Re: Flash ?

[MENGUAL Jean-Philippe]

Salut,


Pour avoir Flash dans de bonnes conditions sous Debian, il faut:

- activer les dépôts non-free;

- installer pepperflash-plugin-nonfree et
browser-plugin-freflashplayer-pepperflash


Amicalement,



Le 23/08/2017 à 04:16, Yannick a écrit :
> Bonsoir,
>
> Je n'arrive plus à ouvrir les visionneuses de documents des sites des
> archives basées sur
> Thot (35)
> Mnesys (69)
>
> Je pense que c'est basé sur du flash donc oui c'est caca à l'heure du html5.
>
> Merci à qui me dira quoi installer sous Debian 9 sans passer par
> libflashplayer.so récupéré chez Adobe
>
> Amitiés
>

-- 
signature_jp_2
Logo Hypra  JEAN-PHILIPPE MENGUAL
DIRECTEUR TECHNIQUE ET QUALITÉ
102, rue des poissonniers, 75018, Paris
Tel : +331 84 73 06 61  Mob : +336 76 34 93 37

jpmeng...@hypra.fr 
www.hypra.fr 
Facebook Hypra  Twitter Hypra
 Linkedin Jean-Philippe

Re: OCR

[MENGUAL Jean-Philippe]

Hi,


Many great solutions exist now for OCR on Linux.

1. Free software: gimagereader (uses Tesseract), works all right, as
well as gocr

2. Other free solution: Hypra developed Ocrizer. If you install it, you can:

- from a shortcut, running the scanning process, the characters
recognition, and opening Writer. The shortcut is integrated
automatically in Hypra systems, using MATE and Compiz. As you probably
not installed it, you will need to implement the binding by hand. The
command to add to your desktop environment and to give a binding would
be: sh -c "/usr/bin/ocrizer -s -d ~/Documents"

- if using MATE, you can install 
mate-accessibility-ocr-integration-caja and a command in the context
menu will enable you to OCR a n image file (eg a PDF shipped on the
Internet), via different means.


Note that this tool is based on Tesseract.


3. Paying solution:

a) Abbyy Finereader (proprietary): for 150 euros, Abbyy provides a
commandline tool. Install it, run it via a script you create or
manually, and you can use Finereader engine in Linux. The license is a
key, you can get online, it enables you to be run on One machine and you
can OCr 12000 pages per year (the counter reloads each year).


If you buy it but want to have a script, you can install it, then
install ocrizer-finereader from Hypra. It will bring the features I
described above, but based on the Finereader engine instead of Tesseract.


b) Finally, if you want to support a social-impact company and get
support to implement your OCR installation, and if you want to bypass
the anual 12000 pages limitation, you can buy Finereader to Hypra: just
a mail, then a payment by transfer and they send you the license key.
The price is 180 euros, because the anual 12000 pages is missing.


To get Hypra repos (for suggestions 2 and 3 a):

http://hypra.fr/Developpement-72.html


Note that only Jessie works now, devs for Stretch are in progress. But
Hypra can assist you installing Finereader and Ocrizer on another
release of Debian (it's paying but possibe).


Hope it helps.



Cheers


Jean-Philippe MENGUAL

Re: One-line password generator

[Teemu Likonen]

Mario Castelán Castro [2017-08-22 10:04:59-05] wrote:

> “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”

Or if one wants to define the char set:

#!/bin/sh
length=${1:-16}
tr -cd 0-9A-Za-z https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

Flash ?

[Yannick]

Bonsoir,

Je n'arrive plus à ouvrir les visionneuses de documents des sites des
archives basées sur
Thot (35)
Mnesys (69)

Je pense que c'est basé sur du flash donc oui c'est caca à l'heure du html5.

Merci à qui me dira quoi installer sous Debian 9 sans passer par
libflashplayer.so récupéré chez Adobe

Amitiés

-- 
Yannick VOYEAUD
Nul n'a droit au superflu tant que chacun n'a pas son nécessaire
(Camille JOUFFRAY 1841-1924, maire de Vienne)
http://www.voyeaud.org
Créateur CimGenWeb: http://www.francegenweb.org/cimgenweb/
Journées du Logiciel Libre: http://jdll.org
Généalogie en liberté avec Ancestris http://www.ancestris.org
Aidez Ancestris à aller au Havre
https://www.helloasso.com/associations/ancestris/collectes/le-havre-2017

Re: Debian live installer problems

[Arjun Krishnan]

>
>
>
> My guess is that you are not following the instructions in the Debian
> installation guide complemented by my commentary. You seem to have your own
> idea of how to do things, which to me appears to be your own wild guess.
>
This is not the case. There's no need to be so negative and disrespectful,
Mario, you're not Linus Torvalds.
We're all only trying to learn here. However, I appreciate the time you
took to try and help.

I finally got the debian installer to work, and here is how. I wanted an
easy-to-maintain usb stick that would install all of the different linux
distributions (see
https://wiki.archlinux.org/index.php/Multiboot_USB_drive). The
problem was that my usb stick was running off
an efi grub. It had two partitions, one efi containing the grub shim, and
one ext4. I have a bunch of different linux isos with different
distributions distributions loaded in the ext4 partition, and one single
grub.cfg file that loads the installers from these isos. The debian
installer was the only one giving me trouble. It turned out that the debian
installer needed an extra grub needed a module called `efi_gop` to be
loaded. I don't know what it does, and would appreciate any information.

The following grub2 entry boots the debian net installer. In this case, I'd
copied the hd-image initrd and vmlinuz on to the ext4 partition as
stated in the debian install guide.

menuentry 'debian stretch 9.1 netinst' {
insmod efi_gop
search --no-floppy --set=root --fs-uuid
e84f9c3d-3021-45b0-b2c6-da7852c3c151
--hint hd0,gpt2
linux /vmlinuz vga=788 --- quiet
initrd /initrd.gz
}


Once the installer loaded, it searched for isos on the usb stick and loaded
the packages it needed from there.

In fact, it is not necessary to get the initrd and kernel from the hd-image
folder *at all*, and the following menuentry works just as well.

menuentry '[loopback]debian stretch 9.1 xfce-cd config' {
insmod efi_gop
# this is the path to the ext4 partition on the usb drive
set
imgdevpath="/dev/disk/by-uuid/e84f9c3d-3021-45b0-b2c6-da7852c3c151"
set isofile='/boot/iso/debian-9.1.0-amd64-xfce-CD-1.iso'
loopback loop $isofile
linux (loop)/install.amd/gtk/vmlinuz desktop=xfce
fromiso=${imgdevpath}/${isofile}
initrd (loop)/install.amd/gtk/initrd.gz
}


Notice here that grub2 is loading the ramdisk and linux kernel that reside
on the iso. If I removed the `insmod efi_gop` statement from either of
these, the installer would fail to boot.

What I don't understand is why the efi_gop module is needed for the Debian
installer, but not for the Debian live cd.

Re: OCR

[Miles Fidelman]

Probably CamScanner on a smartphone.


On 8/22/17 3:22 PM, Stephen Grant Brown wrote:

Hi All,
What is the best OCR package to use to scan the receipts given 
immediately after making a purchase?

Yours Sincerely
Stephen Grant Brown


--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: One-line password generator

[Mike McClain]

On Tue, Aug 22, 2017 at 08:46:24PM +0100, Brian wrote:
> Wow! Can you suggest something which gives one teensy-weensy bit of
> memorability?

Here's a solution I like. Scramble some letters and numbers you
know by heart to create your password, like so:
My mother's nickname is Ginny. She was born 5 May, 1920.
The password 'G05i05n19n20y' is harder to crack not being suseptible to
dictionary lookup. Add a dot/bang (./!) or a hash/query (#/?) and it
becomes '.G05i05n19n20y!' or '#G05i05n19n20y?' and it's 15 characters.
Run your selected password across some of the on'line password
checkers, there are many.

Best of luck,
Mike
--
If you lend someone $20 and never see that person again,
it was probably a wise investment.

Re: O SquidGuard ou alternativas?

[Thiago T. Faioli]

 SQUID + SQUIDGUARD ainda é uma combinação funcional

 Se sua dupla já funfa a 10 anos! Você só precisa atualizar.

 Se não lhe atende mais! Uma pesquisa, tendo como guia, os requisitos para
o novo modelo ... Vai ajudar na troca da implementação atual ou se só
complementando com uma solução de DNS na LAN vai ser necessário

  Att

Em 22 de ago de 2017 2:09 PM, "Bruno Lessa"  escreveu:

> Um que ouço falar muito bem é o NxFilter. Inclusive por ser eficiente em
> filtrar HTTPS.
>
> 2017-08-22 12:52 GMT-03:00 Fagner Patricio :
>
>> Na verdade ele é util só em casos como onde trabalho, ele serve para
>> controlar quem pode acessar o que na internet e em que horário, por exemplo
>> existem aqui onde eu trabalho um grupo que não pode acessar rede social
>> durante o expediente de trabalho então configuro o squidguard baseado no
>> login do usuário a bloquear sites de rede social das 06:00h até as  18:00h.
>>
>> Mas existem poucas alternativas ao SquidGuard, na verdade não sei nem se
>> tem alternativas livres a ele mais.
>>
>> Em 22 de agosto de 2017 12:48, Leandro  escreveu:
>>
>>> Tambem gostaria de saber alias nunca entendi bem como ele pode ser tao
>>> util... Desconhecimento mesmo
>>>
>>> Em 22 de ago de 2017 12:47 PM, "Fagner Patricio" <
>>> fagner.patri...@gmail.com> escreveu:
>>>
 Olá Pessoal!

 Eu uso em minha rede a combinação suqid + squidguard para filtragem de
 internet, a instalação atual já está em produção a 10 anos e temos que
 fazer uma atualização.

 Minha pergunta é se o SquidGuard ainda é o melhor software ou já
 existem alguma alternativa mais moderna?

 O que vocês usam?

 Obrigado.

 --
 Fagner Patrício
 João Pessoa - PB
 Brasil

>>>
>>
>>
>> --
>> Fagner Patrício
>> João Pessoa - PB
>> Brasil
>>
>
>
>
> --
> *Atenciosamente,*
>
> *google.com/+BrunoLessa *
>

Re: Coucou! vas-tu me dire un petit 'salut'? Aurore

[mamadou kante]

Sa vas quoi 9

Obtenez Outlook pour iOS

From: mamadou kante 
Sent: Tuesday, August 22, 2017 9:03:44 PM
To: Aurore Abdulbadee; debian-user@lists.debian.org
Subject: Re: Coucou! vas-tu me dire un petit 'salut'? Aurore

Ok

Obtenez Outlook pour iOS

From: Aurore Abdulbadee 
Sent: Tuesday, August 15, 2017 5:33:42 PM
To: debian-user@lists.debian.org
Subject: Coucou! vas-tu me dire un petit 'salut'? Aurore


Viens qu'on discute un peu toi et moi.
http://bit.ly/2w9opeo

Re: One-line password generator

[Lck Ras]

On 08/23/2017 07:31 AM, Brian wrote:
> On Tue 22 Aug 2017 at 15:14:37 -0500, Mario Castelán Castro wrote:
> You can recommend what you want but give me
> 
>  IhaveaMemorablePasswordwhichIwillnotforget!
> 
> as opposed to
> 
>  WVAq7XLM4va6e1A4Bb4+Zw
> 
> You will now explain why the first one will be broken in the next
> 100 years. I'm past caring after that.

The problem with that kind of password generation is that it leaks in
unexpected ways, and it can be hard to understand how much it matters.

When you know nothing about a password, it can be quite hard to guess,
but as you reveal more information about it and its construction (max
length, character set, format, etc.) it becomes easier and easier.

With randomly generated passwords, you still have an easy-to-understand
"hard limit" on how easy it will be to guess, unless you start leaking
individual characters of it, even if you reveal how the password is
constructed.

In the other hand, with passwords like the ones you described, it can be
quite difficult to gauge how hard it is to guess, and how much you can
reveal about it before it being unsafe.

Eg. knowing that you create your passwords like that can make it
significantly easier for someone else to guess your password, which
could potentially be dangerous, especially if done by someone who knows
you well.

I personally use diceware, which is relatively memorable and secure
enough. Revealing the fact that I use diceware makes guessing my
passwords significantly easier, but it still is very far in the
"impossible" territory.

I don't think leaving your passwords up to chance is a good idea. You
should know, not guess, whether it is safe or not.

Re: Limiting resource usage

[Lck Ras]

On 08/23/2017 06:48 AM, ju...@tutanota.com wrote:
> - i cannot change the default setting.
> is it a secure feature/the best option or a sign that something is wrong.

limits.conf contains the "default" ulimits if it is set as "soft", and
absolute limits if set as "hard", so if you want to change the defaults,
you will need to configure limits.conf.

> - have i to configure limits.conf ?
> my /etc/security/limits.conf is not set (all is marked as # comment)
> i do not know how-to-do that & i have not found (desktop default user / no 
> server) something that i could copy & past or a soft/script which should 
> generate the best option for me.

Check out limits.conf(5). In short, you can add lines to
/etc/security/limits.conf to impose global limits (except for systemd
services). The format is.

: Who is affected by the limit? can be * for everyone, a
specific user, etc.

: Either "hard", "soft", or "-". "hard" and "soft" are as I
described above, "-" combines both.

: The "thing" to limit. Stuff like # of processes, memory used,
etc. See the manpage for a complete list.

: The value you want to set as the limit.

All the lines already in that file are either explaining how to use it
or examples.

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 15:11, Jape Person wrote:
> You have been *very* helpful. You educated / reminded me on why even
> testing for exploits isn't necessarily useful when the firmware is not
> Open Source, and you told me about the existence of magnetic quick
> release USB cables. Time to shop!
> 
> And thank you very much again.

I am glad that you found my commentary useful.

By the way, I prefer the free software philosophy and term instead of
open source, although of course, almost all open source software is free
software and vice-versa.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: OCR

[Doug]

On 08/22/2017 05:22 PM, Stephen Grant Brown wrote:

Hi All,
What is the best OCR package to use to scan the receipts given 
immediately after making a purchase?

Yours Sincerely
Stephen Grant Brown
I wish there was a good OCR in Linux, but if there is, I don't know of 
it. You need Windows. Abbyy Fine Reader is excellent. When I need an 
OCR, I boot Windows--just about
the only time I do. (The other time is when I need good audio copy from 
LP records--DAK.)


--doug

Re: USB wireless keyboard in stretch

[Ben Caradoc-Davies]

On 23/08/17 10:32, Ben Caradoc-Davies wrote:

On 22/08/17 22:05, Dominic Knight wrote:

Meanwhile... some wireless keyboards and mice work very well in this
modern age, I've used Logitechs M185 & K270 without a single issue on
both Stretch and Buster.
+1, currently using these as an MK270r set on sid. I had some reception 
problems with its predecessor so from habit use a USB extension to move 
the nano receiver a bit closer. No problems so far with this set. My 
favourite keyboard and mouse ever. I would give it a 9/10 (shortcut keys 
could be better).


And battery level reporting is not yet supported on Debian for this 
model (in XFCE power manager or solaar). Still 9/10.  :-)


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

OCR

[Stephen Grant Brown]

Hi All,
What is the best OCR package to use to scan the receipts given immediately 
after making a purchase?
Yours Sincerely
Stephen Grant Brown 

Re: USB wireless keyboard in stretch

[Ben Caradoc-Davies]

On 22/08/17 22:05, Dominic Knight wrote:

Meanwhile... some wireless keyboards and mice work very well in this
modern age, I've used Logitechs M185 & K270 without a single issue on
both Stretch and Buster.


+1, currently using these as an MK270r set on sid. I had some reception 
problems with its predecessor so from habit use a USB extension to move 
the nano receiver a bit closer. No problems so far with this set. My 
favourite keyboard and mouse ever. I would give it a 9/10 (shortcut keys 
could be better).


Last time I looked into it, keyboard packets are encrypted with AES (but 
actual security is more than just this), but mouse packets are unencrypted.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: One-line password generator

[Brian]

On Tue 22 Aug 2017 at 15:14:37 -0500, Mario Castelán Castro wrote:

> On 22/08/17 14:46, Brian wrote:
> > Wow! Can you suggest something which gives one teensy-weensy bit of
> > memorability?
> 
> I do not recommend “memorable passwords” at all. The reasons are as
> explained next.

You can recommend what you want but give me

 IhaveaMemorablePasswordwhichIwillnotforget!

as opposed to

 WVAq7XLM4va6e1A4Bb4+Zw

You will now explain why the first one will be broken in the next
100 years. I'm past caring after that.

> If the password is not important (for example, account of web forums)
> then you can use store it in a plain text file or a password manager.
> Firefox has a built-in password manager which works fine. Here
> memorability does not matter at all, as you just have to copy and paste,
> or let the password manager fill it automatically. Anyway, one could not
> memorize enough passwords for all the things that require one (esp. web
> sites).

You are digressing. Every password is important. Basing a password on
the perceived imortance of an account is unwise. What Firefox has is of
no great consequence when it comes to memorability.

For one of my web forums:

 M92FGisthepostcodeformyhomeaddress

A weak password?
 
> If the password is important, then for a reasonable amount of entropy, a
> memorable password will be too long and VERY slow to input. I suggest
> the following approach:

Stick entropy. It is highly unlikely that a password is broken because
it is not in the 128-bit entropy category.

> Generate a 3-bit long password, for example:
> 
> mario@svetlana [0] [/home/mario]
> $ head -c 3 /dev/urandom | base64
> w5eJ
> 
> Write it in a paper or leave it in the terminal. Invent a mnemonic for
> it or just memorize as is. In this case, I can think of “_W_ill has _5_
> fingers in _each_ _J_and (hand spelled wrong)”.

Fine. But where is the improvement over

 Willhas5fingerson_each_Jand

as a password? A bit longer to type, perhaps, but not spectacularly so.

-- 
Brian.

Re: Limiting resource usage

[Zoltán Herman]

if you use the stretch/systemd then
systemd completely ignores /etc/security/limits*





2017-08-22 23:48 GMT+02:00 :

> https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
> 4.11.2 Limiting resource usage: the limits.conf file.
> $ ulimit -a
> core file size
> (blocks, -c)
> data seg size
> (kbytes, -d)
> scheduling priority
> (-e)
> file size
> (blocks, -f)
> pending signals
> (-i)
> max locked memory
> (kbytes, -l)
> max memory size
> (kbytes, -m)
> open files
> (-n)
> pipe size
> (512 bytes, -p)
> POSIX message queues
> (bytes, -q)
> real-time priority
> (-r)
> stack size
> (kbytes, -s)
> cpu time
> (seconds, -t)
> max user processes
> (-u)
> virtual memory
> (kbytes, -v)
> file locks
> (-x)
>
> - i cannot change the default setting.
> is it a secure feature/the best option or a sign that something is wrong.
>
> - have i to configure limits.conf ?
> my /etc/security/limits.conf is not set (all is marked as # comment)
> i do not know how-to-do that & i have not found (desktop default user / no
> server) something that i could copy & past or a soft/script which should
> generate the best option for me.
>
> - could someone solve that using k.i.s.s. ?
>
> thx by advance in case of responses.
> https://www.debian.org/doc/manuals/debian-handbook does not answer at my
> questions  ),
>
> --
> Securely sent with Tutanota.
>

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 15:14, Mario Castelán Castro wrote:
> Generate a 3-bit long password, for example:
> 
> mario@svetlana [0] [/home/mario]
> $ head -c 3 /dev/urandom | base64
> w5eJ

Apologies. This is of course, a 3 BYTE long password (24 bits), not 3
BIT long!!

I also want to point that by default, if the input to base64 is not an
input of 3 bytes then the last digit does not have full entropy. The
one-liner that I gave in my *original* message is processed to have full
entropy in *all* digits (hence the double use of “head” command), for a
total of 132 bits. The line quoted here does not need this processing
because the input gives exactly enough entropy to generate 4 characters
with full entropy.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 15:14, Mario Castelán Castro wrote:
> Generate a 3-bit long password, for example:
> 
> mario@svetlana [0] [/home/mario]
> $ head -c 3 /dev/urandom | base64
> w5eJ

Apologies. This is of course, a 3 BYTE long password (24 bits), not 3
BIT long. Hehe.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 14:46, Brian wrote:
> Wow! Can you suggest something which gives one teensy-weensy bit of
> memorability?

I do not recommend “memorable passwords” at all. The reasons are as
explained next.

If the password is not important (for example, account of web forums)
then you can use store it in a plain text file or a password manager.
Firefox has a built-in password manager which works fine. Here
memorability does not matter at all, as you just have to copy and paste,
or let the password manager fill it automatically. Anyway, one could not
memorize enough passwords for all the things that require one (esp. web
sites).

If the password is important, then for a reasonable amount of entropy, a
memorable password will be too long and VERY slow to input. I suggest
the following approach:

Generate a 3-bit long password, for example:

mario@svetlana [0] [/home/mario]
$ head -c 3 /dev/urandom | base64
w5eJ

Write it in a paper or leave it in the terminal. Invent a mnemonic for
it or just memorize as is. In this case, I can think of “_W_ill has _5_
fingers in _each_ _J_and (hand spelled wrong)”.

Several times through the day, try to remember the password and *then*
look at the paper or terminal to check. Allow yourself 1 day to memorize
it, then if you used a paper, either *eat it* or chew it until it is an
homogeneous blob and then spit it. Repeat this for several days. Your
password at the end is the *concatenation* of all these 4-character
chunks in the order generated.

If at some point you get a chunk that is hard to memorize, you can
discard it and try again. Discarding removes some entropy but I do not
think it is significant (as a *rule of thumb*: You can choose the “best”
of 4 tries for any block and lose only 2 bits of entropy; if you do this
each block, then you still have 88 bits of entropy). To assure that each
chunk gives the maximum amount of entropy (24 bits) you must commit
yourself to use whatever is generated, that is, without discarding.

Each chunk gives 24 bits of entropy. I recommend to use a 4-chunck long
password, for 96 bits of entropy. In my opinion, there is no point in a
longer password; the attacker would simply kidnap you and give you
amobarbital instead of trying brute force. 5 chunks give 120 bits, which
is IMO is enough for *any* password that can be trusted to a single
person. For stronger security requirements, one should instead require N
of M good passwords to unlock the ICBM and then distribute the
individual passwords as appropriate.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Jape Person]

On 08/22/2017 06:01 PM, Jape Person wrote:

On 08/22/2017 05:12 PM, Mario Castelán Castro wrote:

On 22/08/17 15:11, Jape Person wrote:

You have been *very* helpful. You educated / reminded me on why even
testing for exploits isn't necessarily useful when the firmware is not
Open Source, and you told me about the existence of magnetic quick
release USB cables. Time to shop!

And thank you very much again.


I am glad that you found my commentary useful.

By the way, I prefer the free software philosophy and term instead of
open source, although of course, almost all open source software is free
software and vice-versa.

Regards.



Understood. I was just thinking of it from the standpoint of what we can
see, not from the standpoint of the philosophy as to why we can see it
or what we can do with it. But you're right. the philosophy is always
important.

I'd love to run into a few folks here who care about such things.
Conversations in this region have a tendency to get really boring,
really quickly. The only things most people around here are willing to
discuss are physical trivialities and things I'm reasonably certain
don't exist.

;-)

Friends don't let friends eat friends.

JP


Heh. Ambiguity is my middle name. By "here" and "this region" above, I'm 
referring to physical location. There are lots of interesting folks in 
this "here".

Limiting resource usage

[jumpy]

https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
4.11.2 Limiting resource usage: the limits.conf file.
$ ulimit -a
core file size  
(blocks, -c) 
data seg size   
(kbytes, -d)
scheduling priority 
(-e)
file size   
(blocks, -f) 
pending signals 
(-i) 
max locked memory   
(kbytes, -l) 
max memory size 
(kbytes, -m) 
open files  
(-n) 
pipe size    
(512 bytes, -p) 
POSIX message queues 
(bytes, -q) 
real-time priority  
(-r) 
stack size  
(kbytes, -s) 
cpu time   
(seconds, -t) 
max user processes  
(-u) 
virtual memory  
(kbytes, -v) 
file locks  
(-x) 

- i cannot change the default setting.
is it a secure feature/the best option or a sign that something is wrong.

- have i to configure limits.conf ?
my /etc/security/limits.conf is not set (all is marked as # comment)
i do not know how-to-do that & i have not found (desktop default user / no 
server) something that i could copy & past or a soft/script which should 
generate the best option for me.

- could someone solve that using k.i.s.s. ?

thx by advance in case of responses.
https://www.debian.org/doc/manuals/debian-handbook does not answer at my 
questions  ),

--
Securely sent with Tutanota.

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Jape Person]

On 08/22/2017 05:12 PM, Mario Castelán Castro wrote:

On 22/08/17 15:11, Jape Person wrote:

You have been *very* helpful. You educated / reminded me on why even
testing for exploits isn't necessarily useful when the firmware is not
Open Source, and you told me about the existence of magnetic quick
release USB cables. Time to shop!

And thank you very much again.


I am glad that you found my commentary useful.

By the way, I prefer the free software philosophy and term instead of
open source, although of course, almost all open source software is free
software and vice-versa.

Regards.



Understood. I was just thinking of it from the standpoint of what we can 
see, not from the standpoint of the philosophy as to why we can see it 
or what we can do with it. But you're right. the philosophy is always 
important.


I'd love to run into a few folks here who care about such things. 
Conversations in this region have a tendency to get really boring, 
really quickly. The only things most people around here are willing to 
discuss are physical trivialities and things I'm reasonably certain 
don't exist.


;-)

Friends don't let friends eat friends.

JP

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Fungi4All]

> From: marioxcc...@yandex.com
> To: debian-user@lists.debian.org
>
> On 22/08/17 10:22, Jape Person wrote:
>> Hence, why I suspect that they are vulnerable. I bought these things
>> because my wife trips over her cables 3 or 4 times a day, and wireless
>> ones are just easier to deal with from a workstation logistics standpoint.
>
> Wireless things do not solve the problem of having to cope with wires.
> They just replace this with the bigger problem of unauduitable firmware
> directly exposed to the attacker (via radio or sometimes infrared
> communication).
>
> My suggestion is to instead address cabling directly. If your wife trips
> because cables are in the floor, then use some wire to coil the excess
> length so that it does not hang. If your cables have to go through a
> walkway, then pass them through the bottom of the ceiling, so that the
> floor will be clear and thus avoid the “tripping hazard”. Use a cable
> extension if required. You may need to go to a hardware store to buy a
> cable tray or a wall-mountable cable clamp.
>
>> I"ll look into getting the test suite from Bastille to see if I can
>> figure out how to do some testing on these things to see if they look
>> vulnerable. Do you really think that this is unauditable? Bastille
>> claims to have produced Open Source tools for doing just that.
>
> If the device firmware is secret, then it is unauduitable. Of course,
> this applies to wired keyboards too. The problem is that wireless
> keyboards are exposed to possible attackers, while wired keyboards are not.
>
> I have not heard about Bastille. Apparently they sell a vulnerability
> scanner for wireless devices. I can easily be wrong here because I just
> took a quick glance at “https://www.bastille.net/product/introduction/”.
>
> By doing vulnerability scanner, one can only test the device for a
> limited set of *known* vulnerabilities (the test suite must know what to
> look for). I would not trust any wireless device just because a
> vulnerability scanning found nothing on it. Without seeing the firmware
> source code, one can not tell if it has vulnerabilities previously unknown.
>
>> Maybe I"ll just use the wireless keyboards and mice to control TVs.
>
> Ugh? I did not know that TVs that have any use for keyboard and mice
> input existed. I guess it"s just yet another class of devices with
> “walled-garden type” proprietary software providing an incountable
> number of fancy but completely useless bells and whistles.
>
> What is next? A toaster that makes a Twitter post when the toasts are ready?
>
>>> That is why opaque cryptographic systems can not be trusted. This is
>>> covered in any practical cryptography book.
>>
>> Practical cryptography -- isn"t that an oxymoron, for most users at
>> least? [...]
> I was referring to *books* that address the issues related to
> *deploying* cryptographic systems as opposed to theoretical issues or
> cryptanalysis (for example, the mathematics of elliptic curve
> cryptography, hash constructions “probably secure” based on the random
> oracle model, and other details that are not relevant to the end users).
> The question of whether cryptography can be practical is a very
> different matter.
>
> I believe that cryptography is already practical. For example,
> encrypting e-mail with Enigmail and Thunderbird is very easy. Many
> distributions have graphical installers (lay users are allergic to
> ncurses-type interfaces) with which an encrypted volume can be set up
> easily. Many web sites use TLS transparently to the user, et cetera.
>
>> In a day when people post their most personal experiences and thoughts
>> on Facebook or Twitter for everyone to read [...]
>
> But about the huge amorphous mass of typical Facebook users, those are a
> lost case. The fact that they couldn"t be made to properly secure their
> information –even if their despicable lives depended on it– is not a
> fault of the cryptography systems. It is a fault of their indolence and
> incompetence. Related:
> .
>
> Personally I do not care about “privacy” in the normal sense, because I
> do not care about the opinion of people about myself (However, I do care
> about *arguments* that I am doing something wrong). However, I care abut
> encryption because I do not want to leave through the Internet personal
> information that maybe can be used *against* me.
>
> Regards.
>
> --
> Do not eat animals, respect them as you respect people.
> https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan

Very nice article reming people of the obvious.  There is one specific area 
where mediums mix-match,
air and copper that is, and this is a not so recent gadget of using 
mains/electrical outlets for networking
by placing a pair or more dongles on any plugs on the same circuit.
Well, electrical circuits are not very isolated from the generator and back 
through your house.  It is just
that those little boxes are 

Re: renommer l'interface réseau

[Mathias Dufresne]

Le nommage à la volée du matériel quand on a plusieurs matériels d'un même
type me semble forcément foireux.
Je comprends que le nommage eth0, eth1... ait été abandonné, par contre je
reproche à la nouvelle méthode de se vanter d'être la solution.
La nouvelle méthode se base sur les ports PCI et/ou PCI express pour
choisir le nom, si je ne dis pas de bêtise. C'est censé être sûr,
définitif. C'est un mensonge éhonté tout simplement.
Lorsque udev a changé sa méthode par défaut j'ai laissé faire, étant
joueur. Sur mon petit serveur de virtualisation qui a 4 cartes ethernet
dont je me sers, j'ai rajouté une carte graphique... Et la nouvelle méthode
infaillible, stable, définitive a tout simplement renommé toutes mes cartes
réseau.

De toute façon c'est foireux, dès qu'on modifie le matériel ça change. Et
j'insiste : dire le contraire c'est de la mauvaise foi.
Pour faire stable il faut forcer les noms manuellement. Debian pourrait
trouver sa propre règle de nommage et forcer un nommage particulier, stable
plutôt que s'appuyer sur un truc bancal qui refuse d'admettre qu'il est
bancal...

Le 21 août 2017 13:50, "Francois Lafont"  a écrit :

> On 08/21/2017 07:27 AM, Pascal Hambourg wrote:
>
> >> Àmha, ce n'est pas forcément une bonne idée de toucher à Grub et
> >> aux options de boot du noyau. La méthode que j'ai indiquée avec
> >> systemd dans mon message précédent me semble plus « propre ».
> >
> > Pourquoi donc ?
>
> Perso, j'ai eu parfois des problèmes avec Grub. Sur des serveurs HP
> par exemple, le simple fait de changer une option de boot avec Grub
> faisait que le serveur ne démarrait plus. Alors c'était sans doute
> plus un souci côté serveur que côté Grub (j'ai jamais eu le fin mot
> de l'histoire, le support HP n'a pas été efficace, c'est le moins
> qu'on puisse dire) mais perso je préfère ne pas pas toucher à la
> configuration de Grub.
>
> Et par ailleurs, la solution avec un fichier dans /etc/systemd/network/
> me paraît tellement simple, avec une syntaxe on ne peut plus claire
> (voir SYSTEMD.LINK(5) exemple 2 sous Stretch).
>
>
> --
> François Lafont
>
>

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 13:01, Jape Person wrote:
> There's no fix for my wife and the presence of cables. In this case, the
> cables for keyboard and mouse run from the Intel NUC computer nestled in
> a table beside her recliner to the keyboard on her lap and the mouse on
> her arm rest. She has yanked the cables free of the computer, pulled the
> computer out of its shelf, dropped the keyboard and then tripped over it
> when she tried to retrieve it, and actually toppled the table while
> "arguing" with the keyboard and mouse cables. Wireless devices were a
> ploy to reduce the likelihood of her causing damage to the various
> devices because of her interaction with things that were tied together
> physically.

I see. You may be also interested in “magnetic quick release USB
cables”. They are held together at one part by a magnet. A strong pull
(accidental or otherwise) will disconnect it, and thus it is supposed to
be less dangerous for the user and the equipment. I have never seen any
such in my life, but I know they exist.

> Her clumsiness doesn't reduce her charm a bit. But you do have to be
> careful not to stand next to her in the kitchen. She gestures a lot with
> her hands -- even when holding knives. Ever seen a Fellini movie?

Well, at least as she does not injuries herself or you it's alright. :)

-
There is nothing else to add from my part to this conversation, so good
luck!

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[John Hasler]

Brian writes:
> Wow! Can you suggest something which gives one teensy-weensy bit of
> memorability?

Follow Bruce Schneier's advice and write your passwords down.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: error Correo

[AlexLikeRock]

On August 22, 2017 6:58:19 AM GMT-06:00, Luis Ernesto Garcia Reyes 
 wrote:
>Tengo instalado un servidor de correo electrónico y me deja enviar y
>recibir
>correos desde el dominio local, pero cuando intento enviar a otro
>dominio
>cualquiera .cu o exterior me envía el siguiente error adjunto. Alguien
>tienes la solución. Saludos

Nesesitas abrir los puertos del módem.
 
El nomero de puerto corresponde al tipo de correo que manejas ,
Pop3 o IMAP , etc etc.
 Saludos 


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: One-line password generator

[Jape Person]

On 08/22/2017 03:46 PM, Brian wrote:

On Tue 22 Aug 2017 at 10:04:59 -0500, Mario Castelán Castro wrote:


I have the following line in my Bash init file:

“alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”

This generates a password with just above 128 bits of entropy. You may
find it useful.


Wow! Can you suggest something which gives one teensy-weensy bit of
memorability?



Sorry didn't catch thread earlier. Was xkcdpass mentioned?

JP

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Jape Person]

On 08/22/2017 02:40 PM, Mario Castelán Castro wrote:

On 22/08/17 13:01, Jape Person wrote:

There's no fix for my wife and the presence of cables. In this case, the
cables for keyboard and mouse run from the Intel NUC computer nestled in
a table beside her recliner to the keyboard on her lap and the mouse on
her arm rest. She has yanked the cables free of the computer, pulled the
computer out of its shelf, dropped the keyboard and then tripped over it
when she tried to retrieve it, and actually toppled the table while
"arguing" with the keyboard and mouse cables. Wireless devices were a
ploy to reduce the likelihood of her causing damage to the various
devices because of her interaction with things that were tied together
physically.


I see. You may be also interested in “magnetic quick release USB
cables”. They are held together at one part by a magnet. A strong pull
(accidental or otherwise) will disconnect it, and thus it is supposed to
be less dangerous for the user and the equipment. I have never seen any
such in my life, but I know they exist.


Her clumsiness doesn't reduce her charm a bit. But you do have to be
careful not to stand next to her in the kitchen. She gestures a lot with
her hands -- even when holding knives. Ever seen a Fellini movie?


Well, at least as she does not injuries herself or you it's alright. :)

-
There is nothing else to add from my part to this conversation, so good
luck!



You have been *very* helpful. You educated / reminded me on why even 
testing for exploits isn't necessarily useful when the firmware is not 
Open Source, and you told me about the existence of magnetic quick 
release USB cables. Time to shop!


And thank you very much again.

Best regards,
JP

Re: One-line password generator

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Aug 22, 2017 at 08:46:24PM +0100, Brian wrote:
> On Tue 22 Aug 2017 at 10:04:59 -0500, Mario Castelán Castro wrote:
> 
> > I have the following line in my Bash init file:
> > 
> > “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> > 
> > This generates a password with just above 128 bits of entropy. You may
> > find it useful.
> 
> Wow! Can you suggest something which gives one teensy-weensy bit of
> memorability?

Personally I use pwgen, but one has to admit that the OP's solution
is elegant. And memorability is... in the eye of the beholder (and
it has more entropy per char as default pwgen, so...)

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmcjhwACgkQBcgs9XrR2kYsQgCfeR1yyBAUbZdIk6QJK2DNqlat
rLcAnAm7m08X6v36ziGyLVWc0HuPWnvw
=OOfH
-END PGP SIGNATURE-

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 12:38, Nicolas George wrote:
> Wrong, "pay a loan" and "pay a loan" are the same problem. "Pay a loan"
> and "escape the police after robbing a bank" are two different problems,
> for example.

Wrong. Your ambiguous choice of words has hidden the difference.

First it is “pay THE loan X” first, and then it is “pay THE loan Y”,
where X≠Y. Therefore, they are different problems.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Brian]

On Tue 22 Aug 2017 at 10:04:59 -0500, Mario Castelán Castro wrote:

> I have the following line in my Bash init file:
> 
> “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> 
> This generates a password with just above 128 bits of entropy. You may
> find it useful.

Wow! Can you suggest something which gives one teensy-weensy bit of
memorability?

-- 
Brian.

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 12:33, Nicolas George wrote:
> Le quintidi 5 fructidor, an CCXXV, Mario Castelán Castro a écrit :
>> Wireless things do not solve the problem of having to cope with wires.
>> They just replace this with the bigger problem of unauduitable firmware
>> directly exposed to the attacker (via radio or sometimes infrared
>> communication).
> 
> Well, that is not the SAME problem, so the original problem is solved.

Just as the problem of having to pay a loan is “solved” by requesting a
new loan to pay the old loan.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 10:22, Jape Person wrote:
> Hence, why I suspect that they are vulnerable. I bought these things
> because my wife trips over her cables 3 or 4 times a day, and wireless
> ones are just easier to deal with from a workstation logistics standpoint.

Wireless things do not solve the problem of having to cope with wires.
They just replace this with the bigger problem of unauduitable firmware
directly exposed to the attacker (via radio or sometimes infrared
communication).

My suggestion is to instead address cabling directly. If your wife trips
because cables are in the floor, then use some wire to coil the excess
length so that it does not hang. If your cables have to go through a
walkway, then pass them through the bottom of the ceiling, so that the
floor will be clear and thus avoid the “tripping hazard”. Use a cable
extension if required. You may need to go to a hardware store to buy a
cable tray or a wall-mountable cable clamp.

> I'll look into getting the test suite from Bastille to see if I can
> figure out how to do some testing on these things to see if they look
> vulnerable. Do you really think that this is unauditable? Bastille
> claims to have produced Open Source tools for doing just that.

If the device firmware is secret, then it is unauduitable. Of course,
this applies to wired keyboards too. The problem is that wireless
keyboards are exposed to possible attackers, while wired keyboards are not.

I have not heard about Bastille. Apparently they sell a vulnerability
scanner for wireless devices. I can easily be wrong here because I just
took a quick glance at “https://www.bastille.net/product/introduction/”.

By doing vulnerability scanner, one can only test the device for a
limited set of *known* vulnerabilities (the test suite must know what to
look for). I would not trust any wireless device just because a
vulnerability scanning found nothing on it. Without seeing the firmware
source code, one can not tell if it has vulnerabilities previously unknown.

> Maybe I'll just use the wireless keyboards and mice to control TVs.

Ugh? I did not know that TVs that have any use for keyboard and mice
input existed. I guess it's just yet another class of devices with
“walled-garden type” proprietary software providing an incountable
number of fancy but completely useless bells and whistles.

What is next? A toaster that makes a Twitter post when the toasts are ready?

>> That is why opaque cryptographic systems can not be trusted. This is
>> covered in any practical cryptography book.
> 
> Practical cryptography -- isn't that an oxymoron, for most users at
> least? [...]
I was referring to *books* that address the issues related to
*deploying* cryptographic systems as opposed to theoretical issues or
cryptanalysis (for example, the mathematics of elliptic curve
cryptography, hash constructions “probably secure” based on the random
oracle model, and other details that are not relevant to the end users).
The question of whether cryptography can be practical is a very
different matter.

I believe that cryptography is already practical. For example,
encrypting e-mail with Enigmail and Thunderbird is very easy. Many
distributions have graphical installers (lay users are allergic to
ncurses-type interfaces) with which an encrypted volume can be set up
easily. Many web sites use TLS transparently to the user, et cetera.

> In a day when people post their most personal experiences and thoughts
> on Facebook or Twitter for everyone to read [...]

But about the huge amorphous mass of typical Facebook users, those are a
lost case. The fact that they couldn't be made to properly secure their
information –even if their despicable lives depended on it– is not a
fault of the cryptography systems. It is a fault of their indolence and
incompetence. Related:
.

Personally I do not care about “privacy” in the normal sense, because I
do not care about the opinion of people about myself (However, I do care
about *arguments* that I am doing something wrong). However, I care abut
encryption because I do not want to leave through the Internet personal
information that maybe can be used *against* me.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Xampp sur GNU Linux Debian Jessie 8.7.1

[G2PC]

Le 22/08/2017 à 18:46, JC.EtiembleG a écrit :
> Le 22/08/2017 à 14:11, G2PC a écrit :
>
> Bonjour,
>
>> Je suis entrain d'avancer sur mon serveur local Xampp.
>
> Pourquoi installer Xampp alors que c'est plus simple d'installer
> Apache+PHP+Mysql(ou MariaDB)+Adminer (ou PHPMyAdmin
Je pensais plus simple d'utiliser xampp et plus documenté pour les
noobs, d'après moi.

Après, les concepts sont les mêmes, je ferais aussi le tuto pour apache
mysql phpmyadmin, à l'occasion.

... mais, pour le moment ...

, c'est un tutoriel pour Xampp dernière version sous Debian 9.

Re: Debian v9 it's a stretch

[Rob van der Putten]

Hi there


On 21/08/17 18:29, deloptes wrote:


No issues, even with new installation on new disk :)


Upgrade from amd64 Jessie (insserv, bare ALSA).
I kind of miss xfce-mixer Alsamixergui works, but xfce-mixer looked 
better. I'm very happy that Firefox works on bare ALSA.



As Greg wrote, please share the issues.


I posted a few things, probably kernel bugs.
Apart from that, seamless transition. Even my serial mouse still works.
Rkhunter nags a bit about SSH. Even though things seem to be OK. I still 
have to look into that.



Going back - might be an option perhaps for the next 2-4y.
changing dists - you may face same on other dist as well



Regards,
Rob

Re: USB wireless keyboard in stretch

[Zoltán Herman]

or

apt-get install xfce4-goodies


2017-08-22 18:11 GMT+02:00 Zoltán Herman :

> Hi Alle,
>
> I found this on https://wiki.archlinux.org/index.php/xfce( but analog can
> be here as well.. look at )
> or
>
> look into the xfce4-session-verbose-log file, there is something wrong
> with in( error on mouse/keyboard)
>
>
> Greetings
>
> Zoltán
>
>
>
> 2017-08-22 17:22 GMT+02:00 Jape Person :
>
>> On 08/22/2017 09:33 AM, Mario Castelán Castro wrote:
>>
>>> On 21/08/17 23:02, Jape Person wrote:
>>>
 The keyboard communications are encrypted, and both mouse and keyboard
 are rechargeable. But I at least have to check with Cherry support to
 learn whether or not my new toys are vulnerable. I suspect that they
 are.

>>>
>>> The problem is that even if the manufacturer assures you that the
>>> wireless link is secured cryptographically, all you have is their word
>>> for it. The implementation is very probably unauduitable (and even if
>>> would not audit it yourself, somebody among the community of users
>>> probably would do so and report if he found any vulnerability), as
>>> almost all firmware is.
>>>
>>>
>>
>> Hence, why I suspect that they are vulnerable. I bought these things
>> because my wife trips over her cables 3 or 4 times a day, and wireless ones
>> are just easier to deal with from a workstation logistics standpoint.
>>
>> Dummy that I am, I had only considered the issues like password
>> interception, and had never considered the possibility that an unencrypted
>> mouse connection would be a path for introducing keystrokes to the system,
>> though it's a really obvious attack path. Surely proper design of the
>> transceiver could keep the mouse input from sending keystrokes, but then I
>> suppose some of the "special features" of the mouse wouldn't work -- and we
>> couldn't have that, could we?
>>
>> I'll look into getting the test suite from Bastille to see if I can
>> figure out how to do some testing on these things to see if they look
>> vulnerable. Do you really think that this is unauditable? Bastille claims
>> to have produced Open Source tools for doing just that.
>>
>> Maybe I'll just use the wireless keyboards and mice to control TVs.
>>
>> That is why opaque cryptographic systems can not be trusted. This is
>>> covered in any practical cryptography book.
>>>
>>>
>> Practical cryptography -- isn't that an oxymoron, for most users at
>> least? People at my lower level of competence are at least aware that
>> cryptography can be used in a variety of ways. I implemented encrypted
>> e-mail on my own systems years ago, only to find that I couldn't persuade
>> even one other among my acquaintances to use it. Not even if I set it up
>> for them. Some of these folks were medical professionals who were
>> exchanging the health data of patients among themselves and with patients
>> -- by e-mail!
>>
>> In a day when people post their most personal experiences and thoughts on
>> Facebook or Twitter for everyone to read, most people don't seem able to
>> comprehend that some of us would prefer not to broadcast our underwear
>> preferences to the universe.
>>
>> Thank you very much for your thoughts. They jerked me a little further
>> back into such reality as I can tolerate.
>>
>> ;-)
>>
>> JP
>>
>>
>

Re: [KDE5] Icônes manquantes dans Dolphin

[Mathias Dufresne]

Le 22 août 2017 à 20:24, Mathias Dufresne  a
écrit :

>
>
> Le 22 août 2017 à 18:40, thierry.jeanmou...@cegetel.net <
> thierry.jeanmou...@cegetel.net> a écrit :
>
>> Le 21/08/2017 à 14:37, Mathias Dufresne a écrit :
>>
>>> Bonjour à tou(te)s,
>>>
>>> Je viens d'installer Debian 9 et celle-ci est iconoclaste : dans Dolphin
>>> je n'ai aucune icône malgré l'installation de "kde-full".
>>>
>>> Quelqu'un aurait une idée sur comment faire pour que ces icônes
>>> reviennent ?
>>>
>>> En vous souhaitant une bonne journée,
>>>
>>> Mathias
>>>
>>
>> Tu ne serais pas en 32 bits par hasard? J'ai le même problème d'icones
>> manquantes avec Skrooge sous Stretch i386. En revanche aucun problème sous
>> Stretch amd64, ou avec Jessie i386. J'ai constaté d'ailleurs pas mal de pbs
>> avec la version 32 bits de Stretch.
>>
>
> Salut,
>
> La probabilité est faible, j'ai utilisé debian-9.1.0-amd64-netinst.iso
> pour l'installation.
> Sinon :
> moman:~# uname -a
> Linux moman 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06)
> x86_64 GNU/Linux
> moman:~# file /lib/systemd/systemd
> /lib/systemd/systemd: ELF 64-bit LSB shared object, x86-64, version 1
> (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for
> GNU/Linux 2.6.32, BuildID[sha1]=70994edf61ebc37695fb0ed7a82eeb48d41413a0,
> stripped
>
> Ceci dit, c'est que j'expliquais dans mon dernier message, celui de ce fil
> de discussion juste avant ton message, le problème est résolu en
> renseignant des variables.
>
> Ça a marché sur ma Gentoo, ça a marché sur le Debian 9 de ma môman, et les
> infos je les avais récupéré, si je me souviens bien, sur le forum ou le
> wiki Archlinux.
>
>

Pardon, en me relisant le ton est un peu rude...

Donc normalement c'est bien du 64bits pour le pc Debian 9 (celui nommé
"moman" dans les commandes précédentes).
Pour ma Gentoo c'est aussi du 64bits.

Ce qui manquait dans le titre c'est le fait que ces systèmes n'utilisent
pas KDE comme interface graphique mais openBox. Je ne pense pas que le
problème intervienne avec une interface KDE, le problème n'était présent
sur ma Gentoo avec le bureau KDE et sur une Gentoo si ça ne marche, c'est
pas la fautes des devs mais de l'utilisateur (donc ma faute à moi ;)
Et comme ça marchait sur Gentoo avec un bureau KDE alors que je n'avais
rien configuré pour, c'est le bureau KDE fait ce qu'il faut pour que les
icônes soient trouvées (via des variables ou autres, je ne sais pas).

Toujours est-il qu'avec openbox qui ne renseigne pas les variables pour KDE
(ce qui se comprend), les icônes étaient absentes. Et avec ces variables,
le problème ne se pose plus. Quelle que soit la version de KDE5 et sans
doute avec des systèmes 32 tout comme 64bits.

Re: Virtualbox for stretch and buster not in repos

[Dejan Jocic]

On 22-08-17, RavenLX wrote:
> On 08/18/2017 10:25 AM, Dejan Jocic wrote:
> > On 18-08-17, RavenLX wrote:
> > > On 08/18/2017 09:14 AM, Sven Hartge wrote:
> > > > RavenLX  wrote:
> > > > 
> > > > > I always used the Oracle repo anyway because it was updated more
> > > > > frequently. But I do wish that something could be worked out so that
> > > > > it would be back in Debian.
> > > > 
> > > > Highly unlikely, as Oracle behaves like this for all software released
> > > > and distributed by them.
> > > > 
> > > > Grüße,
> > > > Sven.
> > > > 
> > > 
> > > I wonder if there's a replacement for VirtualBox? I need something that 
> > > will
> > > allow me to share a directory between host and virtual machine, and to be
> > > able to go between both quickly (I don't have a dual-screen system - no 
> > > room
> > > where I live for that). If I could find something that would work I'd
> > > switch, I think. As for my friend, he would need far more features I guess
> > > (I don't know what though).
> > > 
> > 
> > qemu-kvm does not serve your needs? You can use it with GUI friendly
> > virt-manager, or from command line. And switching between host and guest
> > is switching between windows. As for shared directory, NFS?
> 
> The shared directory has to be a directory on the host (ie. ext4 is what I'm
> using). VirtualBox lets me share as many directories as I like and lets me
> specify which ones. I think I tried qemu and kvm and didn't even know how to
> use it or where to begin. I might have to revisit that sometime especially
> if I get tired of VirtualBox.
> 

Hmm, I was curious to see if it can be done with qemu-kvm. It can and is
not really hard. At least not with virt-manager, did not check on
command line. Anyway, just as a note if you decide to use it.

Once you make and open your VM, go to view, details, add hardware
button, file system, select folder for source ( like /home/something on
your host ), select folder for destination ( something on your guest
like example ), then mount that example where you want on your guest.
You just need to get right mount command, this is from qemu wiki:

mount -t 9p -o trans=virtio [mount tag] [mount point] -oversion=9p2000.L

Here is that page for further reading:

http://wiki.qemu.org/Documentation/9psetup

And here is with bit less reading and illustrated from kvm:

http://www.linux-kvm.org/page/9p_virtio

Personally, I do not have use for shared files between host and guest,
but hope that this can help you.

Re: [KDE5] Icônes manquantes dans Dolphin

[Mathias Dufresne]

Le 22 août 2017 à 18:40, thierry.jeanmou...@cegetel.net <
thierry.jeanmou...@cegetel.net> a écrit :

> Le 21/08/2017 à 14:37, Mathias Dufresne a écrit :
>
>> Bonjour à tou(te)s,
>>
>> Je viens d'installer Debian 9 et celle-ci est iconoclaste : dans Dolphin
>> je n'ai aucune icône malgré l'installation de "kde-full".
>>
>> Quelqu'un aurait une idée sur comment faire pour que ces icônes
>> reviennent ?
>>
>> En vous souhaitant une bonne journée,
>>
>> Mathias
>>
>
> Tu ne serais pas en 32 bits par hasard? J'ai le même problème d'icones
> manquantes avec Skrooge sous Stretch i386. En revanche aucun problème sous
> Stretch amd64, ou avec Jessie i386. J'ai constaté d'ailleurs pas mal de pbs
> avec la version 32 bits de Stretch.
>

Salut,

La probabilité est faible, j'ai utilisé debian-9.1.0-amd64-netinst.iso pour
l'installation.
Sinon :
moman:~# uname -a
Linux moman 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) x86_64
GNU/Linux
moman:~# file /lib/systemd/systemd
/lib/systemd/systemd: ELF 64-bit LSB shared object, x86-64, version 1
(SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for
GNU/Linux 2.6.32, BuildID[sha1]=70994edf61ebc37695fb0ed7a82eeb48d41413a0,
stripped

Ceci dit, c'est que j'expliquais dans mon dernier message, celui de ce fil
de discussion juste avant ton message, le problème est résolu en
renseignant des variables.

Ça a marché sur ma Gentoo, ça a marché sur le Debian 9 de ma môman, et les
infos je les avais récupéré, si je me souviens bien, sur le forum ou le
wiki Archlinux.

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Nicolas George]

Le quintidi 5 fructidor, an CCXXV, Mario Castelán Castro a écrit :
> Wrong. Your ambiguous choice of words has hidden the difference.

That was YOUR own choice of words, showing how this discussion is
pointless.

Regards,

-- 
  Nicolas George

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Jape Person]

On 08/22/2017 01:17 PM, Mario Castelán Castro wrote:

On 22/08/17 10:22, Jape Person wrote:

Hence, why I suspect that they are vulnerable. I bought these
things because my wife trips over her cables 3 or 4 times a day,
and wireless ones are just easier to deal with from a workstation
logistics standpoint.


Wireless things do not solve the problem of having to cope with
wires. They just replace this with the bigger problem of unauduitable
firmware directly exposed to the attacker (via radio or sometimes
infrared communication).

My suggestion is to instead address cabling directly. If your wife
trips because cables are in the floor, then use some wire to coil the
excess length so that it does not hang. If your cables have to go
through a walkway, then pass them through the bottom of the ceiling,
so that the floor will be clear and thus avoid the “tripping hazard”.
Use a cable extension if required. You may need to go to a hardware
store to buy a cable tray or a wall-mountable cable clamp.



There's no fix for my wife and the presence of cables. In this case, the 
cables for keyboard and mouse run from the Intel NUC computer nestled in 
a table beside her recliner to the keyboard on her lap and the mouse on 
her arm rest. She has yanked the cables free of the computer, pulled the 
computer out of its shelf, dropped the keyboard and then tripped over it 
when she tried to retrieve it, and actually toppled the table while 
"arguing" with the keyboard and mouse cables. Wireless devices were a 
ploy to reduce the likelihood of her causing damage to the various 
devices because of her interaction with things that were tied together 
physically.


Her clumsiness doesn't reduce her charm a bit. But you do have to be 
careful not to stand next to her in the kitchen. She gestures a lot with 
her hands -- even when holding knives. Ever seen a Fellini movie?


Kindest, sweetest person I've ever known. Over 60 years together, and 
she hasn't killed me yet. If she does, everyone can rest assured that it 
was an accident.



I'll look into getting the test suite from Bastille to see if I
can figure out how to do some testing on these things to see if
they look vulnerable. Do you really think that this is unauditable?
Bastille claims to have produced Open Source tools for doing just
that.


If the device firmware is secret, then it is unauduitable. Of
course, this applies to wired keyboards too. The problem is that
wireless keyboards are exposed to possible attackers, while wired
keyboards are not.

I have not heard about Bastille. Apparently they sell a
vulnerability scanner for wireless devices. I can easily be wrong
here because I just took a quick glance at
“https://www.bastille.net/product/introduction/”.

By doing vulnerability scanner, one can only test the device for a 
limited set of *known* vulnerabilities (the test suite must know what
to look for). I would not trust any wireless device just because a 
vulnerability scanning found nothing on it. Without seeing the

firmware source code, one can not tell if it has vulnerabilities
previously unknown.



Point taken. Saves me the time of fiddling with it. I just won't use the 
wireless stuff on my computers. I live in a large condominium which 
houses everything from script kiddies to DoD security folks.



Maybe I'll just use the wireless keyboards and mice to control
TVs.


Ugh? I did not know that TVs that have any use for keyboard and mice 
input existed. I guess it's just yet another class of devices with 
“walled-garden type” proprietary software providing an incountable 
number of fancy but completely useless bells and whistles.


What is next? A toaster that makes a Twitter post when the toasts are
ready?



Actually, the LG OLED TVs we have use an OS and application software for 
which source is readily available. Firmware for the bluetooth and / or 
usb wireless connectors may be another thing. But I haven't checked 
because I don't care if someone sends keystrokes to the TV. Yeah, good 
place for the wireless keyboards and mice. The Web browser on the TV 
actually works pretty well, though I hardly ever use it. The keyboards 
make entering search terms or passwords for connection to things like 
Hulu and Netflix a ton easier than doing such things with a "smart" remote.



That is why opaque cryptographic systems can not be trusted. This
is covered in any practical cryptography book.


Practical cryptography -- isn't that an oxymoron, for most users
at least? [...]
I was referring to *books* that address the issues related to 
*deploying* cryptographic systems as opposed to theoretical issues
or cryptanalysis (for example, the mathematics of elliptic curve 
cryptography, hash constructions “probably secure” based on the

random oracle model, and other details that are not relevant to the
end users). The question of whether cryptography can be practical is
a very different matter.

I believe that cryptography is already practical. For example, 

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Nicolas George]

Le quintidi 5 fructidor, an CCXXV, Mario Castelán Castro a écrit :
> Just as the problem of having to pay a loan is “solved” by requesting a
> new loan to pay the old loan.

Wrong, "pay a loan" and "pay a loan" are the same problem. "Pay a loan"
and "escape the police after robbing a bank" are two different problems,
for example.

The real question is, of course, which problem is the most severe for
the person who decides.

Regards,

-- 
  Nicolas George

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Nicolas George]

Le quintidi 5 fructidor, an CCXXV, Mario Castelán Castro a écrit :
> Wireless things do not solve the problem of having to cope with wires.
> They just replace this with the bigger problem of unauduitable firmware
> directly exposed to the attacker (via radio or sometimes infrared
> communication).

Well, that is not the SAME problem, so the original problem is solved.

ObPratchett:

# ‘You closed the road? You closed the road!’ he yelled, above the wind.
# 
# ‘And Kings Way, sir. Just in case,’ Carrot shouted down.
# 
# ‘You closed two major roads? Two whole damn roads? In the rush hour?’
# 
# ‘Yes, sir,’ said Carrot. ‘It was the only way.’
# 
# Vimes hung on, speechless. Would he have dared do that? But that was
# Carrot all over. There was a problem, and now it's gone. Admittedly, the
# whole city is probably solid with wagons by now, but that's a new
# problem.

HDMI Intel 5500 no detecta

[Epsilon Minus]

Estimados,

Tengo una portatil Acer que venia funcionando perfecto, la desenchufe del
HDMI, la volví a enchufar y no volvio a detectar el hdmi.   Actualice el
Sistema a ver si con las últimas actualizaciones se corregía. Es muy raro
lo que paso, mientras se mantuvo conectado el hdmi la reinicie muchas veces
y no tuve inconvenientes.

Estoy usando Debian testing como repositorios.

No se como forzar para que detecte el hdmi.  Volví a instalar el paquete
xserver-xorg-video-intel (ya estaba instalado) pero no resolví el problema.

Gracias, paso algunos datos de mi sistema:



root~# uname -a
Linux pc 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux


root~# lspci
00:00.0 Host bridge: Intel Corporation Broadwell-U Host Bridge -OPI (rev 09)
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 5500 (rev
09)
00:03.0 Audio device: Intel Corporation Broadwell-U Audio Controller (rev
09)
00:14.0 USB controller: Intel Corporation Wildcat Point-LP USB xHCI
Controller (rev 03)
00:16.0 Communication controller: Intel Corporation Wildcat Point-LP MEI
Controller #1 (rev 03)
00:1b.0 Audio device: Intel Corporation Wildcat Point-LP High Definition
Audio Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root
Port #1 (rev e3)
00:1c.2 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root
Port #3 (rev e3)
00:1c.3 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root
Port #4 (rev e3)
00:1d.0 USB controller: Intel Corporation Wildcat Point-LP USB EHCI
Controller (rev 03)
00:1f.0 ISA bridge: Intel Corporation Wildcat Point-LP LPC Controller (rev
03)
00:1f.2 SATA controller: Intel Corporation Wildcat Point-LP SATA Controller
[AHCI Mode] (rev 03)
00:1f.3 SMBus: Intel Corporation Wildcat Point-LP SMBus Controller (rev 03)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
03:00.0 Network controller: Qualcomm Atheros QCA9377 802.11ac Wireless
Network Adapter (rev 30)
root


root@# lsmod
Module  Size  Used by
rfcomm 77824  12
tun32768  2
nfnetlink_queue24576  0
nfnetlink_log  20480  0
nfnetlink  16384  2 nfnetlink_log,nfnetlink_queue
fuse   98304  5
vmw_vsock_vmci_transport28672  0
vsock  36864  1 vmw_vsock_vmci_transport
vmw_vmci   69632  1 vmw_vsock_vmci_transport
ctr16384  6
ccm20480  9
ebtable_filter 16384  0
ebtables   36864  1 ebtable_filter
ip6table_filter16384  0
ip6_tables 28672  1 ip6table_filter
iptable_filter 16384  0
pci_stub   16384  1
vboxpci24576  0
vboxnetadp 28672  0
vboxnetflt 28672  0
vboxdrv   438272  3 vboxnetadp,vboxnetflt,vboxpci
cmac   16384  1
bnep   20480  2
binfmt_misc20480  1
rtsx_usb_ms20480  0
memstick   16384  1 rtsx_usb_ms
rtsx_usb_sdmmc 28672  0
arc4   16384  2
joydev 20480  0
intel_rapl 20480  0
uvcvideo   90112  0
x86_pkg_temp_thermal16384  0
videobuf2_vmalloc  16384  1 uvcvideo
videobuf2_memops   16384  1 videobuf2_vmalloc
intel_powerclamp   16384  0
videobuf2_v4l2 24576  1 uvcvideo
btusb  45056  0
btrtl  16384  1 btusb
btbcm  16384  1 btusb
videobuf2_core 36864  2 uvcvideo,videobuf2_v4l2
coretemp   16384  0
videodev  172032  3 uvcvideo,videobuf2_core,videobuf2_v4l2
btintel16384  1 btusb
acer_wmi   20480  0
kvm_intel 196608  0
bluetooth 540672  39 btrtl,btintel,bnep,btbcm,rfcomm,btusb
kvm   577536  1 kvm_intel
sparse_keymap  16384  1 acer_wmi
media  40960  2 uvcvideo,videodev
irqbypass  16384  1 kvm
ecdh_generic   24576  1 bluetooth
crct10dif_pclmul   16384  0
crc32_pclmul   16384  0
ghash_clmulni_intel16384  0
iTCO_wdt   16384  0
rtsx_usb   20480  2 rtsx_usb_sdmmc,rtsx_usb_ms
snd_hda_codec_hdmi 49152  1
iTCO_vendor_support16384  1 iTCO_wdt
intel_cstate   16384  0
snd_hda_codec_realtek90112  1
snd_hda_codec_generic69632  1 snd_hda_codec_realtek
intel_uncore  118784  0
intel_rapl_perf16384  0
snd_hda_intel  40960  4
ath10k_pci 45056  0
snd_hda_codec 126976  4
snd_hda_intel,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec_realtek
ath10k_core   253952  1 ath10k_pci
snd_hda_core   77824  5
snd_hda_intel,snd_hda_codec,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec_realtek
snd_hwdep  16384  1 snd_hda_codec
ath28672  1 ath10k_core
snd_pcm   102400  

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 10:09, Greg Wooledge wrote:
> https://packages.debian.org/stretch/pwgen
> https://packages.debian.org/stretch/makepasswd
> https://packages.debian.org/stretch/apg
> https://packages.debian.org/stretch/otp
> https://packages.debian.org/stretch/gpw
> ...

There is no point in installing a package if it can be do as simply as this.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: O SquidGuard ou alternativas?

[Bruno Lessa]

Um que ouço falar muito bem é o NxFilter. Inclusive por ser eficiente em
filtrar HTTPS.

2017-08-22 12:52 GMT-03:00 Fagner Patricio :

> Na verdade ele é util só em casos como onde trabalho, ele serve para
> controlar quem pode acessar o que na internet e em que horário, por exemplo
> existem aqui onde eu trabalho um grupo que não pode acessar rede social
> durante o expediente de trabalho então configuro o squidguard baseado no
> login do usuário a bloquear sites de rede social das 06:00h até as  18:00h.
>
> Mas existem poucas alternativas ao SquidGuard, na verdade não sei nem se
> tem alternativas livres a ele mais.
>
> Em 22 de agosto de 2017 12:48, Leandro  escreveu:
>
>> Tambem gostaria de saber alias nunca entendi bem como ele pode ser tao
>> util... Desconhecimento mesmo
>>
>> Em 22 de ago de 2017 12:47 PM, "Fagner Patricio" <
>> fagner.patri...@gmail.com> escreveu:
>>
>>> Olá Pessoal!
>>>
>>> Eu uso em minha rede a combinação suqid + squidguard para filtragem de
>>> internet, a instalação atual já está em produção a 10 anos e temos que
>>> fazer uma atualização.
>>>
>>> Minha pergunta é se o SquidGuard ainda é o melhor software ou já existem
>>> alguma alternativa mais moderna?
>>>
>>> O que vocês usam?
>>>
>>> Obrigado.
>>>
>>> --
>>> Fagner Patrício
>>> João Pessoa - PB
>>> Brasil
>>>
>>
>
>
> --
> Fagner Patrício
> João Pessoa - PB
> Brasil
>



-- 
*Atenciosamente,*

*google.com/+BrunoLessa *

One-line password generator

[Mario Castelán Castro]

I have the following line in my Bash init file:

“alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”

This generates a password with just above 128 bits of entropy. You may
find it useful.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Relocated Header Directories

[Mario Castelán Castro]

On 22/08/17 09:57, Christian Seiler wrote:
> Not programs, but packages, yes. Not all library packages in Debian
> have been updated to use the Multi-Arch scheme yet (in some cases
> other aspects of the package may make this difficult, even if it
> is easy to put the .so file into the new location), though the
> number of packages that are still in /usr/lib directly has decreased
> with every Debian release since Wheezy (the first with Multi-Arch).

Thanks for the information.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Relocated Header Directories

[Mario Castelán Castro]

Thanks everybody for the explanation (note that I did not make the
original question). I had been wondering about why some of my “.so” were
in “/usr/lib/x86_64-linux-gnu” instead of just “/usr/lib”.

What about the ELF shared objects that *are* under “/usr/lib”? Are these
programs that do not have support for multi-arch?

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Xampp sur GNU Linux Debian Jessie 8.7.1

[JC.EtiembleG]

Le 22/08/2017 à 14:11, G2PC a écrit :

Bonjour,


Je suis entrain d'avancer sur mon serveur local Xampp.


Pourquoi installer Xampp alors que c'est plus simple d'installer 
Apache+PHP+Mysql(ou MariaDB)+Adminer (ou PHPMyAdmin)



--
J-C Etiemble

Re: Thoughts on Ansible? [was: Thoughts on Anible?]

[deloptes]

RavenLX wrote:

> I always wanted to learn Python actually, and am learning it also for
> some work scripts I want to write.

I started with PERL before python was out there and when it was out, I had a
look just to understand how it works.
It is good to know some scripting language to help you do some tasks.

Python became very powerful in the past years and knowing it better is
definitely of advantage

regards

Re: [KDE5] Icônes manquantes dans Dolphin

[thierry.jeanmou...@cegetel.net]

Le 21/08/2017 à 14:37, Mathias Dufresne a écrit :

Bonjour à tou(te)s,

Je viens d'installer Debian 9 et celle-ci est iconoclaste : dans Dolphin 
je n'ai aucune icône malgré l'installation de "kde-full".


Quelqu'un aurait une idée sur comment faire pour que ces icônes reviennent ?

En vous souhaitant une bonne journée,

Mathias


Tu ne serais pas en 32 bits par hasard? J'ai le même problème d'icones 
manquantes avec Skrooge sous Stretch i386. En revanche aucun problème 
sous Stretch amd64, ou avec Jessie i386. J'ai constaté d'ailleurs pas 
mal de pbs avec la version 32 bits de Stretch.

Re: Thoughts on Ansible?

[deloptes]

RavenLX wrote:

> For what I do, I would install Debian (Stretch is what I'm currently
> using) without any Desktop environment. Then my Bash Script installs a
> minimum KDE (without a lot of the dependent software I never use). Then
> reboots and I re-run the script in a terminal, which detects KDE is now
> running and goes about installing all the rest of the stuff and updating
> configurations, etc. Works great on both machines.

if it works for you why bother with something else?

it's good to know what options there are anyway.

regards

Re: O SquidGuard ou alternativas?

[André]

Caro Fagner,

Continuo utilizando Squid/SquidGuard, porem dentro do PFSENSE, onde tem
muito mais coisas em forma de módulos adicionais... como failover de
link's, openvpn, etc... e com o PF2AD do Luiz Gustavo, dá até para
autenticar no seu SAMBA 4. Acho que vale a pena conferir.

Abraços,

André Menezes

Em 22 de agosto de 2017 12:52, Fagner Patricio 
escreveu:

> Na verdade ele é util só em casos como onde trabalho, ele serve para
> controlar quem pode acessar o que na internet e em que horário, por exemplo
> existem aqui onde eu trabalho um grupo que não pode acessar rede social
> durante o expediente de trabalho então configuro o squidguard baseado no
> login do usuário a bloquear sites de rede social das 06:00h até as  18:00h.
>
> Mas existem poucas alternativas ao SquidGuard, na verdade não sei nem se
> tem alternativas livres a ele mais.
>
> Em 22 de agosto de 2017 12:48, Leandro  escreveu:
>
>> Tambem gostaria de saber alias nunca entendi bem como ele pode ser tao
>> util... Desconhecimento mesmo
>>
>> Em 22 de ago de 2017 12:47 PM, "Fagner Patricio" <
>> fagner.patri...@gmail.com> escreveu:
>>
>>> Olá Pessoal!
>>>
>>> Eu uso em minha rede a combinação suqid + squidguard para filtragem de
>>> internet, a instalação atual já está em produção a 10 anos e temos que
>>> fazer uma atualização.
>>>
>>> Minha pergunta é se o SquidGuard ainda é o melhor software ou já existem
>>> alguma alternativa mais moderna?
>>>
>>> O que vocês usam?
>>>
>>> Obrigado.
>>>
>>> --
>>> Fagner Patrício
>>> João Pessoa - PB
>>> Brasil
>>>
>>
>
>
> --
> Fagner Patrício
> João Pessoa - PB
> Brasil
>

Res: O SquidGuard ou alternativas?

[jmhenrique]

  Ola! Conheço o Urlfilterdb - cheguei a usar no lugar do squidguard - tem opções bem interessantes. Hj como a maioria tem smartphone não chega mais a ser um problema para mim. Hj eu fico mais em bloquear anúncios e páginas maliciosas, então passei a usar o privoxy e dnsmasq.  Mas para grupos de usuários com permissoes diversas, ou eh squidguard ou urlfilterdb.  Este último tem um licenciamento só das bases de dados, mas vc pode utilizar as suas próprias bases. Na época o squidguard só usava um processador e o urlfilterdb usava os que você dissesse pra usar, por isso escolhi ele na época. Abraços e divirta-se. ‎Henry Enviado do meu smartphone BlackBerry 10.De: Fagner PatricioEnviada: terça-feira, 22 de agosto de 2017 12:53Para: Debian ListAssunto: Re: O SquidGuard ou alternativas?Na verdade ele é util só em casos como onde trabalho, ele serve para controlar quem pode acessar o que na internet e em que horário, por exemplo existem aqui onde eu trabalho um grupo que não pode acessar rede social durante o expediente de trabalho então configuro o squidguard baseado no login do usuário a bloquear sites de rede social das 06:00h até as  18:00h.Mas existem poucas alternativas ao SquidGuard, na verdade não sei nem se tem alternativas livres a ele mais.Em 22 de agosto de 2017 12:48, Leandro  escreveu:Tambem gostaria de saber alias nunca entendi bem como ele pode ser tao util... Desconhecimento mesmoEm 22 de ago de 2017 12:47 PM, "Fagner Patricio"  escreveu:Olá Pessoal!Eu uso em minha rede a combinação suqid + squidguard para filtragem de internet, a instalação atual já está em produção a 10 anos e temos que fazer uma atualização.Minha pergunta é se o SquidGuard ainda é o melhor software ou já existem alguma alternativa mais moderna?O que vocês usam?Obrigado.-- Fagner PatrícioJoão Pessoa - PBBrasil


-- Fagner PatrícioJoão Pessoa - PBBrasil

Re: USB wireless keyboard in stretch

[Zoltán Herman]

Hi Alle,

I found this on https://wiki.archlinux.org/index.php/xfce( but analog can
be here as well.. look at )
or

look into the xfce4-session-verbose-log file, there is something wrong with
in( error on mouse/keyboard)


Greetings

Zoltán



2017-08-22 17:22 GMT+02:00 Jape Person :

> On 08/22/2017 09:33 AM, Mario Castelán Castro wrote:
>
>> On 21/08/17 23:02, Jape Person wrote:
>>
>>> The keyboard communications are encrypted, and both mouse and keyboard
>>> are rechargeable. But I at least have to check with Cherry support to
>>> learn whether or not my new toys are vulnerable. I suspect that they are.
>>>
>>
>> The problem is that even if the manufacturer assures you that the
>> wireless link is secured cryptographically, all you have is their word
>> for it. The implementation is very probably unauduitable (and even if
>> would not audit it yourself, somebody among the community of users
>> probably would do so and report if he found any vulnerability), as
>> almost all firmware is.
>>
>>
>
> Hence, why I suspect that they are vulnerable. I bought these things
> because my wife trips over her cables 3 or 4 times a day, and wireless ones
> are just easier to deal with from a workstation logistics standpoint.
>
> Dummy that I am, I had only considered the issues like password
> interception, and had never considered the possibility that an unencrypted
> mouse connection would be a path for introducing keystrokes to the system,
> though it's a really obvious attack path. Surely proper design of the
> transceiver could keep the mouse input from sending keystrokes, but then I
> suppose some of the "special features" of the mouse wouldn't work -- and we
> couldn't have that, could we?
>
> I'll look into getting the test suite from Bastille to see if I can figure
> out how to do some testing on these things to see if they look vulnerable.
> Do you really think that this is unauditable? Bastille claims to have
> produced Open Source tools for doing just that.
>
> Maybe I'll just use the wireless keyboards and mice to control TVs.
>
> That is why opaque cryptographic systems can not be trusted. This is
>> covered in any practical cryptography book.
>>
>>
> Practical cryptography -- isn't that an oxymoron, for most users at least?
> People at my lower level of competence are at least aware that cryptography
> can be used in a variety of ways. I implemented encrypted e-mail on my own
> systems years ago, only to find that I couldn't persuade even one other
> among my acquaintances to use it. Not even if I set it up for them. Some of
> these folks were medical professionals who were exchanging the health data
> of patients among themselves and with patients -- by e-mail!
>
> In a day when people post their most personal experiences and thoughts on
> Facebook or Twitter for everyone to read, most people don't seem able to
> comprehend that some of us would prefer not to broadcast our underwear
> preferences to the universe.
>
> Thank you very much for your thoughts. They jerked me a little further
> back into such reality as I can tolerate.
>
> ;-)
>
> JP
>
>

Re: Using preseed (Debian/Ubuntu) to partition both RAID and encryption

[Andre Goree]

On 2017/08/21 4:19 pm, Andre Goree wrote:

I am trying to configure a preseed image using RAID + encryption. I
originally wanted to do this without LVM, however it does not seem (at
least with encryption) that this is possible. I simply want to know if
this is even possible via preseed -- that is, to have both RAID and
encryption partitioned. All the documentation I'm seeing states (from
what I can tell) that you can only have either RAID _or_ encryption.
I'm not seeing any way to preseed both.

I've attached the disk configuration portions of the preseeds I've
used to provision LVM+RAID (with some success, seem to have an issue
booting after that but I'm sure that's something I can overcome -- the
RAID and LVM are configured when I boot into rescue mode after an
install using the attached preseed conf) and LVM+encryption (with this
conf, grub has a hard time installing but I'm sure I could work around
that as well).

I suppose, I'm trying to meld the two, and I've tried a few different
combinations but not have worked out. Essentially, I believe you can
have only either partman-auto/method string crypt or
partman-auto/method string raid but not both. Can anyone confirm or
deny this for me? Thanks in advance.


--
Andre Goree
-=-=-=-=-=-
Email - andre at drenet.net
Website   - http://www.drenet.net
PGP key   - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-



Wanted to bump this.  Should I perhaps ask on a different list?  Maybe 
one of the dev lists?



--
Andre Goree
-=-=-=-=-=-
Email - andre at drenet.net
Website   - http://www.drenet.net
PGP key   - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-

Re: NFS creates hidden port

[Thomas Schmitt]

Hi,

i wrote:
> > E.g. try to patch unhide-tcp so that it reads the NFS port number from
> > a file which you create before the Rkhunter run.

Rob van der Putten wrote:
> I would have to find out when NFS does a callback an then dump the local
> port into a file.

Earlier:
> > > The hidden port lingers on for days. Until one restarts NFS.
> > > NFS then uses an other port which clearly shows in netstat,
> > > until it becomes hidden again.

One could make a script which determines and records the port number
as long as it is visible. When it vanishes from netstat, then one would
stay with the recorded number until the NFS port re-appears in netstat
again.


> It's the client side of RPC NFS callback. 

Question is whether it can be unambiguously recognized in netstat output
as long as it is visible.
Further: Is it always only one hidden port ?


Have a nice day 

Thomas

Re: Remove contents

[Mario Castelán Castro]

On 22/08/17 07:44, Sherwin Kamperveen wrote:
> Is it possible to remove the following contents. It is content that is
very old.

No. All information sent to these mailing lists is made public by the
author. It is NOT possible to remove, and the Debian project will ignore
any such request. See the Debian mailing list FAQ.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Security Alert Links

[palemastervolrath]

Greetings,

There seems to be an issue with the Debian website.

The links on the page for the security bug announcements are all 
forbidden.

V/r,
John

Re: O SquidGuard ou alternativas?

[Fagner Patricio]

Na verdade ele é util só em casos como onde trabalho, ele serve para
controlar quem pode acessar o que na internet e em que horário, por exemplo
existem aqui onde eu trabalho um grupo que não pode acessar rede social
durante o expediente de trabalho então configuro o squidguard baseado no
login do usuário a bloquear sites de rede social das 06:00h até as  18:00h.

Mas existem poucas alternativas ao SquidGuard, na verdade não sei nem se
tem alternativas livres a ele mais.

Em 22 de agosto de 2017 12:48, Leandro  escreveu:

> Tambem gostaria de saber alias nunca entendi bem como ele pode ser tao
> util... Desconhecimento mesmo
>
> Em 22 de ago de 2017 12:47 PM, "Fagner Patricio" <
> fagner.patri...@gmail.com> escreveu:
>
>> Olá Pessoal!
>>
>> Eu uso em minha rede a combinação suqid + squidguard para filtragem de
>> internet, a instalação atual já está em produção a 10 anos e temos que
>> fazer uma atualização.
>>
>> Minha pergunta é se o SquidGuard ainda é o melhor software ou já existem
>> alguma alternativa mais moderna?
>>
>> O que vocês usam?
>>
>> Obrigado.
>>
>> --
>> Fagner Patrício
>> João Pessoa - PB
>> Brasil
>>
>


-- 
Fagner Patrício
João Pessoa - PB
Brasil

O SquidGuard ou alternativas?

[Fagner Patricio]

Olá Pessoal!

Eu uso em minha rede a combinação suqid + squidguard para filtragem de
internet, a instalação atual já está em produção a 10 anos e temos que
fazer uma atualização.

Minha pergunta é se o SquidGuard ainda é o melhor software ou já existem
alguma alternativa mais moderna?

O que vocês usam?

Obrigado.

-- 
Fagner Patrício
João Pessoa - PB
Brasil

Re: USB wireless keyboard in stretch

[Mario Castelán Castro]

On 22/08/17 04:11, Darac Marjal wrote:
> Don't forget your TEMPEST-approved faraday cage (I mean, what's the wire
> between the keyboard and the computer if not a nice aerial?)

No. USB uses twisted pair, which is designed specifically to be a bad
antenna. Also, the relatively low frequency of USB 1.0 and 2.0 does not
lend itself well to RF emission by small radiators.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: USB wireless keyboard in stretch

[Mario Castelán Castro]

On 21/08/17 23:02, Jape Person wrote:
> The keyboard communications are encrypted, and both mouse and keyboard
> are rechargeable. But I at least have to check with Cherry support to
> learn whether or not my new toys are vulnerable. I suspect that they are.

The problem is that even if the manufacturer assures you that the
wireless link is secured cryptographically, all you have is their word
for it. The implementation is very probably unauduitable (and even if
would not audit it yourself, somebody among the community of users
probably would do so and report if he found any vulnerability), as
almost all firmware is.

That is why opaque cryptographic systems can not be trusted. This is
covered in any practical cryptography book.



signature.asc
Description: OpenPGP digital signature

Re: USB wireless keyboard in stretch

[Jape Person]

On 08/22/2017 09:33 AM, Mario Castelán Castro wrote:

On 21/08/17 23:02, Jape Person wrote:

The keyboard communications are encrypted, and both mouse and keyboard
are rechargeable. But I at least have to check with Cherry support to
learn whether or not my new toys are vulnerable. I suspect that they are.


The problem is that even if the manufacturer assures you that the
wireless link is secured cryptographically, all you have is their word
for it. The implementation is very probably unauduitable (and even if
would not audit it yourself, somebody among the community of users
probably would do so and report if he found any vulnerability), as
almost all firmware is.




Hence, why I suspect that they are vulnerable. I bought these things 
because my wife trips over her cables 3 or 4 times a day, and wireless 
ones are just easier to deal with from a workstation logistics standpoint.


Dummy that I am, I had only considered the issues like password 
interception, and had never considered the possibility that an 
unencrypted mouse connection would be a path for introducing keystrokes 
to the system, though it's a really obvious attack path. Surely proper 
design of the transceiver could keep the mouse input from sending 
keystrokes, but then I suppose some of the "special features" of the 
mouse wouldn't work -- and we couldn't have that, could we?


I'll look into getting the test suite from Bastille to see if I can 
figure out how to do some testing on these things to see if they look 
vulnerable. Do you really think that this is unauditable? Bastille 
claims to have produced Open Source tools for doing just that.


Maybe I'll just use the wireless keyboards and mice to control TVs.


That is why opaque cryptographic systems can not be trusted. This is
covered in any practical cryptography book.



Practical cryptography -- isn't that an oxymoron, for most users at 
least? People at my lower level of competence are at least aware that 
cryptography can be used in a variety of ways. I implemented encrypted 
e-mail on my own systems years ago, only to find that I couldn't 
persuade even one other among my acquaintances to use it. Not even if I 
set it up for them. Some of these folks were medical professionals who 
were exchanging the health data of patients among themselves and with 
patients -- by e-mail!


In a day when people post their most personal experiences and thoughts 
on Facebook or Twitter for everyone to read, most people don't seem able 
to comprehend that some of us would prefer not to broadcast our 
underwear preferences to the universe.


Thank you very much for your thoughts. They jerked me a little further 
back into such reality as I can tolerate.


;-)

JP

Re: No ifconfig

[Christian Seiler]

Am 2017-08-22 17:11, schrieb Sven Hartge:

Christian Seiler  wrote:


auto eth0
iface eth0 inet static
  address 192.168.0.1/24
  address 192.168.0.42/24
  address 10.5.6.7/8



This will work, and it will assign all IPs to the interface (the first
one being the primary and the source IP of outgoing packets where the
program doesn't explicitly bind anything).


No, this does not work in Stretch. Only the first address is added. To
get additional addresses, it has to look like this:

,
| auto eth0
| iface eth0 inet static
|   address 192.168.0.1/24
|
| iface eth0 inet static
|   address 192.168.0.42/24
|
| iface eth0 inet static
|   address 10.5.6.7/8
`


Oh yeah, sorry, I wrote that from memory and misremembered a bit.
Thanks for the clarification!

Regards,
Christian

Re: NFS creates hidden port

[Rob van der Putten]

Hi there


On 22/08/17 15:23, Thomas Schmitt wrote:


It seems that it was fixed or suppressed intermediately.
The newer post says "It's back!".



I already stated my enthusiasm on occasion of your post about DVD ejecting.
It is discouraging to get ignored after having invested substantial
effort in diagnosing or at least reliably reproducing a kernel problem.


Well, complaining is futile. Try to work around in user space.
E.g. try to patch unhide-tcp so that it reads the NFS port number from
a file which you create before the Rkhunter run.

You could let function checkoneport() return "ok" if "port" is the
registered NFS zombie. This would be done before the function runs
netstat by
if (NULL != (fich_tmp=popen (command, "r")))
in
   https://sources.debian.net/src/unhide/20130526-1/unhide-tcp.c/#L190


I would have to find out when NFS does a callback an then dump the local 
port into a file.



Regards,
Rob

Re: No ifconfig

[Sven Hartge]

Christian Seiler  wrote:

> auto eth0
> iface eth0 inet static
>   address 192.168.0.1/24
>   address 192.168.0.42/24
>   address 10.5.6.7/8

> This will work, and it will assign all IPs to the interface (the first
> one being the primary and the source IP of outgoing packets where the
> program doesn't explicitly bind anything).

No, this does not work in Stretch. Only the first address is added. To
get additional addresses, it has to look like this:

,
| auto eth0
| iface eth0 inet static
|   address 192.168.0.1/24
|
| iface eth0 inet static
|   address 192.168.0.42/24
|
| iface eth0 inet static
|   address 10.5.6.7/8
`

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: One-line password generator

[Greg Wooledge]

On Tue, Aug 22, 2017 at 10:04:59AM -0500, Mario Castelán Castro wrote:
> I have the following line in my Bash init file:
> 
> “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> 
> This generates a password with just above 128 bits of entropy. You may
> find it useful.

https://packages.debian.org/stretch/pwgen
https://packages.debian.org/stretch/makepasswd
https://packages.debian.org/stretch/apg
https://packages.debian.org/stretch/otp
https://packages.debian.org/stretch/gpw
...

Re: Static IP not working ("connmand" problem)?

[Sven Hartge]

Steffen Dettmer  wrote:
> On Sun, Aug 20, 2017 at 8:09 PM, Sven Hartge  wrote:

>>> How to configure static IP? network/interfaces as in [1] seem not to
>>> work because of a "connmand".
>>
>> connmand? The package "connman" is not contained in the default
>> installation of Debian.

> So what I think what had been left open:
> - how came the package onto this system?

/var/log/dpkg.log* might tell you. Also /var/log/apt/{history,term}.log*
may be of interest.

S°

-- 
Sigmentation fault. Core dumped.

Re: Relocated Header Directories

[Christian Seiler]

Am 2017-08-22 16:47, schrieb Mario Castelán Castro:
What about the ELF shared objects that *are* under “/usr/lib”? Are 
these

programs that do not have support for multi-arch?


Not programs, but packages, yes. Not all library packages in Debian
have been updated to use the Multi-Arch scheme yet (in some cases
other aspects of the package may make this difficult, even if it
is easy to put the .so file into the new location), though the
number of packages that are still in /usr/lib directly has decreased
with every Debian release since Wheezy (the first with Multi-Arch).

Regards,
Christian

Re: [KDE5] Icônes manquantes dans Dolphin

[Mathias Dufresne]

Salut à tou(te)s,

Vous lire m'a rappelé que j'avais déjà eu le souci avec ma Gentoo, problème
résolu en ajoutant quelques variables à mon .bashrc.
J'ai ajouté ces variables sur la Debian 9, toujours dans le .bashrc de
l'utilisateur ouvrant la session graphique (ici openBox) et le problème est
résolu, les icônes sont revenues.
Ce problème ne touchait pas ma Gentoo lorsque le bureau était KDE, sur
Debian je n'ai pas testé.

On m'a demandé dans le premier message quelles versions j'utilisais : peut
importe. J'ai KDE5 sur ma Gentoo depuis plusieurs mois et les versions ont
bien changé depuis.

Comme je suis un gros fainéant et que je l'affiche - sans remords aucun -
je n'ai pas vérifié si ces variables sont toutes nécessaires, peut-être que
quelqu'un ici s'en donnera la peine, peut-être que je le ferai un jour...

Toujours est-il que les variables ajoutées sont les suivantes :
export XDG_CURRENT_DESKTOP=KDE

export KWIN_EXPLICIT_SYNC=0
export QT_QPA_PLATFORMTHEME="qt5ct"

export XDG_MENU_PREFIX=kde-4-
export XCURSOR_THEME=breeze_cursors
export KDE_SESSION_VERSION=5

Et avec ça, Dolphin ne joue plus les iconoclastes : )

Bonne fin de journée !

mathias


Le 22 août 2017 à 13:47, Haricophile  a écrit :

> Le Mon, 21 Aug 2017 20:59:33 +0200,
> maderios  a écrit :
>
> > Bonjour
> > KDE est dans les choux depuis un moment et ce, pour toutes les
> > distro. Ce n'est pas un hasard si le dev principal de Digikam, Gilles
> > Caulier, a supprimé les trois  quarts des dépendances kde au profit
> > de qt5 et il veut même aller plus loin...
>
> Bonne nouvelle ça, KDE a quelques softs intéressants comme ça mais trop
> dépendant de KDE pour être utilisé sur d'autres bureaux.
>
> --
> haricoph...@aranha.fr
>
>

RE: USB wireless keyboard in stretch

[Alle Meije Wink]

Zoltán Herman  wrote:
>> Check the contents of grub conf,
>> what is the difference to the recovery case!?

Hi, thanks for your reply (the first helpful one)

If I go to recovery mode, I can type to go to maintenance.
But even then if I continue booting (using ctrl-d) the XFCE
desktop session that I get has no keyboard/mouse either.

So it does not seem to be a kernel parameter, rather the
wireless keyboard not getting through to lightDM/XFCE?

BTW I mailed bluetooth, but it turns out to be a universal USB receiver
with WiFI

Many thanks

Re: Je veux me réjouir comme une reine. Manon

[Amouih Yao]

oui je veux ton numero
 

Le Dimanche 6 août 2017 16h31, Manon Pshednovek  
a écrit :
 

 

Voudrais-tu être mon roi? 
http://bit.ly/2udNEIJ

   

Re: [KDE5] Icônes manquantes dans Dolphin

[Haricophile]

Le Mon, 21 Aug 2017 20:59:33 +0200,
maderios  a écrit :

> Bonjour
> KDE est dans les choux depuis un moment et ce, pour toutes les
> distro. Ce n'est pas un hasard si le dev principal de Digikam, Gilles
> Caulier, a supprimé les trois  quarts des dépendances kde au profit
> de qt5 et il veut même aller plus loin...

Bonne nouvelle ça, KDE a quelques softs intéressants comme ça mais trop
dépendant de KDE pour être utilisé sur d'autres bureaux.

-- 
haricoph...@aranha.fr 

Remove contents

[Sherwin Kamperveen]

Hello Sir/Madame,

Is it possible to remove the following contents. It is content that is very old.

Link with contents:
- https://lists.debian.org/debian-user/2003/05/msg02343.html
-

If it's possible I would receive a feedback when the content is removed.

Thank you in advance.

Yours truly,

S.Kamperveen

Re: NFS creates hidden port

[Thomas Schmitt]

Hi,

Rob van der Putten wrote:
> And this post is over a year old.

It seems that it was fixed or suppressed intermediately.
The newer post says "It's back!".


> One would expect this to be fixed by now.

I already stated my enthusiasm on occasion of your post about DVD ejecting.
It is discouraging to get ignored after having invested substantial
effort in diagnosing or at least reliably reproducing a kernel problem.


Well, complaining is futile. Try to work around in user space.
E.g. try to patch unhide-tcp so that it reads the NFS port number from
a file which you create before the Rkhunter run.

You could let function checkoneport() return "ok" if "port" is the
registered NFS zombie. This would be done before the function runs
netstat by
   if (NULL != (fich_tmp=popen (command, "r")))
in
  https://sources.debian.net/src/unhide/20130526-1/unhide-tcp.c/#L190


Have a nice day :)

Thomas

Re: error Correo

[admin . red]

Reinicia el server y me dices, puede que tengas problemas en una de las 
particiones y dame mas datos que has hecho antes o despues del error



El 2017-08-22 08:58, Luis Ernesto Garcia Reyes escribió:

Tengo instalado un servidor de correo electrónico y me deja enviar y
recibir correos desde el dominio local, pero cuando intento enviar a
otro dominio cualquiera .cu o exterior me envía el siguiente error
adjunto. Alguien tienes la solución. Saludos

Re: What tool can I use to make efficient incremental backups?

[Celejar]

On Tue, 22 Aug 2017 01:25:50 -0400
Gene Heskett  wrote:

...

> Amanda does not do this "deduplication" that I am aware of.
> 
> That is another aspect of data control that does not belong in the job 
> discription of what a backup program should do, which is to be a 
> repository on some other storage medium besides the day to day operating 
> cache, of the data you will need to recover and restore normal 
> operations should your main drive become unusable with no signs of ill 
> health until its falls over.

That's not the only job of backup programs. I have backups of that
nature (rsnapshot), but I want some critical data to be stored offsite,
in the cloud, as well. This is a very bandwidth and storage limited
context, so deduplication is most welcome, even though there is, of
course, the tradeoff that you mention.

...

> Backups are so much a personal preferences thing its hard to
define.

...

> They can't get that amanda keeps records, and if you need to recover the 
> home directories of Joe and Jane Sixpack who work in sales, amanda will 
> look up the last level 0, restore that, and restore over that from the 
> various other level 1 or 2 backups made since until it arrives at and 
> recovers anything of theirs in last nights backup. I am backing up 5 
> machines here, using 20 to 32 GB worth of space a night on a separate 1 
> TB drive thats currently about 78% full.
> 
> You can make up your own mind, but to me amanda has been a good thing.

Sounds like a great program.

> Cheers, Gene Heskett

Celejar

Re: Static IP not working ("connmand" problem)?

[Steffen Dettmer]

Hi,

On Sun, Aug 20, 2017 at 8:09 PM, Sven Hartge  wrote:
>> How to configure static IP? network/interfaces as in [1] seem not to
>> work because of a "connmand".
>
> connmand? The package "connman" is not contained in the default
> installation of Debian.

Thank you for your help. Just to report my final result, after
removing the package and rebooting the system, it seems to work fine!
I didn't made a test with unavailable DHCP yet but I think it will
pass, logs look better now.

So what I think what had been left open:
- how came the package onto this system?
- the Wiki documentation of network config is imprecise / incomplete
As I did not fully understand the issue, I think I better not update the Wiki.

Steffen

error Correo

[Luis Ernesto Garcia Reyes]

Tengo instalado un servidor de correo electrónico y me deja enviar y recibir
correos desde el dominio local, pero cuando intento enviar a otro dominio
cualquiera .cu o exterior me envía el siguiente error adjunto. Alguien
tienes la solución. Saludos

Re: Virtualbox for stretch and buster not in repos

[RavenLX]

On 08/18/2017 10:25 AM, Dejan Jocic wrote:

On 18-08-17, RavenLX wrote:

On 08/18/2017 09:14 AM, Sven Hartge wrote:

RavenLX  wrote:


I always used the Oracle repo anyway because it was updated more
frequently. But I do wish that something could be worked out so that
it would be back in Debian.


Highly unlikely, as Oracle behaves like this for all software released
and distributed by them.

Grüße,
Sven.



I wonder if there's a replacement for VirtualBox? I need something that will
allow me to share a directory between host and virtual machine, and to be
able to go between both quickly (I don't have a dual-screen system - no room
where I live for that). If I could find something that would work I'd
switch, I think. As for my friend, he would need far more features I guess
(I don't know what though).



qemu-kvm does not serve your needs? You can use it with GUI friendly
virt-manager, or from command line. And switching between host and guest
is switching between windows. As for shared directory, NFS?


The shared directory has to be a directory on the host (ie. ext4 is what 
I'm using). VirtualBox lets me share as many directories as I like and 
lets me specify which ones. I think I tried qemu and kvm and didn't even 
know how to use it or where to begin. I might have to revisit that 
sometime especially if I get tired of VirtualBox.

Re: Thoughts on Ansible? [was: Thoughts on Anible?]

[RavenLX]

On 08/19/2017 07:35 PM, deloptes wrote:

Zenaan Harkness wrote:


Pythong, -the- language for digital wedgies.


haha " digital wedgies"!
you don't have to know python to use ansible
Actually YAML is more important for ansible

regards


I always wanted to learn Python actually, and am learning it also for 
some work scripts I want to write.

Re: Thoughts on Ansible? [was: Thoughts on Anible?]

[RavenLX]

On 08/19/2017 05:52 PM, Zenaan Harkness wrote:

On Sat, Aug 19, 2017 at 02:32:45PM -0400, RavenLX wrote:

am learning Pythong.


Pythong, -the- language for digital wedgies.


ROTFLMAO! I think my typing needs to go bak to schtool. :P (That time 
typos were on purpose - just a little added humor ;) ) Whenever I go 
writing a post that is quite long, I will have to remind myself to: a) 
Never write a long post when tired and b) Proofread the post. Maybe a 
little dose of c) TBP (Think Before Posting) would also help in my case.

Re: Thoughts on Ansible?

[RavenLX]

On 08/20/2017 11:45 AM, deloptes wrote:

RavenLX wrote:


A friend suggested Ansible, but I think I agree with you that for what I
do, Ansible would be overkill. I have two laptops that I keep pretty
identical and so far have done well doing so with only a bash script I
wrote. As for servers I only maintain 1 web server and an identical test
server that is a virtual machine on my own computer. So I don't have a
lot of machines. (Well, to me they are not a lot).



Yes indeed, I think ansible is best when used to manage machines of similar
kind. If you want to keep your notebooks to same package and config level
it could be of advantage to write a simple ansible playbook to upgrade and
configure.

My experience is from a LXD project - roll out of the physical and then
virtual servers ... about 100+ in total.


Yaml is new to me. I'll have to look into it. I know a little about JSON
and XML but that's it.


Similar to JSON, but other logic and format. Don't worry if you have time to
play a bit, ansible could be fun and you can not only get management for
your notebooks, vms etc, but also learn YAML.

Note: under jessie you need to install and configure virtual python3 env and
pip install ansible into it.

Best use latest (and greatest) ansible version

regards


For what I do, I would install Debian (Stretch is what I'm currently 
using) without any Desktop environment. Then my Bash Script installs a 
minimum KDE (without a lot of the dependent software I never use). Then 
reboots and I re-run the script in a terminal, which detects KDE is now 
running and goes about installing all the rest of the stuff and updating 
configurations, etc. Works great on both machines.

Re: USB wireless keyboard in stretch

[Zoltán Herman]

Check the contents of grub conf,
what is the difference to the recovery case!?

Re: [KDE5] Icônes manquantes dans Dolphin

[maderios]

On 08/22/2017 01:54 PM, Sylvain Caselli wrote:

Bonjour,

Le 21/08/2017 à 20:59, maderios a écrit :

On 08/21/2017 07:46 PM, MERLIN Philippe wrote:

Moi de même un dist-upgrade enlève 150 paquets et cela dure depuis 4
jours.
Un avertissement donné dans la liste kde indiquait qu"une nouvelle 
version de
QT arrivait et qu'il était conseillé de faire seulement des upgrade , 
cette
situation j'espère ne va pas trop durer, c'est quand même assez rare 
dans le

monde Debian.


Bonjour
KDE est dans les choux depuis un moment et ce, pour toutes les distro. 
Ce n'est pas un hasard si le dev principal de Digikam, Gilles Caulier, 
a supprimé les trois  quarts des dépendances kde au profit de qt5 et 
il veut même aller plus loin...


Un exemple ne fait pas une généralité mais chez moi sous Mageia pour mon 
ordi fixe, Kde fonctionne nikel. Bon, étant adepte du cliquodrôme, ne me 
demandez pas pourquoi ni comment.
Exact. J'aurais du écrire 'pour toutes les distro, sauf exceptions, dont 
Mageia'. J'ai lu quelque part que des dev de kde bossent également pour 
mageia, ceci explique peut-être cela...


--
Maderios

Xampp sur GNU Linux Debian Jessie 8.7.1

[G2PC]

Bonjour,
Je suis entrain d'avancer sur mon serveur local Xampp.
Si parmis vous, quelqu'un veut installer une Xampp sur Debian 64, et,
faire une relecture de ce petit tutoriel ?

*I) Concernant l'erreur du mot de passe pour PHPMyAdmin*

Je rencontre un bogue :
Lien vers le tutoriel :
https://www.visionduweb.eu/wiki/index.php?title=Installer_et_utiliser_XAMPP_sous_GNU_Linux#Ajouter_des_mots_de_passe

Configurer les paramètres de sécurité avec : sudo /opt/lampp/lampp security
J'ai créé un mot de passe pour PHPMyAdmin, MySQL, et le FTP.

Le mot de passe créé pour PHPMyAdmin ( avec un copier coller ) ne
fonctionne pas. Depuis PHPMyAdmin utilisateur root + mot de passe.
Je devrais modifier le fichier de conf par la suite, pour mettre le mot
de passe de mysql, pour pouvoir me connecter à PHPMyAdmin.

- Est ce le copier coller, qui fait que aucun mot de passe n'aient été
enregistré, pour le passe de PHPMyAdmin ?
Je ne pense pas, le passe de MySQL semble fonctionner, et, celui de FTP
aussi.

- Est ce parce que j'ai mis un mot de passe différent, pour PHPMyAdmin
et MySQL ?

- Est ce un problème de droits ? Etrange, puisque le mot de passe de
MySQL semble lui avoir été bien renseigné et exister.

- C'est peut être un problème de nom d'utilisateur ? L'utilisateur de
PHPMyAdmin ne serrait pas "root" ?


*II) Question : Noter que cela va définir votre nom d'utilisateur XAMPP
à llamp*

A la fin de la création automatique des mots de passe, avec sudo
/opt/lampp/lampp security
J'ai le message : ” Noter que cela va définir votre nom d'utilisateur
XAMPP à llamp. ( Ou bien, j'ai vu cela depuis un tutoriel, je ne suis
pas sur. )
Je ne l'ai pas ajouté au wiki, car, pas certain de bien saisir qui est
"llamp" ( Qui pourrait tout aussi bien être "lampp" en cas d'erreur de
saisie sur le tutoriel ? )

Source complète de ce tutoriel pour installer et utiliser Xampp sur GNU
/ Linux :
https://www.visionduweb.eu/wiki/index.php?title=Installer_et_utiliser_XAMPP_sous_GNU_Linux

Re: Supprimer la fenêtre du client Owncloud

[contact]

Le 16/08/2017 à 11:50, contact a écrit :


Bonjour

je viens de passer sous Debian 9, et depuis mon client Owncloud, 
m'affiche une fenêtre d'information à l'ouverture des sessions 
utilisateur. Ce comportement n'existait pas quand j'étais avec Debian 8



--
*François-Marie BILLARD*
Sculpteur - Céramiste  Atelier à Avaray 
- Loir-et-Cher.


en utilisant owncloudcmd avec login,mot de passe le tout activé par cron 
pour obtenir une synchronisation régulière.



--
*François-Marie BILLARD*

Re: [KDE5] Icônes manquantes dans Dolphin

[Sylvain Caselli]

Bonjour,

Le 21/08/2017 à 20:59, maderios a écrit :

On 08/21/2017 07:46 PM, MERLIN Philippe wrote:

Moi de même un dist-upgrade enlève 150 paquets et cela dure depuis 4
jours.
Un avertissement donné dans la liste kde indiquait qu"une nouvelle 
version de
QT arrivait et qu'il était conseillé de faire seulement des upgrade , 
cette
situation j'espère ne va pas trop durer, c'est quand même assez rare  
dans le

monde Debian.


Bonjour
KDE est dans les choux depuis un moment et ce, pour toutes les distro. 
Ce n'est pas un hasard si le dev principal de Digikam, Gilles Caulier, 
a supprimé les trois  quarts des dépendances kde au profit de qt5 et 
il veut même aller plus loin...


Un exemple ne fait pas une généralité mais chez moi sous Mageia pour mon 
ordi fixe, Kde fonctionne nikel. Bon, étant adepte du cliquodrôme, ne me 
demandez pas pourquoi ni comment.


Sylvain.

Re: NFS creates hidden port

[Rob van der Putten]

Hi there


On 22/08/17 12:38, Thomas Schmitt wrote:


Rob van der Putten wrote:

I think this may be a kernel bug.


A valid theory for now. I googled on:
   
https://askubuntu.com/questions/851986/rkhunter-reports-hidden-tcp-port-probably-nfs-server
brings me to
   http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg910866.html
Some suspicious kernel commit ids are mentioned in
   http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg911346.html
It looks like the original poster ended up speaking to himself. Insightful
but lonely.

One year late the problem appeared again
   https://patchwork.kernel.org/patch/9207481/


And this post is over a year old. One would expect this to be fixed by now.


Regards,
Rob

Re: NFS creates hidden port

[Thomas Schmitt]

Hi,

Rob van der Putten wrote:
> I think this may be a kernel bug.

A valid theory for now. I googled on:
  
https://askubuntu.com/questions/851986/rkhunter-reports-hidden-tcp-port-probably-nfs-server
brings me to
  http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg910866.html
Some suspicious kernel commit ids are mentioned in
  http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg911346.html
It looks like the original poster ended up speaking to himself. Insightful
but lonely.

One year late the problem appeared again
  https://patchwork.kernel.org/patch/9207481/


Have a nice day :)

Thomas

Re: NFS creates hidden port

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Aug 22, 2017 at 12:02:45PM +0200, Rob van der Putten wrote:
> Hi there
> 
> 
> On 22/08/17 11:44, to...@tuxteam.de wrote:
> 
> 
> 
> >>This raises the question why netstat does not show Rob's NFS ports.
> >>Does NFS change the port fast enough so that netstat and port scan differ ?
> >
> >A good question. I guess we need more details from the OP.
> 
> The hidden port lingers on for days. Until one restarts NFS. NFS
> then uses an other port which clearly shows in netstat, until it
> becomes hidden again. And the daily rkhunter [1] starts complaining
> about it.

How do you call netstat?

cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmcBw0ACgkQBcgs9XrR2kavNQCcC20qO99YzqJaZT2lJruBe0O6
JsEAn00ua1A91Z+FUuRJXHy7JVlOPLg/
=mmo0
-END PGP SIGNATURE-

Re: USB wireless keyboard in stretch

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Aug 22, 2017 at 11:05:34AM +0100, Dominic Knight wrote:
> On Mon, 2017-08-21 at 21:46 -0500, Mario Castelán Castro wrote:

[...]

> > Very simple: Use a wired keyboard.

> And all those heavy metals inside that plastic case - please revert to
> using a chisel and stone tablet.

The "nothing-can-be-done" fallacy?

(a bit tongue in cheek ;-)
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmcBmIACgkQBcgs9XrR2kb4pQCZAV6bMb+ANjscj17kRAW5tOHp
VpYAnRuo51ytuHaChe1aeUFWMG3bcwIF
=bgnW
-END PGP SIGNATURE-

Re: USB wireless keyboard in stretch

[Dominic Knight]

On Mon, 2017-08-21 at 21:46 -0500, Mario Castelán Castro wrote:
> On 21/08/17 17:09, Alle Meije Wink wrote:
> > Does anyone understand the cause of this problem
> 
> *The USB wireless keyboard IS itself a problem*. You are
> unnecessarily
> contaminating the environment consuming Voltaic cells where none is
> needed (obviously wired keyboards feed through the cable) and
> broadcasting what you write over the air, including your passwords.
> 
> > & how to fix it? Thanks!
> 
> Very simple: Use a wired keyboard.
> 

And all those heavy metals inside that plastic case - please revert to
using a chisel and stone tablet.

Meanwhile... some wireless keyboards and mice work very well in this
modern age, I've used Logitechs M185 & K270 without a single issue on
both Stretch and Buster.

Re: NFS creates hidden port

[Rob van der Putten]

Hi there


On 22/08/17 11:44, to...@tuxteam.de wrote:




This raises the question why netstat does not show Rob's NFS ports.
Does NFS change the port fast enough so that netstat and port scan differ ?


A good question. I guess we need more details from the OP.


The hidden port lingers on for days. Until one restarts NFS. NFS then 
uses an other port which clearly shows in netstat, until it becomes 
hidden again. And the daily rkhunter [1] starts complaining about it.


[1] https://en.wikipedia.org/wiki/Rkhunter

I think this may be a kernel bug.


Regards,
Rob

Re: Apache oddness on jessie => stretch upgrade

[Bastien Durel]

Le mardi 22 août 2017 à 03:58 -0500, Dave Sherohman a écrit :
> 
[...]
> Also, side question: I'm also manually running `systemctl enable
> apache2` after upgrading.  How can you tell whether something is
> enabled
> or not in systemd?  `systemctl status` will tell you whether it's
> currently running or not, but I can't find any indication of enabled/
> disabled in its output.
> 
Hello.

Second line of systemctl status output:

Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor
preset: enabled)

or for disabled service:

Loaded: loaded (/lib/systemd/system/bgpd.service; disabled; vendor
preset: enabled)

-- 
Bastien