailname and the HELO are
connected but it is only an artifact of the install procedure.

> I seem to vaguely remember an option to specify the HELO string, and I
> couldn't find it anymore because I don't remember how it's called.

primary_hostname is used as the HELO but Debian doesn't set it. Also,
the exim maintainers aren't very keen on your using it in a configuration
file.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/19102014160733.49b1e0005...@desktop.copernicus.demon.co.uk

Re: Lots of updates? OK?

[Clive Standbridge]

> My wheezy system shows 34 packages updated since I last checked, which
> I think was yesterday.  Is this legitimate?  I got a security warning
> about the keys when I first checked, but that went away after I did
> another aptitude update.  I haven't installed any of the new packages
> yet.

The stable update was announced on
debian-stable-annou...@lists.debian.org last Monday:
https://lists.debian.org/debian-stable-announce/2014/10/msg0.html
(It's a useful list to subscribe to; its volume is very low).

> The update seems to include a point release (at least base-files
> changes) and a new linux kernel.  I see some security advisories,
> including the version bump for iceweasel, but nothing about, for
> example, the kernel.  And the debian web site says the last point
> release was in July.

The announcement includes a list of packages updates with reasons,
including for the linux kernel.

I hop that helps:-)
-- 
Cheers,
Clive


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019151640.GA7099@rimmer.localdomain

Re: Good news on claws-mail

[Steve Litt]

On Sun, 19 Oct 2014 14:20:25 +0200
lee  wrote:


> Since you're re-inventing the wheel:
> 
> // sxnotify.c
> //
> // This program is free software: you can redistribute it and/or
> // modify it under the terms of the GNU General Public License as
> // published by the Free Software Foundation, either version 3 of the
> // License, or (at your option) any later version.
> //
> // This program is distributed in the hope that it will be useful, but
> // WITHOUT ANY WARRANTY; without even the implied warranty of
> // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> // General Public License for more details.
> //
> // You should have received a copy of the GNU General Public License
> // along with this program.  If not, see
> // .
> //
> // Author: l...@yun.yagibdah.de, 2013-07-21
> //
> // compile with something like:
> // gcc -lsx -lXpm -lXaw -lXt -lX11 -march=native -O2 -Wall
> -fomit-frame-pointer -finline-functions sxnotify.c -o sxnotify //
> 
> 
> #include 
> #include 
> #include 
> 
> #include 
> 
> 
> void xx(void *data)
> {
>   exit(0);
> }
> 
> 
> int main(int argc, char *argv[]) {
> 
>   if(!OpenDisplay(argc, argv)) {
>   puts("cannot open display");
>   exit(1);
>   }
> 
>   if(argc != 2) {
>   puts("usage: sxnotify message");
>   exit(1);
>   }
> 
>   MakeLabel(argv[1]);
>   ShowDisplay();
>   int foo;
>   AddTimeOut(5000, xx, (void *)(&foo));
>   MainLoop();
>   exit(0);
> }
> 
> 
> 
> # aptitude install libsx-dev

Very, very nice! 

Not an entanglement in sight.

This is the first I've heard about libsx, but I'll be learning a lot
more about it. So far I've found:

*
  http://www.ee.usyd.edu.au/tutorials/ee_database/programming/libsx/libsx.html

* http://www.nada.kth.se/~sungam/libsx/general.libsx.html
* /usr/share/doc/libsx-dev/examples

Unfortunately, a 5 minute Google search found no Python implementation
of libsx. I don't need C for forms: The speed bottleneck is the typist
anyway.

But then again, I could have somebody define a form in some sort of
data file, parse that and convert to a simple C program, call gcc to
make it into an executable. Rapid Application Development, Army Surplus
style, which of course makes me a pariah in the eyes of "real"
programmers. Life's tough.

Thanks so much for cluing me into this!

SteveT

Steve Litt*  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019110313.371f1...@mydesq2.domain.cxm

Re: "kworker" writes to disc every 5 seconds on battery

[Marty]

On 10/18/2014 04:47 PM, Teresa e Junior wrote:

Hello! I have noticed that my current setup of Chrome writes to disc
every second. While hunting for the problem, I have found an old bug
report on Google Code about this, and from my tests I concluded my
solution for now would be to run Chrome with its profile and cache in a
tmpfs. Problem solved, or rather, not solved at all.

In a laptop running on battery, it would be desirable to let the HD spin
down a bit sometimes, right, right, right? Well, I think so, so after
optimizing the settings for some applications, I have found these two
spoiled brats who write to the disc frequently, and never let it sleep:
jbd2/sda3-8 and kworker/u8:0.

The jbd2/sda3-8 problem seems to have been solved by remounting the
partition with commit=60, so no more journal writes every five seconds.

But what about this kworker/u8:0 lad? Who is he, and what is he doing? I
know it is a kernel worker, but not more than this. After some search, I
found someone saying I should run: `echo l | sudo tee
/proc/sysrq-trigger', which outputs some nice information, but which I
could not understand. So I have asked my mother, because she was the
person who taught me how to walk, if she could read it, and was left
puzzled as to how there could be something even our ancestors couldn't
understand.


They understood once, as students, but then it got too big and 
complicated, and they didn't have time to keep up. They forgot to KISS (qv).


Try looking for everyone with the same problems with the laptop model 
and electronics, and remember that most laptops are designed for 
Windows, which often makes it hard to solve problems like yours.



Is there a way for me to know what is kworker/u8:0 writing to the disc


A printk in the kworker thread? but be careful, may need mom's help with 
that.



every five seconds? Also, if it's not a bother, could someone test if
this also happens there? The commands I run while on battery were:

echo 1 | sudo tee /proc/sys/vm/block_dump
tail -F /var/log/debug | grep -v dirtied
echo 0 | sudo tee /proc/sys/vm/block_dump

And by the way, my kernel is 3.15.10-zen-686-pae

Thank you!
Teresa e Junior





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443cd56.5010...@ix.netcom.com

Re: Good news on claws-mail

[Steve Litt]

On Sun, 19 Oct 2014 12:47:03 +0200
Peter Nieman  wrote:

> By the way, I am a desktop user, using fvwm. But I don't want all my 
> applications to "look and feel" the same, I don't want everything to 
> interact with everything, and I want to control my computer instead
> of being controlled by my computer.

Quoted For Truth!!!

Steve

Steve Litt*  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019101536.07455...@mydesq2.domain.cxm

Re: Good news on claws-mail

[Scott Ferguson]

On 20/10/14 00:35, Peter Nieman wrote:
> On 19/10/14 13:48, Brian wrote:
>> On Sat 18 Oct 2014 at 17:29:58 +0200, Peter Nieman wrote:
>>
>>> On 18/10/14 13:49, Scott Ferguson wrote:
 Do you have an answer to your question?

 Wild guess - notifications?
>>>
>>> I don't know claws, but I know from Wheezy that many packages depend
>>> on dbus although dbus isn't necessary for doing the job. Please look
>>> here for examples:
>>> https://lists.debian.org/debian-user/2014/09/msg00843.html
>>> How is dbus necessary for opening a pdf file, for instance? And mail
>>> clients were able to notify users even before dbus was invented.
>>> Trying to get rid of such dependencies is a good thing, in my humble
>>> opinion.
>>
>> The original post was about claws. My reply was also about claws. If I
>> hadn't known anything about the topic I wouldn't have responded. You
>> obviously take a different view about things you cannot be bothered to
>> check. The OP made a specific *technical* claim. It has been shown to be
>> fatuous.
>>
>>brian@desktop:~$ apt-cache -i rdepends dbus | wc -l
>>63
>>
>> None of the 63 packages is a PDF reader.
> 
> I was just trying to explain to Scott why I appreciated every effort to
> get rid of unnecessary dependencies, especially with regard to
> (lib)dbus. I did not want to force you to talk about pdf readers.

You hijacked the thread - and this is why that's considered bad form -
it muddies the discussion. Tangents deserve their own, appriately chosen
Subject line, threads - then they get the attention they deserve instead
of being passed over by reader on the basis that the subject has nothing
to do with the OP. It's also respectful to the OP - even if his posts
seems information-free spammy self-promotion.

I'll now tell a long story about when we used to wear onions on our belt
- it was the fashion at the time, back in nineteen dickety-doo...

> Anyway, evince *recommends* dbus-X11, but after removing dbus it no
> longer worked.

Using --no-install-recommends is not perfect - you need to be careful
what you OK (I assume you used the apt-get -s option to simulate the
install first). What 'may' have happened is that libx11-6 or similar was
removed (autoremove) as a result. echo that package (if the offender) to
set-selections might have worked. Consider also that what evince may
only recommend - may be something that another package depends on. This
is why src is available - and dummy packages.

> 
>> On the other hand. the actual mechanism involved in a
>> wheezy upgrade has been been spoken about a number of times.
> 
> And opinions about it varied widely.

As they do - from informed to, not. It's diversity - and not all of it
is healthy to embrace.

> 
> 


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443b6f8.2030...@gmail.com

Re: Good news on claws-mail

[Peter Nieman]

On 19/10/14 13:48, Brian wrote:

On Sat 18 Oct 2014 at 17:29:58 +0200, Peter Nieman wrote:


On 18/10/14 13:49, Scott Ferguson wrote:

Do you have an answer to your question?

Wild guess - notifications?


I don't know claws, but I know from Wheezy that many packages depend
on dbus although dbus isn't necessary for doing the job. Please look
here for examples:
https://lists.debian.org/debian-user/2014/09/msg00843.html
How is dbus necessary for opening a pdf file, for instance? And mail
clients were able to notify users even before dbus was invented.
Trying to get rid of such dependencies is a good thing, in my humble
opinion.


The original post was about claws. My reply was also about claws. If I
hadn't known anything about the topic I wouldn't have responded. You
obviously take a different view about things you cannot be bothered to
check. The OP made a specific *technical* claim. It has been shown to be
fatuous.

   brian@desktop:~$ apt-cache -i rdepends dbus | wc -l
   63

None of the 63 packages is a PDF reader.


I was just trying to explain to Scott why I appreciated every effort to 
get rid of unnecessary dependencies, especially with regard to 
(lib)dbus. I did not want to force you to talk about pdf readers.
Anyway, evince *recommends* dbus-X11, but after removing dbus it no 
longer worked.



On the other hand. the actual mechanism involved in a
wheezy upgrade has been been spoken about a number of times.


And opinions about it varied widely.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/m20erk$bam$1...@ger.gmane.org

Re: download files from iceweasel using kdialog

[Scott Ferguson]

On 20/10/14 00:16, kamaraju kusumanchi wrote:
> 
> 
> On Sun, Oct 19, 2014 at 7:51 AM, Scott Ferguson
>  > wrote:
> 
> On 19/10/14 23:32, kamaraju kusumanchi wrote:
> > When I download a file via chromium, it uses kdialog to figure out where
> > the file is supposed to be stored on the disk. I find this GUI to be
> > very intuitive compared to what iceweasel uses for choosing the file
> > location.
> >
> > Is there any way to tell iceweasel to use kdialog to choose the file
> > location when I try to download something?
> 
> x/y problem? :)
> 
> 
> I am not sure what you mean by this. I tried searching wikipedia for
> "x/y problem" but did not find anything there.

Wikipedia isn't perfect. It's a somewhat obscure term.

I was referring to you wanting QT support in a GTK app.

You want to change the features of the file browser/picker - a y/z
problem in this case as the features you want you've seen in a native
KDE (QT) app.
You can't get QT support (easily) in Iceweasel/Firefox.

Thus the problem is an x/y problem - how to get those features another
way (use the alternative GTK file browser and theme it like KDE) - it
will then look more like the KDE interface you want. Try it. It's easy
and quick to change back.

8<->8--
> 
> 
> I think you misunderstood my question. 

No, but I did split the post into two parts (hit send too early). See
the second post for details on how to change the file chooser.

> I am aware of all this. But the
> file dialog you get when trying to save the files (after doing all of
> the above) is not very intuitive. Instead of this, I want kdialog to
> popup. To understand what I mean, try downloading a file from chromium
> and compare the widgets used by iceweasel.

You're comparing GTK (old and crusty) with QT (new and fast). Apples and
Oranges somewhat. Firefox has long been talking about refactoring and
recoding with QT, and SUSe has done some work on integrating it with KDE
more - but so far nothing easily workable has arrived.


> 
> raju


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443ae97.2000...@gmail.com

Re: download files from iceweasel using kdialog

[Scott Ferguson]

Apologies - I forgot to include this this:-

Previously I have had the *alternative* file picker thingy (I assume
that's what you meant by "kdialog") working instead of the default
iceweasel one - but the experience was flaky and breaks on upgrades.

NOTE: it *still* uses GTK not QT. Use an Iceweasel theme and KDE QT
configurator to make it "look" like QT.

about:config -> filter for "ui.allow_platform_file_picker"
set the boolean value to "false" (double-click on it)

see "kdialog --help | more " for what kdialog actually is - it does
include a filepicker.

Using the KDE print dialog is possible though.


On 19/10/14 22:51, Scott Ferguson wrote:
> On 19/10/14 23:32, kamaraju kusumanchi wrote:
>> When I download a file via chromium, it uses kdialog to figure out where
>> the file is supposed to be stored on the disk. I find this GUI to be
>> very intuitive compared to what iceweasel uses for choosing the file
>> location.
>>
>> Is there any way to tell iceweasel to use kdialog to choose the file
>> location when I try to download something?
> 
> x/y problem? :)
> 
> Here's how to both set a default download location *and* get a download
> location choice every time you download.
> 
--8<-->8-

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443aa80.9000...@gmail.com

Re: Good news on claws-mail

[lee]

Steve Litt  writes:

> Those visual and audio hints are one of the few things that most
> programs might need to write to. They need a predefined standard to
> write to, and I guess dbus is the standard being used. If I were in
> charge of standards, I might have used something simpler (like a fifo
> with a very simple data definition) exclusively for notifications (the
> official visual and audio hints), but hey, that's just me.

Does dbus work over the network?  People might want to be informed on
their cell phone or on another computer when a new email arrives at the
MUA they have running on their computer, or when a job they started has
completed.

If I was using these info things, I might want to be informed on the
same computer when a compile job has completed, and 'make' should have
a command line option for this ;)


Since you're re-inventing the wheel:



// sxnotify.c
//
// This program is free software: you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see
// .
//
// Author: l...@yun.yagibdah.de, 2013-07-21
//
// compile with something like:
// gcc -lsx -lXpm -lXaw -lXt -lX11 -march=native -O2 -Wall -fomit-frame-pointer 
-finline-functions sxnotify.c -o sxnotify
//


#include 
#include 
#include 

#include 


void xx(void *data)
{
exit(0);
}


int main(int argc, char *argv[]) {

if(!OpenDisplay(argc, argv)) {
puts("cannot open display");
exit(1);
}

if(argc != 2) {
puts("usage: sxnotify message");
exit(1);
}

MakeLabel(argv[1]);
ShowDisplay();
int foo;
AddTimeOut(5000, xx, (void *)(&foo));
MainLoop();
exit(0);
}


# aptitude install libsx-dev


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.

Re: [exim4] Testing and making sense of smtp output

[lee]

Brian  writes:

>> > An address literal is not the same as an IP address. An MTA should not
>> > be rejecting mail on the basis that the HELO is an address literal.
>> 
>> Oh, then what is it?
>
> Using an example from RFC5321, an address literal is [123.255.37.2]. An
> IP address would presumably be 123.255.37.2.

Hm, there's not much of a difference, or is there?  It's still an IP
address and being used as one, only inside brackets for unknown reasons.
Using IP literals when sending email used to work long ago ...

>> > It's probably academic what the HELO is most of the time. Many ISPs
>> > will accept any old rubbish for it.
>> 
>> That's a misconfiguration they should fix.
>
> You tell them. :) They might say they are not breaking any RFCs and will
> accept any mail they feel like doing.

I'm not sure if they aren't.  The RFCs specify what the HELO must be
like, and you could either argue that they comply with RFCs' policy that
you should accept as much as possible or that you're breaking RFCs by
using invalid HELO strings.

At least they are supporting others in breaking RFCs, and I wonder how
that could not be against their own interests.  In any case, it
classifies them as (at least potentially very) unreliable.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87wq7xhso8@yun.yagibdah.de

terminology: how do you change the foreground colour?

[lee]

Hi,

the subject already says it:  How do you change the foreground colour in
terminology?  I can only set the background.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87oat8i8jm@yun.yagibdah.de

Re: Moderated posts?

[lee]

Chris Bannister  writes:

> On Sat, Oct 18, 2014 at 03:24:32AM +0200, lee wrote:
>> 
>> Klensin Standards Track[Page 71]
>> 
>>  
>> RFC 5321  SMTP  October 2008
>> 
>> 
>>if this address is null ("<>"), the receiver-SMTP MUST NOT send a
>>notification."
>> 
>> 
>> This clearly tells you that you *must not* drop or otherwise loose a
>> message once you have accepted it and that you *must* send a bounce when
>> the message can not be delivered.
>
> Is a bounce not some sort of notification. The above could easily be read as 
> do nothing, don't bother the sender at all.

A bounce is a notification.  You don't send one when you deny a message.

Since your MTA did not accept the message, it remains the responsibility
of the MTA or MUA on the sending side to inform the sender of the
message.  Your MTA is not responsible for this because it did not accept
the message.

Only when you have accepted a message you can not deliver, you must send
a bounce.

>> Please do configure your MTAs accordingly.
>> 
>> And that includes whoever runs this mailing list: When you block
>
> The MTA accepts them OK, no problem there.
>
>> messages, the senders must be informed that the delivery to the list has
>> failed.  --- I cannot verify whether messages sent to this list have
>> been silently dropped.
>
> The policy of MLs or forums has got nothing to do with MTA
> configuration. The policy is implemented in either the mailing list
> software (mailman, majordomo, etc) or the forum bulletin board software.

Technically, yes.  Practically, I'm sending a message which is to be
delivered to this mailing list.  When the message is not delivered
correctly, I must receive a bounce.  Whether the MTA processing
list-mail sends the bounce or the software that handles the mailing list
is irrelevant in this case.

If you want a technical argument: The software handling the mailing list
becomes part of the (operation of) the MTA and hence falls under the
same RFCs as MTAs do.

As a sender of a message, I can not know whether the list is handled via
entries in /etc/aliases, by an MTA that has special mailing-list
features built in, or by some other means.  It entirely doesn't matter.

I merely expect correct handling of messages, and that includes bounces
being sent when delivery fails.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87a94tj8oc@yun.yagibdah.de

Re: Good news on claws-mail

[lee]

Mark Carroll  writes:

> Peter Nieman  writes:
>
>> As mentioned already in another posting, I think the best, if not the 
>> only solution for Debian would be to split the whole thing in two, one 
>> for desktop environment users and one for users who do not want a 
>> desktop environment. Packages that only work in a desktop environment 
>> should only go into the DE repository, while programs that work both 
>> within or without a DE should exist in two versions, the non-DE version 
>> being compiled in such a way that no dependency on any DE component or 
>> library exists.
>
> Perhaps no need to split into different repositories, just have
> different packages. For instance, we already have several packages with
> a '-nox' suffix to their name, which I've greatly appreciated.

That could bring about dependency problems, like when you install the
desktop version of emacs on a hybrid distribution, you'll probably pull
in lots of the stuff you don't want just because you want to use emacs
and fvwm.

At least there'd have to be some flag added which generally tells the
package management whether you want the non-desktop or the desktop
versions and dependencies.

In the end, you'll probably want to compile everything yourself anyway
because it's the most versatile way.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87siikgre6@yun.yagibdah.de

Re: Problem with quotatool

[lee]

Peter Buzanits  writes:

> Hello,
>
> I have a problem on 2 Wheezy installations in Vmware, if I want to set
> quota for a user:
>
> bastelecke:~# quotatool -u tutor -bq 2000M -l 2500M /
> quotatool: Error while detecting kernel quota version: No such file or
> directory

Which version of VMWare and Debian kernel are you using?


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87siiki8n0@yun.yagibdah.de

Re: [exim4] Testing and making sense of smtp output

[lee]

Joe  writes:

> On Sat, 18 Oct 2014 00:13:54 +0100
> Brian  wrote:
>
>> On Fri 17 Oct 2014 at 03:20:44 +0200, lee wrote:
>> 
>> > Brian  writes:
>> > 
>> > > Not that I'm suggesting setting up exim to offer an invalid HELO;
>> > > it will lead to trouble sooner or later. However, as a reason for
>> > > mail being rejected or not arriving it doesn't come top of the
>> > > list.
>> > 
>> > Not accepting invalid HELOs is pretty high on the list because it's
>> > a very simple check.  It gets rid of quite a lot of spam with
>> > minimal resource usage.
>> 
>> It could also get rid of a lot of legitimate mail because of
>> misconfigured clients. ISPs get flack doing that so they come
>> to a decision whether it is worth being so strict. Many ignore
>> invalid HELOs.
>> 
>> 
>
> [...]
>
> A public-facing SMTP server, accepting arbitrary unauthenticated email
> needs to be a bit more picky, and if a network MTA has an invalid HELO,
> someone should be told to fix it fairly quickly.

Exactly --- unfortunately, it isn't always possible.

Don't give up on telling people how they need to fix their MTAs,
though.


Besides, I cannot seriously accept mail from an MTA which is
misconfigured even in the most basic things because I can not assume
any responsibility that I will be able to correctly handle the mail
coming from or going to it.  It's just another misconfigured MTA, and
I would have to be crazy to misconfigure mine to accomodate other
peoples misconfigurations.

When you start doing that, it won't take long before email delivery
will stop working altogether.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/871tq5j7sh@yun.yagibdah.de

Re: [exim4] Testing and making sense of smtp output

[lee]

Brian  writes:

> On Fri 17 Oct 2014 at 03:15:49 +0200, lee wrote:
>
>> Brian  writes:
>> 
>> > On Mon 13 Oct 2014 at 04:12:04 +0200, lee wrote:
>> >
>> >> Jonathan Dowland  writes:
>> >> 
>> >> > On Sun, Oct 12, 2014 at 02:45:44PM -0400, Harry Putnam wrote:
>> >> >> > And if so, is that not acquired from /etc/hosts?
>> >> > snip
>> >> >> Egad ...  I just noticed that was from a different machine... but the
>> >> >> format is the same on all of mine.  So still should stand as something
>> >> >> to critique/
>> >> >
>> >> > Debian's exim4 will take the contents of /etc/mailname over the dns 
>> >> > name by
>> >> > default. I'd recommend putting the fqdn that you want exim to use there.
>> >> 
>> >> You can also specify it in exims' configuration.  Unless you do have
>> >> good reason to do so, I'd advise against it and let exim use the host
>> >> name (which the automatic configuration which I don't exactly recommend
>> >> hopefully lets exim use unless you tell it otherwise).
>> >
>> > The HELO cannot be specified using dpkg-reconfigure. It is taken from
>> > /etc/hosts.
>> >
>> > /etc/mailname can be specified with dpkg-reconfigure. It is not the best
>> > of ideas to leave it blank.
>> >
>> > There is no connection between /etc/mailname and the HELO.
>> 
>> 
>> "primary_hostnameUse: main   Type: stringDefault: see below
>> 
>> This specifies the name of the current host. It is used in the default
>> EHLO or HELO command for outgoing SMTP messages (changeable via the
>> helo_data option in the smtp transport), and as the default for
>> qualify_domain. The value is also used by default in some SMTP response
>> messages from an Exim server. This can be changed dynamically by setting
>> smtp_active_hostname."[1]
>> 
>> 
>> There is no mentioning of /etc/mailname here.  Perhaps that's an
>> ideosyncrasy of the automatic configuration.
>
> No. It's because there is no connection between /etc/mailname and
> primary_hostname.

Then how does it happen that Debian manages to configure exim in such a
way that the contents of /etc/mailname are being used instead of the
hostname?  Is that another option exim has, and if so, how's it called?

I seem to vaguely remember an option to specify the HELO string, and I
couldn't find it anymore because I don't remember how it's called.


-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8761fhj8g7@yun.yagibdah.de

Re: download files from iceweasel using kdialog

[The Wanderer]

On 10/19/2014 at 08:32 AM, kamaraju kusumanchi wrote:

> When I download a file via chromium, it uses kdialog to figure out
> where the file is supposed to be stored on the disk. I find this GUI
> to be very intuitive compared to what iceweasel uses for choosing the
> file location.
> 
> Is there any way to tell iceweasel to use kdialog to choose the file 
> location when I try to download something?

I'm pretty sure no; I'm pretty sure that Iceweasel uses the GTK
file-chooser dialog, and that if this is optional, it would be a
compile-time option (due to linking concerns if nothing else).


http://blog.martin-graesslin.com/blog/2013/12/firefox-kde-integration-in-debian-testing/

seems to support that; apparently people have gotten it working, but it
requires a separate Firefox package, which was apparently built from a
patched version of the Firefox source (I think - details not provided).

According to the comments on that blog post, there are and/or have been
bugs filed against Firefox (upstream) about that, over the course of
years - but presumably not much in the way of resulting changes, or else
the separate package probably wouldn't be necessary.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: download files from iceweasel using kdialog

[Scott Ferguson]

On 19/10/14 23:32, kamaraju kusumanchi wrote:
> When I download a file via chromium, it uses kdialog to figure out where
> the file is supposed to be stored on the disk. I find this GUI to be
> very intuitive compared to what iceweasel uses for choosing the file
> location.
> 
> Is there any way to tell iceweasel to use kdialog to choose the file
> location when I try to download something?

x/y problem? :)

Here's how to both set a default download location *and* get a download
location choice every time you download.

The toolbar is hidden by default, you can enable it by clicking on the
"Open Menu" button (three horizonal bars - top-right corner) -> then
down the bottom-left of the new screen click on the "Show/Hide Toobars"
button -> Select "Toolbar", followed by clicking on the green "Exit
Customize" button (bottom-right). Or use the hot keys shown in [] below.

Open the "Edit" drop-down menu [Alt+e] and select "Preferences" [n]
In the Iceweasel Preferences dialog select the "General" tab (top-left)
Under the "Downloads" section (half-way down)
Select "Save files to" [v] and click on the "Browse" button [o] (by
default that's set to Downloads - but I'm not certain).
Navigate to where you want the *default* download location to be and
select it.
Back in the Preferences dialog select "Always ask me where to save
files" [a].
Done. Now when you download with Iceweasel you'll be asked where you
want to save files - and the default location will be offered, either
accept that location - or browse to the location of your choice.

> 
> I tried the hack suggested in
> https://scottlinux.com/2013/07/23/enable-kde-style-for-iceweasel-and-other-gtk-apps-in-debian/
> . But this only changes the appearance of the widget style not the
> underlying widget. Any other suggestions?

Yes - see above.

> 
> 
> I am using a combination of Wheezy (stable), Jessie (testing).
> 
> rajulocal@hogwarts:~/chess$ dpkg -l chromium iceweasel
> ii  chromium   35.0.1916.153-2 
> amd64Chromium web browser
> ii  iceweasel  31.1.0esr-1 
> amd64Web browser based on Firefox
> 
> thanks
> raju
> -- 
> Kamaraju S Kusumanchi
> http://malayamaarutham.blogspot.com/

HTH

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443a5c5.30...@gmail.com

unattended-upgrades

[Chris]

Hi,

I'm having no luck getting unattended-upgrads working on a Wheezy server. The 
image for Wheezy is from my vServer provider and has not been a problem until 
now. I'm not a programmer so bear with me.

No entry appears in /var/log/unattended-upgrades/unattended-upgrades.log other 
than the dry runs.

Any help would be greatly appreciated.

As root I installed with:

apt-get install unattended-upgrades

dpkg -l |grep unattended

ii  unattended-upgrades   0.79.5+wheezy1 
all  automatic installation of security upgrades

Acorrding to the README I did:

dpkg-reconfigure -plow unattended-upgrades

unattended-upgrade --debug --dry-run

gives:

2014-10-19 14:38:11,701 DEBUG pkgs that look like they should be upgraded: 
2014-10-19 14:38:11,709 DEBUG fetch.run() result: 0
2014-10-19 14:38:11,709 DEBUG blacklist: []
2014-10-19 14:38:11,709 DEBUG InstCount=0 DelCount=0 BrokenCout=0
2014-10-19 14:38:11,709 INFO No packages found that can be upgraded unattended

apt-config dump | grep Periodic

gives:

APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

apt-config dump | grep Unattended

gives:

Unattended-Upgrade "";
Unattended-Upgrade::Origins-Pattern "";
Unattended-Upgrade::Origins-Pattern:: 
"origin=Debian,archive=stable,label=Debian-Security";
Unattended-Upgrade::Origins-Pattern:: 
"origin=Debian,archive=oldstable,label=Debian-Security";

-- 
Chris

download files from iceweasel using kdialog

[kamaraju kusumanchi]

When I download a file via chromium, it uses kdialog to figure out where
the file is supposed to be stored on the disk. I find this GUI to be very
intuitive compared to what iceweasel uses for choosing the file location.

Is there any way to tell iceweasel to use kdialog to choose the file
location when I try to download something?

I tried the hack suggested in
https://scottlinux.com/2013/07/23/enable-kde-style-for-iceweasel-and-other-gtk-apps-in-debian/
. But this only changes the appearance of the widget style not the
underlying widget. Any other suggestions?


I am using a combination of Wheezy (stable), Jessie (testing).

rajulocal@hogwarts:~/chess$ dpkg -l chromium iceweasel
ii  chromium   35.0.1916.153-2
amd64Chromium web browser
ii  iceweasel  31.1.0esr-1
amd64Web browser based on Firefox

thanks
raju
-- 
Kamaraju S Kusumanchi
http://malayamaarutham.blogspot.com/

debian-installer: detection of Mobile Broadband even before installation?

[Jan David Mörike]

Wishlist: debian-installer: detection of Mobile Broadband even before 
installation?


More and more people have a fast (HSDPA) or super-fast (LTE) Mobile 
Broadband access to the internet.


And a flatrate for this access.

Question: Should the debian installer also offer netinst installation 
through Mobile Internet?


And: Should this posting be crossposted to debian-testing mailing list?


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5443ad18.1040...@arcor.de

Re: Good news on claws-mail

[Mark Carroll]

Peter Nieman  writes:

> As mentioned already in another posting, I think the best, if not the 
> only solution for Debian would be to split the whole thing in two, one 
> for desktop environment users and one for users who do not want a 
> desktop environment. Packages that only work in a desktop environment 
> should only go into the DE repository, while programs that work both 
> within or without a DE should exist in two versions, the non-DE version 
> being compiled in such a way that no dependency on any DE component or 
> library exists.

Perhaps no need to split into different repositories, just have
different packages. For instance, we already have several packages with
a '-nox' suffix to their name, which I've greatly appreciated. A
'-nodbus', etc. might be nice too, gets rid of those "No D-BUS daemon
running" messages and suchlike, and this reminds me of weird things I
see like "The name org.freedesktop.UPower was not provided by any
.service files". Even XFCE4 can be compiled with various kinds of
support disabled, or at least it could last I looked.

Admittedly, there might be combinatorially many possibilities here -- at
least too many to be practical -- and Debian already has a lot of useful
tools surrounding building packages from Debian-patched source, so it's
not been too bad to arrange some of this easily myself with the compile
options I want, albeit perhaps with an envious eye toward Gentoo's USE
flags. After all, sometimes I do want X support, I just don't want, say,
policykit, or certainly not all the session/seat management that systemd
seems designed to provide.

> By the way, I am a desktop user, using fvwm. But I don't want all my 
> applications to "look and feel" the same, I don't want everything to 
> interact with everything, and I want to control my computer instead of 
> being controlled by my computer.

Exactly.

-- Mark


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87wq7wtgl1@ixod.org

Re: Good news on claws-mail

[Brian]

On Sat 18 Oct 2014 at 17:29:58 +0200, Peter Nieman wrote:

> On 18/10/14 13:49, Scott Ferguson wrote:
> >Do you have an answer to your question?
> >
> >Wild guess - notifications?
> 
> I don't know claws, but I know from Wheezy that many packages depend
> on dbus although dbus isn't necessary for doing the job. Please look
> here for examples:
> https://lists.debian.org/debian-user/2014/09/msg00843.html
> How is dbus necessary for opening a pdf file, for instance? And mail
> clients were able to notify users even before dbus was invented.
> Trying to get rid of such dependencies is a good thing, in my humble
> opinion.

The original post was about claws. My reply was also about claws. If I
hadn't known anything about the topic I wouldn't have responded. You
obviously take a different view about things you cannot be bothered to
check. The OP made a specific *technical* claim. It has been shown to be
fatuous. 

  brian@desktop:~$ apt-cache -i rdepends dbus | wc -l
  63

None of the 63 packages is a PDF reader.

> >Now my question - why did you remove Brian's question from it's context? TIA

[Snip] 

> >NOTE: He was responding to the, um, claim that removing dbus in some
> >unknown way removed a (possible??) systemd *dependency*.
> 
> Well, I thought there was a strong relationship between systemd and
> dbus. Or are you telling me there is none - neither personnel-wise
> nor technology-wise? Wasn't it mentioned on this list some time ago

systemd doesn't depend on dbus. Your suspicions that there is a love-in
between the two is unfounded; they are just good friends.

> that Wheezy machines running dbus would be upgraded to systemd
> whereas machines not running dbus might have a chance of not being?
> By the way, I can't find the word "dependency" that you highlighted
> in Steve's post.

I have no recollection of seeing what you mention. It is completely
incorrect anyway. On the other hand. the actual mechanism involved in a
wheezy upgrade has been been spoken about a number of times. That seems
to have passed you by.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019114816.gp23...@copernicus.demon.co.uk

Re: Monitor does not turn on after suspend

[Scott Ferguson]

On 19/10/14 02:54, Marko Ranđelović wrote:
> I use Wheezy on desktop computer. I use vesa driver for X because radeon is
> not working. After pm-suspend command, computer is like turned off, when press
> power button it wakes up, but not monitor and not keyboard.
> 
> I tried --quirk-dpms-on, but didn't help.

What about these (together):-
--quirk-dpms-suspend
--quirk-dpms-on
--quirk-vbestate-restore
--quirk-vbemode-restore
--quirk-vga-mode3
--quirk-vbe-post

> I also tried kernel options noapic and irqpoll, but didn't help either.

AFAIK they won't, unless the problem is a buggy BIOS

> 
> lspci tells my VGA card as:
> 01:00.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI 
> Device 6613

Sapphire Radeon R7 240 ??

I've installed both the FOSS (radeon) and non-free (fglrx) driver for it
in the past - so vesa would not be necessary. I had to install
fglrx-driver and fglrx-control from testing at the time (over a year
ago) - but the Wheezy or Wheezy backports packages should work fine.
You'll need non-free repositories enabled in /etc/apt/sources.list.

I'd previously installed the FOSS radeon driver (and found it too slow)
which meant I had to blacklist that module to get the Closed Source
driver working - from all reports the card still works very well.

I included the fglrx-modules-dkms to get 3D-accellerated graphics.
The process is documented here (though I used a different method):-
https://wiki.debian.org/ATIProprietary#Debian_7_.22Wheezy.22

I'd suggest installing the proprietary driver unless you're happy with
vesa - or, quite reasonably, reject closed source software (in which
case you might have bought a less powerful card).
NOTE: I've only dealt with suspend and that card when dkms was used.

The FOSS radeon driver installation process is described here (a little
dated?):-
https://wiki.debian.org/AtiHowTo


> 
> Kind regards
> 
> 

A reference for Suspend is here (note that the information about dkms is
out of date):-
https://wiki.debian.org/Suspend

A reference for debugging Suspend is here:-
https://www.kernel.org/doc/Documentation/power/basic-pm-debugging.txt


Questions:-

Anything useful in /var/log/pm-suspend.log ??

What sort of keyboard ??

Is it a USB keyboard ??

Was Wheezy a fresh install or did you upgrade from Squeeze ??

What sort of desktop is it (make/model) - if a no-brand, what is the
motherboard ??

Could you please paste your /var/log/Xorg.0.log somewhere e.g.
paste.debian.net and post the link in your reply ??
HINT: pastebinit is a useful debian package for just that purpose


Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544391fb.3080...@gmail.com

Re: Resources/tools for server hardening?

[Leslie-Alexandre DENIS]

Le 19/10/2014 09:27, Rafał Radecki a écrit :

Hi All :)

What resources or tools do you use for server hardening/checking 
servers' security?
I currently am checking Nessus, it looks good :) I found some info 
also about Bastille but it seems to be dead. Which other tools do you 
recommend?


I am thinking about applying some common sense security rules through 
puppet and then use Nessus to check servers. Can you recommend a 
different approach?


Thanks for all help :)

BR,
Rafal.


Hi,

Like you, Nessus is my core's app. for checking security of services on 
a box but I think Nmap and Its script ability can help you in the task. 
You can check out Metasploit too, a security framework used to 
exploit/check vulnerabilities for real.


Kind regards,


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/54439bf1.3020...@gmail.com

Re: Good news on claws-mail

[Peter Nieman]

On 18/10/14 19:36, Marko Ranđelović wrote:

Great, but that's Gentoo way, we should have made a Gentuish Debian, i.e. port
certain portage features into APT, such as easily control build flgas. But
then it's needed to keep record of not which packages a package depends on,
but which parts of which packages a package depends on, though I'm not sure
if it's very important.


I also started compiling some programs myself, and the self-compiled 
versions worked at least equally well while being far less memory hungry 
than the Debian versions. So that might be a solution for some of us, 
but it won't of course solve Debian's bigger problem.


As mentioned already in another posting, I think the best, if not the 
only solution for Debian would be to split the whole thing in two, one 
for desktop environment users and one for users who do not want a 
desktop environment. Packages that only work in a desktop environment 
should only go into the DE repository, while programs that work both 
within or without a DE should exist in two versions, the non-DE version 
being compiled in such a way that no dependency on any DE component or 
library exists. That would bring back to non-DE users a neat, clean, 
more secure and easier to manage distribution like the one we had before 
the DE people started to dominate. And it would also solve the systemd 
problem, as the people trying to impose that "init system" seem to be 
closely related to the DE side, as far as I can see, and their 
"philosophy" is the same.


By the way, I am a desktop user, using fvwm. But I don't want all my 
applications to "look and feel" the same, I don't want everything to 
interact with everything, and I want to control my computer instead of 
being controlled by my computer.


p.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/m2051o$8la$1...@ger.gmane.org

Re: All roads to suspend/hibernate lead through systemd?

[Joe]

On Sat, 18 Oct 2014 19:53:38 -0700 (PDT)
Rusi Mody  wrote:

> On Saturday, October 18, 2014 11:40:01 PM UTC+5:30, Nate Bargmann
> wrote:
> > No, this is not a troll (seems like that is necessary to state up
> > front).  I have been experimenting with dropping systemd from my
> > laptop running Sid but find that even with xfce4-power-manager
> > suspend nor hibernate are available any more unless I install the
> > policykit-1 package recommended by the upower package which depends
> > on libpam-systemd which, even if I install systemd-shim, also
> > installs the systemd package as a dependency, even though it won't
> > run as PID 1.
> 
> Just a heads up.
> xfce on jessie with systemd
> 
> A couple of weeks ago in trying to get round some dependency issues
> I needed to install policykit that did:
> 
> libpolkit-agent-1-0 (0.105-6.1)
> libpolkit-backend-1-0 (0.105-6.1)
> policykit-1 (0.105-6.1)
> 
> After that direct poweroff from the xfce panel has stopped working
> ie whether I choose logout or shutdown, it only logs out, ie closes
> startx and puts me back in console shell.
> 
> [Oh and BTW about 6 months or so back gdm stopped working and Ive
> switched to startx
> ]
> 
> 

Datum: up-to-date sid, systemd, xfce, same policykit stuff plus a bit
more at 0.105-7, GUI shutdown still OK. I gave up on gdm when it went
to gdm3, I'm using kdm.

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019111828.4f3bf...@jresid.jretrading.com

insane hibernation policy (war: Re: All roads to suspend/hibernate lead through systemd?)

[Martin Steigerwald]

Hi Joe,

Am Samstag, 18. Oktober 2014, 21:17:48 schrieb Joe:
> On Sat, 18 Oct 2014 12:44:23 -0500
> 
> Nate Bargmann  wrote:
> > No, this is not a troll (seems like that is necessary to state up
> > front).  I have been experimenting with dropping systemd from my
> > laptop running Sid but find that even with xfce4-power-manager
> > suspend nor hibernate are available any more unless I install the
> > policykit-1 package recommended by the upower package which depends on
> > libpam-systemd which, even if I install systemd-shim, also installs
> > the systemd package as a dependency, even though it won't run as PID
> > 1.
> > 
> > Has anyone worked out a way to enable suspend in xfce4-power-manager
> > without ultimately installing systemd?
> 
> No, but this sheds a little light elsewhere. About a year ago I was on
> LXDE, and suddenly the GUI shutdown and reboot stopped working. I spent
> a month or so typing in a password in order to shut down my single-user
> workstation, then got fed up with it. There seemed to be no suggestion
> as to when it might be fixed, nor any hint that I needed to install
> anything else, so I switched to Xfce.
> 
> I've never got suspend, hibernate etc. to stay working properly on sid
> for any length of time, and the only non-sid Linux installation I have
> is a server, so I don't use them.

Look here:

Bug #727645 [polkit-kde-1] polkit-kde-1: requires root password for hibernate, 
wrongly reports other users are logged
https://bugs.debian.org/727645 

Bug #717731 [upower] upower: authentification is required for hibernating while 
other users are logged in
https://bugs.debian.org/717731

and more recently here:

Bug#747939: systemd: prevents hibernation without password with open screen 
session in other login session
https://bugs.debian.org/747939

I am not even sure that has been all reports of mine.

I had it with a second KDE session, I have it with a screen session inside a 
KDE session, in any account it was so dire insane it isn´t even funny anymore.


I still have the following polkit in there, cause with two KDE sessions open I 
think I still have the issue:

merkaba:/etc/polkit-1> cat ./localauthority/50-
local.d/org.freedesktop.upower.pkla
[Suspend/hibernate permissions]
Identity=unix-group:sudo
Action=org.freedesktop.login1.hibernate-multiple-
sessions;org.freedesktop.login1.suspend-multiple-sessions
ResultAny=yes
ResultInactive=yes
ResultActive=yes

I think any asking for a password on a *single seat* machine for hibernation 
is a bug, is a bug, is a bug. I am the only one with a keyboard on it, and I 
am the only one allowed to SSH into it, so I am the only one permitted to 
hibernate the system. And if I do this from a unlocked desktop session, I am 
authenticated already, so please just leave me *alone*.

I dislike software that tries to be more intelligent as me. I dislike policies 
like this limiting my freedom. And I invite you to comment or add to the bug 
reports I mentioned, or if they are closed already, and you still have an 
issue, open a new one and tell me.

So far it feels to me that I have been the only one yelling to the developers 
regarding that dire policy insanity. Its as insane as requiring a root login 
for Linus daughter in order to set up a printer in some OpenSUSE version.

I may one day try again without the above file to make policykit policy sane. 
It might even be important, cause if Jessie gets released with that insanity, 
I can only imagine the uproar here on this list, in bug tracker, and 
elsewhere.

Well, maybe it has been fixed meanwhile, I didn´t try removing the file for a 
while. Cause honestly I couldn´t be bothered with this kind of dire insanity 
anymore.

But on any account, people, please report bugs. Please make your voice 
regarding systemd and/or policykit troubles be heard. As long as I am one of 
the few reporting things there… chances are I might get ignored again.

Of course it also depends on the tone. Express your anger and your frustration 
in a "I am" way? Sure. But avoid accusing or insulting people.

So please don´t just use above work-around – or policy *correction* – also 
voice your concern, and if it is a simple "I have this issue two with this and 
that…" mail to one of the existing bug reports.

Thanks,
-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1590834.76OczWI13J@merkaba

Re: [exim4] rewrite left hand of email on outgoing mail

[Joe]

On Sat, 18 Oct 2014 20:58:11 -0400
Harry Putnam  wrote:

> Jonathan Dowland  writes:
> 
> > My sympathies, I don't think it's an obvious location (ie outside of
> > /etc/exim4) and I recall feeling similar when I eventually stumbled
> > over it.
> >
> >> On 18 Oct 2014, at 00:52, Harry Putnam  wrote:
> >> 
> >> So, I just insert things the way I want them... and restart exim4?
> >
> > Yes but I don't think the restart is needed.
> >
> >> 
> >> Do I need to use both of the forms that may occur for my user?
> >
> > Yes.
> 
> Well that did it... thanks for your time and patience.
> 
> Now if I can just set things so that this host can accept mail from
> the rest of the lan and relay it to my smarthost.
> 
> But before I create some openended monster spam hole...
> Is that just a matter of inserting the networks who's mail you want to
> relay?
> 
> I mean in /etc/exim4/update-exim4.conf.conf:
> 
>dc_relay_nets='10.0.0.0/24;192.168.2.0/24'
> 
That should be a colon between entries, not a semi-colon.

> Those are the two networks making up my home lan.
> 
> Or is there some more specific/explicit way to tell exim to relay for
> them?

That *is* the explicit way of doing it. 

It is also possible to relay 'from' specific named domains, which is
fine for ISPs who have only their own customers connecting to their
sending machines. However, a fair amount of the spam I get off the Net
is apparently 'from' one of my own domains, often from 'me'. This is an
attempt to relay if my server is configured to do so from named
domains, so in a server which is handling arbitrary incoming email, it
is safest to stick to IP address ranges. If they are private ranges,
then [theoretically] no externally arriving email should have a sender
address in the range.

Or you can do as Jerry suggests, and set up your server and clients to
use authenticated connections, which bypass the normal relaying tests.
ISPs normally configure their smarthosts to accept mail for relaying
unconditionally from their own networks or their customers' named
domains, plus authenticated mail from anywhere, so their customers can
still use the smarthost when away from home and connected through
someone else's network.

There are lots of websites which will perform testing for open
relaying, and Google will find many. Two that are well-established and
probably trustworthy are mxtoolbox.com and www.dnsgoodies.com. You can
do it yourself from a computer outside your network using telnet:

http://support.microsoft.com/kb/153119

This is aimed at Exchange users, but it will work for any SMTP server
accepting unauthenticated email on port 25. You can check the response
for various genuine and invalid recipients on your domain, and for
recipients on other domains. You should be given appropriate error
messages for all but genuine recipients on your domain. Some email
servers require the sender and recipient addresses to be enclosed in
.

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2014101923.2f6b8...@jresid.jretrading.com

Re: [exim4] rewrite left hand of email on outgoing mail

[Jonathan Dowland]

On Sat, Oct 18, 2014 at 08:58:11PM -0400, Harry Putnam wrote:
> Now if I can just set things so that this host can accept mail from
> the rest of the lan and relay it to my smarthost.
> 
> But before I create some openended monster spam hole...
> Is that just a matter of inserting the networks who's mail you want to
> relay?
> 
> I mean in /etc/exim4/update-exim4.conf.conf:
> 
>dc_relay_nets='10.0.0.0/24;192.168.2.0/24'
> 
> Those are the two networks making up my home lan.
> 
> Or is there some more specific/explicit way to tell exim to relay for them?

That's the right place. From memory I think the delimiter between networks is a
colon rather than a semi colon. If you run "dpkg-reconfigure exim4-config" the
resulting setup questions will include one that populates dc_relay_nets and the
question makes clear what the delimiter should be.

if you edit the file by hand, you must run "update-exim4.conf". That file (and
binary) are part of the Debian packaging "wrapper" around the real exim4 
configuration. "update-exim4.conf" translates update-exim4.conf.conf into the 
real thing (which is saved in /var/lib/exim4/config.autogenerated)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141019083538.ga5...@chew.redmars.org

Re: Resources/tools for server hardening?

[Scott Ferguson]

On 19/10/14 18:27, Rafał Radecki wrote:
> Hi All :)
> 
> What resources or tools do you use for server hardening/checking
> servers' security?
> I currently am checking Nessus, it looks good :) I found some info also
> about Bastille but it seems to be dead. 

The old domain was taken over, but the project still lives.
http://bastille-linux.sourceforge.net/

You could try the Ubuntu package - I haven't tried it in Wheezy (or
recently).
http://security.ubuntu.com/ubuntu/pool/universe/b/bastille/bastille_3.0.9-12.1_all.deb

If you are running a web server and need to manage virtual hosts you'll
find it as part of ispconfig3:-
http://www.ispconfig.org/page/en/documentation.html

I use virtualmin so I can't offer an opinion on how well it works.

> Which other tools do you recommend?

That's a good start.
There's also harden-tools (a meta package). You don't say which release
you're running. It's available for squeeze, and wheezy, you'd need to
check for later releases.
See "apt-cache search harden" for the full list.

> 
> I am thinking about applying some common sense security rules through
> puppet and then use Nessus to check servers. Can you recommend a
> different approach?
> 
> Thanks for all help :)
> 
> BR,
> Rafal.


It's recommended that you step through the official Debian manual:-
https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html#contents

(it covers a few tools)

HTH

Kind regards


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54436255.7010...@gmail.com

Resources/tools for server hardening?

[Rafał Radecki]

Hi All :)

What resources or tools do you use for server hardening/checking servers'
security?
I currently am checking Nessus, it looks good :) I found some info also
about Bastille but it seems to be dead. Which other tools do you recommend?

I am thinking about applying some common sense security rules through
puppet and then use Nessus to check servers. Can you recommend a different
approach?

Thanks for all help :)

BR,
Rafal.