Re: Debian v9 it's a stretch

[Mario Castelán Castro]

On 26/08/17 20:36, Liam O'Toole wrote:
> On 2017-08-25, Borden Rhodes  wrote:
>> I encourage everyone to check out "How to Irritate People salesmen" on
>> your favourite community video streaming site. That's how I've found
>> FOSS support: "Best software in the world. No problems at all. But if
>> you find a problem, file a bug and we'll fix it." "Well I have filed a
>> bug, and you haven't fixed it." "Nope, no problems with this software
>> at all..."
> 
> And you have never encountered that attitude with proprietary software
> vendors? Ever?
> 
> The difference with FLOSS is that you can fix any problems yourself. Or
> persuade or pay someone else to do it for you. The choice is yours.

There are plenty of sites where asking stupid question about free
software programs is the norm, and you are not allowed to admonish users
for not knowing what they must already know (very often it has a section
in the manual about it). The most popular one is probably stackexchange.

For example, I mean questions like: “I am the manager of a nuclear power
plant. The engineers are telling me that we are having a loss of coolant
and core meltdown, what does that mean? Is it dangerous?”

If you want to go spoonfeed, then go to one of those sites.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 26/08/17 13:25, Brian wrote:
> How does this
> 
>  echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1
> 
> compare with your recommendation?

I do not see the point in this post-processing.

It seems that you have a very wrong impression of what makes a password
generation scheme be a good password generation scheme.

For any probability distribution fixed in advanced, the *expected* (in
the sense used in probability theory) entropy of a password generated
with my scheme is well defined and at least 132 bits (I wanted 128 bits,
but using Base64 the choice is between 132 bits and 126 bits because 132
is not a multiple of 6). In other words, if you take a probability
distribution and keep if fixed while generating a big amount of
passwords with my scheme, the average entropy under that probability
distribution will be at least (within sampling error) 132 bits.

This property is achieved *because* there is a source of randomness
(that we can assume, has uniform distribution and thus maximal entropy
per byte) in my generation scheme, not because of Base64. Base64 is
there just to turn the random bytes into a *short* human-readable
string. One could turn the random bytes instead into a list of words (as
long as the mapping is one-to-one) and the same property about expected
entropy would hold, but then the password would be *much* longer.

Length is the *only* reason to use Base64 here instead of using the
random bytes to choose words at random.

By contrast, your “scheme” has no systematic source of randomness. It
requires that one has already decided for a “randompassword”, and then
post-process it. If the attacker knows the post-processing, guessing
this password is at least as easy than guessing the input to the
post-processing step (plus computing the hash and encoding, but this is
negligible). Moreover, your post-processing stage loses information, as
another user has already noted. If the attacker knows your
post-processing method, he can speed the search by avoid trying the
passwords that could not be possibly generated with your method because
of this loss of information.

For example, your method will never generate a string of '...'
because the input to Base64 are hex digits in ASCII, which never have
the byte value 0 (0 is unprintable).

If the attacker does not know the post-processing stage, then maybe he
will eventually begin to guess that your password is an human-generated
password ran through a post-processing stage. Then very possibly your
post-processing adds security (because the attacker has to guess the
post-processing method too), but how much? *It is not well defined*. We
already talked about non-well-defined probabilities, so I will not
repeat that fragment.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Debian v9 it's a stretch

[Liam O'Toole]

On 2017-08-25, Borden Rhodes  wrote:

(...)

> I encourage everyone to check out "How to Irritate People salesmen" on
> your favourite community video streaming site. That's how I've found
> FOSS support: "Best software in the world. No problems at all. But if
> you find a problem, file a bug and we'll fix it." "Well I have filed a
> bug, and you haven't fixed it." "Nope, no problems with this software
> at all..."

And you have never encountered that attitude with proprietary software
vendors? Ever?

The difference with FLOSS is that you can fix any problems yourself. Or
persuade or pay someone else to do it for you. The choice is yours.

-- 

Liam

SQL Server no Debian

[Leonardo S. S. da Rocha]

Pessoal, boa noite! alguém já instalou o SQL Server no Debian 9? Encontrei
um artigo falando sobre essa instalação na versão 8.7 mas nada ainda sobre
a instalação na versão 9. Estou com um cenário na universidade precisando
dessas ferramentas. Na verdade hoje está rodando sobre Ubuntu 16.04 mas
quero tirar o Ubuntu e colocar o Debian. Alguém pode sugerir algo?

-- 
Atenciosamente,
(Best regards),


Leonardo Rocha
about.me/leonardo.rocha




 Enviado com Mailtrack

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 27/08/2017 à 00:02, Pierre L. a écrit :

Bon faut avouer aussi que bien souvent, le "tuto" n'apporte pas les
infos nécessaires à comprendre les commandes qu'on balance dans un
terminal ;)


C'est bien ce que je reproche aux tutoriels et ceux qui les écrivent, 
plus qu'à ceux qui les suivent.

Re: utilisation open.vpn chez OVH

[Pierre L.]

Bon faut avouer aussi que bien souvent, le "tuto" n'apporte pas les
infos nécessaires à comprendre les commandes qu'on balance dans un
terminal ;)
Parfois c'est très bien documenté, avec chaque argument bien détaillé,
un bonheur !

Sinon il se trouve où le tuto que tu as suivi ? Il y a peut-être une
coquille dedans ? Les experts dans l'ombre pourront zieuter au cas où...



Le 26/08/2017 à 22:33, Pascal Hambourg a écrit :
> Je soupçonne que le "syndrome du tuto" a encore frappé : on suit des
> instructions bêtement sans rien y comprendre.



signature.asc
Description: OpenPGP digital signature

Re: How to Keep Track of Changes to the System

[Joe]

On Sat, 26 Aug 2017 06:02:07 -0700 (PDT)
ray  wrote:

 
> 
> Thank you for the list of solutions.  It is interesting that SVN can
> be used with etckeeper.  It looks like I should learn git.  I have
> used SVN for other things, but I am easily pulled from my comfort
> zone for value.  

Git is very widely used, and on important projects, so it is being
vigorously maintained. It's probably the right choice for new projects.
> 
> There is an interesting challenge here on where/how to keep
> repositories on a laptop.  It is valuable to have them locally as
> often my problems are networking; if the repositories are local, I
> can use another box to view them, but sometimes it may be a challenge
> to move files when connectivity is lost.  I am sure there is an
> architecture that will be suitable.  

Git creates a repository (by default) within the directory you base it
on, so copying the directory copies the repository. Git, both
command-line and GUI, exists for *nix and Windows, and a repository can
be operated from either. A backup of /etc to a USB stick, containing a
git repository, can be opened by git on another machine, and another
platform. I actually use git mostly on Windows, and mostly for its
'intended' use with software, though I also use it to track circuit
diagrams and PCB layouts under construction.

-- 
Joe

Re: security issues

[Gene Heskett]

On Saturday 26 August 2017 15:43:40 Brian wrote:

> [Lots of snipping]
>
> On Sat 26 Aug 2017 at 15:25:53 -0400, Gene Heskett wrote:
> > On Saturday 26 August 2017 14:51:41 Brian wrote:
> > > That's what you think! But while you are slumbering, she is
> > > emailing friends and talking with Donald on Twitter. Never
> > > underestimate a woman's ability to manipulate a communication
> > > medium.
> >
> > Ahh, no.  This one is 77 yo, dying of COPD slowly but surely.  She
> > also fell and broke a hip back in February, which was replaced, and
> > what little moving around is usually with e walker assist, and just
> > to the potty chair 10 feet from the recliner she has taken up
> > residence in, and with an oxy hose hanging on her ears, probably
> > sleeps 12-16 hours a day. Not at all computer litterate. Ever.
> >
> > A retired elementary school music teacher, she was once forced to
> > use an elderly PB 286 computer with 2 floppy disks, running dos3.2,
> > to do her report cards.  That disaster was not, to my knowledge,
> > repeated.  One of the reasons she took her 34 years of credit for
> > teaching and retired in the late 90's.
> >
> > I am doing all the housekeeping and cooking since February. And I do
> > take time out for "my stuff" like these mailing lists, and
> > converting elderly machine tools, mills and lathes, to 10x the
> > original precision with linuxcnc, new drive screws and me making at
> > least half the hardware to make the conversions.  And I just wrote
> > the gcodes to put a new barrel in old meat in the pot, chambered for
> > 6.5 Creedmoor.  The barrels in it from the early '60's up till now
> > have all been for the 30-06 Ackley Improved, but its kick was
> > beginning to beat the old man up. So I do this stuff to keep me out
> > of the bars.  Seems to be working fairly well... ;-)  And I make
> > some furniture from time to time.
>
> You and your wife have my sympathy and best wishes, My response was
> intended to be light-hearted, but, sometimes, hitting the mark is
> wildly off.
>
> Regards,
>
> Brian.

NP Brian, you had no first hand idea as to where I was coming from. And I 
wasn't looking for sympathy, just describing my situation & why I make 
recommendations that don't fit a busy, multiuser site at all well.  I 
have no other users here except me.  If I muck it up, I'm the scapegoat, 
complete with the chin whiskers. :)

I have had the ultimate revenge on those who were enemies at one time, 
I've outlived the turkeys without doing anything to hasten their 
demise. ;-) 

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 26/08/2017 à 16:39, hervé thibaud a écrit :


Package tout installé pour vous montrer mes capacités en infomatique


Qu'est-ce c'est censé nous dire de tes capacités ?


tes questions sur adresse publique et interne IP ne m'inspire pas


Je n'ai pas posé de questions, j'ai juste suggéré des tests.

L'adresse IP publique, c'est celle que tu mets dans la configuration de 
ton client VPN pour se connecter au serveur. Quand tu fais un ping ou 
traceroute vers cette adresse, ça ne passe pas dans le VPN mais ça prend 
le même chemin que lui.


L'adresse IP interne, c'est celle qui est configurée sur l'interface tun 
ou tap matérialisant le VPN sur le serveur. Quand tu fais un ping ou 
traceroute vers cette adresse, ça passe dans le VPN.


car à ma connaissance je n'ai qu'une ip qui m'a été fournie et l'état de 
l'interface VPN ne me parle pas beaucoup


ifconfig -a
ip addr

j'ai suivi le tuto pour installer le client sur mon linux ubuntu 17.04 
et android sur un mon smartphone galaxy s5


Je soupçonne que le "syndrome du tuto" a encore frappé : on suit des 
instructions bêtement sans rien y comprendre.

Re: security issues

[Brian]

[Lots of snipping]

On Sat 26 Aug 2017 at 15:25:53 -0400, Gene Heskett wrote:

> On Saturday 26 August 2017 14:51:41 Brian wrote:
> 
> > That's what you think! But while you are slumbering, she is emailing
> > friends and talking with Donald on Twitter. Never underestimate a
> > woman's ability to manipulate a communication medium.
> >
> Ahh, no.  This one is 77 yo, dying of COPD slowly but surely.  She also 
> fell and broke a hip back in February, which was replaced, and what 
> little moving around is usually with e walker assist, and just to the 
> potty chair 10 feet from the recliner she has taken up residence in, and 
> with an oxy hose hanging on her ears, probably sleeps 12-16 hours a day.  
> Not at all computer litterate. Ever.
> 
> A retired elementary school music teacher, she was once forced to use an 
> elderly PB 286 computer with 2 floppy disks, running dos3.2, to do her 
> report cards.  That disaster was not, to my knowledge, repeated.  One of 
> the reasons she took her 34 years of credit for teaching and retired in 
> the late 90's.
> 
> I am doing all the housekeeping and cooking since February. And I do take 
> time out for "my stuff" like these mailing lists, and converting elderly 
> machine tools, mills and lathes, to 10x the original precision with 
> linuxcnc, new drive screws and me making at least half the hardware to 
> make the conversions.  And I just wrote the gcodes to put a new barrel 
> in old meat in the pot, chambered for 6.5 Creedmoor.  The barrels in it 
> from the early '60's up till now have all been for the 30-06 Ackley 
> Improved, but its kick was beginning to beat the old man up. So I do 
> this stuff to keep me out of the bars.  Seems to be working fairly 
> well... ;-)  And I make some furniture from time to time.
 
You and your wife have my sympathy and best wishes, My response was
intended to be light-hearted, but, sometimes, hitting the mark is wildly
off.

Regards,

Brian.

Re: security issues

[Gene Heskett]

On Saturday 26 August 2017 15:25:53 Gene Heskett wrote:

> > > install any of the firewall type stuff, dd-wrt in the router is
> > > the best guard dog. I've been running some form of it for 15 or
> > > more years, and have not been breached.
> >
> > Isn't dd-wrt only suitable for particular routers?


if it has at least 4G of flash, brainslayer probably has a build for it.  
Do a search using the model # from yours to find out if it will work for 
you. Most routers above the 65 USD price break can probably be flashed.

I'm useing a Buffalo NetFinity, $70+ ship, came with dd-wrt but the 
branding video image covered some functions I needed, so I installed it 
from the dd-wrt site, and with some minor tweaking, and one reflash, its 
been sitting on the other side of the big printer for about 8 years now.  
The only traffic that comes in unannounced is to my web page, which I 
have in a permissions sandbox on this machine.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: security issues

[Gene Heskett]

On Saturday 26 August 2017 14:51:41 Brian wrote:

> On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote:
> > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote:
> > > On 26-08-17, R Calleja wrote:
> > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> > > > Tengo problemas de seguridad que me obligan a reinstalar el
> > > > sistema a menudo, una vez al año.
> > > > He leido documentos y ayuda para mejorar la seguridad.
> > > > Pero no soy un usuario con conocimientos avanzados de sistemas.
> > > > Mi objetivo es conseguir una estacion de trabajo segura .
> > > > He conocido herramientas como:
> > > > Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> > > > Si puede alguien con conocimientos de seguridad  ayudarme. O hay
> > > > alguna empresa que de soporte.
> > > >
> > > > Muchas gracias, Roberto
> > > >
> > > >
> > > > Good afternoon, I have been debian 8.9 user for 2 years.
> > > > I have security issues that force me to reinstall the system
> > > > often, once a year.
> > >
> > > What security issues?
> > >
> > > > I have read documents and help to improve security.
> > >
> > > What documents?
> > >
> > > > But I am not a user with advanced systems knowledge.
> > >
> > > That is not problem, you can find lots of tutorials and documents
> > > around.
> > >
> > > > My goal is to get a safe work station.
> > > > I have known tools like:
> > > > Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
> > >
> > > Apparmor and selinux do not go together, use just apparmor because
> > > it is easier to set up and easier not to mess up. Selinux in
> > > theory can provide you with more protection, but in practical use
> > > you will not see it. Lynis is probably too much for you. Openval I
> > > do not know, nessus I did not use. Grsecurity is, according to
> > > Linus Torvald:
> > >
> > > "
> > >
> > > Don't bother with grsecurity.
> > >
> > > Their approach has always been "we don't care if we break
> > > anything, we'll just claim it's because we're extra secure".
> > >
> > > The thing is a joke, and they are clowns. When they started
> > > talking about people taking advantage of them, I stopped
> > > trying to be polite about their bullshit.
> > >
> > > Their patches are pure garbage.
> > >
> > > Linus
> > > "
> > >
> > > > If anyone with safety knowledge can help me. Or is there any
> > > > support company.
> > > >
> > > > Thank you very much, Roberto
> > >
> > > For someone who knows little, you are sure installing too much
> > > things. Here are some general advices, but do not take this for
> > > granted, it is based on personal opinion after all, and I'm not
> > > security expert, though I did read for few of those have to say
> > > about security in linux.
> > >
> > > 1. Firewall. If you are connected to net and use some services you
> > > really want it. Choose simple one, like gufw. That is front end
> > > for ufw ( uncomplicated firewall ) and will serve your needs well.
> > > If you want something more secure, but really more complicated,
> > > you will have to learn iptables.
> >
> > If the security being worried about is external, coming in and
> > attacking you from the internet, then I would recommend getting an
> > aftermarket router with enough flashable memory to support
> > reprogramming it with dd-wrt. I don't worry about local security
> > here as we're an older couple and the wife is not computer
> > litterate, so I am the only user.  I don't
>
> That's what you think! But while you are slumbering, she is emailing
> friends and talking with Donald on Twitter. Never underestimate a
> woman's ability to manipulate a communication medium.
>
Ahh, no.  This one is 77 yo, dying of COPD slowly but surely.  She also 
fell and broke a hip back in February, which was replaced, and what 
little moving around is usually with e walker assist, and just to the 
potty chair 10 feet from the recliner she has taken up residence in, and 
with an oxy hose hanging on her ears, probably sleeps 12-16 hours a day.  
Not at all computer litterate. Ever.

A retired elementary school music teacher, she was once forced to use an 
elderly PB 286 computer with 2 floppy disks, running dos3.2, to do her 
report cards.  That disaster was not, to my knowledge, repeated.  One of 
the reasons she took her 34 years of credit for teaching and retired in 
the late 90's.

I am doing all the housekeeping and cooking since February. And I do take 
time out for "my stuff" like these mailing lists, and converting elderly 
machine tools, mills and lathes, to 10x the original precision with 
linuxcnc, new drive screws and me making at least half the hardware to 
make the conversions.  And I just wrote the gcodes to put a new barrel 
in old meat in the pot, chambered for 6.5 Creedmoor.  The barrels in it 
from the early '60's up till now have all been for the 30-06 Ackley 
Improved, but its kick was beginning to beat the old man up. So I do 
this stuff to keep me 

Re: One-line password generator

[Thomas Schmitt]

Hi,

Brian wrote:
> echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1

The quality criterion is the ease or difficulty to guess the 'secretpassword'
by a skilled enumerator and the fact whether your attacker knows the rest
of your processing pipeline.

If your secretpassword itself is enumerated late, then the attacker needs
a lot of tries.

If you keep the further processing secret, then the attacker will have to
try several hash algorithms with each enumerated input string. Quite hard
to guess would be if you replace sha256sum by an encryption program with
a key which you successfully keep secret.

If you stay with sha512sum:
The combination of sha256sum and base64 inflates the string length before
it gets cut to 30 characters length. So you actually throw away good bits
which would elsewise fit into the 30 characters.
It would be better to convert sha512sum output from hex to binary before
applying base64 to make it printable. This brings a maximum of sha256sum
bits into the 30 character result.


Have a nice day :)

Thomas

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 20:37:01 +0200, Nicolas George wrote:

> Le nonidi 9 fructidor, an CCXXV, Brian a écrit :
> >  echo 'secretpassword' |
> 
> echo 'secretpassword site-name'
> 
> >sha256sum - | base64
> 
> Very bad: since sha256sum outputs its result in hexadecimal, it only has
> half the entropy it seems to have. The same thing with Perl's
> Digest::b64digest would be much better.

Thanks. That is the sort of analysis I was after, (Although I will have
to work out why hexadecimal matters).

May I impose and ask how Digest::b64digest would be used in a command
line string of commands?

-- 
Brian.

Re: security issues

[Brian]

On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote:

> On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote:
> 
> > On 26-08-17, R Calleja wrote:
> > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> > > Tengo problemas de seguridad que me obligan a reinstalar el sistema
> > > a menudo, una vez al año.
> > > He leido documentos y ayuda para mejorar la seguridad.
> > > Pero no soy un usuario con conocimientos avanzados de sistemas.
> > > Mi objetivo es conseguir una estacion de trabajo segura .
> > > He conocido herramientas como:
> > > Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> > > Si puede alguien con conocimientos de seguridad  ayudarme. O hay
> > > alguna empresa que de soporte.
> > >
> > > Muchas gracias, Roberto
> > >
> > >
> > > Good afternoon, I have been debian 8.9 user for 2 years.
> > > I have security issues that force me to reinstall the system often,
> > > once a year.
> >
> > What security issues?
> >
> > > I have read documents and help to improve security.
> >
> > What documents?
> >
> > > But I am not a user with advanced systems knowledge.
> >
> > That is not problem, you can find lots of tutorials and documents
> > around.
> >
> > > My goal is to get a safe work station.
> > > I have known tools like:
> > > Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
> >
> > Apparmor and selinux do not go together, use just apparmor because it
> > is easier to set up and easier not to mess up. Selinux in theory can
> > provide you with more protection, but in practical use you will not
> > see it. Lynis is probably too much for you. Openval I do not know,
> > nessus I did not use. Grsecurity is, according to Linus Torvald:
> >
> > "
> >
> > Don't bother with grsecurity.
> >
> > Their approach has always been "we don't care if we break
> > anything, we'll just claim it's because we're extra secure".
> >
> > The thing is a joke, and they are clowns. When they started
> > talking about people taking advantage of them, I stopped
> > trying to be polite about their bullshit.
> >
> > Their patches are pure garbage.
> >
> > Linus
> > "
> >
> > > If anyone with safety knowledge can help me. Or is there any support
> > > company.
> > >
> > > Thank you very much, Roberto
> >
> > For someone who knows little, you are sure installing too much things.
> > Here are some general advices, but do not take this for granted, it is
> > based on personal opinion after all, and I'm not security expert,
> > though I did read for few of those have to say about security in
> > linux.
> >
> > 1. Firewall. If you are connected to net and use some services you
> > really want it. Choose simple one, like gufw. That is front end for
> > ufw ( uncomplicated firewall ) and will serve your needs well. If you
> > want something more secure, but really more complicated, you will have
> > to learn iptables.
> 
> If the security being worried about is external, coming in and attacking  
> you from the internet, then I would recommend getting an aftermarket 
> router with enough flashable memory to support reprogramming it with 
> dd-wrt. I don't worry about local security here as we're an older couple 
> and the wife is not computer litterate, so I am the only user.  I don't 

That's what you think! But while you are slumbering, she is emailing
friends and talking with Donald on Twitter. Never underestimate a woman's
ability to manipulate a communication medium.

> install any of the firewall type stuff, dd-wrt in the router is the best 
> guard dog. I've been running some form of it for 15 or more years, and 
> have not been breached.

Isn't dd-wrt only suitable for particular routers?

> OTOH, if other family members are able to access your machine, then it 
> may be that apparmor needs to be installed & setup.

Not really. But, if it is to your taste, go ahead,

-- 
Brian.

Re: One-line password generator

[Nicolas George]

Le nonidi 9 fructidor, an CCXXV, Brian a écrit :
>  echo 'secretpassword' |

echo 'secretpassword site-name'

>  sha256sum - | base64

Very bad: since sha256sum outputs its result in hexadecimal, it only has
half the entropy it seems to have. The same thing with Perl's
Digest::b64digest would be much better.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: Tu es vraiment le centre d’attention sur ce site Sara

[Vial Charles]

salut,je chercher une amie sur bulle et tour -de-treme charles.v...@yahoo.fr 
merci 

Le Samedi 26 août 2017 11h12, Sara Hayspell  a 
écrit :
 

   Je suppose que tu ne vas même pas me parler… 
http://bit.ly/2vpZb83 

   

Re: How to change date and time format for quoting in Thunderbird?

[Mike Kupfer]

Mario Castelán Castro wrote:

> When replying to a message in Thunderbird as packaged in Debian 9, the
> date and time is automatically placed before the quote, like this: “On
> 22/08/17 17:31, $NAME wrote:”. How can I change the format used for the
> date and time?

http://kb.mozillazine.org/Date_display_format shows how to configure the
date and time format for Thunderbird, though this also affects the
date/time that are displayed in the folder table-of-contents pane.  On
Linux, it looks like your options are limited.  I ended up using a
wrapper script for Thunderbird that does

  LC_TIME=en_DK.utf8 thunderbird

so that I get ISO-format dates.

mike

Re: One-line password generator

[Brian]

On Tue 22 Aug 2017 at 10:04:59 -0500, Mario Castelán Castro wrote:

> I have the following line in my Bash init file:
> 
> “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> 
> This generates a password with just above 128 bits of entropy. You may
> find it useful.

How does this

 echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1

compare with your recommendation?

-- 
Brian.

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[davidson]

On Sat, 26 Aug 2017, Mario Castelán Castro wrote:


On 25/08/17 23:39, david...@freevolt.org wrote:

On Fri, 25 Aug 2017, Mario Castelán Castro wrote to debian-user[1]:

Ask the tails people. This is the DEBIAN-user mailing list.


If this was intended to discourage such questions here, I think it is
not a fair objection.


An isosceles triangle is a triangle, but Tails is not Debian.

Your comparison fails because Tails is a distribution of its own not
part of Debian in any way, just as Ubuntu or many or the other
derivatives of Debian.

Whatever you find in Tails, is there because of a Tails developer
put it there.


I am perpelexed by this last statement, since the uri in the error
message reported by the Tails user[1]

 Failed - 0B - InRelease - tor+http://vwakviie2ienjx6t.onion/ debian stretch 
InRelease

points to what the release notes suggest is a debian repository[2].

1. https://lists.debian.org/debian-user/2017/08/msg01420.html
2. 
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[davidson]

On Sat, 26 Aug 2017, Mario Castelán Castro wrote:


On 25/08/17 23:39, david...@freevolt.org wrote:

On Fri, 25 Aug 2017, Mario Castelán Castro wrote to debian-user[1]:

Ask the tails people. This is the DEBIAN-user mailing list.


If this was intended to discourage such questions here, I think it is
not a fair objection.


An isosceles triangle is a triangle, but Tails is not Debian.

Your comparison fails because Tails is a distribution of its own not
part of Debian in any way, just as Ubuntu or many or the other
derivatives of Debian.


"just as Ubuntu or many *of* the other derivatives of Debian."

Fair enough. Tails is a debian derivative that is not a Debian Pure
Blend[1]; ie, it is not merely "a subset of Debian that is configured
to support a particular target group out-of-the-box".

At first, I thought that it might be a Pure Blend. FWiW, This page
convinced me you are correct:
https://tails.boum.org/contribute/relationship_with_upstream/

Thank you for elaborating.

1. https://wiki.debian.org/DebianPureBlends

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Mario Castelán Castro]

On 25/08/17 10:03, Tom Browder wrote:
> Thanks, Sven, very helpful.  Can you recommend a good modern book on 
> networking?

I learned the fundamentals of networking (which is very different from
learning how to use the networking tools in GNU/Linux) from this book:

http://libgen.io/book/index.php?md5=46C141A599089425669194E107EEFB4E

This is edition 6, but I learned from edition 5 (6 was not released back
then).

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[Mario Castelán Castro]

On 25/08/17 23:39, david...@freevolt.org wrote:
> On Fri, 25 Aug 2017, Mario Castelán Castro wrote to debian-user[1]:
>> Ask the tails people. This is the DEBIAN-user mailing list.
> 
> If this was intended to discourage such questions here, I think it is
> not a fair objection.

An isosceles triangle is a triangle, but Tails is not Debian.

Your comparison fails because Tails is a distribution of its own not
part of Debian in any way, just as Ubuntu or many or the other
derivatives of Debian.

Whatever you find in Tails, is there because of a Tails developer put it
there.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to change date and time format for quoting in Thunderbird?

[Mario Castelán Castro]

On 25/08/17 15:41, Byung-Hee HWANG (황병희, 黃炳熙) wrote:
> "lambda.alex.chromebook" is my chromebook's system-name. The others is
> https://raw.githubusercontent.com/soyeomul/Gnus/MaGnus/thanks-mid.rb.message-id

I do not understand.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to Keep Track of Changes to the System

[Dan Ritter]

On Sat, Aug 26, 2017 at 06:02:07AM -0700, ray wrote:
> On Saturday, August 26, 2017 at 5:10:05 AM UTC-5, Dan Ritter wrote:
> ...
> > For a single system, etckeeper is an excellent choice. It stores
> > changes anywhere in /etc (and optionally in other places) in
> > git or subversion.
> > 
> > You can go a little farther easily by learning git directly.
> > https://try.github.io/levels/1/challenges/1  is a good resource.
> > 
> > If you have multiple systems that need to be handled in similar 
> > ways, you want to learn an advanced configuration management
> > system like chef, puppet, ansible, salt...
> > 
> > -dsr-
> 
> Dan,  
> 
> Thank you for the list of solutions.  It is interesting that SVN can be used 
> with etckeeper.  It looks like I should learn git.  I have used SVN for other 
> things, but I am easily pulled from my comfort zone for value.  
> 
> There is an interesting challenge here on where/how to keep repositories on a 
> laptop.  It is valuable to have them locally as often my problems are 
> networking; if the repositories are local, I can use another box to view 
> them, but sometimes it may be a challenge to move files when connectivity is 
> lost.  I am sure there is an architecture that will be suitable.  

Sure. git is distributed; you can easily check it out on another
system, and thus have backups anytime you are connected to a
network, while having a complete local record as well.

> It seems like there may be value in using both a config mgr and a
version control system.  I will start checking into these to better
understand.

They are complementary solutions; config management solves "how
to get things in the right shape" problems, and version control
solves "what did this look like before?" problems.

-dsr-

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 26/08/2017 à 15:00, cont...@baal.fr a écrit :
d'autre part indique le type de serveur car il me semble que sur les vps 
le vpn est interdit .



Le 26/08/2017 à 13:04, Pascal Hambourg a écrit :

Le 24/08/2017 à 14:24, herve.thib...@free.fr a écrit :


la connexion se bloque


C'est un peu court, jeune homme.
On pouvait dire bien des choses en somme :

Etat de l'interface VPN
ping/traceroute vers l'adresse IP publique du VPS
ping/traceroute vers l'adresse IP interne du serveur VPN
traceroute vers l'adresse IP d'un serveur distant...

Et vice versa depuis le serveur (en SSH) vers le client.

(désolé pour l'erreur d'envoi en privé)


bonjour
pour répondre à la question de baal,
j'ai choisi l'installation d'un vps à 2€HTmois avec un openvpn standard 
installé sur un debian.

Package tout installé pour vous montrer mes capacités en infomatique

pour répondre à Pascal,nt
tes questions sur adresse publique et interne IP ne m'inspire pas
car à ma connaissance je n'ai qu'une ip qui m'a été fournie et l'état de 
l'interface VPN ne me parle pas beaucoup
j'ai suivi le tuto pour installer le client sur mon linux ubuntu 17.04 
et android sur un mon smartphone galaxy s5
Pour le smartphone pour moi ça roule et c'est me semble t'il connecté 
tant que que je n'appuie pas sur disconnect.

Re: utilisation open.vpn chez OVH

[hervé thibaud]

Le 26/08/2017 à 15:00, cont...@baal.fr a écrit :
d'autre part indique le type de serveur car il me semble que sur les vps 
le vpn est interdit .



Le 26/08/2017 à 13:04, Pascal Hambourg a écrit :

Le 24/08/2017 à 14:24, herve.thib...@free.fr a écrit :


la connexion se bloque


C'est un peu court, jeune homme.
On pouvait dire bien des choses en somme :

Etat de l'interface VPN
ping/traceroute vers l'adresse IP publique du VPS
ping/traceroute vers l'adresse IP interne du serveur VPN
traceroute vers l'adresse IP d'un serveur distant...

Et vice versa depuis le serveur (en SSH) vers le client.

(désolé pour l'erreur d'envoi en privé)



bonjour

désolé baal pour l'envoie privé

pour répondre à la question de baal,
j'ai choisi l'installation d'un vps à 2€HTmois avec un openvpn standard 
installé sur un debian.

Package tout installé pour vous montrer mes capacités en infomatique

pour répondre à Pascal,nt
tes questions sur adresse publique et interne IP ne m'inspire pas
car à ma connaissance je n'ai qu'une ip qui m'a été fournie et l'état de 
l'interface VPN ne me parle pas beaucoup
j'ai suivi le tuto pour installer le client sur mon linux ubuntu 17.04 
et android sur un mon smartphone galaxy s5
Pour le smartphone pour moi ça roule et c'est me semble t'il connecté 
tant que que je n'appuie pas sur disconnect.

Re: ALs je weet hoe moe ik ben van alleen zijn Katharina

[gerard kamps]

Hallo Katharina. Ik wil je ster wel zijn vanavond. Waar woon je en hoeveel jaar 
ben je. Gr. Gerard.xxx

Van: Katharina Taufh 
Verzonden: vrijdag 25 augustus 2017 09:23:30
Aan: debian-user@lists.debian.org
Onderwerp: ALs je weet hoe moe ik ben van alleen zijn Katharina

Wil je mijn ster zijn vanavond?
http://bit.ly/2vltJbg

Re: STOP

[Cindy-Sue Causey]

On 8/26/17, Ben Finney  wrote:
> Nothin's Gonna
>
>> STOP
>
> Us Now


Yippee-Ki-Yay

Re: How to Keep Track of Changes to the System

[ray]

On Saturday, August 26, 2017 at 5:10:05 AM UTC-5, Dan Ritter wrote:
...
> For a single system, etckeeper is an excellent choice. It stores
> changes anywhere in /etc (and optionally in other places) in
> git or subversion.
> 
> You can go a little farther easily by learning git directly.
> https://try.github.io/levels/1/challenges/1  is a good resource.
> 
> If you have multiple systems that need to be handled in similar 
> ways, you want to learn an advanced configuration management
> system like chef, puppet, ansible, salt...
> 
> -dsr-

Dan,  

Thank you for the list of solutions.  It is interesting that SVN can be used 
with etckeeper.  It looks like I should learn git.  I have used SVN for other 
things, but I am easily pulled from my comfort zone for value.  

There is an interesting challenge here on where/how to keep repositories on a 
laptop.  It is valuable to have them locally as often my problems are 
networking; if the repositories are local, I can use another box to view them, 
but sometimes it may be a challenge to move files when connectivity is lost.  I 
am sure there is an architecture that will be suitable.  

It seems like there may be value in using both a config mgr and a version 
control system.  I will start checking into these to better understand.

Thank you,
Ray

Re: How to Keep Track of Changes to the System

[ray]

On Saturday, August 26, 2017 at 4:50:06 AM UTC-5, Nemeth Gyorgy wrote:
...
> I use etckeeper. Of course in tracks changes in /etc (and
> subdirectories) only, but it is enough for me.

Nemeth,

Thank you.  I like the idea of using a version control system.  

Ray

Re: How to Keep Track of Changes to the System

[ray]

On Friday, August 25, 2017 at 11:10:04 PM UTC-5, Andy Smith wrote:
> Hi,
> 
...> 
> I won't always go as far as installing and configuring a package
> with the config management straight off. Depending on what system I
> am working on I will sometimes "cheat" and install it manually with
> apt, configure the files with an editor etc. But I do always at
> least try to "go back" and recreate the working config with
> config management so it's repeatable.

Andy,  Thank you.  I did not know these existed.  I am going to study these 
opportunities.

Ray

Re: Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

[Frank]

Op 26-08-17 om 06:10 schreef david...@freevolt.org:

The uri in the failure message, as you have quoted it in your message
to debian-user, is subtly different from the corresponding uri found
in the release notes: The uri in the release notes ends in
".onion/debian" and is followed by two words namely a suite "stretch"
and a component "main", whereas the uri in your message ends in
".onion/" and is followed three words "debian" "stretch" "main".

Maybe the extra space is significant, and should be removed?


Not likely. The problem appears to be with the file that's requested: an 
InRelease file. The repository at the onion URL doesn't have that, only 
Release + Release.gpg files.
As far as I'm aware, apt is usually able to handle that. Maybe Tails 
uses an unusual setting? So, yes, perhaps asking the Tails people isn't 
such a bad idea after all...


Regards,
Frank

Re: utilisation open.vpn chez OVH

[cont...@baal.fr]

d'autre part indique le type de serveur car il me semble que sur les vps 
le vpn est interdit .



Le 26/08/2017 à 13:04, Pascal Hambourg a écrit :

Le 24/08/2017 à 14:24, herve.thib...@free.fr a écrit :


la connexion se bloque


C'est un peu court, jeune homme.
On pouvait dire bien des choses en somme :

Etat de l'interface VPN
ping/traceroute vers l'adresse IP publique du VPS
ping/traceroute vers l'adresse IP interne du serveur VPN
traceroute vers l'adresse IP d'un serveur distant...

Et vice versa depuis le serveur (en SSH) vers le client.

(désolé pour l'erreur d'envoi en privé)

Re: STOP

[Ben Finney]

Nothin's Gonna

> STOP

Us Now

-- 
 \  “Science is what we understand well enough to explain to a |
  `\  computer. Art is everything else we do.” —Donald Knuth, 1996 |
_o__)  |
Ben Finney

Re: security issues

[Gene Heskett]

On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote:

> On 26-08-17, R Calleja wrote:
> > Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> > Tengo problemas de seguridad que me obligan a reinstalar el sistema
> > a menudo, una vez al año.
> > He leido documentos y ayuda para mejorar la seguridad.
> > Pero no soy un usuario con conocimientos avanzados de sistemas.
> > Mi objetivo es conseguir una estacion de trabajo segura .
> > He conocido herramientas como:
> > Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> > Si puede alguien con conocimientos de seguridad  ayudarme. O hay
> > alguna empresa que de soporte.
> >
> > Muchas gracias, Roberto
> >
> >
> > Good afternoon, I have been debian 8.9 user for 2 years.
> > I have security issues that force me to reinstall the system often,
> > once a year.
>
> What security issues?
>
> > I have read documents and help to improve security.
>
> What documents?
>
> > But I am not a user with advanced systems knowledge.
>
> That is not problem, you can find lots of tutorials and documents
> around.
>
> > My goal is to get a safe work station.
> > I have known tools like:
> > Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
>
> Apparmor and selinux do not go together, use just apparmor because it
> is easier to set up and easier not to mess up. Selinux in theory can
> provide you with more protection, but in practical use you will not
> see it. Lynis is probably too much for you. Openval I do not know,
> nessus I did not use. Grsecurity is, according to Linus Torvald:
>
> "
>
> Don't bother with grsecurity.
>
> Their approach has always been "we don't care if we break
> anything, we'll just claim it's because we're extra secure".
>
> The thing is a joke, and they are clowns. When they started
> talking about people taking advantage of them, I stopped
> trying to be polite about their bullshit.
>
> Their patches are pure garbage.
>
> Linus
> "
>
> > If anyone with safety knowledge can help me. Or is there any support
> > company.
> >
> > Thank you very much, Roberto
>
> For someone who knows little, you are sure installing too much things.
> Here are some general advices, but do not take this for granted, it is
> based on personal opinion after all, and I'm not security expert,
> though I did read for few of those have to say about security in
> linux.
>
> 1. Firewall. If you are connected to net and use some services you
> really want it. Choose simple one, like gufw. That is front end for
> ufw ( uncomplicated firewall ) and will serve your needs well. If you
> want something more secure, but really more complicated, you will have
> to learn iptables.

If the security being worried about is external, coming in and attacking  
you from the internet, then I would recommend getting an aftermarket 
router with enough flashable memory to support reprogramming it with 
dd-wrt. I don't worry about local security here as we're an older couple 
and the wife is not computer litterate, so I am the only user.  I don't 
install any of the firewall type stuff, dd-wrt in the router is the best 
guard dog. I've been running some form of it for 15 or more years, and 
have not been breached.

OTOH, if other family members are able to access your machine, then it 
may be that apparmor needs to be installed & setup.

> 2. Always keep your system updated with latest security patches. So,
> do your daily routine of apt-get update && apt-get upgrade. Even
> apt-get dist-upgrade, in case of need.

Excellent advice.

> 3. apparmor can help to mitigate risks of some exploits and is easier
> to setup than selinux.
>
> 4. Use some tools that can help you detect potential rootkits. So,
> learn how to use rkhunter, chkrootkit and some of intrusion detection
> tools, like aide, or tripwire. Also some network based intrusion
> detection tools like Snort, or suricata.
>
> 5. If you use ssh, disable root login, disable logging with passwords,
> use pair of keys. When we are at root account, if someone else can
> physically access your comp, you should disable it too and use sudo.
> But it is not necessary and will not increase your security as
> standalone solution in cases where someone can poke your comp freely.
> For further reading about restricting root account:
> https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-wstation-pr
>ivileges-noroot.html
>
> 6. Just in case that you are connected to some windows based machines,
> you can install and use clamav. But it will not protect you
> personally, will just make you better neighbour.
>
> 7. Oh, yes, secure password is good thing to have too. Do not use your
> name, your family names, your dog name, nor anything that can be
> connected to you, or is susceptible to dictionary attacks. You can
> install some tool like john the riper to check if your password is
> weak.
>
> 8. Encrypt your data and use backups.
>
> 9. Do a lot of reading about all that, practice a bit and do not 

STOP

[Nadine]

STOP


Le 26/08/2017 à 11:10, Oceane Acheki a écrit :


Je suppose que tu ne vas même pas me parler…
http://bit.ly/2vpGLEE


 
	Garanti sans virus. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

tu es qui

[denis liberge]

‌

Re: renommer l'interface réseau

[Pascal Hambourg]

Le 23/08/2017 à 09:17, Gabriel Moreau a écrit :


la partie stable d'une carte réseau est l'adresse MAC. 


Pas toujours. Il y a des cas où l'interface a une adresse MAC invalide 
(typiquement avec le bit multicast ou local activé) ou carrément pas 
d'adresse MAC du tout, et le noyau doit générer une adresse MAC à 
l'initialisation.


L'ancien système fixait le nom en fonction de l'adresse MAC et était 
très stable.


Sauf dans les situations ci-dessus puisque l'adresse MAC n'est pas stable.

Mais je crois qu'il y peut être d'autres cas qui posaient soucis 
(virtualisation, quéquette USB/RJ45...) ?


Pas que je sache. Par contre il y a aussi le cas où la machine a 
plusieurs interfaces qui ont la même adresse MAC (vu sur station SUN).

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 24/08/2017 à 14:24, herve.thib...@free.fr a écrit :


la connexion se bloque


C'est un peu court, jeune homme.
On pouvait dire bien des choses en somme :

Etat de l'interface VPN
ping/traceroute vers l'adresse IP publique du VPS
ping/traceroute vers l'adresse IP interne du serveur VPN
traceroute vers l'adresse IP d'un serveur distant...

Et vice versa depuis le serveur (en SSH) vers le client.

(désolé pour l'erreur d'envoi en privé)

Re: security issues

[TheFox]

Bien, pues entonces lo que vamos a hacer es, lo primero de todo, borrar la
caché de Firefox; para lo cual debes ejecutar el siguiente comando en una
terminal:

rm -rf /.cache/mozilla/firefox

Después, vas a esnifar (escuchar) el tráfico de red, por si encuentras
tráfico sospechoso (por ejemplo, tráfico que se produzca cuando tú no estás
navegando por Internet) usando el programa Tcpdump (si no lo tienes
instalado tienes que instalarlo usando el comando «sudo apt-get install
tcpdump»). Para ello tienes que seguir los pasos que se indican en
http://tecnoloxiaxa.blogspot.com.es/2013/05/esnfiando-trafico-de-red-con-
tcpdump.html?m=1 .
Después apunta la dirección IP sospechosa y publica los resultados en la
lista.

Santiago.


El 26 ago. 2017 11:02, "R Calleja"  escribió:

Hola, gracias por responder.
Varias cosas y detalles en el funcionamiento sospechosas de estar
intervenido desde hace tiempo.
Lo mas significativo y manifiento, todos los a;os antes de vendimias se
nota un ataque al navegador, se bloquea y no funciona. Despues el sistema
va mal y tengo que reinstalarlo. Ocurre justo antes de actualizaciones de
seguridad de firefox y del kernel. En el correo aparecen
las notificaciones con dias de retraso y si lo actualizo en esos dias,
sencillamente no se actualiza. Parece como si alguien bloqueara las
actualizaciones de seguridad. En esos dias sufro el ataque.
El antivirus ha detectado un exploit en .cache/mozilla/firefox.
Tambien he notado que me faltan documentos.
Saludos, Roberto

El 26 de agosto de 2017, 8:49, TheFox 
escribió:

> Exactamente, ¿qué problemas de seguridad son los que te presenta Debian?
>
> Santiago.
>
> El 26 ago. 2017 8:59, "R Calleja"  escribió:
>
>> Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
>> Tengo problemas de seguridad que me obligan a reinstalar el sistema a
>> menudo, una vez al año.
>> He leido documentos y ayuda para mejorar la seguridad.
>> Pero no soy un usuario con conocimientos avanzados de sistemas.
>> Mi objetivo es conseguir una estacion de trabajo segura .
>> He conocido herramientas como:
>> Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
>> Si puede alguien con conocimientos de seguridad  ayudarme. O hay alguna
>> empresa que de soporte.
>>
>> Muchas gracias, Roberto
>>
>>
>> Good afternoon, I have been debian 8.9 user for 2 years.
>> I have security issues that force me to reinstall the system often, once a 
>> year.
>> I have read documents and help to improve security.
>> But I am not a user with advanced systems knowledge.
>> My goal is to get a safe work station.
>> I have known tools like:
>> Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
>> If anyone with safety knowledge can help me. Or is there any support company.
>>
>> Thank you very much, Roberto
>>
>>

Re: imobiledevice

[Francois Mescam]

En USB je n'ai pas de problème pour récupérer les photos et les effacer, 
je n'ai pas essayé d'en copier sur l'iPhone.

Pour ce qui concerne la musique je ne sais pas.

Le montage de l'iPhone se fait par :
fuse /iphone
et le démontage par :
fusermount -u /iphone

On 25/08/2017 17:33, Raphaël POITEVIN wrote:

Bonjour,

Je n’y connais rien aux iphones, j’en ai juste un en test, je me
renseigne sur la compatibilité entre ce mobile et Debian.

J’aimerais savoir ce que permet imobiledevice4. Est-il possible de
monter le téléphone comme on le ferait avec un Android et transférer de
la musique dessus ? Je suis un peu inquiet car je vois sur le Web des
solutions passant par banshee et autres, ce qui est suceptible de poser
des questions d’accessibilité avec lecteur d’écran.

Vous remerciant pour les précisions,



--
 Francois Mescam

Re: How to Keep Track of Changes to the System

[Dan Ritter]

On Fri, Aug 25, 2017 at 08:14:52PM -0700, ray wrote:
> I would like to find a way to keep track of changes I make to my system.  It 
> seem that I may learn from others on how they keep track of changes they make 
> to their systems.
> 
> When I make changes, I don't remember where I made changes or why.  
> 
> It would be great to have a log of what changes I've made, where they were 
> made, how they were made (direct edit, scripted, etc.), why I made them, 
> references that I used to determine the change, and what was the outcome.


For a single system, etckeeper is an excellent choice. It stores
changes anywhere in /etc (and optionally in other places) in
git or subversion.

You can go a little farther easily by learning git directly.
https://try.github.io/levels/1/challenges/1  is a good resource.


If you have multiple systems that need to be handled in similar 
ways, you want to learn an advanced configuration management
system like chef, puppet, ansible, salt...

-dsr-

Re: How to Keep Track of Changes to the System

[Nemeth Gyorgy]

2017-08-26 05:14 keltezéssel, ray írta:
> I would like to find a way to keep track of changes I make to my system.  It 
> seem that I may learn from others on how they keep track of changes they make 
> to their systems.
>
> When I make changes, I don't remember where I made changes or why.  
>
> It would be great to have a log of what changes I've made, where they were 
> made, how they were made (direct edit, scripted, etc.), why I made them, 
> references that I used to determine the change, and what was the outcome.
>
> Right now, I get lost in my documentation.  I research solutions, make notes 
> in Onenote on a Windows machine, record configurations files that I will 
> test.  But It is difficult to record results such as syslogs or console 
> transactions.  More challenging is that I have different notebook tabs for 
> different objectives.  So when I want to see what I changed, I have to go 
> through many different objectives because I don't know what object I was 
> shooting for when I made the change.
>
> I would really like to hear how others track their changes or suggestions how 
> I may tack changes.
>
> I store all the changes on a different computer because I screw up the 
> installation on my machine under test and rebuild the OS.  The laptop I am 
> building to run Xen is on its 28th build.  
>
> I would appreciate any suggestions.
I use etckeeper. Of course in tracks changes in /etc (and
subdirectories) only, but it is enough for me.

Re: security issues

[TheFox]

Exactamente, ¿qué problemas de seguridad son los que te presenta Debian?

Santiago.

El 26 ago. 2017 8:59, "R Calleja"  escribió:

> Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> Tengo problemas de seguridad que me obligan a reinstalar el sistema a
> menudo, una vez al año.
> He leido documentos y ayuda para mejorar la seguridad.
> Pero no soy un usuario con conocimientos avanzados de sistemas.
> Mi objetivo es conseguir una estacion de trabajo segura .
> He conocido herramientas como:
> Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> Si puede alguien con conocimientos de seguridad  ayudarme. O hay alguna
> empresa que de soporte.
>
> Muchas gracias, Roberto
>
>
> Good afternoon, I have been debian 8.9 user for 2 years.
> I have security issues that force me to reinstall the system often, once a 
> year.
> I have read documents and help to improve security.
> But I am not a user with advanced systems knowledge.
> My goal is to get a safe work station.
> I have known tools like:
> Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
> If anyone with safety knowledge can help me. Or is there any support company.
>
> Thank you very much, Roberto
>
>

Re: Tu es vraiment le centre d’attention sur ce site Sandra

[gilla25]

Le 2017-08-26 10:16, Sandra Azatol a écrit :

Je suppose que tu ne vas même pas me parler…
http://bitly.com/2wPAVQA

pourqouio ma belle

Re: xsane & tesseract

[Siard]

Joe Pfeiffer wrote:
> I scanned the document to ppm files, sent them to tesseract, put the
> output of tesseract into a .txt file, and cleaned up from there.

You could try gimagereader, a frontend for tesseract, making this
process somewhat easier. Among others, it uses a spell checker, so
errors are easily recognizable.

If the resolution of the scanned image is (at least) 300 dpi, then my
findings are that text recognition with tesseract is very good.

There is also ocrmypdf, using tesseract, adding a text layer to a pdf
consisting of scanned documents, making the pdf searchable. Also works
very well.

Re: security issues

[Nicolas George]

Le nonidi 9 fructidor, an CCXXV, Dejan Jocic a écrit :
> 10. I'm sure that there is more

0. Think about against what risks you want to protect yourself.

Security is always a compromise with convenience. The only absolute
security is when you do nothing with no computer at all, but that is not
what you want.

Think about house keys: leaving a double under the doormat is really
insecure, but it is a life saver when you lose your own; leaving them to
a neighbour is somewhat safer, but less convenient, etc.

A very important lesson to learn is that security is bounded by the
weakest link, including non-computer stuff.

You may have your 65536-bits RSA key protected by a passphrase that is
an epic poem, stored on a physical dongle with built-in fingerprint and
ear-print reader, if someone can attack you with a knife and force you
to give it, you might as well have used "swordfish" as a password.


signature.asc
Description: Digital signature

Re: Does KDE desktop environment work with Stretch VNC server?

[Zoltán Herman]

My system has a vnc server that I downloaded from github. I installed the
debian package and replaced with compiled vnc.

2017. aug. 26. 9:36 ezt írta ("Niclas Arndt" ):

> Hi,
>
>
> OpenSUSE 42.1 had a problem with running a VNC server on the KDE desktop
> environment. It forced me to use XFCE, which is ok although I prefer KDE.
>
>
> Now I am installing Debian Stretch and rather than risk having to redo the
> installation, I thought I should ask if you know whether KDE VNC server
> works on Stretch.
>
>
> Grateful for your input.
>
>
> /Niclas
>

Re: security issues

[Dejan Jocic]

On 26-08-17, R Calleja wrote:
> Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> Tengo problemas de seguridad que me obligan a reinstalar el sistema a
> menudo, una vez al año.
> He leido documentos y ayuda para mejorar la seguridad.
> Pero no soy un usuario con conocimientos avanzados de sistemas.
> Mi objetivo es conseguir una estacion de trabajo segura .
> He conocido herramientas como:
> Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> Si puede alguien con conocimientos de seguridad  ayudarme. O hay alguna
> empresa que de soporte.
> 
> Muchas gracias, Roberto
> 
> 
> Good afternoon, I have been debian 8.9 user for 2 years.
> I have security issues that force me to reinstall the system often, once a 
> year.

What security issues?

> I have read documents and help to improve security.

What documents?

> But I am not a user with advanced systems knowledge.

That is not problem, you can find lots of tutorials and documents
around.

> My goal is to get a safe work station.
> I have known tools like:
> Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.

Apparmor and selinux do not go together, use just apparmor because it is
easier to set up and easier not to mess up. Selinux in theory can
provide you with more protection, but in practical use you will not see
it. Lynis is probably too much for you. Openval I do not know, nessus I
did not use. Grsecurity is, according to Linus Torvald:

"

Don't bother with grsecurity.

Their approach has always been "we don't care if we break
anything, we'll just claim it's because we're extra secure".

The thing is a joke, and they are clowns. When they started
talking about people taking advantage of them, I stopped
trying to be polite about their bullshit.

Their patches are pure garbage.

Linus
"
> If anyone with safety knowledge can help me. Or is there any support company.
> 
> Thank you very much, Roberto

For someone who knows little, you are sure installing too much things.
Here are some general advices, but do not take this for granted, it is
based on personal opinion after all, and I'm not security expert, though
I did read for few of those have to say about security in linux.

1. Firewall. If you are connected to net and use some services you
really want it. Choose simple one, like gufw. That is front end for ufw
( uncomplicated firewall ) and will serve your needs well. If you want
something more secure, but really more complicated, you will have to
learn iptables.

2. Always keep your system updated with latest security patches. So, do
your daily routine of apt-get update && apt-get upgrade. Even apt-get
dist-upgrade, in case of need.

3. apparmor can help to mitigate risks of some exploits and is easier to
setup than selinux.

4. Use some tools that can help you detect potential rootkits. So, learn
how to use rkhunter, chkrootkit and some of intrusion detection tools,
like aide, or tripwire. Also some network based intrusion detection
tools like Snort, or suricata.

5. If you use ssh, disable root login, disable logging with passwords,
use pair of keys. When we are at root account, if someone else can
physically access your comp, you should disable it too and use sudo. But
it is not necessary and will not increase your security as standalone
solution in cases where someone can poke your comp freely. For further
reading about restricting root account: 
https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-wstation-privileges-noroot.html

6. Just in case that you are connected to some windows based machines,
you can install and use clamav. But it will not protect you personally,
will just make you better neighbour.

7. Oh, yes, secure password is good thing to have too. Do not use your
name, your family names, your dog name, nor anything that can be
connected to you, or is susceptible to dictionary attacks. You can
install some tool like john the riper to check if your password is weak.

8. Encrypt your data and use backups.

9. Do a lot of reading about all that, practice a bit and do not put
high hopes in paying someone to protect you. If you do not know what are
you doing, no one can babysit your 24 hours a day.

10. I'm sure that there is more and that some people around can tell
you more, but complete guide to security is hard to get on this list, or
in some forums. There are some books around about that subject, written
by people that know lots and can presented better than I can. Again, it
requires lots of reading, research and practicing. And no one can do it
for you. If you want to be more secure, than you must get "advanced
knowledge".

Hope that this can help you a bit.

Does KDE desktop environment work with Stretch VNC server?

[Niclas Arndt]

Hi,


OpenSUSE 42.1 had a problem with running a VNC server on the KDE desktop 
environment. It forced me to use XFCE, which is ok although I prefer KDE.


Now I am installing Debian Stretch and rather than risk having to redo the 
installation, I thought I should ask if you know whether KDE VNC server works 
on Stretch.


Grateful for your input.


/Niclas

security issues

[R Calleja]

Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
Tengo problemas de seguridad que me obligan a reinstalar el sistema a
menudo, una vez al año.
He leido documentos y ayuda para mejorar la seguridad.
Pero no soy un usuario con conocimientos avanzados de sistemas.
Mi objetivo es conseguir una estacion de trabajo segura .
He conocido herramientas como:
Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
Si puede alguien con conocimientos de seguridad  ayudarme. O hay alguna
empresa que de soporte.

Muchas gracias, Roberto


Good afternoon, I have been debian 8.9 user for 2 years.
I have security issues that force me to reinstall the system often, once a year.
I have read documents and help to improve security.
But I am not a user with advanced systems knowledge.
My goal is to get a safe work station.
I have known tools like:
Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
If anyone with safety knowledge can help me. Or is there any support company.

Thank you very much, Roberto

security issues

[R Calleja]

Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
Tengo problemas de seguridad que me obligan a reinstalar el sistema a
menudo, una vez al año.
He leido documentos y ayuda para mejorar la seguridad.
Pero no soy un usuario con conocimientos avanzados de sistemas.
Mi objetivo es conseguir una estacion de trabajo segura .
He conocido herramientas como:
Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
Si puede alguien con conocimientos de seguridad  ayudarme. O hay alguna
empresa que de soporte.

Muchas gracias, Roberto


Good afternoon, I have been debian 8.9 user for 2 years.
I have security issues that force me to reinstall the system often, once a year.
I have read documents and help to improve security.
But I am not a user with advanced systems knowledge.
My goal is to get a safe work station.
I have known tools like:
Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.
If anyone with safety knowledge can help me. Or is there any support company.

Thank you very much, Roberto

Re: Stop

[Ben Finney]

Jessica Litwin  writes:

> HAMMER TIME!

In the name of lve!

-- 
 \ “Why doesn't Python warn that it's not 100% perfect? Are people |
  `\ just supposed to “know” this, magically?” —Mitya Sirenef, |
_o__) comp.lang.python, 2012-12-27 |
Ben Finney

Re: Stop

[Jessica Litwin]

>
>
> Envoyé par BlueMail 
>

HAMMER TIME!

Stop

[Pascal]

⁣Envoyé par BlueMail ​