Re: How to Keep Track of Changes to the System

[hdv]

On 2017-08-31 23:36, rhkra...@gmail.com wrote:
> On Wednesday, August 30, 2017 10:39:38 PM ray wrote:
>> ...snip
>>
>> Yes, I would like to work with this.  I should be able to modify the perl
>> script to also save a tag file to hold the metadata.  So now I have a
>> reason to learn some perl.
> 
> I'm interested as well, if you could send a copy to me.  
> 
> @Ray: And even more so, Ray, after you modify it.
> 

Hi rhkramer,

I sent it to this list yesterday. If you missed it I can send it again. Just let
me know.

Grx HdV

Re: Encrypted RAID1 for storage with Debian Stretch

[David Christensen]

On 08/31/17 06:35, commentsab...@riseup.net wrote:

I don't [have a CPU with AES-NI):
https://ark.intel.com/products/78867/Intel-Celeron-Processor-J1900-2M-Cache-up-to-2_42-GHz

So, what would be the most efficient? I guess that encrypting one drive
and having the other one blindly copying every bit is the proper method.


I suggest that you put encryption on top of RAID 1, so that encryption 
happens once.



But, you do have 4 cores. So, RAID 1 on top of encrypted volumes should 
perform about the same when the system is lightly loaded.




Does it have any impact on the reliability of the setup?


I have read of a common RAID 1 trick for backups -- add a third drive to 
a mirror, resilver the mirror, and remove the third drive.  This gives 
you an exact duplicate in the shortest time.



The above idea is typically extended with a fourth, fifth, etc., drives 
and off-site rotation.



But, more drives in more sites increases security risks.


An advantage of encryption on RAID 1 is that your CPU encrypts/decrypts 
each block once, so it takes less CPU.  A disadvantage is that there is 
only one set of keys, so if one drive gets cracked they all get cracked.



An advantage of RAID 1 on encrypted drives is that each drive has its 
own set of keys, so cracking one drive does not crack them all.  The 
disadvantage is that your CPU has to encrypt/decrypt each block for 
every drive, so it takes more CPU -- two drives, twice the work; three 
drives, three times the work; etc..




If the "system"
ssd fails, would I be able to reinstall Debian on a new drive and plug
the RAID drives in a plug-and-play fashion? 


I believe RAID requires configuration/ system administrator intervention 
(?).



LUKS can be "automagic" on some desktops.


It's best to keep accurate notes of all administrative actions applied 
to each drive and to the array (e.g. console sessions in a version 
control system).




Should I care about the "system" redundancy?


I assume you mean RAID 1 for your system drive.  Again, there are 
trade-off's between risk, reliability, performance, security, cost, 
effort, etc..  You must strike a balance that works for you.



I don't use RAID on any of my disks -- system, data, or backup.


I backup my system drives by keeping them small (16 GB or less), 
periodically taking images of them, placing important configuration 
files into a version control system (CVS), keeping a list of all 
packages I've installed in CVS, and keeping a running log of 
administrative actions taken in CVS.  I also backup the LUKS headers of 
all LUKS containers.



For backing up my data, I have three desktop 3 TB HDD's and 1 backup 
server.  The server has two mobile dock bays and each drive is mounted 
in a mobile dock drawer.  One drive stays in the server, one is 
near-site, and one is off-site.  The backups, archives, and images go to 
the server drive.  Periodically, I install the near-site drive, rsync 
the server drive to the near-site drive, remove the near-site drive, and 
then swap the near-site and off-site drives.



I periodically burn archives to optical media and store them off-site.



Are the encryption keys stored on the "system"
drive or on the RAID drives (one of them, both?) ?


LUKS provides a "container" with a header and data.  The master key and 
key slots are in the header, so they move with the drive and don't 
necessarily depend on the system drive (unless you do something to make 
them depend upon the system drive, such as putting a key on the system 
drive so that the LUKS container is automatically opened on boot).




I have been juggling with bash scripts and USB keys in order to create
some sort of backup on the cheap for my work documents. I do not want to
risk to screw it up, I want to do it right on the first try and have
something future proof in my hands and perhaps, more importantly, have
it up and running before my juggling fails me.


Experimenting with a USB stick is a good way to learn LUKS.  Here is a 
console session for a USB stick I set up recently:



Plug in the USB stick, then run 'dmesg' to find out the device node -- 
in my case, it was /dev/sdb.  Don't screw this up, or you may destroy 
your operating system, data, backups, etc. (!).



Wipe old partition table and boot loader on USB stick:

2017-05-19 15:21:20 root@jesse ~
# dd if=/dev/zero bs=1M count=1 of=/dev/sdb
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.69534 s, 1.5 MB/s


Create a new MS-DOS partition table:

2017-05-19 15:23:21 root@jesse ~
# parted /dev/sdb mklabel msdos
Information: You may need to update /etc/fstab.


Create a new partition:

2017-05-19 15:25:06 root@jesse ~
# parted /dev/sdb mkpart primary 0% 100%
Information: You may need to update /etc/fstab.


Look at the partition table:

2017-05-19 15:27:34 root@jesse ~
# parted /dev/sdb u s p free
Model: SanDisk 

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Jimmy Johnson]

On 08/30/2017 11:08 PM, Felix Miata wrote:

Over an hour I've been searching in vain, apparently using broken Google-fu, for
something using examples to explain how to prevent unwanted package(s) from
being installed via pinning when apt-mark's hold is being disregarded. Anyone
familiar with an URL that would do this?

In openSUSE, it's a simple process:

zypper al unwantedpackagename[version]

That's all there is to it, other than it also works with wildcards.


#dpkg-hold 'package-name'
#dpkg-unhold 'package-name'

Cheers,
--
Jimmy Johnson

Debian Sid/Testing - KDE Plasma 5.8.7 - AMD A8-7600 - EXT4 at sda1
Registered Linux User #380263

Re: I just installed "tomcat8" and "tomcat8-admin" on a Debian 8.9 box, via an apt-get

[davidson]

On Thu, 31 Aug 2017, James H. H. Lampert wrote:


I wrote:

I want to put Tomcat 8.5 on the box I've spent the past week configuring.
What my apt-get got me was Tomcat 8.0.14.
Can I get Tomcat 8.5 via an apt-get? If so, how?


On 8/30/17, 5:04 PM, Nicholas Geovanis wrote:

The apt-cache command says that the backports repository has Tomcat 8.5.14.
My mentally-lazy way to get everything I needed to install it looked as
follows:
apt-get install tomcat8=8.5.14-1~bpo8+1 tomcat8-common=8.5.14-1~bpo8+1
libtomcat8-java=8.5.14-1~bpo8+1 libecj-java=3.11.0-5~bpo8+1


Tried it just now. This is what I got:

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Version '8.5.14-1~bpo8+1' for 'tomcat8' was not found
E: Version '8.5.14-1~bpo8+1' for 'tomcat8-common' was not found
E: Version '8.5.14-1~bpo8+1' for 'libtomcat8-java' was not found
E: Version '3.11.0-5~bpo8+1' for 'libecj-java' was not found


Am I doing something wrong?


Have you added the jessie-backports repository to your
/etc/apt/sources.list yet?

There's a how-to for that here, along with other information you might
like to know:

  https://wiki.debian.org/Backports#Using_the_command_line

Re: Computer friendly blood pressure?

[Richard Owlett]

On 08/29/2017 12:55 PM, Curt wrote:

On 2017-08-29, Terence  wrote:


Thanks, it is, Curt, and I hope yours is, and stays, good!

I would be grateful for the link, though- I use Garmin Connect for my Fenix
watch, and it would be good to check both on the same screen(s).


https://github.com/LazyT/obpm


That page had been mentioned in another group.



 Omron Blood Pressure Manager

 The current version supports the following features:

   Omron HEM-7322U (M500 IT, M6 Comfort IT) and HEM-7131U (M400 IT, M3
   IT)


I haven't been able to determine which current model(s) match the 
specified ones closely enough to be likely to work.
I will require a current model as I wish to obtain it from a distributor 
or recognized re-seller (the massive discounts shown on some Amazon 
pages make me wary).


I do not own nor intend to buy a smartphone.
I do not wish to store any data anywhere except on my personal hardware.
Also my doctor is revising how frequently and when he wants me to check.
I realize those restrictions limit my options.

Any idea of a group where monitoring blood pressure on a personal 
computer would be more common than on a general Linux list?






To celebrate I bought a Caterham Seven Supersport and am now really
enjoying my regained health!

Terence

Re: Btrs vs ext4. Which one is more reliable?

[David Wright]

On Fri 11 Aug 2017 at 19:13:47 (+0200), Christian Seiler wrote:
> Hi there,
> 
> On 08/11/2017 06:29 PM, Dejan Jocic wrote:
> > On 11-08-17, Christian Seiler wrote:
> >> You can also set DefaultTimeoutStopSec= in /etc/systemd/system.conf
> >> to alter the default for all units (though individual settings for
> >> units will still override that).

That works great. I've set   DefaultTimeoutStopSec=27s

> > Thank you for suggestion. I did find that solution, some time ago, can't
> > remember exactly where. But it was followed by warning that it is bad
> > idea, can't remember exactly why. Do you have any hint of why it could
> > be bad idea to limit timeout, or I've just misunderstood whatever I've
> > read about it?
> 
> Well, there's a reason the default is 90s. And for some services even
> that might be too short. Take for example a database server where the
> regular stop script might take 10 minutes to shut down properly (when
> no error occurs).

The problem only embarrasses me on laptops, eg leaving the house,
boarding an aircraft, etc. Nothing important is running (I've already
killed X and touched the power button) and the only alternative is
forcing it off with the prolonged power button.

It's worked well for a fortnight now.

> The right timeout is always a balancing act - and systemd's default
> is a compromise to provide something that won't break most use cases
> but still cause the system to shut down after a finite time.

There are some timeouts that are set to "no limit" but I haven't hit
one of those for nearly a year. It's incomprehensible to me why
"RPC portmapper replacement" needs to be shut down cleanly however
long it takes. Likewise the "Color Profiles" manager which, while
having a 90 second timeout to start with, would increment the timeout
by another 90 seconds each time it expired, so it was effectively
infinite.

Cheers,
David.

Re: Computer friendly blood pressure?

[Richard Owlett]

On 08/30/2017 02:33 PM, Wilko Fokken wrote:

On Tue, Aug 29, 2017 at 07:44:07AM -0500, Richard Owlett wrote:

For sometime I've been causally looking for a blood pressure cuff with
communication capability that does NOT require a "smart" phone [be
it Apple or Android].

A recent hospital stay prompts me to more actively look.

I currently have a wrist cuff type with memory but no communication
capability.
Preferred solutions would be something that:
 uses the same removable media as digital cameras.
or
 has USB connectivity
Bluetooth or WiFi connectivity would be acceptable.

Already written Linux apps a plus.

Any suggestions/comments?

Thank you.



Moin,

for my own blood pressure control, I wrote a shell script that serves
me well.

[I get my data through a simple, but fairly precise wrist cuff device
 without capability of saving my data.]
[snip]


Thank you for the script.
My doctor is revising how many and when he wants me to check.
For some of them my computer will not be conveniently available.
Also I don't have confidence in me transcribing data accurately.

Re: Configure_GnuPG 2

[Mario Castelán Castro]

On 31/08/17 16:40, miz...@elude.in wrote:
> unregistered user
> 
> hello,
> 
> i configured s2k but i would like use 25519 , i would like harden .conf
>   do i need add some special options ?

s2k means “string to key” (the 2 is a play on words for “to” since it
sounds similar). It refers to the procedure used to turn the
user-entered password into a key for *symmetric* encryption. Curve25519
is a elliptic curve and a function defined over it. There is no relation
between both things!

> * gnupg mailing-list is for registered user only and it does not suit me.

What is the problem with gnupg-users? I replied to your message there:
.

Most mailing list accept messages from people not subscribed, but *you
have to mention that you are not subscribed*, so that people will
include your e-mail address in replies. If you do not do that, you can
still read the replies in the mailing list archive (almost all public
mailing lists keep an archive of messages; look at the link above for
example)

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: I just installed "tomcat8" and "tomcat8-admin" on a Debian 8.9 box, via an apt-get

[James H. H. Lampert]

I wrote:

I want to put Tomcat 8.5 on the box I've spent the past week configuring.
What my apt-get got me was Tomcat 8.0.14.
Can I get Tomcat 8.5 via an apt-get? If so, how?


On 8/30/17, 5:04 PM, Nicholas Geovanis wrote:

The apt-cache command says that the backports repository has Tomcat 8.5.14.
My mentally-lazy way to get everything I needed to install it looked as
follows:
apt-get install tomcat8=8.5.14-1~bpo8+1 tomcat8-common=8.5.14-1~bpo8+1
libtomcat8-java=8.5.14-1~bpo8+1 libecj-java=3.11.0-5~bpo8+1


Tried it just now. This is what I got:

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Version '8.5.14-1~bpo8+1' for 'tomcat8' was not found
E: Version '8.5.14-1~bpo8+1' for 'tomcat8-common' was not found
E: Version '8.5.14-1~bpo8+1' for 'libtomcat8-java' was not found
E: Version '3.11.0-5~bpo8+1' for 'libecj-java' was not found


Am I doing something wrong?

--
JHHL

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Cindy-Sue Causey]

On 8/31/17, Cindy-Sue Causey  wrote:
> On 8/31/17, Felix Miata  wrote:
>> Dejan Jocic composed on 2017-08-31 08:51 (UTC+0200):
>>
>>> Felix Miata wrote:
>>
 Over an hour I've been searching in vain, apparently using broken
 Google-fu, for
 something using examples to explain how to prevent unwanted package(s)
 from
 being installed via pinning when apt-mark's hold is being disregarded.
 Anyone
 familiar with an URL that would do this?
>>
 In openSUSE, it's a simple process:
>>
zypper al unwantedpackagename[version]
>>
 That's all there is to it, other than it also works with wildcards.
>>
>>> Not sure that I understand, because man page gives enough examples.
>>
>> To start with, the question "which man page" needed to be solved.
>>
>>> Like:
>>
>>>  P < 0
>>>   prevents the version from being installed
>>
>>> So, for preventing some package to be installed:
>>
>>> Package: somepackage
>>> Pin: origin ""
>>> Pin-Priority: -1
>>
>> I never saw an example that wasn't part of a group that included multiple
>> release names, none with the null string for origin.
>>
>>> That will prevent all packages with somepackage name to be installed, no
>>> matter of origin. In Pin section, you can use release instead, if you
>>> want to restrict just specific release, but that is all well explained
>>> in man page of apt_preferences with lots of examples.
>>
>> Now that I see that apt_preferences is the relevant doc, I don't see it
>> as
>> "well" explained. "The file" isn't given a name. There is no "file" that
>> seems
>> applicable to locking anything in in /etc/apt/, though there is an empty
>> directory "/etc/apt/preferences.d/", which to me doesn't imply anything
>> to
>> do
>> with locking.
>>
>> I gave it several stabs. I created /etc/apt/preferences.d/1grub.pref that
>> eventually reached the following state:
>>
>> Package: grub
>> Pin: origin ""
>> Pin-Priority: -1
>>
> < snipped for brevity >
>>
>> I'm still getting told the following will be installed:
>> grub-common grub-gfxpayload-lists grub-pc grub-pc-bin grub2-common
>> os-prober
>>
>> This is a multiboot system, so no space-wasting, updates time-wasting
>> bootloader
>> is needed or wanted on the installation making this insistence.
>
>
> I just tracked down a sample I saved for myself during that recent
> time period where wpasupplicant was being a pain:
>
> Package: wpasupplicant
> Pin: version 2.5-2+v2.4-3+b1
> Pin-Priority: 1001
>
> My apologies, but I'm not able to remember *why* I did it exactly like
> that. I'm thinking maybe it was specifically "pinned" to that version
> number... maybe.


A couple references that may or may not help. I am, yes, noting that
they potentially feel a little outdated.

* Debian Cheat Sheet; Carlo Wood, March 2007
  
https://web.archive.org/web/20121024134944/http://carlo17.home.xs4all.nl/howto/debian.html#errata

* AptPreferences; Debian Wiki; last modified ~2017.06.30
  https://wiki.debian.org/AptPreferences

Maybe one or the other has something that will help yet more. I'm
still not remembering why I used "1001" when other numbers are
equally, if not more so, referenced online. An Internet search for
"1001" coincidentally pointed me straight to Stretch's manpages:

https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html

Stretch and thus Stretch manpages are what I was using at that moment
when I successfully pinned wpasupplicant so maybe that's where I
picked up that detail.

That Archive.org page is being cantankerous for me. You're looking for
the heading of "Pinning Errata" if that one doesn't immediately leap
down to that heading.

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Nettoyage du spam : août 2017

[jean-pierre giraud]

Bonjour,
Comme nous sommes en septembre, il est désormais possible de
traiter les archives du mois d'août 2017 des listes francophones.

N'oubliez bien sûr pas d'ajouter votre nom à la liste des relecteurs
pour que nous sachions où nous en sommes.

Détails du processus de nettoyage du spam sur :

https://wiki.debian.org/I18n/FrenchSpamClean

4.12 won't wake from sleep

[Boyan Penkov]

Howdy,

I have installed sid's linux-image-4.12, since I wanted to experiment
with the BFQ scheduler.  I selected the bfq scheduler as a module at
boot by following the approach laid out here:
https://unix.stackexchange.com/questions/375600/how-to-enable-and-use-the-bfq-scheduler/376136#376136

When I do this and let the system sleep, it won't wake from sleep cleanly.

How can I help debug?  Is this "real" (worth filing a bug over), or am
I messing something up?

Cheers!

-- 
Boyan Penkov

Re: nvidia

[jordi]

El dj 31 de 08 de 2017 a les 19:33 +0200, en/na Robert Marsellés va
escriure:
> Hola,
> 
> El 31/08/17 a les 11:59, jordi ha escrit:
> 
> > Ja fa força temps que els faig servir ja que els hi veig mes
> > rendiment
> > que els nouveu.
> > 
> 
> Els que en saben, afirmen el mateix. Jo mentre vegi bé alguna peli en
> tinc prou. Es similar al tema dels vins, tots els trobo bons.
> 
> > El problema que tinc, i em sembla relacionat amb això és el
> > següent:
> > 
> > Faig servir el gestor enlightenment i si activo la composició per
> > openGL, hi ha pantalles que fan pampallugues, sobre tot els textos
> > que
> > hi apareixen (al xat, al terminal, a l'evolution, etc) la
> > composició
> > per programari funciona normalment. 
> > 
> 
> La meva experiència s'acaba a la combinació de targeta (GeForce GTX
> 1050Ti) i portàtil tal com el tinc configurat actualment. Si et
> serveix
> per trobar-hi pistes ...
> 
> Inicialment venia amb Win. Gairebé va funcionar tot bé quan hi vaig
> instal·lar Debian Stretch "opcions per defecte". Evidentment,
> únicament
> la targeta gràfica integrada (Intel).
> 
> Va ser instal·lar el paquet de Nvidia per poder usar l'altra targeta
> i
> vaig deixar de poder accedir al sistema gràfic. Apareixia el gestor
> d'entrada però si iniciava la sessió, tot negre. Únicament accés a
> consola mitjançant Ctrl-Alt-F[x] i tot anava molt poc a poc.
> 
> Després de la corresponent investigació, vaig trobar que els
> controladors Nvidia (al menys els meus) son incompatibles (o com és
> digui) amb l'entorn Gnome si s'usa "Wayland" que encara ara no sé què
> nassos és i que únicament havia seleccionat un cop per provar que
> era.
> 
> Després, la prova. Va ser seleccionar una altra opció quan s'entra a
> l'entorn gràfic i, ... oli en un llum.
> 
> Mentre buscava com resoldre-ho, vaig llegir (no recordo el lloc) que
> hi
> havia certs problemes entre Nvidia alguns entorns gràfics que usaven
> "composting". Potser és el que tu busques però ho dic de memòria i ja
> fa
> dies.
> 
> > 
> > No acabo de veure d'on ve el problema. Si algú em por orientar ...
> > 
> 
> No en sé més, ho sento.
> 
> Salut i peles,
> 
> robert


Em sap greu dir-ho però m'has deixat igual

L'NVIDIA sempre he anat instal·lant la última versió, ara : NVIDIA-
Linux-x86-384.69.run i l'enlightenment 0.21.8.

Amb el composite openGL, durant uns minuts funciona be, però després
sembla que la pantalla estigui dividida en quadres més o menys grans
i en alguns d'aquests quadres les lletres fan pampallugues o millor dit
es com si una línia de lletres es fiqués damunt d'una altra. Tampoc se
massa be com els controladors dibuixen les pantalles.  Tampoc se si
recompilant l'enlightenment amb alguna opció que desconec, o el
controlador nvidia. No es un tema vital però m'agradaria solucionar-lo
però no se ni per on començar.

Gracies.

Jordi 

Re: lilypond workaround against lilypond-removal

[Mario Castelán Castro]

When a package is not in Debian there is also the option of compiling
from source. Sometimes this is not practical, though (because it has too
many dependencies which are in turn hard to build).

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Configure_GnuPG 2

[mizett]

unregistered user

hello,

i configured s2k but i would like use 25519 , i would like harden .conf
do i need add some special options ?


thx.

 GnuPG 2.x has a separate gpg-agent that is the custodian of secret keys
and that offers no control whatsoever over the encryption parameters of
the secret keys within.

Furthermore, --s2k are accepted but ignored when setting a passphrase or
exporting a secret key.

https://blog.tinned-software.net/create-gnupg-key-with-sub-keys-to-sign-encrypt-authenticate/
https://dev.gnupg.org/T1800
https://security.stackexchange.com/questions/119245/how-does-gnupg-encrypt-secret-keys
https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057508.html
https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057524.html
https://tools.ietf.org/html/rfc4880


* gnupg mailing-list is for registered user only and it does not suit me.

Re: lilypond workaround against lilypond-removal

[David Wright]

On Thu 31 Aug 2017 at 20:43:34 (+0200), rrbuer...@freenet.de wrote:
> My lilypond - experience and workaround-solution with debian stretch:
> 
> I updated 2 PCs (precisely a pc and a laptop) at the beginning of July
> 2017 from a zero-errors-running Jessie to a (censored by vice squad
> ;-) ) Stretch.
> 
> One of the knockouts was: I had overlooked, that lilypond is removed
> in Stretch "because" an unsolved Guile-"Problem". Nebbisch?!
> 
> So I sat in the trap as a professional musician - had new systems, but
> they worked not for me into the right direction.
> 
> But, I can't solve my professional tasks with 0.A.D., I need
> lilypond. ;-)
> 
> At fist, I believed, I had to wait for a solution of this
> Guile-Problem. :-(
> 
> Then I thought: This can take years, or decades - because I'm waiting
> already since 20 years very unsuccessful of a userfriendly
> out-of-the-box-and-without-mammut-latencies-running sound- and
> understandable printing-solution for linux too (I'm 59 now) - maybe,
> the solutions are written somedeay only on my tomb-bow posthumous, or
> on the tombs of my grand-grand-children ...
> 
> Short: I had a very need for a workaround, and wrote for this to the
> lilypond-project itself.
> 
> An easy and short correspondence came out and then came the right
> question from Trevor Daniels:
> 
> " Can you not download one of the binaries from here?
> 
> http://lilypond.org/development.html "

This link takes you to the 2.19 development branch. You
presumably used http://lilypond.org/download.html for
the 2.18 stable branch.

> A try and: BINGO!
> 
> 
> So, this was my way:
> 
> - I'm using debian stretch, very new installation on an old quad AMD
>   hardware

Quad, old?

> - downloaded lilypond from http://lilypond.org/unix.html
> (in my case: the link of "GNU/Linux 64: LilyPond 2.18.2-1 64bit
> Systems. " )
> 
> - copied the downloaded file (named: "lilypond-2.18.2-1.linux-64.sh"
>   into /usr/local/bin by:
> 
> cp ./lilypond-2.18.2-1.linux-64.sh /usr/local/bin
> 
> - then I set the x (for "make it running" ;-)  ) by:
> 
> chmod +x lilypond-2.18.2-1.linux-64.sh
> 
> - then I started the shell-script by
> 
> ./lilypond-2.18.2-1.linux-64.sh
> 
> - and the whole lilypond was installed in a moment
> 
> - so i started frescobaldi and frescobaldi found the lilypond now
>   without further work - and: Is working now again!

I use a slightly different way which enables having several LP
versions available. I download to my non-Debian archive, then

$ cd ~
$ bash …/lilypond-xxxnewxxx.linux-x86.sh --prefix lilypond-xxxnewxxx

If this is the version I want to run by default, I copy the links in
~/lilypond-xxxnewxxx/bin/ and ~/lilypond-xxxnewxxx/bin/lilypond
into ~/bin/, overwriting the old ones there.

Uninstalling old versions is just a matter of

$ bash ~/lilypond-xxxoldxxx/bin/uninstall-lilypond

If you're a Frescobaldi user, it just remains to tell it which
version you want it to use (through its menus).

> - I have a running lilypond under Debian Stretch(! wow! ;-)  ) this way
>   now again
> 
> 
>   - maybe, it helps other Debian-Stretch-Tricked too.
> 
> 
> Ofcourse it would be better, if the Debian-Project would find a way to
> workaround the guile-"problem" and reintegrate immedially lilypond
> into the Stretch-repositories again (not all debian-users are such
> "creative IT-professionals" like me ;-) LOOOL (seriously: a big thanks
> to Trevor!! - some thousand of exclamation marks!) , maybe, my fellows
> in misery believe the debian statements really (like me at the
> beginning ;-) ) and without further questions ;-) , so the damage for
> them by such destructive "solutions" like simply "removing instead
> solving" (is this the new Debian-Way???)  is predictable immense
> (Again: Is this todays "solution", simply to remove lilypond (what
> ever, p.e. oss, from there, a really way, if we fall back into old,
> not-running-times again this way - and this, after lilypond was a very
> good, responsible and professional running part of the debian project
> already, over years in the past?? Its a very serious PR-damage too for
> the Debian-Maintainers
> - not only in my own eyes - who needs this?? Whom's use is this?  ...
> and all this in times of whole "virtual OS'ses"?? Or is it simple a
> hidden, silent sabotage of the Debian AND lilypond project???
> 
> Anyway.
> 
> It's not the best reputation for the Debian-Projekt in my eyes and at
> moment, if problems are "solved" by removing and on the (tricky
> or unprofessional, this is here the question?) way of too shorttimed
> alarms!

IIRC the LilyPond people were still debating what to do about the
Guile 1→2 problem in January; whether to fork 1.8 for LP, whether
to statically or dynamically link it, whether to skip 2.0 (which
seems to have major problems that never get fixed) and go straight
to the newly released 2.2, etc. It will be interesting to see if
this decision has been made by the time LP 2.20 is released.

If you really need LP 2.18, 

Re: How to Keep Track of Changes to the System

[rhkramer]

On Wednesday, August 30, 2017 10:56:44 PM ray wrote:
> Thank you.  This is an interesting way to store the broken system.  It will
> be like a junk yard that I can copy out of.
> 
> Partitioning will be a challenge.  Currently, this is laptop runs LVM.  I
> have two groups.  The system is on one, the other I plan on using for VM
> storage.  I could break the one for VMs into groups for file systems.  I
> am not sure how to use this.  Once I have these different groups, if I
> want to rebuild, I will need to have the new system installed to one of
> the unused VGs.  I have a  quandary about this each time I rebuild, I have
> a challenge with the Debian installer on where to put the new system.  It
> seem like I rebuild the LVM each time which means I would wipe out the
> previous system.

You're welcome!

I don't / have never used LVM, but I thought that at least in some scenarios, 
you created partitions and then installed LVM somehow on top of those 
partitions.  I assume that, if you create one more partition, you could just 
leave it out of LVM?

Maybe someone else can advise you.

Re: How to Keep Track of Changes to the System

[rhkramer]

On Wednesday, August 30, 2017 10:39:38 PM ray wrote:
> ...snip
> 
> Yes, I would like to work with this.  I should be able to modify the perl
> script to also save a tag file to hold the metadata.  So now I have a
> reason to learn some perl.

I'm interested as well, if you could send a copy to me.  

@Ray: And even more so, Ray, after you modify it.

Re: Outil d'organisation du temps

[G2PC]

Le 31/08/2017 à 20:53, MENGUAL Jean-Philippe a écrit :
>
> Bonsoir à tous,
>
>
> Je cherche si Debian a un logiciel équivalent à Wunderlist. Evidemment
> on peut me dire que org-mode est la solution, mais ça manque un peu de
> convivialité pour un utilisateur d'interfaces graphiques. Existe-t-il
> quelque chose de simialaire? Ou un greffon?
>
>
> Merci par avance de votre aide.
>
>
> Bien amicalement,
>
>
> -- 
> signature_jp_2
> Logo HypraJEAN-PHILIPPE MENGUAL
> DIRECTEUR TECHNIQUE ET QUALITÉ
> 102, rue des poissonniers, 75018, Paris
> Tel : +331 84 73 06 61  Mob : +336 76 34 93 37
> 
> jpmeng...@hypra.fr 
> www.hypra.fr 
> Facebook Hypra  Twitter Hypra
>  Linkedin Jean-Philippe
> 
>
>

Wunderlist electron wunderlistux

Doit y avoir de quoi faire -> gogole ami
http://le-libriste.fr/2011/09/le-gestionnaire-de-tache-wunderlist-disponible-sur-linux/

Le gestionnaire de tache WunderList disponible sur Linux | Le Libriste

Il doit y avoir un .deb qui traine sudo dpkg -i .deb | sudo apt-get -f
install et hop
Ou un ppa doit trainer donc sur github

On remercie Neomoloch de Hackbbs qui a lancé la recherche.

Outil d'organisation du temps

[MENGUAL Jean-Philippe]

Bonsoir à tous,


Je cherche si Debian a un logiciel équivalent à Wunderlist. Evidemment
on peut me dire que org-mode est la solution, mais ça manque un peu de
convivialité pour un utilisateur d'interfaces graphiques. Existe-t-il
quelque chose de simialaire? Ou un greffon?


Merci par avance de votre aide.


Bien amicalement,


-- 
signature_jp_2
Logo Hypra  JEAN-PHILIPPE MENGUAL
DIRECTEUR TECHNIQUE ET QUALITÉ
102, rue des poissonniers, 75018, Paris
Tel : +331 84 73 06 61  Mob : +336 76 34 93 37

jpmeng...@hypra.fr 
www.hypra.fr 
Facebook Hypra  Twitter Hypra
 Linkedin Jean-Philippe

dhcp restart with bad config

[Jonathan de Boyne Pollard]

Bonno Bloksma:

There is the strange fact that it seems the config is tested twice but 
I guess systemd will try to start a service twice before giving up.


I recommend less guessing and more reading your own posts.  (-: You 
yourself posted the very script fragment where /the script itself/ runs 
the test command twice:



test_config()
{
 if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 
2>&1; then
 echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
 echo "The error was: "
 /usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
 exit 1
 fi
}


See where that runs |/usr/sbin/dhcpd| in test mode twice?  The first 
time, dhcpd writes the error message to the syslog; the second time 
|dhcpd| writes the error message to its standard error.  Both lots of 
output end up in the journal.


From the LSB: prefix to the service name in the very log output that 
you posted, we can deduce that systemd is running your van Smoorenburg 
|rc| script as a service, wrapping it in a nonce service unit 
.  The test performed by 
the van Smoorenburg |rc| script is considered to /be a part of your 
service/.  By the time that the script is running, and executing the 
startup test, systemd thinks that your service is already running.  The 
stop and start actions of systemd encompass the script as a whole, and 
operate outwith the configuration validation test, not within it.


Put another way: There is no customizable mechanism to make the very 
execution of the start, stop, and restart commands in systemd dependent 
from first testing some arbitrary service-specific condition.  There's 
no way to tell systemd "only actually execute the restart command at all 
if this shell script first returns true".  When running restart, systemd 
will stop your service, start it again, and the test in the script will 
/only then/ run as part of your service's initialization.


The best that you have are mechanisms that cause a startup to abort, by 
failing an ExecStartPre command.  But for those you must actually write 
a proper service unit file. |systemd-sysv-generator| employs a 
one-size-fits-all approach, and will not generate such service-specific 
special-case stuff in the nonce units that it generates for van 
Smoorenburg |rc| scripts.  You need a bona fide human being to actually 
write a service unit file.  Even then, that is not enough.  A restart 
will still stop the service /before/ the ExecStartPre tests are run, and 
you won't get what you want. restart is stop /then/ start.

Re: lilypond workaround against lilypond-removal

[Thomas Schmitt]

Hi,

rrbuer...@freenet.de wrote:
> lilypond is removed
> in Stretch "because" an unsolved Guile-"Problem".

Isn't this solved meanwhile ?

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746005#278
  30 Jan 2017
  "a new Debian version of lilypond (2.18.2-7), with its own privately
   bundled guile-1.8, [...] has entered unstable [...]
   I will submit an unblock request right away."

That request seems not to have succeeded. But there is

  https://packages.debian.org/stretch-backports/lilypond
  "Package: lilypond (2.18.2-8~bpo9+1)"


Have a nice day :)

Thomas

Re: One-line password generator

[Reco]

Hi.

On Thu, Aug 31, 2017 at 08:00:54PM +0100, Brian wrote:
> On Wed 30 Aug 2017 at 00:59:15 +0300, Reco wrote:
> 
> > On Tue, Aug 29, 2017 at 08:50:53PM +0100, Brian wrote:
> > 'Us'? Do not speak for all the list please.
> 
> It is a construct; intended to involve everyone in the conversation.
> 
> > Admit that you just did not read the pdf.
> 
> It is not concerned with online cracking. That is obvious. Why should I
> spend time in reading its each and every detail

Admitting something, especially in public takes courage.
I applaud you for admitting it, and adjust my further explanations as
clearly your talents lie outside of security field.


> > > How does this help with attacking the password for a login with online 
> > > techniques?
> > 
> > Simple. You generate passwords by using adjectives, nouns and verbs from
> > Oxford and/or Webster dictionary. You don't put all the words together
> > (the result will have too much volume), you try to create grammatically
> > correct (although meaningless) phrases. A mathematical concept that
> > allows you to do so is Markov chains. An implementation of this concept
> > is called Prince Attack on hashcat lingua.
> > 
> > Overall entropy of 'my!only"reason£for$living%is^ebay' password (aka
> > XKCD 936 password) could be reduced significantly, leaving
> > 'eq8GeKBhVXOTjF0dAyd0' password (aka base64 password) far superior.
> > 
> > Also, bruteforcing a password by feeding a list of those to the online
> > service of any kind is dumb (unless you have a disposable botnet
> > dedicated to this purpose). Smart move is to obtain a list of
> > (hopefully) hashed passwords, which all bad guys are doing these days.
> 
> Services accept numerous failed *online* logins without doing anything
> about it?

You'd be surprised how many services do exactly nothing about failed
logins (ssh out of the box for starters). Even if they did - there's
nothing a hypothetical service could do against 10^5-10^6 unique IPs
('disposable botnet' comes here) each attempting 2-3 logins.

Besides, why bother with online logins if you can dump password
database ('dumb' and 'smart' come here)?

Reco

Re: One-line password generator

[Fungi4All]

> From: a...@cityscape.co.uk
> To: debian-user@lists.debian.org
>
> On Wed 30 Aug 2017 at 00:59:15 +0300, Reco wrote:
>
>> On Tue, Aug 29, 2017 at 08:50:53PM +0100, Brian wrote:
>> "Us"? Do not speak for all the list please.
>
> It is a construct; intended to involve everyone in the conversation.

Sorry Brian, after a while on the list I can get a sense that your communication
is just peculiar, although you are not evil in real life, but this is the true 
essence
of true fascism.  To speak as you represent everyone isolating "one" and placing
him/her against all of you!  It is "us" against the jew, the homosexual, the 
jw, the
gypsy, the commy.   It is a populist tactic, you may want to place you manuals
aside and read some early 20th century history.  In an other continent it was
america against the foreign invasion of a syndicalist.  On this side of the pond
it was us against "him".  Hitler himself did alot of street talk to gain 
support.
Unless secretly the rest of the list has elected you to speak on their 
speechless
behalf.

"It is a construct"!   Ha!!

>> Admit that you just did not read the pdf.
>
> It is not concerned with online cracking. That is obvious. Why should I
> spend time in reading its each and every detail
>
> --
> Brian.

lilypond workaround against lilypond-removal

[rrbuer...@freenet.de]

My lilypond - experience and workaround-solution with debian stretch:

I updated 2 PCs (precisely a pc and a laptop) at the beginning of July
2017 from a zero-errors-running Jessie to a (censored by vice squad
;-) ) Stretch.

One of the knockouts was: I had overlooked, that lilypond is removed
in Stretch "because" an unsolved Guile-"Problem". Nebbisch?!

So I sat in the trap as a professional musician - had new systems, but
they worked not for me into the right direction.

But, I can't solve my professional tasks with 0.A.D., I need
lilypond. ;-)

At fist, I believed, I had to wait for a solution of this
Guile-Problem. :-(

Then I thought: This can take years, or decades - because I'm waiting
already since 20 years very unsuccessful of a userfriendly
out-of-the-box-and-without-mammut-latencies-running sound- and
understandable printing-solution for linux too (I'm 59 now) - maybe,
the solutions are written somedeay only on my tomb-bow posthumous, or
on the tombs of my grand-grand-children ...

Short: I had a very need for a workaround, and wrote for this to the
lilypond-project itself.

An easy and short correspondence came out and then came the right
question from Trevor Daniels:

" Can you not download one of the binaries from here?

http://lilypond.org/development.html "

A try and: BINGO!


So, this was my way:

- I'm using debian stretch, very new installation on an old quad AMD
  hardware

- downloaded lilypond from http://lilypond.org/unix.html
(in my case: the link of "GNU/Linux 64: LilyPond 2.18.2-1 64bit
Systems. " )

- copied the downloaded file (named: "lilypond-2.18.2-1.linux-64.sh"
  into /usr/local/bin by:

cp ./lilypond-2.18.2-1.linux-64.sh /usr/local/bin

- then I set the x (for "make it running" ;-)  ) by:

chmod +x lilypond-2.18.2-1.linux-64.sh

- then I started the shell-script by

./lilypond-2.18.2-1.linux-64.sh

- and the whole lilypond was installed in a moment

- so i started frescobaldi and frescobaldi found the lilypond now
  without further work - and: Is working now again!

- I have a running lilypond under Debian Stretch(! wow! ;-)  ) this way
  now again


  - maybe, it helps other Debian-Stretch-Tricked too.


Ofcourse it would be better, if the Debian-Project would find a way to
workaround the guile-"problem" and reintegrate immedially lilypond
into the Stretch-repositories again (not all debian-users are such
"creative IT-professionals" like me ;-) LOOOL (seriously: a big thanks
to Trevor!! - some thousand of exclamation marks!) , maybe, my fellows
in misery believe the debian statements really (like me at the
beginning ;-) ) and without further questions ;-) , so the damage for
them by such destructive "solutions" like simply "removing instead
solving" (is this the new Debian-Way???)  is predictable immense
(Again: Is this todays "solution", simply to remove lilypond (what
ever, p.e. oss, from there, a really way, if we fall back into old,
not-running-times again this way - and this, after lilypond was a very
good, responsible and professional running part of the debian project
already, over years in the past?? Its a very serious PR-damage too for
the Debian-Maintainers
- not only in my own eyes - who needs this?? Whom's use is this?  ...
and all this in times of whole "virtual OS'ses"?? Or is it simple a
hidden, silent sabotage of the Debian AND lilypond project???

Anyway.

It's not the best reputation for the Debian-Projekt in my eyes and at
moment, if problems are "solved" by removing and on the (tricky
or unprofessional, this is here the question?) way of too shorttimed
alarms!

And Murdock wouldn't be lucky for sure, if he could heare, that this
disstressing "Stretch" (hey folks, those was suckers, not pimples! ;-)
) is ironically dedicated  - just him ...

In the hope, my words help a bit - developers and users ...



Lutz

(a very professional musician in absolutely ALL genres, but :-( not an
IT-professional (only for domestic use a little C, perl, php/html
(don't laugh, I'm not the youngest anymore ;-) ), lisp (it's coming
again! - I'm working on a little OS for very small personal computers:
free hardware, free software, a strong (and consistent for aeons this
way!)  mathematical programming-paradigma like lambda-calculum for a
small, energy-saving single-workstation for private users, "the
windows" under the free software, so to say - linux is the free
solution for the bigger ones (in my eyes - a revolutionary, but only a
first - step, but really nothing for a small user without
programming-knowledge in his sleepingroom ... ;-) - i need an
"out-of-the-box-OS" - and Linux will never be a such one - because his
overboarding complexity ...  - there are a lot of peoples, which need
urgendly to solve real life-problems and not newly, self-loving
IT-triggered ones), sql, bash and - coming soon, bcause thats it! -
hardwaretight- and micro- code. ), and not an english native
speaker :-) - if everybody easily can read here ... ;)  - so my new OS
cant be in english, 

Re: One-line password generator

[Brian]

On Wed 30 Aug 2017 at 00:59:15 +0300, Reco wrote:

> On Tue, Aug 29, 2017 at 08:50:53PM +0100, Brian wrote:
> 'Us'? Do not speak for all the list please.

It is a construct; intended to involve everyone in the conversation.

> Admit that you just did not read the pdf.

It is not concerned with online cracking. That is obvious. Why should I
spend time in reading its each and every detail
 
> > How does this help with attacking the password for a login with online 
> > techniques?
> 
> Simple. You generate passwords by using adjectives, nouns and verbs from
> Oxford and/or Webster dictionary. You don't put all the words together
> (the result will have too much volume), you try to create grammatically
> correct (although meaningless) phrases. A mathematical concept that
> allows you to do so is Markov chains. An implementation of this concept
> is called Prince Attack on hashcat lingua.
> 
> Overall entropy of 'my!only"reason£for$living%is^ebay' password (aka
> XKCD 936 password) could be reduced significantly, leaving
> 'eq8GeKBhVXOTjF0dAyd0' password (aka base64 password) far superior.
> 
> Also, bruteforcing a password by feeding a list of those to the online
> service of any kind is dumb (unless you have a disposable botnet
> dedicated to this purpose). Smart move is to obtain a list of
> (hopefully) hashed passwords, which all bad guys are doing these days.

Services accept numerous failed *online* logins without doing anything
about it?

We (or, if you prefer - you) have now decided to move to offline
cracking. It makes for a better press.

> > > > We are mesmorised by the skills of offline crackers. They dazzle us and
> > > > blind us to realities. Where is someone saying that
> > > >  
> > > >  eq8GeKBhVXOTjF0dAyd0
> > > > 
> > > > is a splendid password? It wouldn't have a chance of being forced via an
> > > > online attack.
> > > 
> > > Since it appeared in a public maillist - it is a bad password by
> > > definition.
> > 
> > It will not be used again.
> > 
> > How easy is it to force
> > 
> >  +H3GHd8kXs8HfmRDzZ7y
> 
> Since you put it on the public maillist again - trivially.

Damn. I spent ages using the technique in the first post in this thread
to devise it.

-- 
Brian.

Re: systemd says "org.freedesktop.systemd1.TransactionIsDestructive"

[Jonathan de Boyne Pollard]

Dave Sherohman:

The mention of freedesktop in one of the messages suggests that this 
may be somehow X/GUI related,


No, it does not.  That is not the only place where one finds such 
names.  Or, rather, the mechanism that uses such names is not only used 
for graphical user interfaces.


It is, of course, D-Bus.  The |systemd-logind| dæmon is communicating 
with the |systemd| dæmon, in order to start a service, via its D-Bus 
interface .  And 
the |org.freedesktop.systemd1.TransactionIsDestructive| error code is 
what the |systemd| dæmon is communicating back.  You are witnessing the 
undocumented interface between |systemd-logind| and |systemd|.


The problem that it indicates is that when |systemd| is trying to start 
the service, which is actually a so-called /scope/ named 
|session-11179.scope|, it has encountered a contradiction.  As the user 
manual explains, when systemd comes to start a service, it breaks it 
down into a collection of /jobs/, which are individual actions to take 
in order to achieve the overall goal 
.  What has happened here 
is that the set of jobs necessary to start |session-11179.scope| is 
self-contradictory, or contradicts existing jobs running at the time.  
It involves both starting/checking/restarting/reloading something and 
stopping it, simultaneously.


The people who hit this at shutdown have systems with a similar 
configuration problem to yours.  On yours and theirs, there's some 
configured contradiction, a unit that both is wanted by and conflicts 
with another unit; somewhere.  That might be down a long chain connected 
from the unit that you think that you are dealing with.  Or there's a 
contradiction with something else executing concurrently within |systemd|.


The scope unit is not something that you can do without; if you are 
doing things within login sessions, that is.  As you note, the failure 
to start it stops |su| from working. Scope units are used by 
|systemd-logind| to create /user-mode//login sessions/ 
.  It 
arranges, in conjunction with PAM extension modules, that all of the 
processes inside such a login session run within such a scope.  It uses 
the scope to place resource usage constraints upon the login session, 
such as a maximum number of processes.


Unfortunately, you have a hard task ahead. You can run things like 
|systemctl list-jobs|, but it is a good bet that what you are seeing is 
timing-dependent because it is a contradiction between two concurrent 
things.  You will likely find that you have to run |systemctl list-jobs| 
at just the right time, too.


That said, it does sound like, from the scant description given, you are 
mis-using |su|. Do not abuse |su| to drop privileges 
, from 
|root| to |nobody|.  There are proper tools for the job of dropping 
privileges, which do not involve PAM and which will thus not hit this 
problem.  Moreover: do not abuse |nobody| for running dæmons 
, if you are 
doing that.  Set up a proper rôle account.  And, indeed, give the cron 
job (whatever it is) directly to that rôle account's |crontab|.

Aqui es podem fer consultes grasies.

[colegio4497]

Re: nvidia

[Robert Marsellés]

Hola,

El 31/08/17 a les 11:59, jordi ha escrit:

> Ja fa força temps que els faig servir ja que els hi veig mes rendiment
> que els nouveu.
> 

Els que en saben, afirmen el mateix. Jo mentre vegi bé alguna peli en
tinc prou. Es similar al tema dels vins, tots els trobo bons.

> El problema que tinc, i em sembla relacionat amb això és el següent:
> 
> Faig servir el gestor enlightenment i si activo la composició per
> openGL, hi ha pantalles que fan pampallugues, sobre tot els textos que
> hi apareixen (al xat, al terminal, a l'evolution, etc) la composició
> per programari funciona normalment. 
> 

La meva experiència s'acaba a la combinació de targeta (GeForce GTX
1050Ti) i portàtil tal com el tinc configurat actualment. Si et serveix
per trobar-hi pistes ...

Inicialment venia amb Win. Gairebé va funcionar tot bé quan hi vaig
instal·lar Debian Stretch "opcions per defecte". Evidentment, únicament
la targeta gràfica integrada (Intel).

Va ser instal·lar el paquet de Nvidia per poder usar l'altra targeta i
vaig deixar de poder accedir al sistema gràfic. Apareixia el gestor
d'entrada però si iniciava la sessió, tot negre. Únicament accés a
consola mitjançant Ctrl-Alt-F[x] i tot anava molt poc a poc.

Després de la corresponent investigació, vaig trobar que els
controladors Nvidia (al menys els meus) son incompatibles (o com és
digui) amb l'entorn Gnome si s'usa "Wayland" que encara ara no sé què
nassos és i que únicament havia seleccionat un cop per provar que era.

Després, la prova. Va ser seleccionar una altra opció quan s'entra a
l'entorn gràfic i, ... oli en un llum.

Mentre buscava com resoldre-ho, vaig llegir (no recordo el lloc) que hi
havia certs problemes entre Nvidia alguns entorns gràfics que usaven
"composting". Potser és el que tu busques però ho dic de memòria i ja fa
dies.

> 
> No acabo de veure d'on ve el problema. Si algú em por orientar ...
> 

No en sé més, ho sento.

Salut i peles,

robert

Re: Bcrypt hash program on Debian 8 without python-pip ?

[Thomas Schmitt]

Hi,

on the second try i found out that the way to avoid the need for pip
is package "python-bcrypt". I asked the wrong question to apt-file
on the first try.

Thanks to python's help("bcrypt") i can also avoid passlib:

  $ python
  >>> import bcrypt
  >>> bcrypt.gensalt(16)
  '$2b$16$joRzQDFBqWzio.8tjWzJaO'
  >>> bcrypt.hashpw("ElmerFudpecker",'$2b$16$joRzQDFBqWzio.8tjWzJaO')
  '$2b$16$joRzQDFBqWzio.8tjWzJaOdnF5Wha3xW/WDIJQEsI59mvvBZr5lMe'
  >>> bcrypt.hashpw("ElmerFudpecker",'$2b$16$joRzQDFBqWzio.8tjWzJaO')
  '$2b$16$joRzQDFBqWzio.8tjWzJaOdnF5Wha3xW/WDIJQEsI59mvvBZr5lMe'

The speed on real iron is quite the same: 3.6 seconds with cost 16.
But i get a different salt type than on Sid and cannot use the one from Sid.

  >>> bcrypt.hashpw("ElmerFudpecker",'$2b$16$joRzQDFBqWzio.8tjWzJaO')
  ...
  ValueError: Invalid salt
  >>> bcrypt.gensalt(16)
  '$2a$16$TO/1Wc6L2wC8SgJpgQEV9e'
  >>> bcrypt.hashpw("ElmerFudpecker",'$2a$16$TO/1Wc6L2wC8SgJpgQEV9e')
  '$2a$16$TO/1Wc6L2wC8SgJpgQEV9eYsyzF0Gp8iiq/DpEuxGhRExoRf3hyqG'

Note the "$2a$" instead of "$2b$".
To my luck, Sid's bcrypt accepts the Jessie salt and produces the same hash
as Jessie's bcrypt.
So one will not have to change all remote passwords when upgrading bcrypt.

"$2a$" seems to be deprecated according to:
  http://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html
  "some implementations suffered from rare security flaws, replaced by 2b."


Nevertheless. How to avoid python ?


Have a nice day :)

Thomas

[Nessun oggetto]

[arun . cirri]

Ciao Giada,

Non so' come hai avuto il mio indirizzo e-mail , vorrei tanto sapere come hai 
fatto e che cosa vuoi da me?

Re: How to install extra TeX fonts without crud?

[Mario Castelán Castro]

On 31/08/17 02:48, Curt wrote:
> One way is to download the deb file and install it via 'dpkg -i 
> texlive-fonts-extra_2016.20170123-5_all.deb'.

Thanks you for your reply.

Won't dpkg refuse to install because of missing “dependencies”?

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Weird shell script behavior in a cron job

[James H. H. Lampert]

On 8/31/17, 5:16 AM, Reco wrote:

$ bash -c 'cd foo; echo $?'
bash: line 0: cd: foo: No such file or directory
1

To this:

$ dash -c 'cd foo; echo $?'
dash: 1: cd: can't cd to foo
2


Aha! That's what it was! Thanks!

At any rate, changing the test script's utterly nonspecific shebang 
(that, I gather, essentially just said "this is a script, but you're on 
your own to figure out what interpreter it wants"), and the backup 
script's "#!/bin/sh" shebang both to a "#!/bin/bash" shebang solved the 
problem quite nicely.


And late last night (actually, early this morning), after I'd left the 
box with Gnome signed off and ExternalHD very deliberately unmounted, 
the backup script worked perfectly.


--
JHHL

Bcrypt hash program on Debian 8 without python-pip ?

[Thomas Schmitt]

Hi,

i wanted to make some experiments with bcrypt's timing and it seems
that i need to make a wide detour over fat python stuff.

First i installed package "bcrypt" which turned out to provide an application
of the original Blowfish algorithm, which is so poor that the Debian version
is not allowed to encrypt anything any more:
  Encryption support disabled. See http://bugs.debian.org/700758

In the web i found an example
  https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html
which i can replay after doing in my sandbox
  apt-get install python-passlib
This added 2 MB, did not suffice, and proposed pip
  apt-get install python-pip
55 MB added. Then
  pip install bcrypt
Here i forgot to measure how many MB. Duh. It lasted about 3 seconds.
The "pip" run needed no superuser power.

I assume that the bcrypt algorithm is not running with python speed
but rather with binary program speed.

So i did some benchmarks (qemu with kvm on 3.5 GHz 4 core Xeon):

  $ python
  >>> from passlib.hash import bcrypt

The example with a "cost" of 13 needs about half a second:

  >>> bcrypt.using(rounds=13).hash("password")
  '$2b$13$IkrRofF47sgCo3CL/E.4ku.87dSGi1W0.3ZEgTYDrVuzXxpAYiUwu'

Consequentially cost 16 needs 4 seconds, and 18 needs 15, 19 needs 30.
I'd say that 16 would be bearable in this python contraption.

So

  >>> bcrypt.using(rounds=16).hash("ElmerFudpecker")
  '$2b$16$0UGXpt5volf7U/U5pXXGs.fS/X6HSw.9QCzTfRGFOP/qmNvcExGDK'

would yield the 31 character password

  fS/X6HSw.9QCzTfRGFOP/qmNvcExGDK

to be transmitted to the remote service.

Of course, "ElmerFudpecker" would not be hardcoded in the python program
but rather be input from the keyboard.
And as said, it should be much more hard to guess that a celebrity name.

Four 3.5GHz-Xeon seconds per try would be a pain for any enumerator,
even with a GPU array. Not unsurpassable, but also not without due heat
dissipation. Let him sweat.


Now how would i get this on real Debian 8 iron without running "pip" ?
Best would be an implementation in plain C without a cuddly snake around it.
  apt-file search bcrypt
produces enough output to hide three such packages from my eyes.


Have a nice day :)

Thomas

Re: Selecting text

[Mario Castelán Castro]

On 30/08/17 22:12, Hugo Vanwoerkom wrote:
> I now have a strange situation that on one system running Stretch + Sid
> the piece of text does not turn color when selecting it.

Mixing releases is one quick way to break your system.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to install extra TeX fonts without crud?

[David Wright]

On Thu 31 Aug 2017 at 17:13:52 (+0300), Reco wrote:
>   Hi.
> 
> On Thu, Aug 31, 2017 at 08:36:30AM -0500, Mario Castelán Castro wrote:
> > On 31/08/17 02:48, Curt wrote:
> > > One way is to download the deb file and install it via 'dpkg -i 
> > > texlive-fonts-extra_2016.20170123-5_all.deb'.
> > 
> > Thanks you for your reply.
> > 
> > Won't dpkg refuse to install because of missing “dependencies”?
> 
> Of course it will. So you have to cheat:
> 
> apt download texlive-fonts-extra
> 
> dpkg -x texlive-fonts-extra*deb /tmp/1
> 
> mkdir -p ~/.fonts/texlive-fonts-extra
> 
> mv /tmp/1/usr/share/texlive/texmf-dist/fonts/truetype 
> ~/.fonts/texlive-fonts-extra
> 
> # Everything else you might need from 
> /tmp/1/usr/share/texlive/texmf-dist/fonts/
> 
> rm -rf /tmp/1 texlive-fonts-extra*deb
> 
> 
> Installing these fonts systemwide is left as an exercise for the
> readers.

OTOH you could start by reading §4.3 in
/usr/share/doc/tex-common/TeX-on-Debian.pdf.gz
or one of the other formats (txt, html).

Cheers,
David.

Re: Xerrada sobre Debian al DLP el 16 de setembre

[Alex Muntada]

Narcis Garcia:

> A quin públic està adreçada la xerrada?

Usuaris que vulguin aprendre o preguntar alguna cosa sobre el
desenvolupament intern o l'organització del projecte Debian,
sobretot als que ja tinguin alguns coneixements tècnics.

Principalment la gent d'aquesta comunitat o similars.

> Si és bàsicament a desenvolupadors, parlaria de les eines de
> desenvolupament que puguin atraure gent d'altres plataformes
> (IDE, RAD, Android APK).

Aquest no seria el públic al que em vull adreçar perquè el tema
és el desenvolupament que es produeix al projecte Debian, no el
que hom pugui fer sobre el sistema operatiu.

Miraré de corregir el wiki del DLP perquè quedi més clar.

Salut i gràcies per preguntar-ho,
Alex



signature.asc
Description: PGP signature

Re: Virtualbox for stretch and buster not in repos

[Greg Wooledge]

On Thu, Aug 31, 2017 at 04:22:50PM +0200, Sven Hartge wrote:
> I think this depends entirely on the Release Managers and the Security
> Team if they allow new upstream versions to fix security bugs instead
> of backporting the fixes to the original version in a release.
> 
> Until now IIRC only Firefox and Chromium and MySQL (since remove and
> replaced by MariaDB) had such an exception.

This has also happened with BIND, PostgreSQL, and Samba.  With Samba,
we've even had major feature changes in the middle of a stable release. :(

> Time will tell if the same is granted to Virtualbox.

Re: How to install extra TeX fonts without crud?

[Curt]

On 2017-08-31, Mario Castelán Castro  wrote:
>
> On 31/08/17 02:48, Curt wrote:
>> One way is to download the deb file and install it via 'dpkg -i=20
>> texlive-fonts-extra_2016.20170123-5_all.deb'.
>
> Thanks you for your reply.
>
> Won't dpkg refuse to install because of missing dependencies?


dpkg -i --ignore-depends= 


-- 
"The world breaks everyone and afterward many are strong in the broken places.
But those that will not break it kills. It kills the very good and the very
gentle and the very brave impartially. If you are none of these you can be sure
it will kill you too but there will be no special hurry." *A Farewell to Arms*

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Cindy-Sue Causey]

On 8/31/17, Felix Miata  wrote:
> Dejan Jocic composed on 2017-08-31 08:51 (UTC+0200):
>
>> Felix Miata wrote:
>
>>> Over an hour I've been searching in vain, apparently using broken
>>> Google-fu, for
>>> something using examples to explain how to prevent unwanted package(s)
>>> from
>>> being installed via pinning when apt-mark's hold is being disregarded.
>>> Anyone
>>> familiar with an URL that would do this?
>
>>> In openSUSE, it's a simple process:
>
>>> zypper al unwantedpackagename[version]
>
>>> That's all there is to it, other than it also works with wildcards.
>
>> Not sure that I understand, because man page gives enough examples.
>
> To start with, the question "which man page" needed to be solved.
>
>> Like:
>
>>  P < 0
>>   prevents the version from being installed
>
>> So, for preventing some package to be installed:
>
>> Package: somepackage
>> Pin: origin ""
>> Pin-Priority: -1
>
> I never saw an example that wasn't part of a group that included multiple
> release names, none with the null string for origin.
>
>> That will prevent all packages with somepackage name to be installed, no
>> matter of origin. In Pin section, you can use release instead, if you
>> want to restrict just specific release, but that is all well explained
>> in man page of apt_preferences with lots of examples.
>
> Now that I see that apt_preferences is the relevant doc, I don't see it as
> "well" explained. "The file" isn't given a name. There is no "file" that
> seems
> applicable to locking anything in in /etc/apt/, though there is an empty
> directory "/etc/apt/preferences.d/", which to me doesn't imply anything to
> do
> with locking.
>
> I gave it several stabs. I created /etc/apt/preferences.d/1grub.pref that
> eventually reached the following state:
>
> Package: grub
> Pin: origin ""
> Pin-Priority: -1
>
< snipped for brevity >
>
> I'm still getting told the following will be installed:
> grub-common grub-gfxpayload-lists grub-pc grub-pc-bin grub2-common
> os-prober
>
> This is a multiboot system, so no space-wasting, updates time-wasting
> bootloader
> is needed or wanted on the installation making this insistence.


I just tracked down a sample I saved for myself during that recent
time period where wpasupplicant was being a pain:

Package: wpasupplicant
Pin: version 2.5-2+v2.4-3+b1
Pin-Priority: 1001

My apologies, but I'm not able to remember *why* I did it exactly like
that. I'm thinking maybe it was specifically "pinned" to that version
number... maybe.

I do remember that it was garnered from an example somewhere out on
the W-W-W. However they explained their own example, that right there
helped me at that time. In fact so much so that my inner geekette
became a little more empowered that day. * yippee ki ay* :D

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Virtualbox for stretch and buster not in repos

[Sven Hartge]

The Wanderer  wrote:
> On 2017-08-11 at 07:18, Sven Hartge wrote:
>> Robert Menes  wrote:
 
>>> Is there a reason why virtualbox hasn't migrated into stretch or
>>> buster yet?
>> 
>> Short Answer: Because of Oracle.
>> 
>> Longer Answer:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794466
>> 
>> Summary: Virtualbox will at the current state of affairs never be in
>> Testing or any stable release or stable-backports ever again.

> Today, I noticed that the virtualbox* packages are available in
> testing again (when they showed up to be upgraded as part of a routine
> dist-upgrade).

> Per the latest comment on that bug report, three days ago, it's been
> downgraded in severity so that these packages can be in testing until
> the situation can be re-evaluated at the time of the next release
> freeze.

> Whether this will actually be permitted to persist until then, or be
> reversed by people who disagree with the rationale, is an open
> question - but for the time being, this seems to be available again.

I think this depends entirely on the Release Managers and the Security
Team if they allow new upstream versions to fix security bugs instead
of backporting the fixes to the original version in a release.

Until now IIRC only Firefox and Chromium and MySQL (since remove and
replaced by MariaDB) had such an exception.

Time will tell if the same is granted to Virtualbox.

Grüße,
S°

-- 
Sigmentation fault. Core dumped.

Re: How to install extra TeX fonts without crud?

[Reco]

Hi.

On Thu, Aug 31, 2017 at 08:36:30AM -0500, Mario Castelán Castro wrote:
> On 31/08/17 02:48, Curt wrote:
> > One way is to download the deb file and install it via 'dpkg -i 
> > texlive-fonts-extra_2016.20170123-5_all.deb'.
> 
> Thanks you for your reply.
> 
> Won't dpkg refuse to install because of missing “dependencies”?

Of course it will. So you have to cheat:

apt download texlive-fonts-extra

dpkg -x texlive-fonts-extra*deb /tmp/1

mkdir -p ~/.fonts/texlive-fonts-extra

mv /tmp/1/usr/share/texlive/texmf-dist/fonts/truetype 
~/.fonts/texlive-fonts-extra

# Everything else you might need from /tmp/1/usr/share/texlive/texmf-dist/fonts/

rm -rf /tmp/1 texlive-fonts-extra*deb


Installing these fonts systemwide is left as an exercise for the
readers.

Reco

Re: Virtualbox for stretch and buster not in repos

[The Wanderer]

On 2017-08-11 at 07:18, Sven Hartge wrote:

> Robert Menes  wrote:
> 
>> Is there a reason why virtualbox hasn't migrated into stretch or 
>> buster yet?
> 
> Short Answer: Because of Oracle.
> 
> Longer Answer:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794466
> 
> Summary: Virtualbox will at the current state of affairs never be in 
> Testing or any stable release or stable-backports ever again.

Today, I noticed that the virtualbox* packages are available in testing
again (when they showed up to be upgraded as part of a routine
dist-upgrade).

Per the latest comment on that bug report, three days ago, it's been
downgraded in severity so that these packages can be in testing until
the situation can be re-evaluated at the time of the next release freeze.

Whether this will actually be permitted to persist until then, or be
reversed by people who disagree with the rationale, is an open question
- but for the time being, this seems to be available again.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Encrypted RAID1 for storage with Debian Stretch

[commentsabout]

Hello,

Thank you for your answer.

On 2017-08-31 03:56, David Christensen wrote:
> On 08/30/17 04:28, commentsab...@riseup.net wrote:
> ...
>> Here is a picture of what I'm trying to achieve:
>> https://imgur.com/a/DAM8D (the "Today" column).
>>
>> I am trying to build a home backup system. The system (Debian Stretch)
>> will be on a SSD. For the time being, I only have one pair of HDDs (the
>> "Today" column in the picture) ; in the future (the "Future" column), I
>> would like to add other pairs of HDD to store other kind of data.
>>
>> This backup system will only be turned on when needed, I don't plan on
>> using it as some sort of server or a NAS.
>>
>> We are talking about software RAID1.
>>
>> I would like everything to be encrypted (FDE), from the system (/ and
>> /swap) to the RAID1 drives.
>>
>> Debian will be installed via a USB stick.
>>
>> If possible, I would like to have different encryption keys for the
>> system and the various RAID1 pairs (in the "Future" column in the
>> picture, one for the system, one for "work", one for "family", one for
>> "misc"). So that I can give the system encryption passphrase, "family"
>> and "misc" ones to my wife and keep the "work" one for myself.
>>
>> As stated in another mail of the thread, I'm a complete noob when it
>> comes to this kind of operations so I'm looking for a step by step ELI5
>> explanation (I have tried to use the Debian graphical installer to
>> achieve this but have failed because I was just messing around with the
>> options trying to figure out what to do).
>>
>> For the sake of the discussion: here is the complete archive of this
>> thread
>> https://groups.google.com/forum/#!topic/linux.debian.user/jjdr6LXaOm8
>>
>> You'll notice that Joshua Schaeffer provided what seems to be a complete
>> solution but I have no idea how to go from "I have my computer with all
>> the drives plugged in, Debian installer on USB stick and I launched the
>> graphical installer" to "enter these commands into a terminal to achieve
>> what you are trying to do" :
>> https://groups.google.com/d/msg/linux.debian.user/jjdr6LXaOm8/Pals7djzAAAJ
>>
>> Note: I am not criticizing Joshua's answer in any way, I am grateful for
>> it, I am just underlying (once again) the fact that I am a noob on this
>> topic :)
>>
>> Thank you in advance for your help :)
>>
>> CA
>>
>> PS: at the time of my first mail, Stretch wasn't the "stable" release
>> yet (I have now updated the title from "Jessie" to "Stretch")
> 
> STFW you might find step-by-step instructions for something similar to
> what you want, but this is Linux and the whole point is to learn
> enough to do it yourself.

I did, I couldn't find anything extensive enough.

I'm not asking "just tell me what to do", I'm asking "people have
undoubtedly already done that, please share your experience with me,
tell we what to do and explain me what I'm doing". If I wanted to get
something working out the box, or somebody doing the work for me, I just
would have purchased a Synology or the likes.

As you said, this is Linux, and part of the cake is its community.

> The most common Linux encryption technology is variously called LUKS
> and dm-crypt.  The command-line administration tool is cryptsetup(8).
> 
> There are at least two ways to do software RAID on Linux:
> 
> 1.  MD arrays -- the administration tool is mdadm(8).
> 2.  LVM RAID -- the administration tool is lvm(8).
>
> Start by STFW the underlying technologies:
> 
> https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
> 
> https://en.wikipedia.org/wiki/Mdadm
> 
> https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)
> 
> Then RTFM the tools:
> 
> https://linux.die.net/man/
> 
> If you want to combine encryption and RAID 1, you're going to need to
> choose between encrypting one RAID volume or RAID'ing two encrypted
> volumes.  There are trade-off's either way.  A primary consideration
> will be whether or not you have a processor with AES-NI:
> 
> https://en.wikipedia.org/wiki/AES_instruction_set

I don't :
https://ark.intel.com/products/78867/Intel-Celeron-Processor-J1900-2M-Cache-up-to-2_42-GHz

So, what would be the most efficient? I guess that encrypting one drive
and having the other one blindly copying every bit is the proper method.

Does it have any impact on the reliability of the setup? If the "system"
ssd fails, would I be able to reinstall Debian on a new drive and plug
the RAID drives in a plug-and-play fashion? Should I care about the
"system" redundancy? Are the encryption keys stored on the "system"
drive or on the RAID drives (one of them, both?) ?

> Read up the links above and then post when you're ready.

I am all for the RTFM approach nevertheless, this is like telling
someone who is trapped in a nuclear facility with leaking hazardous
material and asking for a way out : "here are the blueprints for the
facility, the 1200 pages `The Art of Electronics` book, and a playlist
of defcon talks about lockpicking, call us back when 

SV: Jeg hader at sige det, men nogen har offentliggjort mine beskidte billeder på nettet. Majken

[Iwan Juel Pedersen]

 

Den 2:22 onsdag den 30. august 2017 skrev Majken Nakedladies 
:
 

 Var det ikke dig? Jeg mener dem her 
   
 http://bitly.com/2wUoUZU  
   

   

Re: Weird shell script behavior in a cron job

[Reco]

Hi.

On Thu, Aug 31, 2017 at 08:03:51AM -0400, Greg Wooledge wrote:
> On Thu, Aug 31, 2017 at 06:52:28AM +0100, Jonathan de Boyne Pollard wrote:
> > James H. H. Lampert:
> > 
> > > Could it be that |cron| is running it an entirely different shell, that
> > > doesn't understand the |if| statement?
> > > 
> > Despite what others have said, the answer to this question is no.  Whilst
> > you /are/ running two different shells, the problem is not the |if|
> > statement.
> 
> The if statement that he actually *showed* was POSIX-compatible, yes.
> But he later said that changing the shebang fixed his problem, so
> there was some other part of his script that was bash-specific.

No, actually it was quoted part that was bash-specific. Problematic
condition was testing for return code 1 after cd ( '[ "$?" = "1" ]' ).

Compare this:

$ bash -c 'cd foo; echo $?'
bash: line 0: cd: foo: No such file or directory
1

To this:

$ dash -c 'cd foo; echo $?'
dash: 1: cd: can't cd to foo
2

Reco

Re: Weird shell script behavior in a cron job

[Greg Wooledge]

On Thu, Aug 31, 2017 at 06:52:28AM +0100, Jonathan de Boyne Pollard wrote:
> James H. H. Lampert:
> 
> > Could it be that |cron| is running it an entirely different shell, that
> > doesn't understand the |if| statement?
> > 
> Despite what others have said, the answer to this question is no.  Whilst
> you /are/ running two different shells, the problem is not the |if|
> statement.

The if statement that he actually *showed* was POSIX-compatible, yes.
But he later said that changing the shebang fixed his problem, so
there was some other part of his script that was bash-specific.

nvidia

[jordi]

Bon dia, ja que en algun fil s'ha mencionat els controladors privatius
nvidia, voldria fer una consulta.

Ja fa força temps que els faig servir ja que els hi veig mes rendiment
que els nouveu.

El problema que tinc, i em sembla relacionat amb això és el següent:

Faig servir el gestor enlightenment i si activo la composició per
openGL, hi ha pantalles que fan pampallugues, sobre tot els textos que
hi apareixen (al xat, al terminal, a l'evolution, etc) la composició
per programari funciona normalment. 

Aquest problema el tinc de fa força temps, amb el debian 8, el 9,
diverses versions de enlightenment i també diverses versions dels
controladors privatius nvidia.

No acabo de veure d'on ve el problema. Si algú em por orientar ...

Gracies

Jordi


p.d. Ja se que el més fàcil seria canviar una cosa o l'altra, però el
meu gestor de tota la vida és l'enlightenment i sincerament estic
content amb els privatius nvidia.

Re: Selecting text

[Darac Marjal]

On Wed, Aug 30, 2017 at 10:12:09PM -0500, Hugo Vanwoerkom wrote:

Hi,

I usually select pieces of text on the screen running X with the mouse 
by pointing to it and then dragging to where the end is. The piece 
will turn blue. Then cntrl+c will copy the piece to the clipboard and 
cntrl+v will paste it.


I now have a strange situation that on one system running Stretch + 
Sid the piece of text does not turn color when selecting it.


Anybody know what to do in that case?


I guess this is dependant on the application. You can select text in a 
web browser pane, you can select text in an edit box, but note that you 
can't select text in, for example, a menu entry.


Typically, the parts of the graphical user interface you see are 
composed of "widgets", generic controls with a bundled set of 
behaviours. Programmers place a widget in their application and override 
some of the default behaviours in order to respond to the actions. So, 
it may be that the piece of text you're trying to select cannot be 
selected. It may also be that the programmer has disabled the selection 
of text from that particular control.




Hugo



--
For more information, please reread.


signature.asc
Description: PGP signature

Re: How to Keep Track of Changes to the System

[hdv@gmail]

On 2017-08-31 04:39, ray wrote:
> On Sunday, August 27, 2017 at 6:50:06 AM UTC-5, hdv@gmail wrote:
>> On 2017-08-26 05:14, ray wrote:
>>> I would like to find a way to keep track of changes I make to my system.  
>>> ...snip
>> Hi Ray,
>>
>> I just returned from a short holiday, so I am a bit late to the party, 
>> but... if
>> you don't want to set up a full versioning system I might have something else
>> for you. About 10 years ago I had the same need as you. What I did was write 
>> a
>> perl-script that automatically makes a timestamped backup of each file you 
>> edit
>> to a directory you define yourself (in that directory the full path of the
>> original is preserved). You use it like visudo, you just call it like this:
>>
>> vicf 
>>
>> All the rest happens automagically.
>>
>> Of course this will only help for plain-text files and it doesn't provide for
>> the annotations you mentioned. But if you are interested I
>> can mail it to you.
>>
>> Grx HdV
> ...snip
> 
> Yes, I would like to work with this.  I should be able to modify the perl 
> script to also save a tag file to hold the metadata.  So now I have a reason 
> to learn some perl.
> 
> Thank you.
> Ray

Here it is. Make sure to set the variables in the section "User-definable
defaults". I use the SWITCH statement to configure the script for use on
multiple systems. You might not need that. In that case just make sure you set
$root.

Good luck with it!

If you make any changes, please share them with the list. Maybe others might
find them useful too.

Grx HdV

===[begin script]


#!/usr/bin/perl

#TODO : add support for settings stored in ~/.vicfrc or an explicitly given file

our $VERSION = '0.92';

use strict;
use warnings;
use Getopt::Long qw(:config bundling);
use Pod::Usage;
use Sys::Hostname;
use Cwd qw(realpath getcwd);
use POSIX qw(strftime sysconf _PC_CHOWN_RESTRICTED);
use File::Spec;
use File::Copy;

my $hostname = hostname();


#User-definable defaults


my $root = '';
SWITCH: {
  if ($hostname eq '') {
$root = '';
last SWITCH;
  }
  if ($hostname eq '') {
$root = '';
last SWITCH;
  }
  if ($hostname eq '') {
$root = '';
last SWITCH;
  }
}

my $datetime_format = '-%Y%m%d';   #d
my $sequencenr_format = '-%02d';   #n
my $append_sequencenr = 1; #a
my $keep_permissions = 1;  #p
my $keep_owner = 1;#o
my $keep_group = 1;#g
my $keep_times = 1;#t
my $backup_file = 0;   #b
my $x_editor = 0;  #x
my $editor_path = '/usr/bin/vim';
my $x_editor_path = '/usr/bin/gvim';
my $backup_option = '-c "set backup"';
my $no_backup_option = '-c "set nobackup"';


#Internal variables


#Defaults for commandline options
my $help = 0;
my $manual = 0;
my $show_version = 0;
my $debug = 0;
my $verbose = 0;


#Parse the commandline arguments


#Get all options
GetOptions(#Standard options
   'debug|D+', \$debug,
   'help!', \$help,
   'h|?', \$help,
   'manual!', \$manual,
   'version!', \$show_version,
   'V', \$show_version,
   'verbose|v+', \$verbose,
   #Options specific for this program
   'root|r=s', \$root,
   'datetime|d=s', \$datetime_format,
   'sequencenr|n=s', \$sequencenr_format,
   'append_sequencenr!', \$append_sequencenr,
   'a!', \$append_sequencenr,
   'permissions!', \$keep_permissions,
   'p!', \$keep_permissions,
   'owner!', \$keep_owner,
   'o!', \$keep_owner,
   'group!', \$keep_group,
   'g!', \$keep_group,
   'times!', \$keep_times,
   't!', \$keep_times,
   'backup!', \$backup_file,
   'b!', \$backup_file,
   'x_editor!', \$x_editor,
   'x!', \$x_editor
  ) or pod2usage(0);
pod2usage(verbose => 1, exitval => 0) if $help;
pod2usage(verbose => 2, exitval => 0) if $manual;
if ($show_version) {
  print "vicf version $VERSION (c) 2015 Jadev\n";
  exit 0;
}

#Assign the first non-option argument to a variable for easier use
die "No file to be edited was given.\n" unless $ARGV[0];
my $source = $ARGV[0];

#Sanitize paths for easier use
$root = expand_path($root);
die "Path pointing to the repository ($root) is invalid.\n" unless $root;
$source = expand_path($source);
die "Path pointing to the file to be 

systemd says "org.freedesktop.systemd1.TransactionIsDestructive"

[Dave Sherohman]

Since being upgraded from jessie to stretch, several of my machines have
started emitting the following messages while processing cron.daily:

(in /var/log/syslog)
Aug 31 06:30:48 HOSTNAME systemd[1]: Requested transaction contradicts existing 
jobs: Transaction is destructive.

(in /var/log/auth.log)
Aug 31 06:30:48 HOSTNAME su[32025]: pam_systemd(su:session): Failed to create 
session: Input/output error
Aug 31 06:30:48 HOSTNAME systemd-logind[1301]: Failed to start session scope 
session-11179.scope: Transaction is destructive.  
org.freedesktop.systemd1.TransactionIsDestructive

The mention of freedesktop in one of the messages suggests that this may
be somehow X/GUI related, but all machines which are doing this are
headless servers with no X server installed, so they shouldn't be
touching anything obviously related to freedektop.org.

Googling "org.freedesktop.systemd1.TransactionIsDestructive" just gets
me a handful of people having system startup/shutdown problems, which
would seem to support the "it's GUI desktop related" assumption, but
doesn't really provide any explanation of what's actually going wrong
(if anything - systemd is rather chatty even when everything is just
fine).

Looking at the larger context in auth.log, this comes in the middle of
starting up and shutting down several su sessions from root to nobody,
all of which succeed aside from the one which generates these errors.


So, in practical terms, what do these messages actually mean, beyond
just "a su session failed to start"?  Is it anything to be concerned
about?

-- 
Dave Sherohman

Re: How to install extra TeX fonts without crud?

[Curt]

On 2017-08-30, Mario Castelán Castro  wrote:
>
>
> Hello.
>
> I want to install some fonts to use in LaTeX that seem to be available
> only in the texive-fonts-extra package. The problem, is that
>texive-fonts-extra depends on a lot of fonts packages t hat I do not
>want. Is there a way to install only the TeX fonts contained in
>texive-fonts-extra without the other packages?
>
> Thanks.
>

One way is to download the deb file and install it via 'dpkg -i 
texlive-fonts-extra_2016.20170123-5_all.deb'.

For Stretch:

https://packages.debian.org/stretch/all/texlive-fonts-extra/download


-- 
"The world breaks everyone and afterward many are strong in the broken places.
But those that will not break it kills. It kills the very good and the very
gentle and the very brave impartially. If you are none of these you can be sure
it will kill you too but there will be no special hurry." *A Farewell to Arms*

Re: Debian 7 > Debian 9

[David - DCPC]

Bonjour,

Même lecture.
Prendre surtout les chapitres 5 et 4 des release notes de chaque version :
Jessie : https://www.debian.org/releases/jessie/amd64/release-notes/
Stretch : https://www.debian.org/releases/stretch/amd64/release-notes/

Moi ce qui m'embête c'est pour le boulot, car nos Wheezy sont des portages
à moindre coût (sans recoder si possible) d'applis datant d'avant guerre
(genre OS redhat 5, suse 9 à 11 avec tomcat 5-6 à la base...) et que ça
fait de gros changements de versions majeurs (java, tomcat et mariadb au
moins) plus passage à systemd que j'ai toujours pas trop eu le temps de
regarder ...

David

Le 7 août 2017 à 23:55, Christophe Gallaire  a écrit :

> Bonsoir,
>
> Merci pour la réponse. Passage de 7 à 8 puis 8 à 9.
>
> Bonne soirée.
>
> Christophe
>
>
> Le 7 août 2017 23:52, "Nicolas Hussein"  a écrit :
>
> Le lundi 07 août 2017 à 23:27 +0200, Christophe Gallaire a écrit :
> > Bonjour à tous,
> >
> > J'ai plusieurs machines à faire passer de Debian 7 à 9. Je me demande
> > quelle est la meilleure solution. Passer directement à la version 9
> > ou de la 7 à la 8 puis la 9 ?
> >
> > Merci pour vos réponses.
> >
>
> Bonsoir,
>
> Le site de Debian indique clairement qu'il faut passer de 7 à 8, puis
> de 8 à 9. Je viens de faire la double mise à niveau aujourd'hui.
> Apparemment il n'est pas recommandé de passer directement de 7 à 9.
>
> Bonne soirée,
> Nicolas
>
>
>


-- 
Salutations,
David CHALON

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Felix Miata]

Dejan Jocic composed on 2017-08-31 08:51 (UTC+0200):

> Felix Miata wrote:

>> Over an hour I've been searching in vain, apparently using broken Google-fu, 
>> for
>> something using examples to explain how to prevent unwanted package(s) from
>> being installed via pinning when apt-mark's hold is being disregarded. Anyone
>> familiar with an URL that would do this?

>> In openSUSE, it's a simple process:

>>  zypper al unwantedpackagename[version]

>> That's all there is to it, other than it also works with wildcards.

> Not sure that I understand, because man page gives enough examples.

To start with, the question "which man page" needed to be solved.

> Like:

>  P < 0
>   prevents the version from being installed

> So, for preventing some package to be installed:

> Package: somepackage
> Pin: origin ""
> Pin-Priority: -1

I never saw an example that wasn't part of a group that included multiple
release names, none with the null string for origin.

> That will prevent all packages with somepackage name to be installed, no
> matter of origin. In Pin section, you can use release instead, if you
> want to restrict just specific release, but that is all well explained
> in man page of apt_preferences with lots of examples.

Now that I see that apt_preferences is the relevant doc, I don't see it as
"well" explained. "The file" isn't given a name. There is no "file" that seems
applicable to locking anything in in /etc/apt/, though there is an empty
directory "/etc/apt/preferences.d/", which to me doesn't imply anything to do
with locking.

I gave it several stabs. I created /etc/apt/preferences.d/1grub.pref that
eventually reached the following state:

Package: grub
Pin: origin ""
Pin-Priority: -1

Package: grub2
Pin: origin ""
Pin-Priority: -1

Package: grub-common
Pin: origin ""
Pin-Priority: -1

Package: grub2-common
Pin: origin ""
Pin-Priority: -1

Package: os-prober
Pin: origin ""
Pin-Priority: -1

Package: grub-pc
Pin: origin ""
Pin-Priority: -1

Package: grub-pc-bin
Pin: origin ""
Pin-Priority: -1

Package: grub-gfxpayload-lists
Pin: origin ""
Pin-Priority: -1

I'm still getting told the following will be installed:
grub-common grub-gfxpayload-lists grub-pc grub-pc-bin grub2-common os-prober

This is a multiboot system, so no space-wasting, updates time-wasting bootloader
is needed or wanted on the installation making this insistence.

:-(
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Dejan Jocic]

On 31-08-17, Dejan Jocic wrote:
> On 31-08-17, Felix Miata wrote:
> > Over an hour I've been searching in vain, apparently using broken 
> > Google-fu, for
> > something using examples to explain how to prevent unwanted package(s) from
> > being installed via pinning when apt-mark's hold is being disregarded. 
> > Anyone
> > familiar with an URL that would do this?
> > 
> > In openSUSE, it's a simple process:
> > 
> > zypper al unwantedpackagename[version]
> > 
> > That's all there is to it, other than it also works with wildcards.
> > -- 
> > "The wise are known for their understanding, and pleasant
> > words are persuasive." Proverbs 16:21 (New Living Translation)
> > 
> >  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
> > 
> > Felix Miata  ***  http://fm.no-ip.com/
> > 
> 
> Not sure that I understand, because man page gives enough examples.
> Like:
> 
>  P < 0
>   prevents the version from being installed
> 
> So, for preventing some package to be installed:
> 
> Package: somepackage
> Pin: origin ""
> Pin-Priority: -1
> 
> That will prevent all packages with somepackage name to be installed, no
> matter of origin. In Pin section, you can use release instead, if you
> want to restrict just specific release, but that is all well explained
> in man page of apt_preferences with lots of examples.
> 
Eh, was bit sleepy still when I wrote this. Posting before properly
waking up should be forbidden. That origin part will prevent only from
local site. Use something like Pin: release a=stable instead of it. You
can also use name like Pin: release n=stretch. And for package, you can
use also version, like Pin: version 2.01.1-1+b2. Or even Pin: version
2.01* to prevent all versions starting with 2.01 to be installed.


Sorry for confusion.

Re: Xerrada sobre Debian al DLP el 16 de setembre

[Narcis Garcia]

A quin públic està adreçada la xerrada?
Si és bàsicament a desenvolupadors, parlaria de les eines de
desenvolupament que puguin atraure gent d'altres plataformes (IDE, RAD,
Android APK).


El 30/08/17 a les 19:21, Alex Muntada ha escrit:
> Hola!
> 
> A petició d'en Rafael Carreras, el proper dissabte 16 de setembre
> faré una xerrada sobre el desenvolupament a Debian dins el marc
> del Dia de la Llibertat del Programari: http://dlp.caliu.cat/
> 
> El que us volia preguntar és de quins temes us agradaria que
> parli concretament. Podeu preguntar-me el que vulgueu (AMA) i
> jo ja triaré el que cregui més interessant per la xerrada.
> 
> Així doncs, us agrairé que respongueu aquest correu explicant-me
> què us agradaria saber, sobre què us agradaria aprofundir, què
> voldríeu aprendre, en què us agradaria contribuir, etc. Podeu
> fer-ho en privat, si voleu.
> 
> A banda de facilitar-me la feina per la xerrada, crec que pot
> ser una bona oportunitat per conèixer millor els interessos i
> els interrogants d'aquesta comunitat.
> 
> Salut i moltes gràcies!
> Alex
> 

Re: Xerrada sobre Debian al DLP el 16 de setembre

[Narcis Garcia]

El missatger final és el què transmet una tendència o una altra, i
l'experiència em diu que se sol «seguir la corrent».

El 20/05/2016 hi hagué una jornada d'instal·lacions a Girona, a la qual
els tècnics vam tenir el consens de posar Ubuntu LTS. Amb alguns
ordinadors la cosa va ser tant desastrosa (bloquejos, problemes per
arrencar, etc.) que vam saltar cap a Debian en el moment que vam veure
que funcionava perfectament.
L'estabilitat va guanyar davant el prejudici, i no sol passar.


El 30/08/17 a les 22:33, julio ha escrit:
> Hola,
> no se si d'aquesta reflexió es pot extreure una xerrada o una un quart i
> mig de xerrada però per si de cas.
> 
> Primer de tot em presento. Soc de la secta dels fedorianos, no per
> convicció, només és per calers ;D
> Porto uns 18 anys instal•lant distros gnu/linux. Vaig tenir la meva
> etapa d evangelitzador. No recordo si en aquelles llargues nits
> disfrutava més instal•lant un linux o matant els guindous. Ja fa bastant
> de temps que m'ho prenc d'una altra manera.
> Tot i que he tocat alguna distro minoritària, les que més he utilitzat
> han estat fedora/redhat, ubuntu i debian.
> Però mai he mirat el codi de cap d aquests S.O. De manera que no tinc
> coneixements realment científics de les distros.
> O sigui que només puc parlar com a instal•lador i per observació del
> rendiment de les màquines instal•lades.
> 
> Crec que totes són molt interessants i juguen diferents papers. Fedora
> com a conillet d'indies de RedHat i, més actualment de Gnome, massa
> arriscada, la qual cosa ha provocat versions un xic inestables però
> també interessants aportacions al mon linux.
> A Ubuntu el presenta molt be el seu eslogan "the linux for human
> beings", quanta gent deu haver provat gnu/linux gràcies a aquesta
> distro? Fins i tot molts que tenen windows com el seu primer S.O.
> 
> Si, ja sé que no existeix una distro única per a tothom (per cert quina
> documentació tan xula fan els de archlinux) però si algú em digués "ho
> sento tio, t'has de mullar, quina distro recomanes segons la teva
> experiència? Només pots dir una."
> Doncs ja fa temps que sempre penso el mateix: Debian. La seva
> estabilitat (imagino que per la seva qualitat) no té color.
> I llavors em pregunto, perquè quan a un casal volem decidir quina distro
> instal•lar s'acaba instal•lant ubuntu? (Fet real i de fa molt poc temps)
> I no ho dic com una crítica per haver escollit Ubuntu, ja que al final
> tots vam estar d'acord.
> Sinò que els que coneixem de la qualitat/estabilitat de Debian no som
> capaços de transmetre-la a la resta. Per exemple, una de les raons per
> les quals es va escollir Ubuntu va ser la gran quantitat de drivers de
> que disposa. D'aquesta manera donaria menys problemes que Debian, es va
> pensar.
> 
> Un cop instal•lada la LTS vam haver de solucionar un misteriós problema
> del DNS googlejant(*) i hackejant un dels fitxers del Network Manager.
> Dubto que això hagués passat amb Debian.
> 
> Insisteixo que això no és cap crítica a ningú ni a ubuntu o els
> ubuntaires, que per cert fan una feina acollonant, sinó a lo malament
> que venem Debian els que admirem aquesta distro.
> O potser la qualitat de Debian fa inevitable que es crei una mena d aura
> de distro elitista i difícilment accessible?
> 
> (*) No és cert, vam fer servir duck duck go ;D
> 
> Vagi be.
> Julio
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Dejan Jocic]

On 31-08-17, Felix Miata wrote:
> Over an hour I've been searching in vain, apparently using broken Google-fu, 
> for
> something using examples to explain how to prevent unwanted package(s) from
> being installed via pinning when apt-mark's hold is being disregarded. Anyone
> familiar with an URL that would do this?
> 
> In openSUSE, it's a simple process:
> 
>   zypper al unwantedpackagename[version]
> 
> That's all there is to it, other than it also works with wildcards.
> -- 
> "The wise are known for their understanding, and pleasant
> words are persuasive." Proverbs 16:21 (New Living Translation)
> 
>  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
> 
> Felix Miata  ***  http://fm.no-ip.com/
> 

Not sure that I understand, because man page gives enough examples.
Like:

 P < 0
  prevents the version from being installed

So, for preventing some package to be installed:

Package: somepackage
Pin: origin ""
Pin-Priority: -1

That will prevent all packages with somepackage name to be installed, no
matter of origin. In Pin section, you can use release instead, if you
want to restrict just specific release, but that is all well explained
in man page of apt_preferences with lots of examples.

want pinning with examples to prevent unwanted package(s) from being installed

[Felix Miata]

Over an hour I've been searching in vain, apparently using broken Google-fu, for
something using examples to explain how to prevent unwanted package(s) from
being installed via pinning when apt-mark's hold is being disregarded. Anyone
familiar with an URL that would do this?

In openSUSE, it's a simple process:

zypper al unwantedpackagename[version]

That's all there is to it, other than it also works with wildcards.
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Weird shell script behavior in a cron job

[Jonathan de Boyne Pollard]

James H. H. Lampert:

Could it be that |cron| is running it an entirely different shell, 
that doesn't understand the |if| statement?


Despite what others have said, the answer to this question is no.  
Whilst you /are/ running two different shells, the problem is not the 
|if| statement.  Both of those shells understand that |if| statement.  
The difference between the shells involves the fact that you have 
assumed a particular exit status for the |cd| command for non-existent 
directories.  That's the exit status that the |cd| command results in, 
in one of your shells.  But it is not the exit status that results in 
the other.


Ironically, you are using the |[| command /anyway/, and that command has 
a direct method, its |-d| operator, for testing for the non-existence of 
a directory.  So you are going around the houses a bit in order to 
achieve what you could be achieving directly, and portably (without 
assumptions about exit statuses), with the |[| command itself.