Re: Debian server for backups of Windows clients

[David Christensen]

On 09/09/2016 09:14 PM, David Wright wrote:
> On Fri 09 Sep 2016 at 20:36:39 (-0700), David Christensen wrote:
>> So, 1048576900 bytes * 8 bits / byte / 76.024 seconds
>  ↑
> 
> What's this 9?

A typographical error.

104857600 bytes * 8 bits/byte / 76.024 seconds

= 11034158 bits/seconds


David

Re: Debian server for backups of Windows clients

[Neal P. Murphy]

On Fri, 9 Sep 2016 23:14:30 -0500
David Wright  wrote:

> On Fri 09 Sep 2016 at 20:36:39 (-0700), David Christensen wrote:
> > On 09/09/2016 11:51 AM, Celejar wrote:
> > > On Tue, 9 Aug 2016 18:57:02 -0700
> > > David Christensen  wrote:
> > > 
> > > ...
> > > 
> > >> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
> > >> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
> > >> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
> > >> hardware can match or beat Gigabit.
> > > 
> > > You get ~50Mbps over a/b/g? 54Mbps is the theoretical maximum, and
> > > everything I've read says that 20-24Mbps is the real-world maximum.
> > > 
> > > Celejar
> > > 
> > 
> > Benchmarking using WiFi (48 Mb/s):
> > 
> > 2016-09-09 20:18:51 dpchrist@t7400 ~
> > $ time dd if=/dev/urandom of=urandom.100M bs=1M count=100
> > 100+0 records in
> > 100+0 records out
> > 104857600 bytes (105 MB) copied, 12.6709 s, 8.3 MB/s
> > 
> > real0m12.703s
> > user0m0.000s
> > sys 0m12.481s
> > 
> > 2016-09-09 20:19:32 dpchrist@t7400 ~
> > $ time scp -p urandom.100M samba:.
> > urandom.100M
> > 
> > 
> >   100%  100MB   1.5MB/s   01:08
> > 
> > real1m16.023s
> > user0m4.548s
> > sys 0m0.744s
> > 
> > 
> > So, 1048576900 bytes * 8 bits / byte / 76.024 seconds
>  ↑
> 
> What's this 9?
> 
> Cheers,
> David.
> 

Assuming the talk is about transfer rates over the medium, not something like 
pre-compression data rates (which might be called 'marketing-speak').

Good eye! I was going to say it's not possible to get 110Mb/s over 802.11g; 
40-50 is closer tothe best I get. And 193Mb/s over 100Mb/s ethernet is right 
out; best I've ever managed is maybe 97Mb/s, and 92-95 is more typical. 
11,034,157Mb/s on W/L and 19,338,838Mb/s on wired is *much* more believable.

Unless one has a very fast multicore CPU with hardware crypto assistance, very 
fast RAM and the data to be transferred cached in RAM, one will probably never 
saturate a fastE or gigE link where one end must decrypt the data from 
disk/cache then encrypt the data to scp, and the other end must decrypt the 
data from scp then encrypt the data to disk. Even simple compression slows 
transfer down far too much.

Now if one had many CPUs, hacked scp to open as many sockets and thread/child 
procs as there are CPUs, and had each thread work on a small-ish block of data 
at a time, one *might* be able to speed up the tranfser.

Installing Lenny -- how to deal with expired repo signing keys?

[Rick Thomas]

It's a long story, but I need to install a fresh-out-of-the-box Debian 
amd64 Lenny system.


I found ftp.us.debian.org/debian-archive/debian/ which has installer 
images for old Debian releases, including Lenny.  The README file says I 
need to use

deb http://archive.debian.org/debian/ lenny main contrib
for the sources.list entry.

This works OK when I boot a l"live" cd, though it complains about the 
repo keys being expired and requires me to type "Yes" if I want to 
ignore that and install packages anyway.


So my first question is: Is there something I can do in apt preferences 
somewhere that will make it accept the expired keys by default?


After some experimentation with my "live" system, I decided that I 
really needed a fully installed system that didn't loose all my 
configuration stuff on reboots.


So I downloaded a "netinst" CD and tried to install using it.  Of 
course, I had to give it the archive repo URL manually (netinst isn't 
really happy without a network repo).  It accepted that but then it 
appeared to hang.  Looking at the -F4 screen revealed that it was 
asking the same question about whether I wanted to accept the expired 
repo keys, but this time there was no way to give it the required "Yes" 
answer.  Or at least no way that I could see.


So my second question is: Does anybody know how to give it the necessary 
answer?  Or, failing that somehing I can do in the -F2 screen that 
will prevent it from asking?


Thanks! in advance,

Rick

Re: Debian server for backups of Windows clients

[David Wright]

On Fri 09 Sep 2016 at 20:36:39 (-0700), David Christensen wrote:
> On 09/09/2016 11:51 AM, Celejar wrote:
> > On Tue, 9 Aug 2016 18:57:02 -0700
> > David Christensen  wrote:
> > 
> > ...
> > 
> >> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
> >> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
> >> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
> >> hardware can match or beat Gigabit.
> > 
> > You get ~50Mbps over a/b/g? 54Mbps is the theoretical maximum, and
> > everything I've read says that 20-24Mbps is the real-world maximum.
> > 
> > Celejar
> > 
> 
> Benchmarking using WiFi (48 Mb/s):
> 
> 2016-09-09 20:18:51 dpchrist@t7400 ~
> $ time dd if=/dev/urandom of=urandom.100M bs=1M count=100
> 100+0 records in
> 100+0 records out
> 104857600 bytes (105 MB) copied, 12.6709 s, 8.3 MB/s
> 
> real  0m12.703s
> user  0m0.000s
> sys   0m12.481s
> 
> 2016-09-09 20:19:32 dpchrist@t7400 ~
> $ time scp -p urandom.100M samba:.
> urandom.100M
> 
> 
>   100%  100MB   1.5MB/s   01:08
> 
> real  1m16.023s
> user  0m4.548s
> sys   0m0.744s
> 
> 
> So, 1048576900 bytes * 8 bits / byte / 76.024 seconds
 ↑

What's this 9?

Cheers,
David.

Re: Debian server for backups of Windows clients

[David Christensen]

On 09/09/2016 12:43 PM, Daniel Bareiro wrote:
> On 09/08/16 22:57, David Christensen wrote:
>> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
>> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
>> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
>> hardware can match or beat Gigabit.
> 
> I think it is reasonable to expect that the wireless transfer rate is
> lower than the one obtained in a wired network. But there is a big
> difference compared to the ~50 Mpbs you mentioned. The peak obtained
> with rsync was 10 Mbps. Maybe the best is to take a metric with iperf,
> what do you think?

See the benchmark I just posted for 802.11g WiFi --  dm-crypt -> scp ->
dm-crypt, all without AES-NI --  110341671 bits/second.  Yuck.


>> My biggest problem with rsync is when I reorganize file/ directory trees
>> on my file server; especially big stuff ... I have yet to figure out an 
>> rsync incantation
>> that does the corresponding moves on the destination ...
> 
> If you make a move of files, but always within the same root filesystem
> provided to rsync, you might want to consider using --delete for get an
> identical image in the source and destination.

--delete is a different idea.  I'm thinking -y/--fuzzy.


David

Re: Debian server for backups of Windows clients

[David Christensen]

On 09/09/2016 11:51 AM, Celejar wrote:
> On Tue, 9 Aug 2016 18:57:02 -0700
> David Christensen  wrote:
> 
> ...
> 
>> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
>> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
>> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
>> hardware can match or beat Gigabit.
> 
> You get ~50Mbps over a/b/g? 54Mbps is the theoretical maximum, and
> everything I've read says that 20-24Mbps is the real-world maximum.
> 
> Celejar
> 

Benchmarking using WiFi (48 Mb/s):

2016-09-09 20:18:51 dpchrist@t7400 ~
$ time dd if=/dev/urandom of=urandom.100M bs=1M count=100
100+0 records in
100+0 records out
104857600 bytes (105 MB) copied, 12.6709 s, 8.3 MB/s

real0m12.703s
user0m0.000s
sys 0m12.481s

2016-09-09 20:19:32 dpchrist@t7400 ~
$ time scp -p urandom.100M samba:.
urandom.100M


  100%  100MB   1.5MB/s   01:08

real1m16.023s
user0m4.548s
sys 0m0.744s


So, 1048576900 bytes * 8 bits / byte / 76.024 seconds

= 110341671 bits/second


Testing again using Fast Ethernet (100 Mb/s):

2016-09-09 20:29:54 dpchrist@t7400 ~
$ time scp -p urandom.100M samba:.
urandom.100M


  100%  100MB   2.4MB/s   00:42

real0m43.377s
user0m4.476s
sys 0m0.876s


So, 1048576900 bytes * 8 bits / byte / 43.377 seconds

= 193388552. bits/second


Wow.  Even worse than I was expecting...


David

Re: SMTP relay issue with emails to specific domain

[Daniel Bareiro]

Hi, Joe.

Thanks for your reply.

On 09/09/16 18:06, Joe wrote:

>>> An email client connects to its SMTP smarthost using SMTP, so
>>> there's no way a given SMTP server can tell whether it's a client
>>> (MUA) or another SMTP server (MTA) trying to connect to it.  

>> That's outdated information.
>>
>> SMTP is used to exchange messages between mail servers (MTAs), but
>> a client submitting a new message to its designated relay may use
>> the "Submission" protocol on port 587 instead.  (Really old clients
>> may still use SMTP.)
>>
>> Relay control is a pretty important, nontrivial field.  

> And a separate issue in this case, where no relaying was requested. The
> protocol used is still SMTP, possibly with a few bells and whistles
> bolted on, and does not vary depending on whether a mail client or
> server is the originator. The port and authentication required vary
> according to whether local delivery or relaying is occurring, not
> according to what kind of software is on the transmitting end.
> 
> I've used a SMTP server to send authenticated mail to another server,
> as it was necessary in that time and place. The receiving server
> couldn't tell that the sender was another server. I've used a terminal
> window, a mail client by anyone's standards, to send unauthenticated
> port 25 SMTP directly to a recipient's server, something a client is
> not normally expected to do.
> 
> The issue in this case is that a SMTP server *seems* to be demanding
> authentication for local delivery. There may be more to it than that,
> but certainly there are DNS irregularities. There is no MX record for
> the domain (which, to be honest, I would have thought meant that no
> delivery was even attempted), and the domain administrators may have
> made other configuration errors. It may just be that the OP's postfix
> installation is failing to find the MX, getting confused, and returning
> an error message which is less than helpful.

Apparently, in Hostgator they don't have an MX record for this domain.
Even making the query directly to the Google DNS, it returns nothing:

---
$ dig -t mx @8.8.8.8 lkeusa.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t mx @8.8.8.8 lkeusa.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17815
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;lkeusa.com.IN  MX

;; AUTHORITY SECTION:
.   1799IN  SOA ns6073.hostgator.com.
root.gator3037.hostgator.com. 1372031250 86400 7200 360 86400

;; Query time: 254 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 09 20:09:22 ART 2016
;; MSG SIZE  rcvd: 106
---

According to the Section 5 of RFC 5321 [1], if no MX record is present
mail servers should fall back to the A record for the domain. This is
probably what's happening in this case. Although not clarify the problem
of authentication that I am observing.

Tomorrow I'll try to make a test from the other side to see if I get the
same error.


Kind regards,
Daniel

[1] https://tools.ietf.org/html/rfc5321#section-5



signature.asc
Description: OpenPGP digital signature

Re: Debian server for backups of Windows clients

[deloptes]

Daniel Bareiro wrote:

> Still, 20-24 Mbps is more than 10 Mpbs I was seeing with rsync. There
> could be a bottleneck somewhere?

In my case it was the IO on the disk - I couldn't do more than 12Mbps even
on wired connection, because I have encrypted disk ... it took me a while
to understand why though.

Re: Debian server for backups of Windows clients

[Celejar]

On Fri, 9 Sep 2016 16:46:35 -0300
Daniel Bareiro  wrote:

> Hi, Celejar.
> 
> On 09/09/16 15:51, Celejar wrote:
> 
> >> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
> >> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
> >> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
> >> hardware can match or beat Gigabit.
> 
> > You get ~50Mbps over a/b/g? 54Mbps is the theoretical maximum, and
> > everything I've read says that 20-24Mbps is the real-world maximum.
> 
> Still, 20-24 Mbps is more than 10 Mpbs I was seeing with rsync. There
> could be a bottleneck somewhere?

As per your own suggestion in another message, definitely benchmark
with iperf to see if that's better. And as we discussed in another
thread some time ago, (especially) if you're using wireless, benchmark
throughput in *both* directions, since the transmitter (or receiver) may
be better on one machine than on another.

Celejar

Re: SMTP relay issue with emails to specific domain

[Joe]

On Fri, 9 Sep 2016 16:13:10 -0400
Greg Wooledge  wrote:

> On Fri, Sep 09, 2016 at 08:58:15PM +0100, Joe wrote:
> > An email client connects to its SMTP smarthost using SMTP, so
> > there's no way a given SMTP server can tell whether it's a client
> > (MUA) or another SMTP server (MTA) trying to connect to it.  
> 
> That's outdated information.
> 
> SMTP is used to exchange messages between mail servers (MTAs), but
> a client submitting a new message to its designated relay may use
> the "Submission" protocol on port 587 instead.  (Really old clients
> may still use SMTP.)
> 
> Relay control is a pretty important, nontrivial field.  

And a separate issue in this case, where no relaying was requested. The
protocol used is still SMTP, possibly with a few bells and whistles
bolted on, and does not vary depending on whether a mail client or
server is the originator. The port and authentication required vary
according to whether local delivery or relaying is occurring, not
according to what kind of software is on the transmitting end.

I've used a SMTP server to send authenticated mail to another server,
as it was necessary in that time and place. The receiving server
couldn't tell that the sender was another server. I've used a terminal
window, a mail client by anyone's standards, to send unauthenticated
port 25 SMTP directly to a recipient's server, something a client is
not normally expected to do.

The issue in this case is that a SMTP server *seems* to be demanding
authentication for local delivery. There may be more to it than that,
but certainly there are DNS irregularities. There is no MX record for
the domain (which, to be honest, I would have thought meant that no
delivery was even attempted), and the domain administrators may have
made other configuration errors. It may just be that the OP's postfix
installation is failing to find the MX, getting confused, and returning
an error message which is less than helpful.

-- 
Joe

Re: Jessie & Fixed IP Address

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 09, 2016 at 02:10:53PM -0500, Tim McDonough wrote:
> On 9/9/2016 4:26 AM, Cindy-Sue Causey wrote:
> >You know what, though, I did have two entries in there the other day.
> >And I found that tip because I was getting the "RTNETLINK answers:
> >File exists" error that led to that tip (k/t Raspberry Pi @
> >StackExchange). My firsthand experience is that tip leans towards
> >being true because I eliminated ALL my homespun entries and am now no
> >longer receiving *that* particular error message. *grin*
> 
> You typically (most networks) would have only one gateway specified.
> It's the IP address of the router used by your network to access the
> Internet.
> 
> I imagine there are more elaborate schemes with multiple gateways
> and could not offer advice on that, I have no experience.

You can define different gateways depending on target hosts/networks.
The default gateway "takes the rest".

Example:

  ip route add to 192.168.99/24 via 192.168.42.12

sets up host 192.168.42.12 as gateway to the subnet 192.168.99.xxx

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfTHrsACgkQBcgs9XrR2kbGbgCaAxwUHaUbxd45A/uRHlY/fjXU
3G8An1A7UWJS/kHfnjblNycPBPBMCTHH
=3Ya9
-END PGP SIGNATURE-

Re: SMTP relay issue with emails to specific domain

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 09, 2016 at 04:05:28PM -0300, Daniel Bareiro wrote:
> 
> 
> On 09/09/16 15:05, Stephan Beck wrote:

[...]

> H... I do not quite understand this situation. That is, lkeusa.com
> asked to use SMTP authentication, but this would make sense if the email
> client connects directly to lkeusa.com for deliver the email. And this
> is not the case. The client connects to an intermediate server, the
> relay server, which is the one delivering the email to lkeusa.com. Or
> maybe I'm missing something?

What I miss from cursory reading of the other answers: the intermediate
server can also authenticate (playing the role of client) with the next
server. For exim, this is described in exim4_passwd_client(5)

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfTHWIACgkQBcgs9XrR2kYsUgCfd4Mmx/oQgJDKKS22tqOc0wUr
s6cAnArPQ6cqldgmFf0esGcV/N6p2WXA
=NgmA
-END PGP SIGNATURE-

Re: SMTP relay issue with emails to specific domain

[Greg Wooledge]

On Fri, Sep 09, 2016 at 08:58:15PM +0100, Joe wrote:
> An email client connects to its SMTP smarthost using SMTP, so there's no
> way a given SMTP server can tell whether it's a client (MUA) or another
> SMTP server (MTA) trying to connect to it.

That's outdated information.

SMTP is used to exchange messages between mail servers (MTAs), but
a client submitting a new message to its designated relay may use
the "Submission" protocol on port 587 instead.  (Really old clients
may still use SMTP.)

Relay control is a pretty important, nontrivial field.  Some servers
rely on an "SMTP AUTH" protocol that involves a username and password
to authenticate the client.  A few may still use the old "POP before SMTP"
hack, in which a client that performs an authenticated POP3 retrieval
opens up permission to use SMTP for some time period.  I don't know
how widespread this practice still is; it's quite antiquated.

And of course some servers may simply whitelist their clients by IP
address.  This works extremely well in internal corporate settings,
but very poorly if you have people working from home, on the road, etc.
(I've seen the phrase "road warriors" used to refer to these clients.)

Internet service providers probably use some variant of this, magically
knowing who their customers are by IP address.  This is outside of my
experience.

DJB proposed authenticating client emails by having them be PGP-signed,
with the server holding the public keys necessary to validate the
clients' signatures.  I've never seen this actually implemented, though.

So, long story short, you have to get permission to use a given host
as your mail submission/relay.  And how you do that is up to the owner
of that host.

Re: SMTP relay issue with emails to specific domain

[Joe]

On Fri, 9 Sep 2016 16:05:28 -0300
Daniel Bareiro  wrote:

> On 09/09/16 15:05, Stephan Beck wrote:
> 
> > Hi Daniel,  
> 
> Hi, Stephan. Thanks for your reply.
> 
> >>> I recently set up an relay SMTP server on a host of Digital
> >>> Ocean, using Debian and Postfix.
> >>>
> >>> The main reason for setting up this relay is that the cPanel VPS
> >>> is hosted at Godaddy, and they force everyone to send email
> >>> through their shared SMTP relay. As expected, that shared relay
> >>> is continually being flagged for spam.
> >>>
> >>> So the outgoing emails are routed through this server. Usually
> >>> everything worked smoothly. Mails to accounts on Google, Yahoo,
> >>> Hotmail and other servers are delivered. But I found a problem
> >>> with a specific domain:
> >>>
> >>> ---
> >>> Sep  7 14:36:11 smtp postfix/smtp[8036]: 5EAA520AAD:
> >>> to=, relay=lkeusa.com[50.87.144.56]:25],
> >>> delay=13, delays=0.91/0.06/6.1/5.9, dsn=5.0.0, status=bounced
> >>> (host lkeusa.com[50.87.144.56] said: 550-Please turn on SMTP
> >>> Authentication in your mail client, or login to the 550-IMAP/POP3
> >>> server before sending your message.  smtp.server.com
> >>> 550-[x.y.z.t]:41988 is not permitted to relay through this server
> >>> 550 without authentication. (in reply to RCPT TO command))
> >>> ---
> >>>
> >>> I'm not sure why this specific domain is complaining in this
> >>> way.  
> 
> > I think it's because it requires SMTP authentication, whereas
> > apparently the other servers you mention don't (mails are
> > delivered). Have you checked if the mail client's option
> > mail.smtpserver.default.authMethod is set to 0, which means there
> > is no SMTP authentication at all. That could explain the issue.
> > For a list of methods, see (1)
> > Looking at exim's server ready 220 response below, it does not like
> > people to send spam or bulk email.
> > The 550 return code means that the mailbox you are trying to reach
> > can't be found or you are lacking access rights. In your case it's
> > the latter, as the server response indicates.
> > 
> > 
> > (1)
> > http://www.afterlogic.com/mailbee/docs/SMTP_props_AuthMethod.htm  
> 
> H... I do not quite understand this situation. That is, lkeusa.com
> asked to use SMTP authentication, but this would make sense if the
> email client connects directly to lkeusa.com for deliver the email.
> And this is not the case. The client connects to an intermediate
> server, the relay server, which is the one delivering the email to
> lkeusa.com. Or maybe I'm missing something?
> 
>
An email client connects to its SMTP smarthost using SMTP, so there's no
way a given SMTP server can tell whether it's a client (MUA) or another
SMTP server (MTA) trying to connect to it.

That said, a SMTP server should accept mail addressed to a valid
recipient of a domain for which it is authoritative, unconditionally, it
should not ask for authentication. Authentication will only be required
for relaying, i.e. expecting lkeusa to pass the message on to someone
who is not a local recipient. If this were not the case, anyone sending
email to anyone else would be expected to be able to authenticate to
the recipient's server, which is nonsense.

The error message you are seeing seems to involve relaying. Are you
definitely sending email to a valid recipient on the lkeusa.com domain?
If so, no relaying is being requested, the error message you are seeing
does not make sense ("to=, relay=lkeusa.com") and you
need to contact the postmaster for the domain to ask what is going on.

P.S. A quick dig at lkeusa.com shows no MX record, and mxtoolbox.com
confirms this. 50.87.144.56 is the IP address given by an A record for
the domain name itself, and the only other DNS records are the hosting
company's nameservers. This may have something to do with the problem.

-- 
Joe

Re: Debian server for backups of Windows clients

[Daniel Bareiro]

Hi, Celejar.

On 09/09/16 15:51, Celejar wrote:

>> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
>> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
>> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
>> hardware can match or beat Gigabit.

> You get ~50Mbps over a/b/g? 54Mbps is the theoretical maximum, and
> everything I've read says that 20-24Mbps is the real-world maximum.

Still, 20-24 Mbps is more than 10 Mpbs I was seeing with rsync. There
could be a bottleneck somewhere?


Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Debian server for backups of Windows clients

[Daniel Bareiro]

Hi, David.

Thanks for your reply.

On 09/08/16 22:57, David Christensen wrote:

>> As you can see, the transfer was over than 3 GB and it were not hung. I
>> did several tests and all were without problems.
>>
>> I wonder if in the mentioned episodes of hangs you remember whether the
>> transferred volume was higher or lower than in this case (or it hung
>> randomly).

> Script it and run it every night for a week.  If it works every time,
> try again for 30 days.  Then 90.  Then 365.

Yes, I have to start testing on a daily basis. Anyway, the mentioned
test results were quite satisfactory.

>> As a side note, the larger file (disk01.img) took more than 40 minutes
>> to be transferred. So the rsync was running quite some time without
>> hanging. While it does not have to do with the topic of this thread, in
>> rsync progress data we can see that the average transfer rate was 10
>> Mbps. I guess it will have to do with that I'm going through a wireless
>> network. In this testing the Debian computer is a notebook connected to
>> the wireless router and the KVM Windows is on the wired network. May it
>> be so large the decrease in transfer speed? The wireless router is
>> TPLink WDR3600 with OpenWRT.

> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
> hardware can match or beat Gigabit.

I think it is reasonable to expect that the wireless transfer rate is
lower than the one obtained in a wired network. But there is a big
difference compared to the ~50 Mpbs you mentioned. The peak obtained
with rsync was 10 Mbps. Maybe the best is to take a metric with iperf,
what do you think?

> For the initial full backup, I have found that scp is faster than rsync.

It is likely, since rsync adds control information used by rsync
algorithm to track the synchronization.

> When I know that I've added a bunch of new and/or large files on the
> sender, I sometimes try the rsync 'whole-file' option.  As I haven't
> benchmarked it, I don't know if/when it is helping.
>
> My biggest problem with rsync is when I reorganize file/ directory trees
> on my file server; especially big stuff -- raw video, movies, disk
> images, ISO images, etc..  I have yet to figure out an rsync incantation
> that does the corresponding moves on the destination, rather than
> mindlessly copying and deleting 100's of GB.  I have often considered
> writing an rsync prelude script for just this case.

If you make a move of files, but always within the same root filesystem
provided to rsync, you might want to consider using --delete for get an
identical image in the source and destination.


Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Jessie & Fixed IP Address

[Tim McDonough]

On 9/9/2016 4:26 AM, Cindy-Sue Causey wrote:

You know what, though, I did have two entries in there the other day.
And I found that tip because I was getting the "RTNETLINK answers:
File exists" error that led to that tip (k/t Raspberry Pi @
StackExchange). My firsthand experience is that tip leans towards
being true because I eliminated ALL my homespun entries and am now no
longer receiving *that* particular error message. *grin*


You typically (most networks) would have only one gateway specified. 
It's the IP address of the router used by your network to access the 
Internet.


I imagine there are more elaborate schemes with multiple gateways and 
could not offer advice on that, I have no experience.


Tim

Re: SMTP relay issue with emails to specific domain

[Daniel Bareiro]

On 09/09/16 15:05, Stephan Beck wrote:

> Hi Daniel,

Hi, Stephan. Thanks for your reply.

>>> I recently set up an relay SMTP server on a host of Digital Ocean, using
>>> Debian and Postfix.
>>>
>>> The main reason for setting up this relay is that the cPanel VPS is
>>> hosted at Godaddy, and they force everyone to send email through their
>>> shared SMTP relay. As expected, that shared relay is continually being
>>> flagged for spam.
>>>
>>> So the outgoing emails are routed through this server. Usually
>>> everything worked smoothly. Mails to accounts on Google, Yahoo, Hotmail
>>> and other servers are delivered. But I found a problem with a specific
>>> domain:
>>>
>>> ---
>>> Sep  7 14:36:11 smtp postfix/smtp[8036]: 5EAA520AAD:
>>> to=, relay=lkeusa.com[50.87.144.56]:25], delay=13,
>>> delays=0.91/0.06/6.1/5.9, dsn=5.0.0, status=bounced (host
>>> lkeusa.com[50.87.144.56] said: 550-Please turn on SMTP Authentication in
>>> your mail client, or login to the 550-IMAP/POP3 server before sending
>>> your message.  smtp.server.com 550-[x.y.z.t]:41988 is not permitted to
>>> relay through this server 550 without authentication. (in reply to RCPT
>>> TO command))
>>> ---
>>>
>>> I'm not sure why this specific domain is complaining in this way.

> I think it's because it requires SMTP authentication, whereas apparently
> the other servers you mention don't (mails are delivered). Have you
> checked if the mail client's option mail.smtpserver.default.authMethod
> is set to 0, which means there is no SMTP authentication at all. That
> could explain the issue.
> For a list of methods, see (1)
> Looking at exim's server ready 220 response below, it does not like
> people to send spam or bulk email.
> The 550 return code means that the mailbox you are trying to reach can't
> be found or you are lacking access rights. In your case it's the latter,
> as the server response indicates.
> 
> 
> (1) http://www.afterlogic.com/mailbee/docs/SMTP_props_AuthMethod.htm

H... I do not quite understand this situation. That is, lkeusa.com
asked to use SMTP authentication, but this would make sense if the email
client connects directly to lkeusa.com for deliver the email. And this
is not the case. The client connects to an intermediate server, the
relay server, which is the one delivering the email to lkeusa.com. Or
maybe I'm missing something?


Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Debian server for backups of Windows clients

[Celejar]

On Tue, 9 Aug 2016 18:57:02 -0700
David Christensen  wrote:

...

> My laptop has 802.11 a/b/g WiFi and Fast Ethernet.  Wireless data
> transfers are slow (~50 Mbps).  Wired is twice as fast (100 Mbps); still
> slow.  Newer WiFi (n, ac) should be faster, but only the newest WiFi
> hardware can match or beat Gigabit.

You get ~50Mbps over a/b/g? 54Mbps is the theoretical maximum, and
everything I've read says that 20-24Mbps is the real-world maximum.

Celejar

Re: Using serial console as a poor mans IP kvm?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 09, 2016 at 09:03:33PM +0300, Jarle Aase wrote:
> Hi,
> 
> I was just about to order some usb2serial hardware when I read this.
[...]
> I'll try it when I get the first server assembled. Thanks a lot!

Hey, glad to help :-)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfTBAQACgkQBcgs9XrR2kb2oQCfXciqNGw+duZSi0+j293y9X26
mFcAnRJFuhTP641mbXmJ9YS0l5VZnd6j
=3unC
-END PGP SIGNATURE-

gdm3 doesn't work any more after the upgrade from Wheezy to Jessie 8.5

[Jean-Paul Bouchet]

Hello,

We used during 2 years Gnome and gdm3 on a server with Debian Wheezy to 
let users work from their Windows PC via Cygwin and xlaunch (xdmcp). It 
worked well till the upgrade to Jessie, for these Windows PC, as for the 
system console, a very simple terminal.


The migration has been done a few days ago after a last upgrade of 
Wheezy and a verification that our server was OK, including connection 
features. The dist-upgrade has not been perfect: here are the last lines 
of the process:

...
update-initramfs: Generating /boot/initrd.img-3.16.0-4-amd64
W: Possible missing firmware /lib/firmware/tigon/tg3_tso5.bin for module tg3
W: Possible missing firmware /lib/firmware/tigon/tg3_tso.bin for module tg3
W: Possible missing firmware /lib/firmware/tigon/tg3.bin for module tg3
Traitement des actions différées (« triggers ») pour sgml-base 
(1.26+nmu4) ...

Traitement des actions différées (« triggers ») pour menu (2.1.47) ...
Des erreurs ont été rencontrées pendant l'exécution :
 tex-common
E: Sub-process /usr/bin/dpkg returned an error code (1)

dpkg --audit gives me a list of 149 packages with the half-configurated 
status. Among them: libpam-ldap:amd64, libpam-mount, xorg, xserver-xorg.
I have launched manually 'dpk -configure' for all of them and 
reinstalled tex-common.


Now dpkg --audit returns nothing. I have not yet done apt-get autoremove 
to eliminate the packages the have become useless.


During the upgrade I have installed the new version of 
/etc/gdm3/daemon.conf, /etc/init.d/gdm3 and got [ ok ] Scheduling reload 
of GNOME Display Manager configuration: gdm3.


After the migration it has been possible during the 3 first days to open 
sometimes a gnome session but with many problems, several minutes to get 
the users' list, and again a long time, up to 10 minutes, to get the 
gnome window. Once displayed, the desk was fully functional, but the 
whole process, from the launch of cygwin was much too long and uncertain 
(we could also never get the connexion window with the list of users). 
It has never been possible to lock or close properly a session and to 
get again the connection window.


I have reinstalled some packages, including gdm3, searched similar 
situations on the web, verified the configuration in /etc/gdm3 or 
/etc/pam.d, compared with the files we had with Wheezy, rebooted the 
server, as carefully and cautiously as I could, but without the least 
improvement. On the contrary, we are now unable to get the connexion 
window.


Now, what we get, for the system console, as for the windows PCs with 
Cygwin, is what I supposed to be the splash window, a blue background 
screen with the time, the date and at the left bottom 'Debian 8' and no 
button.


systemctl -l status gdm.service
● gdm.service - GNOME Display Manager
   Loaded: loaded (/lib/systemd/system/gdm.service; enabled)
   Active: active (running) since ven. 2016-09-09 13:47:15 CEST; 6h ago
  Process: 1729 ExecStartPre=/usr/share/gdm/generate-config 
(code=exited, status=0/SUCCESS)
  Process: 1721 ExecStartPre=/bin/sh -c [ "$(cat 
/etc/X11/default-display-manager 2>/dev/null)" = "/usr/sbin/gdm3" ] 
(code=exited, status=0/SUCCESS)

 Main PID: 1801 (gdm3)
   CGroup: /system.slice/gdm.service
   ├─1801 /usr/sbin/gdm3
   ├─1814 /usr/bin/Xorg :0 -novtswitch -background none 
-noreset -verbose 3 -auth 
/var/run/gdm3/auth-for-Debian-gdm-wEWSh7/database -seat seat0 vt7

   ├─2065 gdm-session-worker [pam/gdm-launch-environment]
   ├─2194 /usr/bin/gnome-session --autostart 
/usr/share/gdm/greeter/autostart
   ├─2204 /usr/bin/dbus-launch --exit-with-session 
/usr/bin/gnome-session --autostart /usr/share/gdm/greeter/autostart
   ├─2243 /usr/bin/dbus-daemon --fork --print-pid 5 
--print-address 7 --session

   ├─2252 /usr/lib/at-spi2-core/at-spi-bus-launcher
   ├─2256 /usr/bin/dbus-daemon 
--config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
   ├─2259 /usr/lib/at-spi2-core/at-spi2-registryd 
--use-gnome-session

   ├─2289 /usr/lib/gnome-settings-daemon/gnome-settings-daemon
   ├─2376 gnome-shell --mode=gdm
   ├─2455 /usr/bin/pulseaudio --start --log-target=syslog
   ├─2629 /usr/lib/dconf/dconf-service
   ├─3096 gdm-session-worker [pam/gdm-launch-environment]
   ├─3101 /usr/bin/gnome-session --autostart 
/usr/share/gdm/greeter/autostart
   ├─3104 /usr/bin/dbus-launch --exit-with-session 
/usr/bin/gnome-session --autostart /usr/share/gdm/greeter/autostart
   ├─3105 /usr/bin/dbus-daemon --fork --print-pid 5 
--print-address 7 --session

   ├─3108 /usr/lib/at-spi2-core/at-spi-bus-launcher
   ├─3112 /usr/bin/dbus-daemon 
--config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
   ├─3115 /usr/lib/at-spi2-core/at-spi2-registryd 
--use-gnome-session

   ├─3138 /usr/lib/gnome-settings-daemon/gnome-settings-daemon
   ├─3148 gnome-she

Re: How to get Jessie to run at boot time

[Andrew M.A. Cater]

On Fri, Sep 09, 2016 at 01:58:03PM -0400, Alan McConnell wrote:
> This one should be _real_ easy!
> 
> Two days ago, my hard drive on my (now) discarded computer gave up the ghost.
> After consideration, and advice from friends, I went out to Staples and bought
> a Dell, with  Windoze installed.  I hooked up everything and Windoze 
> boots
> OK, my sound works, etc.
> 
> This morning I installed Jessie, and this time the install went well.  I could
> put in partitions for / , /usr/, /boot, /var, /tmp, and put in a big swap
> partition.  When I rebooted at the end of the install, I got my Windows 
> again, which
> pleased me, since I'd left it in, giving it 50 gig of my terabyte drive.
> 
> But I don't know how to get my new Jessie to boot!  Back when I had one of my
> first Linuxes and MS-DOS on my system, one got a prompt: "L or M" as soon as
> one turned on the computer.  Things are now more subtle I'm sure, and they are
> too subtle for me!
> 
> So can someone who also has a dual-bootable system(with Windows 10 and Jessie)
> please tell me how you choose, at boot-time, which of your systems you wish to
> boot?
> 
> TIA
> 
> Alan McConnell
> 

Boot your install medium - enter rescue mode - reinstall grub?

HTH,

Andy C 

Re: SMTP relay issue with emails to specific domain

[Stephan Beck]

Hi Daniel,

Daniel Bareiro:
> 
> On 08/09/16 13:56, Daniel Bareiro wrote:
> 
>> I recently set up an relay SMTP server on a host of Digital Ocean, using
>> Debian and Postfix.
>>
>> The main reason for setting up this relay is that the cPanel VPS is
>> hosted at Godaddy, and they force everyone to send email through their
>> shared SMTP relay. As expected, that shared relay is continually being
>> flagged for spam.
>>
>> So the outgoing emails are routed through this server. Usually
>> everything worked smoothly. Mails to accounts on Google, Yahoo, Hotmail
>> and other servers are delivered. But I found a problem with a specific
>> domain:
>>
>> ---
>> Sep  7 14:36:11 smtp postfix/smtp[8036]: 5EAA520AAD:
>> to=, relay=lkeusa.com[50.87.144.56]:25], delay=13,
>> delays=0.91/0.06/6.1/5.9, dsn=5.0.0, status=bounced (host
>> lkeusa.com[50.87.144.56] said: 550-Please turn on SMTP Authentication in
>> your mail client, or login to the 550-IMAP/POP3 server before sending
>> your message.  smtp.server.com 550-[x.y.z.t]:41988 is not permitted to
>> relay through this server 550 without authentication. (in reply to RCPT
>> TO command))
>> ---
>>
>> I'm not sure why this specific domain is complaining in this way.

I think it's because it requires SMTP authentication, whereas apparently
the other servers you mention don't (mails are delivered). Have you
checked if the mail client's option mail.smtpserver.default.authMethod
is set to 0, which means there is no SMTP authentication at all. That
could explain the issue.
For a list of methods, see (1)
Looking at exim's server ready 220 response below, it does not like
people to send spam or bulk email.
The 550 return code means that the mailbox you are trying to reach can't
be found or you are lacking access rights. In your case it's the latter,
as the server response indicates.


(1) http://www.afterlogic.com/mailbee/docs/SMTP_props_AuthMethod.htm

Stephan

[...]
> 
> Well, it seems that in the absence of an MX record, Postfix uses the A
> record that it find by querying that domain and in that IP address an
> Exim server responds:
> 
> ---
> # telnet lkeusa.com 25
> Trying 50.87.144.56...
> Connected to lkeusa.com.
> Escape character is '^]'.
> 220-gator3037.hostgator.com ESMTP Exim 4.86_1 #1 Thu, 08 Sep 2016
> 12:15:19 -0500
> 220-We do not authorize the use of this system to transport unsolicited,
> 220 and/or bulk e-mail.
> ---
> 

Re: How to get Jessie to run at boot time

[Felix Miata]

Alan McConnell composed on 2016-09-09 13:58 (UTC-0400):


Two days ago, my hard drive on my (now) discarded computer gave up the ghost.
After consideration, and advice from friends, I went out to Staples and bought
a Dell, with  Windoze installed.  I hooked up everything and Windoze boots
OK, my sound works, etc.



This morning I installed Jessie, and this time the install went well.  I could
put in partitions for / , /usr/, /boot, /var, /tmp, and put in a big swap
partition.  When I rebooted at the end of the install, I got my Windows again, 
which
pleased me, since I'd left it in, giving it 50 gig of my terabyte drive.



But I don't know how to get my new Jessie to boot!  Back when I had one of my
first Linuxes and MS-DOS on my system, one got a prompt: "L or M" as soon as
one turned on the computer.  Things are now more subtle I'm sure, and they are
too subtle for me!



So can someone who also has a dual-bootable system(with Windows 10 and Jessie)
please tell me how you choose, at boot-time, which of your systems you wish to
boot?


Booting Linux from W10's own boot menu might be the simplest:
http://neosmart.net/EasyBCD/
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Using serial console as a poor mans IP kvm?

[Jarle Aase]

Hi,

I was just about to order some usb2serial hardware when I read this. 
Your suggestion will give fewer "moving parts" and is actually very 
simple to implement. I will loose the ability to do a cold boot, but it 
will probably not matter too much in my case, at least not for now.


I'll try it when I get the first server assembled. Thanks a lot!

Jarle

Den 09. sep. 2016 10:31, skrev to...@tuxteam.de:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 08, 2016 at 10:26:59PM +0300, Jarle Aase wrote:

I want to set up a few servers at home. Unfortunately, as I live in
Bulgaria at the moment, the electric power is gone pretty often for
longer periods than my UPS'es can deal with. So my servers will have
to be started at least a few times every quarter.

[...]


That means that I need to reboot the servers relatively often, and
provide the luks passwords every time. Some times I am far away when
this happens [...]

An interesting alternative to the serial console thing is baking
in an SSH server into the initramfs. There are small SSH servers
built for that, like Dropbear.

Upside is that you don't need any additional hardware and it's
pretty well integrated into Debian. Downside is that you need
BIOS, the bootloader and initramfs working (with the serial you
at least get a chance to fix the bootloader remotely).

https://packages.debian.org/sid/dropbear-initramfs
https://wiki.debian.org/RescueInitramfs
https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/

Might be worth a try.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfSZVMACgkQBcgs9XrR2kZGNgCfZhrMlouUceQSVJgzimE+b2YG
GokAn0PpEqnw2lgmFiGTu554OQtpt9Wa
=AKQd
-END PGP SIGNATURE-

How to get Jessie to run at boot time

[Alan McConnell]

This one should be _real_ easy!

Two days ago, my hard drive on my (now) discarded computer gave up the ghost.
After consideration, and advice from friends, I went out to Staples and bought
a Dell, with  Windoze installed.  I hooked up everything and Windoze boots
OK, my sound works, etc.

This morning I installed Jessie, and this time the install went well.  I could
put in partitions for / , /usr/, /boot, /var, /tmp, and put in a big swap
partition.  When I rebooted at the end of the install, I got my Windows again, 
which
pleased me, since I'd left it in, giving it 50 gig of my terabyte drive.

But I don't know how to get my new Jessie to boot!  Back when I had one of my
first Linuxes and MS-DOS on my system, one got a prompt: "L or M" as soon as
one turned on the computer.  Things are now more subtle I'm sure, and they are
too subtle for me!

So can someone who also has a dual-bootable system(with Windows 10 and Jessie)
please tell me how you choose, at boot-time, which of your systems you wish to
boot?

TIA

Alan McConnell
 

Re: Is nagle disabled?

[Rob van der Putten]

Hi there


On 09/09/16 18:19, Stefan Monnier wrote:


I suggest you re-read https://en.wikipedia.org/wiki/Nagle's_algorithm
Nagle only kicks in when there are un-acknowledged packets.  So on the
first packet, there is no delay.  There will be a delay on the *second*
packet if it's small and we haven't yet received confirmation that the
first packet was received.


I thought I overlooked something. And this is it.
Thanks!


Regards,
Rob

Re: [resolved] FireFox broken,

[Mark Allums]

On 09/08/2016 01:54 PM, Brian wrote:

On Thu 08 Sep 2016 at 09:30:54 -0500, Mark Allums wrote:


On 09/07/2016 05:23 PM, Gene Heskett wrote:


Maybe this is related to libns3 that someone mention, but we have to get
it from unstable? On wheezy, how?

Thanks.

Cheers, Gene Heskett



Installing libnss3 from sid/unstable solved the problem of web sites
unavailable with a security-related error message for me.


As you say "My problem is not YouTube, that was just an example."

An example of what? A relationship between a "next" button not working
with PayPal and video viewing? Have we left the world of Flash?

Maybe you could post the URLs of two or three web sites which are now
available to you without security-related error messages which you had
trouble with before. Jessie users would be interested whether they too
have to install libnss3 from unstable.


[Good technical advice snipped].



It's not flash.  YouTube doesn't use Flash by default anymore.

One other example is:

https://apprenticealf.wordpress.com/

Mark Allums

Re: How to diagnose an "apt-get instal"l problem

[Greg Wooledge]

On Fri, Sep 09, 2016 at 10:18:22AM -0500, Richard Owlett wrote:
> As root I attempted to do
>   apt-get install mate-desktop-environment-core
> It began normally but terminated with a file not found message 
> before coming to the confirm installation step.

And the error message said...?

> To narrow down the problem source(s) I attempted to install a 
> different program.

Instead of reading the error.  *sigh*

> How can I diagnose what went wrong when I attempted "apt-get 
> install"?

By reading the error.

There is not enough information here to tell whether it was trying to
install a package that isn't physically included on your DVD, or
installing a package that exists but has an error in it, etc.

Re: Is nagle disabled?

[Stefan Monnier]

> I'm experimenting with TCP to see how long it takes to send a small amount
> of data from A to B. One would expect a latency of a few hundred
> milliseconds, but it's a few hundred microseconds instead. It is as if
> Nagle's algorithm has been disabled.

I suggest you re-read https://en.wikipedia.org/wiki/Nagle's_algorithm
Nagle only kicks in when there are un-acknowledged packets.  So on the
first packet, there is no delay.  There will be a delay on the *second*
packet if it's small and we haven't yet received confirmation that the
first packet was received.


Stefan

How to diagnose an "apt-get instal"l problem

[Richard Owlett]

I was experimenting with a custom minimal install.
[ALL installs are from purchased DVDs as I have minimal 
connectivity.]
I installed Jessie (8.0.0) using expert mode on a machine set 
aside for experiments.
I explicitly chose no desktop environment. The install proceeded 
normally.


From the Description in Packages.gz, 
mate-desktop-environment-core appeared to be appropriate for my 
needs.


As root I attempted to do
  apt-get install mate-desktop-environment-core
It began normally but terminated with a file not found message 
before coming to the confirm installation step.


To narrow down the problem source(s) I attempted to install a 
different program. It proceeded normally to the confirm install 
question.


Suspecting a damaged/defective DVD I then attempted a fresh 
install to the same partition. This time I chose the lxde 
desktop. Installation proceeded to a fully functioning install.


I then used Synaptic to install mate-desktop-environment-core.
It apparently completed normally. [I've not researched what I 
have to do to switch desktops.]


How can I diagnose what went wrong when I attempted "apt-get 
install"?


TIA

icedove: failed to connect server x...@gmail.com

[mudongliang]

Dear all,

recently I suddenly failed to update my gmail account in 
icedove. When I tried to get messages from gmail account in icedove, it 
poped up one window : "Failled to connect server x...@gmail.com". There 
is no error for my other email, for example, hotmail, outlook.


How could I solve this problem?

--
My best regards to you.

 No System Is Safe!
 Dongliang Mu

Is nagle disabled?

[Rob van der Putten]

Hi there


I'm experimenting with TCP to see how long it takes to send a small 
amount of data from A to B. One would expect a latency of a few hundred 
milliseconds, but it's a few hundred microseconds instead. It is as if 
Nagle's algorithm has been disabled.



Regards,
Rob

Re: Using serial console as a poor mans IP kvm?

[Eike Lantzsch]

On Freitag, 9. September 2016 08:15:37 PYT Tixy wrote:
> On Fri, 2016-09-09 at 08:46 +0300, Lars Noodén wrote:
> > I've used USB-to-serial adapters with the Prolific chipset.  They've
> > worked fine for me, in various models.  (I haven't tried FTDI and am
> > suspicious of them.)
> 
> And my experience is the opposite. I have genuine (there's apparently a
> lot of fakes) FTDI devices in pretty much daily use for many years
> without problems. This is using ser2net on a local network for accessing
> serial consoles on ARM based development boards. ser2net will be
> insecure telnet or raw port forwarding but if it's not exposed to the
> internet and you can ssh tunnel into the local network then that's a lot
> better. I've done that method for carrying on working with my boards
> whilst across the other side of the world. Of course, a means of power
> cycling devices is also essential.

I second that. I had many weird problems with PL2303 but never any on any OS* 
with FTDI FT232 chips.

[*] Debian-Linux, OpenBSD, OSX and MS-Windows 
-- 
Eike Lantzsch ZP6CGE

Re: libnss3, currently in testing

[Gene Heskett]

On Thursday 08 September 2016 19:02:31 Henrique de Moraes Holschuh wrote:

> On Thu, 08 Sep 2016, Gene Heskett wrote:
> > Has anyone an idea of a schedule of when that will put this security
> > update into the wheezy repo's?
>
> https://wiki.debian.org/LTS
>
> Please contact the Debian LTS people, and if this fix is not already
> in the priority queue, you could offer to sponsor the work required or
> something.
>
> > I believe this is why I cannot use the paypal account I just opened.
>
> Gene, may I humbly suggest you should get a new box for non-Linux-CNC
> work, and keep that wheezy box you use for Linux-CNC off the grid so
> that it doesn't become a liability in the future?

Liability?  Only if its destroyed on purpose by a malicious update. I 
have a router with dd-wrt reflashed into it.  No back doors.  And it 
stops _all_ the unfunny stuff. And according to the error message I get 
when I run firefox-esr from a terminal, SSL is missing.  But its not, FF 
just can't find it. IMO firefox-esr is a disaster despite the hype.

> You will be happier in the medium/long term after the investment in
> the new box pays itself off, Debian jessie should work much better
> overall for you for desktopish things (i.e. not Linux-CNC), and the
> rest of us will be happier even sooner because we will have less
> support requests related to oldstable to attend to[1] ;-)
>
> Paypal works just fine with firefox in a standard Debian 8.6 install.
>
> [1] Any work done for stable and unstable/testing _usually_ helps a
> lot more people than work done for oldstable.

I can appreciate that, but wheezy is supposed to have security support 
until sometime in 2018, but this gradual destruction of a formerly 
working system just to get folks to update smells an awful lot like 
fedora, and that rebuild your system every 30 days got old, very fast, 
so I bailed to mandrake all those years ago.  And now its happening 
again.  All I want is a system that Just Works(TM) and now it isn't.

Sometime today I'll see if I can figure out how to install the real 
mozilla firefox 48.something tarball.  Maybe even make it use the new 
flashplayer.so, now at major version 23 something. I already have them 
downloaded.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Re: System in broken state after dpkg upgrade

[Laurent Bigonville]

Don Armstrong wrote:

That's basically because the policy wasn't fixed in time for the jessie
release (see #756729 and #771484). If you're using selinux on Debian, it
would probably be good to participate in the development of the default
policy and refpolicy packages.


Yes please

Re: Jessie & Fixed IP Address

[Cindy-Sue Causey]

On 9/8/16, Greg Wooledge  wrote:
> On Thu, Sep 08, 2016 at 06:08:04PM +0100, David wrote:
>> I am working with a Raspberry PI running Jessie and I'm not happy about
>> the solutions I found to change it from DHCP to a fixed IP address.
>>
>> Can I go back to the old method of editing /etc/network/interfaces
>
> If it's Debian Jessie, then yes, you can edit /etc/network/interfaces.
> Change the line that says something like "iface eth0 inet dhcp" to
> "iface eth0 inet static", and add indented lines below that for the
> address, netmask and gateway.  Then configure your /etc/resolv.conf
> file to point to some valid nameservers.
>
> If it's Raspbian Jessie, which is not the same as Debian Jessie, then
> all bets are off.


This is too cool. The whole deal with my... battling Wi-Fi and
Bluetooth right now just paid off again. Yesterday I learned something
appropriate for this that.. *DISCLAIMER*... may or may not be true.

What I read out on the Net said that, if you have two or more similar
entries in /etc/network/interfaces, you only declare "gateway" _one
time_ or you run into problems.** Rightly or wrongly, I currently
presume that declaration would be made in the first (top) block
(module) of declarations.

Additionally I'm not experienced enough at this to know if there are
instances where that declaration would be a different [number]. If
that situation exists, I could see that being an instance where you
WOULD make two declarations because they don't clash and would be
necessary declarations.

My purpose in jumping in here is to help prevent someone from hitting
unnecessary hair pulling roadblocks in the event anyone goes playing
around with these settings while they're being discussed. And again,
that may or may *not* be true, but it does sound reasonable enough to
share out loud.. :)

You know what, though, I did have two entries in there the other day.
And I found that tip because I was getting the "RTNETLINK answers:
File exists" error that led to that tip (k/t Raspberry Pi @
StackExchange). My firsthand experience is that tip leans towards
being true because I eliminated ALL my homespun entries and am now no
longer receiving *that* particular error message. *grin*

Cindy

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Jessie & Fixed IP Address

[Joe]

On Fri, 09 Sep 2016 09:12:14 +0100
David  wrote:


> 
> Firstly an apology, I did not realise there was a Debian Jessie and a
> Raspbian Jessie.
> 
> I'm working with Raspbian Jessie.
> 

Debian is the root of many other distributions such as Knoppix and
Ubuntu, and many less famous.

Raspbian is one that rings bells because it is based on the ARM, which
probably no full-sized computer is these days (the Acorn Archimedes
series used it almost thirty years ago). The range of Debian packages
ported to the ARM RISC architecture is significantly smaller than those
for i386 and amd64, so some things have to be done differently. The
limitations of the system-on-chip which composes almost all of the Pi
hardware imposes further limitations, compared to general-purpose
desktop hardware or even laptop hardware. The relatively small storage
space available again imposes restrictions.

So Raspbian may well be quite different to a stock amd64 Jessie,
utilising many of the tricks of older days of computing to make the
best of limited hardware.

-- 
Joe

Re: Problems communicating with and between servers after upgrade - correction

[Clive Menzies]

Please ignore this last message about dovecot - my brain was scrambled. 
I hadn't installed it yet.



On 09/09/16 09:16, Clive Menzies wrote:

On 08/09/16 23:50, Clive Menzies wrote:

On 08/09/16 23:07, Clive Menzies wrote:
This nightmare of expanding problems has been going on for three 
days, since Monday afternoon. Never before have I questioned the 
decision to base our business (and our lives) on Debian and I remain 
a firm advocate. I also recognise that over successive releases, 
accommodating a plethora of configurations becomes harder and that 
at some point a step changes in the foundations of the system are 
required. I'm presuming that the transition to systemd from 
sysv-init was an essential step and understand that backwards 
compatibility becomes more challenging as time goes on.


Just when I thought life couldn't get anymore bizarre, dovecot-imapd 
and core have disappeared off server_M this morning along with the 
config files which had the cert info in. The mail on server_U is 
working fine. I've looked in the apt-log and there's no indication it 
was uninstalled which is not surprising because it was working fine in 
the early hours of this morning.




--
Clive Menzies
http://freecriticalthinking.org

Re: Problems communicating with and between servers after upgrade - correction

[Clive Menzies]

On 08/09/16 23:50, Clive Menzies wrote:

On 08/09/16 23:07, Clive Menzies wrote:
This nightmare of expanding problems has been going on for three 
days, since Monday afternoon. Never before have I questioned the 
decision to base our business (and our lives) on Debian and I remain 
a firm advocate. I also recognise that over successive releases, 
accommodating a plethora of configurations becomes harder and that at 
some point a step changes in the foundations of the system are 
required. I'm presuming that the transition to systemd from sysv-init 
was an essential step and understand that backwards compatibility 
becomes more challenging as time goes on.


Just when I thought life couldn't get anymore bizarre, dovecot-imapd and 
core have disappeared off server_M this morning along with the config 
files which had the cert info in. The mail on server_U is working fine. 
I've looked in the apt-log and there's no indication it was uninstalled 
which is not surprising because it was working fine in the early hours 
of this morning.


--
Clive Menzies
http://freecriticalthinking.org

Re: Jessie & Fixed IP Address

[David]

On Thu, 2016-09-08 at 12:42 -0500, Tim McDonough wrote:
> On 9/8/2016 12:08 PM, David wrote:
> > 
> > I am working with a Raspberry PI running Jessie and I'm not happy
> > about
> > the solutions I found to change it from DHCP to a fixed IP address.
> > 
> > Editing the file /etc/dhcpcd.conf does not seem to work correctly.
> > 
> > Can I go back to the old method of editing /etc/network/interfaces
> > 
> > Or is there a better way of setting a fixed IP on Jessie?
> 
> Raspbian Jessie (not Debian Jessie) uses systemd by default. I found
> the 
> following instructions worked well on my R-Pi 3 board:
> 
>  rry-pi/>
> 
> I too found it really confusing that many of the files we formerly
> used 
> to configure networking are still present but have no effect. I do
> not 
> know what all is involved in re-configuring to not use this newer
> method.
> 
> Tim
> 
Thank you for the replies.

Firstly an apology, I did not realise there was a Debian Jessie and a
Raspbian Jessie.

I'm working with Raspbian Jessie.

Having seen Tim's email I did some further searching and found some
suggestions which are to remove the daemon dhcpcd and edit the
/etc/network/interfaces file.

David.

Re: Using serial console as a poor mans IP kvm?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 08, 2016 at 10:26:59PM +0300, Jarle Aase wrote:
> I want to set up a few servers at home. Unfortunately, as I live in
> Bulgaria at the moment, the electric power is gone pretty often for
> longer periods than my UPS'es can deal with. So my servers will have
> to be started at least a few times every quarter.

[...]

> That means that I need to reboot the servers relatively often, and
> provide the luks passwords every time. Some times I am far away when
> this happens [...]

An interesting alternative to the serial console thing is baking
in an SSH server into the initramfs. There are small SSH servers
built for that, like Dropbear.

Upside is that you don't need any additional hardware and it's
pretty well integrated into Debian. Downside is that you need
BIOS, the bootloader and initramfs working (with the serial you
at least get a chance to fix the bootloader remotely).

https://packages.debian.org/sid/dropbear-initramfs
https://wiki.debian.org/RescueInitramfs
https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/

Might be worth a try.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfSZVMACgkQBcgs9XrR2kZGNgCfZhrMlouUceQSVJgzimE+b2YG
GokAn0PpEqnw2lgmFiGTu554OQtpt9Wa
=AKQd
-END PGP SIGNATURE-

Re: Using serial console as a poor mans IP kvm?

[Tixy]

On Fri, 2016-09-09 at 08:46 +0300, Lars Noodén wrote:
> I've used USB-to-serial adapters with the Prolific chipset.  They've
> worked fine for me, in various models.  (I haven't tried FTDI and am
> suspicious of them.)

And my experience is the opposite. I have genuine (there's apparently a
lot of fakes) FTDI devices in pretty much daily use for many years
without problems. This is using ser2net on a local network for accessing
serial consoles on ARM based development boards. ser2net will be
insecure telnet or raw port forwarding but if it's not exposed to the
internet and you can ssh tunnel into the local network then that's a lot
better. I've done that method for carrying on working with my boards
whilst across the other side of the world. Of course, a means of power
cycling devices is also essential.

-- 
Tixy