Re: macbook keyboard layout

[solitone]

On Friday, 25 August 2017 01:22:09 CEST Gene Heskett wrote:
> Works fine ~ for EN, and utf8 here.

On a MacBookPro 12,1 with italian keyboard works fine as well
~ (right-alt + ì)
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁Sent from my brain using neurons fueled by glucose.
⢿⡄⠘⠷⠚⠋⠀ 
⠈⠳⣄

Re: which display manager would you suggest for Stretch?

[solitone]

On Thursday, 24 August 2017 02:37:41 CEST kamaraju kusumanchi wrote:
> gdm3 is the most the popular display manager with lightdm, sddm trailing
> behind.

I choose kde desktop during installation, and sddm whas installed.
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁Sent from my brain using neurons fueled by glucose.
⢿⡄⠘⠷⠚⠋⠀ 
⠈⠳⣄

Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[davidson]

On Fri, 25 Aug 2017, Mario Castelán Castro wrote to debian-user[1]:


On 24/08/17 20:51, Anonymous wrote to debian-user:

I'm seeing this in Tails [...]


Ask the tails people. This is the DEBIAN-user mailing list.


If this was intended to discourage such questions here, I think it is
not a fair objection.

I've therefore expressed my own view on the subject, concisely, in the
subject line.

1. https://lists.debian.org/debian-user/2017/08/msg01454.html

Re: xsane & tesseract

[Joe Pfeiffer]

Doug  writes:

> On 08/25/2017 08:31 PM, Stephen Grant Brown wrote:
>
>  Hi All,
>  How do I setup xsane to use the tesseract OCR engine?
>  I see gocr under preferences->setup->ocr.
>  Yours Sincerely
>  Stephen Grant Brown.
>
> Unless it has been vastly improved, you might as well copy the document by 
> hand! Finding and fixing all the mistakes is not worth the
> trouble!
> Abbyy for Windows does an excellent job. One of only two programs I will boot 
> Windows for. (The other one is a phono-to-CD program.)

My experience OCRing a 16 page document with tesseract last spring was
quite good.  I didn't try to set xsane up to do it (as I thought it
would be a *long* time before I did it again), I scanned the document to
ppm files, sent them to tesseract, put the output of tesseract into a
.txt file, and cleaned up from there.  While it wasn't perfect, it was
far better than retyping the whole thing would have been.
-- 
"Erwin, have you seen the cat?" -- Mrs. Shrödinger

Re: Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

[davidson]

On Sat, 26 Aug 2017, david...@freevolt.org wrote:


whereas the uri in your message ends in ".onion/" and is followed
three words "debian" "stretch" "main".


Well, not "main". Not in your message. Whatever.

I'm just suggesting to check your sources.list to make sure you have
the correct uri, with no space between "...onion/" and the following
"debian".

Re: How to Keep Track of Changes to the System

[Andy Smith]

Hi,

On Fri, Aug 25, 2017 at 08:14:52PM -0700, ray wrote:
> I would really like to hear how others track their changes or suggestions how 
> I may tack changes.

I configure almost everything with configuration management like
puppet or ansible. Then the configuration is treated like code, can
be documented like code, stored in revision management (e.g. git)
like code.

I honestly don't think it's overkill for even one system, because as
you say, it is tricky to document things properly even for one
system.

I won't always go as far as installing and configuring a package
with the config management straight off. Depending on what system I
am working on I will sometimes "cheat" and install it manually with
apt, configure the files with an editor etc. But I do always at
least try to "go back" and recreate the working config with
config management so it's repeatable.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

[davidson]

On Fri, 25 Aug 2017, Anonymous wrote:


I'm seeing this in Tails when I refresh the package repositories:


NB: I am not a user of Tails.

Nonetheless, I put the following line into a search engine:


Failed - 0B - InRelease - tor+http://vwakviie2ienjx6t.onion/ debian stretch 
InRelease


One of the results was this link[1],...

  
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors

...which gives following (tor variant) example line in
/etc/apt/sources.list :

  deb tor+http://vwakviie2ienjx6t.onion/debian stretch main


Why is this happening and how may I fix it please?


The uri in the failure message, as you have quoted it in your message
to debian-user, is subtly different from the corresponding uri found
in the release notes: The uri in the release notes ends in
".onion/debian" and is followed by two words namely a suite "stretch"
and a component "main", whereas the uri in your message ends in
".onion/" and is followed three words "debian" "stretch" "main".

Maybe the extra space is significant, and should be removed?

Good luck. Hope this helps.

1. The relevant excerpt:

| 5.1.2. FTP access to Debian hosted mirrors will be removed

|Debian hosted mirrors will stop providing FTP access. If you have
|been using the ftp: protocol in your sources.list, please migrate
|to http:. Please consider the following example for migrating:
| deb http://deb.debian.org/debian  stretch main
| deb http://deb.debian.org/debian-security stretch/updates main

| # tor variant (requires apt-transport-tor)
| # deb  tor+http://vwakviie2ienjx6t.onion/debian stretch main
| # deb  tor+http://sgvtcaew4bxjd7ln.onion/debian-security stretch/updates main

Re: Stretch + nosystemd + VBoxGuestAdditions Quirk

[Patrick Bartek]

On Fri, 25 Aug 2017 17:12:29 +0300 Reco  wrote:

>   Hi.
> 
> On Fri, 25 Aug 2017 06:15:09 -0700
> Patrick Bartek  wrote:
> 
> > Have been testing Stretch with alternate inits -- sysvinit and
> > runit to be specific -- in Virtualbox on a Wheezy host while
> > leaving systemd files alone. Not even "pinning" them.  Well decided
> > to see what removing them would do.  I followed the "Variant"
> > option instructions on the Nosystemd site.
> > 
> >http://without-systemd.org/wiki/index.php/Debian_Stretch
> > 
> > No problems until I installed the VBoxGuestAddditions.  Startx would
> > only work if run by root.  Run by user got $DiISPLAY environment
> > error.  Couldn't find screen.
>  
> > Anyone got any ideas.  Everything works fine if GuestAdditions not
> > installed.
> 
> It's been awhile since I poked VirtualBox but I get that suspicion
> that Xorg module provided by VirtualBox needs root access to do its
> job.

I've been using Virtualbox for years with numerous distros installed
with various configurations.  This is the first time I've expereinced
this with Guest Additions..

> So, I'd start with installing 'xserver-xorg-legacy' package.

I'll look into it.  Thanks.

B

How to Keep Track of Changes to the System

[ray]

I would like to find a way to keep track of changes I make to my system.  It 
seem that I may learn from others on how they keep track of changes they make 
to their systems.

When I make changes, I don't remember where I made changes or why.  

It would be great to have a log of what changes I've made, where they were 
made, how they were made (direct edit, scripted, etc.), why I made them, 
references that I used to determine the change, and what was the outcome.

Right now, I get lost in my documentation.  I research solutions, make notes in 
Onenote on a Windows machine, record configurations files that I will test.  
But It is difficult to record results such as syslogs or console transactions.  
More challenging is that I have different notebook tabs for different 
objectives.  So when I want to see what I changed, I have to go through many 
different objectives because I don't know what object I was shooting for when I 
made the change.

I would really like to hear how others track their changes or suggestions how I 
may tack changes.

I store all the changes on a different computer because I screw up the 
installation on my machine under test and rebuild the OS.  The laptop I am 
building to run Xen is on its 28th build.  

I would appreciate any suggestions.

Ray 

Re: Tails: Failed InRelease - tor+http

[Fungi4All]

> From: nob...@dizum.com
> To: debian-user@lists.debian.org
>
> @ Mario Castelán Castro:
>
> "Ask the tails people. This is the DEBIAN-user mailing list."
>
> Thanks, but...
>
> - "Debian and Tor Services available as Onion Services"[1]
> https://bits.debian.org/2016/08/debian-and-tor-services-available-as-onion-services.html
>
> [1] probably more recent info there but just for clarity
>
> @ Fungi4All:
>
> Thank you.

Anytime,
Debian and Devuan are about the  only distos that list .onion repositories.
Considering the socks5 is pretty good in verifying packets between source and
destination it makes one very insecure to be upgrading without it or some
form of vpn..
The only drawback for some maybe that the automirror gets confused on
what is closer and you may be linked to some far away mirror, but that
maybe some seconds give or take.
All you need is tor apt-transport-tor and apt-transport-https and changing
your sources.list with onion addresses and tor:// instead of http://

Re: Codecs and such? Like ubuntu restricted extras package?

[Mario Castelán Castro]

On 25/08/17 19:20, Anonymous wrote:
> Does something like this exist in Debian? A package which
> brings in restricted extras? A repository for all these
> extras? (without trusting some vague "unofficial" maintainer)

For that matter, bear in mind that officially any package outside the
“main” section is not part of Debian. Only packages that are free
software (compliant with the DFSG) can be part of Debian. The packages
in “non-free” which is a rough equivalent of Cannonical's “restricted”
are not official part of Debian.

I discourage using proprietary codecs because you give up part of your
computing freedom. A betters solution is to request data in a format
readable with free software.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: xsane & tesseract

[Doug]

On 08/25/2017 08:31 PM, Stephen Grant Brown wrote:

Hi All,
How do I setup xsane to use the tesseract OCR engine?
I see gocr under preferences->setup->ocr.
Yours Sincerely
Stephen Grant Brown.
Unless it has been vastly improved, you might as well copy the document 
by hand! Finding and fixing all the mistakes is not worth the trouble!
Abbyy for Windows does an excellent job.  One of only two programs I 
will boot Windows for. (The other one is a phono-to-CD program.)


--doug

xsane & tesseract

[Stephen Grant Brown]

Hi All,

How do I setup xsane to use the tesseract OCR engine?

I see gocr under preferences->setup->ocr.
Yours Sincerely
Stephen Grant Brown.

Re: Tails: Failed InRelease - tor+http

[Nomen Nescio]

@ Mario Castelán Castro:

"Ask the tails people. This is the DEBIAN-user mailing list."

Thanks, but...

- "Debian and Tor Services available as Onion Services"[1]
https://bits.debian.org/2016/08/debian-and-tor-services-available-as-onion-services.html

[1] probably more recent info there but just for clarity

@ Fungi4All:

Thank you.

Re: WinTV, xawtv, mplayer

[John Conover]

Sorry, the command is "v4lctl volume mute off".

John

John Conover writes:
> 
> In a system that was upgraded, (new install,) from Debian 7 to 8 with
> a WinTV model 109, (external 1/8" audio connector on the WinTV card to
> Line In of the PC.):
> 
> xawtv works fine.
> 
> mplayer works fine.
> 
> after mplayer, xawtv is muted, (NOT via alsa/pulseaudio, the
> external audio connector has no signal, via an oscilloscope.)
> Video is fine.
> 
> There is no unmute shown on alsamixer for the xawtv/Bt878.
> 
> The settings for alsamixer do not change on any card during the above
> test.
> 
> All I can figure is that mplayer set something in v4l, but I don't
> know how, or how to fix it.
> 
> Any help would be greatly appreciated ...
> 
> Thanks,
> 
> John
> 
> -- 
> 
> John Conover, cono...@rahul.net, http://www.johncon.com/

-- 

John Conover, cono...@rahul.net, http://www.johncon.com/

Re: Who is Bringing up My Wireless if?

[ray]

On Friday, August 25, 2017 at 4:30:06 PM UTC-5, Zoltán Herman wrote:
Hi Zoltán,
Thank you for responding.

> Hi,
> do you use ebtables? 
I had set up ebtables.  I don't remember where or how.  I had set some rules to 
support bridging.  Maybe this is the interference?  Where are these rules set 
and how might I back them out or comment them out. 

> You stopped the network managers?
I removed network manager and I am only using /etc/network/interfaces, I hope.

> 
> 
> Greetings
> 
> 
> 
> 
> 2017. aug. 25. 18:06 ezt írta ("ray" ):
> I am trying to bring up a bridge in Debian 9.  I have an Ethernet interface 
> working.  When I attempt to bring up a bridge, it won't come up.  Syslog 
> shows that a wireless interfaces was trying to come up and the bridge failed 
> to come up due to conflicts.  I am familiar with the conflict so I have 
> removed the wlan0 from /etc/network/interfaces and removed the 
> wpa_supplicant.conf.  I have a wireless rename rule.  The syslog shows that 
> the wireless was renamed, and that it tried to bring it or at least invoked 
> the wireless driver.  Then it states the bridge failed to be raised.
> 
> 
> 
> I don't know what is causing my wireless to be brought up.  Where might this 
> be happening?
> 
> 
> 
> Ray

Ray

WinTV, xawtv, mplayer

[John Conover]

In a system that was upgraded, (new install,) from Debian 7 to 8 with
a WinTV model 109, (external 1/8" audio connector on the WinTV card to
Line In of the PC.):

xawtv works fine.

mplayer works fine.

after mplayer, xawtv is muted, (NOT via alsa/pulseaudio, the
external audio connector has no signal, via an oscilloscope.)
Video is fine.

There is no unmute shown on alsamixer for the xawtv/Bt878.

The settings for alsamixer do not change on any card during the above
test.

All I can figure is that mplayer set something in v4l, but I don't
know how, or how to fix it.

Any help would be greatly appreciated ...

Thanks,

John

-- 

John Conover, cono...@rahul.net, http://www.johncon.com/

Re: Codecs and such? Like ubuntu restricted extras package?

[Ben Caradoc-Davies]

On 26/08/17 12:20, Anonymous wrote:

Does something like this exist in Debian? A package which
brings in restricted extras? A repository for all these
extras? (without trusting some vague "unofficial" maintainer)
It's so easy with the various buntus and Mint, I'm searching
for similar functionality here.
[FWIW I ONLY WANT TO USE DEBIAN]
TIA


You mean like the non-free component?
https://wiki.debian.org/SourcesList#Component

Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Codecs and such? Like ubuntu restricted extras package?

[Anonymous]

Does something like this exist in Debian? A package which
brings in restricted extras? A repository for all these
extras? (without trusting some vague "unofficial" maintainer)

It's so easy with the various buntus and Mint, I'm searching
for similar functionality here.

[FWIW I ONLY WANT TO USE DEBIAN]

TIA

Re: Who is Bringing up My Wireless if?

[Zoltán Herman]

Hi,
do you use ebtables?
You stopped the network managers?

Greetings


2017. aug. 25. 18:06 ezt írta ("ray" ):

> I am trying to bring up a bridge in Debian 9.  I have an Ethernet
> interface working.  When I attempt to bring up a bridge, it won't come up.
> Syslog shows that a wireless interfaces was trying to come up and the
> bridge failed to come up due to conflicts.  I am familiar with the conflict
> so I have removed the wlan0 from /etc/network/interfaces and removed the
> wpa_supplicant.conf.  I have a wireless rename rule.  The syslog shows that
> the wireless was renamed, and that it tried to bring it or at least invoked
> the wireless driver.  Then it states the bridge failed to be raised.
>
> I don't know what is causing my wireless to be brought up.  Where might
> this be happening?
>
> Ray
>
>

[no subject]

[max vidocq]

Bonjour Angelique
La galerie des rois qu' elle supporte n' entre pas dans cette trame de 
correspondances avec les dispositions générales de l' édifice. En effet, si en 
toute logique la rose ajoure le sommet du vaisseau principal, la galerie des 
rois constitue un quatrième niveau qui n' existe pas ailleurs. Certains 
historiens de l' art en déduisent qu' il s' agit d' une adjonction en cours de 
chantier. Moins homogènes que le premier niveau commencé en 1225, les parties 
moyennes et supérieures de la façade s' étirent dans le temps. L' achèvement du 
niveau de la rose vers 1240 marque un ralentissement, le dernier étage de la 
tour nord n' étant achevé qu'à l' extréme fin du Moyen Age, en 1402, la tour 
sud restant sans doute incomplète. Comparés aux blocs de façades d' autres 
monuments, ou les tours sont de plan carré, la forme des tours d' Amiens, 
réduites de moitié, préte encore à discussion. Eugène Viollet-le-Duc lui-méme y 
voit le résultat d' un manque de place au début du projet. Au milieu du xlxe 
siècle, à l' occasion de sa grande campagne de restaurations, il fait subir à 
la façade occidentale un certain nombre de modifications. Remplaçant la presque 
totalité des statues de la galerie des rois, il reconstruit la galerie des 
Sonneurs et des Musiciens entre les deux tours, au-dessus du niveau de la rose 
dont le réseau date du xvle siècle. Quant au couronnement des tours, s' il 
résiste aux pressions qui s' exercent en faveur d' un rééquilibrage de leur 
hauteur, il abaisse néanmoins la toiture coté nord, surélevant celle coté sud.
Max


Envoyé à partir d’Outlook

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 13:44, Thomas Schmitt wrote:
>> I will justify my claim of incompetence.
> 
> So that it does not look like an intentional insult ?

This is plain and simply my reason is to avoid further discussion about
cryptography with you.

I did not write this with the purpose of making an insult, but if you
find my impression about you offensive, the only think I can say is: try
to give a better impression next time to the next person.

>> Because this is only a mathematical result.
> 
> This leaves me speechless. I resort to classic literature:
> 
> [garbage removed]

Obviously, I mean “_only_ a mathematical result (with no computational
consequences)” as opposed to a “a mathematical result (having
computational consequences”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to change date and time format for quoting in Thunderbird?

[Byung-Hee HWANG (황병희, 黃炳熙)]

Dear Mario,

In Article <71bb9099-1dac-7567-3aeb-4c1c0ecd8...@yandex.com>,
 Mario Castelán Castro  writes:

> I see you are using the “Message-id” field. This is not at all useful
> for humans.

"lambda.alex.chromebook" is my chromebook's system-name. The others is
https://raw.githubusercontent.com/soyeomul/Gnus/MaGnus/thanks-mid.rb.message-id

Am i wrong? If so, welcome to advice, thanks!
 
Sincerely, Byung-Hee.

-- 
^고맙습니다 _救濟蒼生_ 감사합니다_^))//

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 12:15, Thomas Schmitt wrote:
>> Also, the theoretical vulnerability described in that man page is far
>> fetched.
> It is a mathematical fact. If you take a few theoretically unpredictable
> bits and inflate them to 128 bits, then the added size is no entropy,
> although it might be hard to distinguish this redundancy from the initial
> information.

This saves me from having to write a whole reply, since I know your
incompetence in cryptography is such that you are incapable of realizing
how incompetent you are.

I will justify my claim of incompetence.

You say that pseudo-random number generators can not add entropy and
this is a mathematical fact. This is true, and irrelevant.

It is also a mathematical fact that cryptographic algorithms you use
daily like DSA and Diffie-Hellman work over a cyclic group, including
their elliptic curve variants.

In the case of conventionall (not elliptic curve), the group in question
is the group of integers modulo “n”, where the group operatin is
*multiplication*.

DSA and Diffie-Hellman are broken if one can compute “discrete
logarithms”, that is, if one can compute “x”, given “b” and “(b^x) mod “n”.

Any cyclic group of order “n” is mathematically equivalent (isomorph) to
the group of integeres modulo “n”, where the group operation is *addition*.

In this group, computing “x” (or proving that it does not exists) such
that “ax=c” for any given “a“ and “c” is trivial (using the extended
euclidean algorithm). And this is mathematically (but not
computationally) equivalent to solving the discrete logarithm.

Why aren't these algorithms broken? Because this is only a mathematical
result. The isomorphisms can not be computed efficiently in practice, so
they are irrelevant for cracking. The same is the case with your
“mathematical fact”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: de iptables

[Maykel Franco]

El 25 ago. 2017 8:07 p. m.,  escribió:

> Ejecuta sólo iptables desde la consola, para ver el resultado y probá
> poner
> todo el camino dentro del scripts de iptables. Lo estás ejecutando como
> root ?
>
> El 25 ago. 2017 14:42,  escribió:
>
>> > Tienes un espacio en blanco después del signo de exclamación.
>> >
>> > #! /bin/bash
>> >
>> > El 25-08-2017 14:03,  escribió:
>> >
>> > Buenas tardes a todos.
>> >
>> > Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.
>> >
>> > El problema es el siguiente
>> >
>> > Tengo este script:
>> >
>> > #! /bin/bash
>> >
>> > ## wan-etho, LAN-eth1
>> > iptables -F
>> > iptables -X
>> > iptables -Z
>> > ##iptables -t nat -F
>> >
>> > ## Establecemos politica por defecto: DROP!!!
>> > iptables -P INPUT DROP
>> > iptables -P OUTPUT DROP
>> > iptables -P FORWARD DROP
>> >
>> > # Permitir todo a localhost (firewall)
>> > iptables -A INPUT -i lo -j ACCEPT
>> > iptables -A OUTPUT -o lo -j ACCEPT
>> >
>> > # Enmascaramiento de la Lan
>> > iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j
>> MASQUERADE
>> >
>> > #iptables -t nat -P PREROUTING  ACCEPT
>> > #iptables -t nat -P POSTROUTING  ACCEPT
>> >
>> > # Aceptamos que Svr DNS consulten DNS de la WAN
>> > iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j
>> ACCEPT
>> >
>> > le doy los permisos
>> >
>> > chmod +x firewall
>> > lo ejecuto:./firewall y como resultado obtengo esto:
>> >
>> > "Interprete erroneo, no existe el fichero o el directorio"
>> >
>> > Y todo esto lo hago en el mismo directorio donde está el fichero.
>> >
>> > Alguna idea, tengo que instalar iptables, porque hasta donde yo C
>> viene
>> en
>> > el sistema pero bueno no C si hay que hacer algo más ??
>> >
>> > Agradezco toda ayuda.
>> >
>>
>> Le quite el espacio, sigue el mismo error, ya eso lo habia hehco ya.
>>
>> Grcias de todas maneras, pero sigo igual
>>
>>
>

Hola siii comando a comando tecleado desde consola todos funcionaron
perfectamente bien

pero desde el fichero no y no c cual es el problema
 le doy permisos chmod +x firewall y para ejecutarlo
./firewall desde el directorio donde está

La verdad nunca me había pasado esto








bash -x firewall

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 12:11, Brian wrote:
>> Unless you have a good reason to think otherwise (e.g. *you* manage the
>> web site and you know you are doing a good job), you should assume that
>> the data-base with hashes passwords will leak without the system
>> administrators noticing, and then an attack can be carried offline.
> 
> The problem with assumptions is that they often do not reflect the truth
> of a situation and predispose us to making recommendations which are not
> in the best interests of other people.

This *sounds* very reasonable, but the truth is that you are simply
dodging that your recommendation leads to weak passwords.

In security, one should not take things for granted. One should plan for
the worst plausible case. Leaking hashed passwords has happened many
times, so it is very plausible.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Tom Browder]

On Fri, Aug 25, 2017 at 10:09 AM, Greg Wooledge  wrote:
>> On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
>> > One of "allow-hotplug" or "auto", not both
>>
>> Any preference for either line?
>
> Use "auto" if the network interface is a permanent one, and "allow-hotplug"
> if it's a transient one (removable, whatever).
>
> Interfaces configured as "auto" will be respected by systemd's
> "network-online.target", meaning any service that you configure to
> wait for network-online will wait for all "auto" interfaces to be
> brought up.  It will not wait for "allow-hotplug" interfaces.

That's very helpful. Sounds like it's the "auto" for my situation.

Thanks much, Greg.

Best,

-Tom

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 11:51, Brian wrote:
> However, users use passwords to log into accounts *online* and those
> passwords are devised to withstand an *online* attack (of 100 tests per
> second maximimum(?)). This is the only aspect a user can completely
> control and many make a good job of it. Passwords which are long and
> have some complexity but are not a burden on the user or impossible to
> memorise would withstand such an attack. (This leaves aside the defences
> the site itself has in place).
> 
> A user has no control over what happens at the other end. Knowledge
> about how data are stored and safeguarded will be sparse, so the user
> will have to make a risk assessment about that; only time will tell
> whether it is correct. What doesn't seem quite right (morally and
> technically) is for it to be implied that the user should take some
> responsibilty for the site's (unknown) shortcomings.

Unless you have a good reason to think otherwise (e.g. *you* manage the
web site and you know you are doing a good job), you should assume that
the data-base with hashes passwords will leak without the system
administrators noticing, and then an attack can be carried offline.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Thomas Schmitt]

Hi,

> You say that pseudo-random number generators can not add entropy and
> this is a mathematical fact. This is true, and irrelevant.
> [...
>  lots of algebraic terms about the difficulty to revert the
>  mapping which produces the pseudo-random redundancy
> ...]

The attack described in the article does not try to revert a mapping.
It enumerates the input in a skillful way in order to produce the output
values which it compares to the captured list of values.

The only precondition is that the mapping can be reproduced without
adding an amount of possibilities which together with the possibilities
of the input establishes too much entropy.
Such additional entropy is usually called "salt". It's repeated use weakens
its unpredictability, though. And it must be kept as secret as the freshly
stolen password hash list should have been kept.


> I will justify my claim of incompetence.

So that it does not look like an intentional insult ?


> Because this is only a mathematical result.

This leaves me speechless. I resort to classic literature:

Scott: Well, Captain, er... the Klingons called you a... a tin-plated
   overbearing, swaggering dictator with delusions of godhood.

Capt. Kirk: Is that all?

Scott: No, sir. They also compared you with a Denebian slime devil.

Capt. Kirk: I see.

Scott: And then they said that you were a...

Capt. Kirk: I get the picture, Scotty.

Scott: Yes, sir.

Capt. Kirk: And after they said all this, that's when you hit the Klingons.

Scott: No, sir.

Capt. Kirk: ...No?

Scott: No, er, I didn't. You told us to avoid trouble.

Capt. Kirk: Oh, yes.

Scott: And I didn't see that it was worth fighting about. After all,
   we're big enough to take a few insults. Aren't we?

Capt. Kirk: What was it they said that started the fight?

Scott: They called the Enterprise a garbage scow! Sir.

Capt. Kirk: I see. And... that's when you hit the Klingon?

Scott: Yes, sir!

Capt. Kirk: You hit the Klingons because they insulted the Enterprise,
not because they...

Scott: Well, sir, this was a matter of pride. 

Capt. Kirk: All right, Scotty. Dismissed. Oh... Scotty, you're restricted
to quarters until further notice.

Scott: Yes, sir. Thank you, sir! That'll give me a chance to catch up on
   my technical journals! 

(http://www.imdb.com/title/tt0708480/quotes)


Have a nice day :)

Thomas

Re: One-line password generator

[Brian]

On Fri 25 Aug 2017 at 12:14:18 -0500, Mario Castelán Castro wrote:

> On 25/08/17 12:11, Brian wrote:
> >> Unless you have a good reason to think otherwise (e.g. *you* manage the
> >> web site and you know you are doing a good job), you should assume that
> >> the data-base with hashes passwords will leak without the system
> >> administrators noticing, and then an attack can be carried offline.
> > 
> > The problem with assumptions is that they often do not reflect the truth
> > of a situation and predispose us to making recommendations which are not
> > in the best interests of other people.
> 
> This *sounds* very reasonable, but the truth is that you are simply
> dodging that your recommendation leads to weak passwords.

It not only *sounds* very reasonable, it *is* very reasonable. All of
us, at one time or another, make assumptions which, in the light of
experience or on closer examination, do not stand up.

I really am not trying to dodge anything, but would like to know if
distinguishing beween offline and online is reasonable. Passwords which
are possibly not immune to *offline* cracking is how I would categorise
my idea.  But that is not the responsibility of the user to mitigate.
(Does one take a parachute on to a plane "just in case...?).

> In security, one should not take things for granted. One should plan for
> the worst plausible case. Leaking hashed passwords has happened many
> times, so it is very plausible.

My bank has never (to my knowledge) had a breach. I trust it. I assume
the people it employs are conscientious and competent. I assume they
know more about their systems than I do. (BTW, one does this all the
time, from surgeons to train drivers). I could use a random password
to log in, but where is the deficiency in "Gimmethed0sh. It's*my*money!"
for an online login?

To "take things for granted" is just another way of talking about
assumptions. Maybe I am taking my bank's security for granted. But what
other option is there, other than to form an opinion and then weigh up
the risk? I have no control over their policies regarding data access.
The worst possible case for my argument would be that the online and
offline cases are indistinguishable.

-- 
Brian.

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 09:46, Thomas Schmitt wrote:
> Mario Castelán Castro wrote:
>> In principle, yes, but in practice, not at all. File compressors [...]
> 
> I wrote "estimate", "approximation", and "best possible compression".
> Of course gzip is not a very good approximation even if one subtracts the
> header bytes. 

I know what you wrote. My point is that there is no way to make a
reasonable approximation to the Kolmogorov complexity of a password.

Also, again, file compressors are bad for small files, especially as
small as passwords (less than 100 bytes). It makes little difference
whether you discount the header and trailer, they are still bad.

All contemporary practical compressorors (some research compressors do a
little more than this, see e.g.: the ones in the Hutter prize
compettion) are based on *verbatim* repetition and the biased
distribution of bytes in the data. They are bad for your use case
because there is little *verbatim* repetition in a password. They can
not interpret the *meaning* of the information in any meaningful way,
unlike an human.

For example, for an human, a byte string “one, two, three...” (that goes
to 10,000) is very simple to describe as “the numbers from 1 to 10,000
written in English and separated by “, ””. A compressor does not
understand that these are consecutive numbers spelled in English and
thus can not take advantage of this. The size of that data, compressed
for example, with XZ, will be much longer than the phrase above that I
used to describe it.

To recap: Real-life file compressors can not be used to estimate the
strength of passwords because they do not understand *meaning* as humans
perceive it.

> Better approximations are presented in the article.

*What* article? Nobody has mentioned a scientific article in this thread.

> Given the time spans
> and computing powers which were mentioned, i'd say they performed less
> than 2 exp 50 tries to crack the majority of good passwords.
> I.e. the compression which is established by their enumeration can squeeze
> those good passwords to less than 50 bits of size. Of course, as any lossles
> compression, it has to inflate other better passwords by at least one bit.
> 
> 
>>> The second password class and my knowledge about it gives me not more
>>> than a reduction of text bit number by 25 percent (6 bit text -> 8 bit
>>> binary) and a couple of bits which are harder to harvest.
> 
>> This is a somewhat oversimplified analysis.
> 
> Wasn't it you who said in
>   https://lists.debian.org/debian-user/2017/08/msg01260.html
>   “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> 
> After exploiting the "base64" part to get my 25 percent,i'd go for
> /dev/urandom. man 4 urandom says:
>   "[...] if  there  is  not  sufficient  entropy  in  the
>entropy  pool, the  returned  values are theoretically vulnerable to a
>cryptographic attack on the algorithms used by the  driver."

I already explained why my method is not a 25% reduction in entropy, but
you ignored the argument.

Also, the theoretical vulnerability described in that man page is far
fetched. It would require a *practical* attack comparable to pre-image
of SHA1. And one must note that not even the deprecated MD5 has a
practical pre-image attack, to the best of my knowledge.

Moreover, such a theoretical attack applies only when the attacker
*already knows* some of the output of your /dev/urandom, you output some
more bytes, and the attacker has to guess these additional bytes based
on the previous ouptput. In the use being discussed here, which is
password generation, the attacker does not know anything else about the
output of the PRNG.

In Linux (the kernel) the same algorithm used for /dev/urandom is used
to mix /dev/random. So there is likewise a theoretical possibility of a
vulnerability if you use /dev/random instead of /dev/urandom. Read
“/drivers/char/random.c” if you are interested in possible
vulnerabilities of the random virtual devices.

-
Also, you mentioned 64 bits, but I *never* suggested this (in)security
level.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

RE : Si seulement tu savais combien je suis épuisée de cette solitude Marina

[k Loup]

Bien su r que je veux  biz


Envoyé depuis un mobile Samsung

 Message d'origine 
De : Marina Sorbeck  
Date :25/08/2017  17:48  (GMT+01:00) 
A : debian-user@lists.debian.org 
Objet : Si seulement tu savais combien je suis épuisée de cette solitude Marina 

Voudrais-tu être mon étoile polaire ce soir? 
http://bitly.com/2wuM6hy

Re: de iptables

[luis]

> Ejecuta sólo iptables desde la consola, para ver el resultado y probá
> poner
> todo el camino dentro del scripts de iptables. Lo estás ejecutando como
> root ?
>
> El 25 ago. 2017 14:42,  escribió:
>
>> > Tienes un espacio en blanco después del signo de exclamación.
>> >
>> > #! /bin/bash
>> >
>> > El 25-08-2017 14:03,  escribió:
>> >
>> > Buenas tardes a todos.
>> >
>> > Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.
>> >
>> > El problema es el siguiente
>> >
>> > Tengo este script:
>> >
>> > #! /bin/bash
>> >
>> > ## wan-etho, LAN-eth1
>> > iptables -F
>> > iptables -X
>> > iptables -Z
>> > ##iptables -t nat -F
>> >
>> > ## Establecemos politica por defecto: DROP!!!
>> > iptables -P INPUT DROP
>> > iptables -P OUTPUT DROP
>> > iptables -P FORWARD DROP
>> >
>> > # Permitir todo a localhost (firewall)
>> > iptables -A INPUT -i lo -j ACCEPT
>> > iptables -A OUTPUT -o lo -j ACCEPT
>> >
>> > # Enmascaramiento de la Lan
>> > iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j
>> MASQUERADE
>> >
>> > #iptables -t nat -P PREROUTING  ACCEPT
>> > #iptables -t nat -P POSTROUTING  ACCEPT
>> >
>> > # Aceptamos que Svr DNS consulten DNS de la WAN
>> > iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j
>> ACCEPT
>> >
>> > le doy los permisos
>> >
>> > chmod +x firewall
>> > lo ejecuto:./firewall y como resultado obtengo esto:
>> >
>> > "Interprete erroneo, no existe el fichero o el directorio"
>> >
>> > Y todo esto lo hago en el mismo directorio donde está el fichero.
>> >
>> > Alguna idea, tengo que instalar iptables, porque hasta donde yo C
>> viene
>> en
>> > el sistema pero bueno no C si hay que hacer algo más ??
>> >
>> > Agradezco toda ayuda.
>> >
>>
>> Le quite el espacio, sigue el mismo error, ya eso lo habia hehco ya.
>>
>> Grcias de todas maneras, pero sigo igual
>>
>>
>

Hola siii comando a comando tecleado desde consola todos funcionaron
perfectamente bien

pero desde el fichero no y no c cual es el problema
 le doy permisos chmod +x firewall y para ejecutarlo
./firewall desde el directorio donde está

La verdad nunca me había pasado esto

Re: de iptables

[JAP]

El 25/08/17 a las 14:08, l...@ida.cu escribió:

Buenas tardes a todos.

Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.

El problema es el siguiente

Tengo este script:

#! /bin/bash

## wan-etho, LAN-eth1
iptables -F
iptables -X
iptables -Z
##iptables -t nat -F

## Establecemos politica por defecto: DROP!!!
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Permitir todo a localhost (firewall)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Enmascaramiento de la Lan
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

#iptables -t nat -P PREROUTING  ACCEPT
#iptables -t nat -P POSTROUTING  ACCEPT

# Aceptamos que Svr DNS consulten DNS de la WAN
iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j ACCEPT

le doy los permisos

 chmod +x firewall
lo ejecuto:./firewall y como resultado obtengo esto:

"Interprete erroneo, no existe el fichero o el directorio"

Y todo esto lo hago en el mismo directorio donde está el fichero.

Alguna idea, tengo que instalar iptables, porque hasta donde yo C viene en
el sistema pero bueno no C si hay que hacer algo más ??

Agradezco toda ayuda.







apt-get install bash

JAP

Re: Si seulement tu savais combien je suis épuisée de cette solitude Coralie

[Camara Abou]

salut ce ok 

Le Vendredi 25 août 2017 17h26, Coralie Almobdy  a 
écrit :
 

   Voudrais-tu être mon étoile polaire ce soir? 
http://bit.ly/2wLGtLI 

   

Re: de iptables

[luis]

> Si estás logueado con la cuenta root no deberias tener problemas para
> hacer
> la llamada a iptables. Lo mismo si lo haces con sudo.
>
> Revisa si la cuenta con la cual estás haciendo la llamada tenga los
> privilegios de administración correspondientes.
>
>
>
> El 25-08-2017 14:42,  escribió:
>
>> > Tienes un espacio en blanco después del signo de exclamación.
>> >
>> > #! /bin/bash
>> >
>> > El 25-08-2017 14:03,  escribió:
>> >
>> > Buenas tardes a todos.
>> >
>> > Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.
>> >
>> > El problema es el siguiente
>> >
>> > Tengo este script:
>> >
>> > #! /bin/bash
>> >
>> > ## wan-etho, LAN-eth1
>> > iptables -F
>> > iptables -X
>> > iptables -Z
>> > ##iptables -t nat -F
>> >
>> > ## Establecemos politica por defecto: DROP!!!
>> > iptables -P INPUT DROP
>> > iptables -P OUTPUT DROP
>> > iptables -P FORWARD DROP
>> >
>> > # Permitir todo a localhost (firewall)
>> > iptables -A INPUT -i lo -j ACCEPT
>> > iptables -A OUTPUT -o lo -j ACCEPT
>> >
>> > # Enmascaramiento de la Lan
>> > iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j
>> MASQUERADE
>> >
>> > #iptables -t nat -P PREROUTING  ACCEPT
>> > #iptables -t nat -P POSTROUTING  ACCEPT
>> >
>> > # Aceptamos que Svr DNS consulten DNS de la WAN
>> > iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j
>> ACCEPT
>> > iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j
>> ACCEPT
>> >
>> > le doy los permisos
>> >
>> > chmod +x firewall
>> > lo ejecuto:./firewall y como resultado obtengo esto:
>> >
>> > "Interprete erroneo, no existe el fichero o el directorio"
>> >
>> > Y todo esto lo hago en el mismo directorio donde está el fichero.
>> >
>> > Alguna idea, tengo que instalar iptables, porque hasta donde yo C
>> viene
>> en
>> > el sistema pero bueno no C si hay que hacer algo más ??
>> >
>> > Agradezco toda ayuda.
>> >
>>
>> Le quite el espacio, sigue el mismo error, ya eso lo habia hehco ya.
>>
>> Grcias de todas maneras, pero sigo igual
>>
>>
>

Todo lo hago desde root

Re: de iptables

[AlexLikeRock]

1- sale el permiso de ejecución

chmod +x firewall


Y lo verificas con 
ls -l


2- Ejecutarlo con la ruta completa
Ejemplos;
 /root/./firewall
/home/usuario/./firewall

La siguiente tiene comilla simples
'/alguna otra ruta con espacios/./firewall'

Para ejecutarlo primeropon el punto antes del scrip y aislado en la ruta 
completa

On August 25, 2017 11:47:33 AM GMT-06:00, l...@ida.cu wrote:
>> Tienes un espacio en blanco después del signo de exclamación.
>>
>> #! /bin/bash
>>
>> El 25-08-2017 14:03,  escribió:
>>
>> Buenas tardes a todos.
>>
>> Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.
>>
>> El problema es el siguiente
>>
>> Tengo este script:
>>
>> #! /bin/bash
>>
>> ## wan-etho, LAN-eth1
>> iptables -F
>> iptables -X
>> iptables -Z
>> ##iptables -t nat -F
>>
>> ## Establecemos politica por defecto: DROP!!!
>> iptables -P INPUT DROP
>> iptables -P OUTPUT DROP
>> iptables -P FORWARD DROP
>>
>> # Permitir todo a localhost (firewall)
>> iptables -A INPUT -i lo -j ACCEPT
>> iptables -A OUTPUT -o lo -j ACCEPT
>>
>> # Enmascaramiento de la Lan
>> iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j
>MASQUERADE
>>
>> #iptables -t nat -P PREROUTING  ACCEPT
>> #iptables -t nat -P POSTROUTING  ACCEPT
>>
>> # Aceptamos que Svr DNS consulten DNS de la WAN
>> iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j
>ACCEPT
>> iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j
>ACCEPT
>> iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j
>ACCEPT
>> iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j
>ACCEPT
>>
>> le doy los permisos
>>
>> chmod +x firewall
>> lo ejecuto:./firewall y como resultado obtengo esto:
>>
>> "Interprete erroneo, no existe el fichero o el directorio"
>>
>> Y todo esto lo hago en el mismo directorio donde está el fichero.
>>
>> Alguna idea, tengo que instalar iptables, porque hasta donde yo C
>viene en
>> el sistema pero bueno no C si hay que hacer algo más ??
>>
>> Agradezco toda ayuda.
>>
>
>Le quite el espacio, sigue el mismo error, ya eso lo habia hehco ya.
>
>Grcias de todas maneras, pero sigo igual

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: which display manager would you suggest for Stretch?

[kamaraju kusumanchi]

On Fri, Aug 25, 2017 at 8:33 AM,   wrote:
> On Friday, August 25, 2017 06:59:29 AM rhkra...@gmail.com wrote:
>> On Friday, August 25, 2017 01:17:10 AM kamaraju kusumanchi wrote:
>> > To look at a few of the famous packages in this, one has to either
>> > scroll up or pipe the output to head. With the current sorting method,
>> > you can keep eyes closer to the command line and still get all the
>> > important information.
>>
>> I'm not the op, but I'd just like to say: good thinking!
>
> Oh, on looking again, I remembered a question--what do those numbers
> represent?  When I first saw the list, in order with the higher numbers 
> first, I
> thought maybe the numbers represented something like number of downloads, but,
> once I knew the order was in inverse order, I realized that was not the case.
>
> What do those numbers represent / where do they come from?
>

They are the ranks of the packages based on their popularity [1]. The
data is downloaded from http://popcon.debian.org/by_inst and cached
into ~/.cache/popsort/by_inst [2]. The cool thing with the script is
that it automatically updates the cache file if it is more than a day
old.

[1] The statistics are gathered from report sent by users of the
popularity-contest package. To participate in this, install the
popularity-contest package. Currently it receives around 200,000
submissions.

[2] - Actually, the path is determined by using
fname = os.path.join(
xdg.BaseDirectory.xdg_cache_home,
'popsort', 'by_inst')
but since xdg.BaseDirectory.xdg_cache_home is set to ~/.cache by
default, it boils down to ~/.cache/popsort/by_inst .

-- 
Kamaraju S Kusumanchi | http://raju.shoutwiki.com/wiki/Blog

Re: de iptables

[luis]

> Tienes un espacio en blanco después del signo de exclamación.
>
> #! /bin/bash
>
> El 25-08-2017 14:03,  escribió:
>
> Buenas tardes a todos.
>
> Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.
>
> El problema es el siguiente
>
> Tengo este script:
>
> #! /bin/bash
>
> ## wan-etho, LAN-eth1
> iptables -F
> iptables -X
> iptables -Z
> ##iptables -t nat -F
>
> ## Establecemos politica por defecto: DROP!!!
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> # Permitir todo a localhost (firewall)
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> # Enmascaramiento de la Lan
> iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
>
> #iptables -t nat -P PREROUTING  ACCEPT
> #iptables -t nat -P POSTROUTING  ACCEPT
>
> # Aceptamos que Svr DNS consulten DNS de la WAN
> iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j ACCEPT
> iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j ACCEPT
> iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j ACCEPT
> iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j ACCEPT
>
> le doy los permisos
>
> chmod +x firewall
> lo ejecuto:./firewall y como resultado obtengo esto:
>
> "Interprete erroneo, no existe el fichero o el directorio"
>
> Y todo esto lo hago en el mismo directorio donde está el fichero.
>
> Alguna idea, tengo que instalar iptables, porque hasta donde yo C viene en
> el sistema pero bueno no C si hay que hacer algo más ??
>
> Agradezco toda ayuda.
>

Le quite el espacio, sigue el mismo error, ya eso lo habia hehco ya.

Grcias de todas maneras, pero sigo igual

Re: imobiledevice

[Roger Bouchard]

Bonjour

De mémoire c'est après IOS 6 qu'il n'a plus été possible de gérer mon
iphone 4s avec linux.
C'est d'ailleurs à partir de ce moment-la et pour cette raison que j'ai
abandonné IOS/Apple pour Android sur smartphone.
Sous toutes réserves car je n'ai pas fouiller la chose depuis ce temps.

Roger


Le 25 août 2017 11:33 AM, "Raphaël POITEVIN"  a
écrit :

Bonjour,

Je n’y connais rien aux iphones, j’en ai juste un en test, je me
renseigne sur la compatibilité entre ce mobile et Debian.

J’aimerais savoir ce que permet imobiledevice4. Est-il possible de
monter le téléphone comme on le ferait avec un Android et transférer de
la musique dessus ? Je suis un peu inquiet car je vois sur le Web des
solutions passant par banshee et autres, ce qui est suceptible de poser
des questions d’accessibilité avec lecteur d’écran.

Vous remerciant pour les précisions,
--
Raphaël
Hypra S.A.S.

Re: Don’t hesitate to start a conversation with me Michelle

[Ron Bouvier]

hi michelle where are you from ,would possibly like to meet.love ron. 

On Friday, August 18, 2017 4:15 PM, Michelle Hyblerova 
 wrote:
 

 
I do not bite. Well, only if you ask, I could…  
http://bitly.com/2woKkhB


   

Re: One-line password generator

[Thomas Schmitt]

Hi,

Mario Castelán Castro wrote:

> My point is that there is no way to make a
> reasonable approximation to the Kolmogorov complexity of a password.

That's my point, too. Although i use the terms "information" and "entropy".


> To recap: Real-life file compressors can not be used to estimate the
> strength of passwords because they do not understand *meaning* as humans
> perceive it.

To be exacting: The words "Real-life" and "file" are your contribution,
not mine.

Each enumeration algorithm establishes a compression algorithm. Whether
it is effective is another question. Interesting are those which enumerate
the given passwords early. The bit count of the found enumeration number
is an upper limit of the password's entropy in the context of the algorithm.


> *What* article? Nobody has mentioned a scientific article in this thread.

It's not very scientific. More real life:
  
https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Curt brought it up in
  https://lists.debian.org/debian-user/2017/08/msg01437.html
Thanks for this.
Especially funny is the cartoon on page 3.

If you can memorize a password, then it's weak.


> I already explained why my method is not a 25% reduction in entropy,

If you run your hopefully random data through base64 and tell this to me,
then i can get rid of the base64 redundancy and thus reduce each group of
4 bytes to 3 bytes.

To be clear, your password generator looks very safe. Even with urandom.
But the passwords are not compatible to human memory, which is no wonder.


> Also, the theoretical vulnerability described in that man page is far
> fetched.

It is a mathematical fact. If you take a few theoretically unpredictable
bits and inflate them to 128 bits, then the added size is no entropy,
although it might be hard to distinguish this redundancy from the initial
information.
You bet that the cryptographic algorithm used pushes your bits into a region
in the 128 bit space which above enumerators visit late. 


> Moreover, such a theoretical attack applies only when the attacker
> *already knows* some of the output of your /dev/urandom

This statement would have to be proven.

In general, what the attacker does not know is the exact value of the
theoretically unpredictable random number that was input to the urandom
inflation mapping. That's what i count as entropy of the inflated value.
Then we have the cryptographic algorithm. If it has a theoretically unknown
key, add its entropy to the input entropy.
The rest of the 128 bit is redundancy.

The only remaining defense is to make the cryptographic algorithm darn
complicated. But that's linear and thus has no chance against Moore's Law
if it does not fall victim to an agile mind.


> In Linux (the kernel) the same algorithm used for /dev/urandom is used
> to mix /dev/random.

But /dev/random hopefully uses 128 bits of collected entropy as input
for that algorithm.

> “/drivers/char/random.c”

 * When random bytes are desired, they are obtained by taking the SHA
 * hash of the contents of the "entropy pool".  The SHA hash avoids
 * exposing the internal state of the entropy pool.

So i assume that it is not used to inflate /dev/random


> if you are interested in possible
> vulnerabilities of the random virtual devices.

Others have more talent than me.


Have a nice day :)

Thomas

Re: One-line password generator

[Brian]

On Fri 25 Aug 2017 at 11:55:01 -0500, Mario Castelán Castro wrote:

> On 25/08/17 11:51, Brian wrote:
> > However, users use passwords to log into accounts *online* and those
> > passwords are devised to withstand an *online* attack (of 100 tests per
> > second maximimum(?)). This is the only aspect a user can completely
> > control and many make a good job of it. Passwords which are long and
> > have some complexity but are not a burden on the user or impossible to
> > memorise would withstand such an attack. (This leaves aside the defences
> > the site itself has in place).
> > 
> > A user has no control over what happens at the other end. Knowledge
> > about how data are stored and safeguarded will be sparse, so the user
> > will have to make a risk assessment about that; only time will tell
> > whether it is correct. What doesn't seem quite right (morally and
> > technically) is for it to be implied that the user should take some
> > responsibilty for the site's (unknown) shortcomings.
> 
> Unless you have a good reason to think otherwise (e.g. *you* manage the
> web site and you know you are doing a good job), you should assume that
> the data-base with hashes passwords will leak without the system
> administrators noticing, and then an attack can be carried offline.

The problem with assumptions is that they often do not reflect the truth
of a situation and predispose us to making recommendations which are not
in the best interests of other people.

-- 
Brian.

de iptables

[luis]

Buenas tardes a todos.

Tengo isntalado debian 7 a 64bit sin gráficos, cosola pura.

El problema es el siguiente

Tengo este script:

#! /bin/bash

## wan-etho, LAN-eth1
iptables -F
iptables -X
iptables -Z
##iptables -t nat -F

## Establecemos politica por defecto: DROP!!!
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Permitir todo a localhost (firewall)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Enmascaramiento de la Lan
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE

#iptables -t nat -P PREROUTING  ACCEPT
#iptables -t nat -P POSTROUTING  ACCEPT

# Aceptamos que Svr DNS consulten DNS de la WAN
iptables -A FORWARD -s 192.168.10.2 -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.2 -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.7 -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.10.7 -i eth0 -p udp --dport 53 -j ACCEPT

le doy los permisos

chmod +x firewall
lo ejecuto:./firewall y como resultado obtengo esto:

"Interprete erroneo, no existe el fichero o el directorio"

Y todo esto lo hago en el mismo directorio donde está el fichero.

Alguna idea, tengo que instalar iptables, porque hasta donde yo C viene en
el sistema pero bueno no C si hay que hacer algo más ??

Agradezco toda ayuda.

Re: which display manager would you suggest for Stretch?

[Michael Lange]

On Fri, 25 Aug 2017 08:33:00 -0400
rhkra...@gmail.com wrote:

> Oh, on looking again, I remembered a question--what do those numbers 
> represent?  When I first saw the list, in order with the higher numbers
> first, I thought maybe the numbers represented something like number of
> downloads, but, once I knew the order was in inverse order, I realized
> that was not the case.
> 
> What do those numbers represent / where do they come from?

It's the package's position in debian's popularity ranking, I think
"dpkg" is no. 1 :)

Regards

Michael

> 

Re: One-line password generator

[Brian]

On Fri 25 Aug 2017 at 08:40:35 +, Curt wrote:

> On 2017-08-25, David Wright  wrote:
> >
> > Unless you have accounts¹ that invite break-in attempts², the main
> > thing to resist offline cracking is to have better passwords than
> > your neighbours, just like security against burglary. Once a suitable
> > proportion of passwords have been cracked, which will consist of the
> > easier ones, there are diminishing returns in continuing to try to
> > crack the rest.
> 
> Brian's thesis:
> 
> https://xkcd.com/936/
> 
> (clever and funny, BTW,
> yet contradicted by this:)
> 
> https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
> 
> > ¹accounts of all sorts, not just forums.
> > ²institutions, slebs, politicians, etc.

An interesting read. You would come away with the technical notion that
the only type of password which is secure against an *offline* attack is
one which is generated randomly. The rate at which hashes can be tested
is impressive and no doubt increasing, so we'll go along with that.

However, users use passwords to log into accounts *online* and those
passwords are devised to withstand an *online* attack (of 100 tests per
second maximimum(?)). This is the only aspect a user can completely
control and many make a good job of it. Passwords which are long and
have some complexity but are not a burden on the user or impossible to
memorise would withstand such an attack. (This leaves aside the defences
the site itself has in place).

A user has no control over what happens at the other end. Knowledge
about how data are stored and safeguarded will be sparse, so the user
will have to make a risk assessment about that; only time will tell
whether it is correct. What doesn't seem quite right (morally and
technically) is for it to be implied that the user should take some
responsibilty for the site's (unknown) shortcomings.

-- 
Brian.

Re: Si seulement tu savais combien je suis épuisée de cette solitude Laurie

[ze...@orange.fr]

non
> Le 25 août 2017 à 17:56, Laurie Caleyo  a écrit :
> 
> Voudrais-tu être mon étoile polaire ce soir? 
> http://bitly.com/2wLHund 

Bonsoir,ou habité vous

[fercheva72]

‌

Who is Bringing up My Wireless if?

[ray]

I am trying to bring up a bridge in Debian 9.  I have an Ethernet interface 
working.  When I attempt to bring up a bridge, it won't come up.  Syslog shows 
that a wireless interfaces was trying to come up and the bridge failed to come 
up due to conflicts.  I am familiar with the conflict so I have removed the 
wlan0 from /etc/network/interfaces and removed the wpa_supplicant.conf.  I have 
a wireless rename rule.  The syslog shows that the wireless was renamed, and 
that it tried to bring it or at least invoked the wireless driver.  Then it 
states the bridge failed to be raised.  

I don't know what is causing my wireless to be brought up.  Where might this be 
happening?

Ray

Re: Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

[Fungi4All]

> From: marioxcc...@yandex.com
> To: debian-user@lists.debian.org
>
> On 24/08/17 20:51, Anonymous wrote:
>> I"m seeing this in Tails [...]
>
> Ask the tails people. This is the DEBIAN-user mailing list.

Tail is Debian because anything that has official debian repositories
to feed from.  Unlike debian based distributions that have their own
repositories.
There is nothing in tails that you can not get or make from a basic
debian installation.  The only thing special about it is its configuration
of debian packages.  Much of it has to do with restriction to avoid
permanent installation..
There is not much room in live debian to do a massive upgrade if
it is outdated, but you can install packages and even save them
in the encrypted persistent volume for next time.  Are you sure you
has a network connection and a tor connection?  Either this or
the debian mirror was down which is unlikely.  There was a recent
bug in a previous version it would not connect with some machines.
Not a very communicative group even for filing bugs.
As long as they are on a systemd based system, IMHO, they are
defeating their purpose and goal.  Technically interesting but
functionally 0!  Which zero might you ask!

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Sven Hartge]

Tom Browder  wrote:
> On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
>>
>> Tom Browder  wrote:
>>
>> Before we start:
>>
>> "virtual ethernet devices" are something totally different than you are
>> doing here. You just want to put multiple IP addresses on one interface.
>>
>> "virtual ethernet devices" are for example used with virtualization or
>> docker, to connect an isolated VM or container through the host to the
>> network.
>>
>> > Although not yet implemented (for fear of messing my remote host up),
>> > the following has been recommended:
> ...
>> > # The primary network interface
>> > allow-hotplug eth0
>> > auto eth
>>
>> One of "allow-hotplug" or "auto", not both

> Any preference for either line?

See what Greg wrote.

> Thanks, Sven, very helpful.  Can you recommend a good modern book on 
> networking?

The topic is quite broad today, I don't have general (or any)
recommendation at the moment.

>> > So how does one do the same thing with "modern" tools?
>>
>> I don't understand the question. Do you mean "systemd-networkd"?

> I'm indirectly referencing a long-running thread on this list about
> using ifconfig versus "modern" tools for viewing the current
> interfaces setup.

When using /e/n/interfaces and ifupdown you don't really come in contact
with "ip" or "ifconfig" directly.

> And just how does one restart the new interfaces with systemctl?

You don't. Commands like "service networking restart" have been
deprecated and partially non-functioning since at least Wheezy, because
of the internal limit of ifupdown itself.

> If I mess something up, is there any way to ssh into the remote
> system?

Unless you have an out-of-band login, for example via seriel console,
networked KVM switch or iLO/iDRAC: no. If you break the network
configuration on a hosted server, you either pay the hoster to fix it or
boot into the rescue system the hoster hopefully provides, allowing you
to mount your filesystems and fix it manually.

I, years ago, scripted a wrapper using "at" and a known-good backup
configuration, which would be copied into place and the server rebootet
if I didn't stop the at-job. That way, if I broke the configuration, I
knew the server would reboot in X minutes and be reachable again,
sparing me the drive to the housing place in the middle of the night to
fix the system.

Right now I am in the very fortunate situation of only having systems
with out-of-band management services available, removing the fear of
screwing something up fatally.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 04:21, Thomas Schmitt wrote:
> One can estimate entropy by an approximation of the best possible
> compression in the context of the knowledge of the reader.
> The compression result will generally be longer if the compressor has
> fewer knowledge about the message.

In principle, yes, but in practice, not at all. File compressors are
designed assuming that the common case will be compression of data much
longer than passwords (at least 1 MB). The behavior for message less
than 100 B long will be highly anomalous.

Moreover, the meta-data (like magic number, container, et cetera) add
overhead to the compressed file. If we interpret compressed length as
entropy this will inflate your estimate of entropy by tens of bytes,
which is enough to make it useless.

The problem trying to estimate entropy of a message M' given a prior
message M (the _context_ in your wording) can be formulated
mathematically in terms of Kolmogorov complexity. Unfortunately,
determining “the” Kolmogorov complexity of a message (given an universal
encoding scheme, for example, programs in untyped λ-calculus) is
algorithmically undecidable. Worse yet, Chaitin proved a theorem (now
called Chaitin incompleteness theorem) that for any consistent formal
system there exist a bound N such that the formal system can not prove
that “the” Kolmogorov complexity of any specific string is higher than N.

> The second password class and my knowledge about it gives me not more
> than a reduction of text bit number by 25 percent (6 bit text -> 8 bit
> binary) and a couple of bits which are harder to harvest.
> E.g. i know that a dictionary attack is of few use.  That's one bit,
> because it's the first decision i can make. Any further insight might add
> only a fraction of a bit. (It's probabilistic. So we can grind bits to dust.)

This is a somewhat oversimplified analysis. You know beforehand that a
password is almost surely a sequence of printable characters among the
allocated code points in Unicode. If you know the program in which the
password has been input, then you can know the character encoding as
well. Assuming it is UTF-8, you can discard a large fraction of all
possible 8-bit strings (not all 8-bit strings are valid UTF-8). Thus the
prior distribution has less than 8 bits of entropy per bit.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to change date and time format for quoting in Thunderbird?

[Mario Castelán Castro]

On 25/08/17 07:36, Byung-Hee HWANG (황병희, 黃炳熙) wrote:
> In Article <3af44f03-ebc9-473c-2d77-36961f66d...@yandex.com>,
>> When replying to a message in Thunderbird as packaged in Debian 9, the
>> date and time is automatically placed before the quote, like this: “On
>> 22/08/17 17:31, $NAME wrote:”. How can I change the format used for the
>> date and time? In addition, I want to change the format of $NAME to
>> include his e-mail address a well.
> 
> Sorry, i don't know Thunderbird. By the way, recently i did change them
> on Gnus (News/Email client of Emacs).

Thanks you.

I see you are using the “Message-id” field. This is not at all useful
for humans.

I do not use Gnus currently, because I do not have time to read tens of
pages of manual to configure it properly. I use GNU Emacs. Maybe in the
future I will configure an e-mail client in GNU Emacs.

However, right now Thunderbird is what I use.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

imobiledevice

[Raphaël POITEVIN]

Bonjour,

Je n’y connais rien aux iphones, j’en ai juste un en test, je me
renseigne sur la compatibilité entre ce mobile et Debian.

J’aimerais savoir ce que permet imobiledevice4. Est-il possible de
monter le téléphone comme on le ferait avec un Android et transférer de
la musique dessus ? Je suis un peu inquiet car je vois sur le Web des
solutions passant par banshee et autres, ce qui est suceptible de poser
des questions d’accessibilité avec lecteur d’écran.

Vous remerciant pour les précisions,
-- 
Raphaël
Hypra S.A.S.

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Greg Wooledge]

On Fri, Aug 25, 2017 at 10:03:07AM -0500, Tom Browder wrote:
> On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
> > One of "allow-hotplug" or "auto", not both
> 
> Any preference for either line?

Use "auto" if the network interface is a permanent one, and "allow-hotplug"
if it's a transient one (removable, whatever).

Interfaces configured as "auto" will be respected by systemd's
"network-online.target", meaning any service that you configure to
wait for network-online will wait for all "auto" interfaces to be
brought up.  It will not wait for "allow-hotplug" interfaces.

diffrérent paramètres pour e21

[bernard . schoenacker]

bonjour,

je recherche à personnaliser e21 et je ne l'ai pas trouvé ...

comment mettre un fond d'écran (photo ou illustration) pour le
bureau et le terminal

comment régler le son ?

slt
bernard

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Tom Browder]

On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
>
> Tom Browder  wrote:
>
> Before we start:
>
> "virtual ethernet devices" are something totally different than you are
> doing here. You just want to put multiple IP addresses on one interface.
>
> "virtual ethernet devices" are for example used with virtualization or
> docker, to connect an isolated VM or container through the host to the
> network.
>
> > Although not yet implemented (for fear of messing my remote host up),
> > the following has been recommended:
...
> > # The primary network interface
> > allow-hotplug eth0
> > auto eth
>
> One of "allow-hotplug" or "auto", not both

Any preference for either line?

> And you have a typo there, it should read "auto eth0".

Good catch on the typo!

> > iface eth0 inet6 static
> > address 2604:4300:a:95::2
> > netmask :::::
> > gateway 2604:4300:a:95::1
> > dns-nameservers 192.187.107.16 69.30.209.16
>
> No need to duplicate the nameservers. Also this line only gets used if
> you use the package "resolvconf". On servers with static IP
> configuration I usually get rid of this mechanism and set the
> nameservers myself in /etc/resolv.conf

Ah!  That's good advice.

> > iface eth0 inet6 static
> > address 2604:4300:a:95::6
>
> Yes, everything is fine.
>
> Side note: I'd truly randomize the IPv6 addresses, so the subnet is not
> as easily scannable from the outside.

Also good advice.

Thanks, Sven, very helpful.  Can you recommend a good modern book on networking?

> > So how does one do the same thing with "modern" tools?
>
> I don't understand the question. Do you mean "systemd-networkd"?

I'm indirectly referencing a long-running thread on this list about
using ifconfig versus "modern" tools for viewing the current
interfaces setup.

And just how does one restart the new interfaces with systemctl?

If I mess something up, is there any way to ssh into the remote system?

Thanks very much for all your help!

Best,

-Tom

Re: Question to new network device names

[David Wright]

On Fri 25 Aug 2017 at 09:22:56 (-0400), Dan Ritter wrote:
> On Fri, Aug 25, 2017 at 02:20:38AM -0400, Gene Heskett wrote:
> > On Friday 25 August 2017 01:27:47 David Wright wrote:
> > 
> > > > But what has that to do with having the proper entry's
> > > > in /etc/resolv.conf?  Whose active lines are:
> > > >
> > > > nameserver 192.168.71.1
> > > > search host,dns
> > >
> > > I can't parse ↑ this line. Are you sure your resolver can?
> > > Why does it contain a comma? Are "host" and "dns" domain names?
> > 
> > From man resolv.conf:
> > 
> > > search Search list for host-name lookup.
> >   The  search  list  is  normally determined from the local 
> > domain name; by default, it contains only the local domain
> >   name.  This may be changed by listing the desired domain 
> > search path following the search  keyword  with  spaces  or
> >   tabs  separating  the names.
> > 
> > So I have it wrong with my comma, but its been working for about 20 years 
> > that way. I'll fix it for S To continue
> 
> That search line makes the default domains to be searched
> ".host" and ".dns". Is that what you want?
> 
> I suspect what you actually want is in /etc/nsswitch.conf:

…which is in the previous line to the quotation above, so this
analogous aside has hopefully closed on a circle.

> hosts:  files dns
> 
> which means "look at /etc/hosts first, then check DNS".
> 
> This is the default, by the way, and has been for at least
> a decade. The most likely override to it is using an alternate
> name resolution protocol like Samba's winbind or such.

…and the longer version that I quoted,

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

indicates that I have libnss-mdns installed, related to avahi,
just in case someone comments.

Cheers,
David.

Re: Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

[Mario Castelán Castro]

On 24/08/17 20:51, Anonymous wrote:
> I'm seeing this in Tails [...]

Ask the tails people. This is the DEBIAN-user mailing list.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Thomas Schmitt]

Hi,

i wrote:
> > One can estimate entropy by an approximation of the best possible
> > compression in the context of the knowledge of the reader.

Mario Castelán Castro wrote:
> In principle, yes, but in practice, not at all. File compressors [...]

I wrote "estimate", "approximation", and "best possible compression".
Of course gzip is not a very good approximation even if one subtracts the
header bytes. 

Better approximations are presented in the article. Given the time spans
and computing powers which were mentioned, i'd say they performed less
than 2 exp 50 tries to crack the majority of good passwords.
I.e. the compression which is established by their enumeration can squeeze
those good passwords to less than 50 bits of size. Of course, as any lossles
compression, it has to inflate other better passwords by at least one bit.


> > The second password class and my knowledge about it gives me not more
> > than a reduction of text bit number by 25 percent (6 bit text -> 8 bit
> > binary) and a couple of bits which are harder to harvest.

> This is a somewhat oversimplified analysis.

Wasn't it you who said in
  https://lists.debian.org/debian-user/2017/08/msg01260.html
  “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”

After exploiting the "base64" part to get my 25 percent, i'd go for
/dev/urandom. man 4 urandom says:
  "[...] if  there  is  not  sufficient  entropy  in  the
   entropy  pool, the  returned  values are theoretically vulnerable to a
   cryptographic attack on the algorithms used by the  driver."

So if the non-guessable information in the password shall be near 128 bit,
then i would consider to use /dev/random while writing a little love poem
to my coputer in order to fill the pool.

But even with only 64 bit of entropy (relative to our knowledge), we are
14 bits (= factor of 16384 tries) away from the majority of "good"
passwords in the article.
The testers would have to work 44.8 years rather than a day, or wait
23.9 years until Moore's law has caught up. (Somebody should compute how
long it lasts if they start now and keep their equipment updated to the
newest level.)


Have a nice day :)

Thomas

Re: mijn e-mails

[Phil Dobbin]

On 25/08/17 10:12, Floris wrote:

> Op Thu, 24 Aug 2017 21:54:27 +0200 schreef wilfried martens
> :
> 
> Schrijf me maar uit, a.u.b.
> 
> 
> Hier lees je hoe je dat kan doen:
> https://www.debian.org/MailingLists/#subunsub

Hi Floris.

This the English speaking Debian User list. A Dutch one can be found at:



Cheers,

  Phil.

-- 
"For 50 years it was like being chained to an idiot"
Kingsley Amis on his loss of libido when he turned fifty



signature.asc
Description: OpenPGP digital signature

gmd3 fails to open X sessions on the console and on X servers using xdmcp (stretch 9.1)

[Jean-Paul Bouchet]

Hello,
A few months ago I met no difficulties to configure our debian Wheezy 
server to manage X sessions with gdm3, on the console and on a set of X 
servers (Windows PC with Cygwin/X) using xdmcp.
I was unable to retrieve this functionality after a dist-upgrade to 
Jessie (cf. https://lists.debian.org/debian-user/2016/10/msg00437.html), 
and astonished by the lack of advices from this forum and other 
channels. I hoped that Stretch could permit me to retrieve it. The 
dist-upgrade from Jessie to Stretch was perfect but let unsolved our 
problems with gdm3.
May be does it work on a fresh install ? On my upgraded server it 
doesn't and I fail to progress. I don't know whether the problems are 
due to wrong file permissions somewhere, wrong values for some 
parameters, or to problems on which I can't get a grip on, or even to 
the gdm3 package. They probably are not the same for the console and the 
xdmcp requests.
Sorry for this long email. You may find more details on 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873199.

Any advices and ideas are welcome!

1. For the console

The server reboots without any error and finishes with a last message 
telling that GNOME Display Manager has started but nothing else is 
displayed (no greeter, no prompt). I have to type Alt-Ctrl-F3 (or F4, 
F5, F6) to get a login prompt on tty3 and open a terminal on the 
console. I can also connect with ssh -X from other Linux workstations.


In /var/log/messages the first errors during the reboot could let think 
to problems between gdm and cgmanager:
Aug 22 18:38:50 my_stretch_server udev-acl.ck[4355]: g_slice_set_config: 
assertion 'sys_page_size == 0' failed
Aug 22 18:38:50 my_stretch_server udev-acl.ck[4433]: g_slice_set_config: 
assertion 'sys_page_size == 0' failed
Aug 22 18:38:50 my_stretch_server gdm-session-worker[3909]: Failed 
opening dbus connection: org.freedesktop.DBus.Error.FileNotFound: Failed 
to connect to socket /sys/fs/cgroup/cgmanager/sock: Aucun fichier ou 
dossier de ce type (No such file or directory with this type)
Aug 22 18:38:51 my_stretch_server 
/usr/lib/gdm3/gdm-wayland-session[4434]: Activating service 
name='org.freedesktop.systemd1'
Aug 22 18:38:51 my_stretch_server systemd-shim[4519]: Could not connect 
to cgmanager: Could not connect: No such file or directory
Aug 22 18:38:51 my_stretch_server systemd-shim[4519]: Unable to acquire 
bus name 'org.freedesktop.systemd1'.  Quitting.


Then a loop with the same sequence of errors until the final relief 
('too many opened files'):


Aug 22 18:40:58 my_stretch_server 
/usr/lib/gdm3/gdm-wayland-session[22118]: Unable to register display 
with display manager
Aug 22 18:40:58 my_stretch_server gdm-session-worker[22107]: Failed 
opening dbus connection: org.freedesktop.DBus.Error.FileNotFound: Failed 
to connect to socket /sys/fs/cgroup/cgmanager/sock: Aucun fichier ou 
dossier de ce type (No such file or directory with this type)
Aug 22 18:40:58 my_stretch_server gdm3: Could not start command 
'/usr/lib/gdm3/gdm-session-worker': Trop de fichiers ouverts (too many 
opened files)
Aug 22 18:40:58 my_stretch_server gdm3: Child process -22118 was already 
dead.
Aug 22 18:40:58 my_stretch_server gdm3: Child process 22107 was already 
dead.
Aug 22 18:40:58 my_stretch_server gdm3: Unable to kill session worker 
process
Aug 22 18:40:58 my_stretch_server udev-acl.ck[22141]: 
g_slice_set_config: assertion 'sys_page_size == 0' failed

which seems the last message about the problem.

Just after this reboot, gdm3 service seems happy:
systemctl -l status gdm3
● gdm.service - GNOME Display Manager
   Loaded: loaded (/lib/systemd/system/gdm.service; static; vendor 
preset: enabled)

   Active: active (running) since Tue 2017-08-22 18:38:48 CEST; 8min ago
  Process: 3849 ExecStartPre=/usr/share/gdm/generate-config 
(code=exited, status=0/SUCCESS)
  Process: 3844 ExecStartPre=/bin/sh -c [ "$(cat 
/etc/X11/default-display-manager 2>/dev/null)" = "/usr/sbin/gdm3" ] 
(code=exited, status=0/SUCCESS)

 Main PID: 3858 (gdm3)
Tasks: 3 (limit: 12288)
   CGroup: /system.slice/gdm.service
   └─3858 /usr/sbin/gdm3

... cgmanager service less:
systemctl -l status cgmanager
● cgmanager.service - Cgroup management daemon
   Loaded: loaded (/lib/systemd/system/cgmanager.service; disabled; 
vendor preset: enabled)

   Active: inactive (dead)

Curiously it seems that there has been no attempt to launch X on the 
server (Xorg.0.log not modified during the reboot), despite a loop to 
try to create and display the gdm greeter on the console (from 
/var/log/debug).


2. For xdmcp requests from other X servers

On the workstation (Windows 7), a few seconds after having launched 
Cygwin/X with 'XWin:0 -query my_stretch_server ...', I get a window with 
the following message:

A fatal error has occured and Cygwin/X will now exit.
XDMCP fatal error: Session declined Maximum number of open sessions from 
your host reached.


On the server, I see only a few lines in 

Re:

[Daniel Salmeron]

Mr. Vidocq,

S'il vous plaît, veuillez effacer nôtre adresse (debian-user-catalan) comme
destinataire dans cette chaîne de mail.

Merci beaucoup.

Dani (catalan debian list utilisateur)


El 25 ago. 2017 15:21, "max vidocq"  escribió:

Bonjour Angelique
Un édifice en restauration. Durant la Révolution, la sculpture et le
mobilier échappent pour l' essentiel à la destruction. En revanche, au
cours du xlxe siècle, l' architecture souffre du manque d' entretien. Les
architectes se succèdent mais, faute de moyens, l' état de Notre-Dame reste
préoccupant. Ce n' est qu' à partir de 1810 que l' état intervient dans le
financement des travaux. 1849-1874: Viollet-le-Duc dirige la première
grande campagne de restauration. Les deux guerres mondiales épargnent la
cathédrale.
1. Au-dessus du Beau Dieu d' Amiens, figure centrale du portail du Sauveur,
les voussures portent un impressionnant cortège d' anges, de prétres, de
femmes... parfaitement conservé.
2. La structure de la façade occidentale répond aux principes de
clarification de la scolastique médiévale.
L' harmonie d' une façade harmonique. La façade occidentale de Notre-Dame
d' Amiens est dite harmonique dans la mesure ou elle annonce l'
organisation intérieure de la cathédrale. Flanqué de ses deux tours et
ponctué par quatre puissants contreforts, le frontispice se partage en
trois travées verticales. Elles coincident avec les trois vaisseaux de la
nef et des bas-cotés, chacun desservi par un portail ouvert sous des
voussures d' une profondeur équivalente à la saillie des contreforts. Au
centre, le portail du Sauveur se déploie à la méme hauteur que les grandes
arcades internes. Le gable des portails latéraux, plus bas, se présente
sous des baies enforme de triangle curviligne qui découpent le mur dans la
lunette des voutes des collatéraux. Une hiérarchie et un équilibre dans les
proportions caractérisent ainsi le niveau des portails coiffé par une
galerie qui répond au triforium de la nef.
 Max


Envoyé à partir d’Outlook

Re: Stretch + nosystemd + VBoxGuestAdditions Quirk

[Reco]

Hi.

On Fri, 25 Aug 2017 06:15:09 -0700
Patrick Bartek  wrote:

> Have been testing Stretch with alternate inits -- sysvinit and runit to
> be specific -- in Virtualbox on a Wheezy host while leaving systemd
> files alone. Not even "pinning" them.  Well decided to see what
> removing them would do.  I followed the "Variant" option instructions
> on the Nosystemd site.
> 
>http://without-systemd.org/wiki/index.php/Debian_Stretch
> 
> No problems until I installed the VBoxGuestAddditions.  Startx would
> only work if run by root.  Run by user got $DiISPLAY environment
> error.  Couldn't find screen.
 
> Anyone got any ideas.  Everything works fine if GuestAdditions not
> installed.

It's been awhile since I poked VirtualBox but I get that suspicion that
Xorg module provided by VirtualBox needs root access to do its job.

So, I'd start with installing 'xserver-xorg-legacy' package.

Reco

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Sven Hartge]

Tom Browder  wrote:

Before we start:

"virtual ethernet devices" are something totally different than you are
doing here. You just want to put multiple IP addresses on one interface.

"virtual ethernet devices" are for example used with virtualization or
docker, to connect an isolated VM or container through the host to the
network.

> Although not yet implemented (for fear of messing my remote host up),
> the following has been recommended:

> #=
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).

> # The loopback network interface
> auto lo
> iface lo inet loopback

> # The primary network interface
> allow-hotplug eth0
> auto etho

One of "allow-hotplug" or "auto", not both. And you have a typo there,
it should read "auto eth0".

> iface eth0 inet static
> address 142.54.186.2
> netmask 255.255.255.248
> gateway 142.54.186.1
> dns-nameservers 192.187.107.16 69.30.209.16
> iface eth0 inet static
> address 142.54.186.3
> iface eth0 inet static
> address 142.54.186.4
> iface eth0 inet static
> address 142.54.186.5
> iface eth0 inet static
> address 142.54.186.6
> iface eth0 inet6 static
> address 2604:4300:a:95::2
> netmask :::::
> gateway 2604:4300:a:95::1
> dns-nameservers 192.187.107.16 69.30.209.16

No need to duplicate the nameservers. Also this line only gets used if
you use the package "resolvconf". On servers with static IP
configuration I usually get rid of this mechanism and set the
nameservers myself in /etc/resolv.conf

> iface eth0 inet6 static
> address 2604:4300:a:95::3
> iface eth0 inet6 static
> address 2604:4300:a:95::4
> iface eth0 inet6 static
> address 2604:4300:a:95::5
> iface eth0 inet6 static
> address 2604:4300:a:95::6

Yes, everything is fine. 

Side note: I'd truly randomize the IPv6 addresses, so the subnet is not
as easily scannable from the outside.

> So how does one do the same thing with "modern" tools?

I don't understand the question. Do you mean "systemd-networkd"?

Grüße,
S°

-- 
Sigmentation fault. Core dumped.

Re:

[Daniel Salmeron]

Hola, parlen d'història de l'art, cal que contacti amb ells o hi ha algun
filtre de spam?

Dani.

El 25 ago. 2017 16:04, "Jordi Boixader"  escribió:

Algú sap francés? Algú sap de que va això? No paren d'enviar correus diaris
a la llista.

Bon jour

On dv., 25 ag. 2017, 15:21 max vidocq  wrote:

> Bonjour Angelique
> Un édifice en restauration. Durant la Révolution, la sculpture et le
> mobilier échappent pour l' essentiel à la destruction. En revanche, au
> cours du xlxe siècle, l' architecture souffre du manque d' entretien. Les
> architectes se succèdent mais, faute de moyens, l' état de Notre-Dame reste
> préoccupant. Ce n' est qu' à partir de 1810 que l' état intervient dans le
> financement des travaux. 1849-1874: Viollet-le-Duc dirige la première
> grande campagne de restauration. Les deux guerres mondiales épargnent la
> cathédrale.
> 1. Au-dessus du Beau Dieu d' Amiens, figure centrale du portail du
> Sauveur, les voussures portent un impressionnant cortège d' anges, de
> prétres, de femmes... parfaitement conservé.
> 2. La structure de la façade occidentale répond aux principes de
> clarification de la scolastique médiévale.
> L' harmonie d' une façade harmonique. La façade occidentale de Notre-Dame
> d' Amiens est dite harmonique dans la mesure ou elle annonce l'
> organisation intérieure de la cathédrale. Flanqué de ses deux tours et
> ponctué par quatre puissants contreforts, le frontispice se partage en
> trois travées verticales. Elles coincident avec les trois vaisseaux de la
> nef et des bas-cotés, chacun desservi par un portail ouvert sous des
> voussures d' une profondeur équivalente à la saillie des contreforts. Au
> centre, le portail du Sauveur se déploie à la méme hauteur que les grandes
> arcades internes. Le gable des portails latéraux, plus bas, se présente
> sous des baies enforme de triangle curviligne qui découpent le mur dans la
> lunette des voutes des collatéraux. Une hiérarchie et un équilibre dans les
> proportions caractérisent ainsi le niveau des portails coiffé par une
> galerie qui répond au triforium de la nef.
>  Max
>
>
> Envoyé à partir d’Outlook
>
-- 

Correu enviat des del mòbil,  perdoneu la brevetat.

http://jordi.boixader.com

How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Tom Browder]

I am currently defining my devices like this in file /etc/network/interfaces:

#=
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 142.54.186.2
  netmask 255.255.255.248
  gateway 142.54.186.1
  dns-nameservers 192.187.107.16 69.30.209.16

  # added alias IPv4s:
  up   ip addr add 142.54.186.3/29 dev $IFACE label $IFACE:0
  down ip addr del 142.54.186.3/29 dev $IFACE label $IFACE:0

  up   ip addr add 142.54.186.4/29 dev $IFACE label $IFACE:1
  down ip addr del 142.54.186.4/29 dev $IFACE label $IFACE:1

  up   ip addr add 142.54.186.5/29 dev $IFACE label $IFACE:2
  down ip addr del 142.54.186.5/29 dev $IFACE label $IFACE:2

  up   ip addr add 142.54.186.6/29 dev $IFACE label $IFACE:3
  down ip addr del 142.54.186.6/29 dev $IFACE label $IFACE:3
#=

I would like to add a large chunk (say 20) of my IPv6 addresses, too.

Although not yet implemented (for fear of messing my remote host up),
the following has been recommended:

#=
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
auto etho
iface eth0 inet static
address 142.54.186.2
netmask 255.255.255.248
gateway 142.54.186.1
dns-nameservers 192.187.107.16 69.30.209.16
iface eth0 inet static
address 142.54.186.3
iface eth0 inet static
address 142.54.186.4
iface eth0 inet static
address 142.54.186.5
iface eth0 inet static
address 142.54.186.6
iface eth0 inet6 static
address 2604:4300:a:95::2
netmask :::::
gateway 2604:4300:a:95::1
dns-nameservers 192.187.107.16 69.30.209.16
iface eth0 inet6 static
address 2604:4300:a:95::3
iface eth0 inet6 static
address 2604:4300:a:95::4
iface eth0 inet6 static
address 2604:4300:a:95::5
iface eth0 inet6 static
address 2604:4300:a:95::6
#=


FYI, here is a chunk of the output of "dmesg | grep -i eth":

#=
[0.898483] e1000e :09:00.0 eth0: (PCI Express:2.5GT/s:Width
x4) 00:1e:68:2e:df:be
[0.898486] e1000e :09:00.0 eth0: Intel(R) PRO/1000 Network Connection
[0.898564] e1000e :09:00.0 eth0: MAC: 5, PHY: 5, PBA No: FF-0FF
[9.525606] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   11.846375] e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow
Control: Rx/Tx
[   11.846877] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
#=

So how does one do the same thing with "modern" tools?

Thanks.

-Tom

Re:

[Jordi Boixader]

Algú sap francés? Algú sap de que va això? No paren d'enviar correus diaris
a la llista.

Bon jour

On dv., 25 ag. 2017, 15:21 max vidocq  wrote:

> Bonjour Angelique
> Un édifice en restauration. Durant la Révolution, la sculpture et le
> mobilier échappent pour l' essentiel à la destruction. En revanche, au
> cours du xlxe siècle, l' architecture souffre du manque d' entretien. Les
> architectes se succèdent mais, faute de moyens, l' état de Notre-Dame reste
> préoccupant. Ce n' est qu' à partir de 1810 que l' état intervient dans le
> financement des travaux. 1849-1874: Viollet-le-Duc dirige la première
> grande campagne de restauration. Les deux guerres mondiales épargnent la
> cathédrale.
> 1. Au-dessus du Beau Dieu d' Amiens, figure centrale du portail du
> Sauveur, les voussures portent un impressionnant cortège d' anges, de
> prétres, de femmes... parfaitement conservé.
> 2. La structure de la façade occidentale répond aux principes de
> clarification de la scolastique médiévale.
> L' harmonie d' une façade harmonique. La façade occidentale de Notre-Dame
> d' Amiens est dite harmonique dans la mesure ou elle annonce l'
> organisation intérieure de la cathédrale. Flanqué de ses deux tours et
> ponctué par quatre puissants contreforts, le frontispice se partage en
> trois travées verticales. Elles coincident avec les trois vaisseaux de la
> nef et des bas-cotés, chacun desservi par un portail ouvert sous des
> voussures d' une profondeur équivalente à la saillie des contreforts. Au
> centre, le portail du Sauveur se déploie à la méme hauteur que les grandes
> arcades internes. Le gable des portails latéraux, plus bas, se présente
> sous des baies enforme de triangle curviligne qui découpent le mur dans la
> lunette des voutes des collatéraux. Une hiérarchie et un équilibre dans les
> proportions caractérisent ainsi le niveau des portails coiffé par une
> galerie qui répond au triforium de la nef.
>  Max
>
>
> Envoyé à partir d’Outlook
>
-- 

Correu enviat des del mòbil,  perdoneu la brevetat.

http://jordi.boixader.com

Re: DHCP server that itself gets an IP address by DHCP

[Greg Wooledge]

On Fri, Aug 25, 2017 at 10:12:07PM +0900, Mark Fletcher wrote:
> However, now, based on your response I am thinking the AirStation is 
> just forwarding the DNS queries on to the nameservers it is given in 
> response to its DHCP query, and not actually caching anything...

Very likely, yes.

> would a nameserver need a lot of memory / disk space? The 
> machine has a 32GB SSD, of which about 15GB is free, and 4GB of RAM, of 
> which according to top about 1.8GB is free...

That is plenty of memory for a caching resolver.  Luxury!

As a real-world example,  (which
is what I use) uses about 2 MB of RAM in a small-network configuration.
It doesn't say so on that page, but the default value of CACHESIZE is
100 (a million bytes).  So, figure about 1 MB plus however high you
set the CACHESIZE variable.

I can't speak for other DNS resolvers.  BIND in particular may be quite
bloated, and would not be my choice for a new setup.

je ne savais pas que la solitude epuise

[daniel.delage]

‌

Stretch + nosystemd + VBoxGuestAdditions Quirk

[Patrick Bartek]

Have been testing Stretch with alternate inits -- sysvinit and runit to
be specific -- in Virtualbox on a Wheezy host while leaving systemd
files alone. Not even "pinning" them.  Well decided to see what
removing them would do.  I followed the "Variant" option instructions
on the Nosystemd site.

   http://without-systemd.org/wiki/index.php/Debian_Stretch

No problems until I installed the VBoxGuestAddditions.  Startx would
only work if run by root.  Run by user got $DiISPLAY environment
error.  Couldn't find screen.

I started with a basic install -- terminal only -- adding xorg and
openbox, etc. Same problem if I did the nosystemd thing with a
default install of the LXDE desktop which strangely after would boot to
a terminal for login instead of the graphic display manager.

Anyone got any ideas.  Everything works fine if GuestAdditions not
installed.

B

Re: sourceforge ou autre

[Haricophile]

Le Thu, 24 Aug 2017 16:23:28 +0200,
"David S."  a écrit :

> Tout est github maintenant... 

tout peut-être pas mais beaucoup. Il y a aussi du googlecode et autres
qui traînent.

-- 
haricoph...@aranha.fr 

Re: Question to new network device names

[Dan Ritter]

On Fri, Aug 25, 2017 at 02:20:38AM -0400, Gene Heskett wrote:
> On Friday 25 August 2017 01:27:47 David Wright wrote:
> 
> > > But what has that to do with having the proper entry's
> > > in /etc/resolv.conf?  Whose active lines are:
> > >
> > > nameserver 192.168.71.1
> > > search host,dns
> >
> > I can't parse ↑ this line. Are you sure your resolver can?
> > Why does it contain a comma? Are "host" and "dns" domain names?
> 
> From man resolv.conf:
> 
> > search Search list for host-name lookup.
>   The  search  list  is  normally determined from the local 
> domain name; by default, it contains only the local domain
>   name.  This may be changed by listing the desired domain search 
> path following the search  keyword  with  spaces  or
>   tabs  separating  the names.
> 
> So I have it wrong with my comma, but its been working for about 20 years 
> that way. I'll fix it for S To continue

That search line makes the default domains to be searched
".host" and ".dns". Is that what you want?

I suspect what you actually want is in /etc/nsswitch.conf:

hosts:  files dns

which means "look at /etc/hosts first, then check DNS".

This is the default, by the way, and has been for at least
a decade. The most likely override to it is using an alternate
name resolution protocol like Samba's winbind or such.

-dsr-

[no subject]

[max vidocq]

Bonjour Angelique
Un édifice en restauration. Durant la Révolution, la sculpture et le mobilier 
échappent pour l' essentiel à la destruction. En revanche, au cours du xlxe 
siècle, l' architecture souffre du manque d' entretien. Les architectes se 
succèdent mais, faute de moyens, l' état de Notre-Dame reste préoccupant. Ce n' 
est qu' à partir de 1810 que l' état intervient dans le financement des 
travaux. 1849-1874: Viollet-le-Duc dirige la première grande campagne de 
restauration. Les deux guerres mondiales épargnent la cathédrale.
1. Au-dessus du Beau Dieu d' Amiens, figure centrale du portail du Sauveur, les 
voussures portent un impressionnant cortège d' anges, de prétres, de femmes... 
parfaitement conservé.
2. La structure de la façade occidentale répond aux principes de clarification 
de la scolastique médiévale.
L' harmonie d' une façade harmonique. La façade occidentale de Notre-Dame d' 
Amiens est dite harmonique dans la mesure ou elle annonce l' organisation 
intérieure de la cathédrale. Flanqué de ses deux tours et ponctué par quatre 
puissants contreforts, le frontispice se partage en trois travées verticales. 
Elles coincident avec les trois vaisseaux de la nef et des bas-cotés, chacun 
desservi par un portail ouvert sous des voussures d' une profondeur équivalente 
à la saillie des contreforts. Au centre, le portail du Sauveur se déploie à la 
méme hauteur que les grandes arcades internes. Le gable des portails latéraux, 
plus bas, se présente sous des baies enforme de triangle curviligne qui 
découpent le mur dans la lunette des voutes des collatéraux. Une hiérarchie et 
un équilibre dans les proportions caractérisent ainsi le niveau des portails 
coiffé par une galerie qui répond au triforium de la nef.
 Max


Envoyé à partir d’Outlook

Re: Script con output de comando

[Josu Lazkano]

Muchas gracias!!!

if  echo 'pow 0' | cec-client -s -d 1 | grep "status: on"   >
/dev/null ; then echo prendida  ; else echo apagada ; fi

Me funciona perfectamente. El bash -x me viene muy bien para poder
depurar el codigo.

Un saludo a todos.

-- 
Josu Lazkano

Re: DHCP server that itself gets an IP address by DHCP

[Mark Fletcher]

On Fri, Aug 25, 2017 at 08:14:29AM -0400, Greg Wooledge wrote:
> On Fri, Aug 25, 2017 at 07:34:16AM +0900, Mark Fletcher wrote:
> > On Thu, Aug 24, 2017 at 04:39:13PM -0400, Greg Wooledge wrote:
> > > I strongly recommend just running your own caching DNS resolver on the
> > > DHCP server host.  ISP nameservers are often slow and unreliable.
> > 
> > OK, thanks for the advice. One possibly stupid question though... 
> > whenever a DNS server running on my own firewall doesn't have an answer 
> > to a DHCP query, it is going to broadcast it out... to the ISP's DNS 
> > servers, no?
> 
> DHCP and DNS are two separate things.

Sorry, that was a typo, I meant "DNS query" not "DHCP query". I do 
understand the difference although I recognise that what I wrote above 
would seem to imply I don't.
> 
> If your firewall box is running a nameserver (i.e. a caching DNS
> resolver), and if the LAN clients are configured to use that
> nameserver, then no queries are ever sent to your ISP's nameservers
> at all.  Your caching resolver does all the work, talking directly
> to the root servers, and the .COM servers, and so on.
> 

Strictly speaking the LAN clients will be using the AirStation's 
nameserver, and I'd be configuring it to use this hypothetical new 
nameserver on the firewall box by having the DHCP server on my firewall 
send it the internal IP of the firewall as its nameserver. Why? Because 
the AirStation is already providing a nameserver to my LAN, and as I 
mentioned I want to futz minimally with the AirStation's configuration.

Thanks for the clarification about what the nameserver would do -- I had 
imagined it would answer DNS queries from the AirStation that it knows 
the answers to, and pass through queries it didn't know the answer to to 
some "upstream" nameserver, presumably noting the response so it knows 
next time. I assumed that is what the nameserver on the AirStation is 
doing, otherwise it wouldn't need to be told the ISP's nameservers, and 
I know from early misconfigurations of my firewall's DHCP server that if 
I give the AirStation bollix nameservers in response to its DHCP 
request, its ability to resolve anything breaks...

However, now, based on your response I am thinking the AirStation is 
just forwarding the DNS queries on to the nameservers it is given in 
response to its DHCP query, and not actually caching anything... So in 
your proposed configuration, a DNS query from a machine on my LAN would 
be picked up by the AirStation, forwarded to the firewall machine 
(because the AirStation was given the address of the firewall machine as 
a nameserver in response to its DHCP query), and that machine would 
actually be runnning a proper nameserver which would either already know 
the answer to the query or would interact with other DNS servers to get 
it. Right?

If that is actually caching everything by talking to root servers, .com 
servers etc, doesn't that take up a lot of space? The firewall box isn't 
a particularly beefy machine, by any measure -- memory, disk space, etc. 
It's enough to do the firewall job, and answer the occasional DHCP 
query, but would a nameserver need a lot of memory / disk space? The 
machine has a 32GB SSD, of which about 15GB is free, and 4GB of RAM, of 
which according to top about 1.8GB is free... And as I say, it is my 
firewall, a very light-load DHCP server, and does a cameo role as my 
OpenVPN server when I'm travelling on business.

Thanks for your patience in explaining this -- I'm learning a lot.

Mark

paquets en demande de suppression par une mise à jour

[MERLIN Philippe]

Bonjour,
Mon système est une Debian Sid AMD64 à jour.
Actuellement la commande apt-get dist-upgrade supprime 40 paquets si certains 
viennent de Kde et sont explicables car produit par la mise à jour QT 5.7--
>QT5.9, la suppression de toutes les versions g++ et des libstdc++ me semble 
sans raison. Savez vous quelle mise à jour crée ce problème ?  Merci si vous 
pouvez éclairez ma lanterne.
Philippe Merlin

Re: which display manager would you suggest for Stretch?

[Hans]

Hi, 

I suppose, it is based on the personal preferences. Many people will use gdm3, 
as Gnome is the default login manager.

However, I believe, that those, who were using kdm (like me) just would not 
notice, that kdm disappeared, as it will not be deinstalled during full-
upgrade.

Ok, what else? Well, sddm will not be usable for those people, who are using 
nvidia's proprietrary driver, as using them, sddm will not start.

I am running sddm on my EEEPC 1005HGO, which from the view and setting options 
I liked very much. 

However, at last I changed to lightdm, as the starting of sddm on this "slow" 
system (1,66GHz) is lasting about 1 minute, whilst lightdm is started below 10 
seconds. So, lightdm is my personal choice. 

However, no one is hindered to download kdm from backports, it is running very 
well on debian/testing.

So, hope, it does make things clearer.

Best regards

Hans 

Re: I: Dopo averti visto qui sono in guai seri Debora

[valentina . dobici]

> Il 25 agosto 2017 alle 14.17 claudio cascioli  
> ha scritto:
> 
> 
> 
> chi sei???
> 
> 
> -
> Da: Debora Sensationglobal 
> Inviato: giovedì 17 agosto 2017 09:30
> A: debian-user@lists.debian.org
> Oggetto: Dopo averti visto qui sono in guai seri Debora
>  
> 
> Ora mi sento profondamente costernata, vorresti parlare con me?
> http://bit.ly/2uRMu60
> 

Re: How to change date and time format for quoting in Thunderbird?

[Byung-Hee HWANG (황병희, 黃炳熙)]

In Article <3af44f03-ebc9-473c-2d77-36961f66d...@yandex.com>,
 Mario Castelán Castro  writes:

> When replying to a message in Thunderbird as packaged in Debian 9, the
> date and time is automatically placed before the quote, like this: “On
> 22/08/17 17:31, $NAME wrote:”. How can I change the format used for the
> date and time? In addition, I want to change the format of $NAME to
> include his e-mail address a well.

Sorry, i don't know Thunderbird. By the way, recently i did change them
on Gnus (News/Email client of Emacs).

Sincerely, Byung-Hee.

-- 
^고맙습니다 _白衣從軍_ 감사합니다_^))//

Re: which display manager would you suggest for Stretch?

[rhkramer]

On Friday, August 25, 2017 06:59:29 AM rhkra...@gmail.com wrote:
> On Friday, August 25, 2017 01:17:10 AM kamaraju kusumanchi wrote:
> > To look at a few of the famous packages in this, one has to either
> > scroll up or pipe the output to head. With the current sorting method,
> > you can keep eyes closer to the command line and still get all the
> > important information.
> 
> I'm not the op, but I'd just like to say: good thinking!

Oh, on looking again, I remembered a question--what do those numbers 
represent?  When I first saw the list, in order with the higher numbers first, 
I 
thought maybe the numbers represented something like number of downloads, but, 
once I knew the order was in inverse order, I realized that was not the case.

What do those numbers represent / where do they come from?

Re: désinstaller un paquet qui bloque

[bernard . schoenacker]

- Mail original -

> De: "Belaïd" 
> À: "Belaïd MOUNSI" 
> Cc: "debian-user-french@lists.debian.org French"
> 
> Envoyé: Vendredi 25 Août 2017 14:00:28
> Objet: Re: désinstaller un paquet qui bloque

> Bonjour,

> Que donne la commande: apt-get autoremove --purge ?
bonjour, 

voici le résultat de la commande : 

apt-get remove --purge enlightenment libefl 
Lecture des listes de paquets... Fait 
Construction de l'arbre des dépendances 
Lecture des informations d'état... Fait 
Le paquet « libefl » n'est pas installé, et ne peut donc être supprimé 
Vous pouvez lancer « apt --fix-broken install » pour corriger ces problèmes. 
Les paquets suivants contiennent des dépendances non satisfaites : 
libefl-bin : Dépend: libefl (>= 1.20.1-1) mais ne sera pas installé 
terminology : Dépend: libefl (>= 1.19.0-1) mais ne sera pas installé 
E: Dépendances non satisfaites. Essayez « apt --fix-broken install » sans 
paquet 
(ou indiquez une solution). 

et j'ai fait une recherche sur le moteur qui rend gogol : 
libefl 1.20.1-1 amd64 
voici la source : 
https://unix.stackexchange.com/questions/273968/apt-unmet-dependecies-libefl-bin#273979
 

la solution : 
dpkg --force-all -i /var/cache/apt/archives/libefl-bin_1.20.2-1_amd64.deb 
dpkg --force-all -i /var/cache/apt/archives/libefl_1.20.2-1_amd64.deb 
dpkg --force-all -i /var/cache/apt/archives/libefl-data_1.20.2-1_all.deb 
apt-get -f install 

tout est rentré dans l'ordre 

slt 
bernard 

Re: DHCP server that itself gets an IP address by DHCP

[Greg Wooledge]

On Fri, Aug 25, 2017 at 07:28:00AM +0900, Mark Fletcher wrote:
> And, is dhclient a separate piece of software from systemd.networkd? 

Yes.

Re: DHCP server that itself gets an IP address by DHCP

[Greg Wooledge]

On Fri, Aug 25, 2017 at 07:34:16AM +0900, Mark Fletcher wrote:
> On Thu, Aug 24, 2017 at 04:39:13PM -0400, Greg Wooledge wrote:
> > I strongly recommend just running your own caching DNS resolver on the
> > DHCP server host.  ISP nameservers are often slow and unreliable.
> 
> OK, thanks for the advice. One possibly stupid question though... 
> whenever a DNS server running on my own firewall doesn't have an answer 
> to a DHCP query, it is going to broadcast it out... to the ISP's DNS 
> servers, no?

DHCP and DNS are two separate things.

DHCP is what your clients systems on your Local Area Network use to
get their IP addresses and netmasks and default gateways.  And possibly
also their list of DNS nameserver IP addresses, if you don't just
configure that locally.

DNS is the protocol used to look up domain names and get back IP
addreses, or vice versa.

If your firewall box is running a nameserver (i.e. a caching DNS
resolver), and if the LAN clients are configured to use that
nameserver, then no queries are ever sent to your ISP's nameservers
at all.  Your caching resolver does all the work, talking directly
to the root servers, and the .COM servers, and so on.

Re: désinstaller un paquet qui bloque

[Belaïd]

Bonjour,

Que donne la commande: apt-get autoremove --purge ?


Garanti
sans virus. www.avast.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Le 25 août 2017 à 11:35,  a écrit :

>
>
> - Mail original -
> > De: "bernard schoenacker" 
> > À: "debian-user-french@lists.debian.org French" <
> debian-user-french@lists.debian.org>
> > Envoyé: Vendredi 25 Août 2017 12:25:26
> > Objet: désinstaller un paquet qui bloque
> >
> > bonjour,
> >
> > j'ai voulu installer libefl pour éprouver enlightement
> > et ça a foiré maintenant je n'arrive pas à le désinstaller
> >
> > comment faire ?
> >
> > slt
> > bernard
> >
>
> bonjour,
>
> désolé, j'ai été trop rapide à rédiger :
>
> apt-get remove --purge enlightenment
> Lecture des listes de paquets... Fait
> Construction de l'arbre des dépendances
> Lecture des informations d'état... Fait
> Vous pouvez lancer « apt --fix-broken install » pour corriger ces
> problèmes.
> Les paquets suivants contiennent des dépendances non satisfaites :
>  libefl-bin : Dépend: libefl (>= 1.20.1-1) mais ne sera pas installé
>  terminology : Dépend: libefl (>= 1.19.0-1) mais ne sera pas installé
> E: Dépendances non satisfaites. Essayez « apt --fix-broken install » sans
> paquet
>(ou indiquez une solution).
>
> apt-get install -f
> Lecture des listes de paquets... Fait
> Construction de l'arbre des dépendances
> Lecture des informations d'état... Fait
> Correction des dépendances... Fait
> The following additional packages will be installed:
>   libefl
> Les NOUVEAUX paquets suivants seront installés :
>   libefl
> 0 mis à jour, 1 nouvellement installés, 0 à enlever et 84 non mis à jour.
> 4 partiellement installés ou enlevés.
> Il est nécessaire de prendre 0 o/3 995 ko dans les archives.
> Après cette opération, 15,0 Mo d'espace disque supplémentaires seront
> utilisés.
> Souhaitez-vous continuer ? [O/n]
> dpkg: avertissement: le fichier contenant la liste des fichiers du paquet
> « libefl-data » étant manquant, il est considéré qu'aucun fichier du paquet
> n'est actuellement installé
> (Lecture de la base de données... 563815 fichiers et répertoires déjà
> installés.)
> Préparation du dépaquetage de .../libefl_1.20.2-1_amd64.deb ...
> Dépaquetage de libefl (1.20.2-1) ...
> dpkg: erreur de traitement de l'archive 
> /var/cache/apt/archives/libefl_1.20.2-1_amd64.deb
> (--unpack) :
>  tentative de remplacement de « /usr/lib/x86_64-linux-gnu/evas/utils/
> evas_image_loader.ps », qui appartient aussi au paquet
> libevas-loaders:amd64 1.8.1-2+b4
> dpkg-deb: erreur: le sous-processus coller a été tué par le signal (Relais
> brisé (pipe))
> Des erreurs ont été rencontrées pendant l'exécution :
>  /var/cache/apt/archives/libefl_1.20.2-1_amd64.deb
> needrestart is being skipped since dpkg has failed
> E: Sub-process /usr/bin/dpkg returned an error code (1)
>
>
> bref comment tout supprimer enlightement et ses dépendances ?
>
> même s'il faut le faire à la main
>
> slt
> bernard
>
>


-- 
< Belaid >

Re: Question to new network device names

[Hans]

Hi all, 

with great interest I read all your discusssions. They were very interesting 
and I got a lot of informations. Thanks for it!

I still wondered, if the new naming scheme is more usable for unexperienced 
users, say, someone with a notebook and often changing devices, like usb-
drives, usb-sticks, wlan-sticks, gsm-sticks, mice, keyboard and so on.

I am not sure, the kernel will recognize them after a lot of use during a 
longer time. 

The other thing, I thought of: If the kernel decides, which one is the first 
network card, and which is the second, maybe this is not the line I want it, 
maybe I want it in another line, say: first ethernet is onboard, second the 1GB 
pci-card, third the pci-wireless card, fourth the usb-gsm-card.

But as I understood, the kernel telles, which one is the number 1, 2, 3 and so 
on.

I am looking at the view of an ordinary user. A user, who wants to make 
backups on an external drive, using unison or back-in-time. For me it is 
simple, to manually mount the drive with the correct folder, an unexprienced 
user expects the extrnal hard drive to be automaticlly mounted to the required 
folder - regardless which of his 5 hard-drives he chooses.

IMO, although I believe to understand the thoughts of the new scheme, I also 
believe, there are still lots of trouble following.

Last but not least, it looks like most livefile systems (i.e. kali linux) seem 
still use the old style. Maybe it is because on rescue systems people are more 
comfortable with it.

Have a nice weekend!

Best regards

Hans 

R: Vorresti? Davvero? Perché no? Giorgia

[fiorenzo.fi...@virgilio.it]

ti lascio il mio numero 3471198164  fiorenzo spero che ci possiamo vedere 
aspetto una tua chiamata


>Messaggio originale
>Da: "Giorgia Salmanbhai" 
>Data: 5-ago-2017 13.32
>A: 
>Ogg: Vorresti? Davvero? Perché no? Giorgia
>
>
>
>Vieni tra le mie braccia – parliamo un po' 
>http://bit.ly/2ubrGWC
>

Re: which display manager would you suggest for Stretch?

[rhkramer]

On Friday, August 25, 2017 01:17:10 AM kamaraju kusumanchi wrote:
> To look at a few of the famous packages in this, one has to either
> scroll up or pipe the output to head. With the current sorting method,
> you can keep eyes closer to the command line and still get all the
> important information.

I'm not the op, but I'd just like to say: good thinking!

Re: désinstaller un paquet qui bloque

[bernard . schoenacker]

- Mail original -
> De: "bernard schoenacker" 
> À: "debian-user-french@lists.debian.org French" 
> 
> Envoyé: Vendredi 25 Août 2017 12:25:26
> Objet: désinstaller un paquet qui bloque
> 
> bonjour,
> 
> j'ai voulu installer libefl pour éprouver enlightement
> et ça a foiré maintenant je n'arrive pas à le désinstaller
> 
> comment faire ?
> 
> slt
> bernard
> 

bonjour,

désolé, j'ai été trop rapide à rédiger :

apt-get remove --purge enlightenment
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances   
Lecture des informations d'état... Fait
Vous pouvez lancer « apt --fix-broken install » pour corriger ces problèmes.
Les paquets suivants contiennent des dépendances non satisfaites :
 libefl-bin : Dépend: libefl (>= 1.20.1-1) mais ne sera pas installé
 terminology : Dépend: libefl (>= 1.19.0-1) mais ne sera pas installé
E: Dépendances non satisfaites. Essayez « apt --fix-broken install » sans paquet
   (ou indiquez une solution).

apt-get install -f
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances   
Lecture des informations d'état... Fait
Correction des dépendances... Fait
The following additional packages will be installed:
  libefl
Les NOUVEAUX paquets suivants seront installés :
  libefl
0 mis à jour, 1 nouvellement installés, 0 à enlever et 84 non mis à jour.
4 partiellement installés ou enlevés.
Il est nécessaire de prendre 0 o/3 995 ko dans les archives.
Après cette opération, 15,0 Mo d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n] 
dpkg: avertissement: le fichier contenant la liste des fichiers du paquet « 
libefl-data » étant manquant, il est considéré qu'aucun fichier du paquet n'est 
actuellement installé
(Lecture de la base de données... 563815 fichiers et répertoires déjà 
installés.)
Préparation du dépaquetage de .../libefl_1.20.2-1_amd64.deb ...
Dépaquetage de libefl (1.20.2-1) ...
dpkg: erreur de traitement de l'archive 
/var/cache/apt/archives/libefl_1.20.2-1_amd64.deb (--unpack) :
 tentative de remplacement de « 
/usr/lib/x86_64-linux-gnu/evas/utils/evas_image_loader.ps », qui appartient 
aussi au paquet libevas-loaders:amd64 1.8.1-2+b4
dpkg-deb: erreur: le sous-processus coller a été tué par le signal (Relais 
brisé (pipe))
Des erreurs ont été rencontrées pendant l'exécution :
 /var/cache/apt/archives/libefl_1.20.2-1_amd64.deb
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)


bref comment tout supprimer enlightement et ses dépendances ?

même s'il faut le faire à la main

slt
bernard

amicizia

[simba moto]

ciao! sono ineressato a te,scrivimi

désinstaller un paquet qui bloque

[bernard . schoenacker]

bonjour,

j'ai voulu installer libefl pour éprouver enlightement 
et ça a foiré maintenant je n'arrive pas à le désinstaller

comment faire ?

slt
bernard

Re: DVD won't eject after playing DVD

[Rob van der Putten]

Hi there


On 20/08/17 17:59, Rob van der Putten wrote:


An other bit stretch 'weirdness':
After playing a DVD with VLC, the eject button is dysfunctional and I 
have to type 'eject' on the command line to get it to eject.


Found an other one;
File type icons are missing in a file listing. ^L fixes this.


How do I fix this?



Regards,
Rob

Re: ALs je weet hoe moe ik ben van alleen zijn Ella

[Lex]

Ik wens geen mail meer van u te ontvangen.
Hou die klerezooi bij je !

Verstuurd vanaf mijn iPad

> Op 25 aug. 2017 om 09:35 heeft Ella Ferretto  het volgende 
> geschreven:
> 
> Wil je mijn ster zijn vanavond? 
> http://bit.ly/2wLIV4M

Re: One-line password generator

[Thomas Schmitt]

Hi,

Curt wrote:
> https://xkcd.com/936/

Well, this is a joke for mathematicians. ROFL et.al.

> https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

... and this lines out why the other is so funny.


So what is the reason why
  IhaveaMemorablePasswordwhichIwillnotforget!
is an easy victim of the described methods, whereas
  WVAq7XLM4va6e1A4Bb4+Zw
is probably not ?

The amount of information and redundancy in a message is relative
to the knowledge of the reader. So giving an absolute value of
information aka entropy is questionable.

One can estimate entropy by an approximation of the best possible
compression in the context of the knowledge of the reader.
The compression result will generally be longer if the compressor has
fewer knowledge about the message.

In the given case the message is the password and helpful knowledge
would be about systematic weaknesses of its production. E.g. if the
password scheme is published as a cartoon.

Although the first example yields a longer gzip result than the second one,
one must not ignore the problem of specialized compressors which can
concisely represent some classes of passwords, thus defining short
enumerations of these passwords.

In the case of the first password, a dictionary based attack looks
promising. Camelback style actually helps the attacker.
Dictionary attacks are well suited for being run by bot nets.
The Markov attack mentioned on page 2 of the sincere article is quite
frightning. (Are you different enough from your neighbor ?)

The second password class and my knowledge about it gives me not more
than a reduction of text bit number by 25 percent (6 bit text -> 8 bit
binary) and a couple of bits which are harder to harvest.
E.g. i know that a dictionary attack is of few use.  That's one bit,
because it's the first decision i can make. Any further insight might add
only a fraction of a bit. (It's probabilistic. So we can grind bits to dust.)


Have a nice day :)

Thomas

Re: which display manager would you suggest for Stretch?

[Michael Lange]

On Fri, 25 Aug 2017 01:17:10 -0400
kamaraju kusumanchi  wrote:

(...)
> it will list the most popular package first. However, I left the
> default as is. I prefer having the most popular package at the bottom
> as it minimizes "the eyeball movement". Consider, for example, a
> command that produces multiple pages of output such as
> 
> % apt-cache search "^vim-" --names-only | popsort.py
> 
> To look at a few of the famous packages in this, one has to either
> scroll up or pipe the output to head. With the current sorting method,
> you can keep eyes closer to the command line and still get all the
> important information.

Ok, I see.. good point! I admit I did not think of this. Thanks for
explaining.

Best regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Many Myths are based on truth
-- Spock, "The Way to Eden",  stardate 5832.3

Re: mijn e-mails

[Floris]

Op Thu, 24 Aug 2017 21:54:27 +0200 schreef wilfried martens  
:



Schrijf me maar uit, a.u.b.


Hier lees je hoe je dat kan doen:
https://www.debian.org/MailingLists/#subunsub

Re: Debian v9 it's a stretch

[Curt]

On 2017-08-24, Dejan Jocic  wrote:
>> > 
>> > Do you find checking for possible rootkits is useless, or you are just
>> > not happy how rkhunter performs that function?
>> 
>> A well-documented case of rkhunter discovering a rootkit in the last
>> ten years (the 1000s of false positives do not count) would go a long
>> way to establishing its credence,
>> 
>
> So, those in security/forensics who recommend use of rkhunter have just
> been silly? Interesting. But think that I'll use it anyway, just to be
> on the safe side. It does not hurt.
>

The validity of a statement should be judged by its evidence, not its
source.

Of course, an appeal to authority without citing the authoritative
source to which one appeals is unlikely to convince anyone but some poor
sap already convinced in the first place.

This way, we can all settle back into the comfortable armchairs of our
preconceived convictions.

Thank you for a pause that refreshes.


-- 
Only the coward who has more fear of death than dignity can comfort himself 
with the fact that
his body will in time live again in the grass, in the stones, in the toad. To 
find one's
immortality in the transmutation of substances is as strange as to prophesy a 
brilliant future
for the case after a precious violin has been broken and becomes useless. — 
"Ward 6"

Re: One-line password generator

[Curt]

On 2017-08-25, David Wright  wrote:
>
> Unless you have accounts¹ that invite break-in attempts², the main
> thing to resist offline cracking is to have better passwords than
> your neighbours, just like security against burglary. Once a suitable
> proportion of passwords have been cracked, which will consist of the
> easier ones, there are diminishing returns in continuing to try to
> crack the rest.

Brian's thesis:

https://xkcd.com/936/

(clever and funny, BTW,
yet contradicted by this:)

https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

> ¹accounts of all sorts, not just forums.
> ²institutions, slebs, politicians, etc.
>
> Cheers,
> David.
>
>


-- 
Only the coward who has more fear of death than dignity can comfort himself 
with the fact that
his body will in time live again in the grass, in the stones, in the toad. To 
find one's
immortality in the transmutation of substances is as strange as to prophesy a 
brilliant future
for the case after a precious violin has been broken and becomes useless. — 
"Ward 6"

Re: macbook keyboard layout

[Darac Marjal]

On Fri, Aug 25, 2017 at 11:58:51AM +0800, ardawan wrote:

Hi,

unfortunately i am not able to get Tilde character work properly on 
Debian OS. I am using macbook pro retina 2015 and tried to key the 
keyboard layout in the settings to any available English option but 
still i get >or< instead of Tilde and seems nothing changed after 
choosing different layouts.


I've tried to ask in different communities, but nobody could help me. 
Also, i've read the debian/macbook page but i couldn't figure it out.


Please help me to fix this as i am choosing Debian as my primary OS.


OK, according to https://wiki.debian.org/Keyboard, you should install 
keyboard-configuration and follow the on-screen prompts. You probably 
want to choose either "macbook78" or "macbook79" (the International 
variant - the number probably indicates the number of keys on your 
keyboard) as the keyboard MODEL.


Secondly, are you saying that pressing the tilde key produces the string 
">or<" or the string "or"? Either way, that's an odd thing to produce. I 
wonder if you have some sort of macro or keyboard shortcut set up? In what 
sort of environment does this happen (e.g. Linux Terminal, Gnome, KDE 
etc?)





Thanks a lot.
Ardawan



--
For more information, please reread.


signature.asc
Description: PGP signature

Re: DHCP server that itself gets an IP address by DHCP

[Reco]

Hi.

On Fri, 25 Aug 2017 07:28:00 +0900
Mark Fletcher  wrote:

> On Thu, Aug 24, 2017 at 11:35:25PM +0300, Reco wrote:
> > On Thu, 24 Aug 2017 22:21:04 +0200
> > Pascal Hambourg  wrote:
> > 
> > > Le 24/08/2017 à 11:30, Reco a écrit :
> > > > 
> > > > Somewhat hackish, but straightforward way to achieve this is to redirect
> > > > DNS requests from your LAN to correct DNS. Something like this should do
> > > > the trick:
> > > 
> > > Not so straightforward because you still need to get the ISP's DNS and 
> > > update the iptables rules whenever the DNS change.
> > 
> > Appropriate dhclient hook should do this trick.
> > I'd start with copying and modifying resolvconf one.
> > 
> I think the concept of "appropriate dhclient hook" might be exactly what 
> I was after -- could an "appropriate dhclient hook" perhaps be used to 
> update the name servers being offered by the DHCP server? 

Sure it can. What you need is to
copy /etc/dhcp/dhclient-enter-hooks.d/resolvconf under a different name
and make changes in make_resolv_conf shell function.


> And would that 
> be done by updating dhcp.conf and restarting the dhcp server, or would 
> that cause other problems?

I don't see why it should. I still prefer iptables approach as that way
you whole internal network will get new DNS immediately and not after
the Airstation decide to renew DHCP lease.


> And, is dhclient a separate piece of software from systemd.networkd? 

I was referring to a reference implementation - isc-dhcp-client.
I honestly do not know if systemd-networkd utilizes these hooks.


> Because I am using the latter at the moment to get the IP address from 
> the ISP on the firewall machine, although I am not married to that 
> method, it's just that it was super-easy to set up and worked first 
> time, so I never had reason to look for an alternative.

Utilizing any other DHCP client is as simple as adding two lines
in /etc/network/interfaces:

auto 
inet  inet dhcp

Reco