Re: [OT] Breaking WPA2 by forcing nonce reuse

[tv.deb...@googlemail.com]

On 19/10/2017 21:42, Celejar wrote

[...]

like the printer. Henrique recently noted that there is a setting
available on new OpenWRT and LEDE builds that can help, but it's
apparently not yet included in any release yet:

https://lists.debian.org/debian-user/2017/10/msg00593.html

Celejar



I sent that a day ago, but for some reason it didn't make it to the list:


Hi,

17.01.4 just released [2] with fixed wpa and possibility to activate an AP side 
workaround. It is just a mitigation really, but should in practice impair an 
exploit. It is OFF by default.

Quote:

"an optional AP-side
workaround was introduced in hostapd to complicate these attacks,
slowing them down. Please note that this does not fully protect you from
them, especially when running older versions of wpa_supplicant
vulnerable to CVE-2017-13086, which the workaround does not address. As
this workaround can cause interoperability issues and reduced robustness
of key negotiation, this workaround is disabled by default."

Option in hostapd.sh [1] is:

wpa_disable_eapol_key_retries


[1] 
https://git.lede-project.org/?p=source.git;a=commitdiff;h=d501786ff25684208d22b7c93ce60c194327c771

[2] https://downloads.lede-project.org/releases/17.01.4/targets/


So it is part of Latest LEDE release, but I am not aware of other distro 
using this workaround. It comes with a few potential problems, so must 
be thoroughly tested before being deployed, and it likely breaks 
standards which is never good.

Re: thinkpad mute button not working since upgrade to stretch

[Jimmy Johnson]

On 10/19/2017 03:11 PM, Jimmy Johnson wrote:

On 10/19/2017 02:48 PM, Paul Seyfert wrote:

Hi,



Assuming I'm not the only thinkpad user, any others around who
encountered that problem and have already found a solution? Or tips for
how to get the mute button to work hardware-like again?



Paul, do you have "tpb" installed?  That's the package to install 
thinkpad buttons.
I have it installed and can mute, etc. My thinkpad is running 
Buster/Testing now and busy, but will check in Stretch sometime today.



I upgraded Jessie on this Thinkpad and the volume buttons are working fine.
--
Jimmy Johnson

Debian Stretch - KDE Plasma 5.8.6 - Intel Mobile 965 - EXT4 at sda6
Registered Linux User #380263

Can imagemagick really be safely purged or removed?

[Celejar]

Hi,

The description of the imagemagick package (8:6.9.7.4+dfsg-11+deb9u1)
on my Stable system includes the statements:

"This is a dummy package.  You can safely purge or remove it."

But trying to remove it rips out cups, because:

~$ aptitude why imagemagick
i   cups Depends cups-filters (>= 1.0.24-3~)
i A cups-filters Depends imagemagick (>= 6.4~)

What gives?

Celejar

Re: Nagios package - hiding or not existing

[Adam Cécile]

Just in case it's not a priority for you, I "up-ported" Jessie's package 
to Stretch and made them available as a repo here:

http://packages.le-vert.net/nagios3/

Regards, Adam.

On 10/19/2017 11:05 PM, Fekete Tamás wrote:

I'm sad to hear that, but thank you for the info!

2017-10-18 21:31 GMT+02:00 Brian >:


On Wed 18 Oct 2017 at 21:03:19 +0200, Fekete Tamás wrote:

> does anyone know if there is a nagios3 package available for
Debian 9.x?
>
> According to :
https://packages.debian.org/search?keywords=nagios3
 there
> is no package for this generation of this Debian. Is it possible?

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845765


--
Brian.

Re: sources.list

[don magnify]

On Thu, Oct 19, 2017 at 7:35 PM, Richard Hector 
wrote:

> On 20/10/17 05:12, don magnify wrote:
> > thanks...  i did. same result...  is there any particular src endpoint
> > directly affecting the "build-dep python-imaging --fix-missing"
> > commands/flags?
> >
> > thanks...
> >
> > On Thu, Oct 19, 2017 at 6:09 AM, Steve Kemp  > > wrote:
> >
> > >
> > >#A sudo vi /etc/apt/sources.list
> > >
> > >shows this:
> > >
> > >deb  http://cdn-aws.deb.debian.org/debian
> >   stretch  main
> >
> >   Lines beginning with "deb" are used for binary packages.  For
> >  "source" packages you need a "deb-src" prefix.  Something like
> >  this:
> >
> > deb-src  http://cdn-aws.deb.debian.org/debian
> >   stretch  main
> > deb-src  http://security.debian.org  stretch/updates  main
> > ..
> >
> >   (Just add those, leave the binary-lines in-place.)
>
> Did you run "sudo apt-get update" after editing sources.list?
> You need to do that before changes will take effect.


that did it..   thanks...

Re: way of starting a firewall script in debian 9 with kde5 and sddm

[Ben Caradoc-Davies]

On 20/10/17 15:21, Richard Hector wrote:

I wasn't aware of or familiar with the idea of putting it somewhere else
and enabling/disabling it; I'm not sure if I need that.


I just did it for convenient selective backup together with the rules 
files, and consistency with other services which use symlinks to /lib 
and /usr/share. With the unit .service file in /etc/systemd/system, 
everything should work, but I do not know that happens if you use 
systemctl to mask the service (normally this places a link in 
/etc/systemd/system to /dev null). I have only symlinks and directories 
in /etc/systemd/system.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: way of starting a firewall script in debian 9 with kde5 and sddm

[Richard Hector]

On 18/10/17 01:25, Ben Caradoc-Davies wrote:
> On 18/10/17 01:08, Stephane L wrote:
>> Hi,I have a firewall script(firewall) that I laucnh with > start>Is there a way in debian 9 (with kde5 and sddm) to start this
>> script at the boot of the linux system or at the launching of xorg or
>> of kde5 ?
> 
> systemd units are easy to write (this is the main benefit of systemd)
> and can be configured run at boot time. Here is one I wrote for
> iptables+ip6tables (because I do not want changes to persist across
> boots, just clean rules on boot). You will need a different Type if your
> program does not exit:
> 
> $ cat /etc/iptables/iptables.service
> [Unit]
> Description=iptables rules
> After=network.target
> [Service]
> Type=oneshot
> ExecStart=/bin/bash -c "/sbin/iptables-restore <
> /etc/iptables/iptables.rules"
> ExecStart=/bin/bash -c "/sbin/ip6tables-restore <
> /etc/iptables/ip6tables.rules"
> RemainAfterExit=yes
> ExecStop=/sbin/iptables -F
> ExecStop=/sbin/ip6tables -F
> [Install]
> WantedBy=multi-user.target
> 
> I enabled it with:
> 
> systemctl enable /etc/iptables/iptables.service
> 
> This should add the required symlink in /etc/systemd/system .

Mine's a bit different, and rather shorter ... any comments welcome:

/etc/systemd/system/firewall.service:
---
[Unit]
Before=network-pre.target

[Service]
ExecStart=/etc/network/firewall
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=network.target
---

I don't want the network up without the firewall, so it goes before the
network. Likewise, I don't want it ever down, so there's no ExecStop.

/etc/network/firewall is a short script that sources firewall4 (and
firewall6 if I had one. I probably should ...).

I wasn't aware of or familiar with the idea of putting it somewhere else
and enabling/disabling it; I'm not sure if I need that.

Richard



signature.asc
Description: OpenPGP digital signature

Re: Password managers [WAS: Re: when do I get a browsere that will do internet purchases?]

[Gene Heskett]

On Thursday 19 October 2017 21:27:07 Garreau, Alexandre wrote:

> On 19/10/2017 at 22:24, Peter Hillier-Brook wrote:
> > I had similar problems and switched to Chromium, however I would
> > never trust *any* browser to store passwords
>
> I don’t especially like or trust fully Firefox, but I wouldn’t trust
> Chromium more (yet my bank website too doesn’t work with firefox,
> that’s why I do everything from commandline with boobank (which does),
> yet once I used to use Chromium only for that).
>
> I’d especially like to notice that there are the packages
> *xul-ext-gnome-keyring* and *xul-ext-kwallet5* which make both Firefox
> and Thunderbird use respectively GNOME and KDE’s password
> managers. That’s way more secure imho, and especially with the package
> xul-ext-pwdhash.
>
> Waiting for the beautiful day where you’ll have only one passphrase to
> remember, update and type for both grub/libreboot, luks, PAM/login,
> password manager, and gpg-agent… Would that difficult to achieve?
> Would require intensive hack on packages grub, luks, shadow,
> Linux-PAM, Gnome-Keyring/KWallet and gnupg2 right?
>
> There are also the solution on allowing that unique passphrase per a
> usb token, a pgp card, or no passphrase at all (when you have memory
> problems and if you’re old and poor enough for example).
>
Don't mention age, cuz at 83 the word itself is discouraging.

> Makes computers way more accessible…


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Cannot copy files from usb source

[Tom Furie]

On Thu, Oct 19, 2017 at 11:31:25PM +0200, Pétùr wrote:


> I cannot copy files from my laptop (with SSD formated in ext4) to my
> external HDD (formated also in ext4). I have an input/outpur error. The

> I can do the opposite, i.e. transfert files from my laptop to my
> external HDD (or other usb connected devices) with no problem.

Which is it?

-- 
BOFH excuse #14:

sounds like a Windows problem, try calling Microsoft support


signature.asc
Description: Digital signature

Re: Password managers [WAS: Re: when do I get a browsere that will do internet purchases?]

[Ben Caradoc-Davies]

On 20/10/17 14:04, Roberto C. Sánchez wrote:

On Thu, Oct 19, 2017 at 10:24:55PM +0100, Peter Hillier-Brook wrote:

I had similar problems and switched to Chromium, however I would never
trust *any* browser to store passwords. Passwordsafe is my best friend,
especially since it was upgraded to run under Stretch.

+1
Though, I prefer KeePassX.


+1 for KeePassX on Debian and KeePassDroid on Android. Both use the same 
.kdbx format so databases can be synchronised with sftp (AndFTP on the 
Android side, but looking for open source recommendations).


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Password managers [WAS: Re: when do I get a browsere that will do internet purchases?]

[Garreau, Alexandre]

On 19/10/2017 at 22:24, Peter Hillier-Brook wrote:
> I had similar problems and switched to Chromium, however I would never
> trust *any* browser to store passwords

I don’t especially like or trust fully Firefox, but I wouldn’t trust
Chromium more (yet my bank website too doesn’t work with firefox, that’s
why I do everything from commandline with boobank (which does), yet once
I used to use Chromium only for that).

I’d especially like to notice that there are the packages
*xul-ext-gnome-keyring* and *xul-ext-kwallet5* which make both Firefox
and Thunderbird use respectively GNOME and KDE’s password
managers. That’s way more secure imho, and especially with the package
xul-ext-pwdhash.

Waiting for the beautiful day where you’ll have only one passphrase to
remember, update and type for both grub/libreboot, luks, PAM/login,
password manager, and gpg-agent… Would that difficult to achieve? Would
require intensive hack on packages grub, luks, shadow, Linux-PAM,
Gnome-Keyring/KWallet and gnupg2 right?

There are also the solution on allowing that unique passphrase per a
usb token, a pgp card, or no passphrase at all (when you have memory
problems and if you’re old and poor enough for example).

Makes computers way more accessible…

Password managers [WAS: Re: when do I get a browsere that will do internet purchases?]

[Roberto C . Sánchez]

On Thu, Oct 19, 2017 at 10:24:55PM +0100, Peter Hillier-Brook wrote:
> 
> I had similar problems and switched to Chromium, however I would never
> trust *any* browser to store passwords. Passwordsafe is my best friend,
> especially since it was upgraded to run under Stretch.

+1

Though, I prefer KeePassX.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Celejar]

On Thu, 19 Oct 2017 13:46:08 -0500
David Wright  wrote:

> On Thu 19 Oct 2017 at 18:07:20 (+0200), to...@tuxteam.de wrote:
> > On Thu, Oct 19, 2017 at 11:07:01AM -0400, Celejar wrote:
> > > On Thu, 19 Oct 2017 12:05:23 +0100
> > > Brian  wrote:
> > > 
> > > > On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:
> > 
> > [...]
> > 
> > > Yes, what I'm probably going to do is use the printer's ethernet
> > > connection along with a Powerline adapter into a nearby power outlet.
> > 
> > And how secure are the powerline adapters? Most probably they're
> > broadcasting their stuff over your and your neighbour's AC net on
> > top of some unspecified proprietary modulation. Just sayin'...
> 
> AIUI 128-bit AES on non-ancient ones. For your neighbour to eavesdrop,
> they need to press their device's authenticate button when you press
> yours. You can probably minimise the chances of the authentication

See this thread:

https://security.stackexchange.com/questions/9725/are-powerline-ethernet-adapters-inherently-secure

and this post in particular:

https://security.stackexchange.com/a/76266

Celejar

Re: Thinkpad X220 working suspiciously well (except some stuff, like webcam, bluetooth, phonecalls, jack buttons…) (Re: thinkpad mute button not working since upgrade to stretch)

[Garreau, Alexandre]

Oh, sorry, actually my suspend to disk/hibernate button isn’t recognized
by xev currently :/

Thinkpad X220 working suspiciously well (except some stuff, like webcam, bluetooth, phonecalls, jack buttons…) (Re: thinkpad mute button not working since upgrade to stretch)

[Garreau, Alexandre]

I don’t have tpb installed, and got a thinkpad X220 (really nice btw,
fingerprint reader, mobile 3G+sms+calls working out of the box and stuff
(sad there’s no IrDA…)) on which I installed debian stable (that is 9.2
currently), and the mute button (and its ability to switch on its led
when my system is muted, including when I do it from software) works
perfectly (same for the microphone mute button and its led too), even
when resuming from suspend to ram, with screen lock activated, and mpv
playing stuff… that is: couldn’t reproduce.

Have some friend with Thinkpad X60 who strangely didn’t got all the nice
stuff I have now under XFCE/KDE when upgrading to 9.2: why upgrading
instead of reinstalling always ends up with such problems? isn’t there
some way to stop that behavior (like automatic “purge” instead of
“remove” when upgrading packages?)?

Btw what package/program does manage these buttons? I suppose the event
comes from the normal keyboard events, but what does control the led?
what does save the state of it? Why does it work without tpb? What is
tpb for if it works out of the box? Why doesn’t it install itself on
thinkpads when debian installs? Why should we guess/know already that
this package exist and we should theorically install it on thinkpad in
order to make them work?

So yet ThinkVantage button is recognized by xev (as XF86Launch1, but it
seems to do nothing by default), the button for ThinkLight works
correctly, same thing for luminosity and sound +/- (which is recognized
by KDE and display its progress bar (how is it called this bar you see
when you change these settings?), caps lock (and its led), num lock (yet
there seem to be no led for it on this laptop), and all the Fn buttons :
screen lock, “battery” is recognized although it seems to do nothing
under KDE (what is it supposed to do?), suspend, toggle WLAN, webcam
(recognized but does nothing, I think I have no webcam recognized…
normally it has one right?  with free driver?), “external display”,
“disable trackpad” (wait! how do you re-enable it?! …except by reboot I
mean), suspend to disk/hibernate, and the multimedia buttons of the
arrow keys.

There’s still bluetooth which when used always switch on/off (hardware
fault?), seemingly unrecognized/inexistant webcam, that battery fn
button I ignore the purpose, this really really low-precision trackpad
(it “jumps” over several pixel for any small enough movement that’s
really ugly so I never use it while it’s really comfortable and quick
and precise with multitouch), I don’t know if I can make and hear/talk
through audio call with my sierra usb gsm modem (is that possible? for
now I can make phones ring, and check if I’m called, and hang up, and
also “accept” but the correspondant don’t hear anything), the combined
micro+headphone port doesn’t seem to support buttons (like for “accept
call/prev/next/pause”), oh, and the worst, that ethernet port can’t get
an ethernet cable clipsed in! if it moves a bit, bam, disconnected (had
that with my precedent thinkpad though)!

Oh also wifi doesn’t work of course because of Intel, so once it will be
supported by libreboot, when it will be installed or when I’ll have to
open it I will change the wifi card for one of those atheros wifi pci
card that still need manual installation of the free firmware (ath9k
afaik, or ath10k forgot) under debian because it’s packaged altogether
with non-free atheros firmware (any advice for cheap (some dollars) wifi
pci cards of good quality with free firmware supported by debian? have
some AR9271)

Oh maybe I should really split that in some separate mails with relevant
subject to the list… althought maybe too much hardware questions… maybe
outsubject… maybe too much issues for those it is normal not to have any
solution currently…

Re: when do I get a browsere that will do internet purchases?

[David Christensen]

On 10/19/17 10:55, Gene Heskett wrote:

Since the last update to firefox-esr, none of the usual internet buying
options work, or even show up after you've clicked add to cart.

clamav also claims that ~/firefox/browser/omni.ja is infected,
with but several re-installs of firefox-esr has not affected that. Turned
into clamav, as an FP, it was ignored because I assume its not an FP.

Can this please be looked at?

I'd use chromium, but it does not remember firefox passwds that I can
find and recall for use again next week.


I buy stuff from Amazon without any problems on my Debian primary 
desktop machine:


2017-10-19 16:58:46 dpchrist@tinkywinky ~
$ cat /etc/debian_version
9.2

2017-10-19 17:11:56 dpchrist@tinkywinky ~
$ uname -a
Linux tinkywinky 4.9.0-4-amd64 #1 SMP Debian 4.9.51-1 (2017-09-28) 
x86_64 GNU/Linux


2017-10-19 17:12:46 dpchrist@tinkywinky ~
$ dpkg-query --show firefox-esr
firefox-esr 52.4.0esr-1~deb9u1


Firefox add-ons:

Disconnect
NoScript
Privacy Badger


Disconnect and Privacy Badger settings are defaults.


I configure NoScript:

General -> Temporarily allow top-level sites by default -> Base 2nd 
level Domains.


Whitelist -> highlight everything -> Remove Select Sites


I don't run anti-virus software.


When browsing, NoScript pops up a warning status bar at the bottom of 
the browser when the page tries to load JavaScript from other domains. 
I temporarily allow scripts from specific sites to get the site to work, 
as determined by trial and error (for Amazon, it's 
ssl-images-amazon.com).  Sometimes, I need to "temporarily allow all".



I typically run only one instance of Firefox at a time, and close/ start 
a fresh copy often.  When I want to do shopping, banking, government 
sites, etc., I start a fresh copy of Firefox, browse to the site, lower 
NoScript settings as required, log in, do my work, log out, and then 
close the browser.



Do a fresh install of Stretch on a desktop box, keep it stock, and you 
should do fine.



David

Re: NFSv4 without Kerberos and permissions

[John Ratliff]

On 10/16/2017 3:35 PM, Christian Seiler wrote:

On 10/16/2017 07:57 PM, John Ratliff wrote:

On 10/15/2017 3:38 AM, Christian Seiler wrote:

Furthermore, the MANAGED_GIDS setting is only for NFSv2/3 and only
for supplementary groups, not the primary group. It is not a security
setting, it really is just for bypassing the 16 group limit of older
NFS protocols, and is useless with NFSv4.


I'm not sure this is entirely the case. Turning off managed GIDs and
using an NFSv4 mount (i.e. on client: mount -t nfs4 blahblahblah),
this let me use secondary groups on the server. Before, I could not.


Sorry, you're right. rpc.mountd is typically only NFSv2/3, but with
NFSv4 it does provide some corner case functionality (I rechecked
the code just now) and MANAGED_GIDS is one of those.




Okay, I am unable to make this work. Perhaps I am still confused as to 
how id mapping works.


Here is my test setup.

1) Debian 9 NFS4 Server

/etc/hosts.deny is empty
/etc/hosts.allow
ALL: ALL

iptables is wide open.

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Server is on 10.9.111.1/16

/etc/exports is

/srv/nfs4 10.9.0.0/16(rw,sync,fsid=0,crossmnt,no_subtree_check)
/srv/nfs4/ssl 10.9.0.0/16(rw,sync,no_subtree_check)
/srv/nfs4/ssl/wildcard 10.9.0.0/16(ro,sync,no_subtree_check)

I have set nfs_disable_idmapping to 0

$ cat /sys/module/nfsd/parameters/nfs4_disable_idmapping
N

This is my /srv/nfs4 file structure:

$ ls -lR /srv/nfs4
/srv/nfs4:
total 4
drwxr-sr-x 3 root ssl-cert 4096 Oct 19 20:01 ssl

/srv/nfs4/ssl:
total 12
-rw-r- 1 root ssl-cert   24 Oct 19 18:43 private.txt
-rw-r--r-- 1 root ssl-cert   22 Oct 19 18:43 public.txt
drwxr-s--- 2 root ssl-cert 4096 Oct 19 18:43 wildcard

/srv/nfs4/ssl/wildcard:
total 8
-rw-r- 1 root ssl-cert 24 Oct 19 18:43 private.txt
-rw-r--r-- 1 root ssl-cert 22 Oct 19 18:43 public.txt

There are five users on the server. These are their permissions:

$ id jratliff
uid=1000(jratliff) gid=1000(jratliff) 
groups=1000(jratliff),27(sudo),100(users),112(ssl-cert)


$ id jbail
uid=1001(jbail) gid=1001(jbail) groups=1001(jbail),27(sudo),100(users)

$ id john
uid=1003(john) gid=1003(john) groups=1003(john),112(ssl-cert)

$ id matt
uid=2049(matt) gid=2049(matt) groups=2049(matt),112(ssl-cert)

$ id austin
uid=2050(austin) gid=2050(austin) groups=2050(austin)

Based on this configuration, I would expect the following:

Users jratliff@domain, john@domain, and matt@domain should be able to 
read the private.txt file and enter the wildcard directory.


Users jbail@domain and austin@domain should not be able to do those things.


2) Ubuntu 14.04 LTS Client

Very similar settings. Open tcp wrappers, open firewalls, same subnet 
(10.9.111.2/16).


I removed nfs4_disable_idmapping in both the nfsd and nfs modules.

$ cat /sys/module/nfsd/parameters/nfs4_disable_idmapping
N

$ cat /sys/module/nfs/parameters/nfs4_disable_idmapping
N

Same five users, but the UIDs have been changed a bit.

jratliff is uid 1000
jbail is uid 1001
matt is uid 1003
austin is uid 1002
john is uid 1004

As expected, jratliff and matt can read the private files. jbail and 
austin cannot. However, neither can john.


So why do jratliff and matt work while john does not? My hypothesis is 
that the UIDs work out that way.


jratliff has the same UID, so the group membership maps properly. 
jratliff is a member of ssl-cert on the server, so everything is fine. 
Matt is also a member of ssl-cert, but this isn't why he can read the 
files; he can read it because his UID is 1003, which maps to john on the 
server. User john on the server is a member of ssl-cert, so Matt is 
become john. In this case, john does not map to anyone on the server, 
and so he has no permissions. Therefore, john cannot read the private files.


Second hypothesis: Ubuntu 14 is broken.

---

3) Debian 9 Client

Again, very similar settings. 10.9.111.3/16 is the IP.
Same five users, but I made one change from the server to the client in 
UIDs.


jratliff is uid 1000
jbail is uid 1001
matt is uid 
austin is uid 2050
john is uid 1003

Again, jratliff can read the private files. jbail and austin cannot. 
This is expected. I thought matt would be able to read the files, but 
matt cannot. This seems to be because matt is UID  which means 
nothing on the server, permissions-wise anyways.


This time, user john can read the private files, which makes sense 
because he is UID 1003, the same as on the server, and is a member of 
ssl-cert on the server.


So, Ubuntu 14 seems to work the same as Debian 9, which is expected 
behavior. It probably isn't broken.


--

So, is my understand of ID Mapping still flawed? Here's what I see 

Re: sources.list

[Richard Hector]

On 20/10/17 05:12, don magnify wrote:
> thanks...  i did. same result...  is there any particular src endpoint
> directly affecting the "build-dep python-imaging --fix-missing"
> commands/flags?
> 
> thanks... 
> 
> On Thu, Oct 19, 2017 at 6:09 AM, Steve Kemp  > wrote:
> 
> >
> >    #A sudo vi /etc/apt/sources.list
> >
> >    shows this:
> >
> >    deb  http://cdn-aws.deb.debian.org/debian
>   stretch  main
> 
>   Lines beginning with "deb" are used for binary packages.  For
>  "source" packages you need a "deb-src" prefix.  Something like
>  this:
> 
>     deb-src  http://cdn-aws.deb.debian.org/debian
>   stretch  main
>     deb-src  http://security.debian.org  stretch/updates  main
>     ..
> 
>   (Just add those, leave the binary-lines in-place.)

Did you run "sudo apt-get update" after editing sources.list?
You need to do that before changes will take effect.

Richard




signature.asc
Description: OpenPGP digital signature

Re: when do I get a browsere that will do internet purchases?

[Ben Caradoc-Davies]

On 20/10/17 07:59, Gene Heskett wrote:

On Thursday 19 October 2017 14:08:59 Dan Ritter wrote:

If you aren't invoking something else, perhaps you should be:
I find running upstream firefox reasonable:
https://download.mozilla.org/?product=firefox-56.0.1-SSL=linux64
ng=en-US
and then unpack it and make sure you are running that particular
executable.


"linux64" suggests that this version is for amd64.


I have it AFU now. Unpacked it to my home/src directory, then tried to
run the updater in it.
Gets this:
ene@coyote:~/src/firefox$ ./updater
./updater: error while loading shared libraries: libgtk-3.so.0: cannot
open shared object file: No such file or directory
gene@coyote:~/src/firefox$ sudo ./updater
./updater: error while loading shared libraries: libgtk-3.so.0: cannot
open shared object file: No such file or directory
gene@coyote:~/src/firefox$
So: ldconfig -v | grep libgtk-3.so and pick this out of the mess:
libgtk-3.so.0 -> libgtk-3.so.0.400.2
So its there, in: (locate output)
/usr/lib/i386-linux-gnu/libgtk-3.so
/usr/lib/i386-linux-gnu/libgtk-3.so.0
/usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2


So you only have the i386 libgtk-3.so.0, and not the amd64 libraries?


What do I do next?  This is wheezy, fully uptodate.


Alternatives:

(1) Upgrade to stretch. I recommend a fresh installation.

If you insist on staying on an unsupported release:

(2) Install libgtk-3-0:amd64. You must have some multiarch amd64 support 
installed or you would not have gotten as far as you did. The wheezy 
version is 3.4.2-7+deb7u1, which is much older than 3.22.11-1 on 
stretch. I have no idea whether the old version will work, but they 
should be binary compatible.


(3) Try downloading firefox for i386 to match your installed libgtk-3-0 
libraries:


If you start from the homepage, you will be redirected to the download 
for the architecture matching your current browser:

https://www.mozilla.org/en-US/firefox/new/

For i386 this should lead you to:
https://download.mozilla.org/?product=firefox-56.0.1-SSL=linux=en-US
(same as Dan's link above with the "64" removed.

Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: Rendimiento Debian o VPS

[Ricardo Marcelo Alvarez]

Por lo que dice acá

https://ark.intel.com/es/products/75791/Intel-Xeon-Processor-E5-2630L-v2-15M-Cache-2_40-GHz

Deben ser dos micros de 6 cores con HT

Otra cosa a tener en cuenta es que si el proveedor le asigna los 24 cores a 
todos los VPSs rinde menos

que si le asigna 4 cores a cada VPS.

Saludos.


> Desconozco sobre configuraciones de los distintos servicios, pero puedo
> decir que la VPS tiene configurado un DNS, webserver, MySQL, ProFTPD, SSH,
> Postfix, entre otros servicios. La aplicación está en prestashop.
> 
> Pensaba que una VPS tenía recursos dedicados, pero lo que quiero saber es
> si las características de mi VPS pueden influir en la lentitud de mi web o
> pueda ser un problema de configuración.
> 
> Saludos y gracias.
> 
> El 19 de octubre de 2017, 14:58, Felix Perez 
> escribió:
> 
> > El 19 de octubre de 2017, 13:19, Oswaldo Franco
> >  escribió:
> > > Hola, un saludo para todos.
> > >
> > > Actualmente he instalado debian en un VPS, el cual me dice que tiene un
> > > procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el
> > proveedor
> > > de hosting me dice que tiene 24 núcleos. y según el comando "cat
> > > /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
> > > monté una web, luego de sus configuraciones y al monitorear con "top -i",
> > > veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este
> > dato
> > > quiere decir que se está chupando casi todo el procesador en esas tareas?
> > > Se recomienda subir de plan para obtener un mejor procesador?
> > >
> >
> > Y que nos cuentas de la configuración de los distintos servicios,
> > además de cómo está realizada la aplicación que estás lanzando?
> >
> > Otro punto a considerar es que es una VPS no una maquina "real", esta
> > compartiendo recursos con quien sabe cuantas máquinas más.
> >
> > Saludos.
> >
> >
> > --
> > usuario linux  #274354
> > normas de la lista:  http://wiki.debian.org/es/NormasLista
> > como hacer preguntas inteligentes:
> > http://www.sindominio.net/ayuda/preguntas-inteligentes.html
> >
> >
> 
> 
> -- 
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524


-- 
http://wp.geeklab.com.ar


pgpeSudjhJpjw.pgp
Description: Firma digital OpenPGP

Re: Rendimiento Debian o VPS

[Ricardo Marcelo Alvarez]

> Desconozco sobre configuraciones de los distintos servicios, pero puedo
> decir que la VPS tiene configurado un DNS, webserver, MySQL, ProFTPD, SSH,
> Postfix, entre otros servicios. La aplicación está en prestashop.
> 
> Pensaba que una VPS tenía recursos dedicados, pero lo que quiero saber es
> si las características de mi VPS pueden influir en la lentitud de mi web o
> pueda ser un problema de configuración.
> 
> Saludos y gracias.
> 
> El 19 de octubre de 2017, 14:58, Felix Perez 
> escribió:
> 
> > El 19 de octubre de 2017, 13:19, Oswaldo Franco
> >  escribió:
> > > Hola, un saludo para todos.
> > >
> > > Actualmente he instalado debian en un VPS, el cual me dice que tiene un
> > > procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el
> > proveedor
> > > de hosting me dice que tiene 24 núcleos. y según el comando "cat
> > > /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
> > > monté una web, luego de sus configuraciones y al monitorear con "top -i",
> > > veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este
> > dato
> > > quiere decir que se está chupando casi todo el procesador en esas tareas?
> > > Se recomienda subir de plan para obtener un mejor procesador?
> > >
> >
> > Y que nos cuentas de la configuración de los distintos servicios,
> > además de cómo está realizada la aplicación que estás lanzando?
> >
> > Otro punto a considerar es que es una VPS no una maquina "real", esta
> > compartiendo recursos con quien sabe cuantas máquinas más.
> >
> > Saludos.
> >

Hola,

En un VPS las dos cosas que priman mas en el rendimiento son la memoria y los 
I/O

generalmente de procesador siempre están sobrados la memoria depende como este 
configurado

el Dom0 deberías tener asignada los 3G solo para tu VPS ( pero ojo algunos 
proveedores en realidad

te la hacen compartir con otros VPS ) en el 99 % de los casos el problema esta 
en los I/O que puede

soportar el Dom0. Que proveedor de VPS tienes contratado?

Saludos.





> >
> > --
> > usuario linux  #274354
> > normas de la lista:  http://wiki.debian.org/es/NormasLista
> > como hacer preguntas inteligentes:
> > http://www.sindominio.net/ayuda/preguntas-inteligentes.html
> >
> >
> 
> 
> -- 
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524


-- 
http://wp.geeklab.com.ar


pgpf7_d9fWq5k.pgp
Description: Firma digital OpenPGP

Re: Rendimiento Debian o VPS

[Oswaldo Franco]

Hola Oddiex, bueno eso es lo que veo con el comando "cat /proc/cpuinfo".
Puede ser que esa información sea errónea? El resultado va desde
Processor:0 hasta Processor:23.

Saludos.

El 19 de octubre de 2017, 17:18, OddieX  escribió:

> Oswald, un VPS te limita a vos la velocidad! Fijate que el procesador
> que mencionas tiene 12 cores, para llegar a 24 debe ser un servidor
> con 2 procesadores.
> Dudo mucho que te den un VPS con esa cantidad de cores "24", salvo que
> pagues una fortuna...
>
>
> El día 19 de octubre de 2017, 17:27, Oswaldo Franco
>  escribió:
> > Echaré un vistazo las herramientas para ver los logs más profundamente,
> ya
> > que no utilizo ninguno. el sistema si tiene u plugin de caché y ya está
> en
> > uso. La VPS si está sin escritorio, no he mirado sobre si me están
> haciendo
> > hotlinck (lo revisaré).
> >
> > Mi duda partió de que algunas veces la velocidad en las harramientas por
> lo
> > menos PageSpeed me arroja 88/100, pero la mayoría de las veces es muy por
> > debajo de 70. Entonces pensé que podría ser problemas de configuración
> de mi
> > OS.
> >
> > Gracias nuevamente.
> >
> > El 19 de octubre de 2017, 14:55, juan 
> escribió:
> >>
> >> O no nunca pretendí responder en privado pero me di cuenta una vez
> >> enviado, coas entre la configuración de la lista y la de mi clientes de
> >> correo :(
> >>
> >>
> >> Para ver logs de manera profunda y fácil tenemos por ejemplo  AWStats y
> >> Webalizer, yo estoy usando piwik por que es para tener un sistema
> publico de
> >> estadisticas con un buen plugin para wordpress entre otras cosas pero
> piwik
> >> no profundiza tanto y no facilita tanto detectar ataques.
> >>
> >>
> >> Tal vez el sistema que usas para ecomerce tenga un plugin de cahché,
> esto
> >> ahorra recursos, tambien puedes leer algo de como optimizar php para
> mejor
> >> rendimiento simpre tenteindo en cuanta las necesidades de lo que tengas
> >> instalado, usa buenos sisemas anti, spam, ataques y splog en todo
> formulario
> >> que tengas abierto.
> >>
> >>
> >> Más allá de eso, los problemas de rendimiento por lo general no los
> >> ocasiona debian, ¿lo tienes sin escritorio no? :) parteado de debian
> minimal
> >> le pones solo lo necesario y es lo ms estable y rapido nunca visto :)
> pero
> >> luego hay que administrar recursos ¿has mirado si te están haciendo
> >> hotlinck? Te recomiendo controlar si no tienes imágenes con más hits
> que las
> >> páginas que las muestran.
> >>
> >>
> >>
> >>
> >> On 19/10/17 21:14, Oswaldo Franco wrote:
> >>
> >> Disculpa Juan creo que me contestaste a mi solamente, no se si fue tu
> >> intención o te equivocaste al no contestar a la lista completa.
> >>
> >> Pero bueno gracias por responder y te contesto.
> >>
> >> Son muy frecuentes, más son as veces que veo que la velocidad que cuando
> >> está rápida (esto lo digo monitoreando el PageSpeed, pingdom,
> webpagetest,
> >> entre otras). La Ram ni se mueve sólo usa un 50% o menos. Es una web de
> >> ecommerce, pero tiene como a lo mucho 330 visitas en día
> aproximadamente. No
> >> sé sobre los log, cómo cuales puedo mirar?
> >>
> >>
> >> Un Saludo.
> >>
> >> El 19 de octubre de 2017, 13:43, juan 
> escribió:
> >>>
> >>> Como dices a veces entiendo que son picos ¿son muy frecuentes? Pues en
> >>> esos momentos si estás usando el 70% de tus cpu ¿como va de consumo de
> ram?
> >>> ¿que tipo de sitio web, es decir hay formularios de comentarios, login,
> >>> contacto? ¿tienes sistemas de log y estadísticas web que te permitan
> saber
> >>> en que se van los recursos?
> >>>
> >>> Ten en cuenta que en ocasiones las tentativas de spam, splog o
> >>> apropiación de sitios consumen más recursos ue las visitas genuinas.
> >>>
> >>>
> >>> Cuando sepamos más te ayudaremos a optimizar.
> >>>
> >>>
> >>>
> >>> On 19/10/17 18:19, Oswaldo Franco wrote:
> >>>
> >>> Hola, un saludo para todos.
> >>>
> >>> Actualmente he instalado debian en un VPS, el cual me dice que tiene un
> >>> procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el
> proveedor
> >>> de hosting me dice que tiene 24 núcleos. y según el comando "cat
> >>> /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es
> que
> >>> monté una web, luego de sus configuraciones y al monitorear con "top
> -i",
> >>> veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es,
> este dato
> >>> quiere decir que se está chupando casi todo el procesador en esas
> tareas?
> >>> Se recomienda subir de plan para obtener un mejor procesador?
> >>>
> >>> Gracias de antemano.
> >>>
> >>> --
> >>> OSWALDO FRANCO
> >>> Cumaná, Sucre -Venezuela
> >>> GNU/Linux User # 508524
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> OSWALDO FRANCO
> >> Cumaná, Sucre -Venezuela
> >> GNU/Linux User # 508524
> >>
> >>
> >
> >
> >
> > --
> > OSWALDO FRANCO
> > Cumaná, Sucre -Venezuela
> > GNU/Linux User # 508524
>
>


-- 
OSWALDO FRANCO
Cumaná, Sucre 

Re: Rendimiento Debian o VPS

[OddieX]

Oswald, un VPS te limita a vos la velocidad! Fijate que el procesador
que mencionas tiene 12 cores, para llegar a 24 debe ser un servidor
con 2 procesadores.
Dudo mucho que te den un VPS con esa cantidad de cores "24", salvo que
pagues una fortuna...


El día 19 de octubre de 2017, 17:27, Oswaldo Franco
 escribió:
> Echaré un vistazo las herramientas para ver los logs más profundamente, ya
> que no utilizo ninguno. el sistema si tiene u plugin de caché y ya está en
> uso. La VPS si está sin escritorio, no he mirado sobre si me están haciendo
> hotlinck (lo revisaré).
>
> Mi duda partió de que algunas veces la velocidad en las harramientas por lo
> menos PageSpeed me arroja 88/100, pero la mayoría de las veces es muy por
> debajo de 70. Entonces pensé que podría ser problemas de configuración de mi
> OS.
>
> Gracias nuevamente.
>
> El 19 de octubre de 2017, 14:55, juan  escribió:
>>
>> O no nunca pretendí responder en privado pero me di cuenta una vez
>> enviado, coas entre la configuración de la lista y la de mi clientes de
>> correo :(
>>
>>
>> Para ver logs de manera profunda y fácil tenemos por ejemplo  AWStats y
>> Webalizer, yo estoy usando piwik por que es para tener un sistema publico de
>> estadisticas con un buen plugin para wordpress entre otras cosas pero piwik
>> no profundiza tanto y no facilita tanto detectar ataques.
>>
>>
>> Tal vez el sistema que usas para ecomerce tenga un plugin de cahché, esto
>> ahorra recursos, tambien puedes leer algo de como optimizar php para mejor
>> rendimiento simpre tenteindo en cuanta las necesidades de lo que tengas
>> instalado, usa buenos sisemas anti, spam, ataques y splog en todo formulario
>> que tengas abierto.
>>
>>
>> Más allá de eso, los problemas de rendimiento por lo general no los
>> ocasiona debian, ¿lo tienes sin escritorio no? :) parteado de debian minimal
>> le pones solo lo necesario y es lo ms estable y rapido nunca visto :) pero
>> luego hay que administrar recursos ¿has mirado si te están haciendo
>> hotlinck? Te recomiendo controlar si no tienes imágenes con más hits que las
>> páginas que las muestran.
>>
>>
>>
>>
>> On 19/10/17 21:14, Oswaldo Franco wrote:
>>
>> Disculpa Juan creo que me contestaste a mi solamente, no se si fue tu
>> intención o te equivocaste al no contestar a la lista completa.
>>
>> Pero bueno gracias por responder y te contesto.
>>
>> Son muy frecuentes, más son as veces que veo que la velocidad que cuando
>> está rápida (esto lo digo monitoreando el PageSpeed, pingdom, webpagetest,
>> entre otras). La Ram ni se mueve sólo usa un 50% o menos. Es una web de
>> ecommerce, pero tiene como a lo mucho 330 visitas en día aproximadamente. No
>> sé sobre los log, cómo cuales puedo mirar?
>>
>>
>> Un Saludo.
>>
>> El 19 de octubre de 2017, 13:43, juan  escribió:
>>>
>>> Como dices a veces entiendo que son picos ¿son muy frecuentes? Pues en
>>> esos momentos si estás usando el 70% de tus cpu ¿como va de consumo de ram?
>>> ¿que tipo de sitio web, es decir hay formularios de comentarios, login,
>>> contacto? ¿tienes sistemas de log y estadísticas web que te permitan saber
>>> en que se van los recursos?
>>>
>>> Ten en cuenta que en ocasiones las tentativas de spam, splog o
>>> apropiación de sitios consumen más recursos ue las visitas genuinas.
>>>
>>>
>>> Cuando sepamos más te ayudaremos a optimizar.
>>>
>>>
>>>
>>> On 19/10/17 18:19, Oswaldo Franco wrote:
>>>
>>> Hola, un saludo para todos.
>>>
>>> Actualmente he instalado debian en un VPS, el cual me dice que tiene un
>>> procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el proveedor
>>> de hosting me dice que tiene 24 núcleos. y según el comando "cat
>>> /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
>>> monté una web, luego de sus configuraciones y al monitorear con "top -i",
>>> veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este dato
>>> quiere decir que se está chupando casi todo el procesador en esas tareas?
>>> Se recomienda subir de plan para obtener un mejor procesador?
>>>
>>> Gracias de antemano.
>>>
>>> --
>>> OSWALDO FRANCO
>>> Cumaná, Sucre -Venezuela
>>> GNU/Linux User # 508524
>>>
>>>
>>
>>
>>
>> --
>> OSWALDO FRANCO
>> Cumaná, Sucre -Venezuela
>> GNU/Linux User # 508524
>>
>>
>
>
>
> --
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524

Re: thinkpad mute button not working since upgrade to stretch

[Jimmy Johnson]

On 10/19/2017 02:48 PM, Paul Seyfert wrote:

Hi,



Assuming I'm not the only thinkpad user, any others around who
encountered that problem and have already found a solution? Or tips for
how to get the mute button to work hardware-like again?



Paul, do you have "tpb" installed?  That's the package to install 
thinkpad buttons.
I have it installed and can mute, etc. My thinkpad is running 
Buster/Testing now and busy, but will check in Stretch sometime today.

--
Jimmy Johnson

Ubuntu 16.04 LTS - KDE Plasma 5.8.7 - AMD A8-7600 - EXT4 at sda2
Registered Linux User #380263

Re: X crashes when closing one of two running X sessions

[David Wright]

On Thu 19 Oct 2017 at 14:56:29 (-0700), Jimmy Johnson wrote:
> On 10/19/2017 01:01 PM, David Wright wrote:
> >On Thu 19 Oct 2017 at 08:35:55 (-0700), Jimmy Johnson wrote:
> >>On 10/18/2017 09:13 AM, Robert Arkiletian wrote:
> >>>Using Debian Stretch x86_64. I don't use a greeter like lightdm. I
> >>>just log in at the virtual terminal, then startx (xfce desktop). I
> >>>like to use multiple accounts (running X) at the same time on
> >>>different virtual terminals (eg. ctrl-alt-f1  ctrl-alt-f2)
> >>>
> >>>All is fine until I exit (shutdown) one X session, then the other
> >>>running X session freezes and then after a little while crashes. Any
> >>>ideas on how to find or diagnose what's causing this issue are much
> >>>appreciated.
> >>
> >>I don't know about how you shutdown a terminal, me I just ctrl+d and
> >>it logs out.
> 
> >That sounds like you're talking about an xterm, not X.
> 
> Well if the OP is starting multi-X as the same user, that's not
> advisable, from what I read, different users are okay and currently
> there maybe problems if plasma is involved, also from what I read.

Yes, I'd agree in my case, what with 20 viewports/desktops/whatever
they're currently called. But I do routinely run two browsers under
different userids, so I wouldn't mind trying to run the second
userid's on a separate xserver to see if it's faster (though cut and
paste might be more complicated).

But that will have to wait for my getting hold of a more powerful
machine than I have at present.

Cheers,
David.

Re: removing of sddm (debian 9 -kde5) to start in console mode then startx to start kde5

[David Wright]

On Wed 18 Oct 2017 at 19:22:53 (-0400), Felix Miata wrote:
> Ionel Mugurel Ciobîcă composed on 2017-10-18 20:47 (UTC+0200):
> 
> > I never understood the need for desktop managers. I use Debian since
> > hamm and Linux/Unix since 1995. My take is that desktop managers are
> > for people more used to microsoft OS'. Why do I need to click on
> > something when the xterm I type in can call any program I need?... 
> 
> Finding a wanted app to run from a classified tree list of 30 or 40 or 50 or
> more applications is easier for most people than remembering the name and any
> required startup options to type, both for those uncommonly used, and even for
> the commonly used ones if there are more than a scant few such. 2 or 3 or 4
> clicks to start one up is typically easier than typing 4, 5, 6, 7 or more
> characters, or searching command history more than a few entries back.

Do you need a DE to do that? What's the difference between that and
the Debian menus that I occasionally use?

> It's a
> nice bonus in some DEs that automatically remember and reopen apps, their
> content states, and their window sizes and positions.

That's more debatable. Some people like that, some like me prefer
a particular setup whenever I start X, some use Place with Mouseclick,
etc. But there appear to be separate packages to handle this, like
lxsession and devilspie.

> For some, the microscopic default text size and fractional default proportion 
> of
> screen area (80x25, using as little as 1/16 or less of total screen space) of
> xterm windows impedes their use for anything.

I've seen reports of fonts getting tinier as resolutions increase,
and not just on linux. I don't know how hard or easy it is to provide
sensible defaults for every application on every system, and in any
case circumstances vary. People with poor sight want large characters,
others want more characters on the screen. In the specific case of
xterm, I want and have both, and different fonts too, just by setting
different commandline options and Xresources. I can change them on
the fly too, as I can also for VCs. I don't degrade the resolution
to make them bigger (as suggested earlier in the month). It's mainly
just a matter at looking at configurations.

Cheers,
David.

Re: X crashes when closing one of two running X sessions

[Jimmy Johnson]

On 10/19/2017 01:01 PM, David Wright wrote:

On Thu 19 Oct 2017 at 08:35:55 (-0700), Jimmy Johnson wrote:

On 10/18/2017 09:13 AM, Robert Arkiletian wrote:

Using Debian Stretch x86_64. I don't use a greeter like lightdm. I
just log in at the virtual terminal, then startx (xfce desktop). I
like to use multiple accounts (running X) at the same time on
different virtual terminals (eg. ctrl-alt-f1  ctrl-alt-f2)

All is fine until I exit (shutdown) one X session, then the other
running X session freezes and then after a little while crashes. Any
ideas on how to find or diagnose what's causing this issue are much
appreciated.


I don't know about how you shutdown a terminal, me I just ctrl+d and
it logs out.



That sounds like you're talking about an xterm, not X.


Well if the OP is starting multi-X as the same user, that's not 
advisable, from what I read, different users are okay and currently 
there maybe problems if plasma is involved, also from what I read.


And yes, I was posting about simple logout and nothing about stopping X.

Now I'll just listen and learn.
--
Jimmy Johnson

Ubuntu 16.04 LTS - KDE Plasma 5.8.7 - AMD A8-7600 - EXT4 at sda2
Registered Linux User #380263

thinkpad mute button not working since upgrade to stretch

[Paul Seyfert]

Hi,

I am using a thinkpad x220 running debian stable and enjoyed until the
upgrade to stretch that the mute button worked when waking up from
hibernate-ram already before the desktop environment was fully loaded
(especially before music players continue playback) and even when the
screen was locked.

I.e. i could send the laptop to hibernate with music playing, and if I
want the laptop to be silent when I open it, I could still rely on the
mute button.

Since I moved to stretch the mute button does not function anymore in
this way (I have assigned it with xbindkeys, but this doesn't work with
a screen lock in place).

After a short google search I tried the suggestions from the arch wiki
http://www.thinkwiki.org/wiki/Mute_button
and tried changing the line
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
to
GRUB_CMDLINE_LINUX_DEFAULT="quiet acpi_osi=!Linux"
or
GRUB_CMDLINE_LINUX_DEFAULT="quiet acpi_osi=Linux"

in /etc/default/grub
(and ran update-grub and rebooted)
without success though.

Assuming I'm not the only thinkpad user, any others around who
encountered that problem and have already found a solution? Or tips for
how to get the mute button to work hardware-like again?

Thanks in advance,

Paul

Re: pm-utils by default on Xfce for suspend/hibernate

[Pétùr]

Le 18/10/2017 à 17:32, Alexander V. Makartsev a écrit :
> I have PC with Debian 9 "stretch" x86_64 + Xfce and I never needed to
> have pm-utils installed, but hibernation\suspend feature works normally
> through xfce4 GUI once I set up all prerequisites for hibernation to
> work (such as at least working swap and initramfs resume variable). I
> also removed packages such as "uswsusp", "hibernate". I have used them
> previously, but now they are unnecessary for hibernation to work on my
> computer.


It is the nvidia proprietary driver which causes the issue. I have no
problem to suspend and hibernate with the free driver "nouveau" but the
free driver is buggy (see my other question on this list) so I cannot
use it. After installing the proprietary (340) one, I have no graphical
bug but suspend or hibernate don't work all the time (they fails
sometimes).

Suspend or hibernate seems to work all the times when I triggers them
with pm-utils tools. So I would like to make it the default ones.

> How you start Xfce DE and did you installed "xfce4-power-manager" package?
> You've said hibernation works when you trigger it manually, so check if
> hibernation works via systemd:
>     $ systemctl hibernate

I start xfce with lightdm and I have xfce4-power-manager installed.
systemctl hibernate and systemctl suspend seems to work.

Pétùr

Re: when do I get a browsere that will do internet purchases?

[Peter Hillier-Brook]

On 19/10/17 18:55, Gene Heskett wrote:
> Since the last update to firefox-esr, none of the usual internet buying 
> options work, or even show up after you've clicked add to cart.
> 
> clamav also claims that ~/firefox/browser/omni.ja is infected,
> with but several re-installs of firefox-esr has not affected that. Turned 
> into clamav, as an FP, it was ignored because I assume its not an FP.
> 
> Can this please be looked at?
> 
> I'd use chromium, but it does not remember firefox passwds that I can 
> find and recall for use again next week.

I had similar problems and switched to Chromium, however I would never
trust *any* browser to store passwords. Passwordsafe is my best friend,
especially since it was upgraded to run under Stretch.

Peter HB

Cannot copy files from usb source

[Pétùr]

I have a weird problem with my laptop and external HDD or usb sticks.

I cannot copy files from my laptop (with SSD formated in ext4) to my
external HDD (formated also in ext4). I have an input/outpur error. The
transfert starts but at very very slow rate and then I have the error. I
tried different usb ports. The problem is also present with usb sticks
formated in fat32. I cannot write to my SSD from any usb source.

I can do the opposite, i.e. transfert files from my laptop to my
external HDD (or other usb connected devices) with no problem.

Maybe related: on the same laptop, I have another problem when I
download files from my local network using WiFi. The transfert is
extremely slow and the rate change constantly. If I connect my laptop
through ethernet, I don't have any issue. I suspected some problem with
my SSD but the ethernet transfer is very fast and constant.

Do you have any idea about the problem(s)?

Pétùr

Re: when do I get a browsere that will do internet purchases?

[Jochen Spieker]

Gene Heskett:
> 
> What do I do next?  This is wheezy, fully uptodate.

What to do next? -Upgrade to some thing more recent than oldoldstable.
You cannot expect Mozilla to support the most recent Firefox on a Debian
release that was superseded 2,5 years ago.

J.
-- 
I enjoy shopping, eating, sex and doing jigsaw puzzles of idealised
landscapes.
[Agree]   [Disagree]
 


signature.asc
Description: PGP signature

Re: System becomes inaccessible after upgrade of libgl1-mesa-glx to version 17.2.2-1

[Michael Biebl]

Am 19.10.2017 um 21:09 schrieb Simon Pepping:

> The solution seems simple:
> 
> The following packages will be REMOVED:
>   libglvnd0-nvidia
> The following NEW packages will be installed:
>   libglvnd0"
> 
> But how do you do that with an inaccessible system? The system can be
> booted in recovery mode, and the change can be made there. But the
> network is not yet up and running.

You can do the following (assuming you use grub):
Change the kernel command line and append
systemd.unit=multi-user.target

This will boot (one-time) into a multi-user system (including network)
but not start the display manager.




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Re: Nagios package - hiding or not existing

[Fekete Tamás]

I'm sad to hear that, but thank you for the info!

2017-10-18 21:31 GMT+02:00 Brian :

> On Wed 18 Oct 2017 at 21:03:19 +0200, Fekete Tamás wrote:
>
> > does anyone know if there is a nagios3 package available for Debian 9.x?
> >
> > According to : https://packages.debian.org/search?keywords=nagios3
> there
> > is no package for this generation of this Debian. Is it possible?
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845765
>
> --
> Brian.
>
>

Re: Rendimiento Debian o VPS

[Oswaldo Franco]

Echaré un vistazo las herramientas para ver los logs más profundamente, ya
que no utilizo ninguno. el sistema si tiene u plugin de caché y ya está en
uso. La VPS si está sin escritorio, no he mirado sobre si me están haciendo
hotlinck (lo revisaré).

Mi duda partió de que algunas veces la velocidad en las harramientas por lo
menos PageSpeed me arroja 88/100, pero la mayoría de las veces es muy por
debajo de 70. Entonces pensé que podría ser problemas de configuración de
mi OS.

Gracias nuevamente.

El 19 de octubre de 2017, 14:55, juan  escribió:

> O no nunca pretendí responder en privado pero me di cuenta una vez
> enviado, coas entre la configuración de la lista y la de mi clientes de
> correo :(
>
>
> Para ver logs de manera profunda y fácil tenemos por ejemplo  AWStats y
> Webalizer, yo estoy usando piwik por que es para tener un sistema publico
> de estadisticas con un buen plugin para wordpress entre otras cosas pero
> piwik no profundiza tanto y no facilita tanto detectar ataques.
>
>
> Tal vez el sistema que usas para ecomerce tenga un plugin de cahché, esto
> ahorra recursos, tambien puedes leer algo de como optimizar php para mejor
> rendimiento simpre tenteindo en cuanta las necesidades de lo que tengas
> instalado, usa buenos sisemas anti, spam, ataques y splog en todo
> formulario que tengas abierto.
>
>
> Más allá de eso, los problemas de rendimiento por lo general no los
> ocasiona debian, ¿lo tienes sin escritorio no? :) parteado de debian
> minimal le pones solo lo necesario y es lo ms estable y rapido nunca visto
> :) pero luego hay que administrar recursos ¿has mirado si te están haciendo
> hotlinck? Te recomiendo controlar si no tienes imágenes con más hits que
> las páginas que las muestran.
>
>
>
> On 19/10/17 21:14, Oswaldo Franco wrote:
>
> Disculpa Juan creo que me contestaste a mi solamente, no se si fue tu
> intención o te equivocaste al no contestar a la lista completa.
>
> Pero bueno gracias por responder y te contesto.
>
> Son muy frecuentes, más son as veces que veo que la velocidad que cuando
> está rápida (esto lo digo monitoreando el PageSpeed, pingdom, webpagetest,
> entre otras). La Ram ni se mueve sólo usa un 50% o menos. Es una web de
> ecommerce, pero tiene como a lo mucho 330 visitas en día aproximadamente.
> No sé sobre los log, cómo cuales puedo mirar?
>
>
> Un Saludo.
>
> El 19 de octubre de 2017, 13:43, juan  escribió:
>
>> Como dices a veces entiendo que son picos ¿son muy frecuentes? Pues en
>> esos momentos si estás usando el 70% de tus cpu ¿como va de consumo de ram?
>> ¿que tipo de sitio web, es decir hay formularios de comentarios, login,
>> contacto? ¿tienes sistemas de log y estadísticas web que te permitan saber
>> en que se van los recursos?
>>
>> Ten en cuenta que en ocasiones las tentativas de spam, splog o
>> apropiación de sitios consumen más recursos ue las visitas genuinas.
>>
>>
>> Cuando sepamos más te ayudaremos a optimizar.
>>
>>
>>
>> On 19/10/17 18:19, Oswaldo Franco wrote:
>>
>> Hola, un saludo para todos.
>>
>> Actualmente he instalado debian en un VPS, el cual me dice que tiene un
>> procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el proveedor
>> de hosting me dice que tiene 24 núcleos. y según el comando "cat
>> /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
>> monté una web, luego de sus configuraciones y al monitorear con "top -i",
>> veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este
>> dato quiere decir que se está chupando casi todo el procesador en esas
>> tareas?
>> Se recomienda subir de plan para obtener un mejor procesador?
>>
>> Gracias de antemano.
>>
>> --
>> OSWALDO FRANCO
>> Cumaná, Sucre -Venezuela
>> GNU/Linux User # 508524
>>
>>
>>
>
>
> --
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524
>
>
>


-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Re: Rendimiento Debian o VPS

[Oswaldo Franco]

Desconozco sobre configuraciones de los distintos servicios, pero puedo
decir que la VPS tiene configurado un DNS, webserver, MySQL, ProFTPD, SSH,
Postfix, entre otros servicios. La aplicación está en prestashop.

Pensaba que una VPS tenía recursos dedicados, pero lo que quiero saber es
si las características de mi VPS pueden influir en la lentitud de mi web o
pueda ser un problema de configuración.

Saludos y gracias.

El 19 de octubre de 2017, 14:58, Felix Perez 
escribió:

> El 19 de octubre de 2017, 13:19, Oswaldo Franco
>  escribió:
> > Hola, un saludo para todos.
> >
> > Actualmente he instalado debian en un VPS, el cual me dice que tiene un
> > procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el
> proveedor
> > de hosting me dice que tiene 24 núcleos. y según el comando "cat
> > /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
> > monté una web, luego de sus configuraciones y al monitorear con "top -i",
> > veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este
> dato
> > quiere decir que se está chupando casi todo el procesador en esas tareas?
> > Se recomienda subir de plan para obtener un mejor procesador?
> >
>
> Y que nos cuentas de la configuración de los distintos servicios,
> además de cómo está realizada la aplicación que estás lanzando?
>
> Otro punto a considerar es que es una VPS no una maquina "real", esta
> compartiendo recursos con quien sabe cuantas máquinas más.
>
> Saludos.
>
>
> --
> usuario linux  #274354
> normas de la lista:  http://wiki.debian.org/es/NormasLista
> como hacer preguntas inteligentes:
> http://www.sindominio.net/ayuda/preguntas-inteligentes.html
>
>


-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Re: Rendimiento Debian o VPS

[juan]

O no nunca pretendí responder en privado pero me di cuenta una vez 
enviado, coas entre la configuración de la lista y la de mi clientes de 
correo :(



Para ver logs de manera profunda y fácil tenemos por ejemplo  AWStats y 
Webalizer, yo estoy usando piwik por que es para tener un sistema 
publico de estadisticas con un buen plugin para wordpress entre otras 
cosas pero piwik no profundiza tanto y no facilita tanto detectar ataques.



Tal vez el sistema que usas para ecomerce tenga un plugin de cahché, 
esto ahorra recursos, tambien puedes leer algo de como optimizar php 
para mejor rendimiento simpre tenteindo en cuanta las necesidades de lo 
que tengas instalado, usa buenos sisemas anti, spam, ataques y splog en 
todo formulario que tengas abierto.



Más allá de eso, los problemas de rendimiento por lo general no los 
ocasiona debian, ¿lo tienes sin escritorio no? :) parteado de debian 
minimal le pones solo lo necesario y es lo ms estable y rapido nunca 
visto :) pero luego hay que administrar recursos ¿has mirado si te están 
haciendo hotlinck? Te recomiendo controlar si no tienes imágenes con más 
hits que las páginas que las muestran.





On 19/10/17 21:14, Oswaldo Franco wrote:
Disculpa Juan creo que me contestaste a mi solamente, no se si fue tu 
intención o te equivocaste al no contestar a la lista completa.


Pero bueno gracias por responder y te contesto.

Son muy frecuentes, más son as veces que veo que la velocidad que 
cuando está rápida (esto lo digo monitoreando el PageSpeed, pingdom, 
webpagetest, entre otras). La Ram ni se mueve sólo usa un 50% o menos. 
Es una web de ecommerce, pero tiene como a lo mucho 330 visitas en día 
aproximadamente. No sé sobre los log, cómo cuales puedo mirar?



Un Saludo.

El 19 de octubre de 2017, 13:43, juan > escribió:


Como dices a veces entiendo que son picos ¿son muy frecuentes?
Pues en esos momentos si estás usando el 70% de tus cpu ¿como va
de consumo de ram? ¿que tipo de sitio web, es decir hay
formularios de comentarios, login, contacto? ¿tienes sistemas de
log y estadísticas web que te permitan saber en que se van los
recursos?

Ten en cuenta que en ocasiones las tentativas de spam, splog o
apropiación de sitios consumen más recursos ue las visitas genuinas.


Cuando sepamos más te ayudaremos a optimizar.



On 19/10/17 18:19, Oswaldo Franco wrote:

Hola, un saludo para todos.

Actualmente he instalado debian en un VPS, el cual me dice que
tiene un procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz
donde el proveedor de hosting me dice que tiene 24 núcleos. y
según el comando "cat /proc/cpuinfo" me dice lo mismo. También
tiene 3gb de RAM. El caso es que monté una web, luego de sus
configuraciones y al monitorear con "top -i", veo que a veces que
el %CPU llega a 70 o hasta 90, mi pregunta es, este dato quiere
decir que se está chupando casi todo el procesador en esas tareas?
Se recomienda subir de plan para obtener un mejor procesador?

Gracias de antemano.

-- 
OSWALDO FRANCO

Cumaná, Sucre -Venezuela
GNU/Linux User # 508524





--
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Re: X crashes when closing one of two running X sessions

[David Wright]

On Thu 19 Oct 2017 at 08:35:55 (-0700), Jimmy Johnson wrote:
> On 10/18/2017 09:13 AM, Robert Arkiletian wrote:
> >Using Debian Stretch x86_64. I don't use a greeter like lightdm. I
> >just log in at the virtual terminal, then startx (xfce desktop). I
> >like to use multiple accounts (running X) at the same time on
> >different virtual terminals (eg. ctrl-alt-f1  ctrl-alt-f2)
> >
> >All is fine until I exit (shutdown) one X session, then the other
> >running X session freezes and then after a little while crashes. Any
> >ideas on how to find or diagnose what's causing this issue are much
> >appreciated.
> 
> I don't know about how you shutdown a terminal, me I just ctrl+d and
> it logs out.

That sounds like you're talking about an xterm, not X.

Anyway, my suspicion is that perhaps there's a problem in restoring
the mode for the console that X started from, when it terminates. I've
had that problem in the past on this Acer laptop (on every
termination) though upgrades have often fixed it.

Currently, I have no problem if I haven't worked the system too hard
(which is tricky in 500MB memory), but after doing much browsing
(which tends to thrash the 1GB swap), terminating X will leave the
machine with a black screen. It's still running (I can ssh into it)
but about the only thing that works is the power button, whereupon
after a few seconds the normal VC screen appears with the closedown
messages scrolling by. (The only untested feature is whether the WiFi
kill switch (external) still works.)

I can avoid the black screen by, instead of using Ctrl-Alt-Backspace
to exit X, typing Ctrl-Alt-F2 for a VC and then killing X with
pkill xinit. VC2 now remains usable, just so long as I don't
accidently move to VC1, which puts it into its black screen state.

This Acer has a Radeon driver that is peculiar. When I boot, it's
important that I see these messages:
[   12.195543] radeon :01:00.0: firmware: failed to load radeon/R300_cp.bin 
(-2)
[   12.195605] radeon :01:00.0: Direct firmware load failed with error -2
[   12.195608] radeon :01:00.0: Falling back to user helper
Were it to load that firmware (which I've hidden), it would crash
after just a few seconds.

Perhaps a workaround for you would be to only use "real" VCs when the
system is freshly booted, and then start a DM so that you stay inside
your X sessions evermore, until the next reboot; ie a one-way ticket.

Cheers,
David.

Re: Rendimiento Debian o VPS

[Felix Perez]

El 19 de octubre de 2017, 13:19, Oswaldo Franco
 escribió:
> Hola, un saludo para todos.
>
> Actualmente he instalado debian en un VPS, el cual me dice que tiene un
> procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el proveedor
> de hosting me dice que tiene 24 núcleos. y según el comando "cat
> /proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
> monté una web, luego de sus configuraciones y al monitorear con "top -i",
> veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este dato
> quiere decir que se está chupando casi todo el procesador en esas tareas?
> Se recomienda subir de plan para obtener un mejor procesador?
>

Y que nos cuentas de la configuración de los distintos servicios,
además de cómo está realizada la aplicación que estás lanzando?

Otro punto a considerar es que es una VPS no una maquina "real", esta
compartiendo recursos con quien sabe cuantas máquinas más.

Saludos.


-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: Release files and Key rings

[Alexander V. Makartsev]

Release file you talking about is an encryption key that is used to
check if package or repository is trusted.
There is a package (debian-keyring) with said keys that could be
installed, so it will take care about changing keys in the future.
It looks like your keyring is unreadable by unprivileged _apt user. You
can fix this by typing this command as root:
    chmod 644 /etc/apt/trusted.gpg

Here is minimum contents of "/etc/apt/sources.list" file that is
required for apt-get to install packages from Internet:
#
deb http://ftp.us.debian.org/debian/ stretchmain contrib non-free
deb-src http://ftp.us.debian.org/debian/ stretch main contrib non-free
#
deb http://ftp.us.debian.org/debian/ stretch-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ stretch-updates main contrib
non-free
#
deb http://security.debian.org/debian-security/ stretch/updates main
contrib non-free
deb-src http://security.debian.org/debian-security/ stretch/updates main
contrib non-free
#

Check contents of this file and replace them with these lines if necessary.
After that you should be fine. If not, show me output of these commands:
    apt-get update
    cat /etc/apt/sources.list




On 19.10.2017 22:09, Josh W. wrote:
> Hello. I am having a very hard time setting up repos... each tme it
> tells me there is no release file and that my repos can't authenticate
> the key or keyring.. Here is an attached file to show you what i am
> talking about. Can you help me or at least point me in the right
> direction. Thank you.
>
>
> Joshua >

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"

[Nicholas Geovanis]

I wrote:
> Right. But it's a big company and I can't influence when or how ESX gets
upgraded.

Perhaps I should explain that everywhere I've worked that uses VMware, the
VMware
admins are almost always current or former Windows admins. Naturally that's
because
there are hundreds-to-thousands of desktops being driven out of VMware, and
many now
are Horizon so they don't even have full, real hardware, so they're
VMware-dependent.

As a result of these "facts on the ground", linux VMs do not have the
"administrator mindshare"
that Windows VMs have with the VMware system admins (current/former Windows
admins).
Not even if they are fundamental to the business.

As I mentioned, it's more sociology than computer science.

On Thu, Oct 19, 2017 at 1:51 PM, Nicholas Geovanis 
wrote:

>
>
> On Thu, Oct 19, 2017 at 1:25 PM, Sven Hartge  wrote:
>
>> Nicholas Geovanis  wrote:
>>
>> > And unfortunately the HTML5 version of the VSphere app doesn't permit
>> > editing of, for example, that vmxnet3 parameter for mitigation of
>> > https://bugzilla.kernel.org/show_bug.cgi?id=191201#c49
>>
>> You don't need all that stuff if you are not on ESX 6.5. So no need to
>> try to edit those values. And if you upgrade to 6.5 eventually, just use
>> at
>
> least 6.5u1, then you are safe.
>>
>
> Right. But it's a big company and I can't influence when or how ESX gets
> upgraded.
> I can only prepare my VMs for their new lives in this hard, cold, virtual
> world; and this
> was the first attempt with Debian 9.2 on the current VMware release.
> Results were bad.
>
> If I am doing my job OK, that VM will never once be booted in its
> years-long lifetime. But
> if  the boss ever sees that "TCP performance may be compromised" message
> on a
> production server, or if it ever kills or cripples the OS or apps, I will
> have a very personal
> problem very rapidly.
>
> It's really more about sociology than about computer science.
>
>
>> S°
>> --
>> Sigmentation fault. Core dumped.
>>
>>
>

System becomes inaccessible after upgrade of libgl1-mesa-glx to version 17.2.2-1

[Simon Pepping]

After an upgrade of libgl1-mesa-glx to version 17.2.2-1 and a reboot,
the system hangs during startup and has become inaccessible. lightdm's
x-0.log and Xorg.0.log logfiles mention an error: undefined symbol:
_glapi_tls_Current.

The problem is described in several bug reports:

  * Bug #878948 
  * Bug #878851 
  * Bug #876220 

The solution seems simple:

The following packages will be REMOVED:
  libglvnd0-nvidia
The following NEW packages will be installed:
  libglvnd0"

But how do you do that with an inaccessible system? The system can be
booted in recovery mode, and the change can be made there. But the
network is not yet up and running.

I solved the problem as follows.

  * Boot in another system on the machine that can mount the root file
system of the affected debian system.
  * Download the libglvnd0 package. It can be found at /pool/main/libg/libglvnd/libglvnd0_0.2.999+git20170802-5_amd64.deb,
e.g.

ftp.nl.debian.org/debian/pool/main/libg/libglvnd/libglvnd0_0.2.999+git20170802-5_amd64.deb.
Save the package in /var/cache/apt/archives of the
mounted root file system. 
  * Reboot into the affected system; select recovery mode in Grub
  * start aptitude
  * mark libglvnd0 for installation
  * resolve conflict by removing (purging) libglvnd0-nvidia
  * install
  * Check in aptitude whether libglvnd0 is installed
  * Continue to multi-user mode: systemctl default

If everything went well, the prompt of lightdm appears. The first
upgrade problem in years in testing that made the system unusable, has
been solved. Thanks are due to the people who analyzed the problem and
described their solution in the bug reports.

Note: The syslog of the inaccessible system suggests that the system is
up and running: Oct 18 10:07:07 vuurvlinder systemd[1]: Startup finished
in 5.917s (kernel) + 20.713s (userspace) = 26.630s. Then it may be
possible to log into the system from another computer and perform the
package change, instead of the above procedure.

Best, Simon

T

[Miscerdan Soares da silva]

Enviado do meu iPhone

Re: when do I get a browsere that will do internet purchases?

[Joe]

On Thu, 19 Oct 2017 14:08:59 -0400
Dan Ritter  wrote:

> On Thu, Oct 19, 2017 at 01:55:00PM -0400, Gene Heskett wrote:
> > Since the last update to firefox-esr, none of the usual internet
> > buying options work, or even show up after you've clicked add to
> > cart.
> > 
> > clamav also claims that ~/firefox/browser/omni.ja is infected,
> > with but several re-installs of firefox-esr has not affected that.
> > Turned into clamav, as an FP, it was ignored because I assume its
> > not an FP.
> > 
> > Can this please be looked at?
> > 
> > I'd use chromium, but it does not remember firefox passwds that I
> > can find and recall for use again next week.
> >   
> 
> ~/firefox is not created by your debian-installed firefox-esr.
> Are you invoking something else?
> 
> If you aren't invoking something else, perhaps you should be:
> I find running upstream firefox reasonable:
> 
> https://download.mozilla.org/?product=firefox-56.0.1-SSL=linux64=en-US
> 
> and then unpack it and make sure you are running that particular
> executable.
> 

Agreed. Some time ago, FF-ESR started crashing the tab when I went to
the login page of my bank. I tried Konqueror, and it didn't crash, but
the login just re-showed the page. Midori worked.

Very recently, Midori stopped working, and an attempt from a Windows
machine with the current FF worked, so I installed from Mozilla, and
that worked fine on the bank login page, but the Back button didn't
work, and the right-click menu filled the entire page vertically. So
I've linked the upstream to the menu as Firefox-56 for bank use, and
reinstalled FF-ESR (52) from the repository for other uses.

This *is* sid, I suppose, but for a while it looked as if I'd have to
do my Internet banking from (gulp) Windows. OK, browsers have always
been something of a pain, but the number of scripts used frivolously
(i.e. for advertising) these days has become stupid, and I'm sure
that's where most of the trouble comes from. FF showing a Google
results page, or the Telegraph, will sit there eating most of a CPU.
And that's *with* No-Script running, with just the bare minimum
enabled for the page to function at all.

-- 
Joe

Re: when do I get a browsere that will do internet purchases?

[Gene Heskett]

On Thursday 19 October 2017 14:08:59 Dan Ritter wrote:

> On Thu, Oct 19, 2017 at 01:55:00PM -0400, Gene Heskett wrote:
> > Since the last update to firefox-esr, none of the usual internet
> > buying options work, or even show up after you've clicked add to
> > cart.
> >
> > clamav also claims that ~/firefox/browser/omni.ja is infected,
> > with but several re-installs of firefox-esr has not affected that.
> > Turned into clamav, as an FP, it was ignored because I assume its
> > not an FP.
> >
> > Can this please be looked at?
> >
> > I'd use chromium, but it does not remember firefox passwds that I
> > can find and recall for use again next week.
>
> ~/firefox is not created by your debian-installed firefox-esr.
> Are you invoking something else?
>
> If you aren't invoking something else, perhaps you should be:
> I find running upstream firefox reasonable:
>
> https://download.mozilla.org/?product=firefox-56.0.1-SSL=linux64
>ng=en-US
>
> and then unpack it and make sure you are running that particular
> executable.
>
> -dsr-

I have it AFU now. Unpacked it to my home/src directory, then tried to 
run the updater in it.

Gets this:
ene@coyote:~/src/firefox$ ./updater
./updater: error while loading shared libraries: libgtk-3.so.0: cannot 
open shared object file: No such file or directory
gene@coyote:~/src/firefox$ sudo ./updater
./updater: error while loading shared libraries: libgtk-3.so.0: cannot 
open shared object file: No such file or directory
gene@coyote:~/src/firefox$  
  

So: ldconfig -v | grep libgtk-3.so and pick this out of the mess:
   libgtk-3.so.0 -> libgtk-3.so.0.400.2

So its there, in: (locate output)
/usr/lib/i386-linux-gnu/libgtk-3.so
/usr/lib/i386-linux-gnu/libgtk-3.so.0
/usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2

What do I do next?  This is wheezy, fully uptodate.

Thank you

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"

[Nicholas Geovanis]

On Thu, Oct 19, 2017 at 1:25 PM, Sven Hartge  wrote:

> Nicholas Geovanis  wrote:
>
> > And unfortunately the HTML5 version of the VSphere app doesn't permit
> > editing of, for example, that vmxnet3 parameter for mitigation of
> > https://bugzilla.kernel.org/show_bug.cgi?id=191201#c49
>
> You don't need all that stuff if you are not on ESX 6.5. So no need to
> try to edit those values. And if you upgrade to 6.5 eventually, just use
> at

least 6.5u1, then you are safe.
>

Right. But it's a big company and I can't influence when or how ESX gets
upgraded.
I can only prepare my VMs for their new lives in this hard, cold, virtual
world; and this
was the first attempt with Debian 9.2 on the current VMware release.
Results were bad.

If I am doing my job OK, that VM will never once be booted in its
years-long lifetime. But
if  the boss ever sees that "TCP performance may be compromised" message on
a
production server, or if it ever kills or cripples the OS or apps, I will
have a very personal
problem very rapidly.

It's really more about sociology than about computer science.


> S°
> --
> Sigmentation fault. Core dumped.
>
>

Re: [OT] Breaking WPA2 by forcing nonce reuse

[David Wright]

On Thu 19 Oct 2017 at 18:07:20 (+0200), to...@tuxteam.de wrote:
> On Thu, Oct 19, 2017 at 11:07:01AM -0400, Celejar wrote:
> > On Thu, 19 Oct 2017 12:05:23 +0100
> > Brian  wrote:
> > 
> > > On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:
> 
> [...]
> 
> > Yes, what I'm probably going to do is use the printer's ethernet
> > connection along with a Powerline adapter into a nearby power outlet.
> 
> And how secure are the powerline adapters? Most probably they're
> broadcasting their stuff over your and your neighbour's AC net on
> top of some unspecified proprietary modulation. Just sayin'...

AIUI 128-bit AES on non-ancient ones. For your neighbour to eavesdrop,
they need to press their device's authenticate button when you press
yours. You can probably minimise the chances of the authentication
negotiation being picked up by plugging the devices into a filtered
power strip so that they can only see each other and not radiate into
the home wiring. We have two independent pairs running here, one on
the WAN side and one on the LAN. It looks odd as two units share the
same mains socket by using their pass-through power outlet.

How many neighbours you have depends on where you live. In Britain
you're likely to have a large number scattered randomly down the
street (sharing your phase). Here we have a pole-mount service
transformer that happens to serve just two houses and two street
lamps.

When we had the pole in our garden moved, they discovered that
the whole street's needed replacing, along with the transformers,
so we were lucky and didn't have to pay them anything for the move.
We just said stick it there please.

Cheers,
David.

Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"

[Nicholas Geovanis]

On Thu, Oct 19, 2017 at 12:48 PM, deloptes  wrote

>
> You know that firefox and flash can be installed in any directory - no need
> to install a full system just to have flash working ... you Viking :)
>

I literally tried every permutation of chrome, opera and IE11 on Windoze7,
and
opera, chrome and chromium on Debian 8. The VSphere web client was the
app I needed to work (must have Flash or you have to use the crippled HTML5
version), but in every case on every browser, the Flash plugin said
"I died, try reloading the page". Upgrading Flash and the browsers made no
difference. As mentioned, prior to the IE11/Krack upgrade on Monday it all
worked fine on 'Doze7.

It's stuff like this that shortens my life :-|


> regards
>

Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"

[Sven Hartge]

Nicholas Geovanis  wrote:

> On Wed, Oct 18, 2017 at 11:34 AM, Sven Hartge  wrote:

>> You will get the "suspect GRO implementation" with 5.5 as well, but
>> it is harmless. I have not yet found any performance problems.

> Yes, still receive that message, even with the VM option set.

> It's an ugly story, but a Win 7 update Monday broke Flash, so the
> VSphere client stopped working (was OK on Win10).

The breakage with Flash 27.0.0.170 hit *every* OS.

> Unfortunately the flash and pepper plugins were total failures on
> Debian 8.9 too (yes, I upgraded, downgraded, tried every permutation).

https://www.reddit.com/r/vmware/comments/77airk/adobe_releases_beta_flash_fix/
https://www.reddit.com/r/vmware/comments/76ol8n/shockwave_flash_has_crashed_workaround_for/
https://www.reddit.com/r/vmware/comments/76mndv/vcenter_65_crashing_shockwave_flash_in_firefox/

https://kb.vmware.com/kb/2151945

> And unfortunately the HTML5 version of the VSphere app doesn't permit
> editing of, for example, that vmxnet3 parameter for mitigation of
> https://bugzilla.kernel.org/show_bug.cgi?id=191201#c49

You don't need all that stuff if you are not on ESX 6.5. So no need to
try to edit those values.

And if you upgrade to 6.5 eventually, just use at least 6.5u1, then you
are safe.

S°
-- 
Sigmentation fault. Core dumped.

Re: when do I get a browsere that will do internet purchases?

[Dan Ritter]

On Thu, Oct 19, 2017 at 01:55:00PM -0400, Gene Heskett wrote:
> Since the last update to firefox-esr, none of the usual internet buying 
> options work, or even show up after you've clicked add to cart.
> 
> clamav also claims that ~/firefox/browser/omni.ja is infected,
> with but several re-installs of firefox-esr has not affected that. Turned 
> into clamav, as an FP, it was ignored because I assume its not an FP.
> 
> Can this please be looked at?
> 
> I'd use chromium, but it does not remember firefox passwds that I can 
> find and recall for use again next week.
> 

~/firefox is not created by your debian-installed firefox-esr.
Are you invoking something else?

If you aren't invoking something else, perhaps you should be:
I find running upstream firefox reasonable:

https://download.mozilla.org/?product=firefox-56.0.1-SSL=linux64=en-US

and then unpack it and make sure you are running that particular
executable.

-dsr-

Re: Release files and Key rings

[deloptes]

Josh W. wrote:

> Hello. I am having a very hard time setting up repos... each tme it tells
> me there is no release file and that my repos can't authenticate the key
> or keyring.. Here is an attached file to show you what i am talking about.
> Can you help me or at least point me in the right direction. Thank you.
> 
> 
> Joshua 


This is BS

apt-get install colobot deb http://ftp.us.debian.org/debian/ stretch main
contrib non-free

Correct

apt-get install colobot

Further more it is not clear what you want to achieve. If you want to use
your CD/DVD as a repo without necessary placing it in the disk drive, I can
not advise, as I have never done it.

I have setup an apache server and pointed to the location of the repository.

  Alias /debian/stable "/data-backup/DEVELOPMENT/Debian/stretch"
  Alias /debian/stretch "/data-backup/DEVELOPMENT/Debian/stretch"
  
#Options FollowSymLinks MultiViews Indexes
Options MultiViews Indexes
AllowOverride None
Order deny,allow
Deny from all
Require all granted
Allow from 192.168.xx.0/255.255.255.0
Allow from 172.0.0.0/255.0.0.0
Allow from 10.10.xx.0/255.255.255.0
  

Then in my /etc/apt/source.list (or in source.list.d as a file)

deb http://server/debian/stretch /


Regarding Release file - it is related to your setup IMO. if you solve the
problem, it may not complain (given you have valid repo)

Read (at least) this

https://wiki.debian.org/DebianRepository/Setup
https://wiki.debian.org/DebianRepository/Format

regards

Re: Performance RAID instable

[Pascal Hambourg]

Le 19/10/2017 à 16:06, Seb a écrit :


Merci beaucoup pour l'aide que vous m'avez apportée dans le diagnostic 
du problème. C'était bien un souci de gestion de la mémoire lié au PAE.


Sur la machine à la maison j'ai limité la RAM à 4 Go et depuis, la 
performance des disques est stable (980 Mo/s de moyenne).


Pourquoi 4 Go ? C'est un peu arbitraire.
As-tu essayé d'autres valeurs entre 4 et 8 Go ?

when do I get a browsere that will do internet purchases?

[Gene Heskett]

Since the last update to firefox-esr, none of the usual internet buying 
options work, or even show up after you've clicked add to cart.

clamav also claims that ~/firefox/browser/omni.ja is infected,
with but several re-installs of firefox-esr has not affected that. Turned 
into clamav, as an FP, it was ignored because I assume its not an FP.

Can this please be looked at?

I'd use chromium, but it does not remember firefox passwds that I can 
find and recall for use again next week.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"

[deloptes]

Nicholas Geovanis wrote:

> Flash has been annoying me for years now. Glad it's on the way
> out.Nick

Just for the record:

You know that firefox and flash can be installed in any directory - no need
to install a full system just to have flash working ... you Viking :)

For example you could put th libflashplayer.so in ~/.mozilla/plugins

regards

Re : Performance RAID instable

[Thierry Bugier]

Bonjour

Le jeudi 19 octobre 2017 à 16:06 +0200, Seb a écrit :
> Bonjour,
> 
> 
> Merci beaucoup pour l'aide que vous m'avez apportée dans le
> diagnostic du 
> problème. C'était bien un souci de gestion de la mémoire lié au PAE.
> 
> Sur la machine à la maison j'ai limité la RAM à 4 Go et depuis, la 
> performance des disques est stable (980 Mo/s de moyenne).
> 
> Sur la machine au bureau, 4 Go de RAM est trop juste pour InDesign
> dans 
> une VirtualBox alors j'ai réinstallé en amd64.
> 
> 
> Seb.

Il y a un détail qui m'interpelle. Pourquoi la gestion mémoire avec PAE
n'impacte (apparement) que le système RAID logiciel du noyau ?

Re: sources.list

[don magnify]

On Thu, Oct 19, 2017 at 6:15 AM, Lucio Crusca  wrote:

>
>
> Il 19/10/2017 12:00, don magnify ha scritto:
> > # sudo apt-get build-dep python-imaging --fix-missing
> >
> > get:
> >
> > "E: You must put some 'source' URIs in your sources.list"
>
> You need to add deb-src lines.
>
> https://debgen.simplylinux.ch/
>

how dies this help with the "build-dep python-imaging --fix-missing" part?!

Release files and Key rings

[Josh W.]

Hello. I am having a very hard time setting up repos... each tme it tells
me there is no release file and that my repos can't authenticate the key or
keyring.. Here is an attached file to show you what i am talking about. Can
you help me or at least point me in the right direction. Thank you.


Joshua 


release file not working.odt
Description: application/vnd.oasis.opendocument.text

Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"

[Nicholas Geovanis]

On Wed, Oct 18, 2017 at 11:34 AM, Sven Hartge  wrote:

>
> You will get the "suspect GRO implementation" with 5.5 as well, but it
> is harmless. I have not yet found any performance problems.
>

Yes, still receive that message, even with the VM option set.

It's an ugly story, but a Win 7 update Monday broke Flash, so the VSphere
client stopped working (was OK on Win10). Unfortunately the flash and pepper
plugins were total failures on Debian 8.9 too (yes, I upgraded, downgraded,
tried every
permutation). And unfortunately the HTML5 version of the VSphere app
doesn't permit
editing of, for example, that vmxnet3 parameter for mitigation of
https://bugzilla.kernel.org/show_bug.cgi?id=191201#c49

So, cursing like a Viking, I installed Ubuntu 17.04 (it's Debian-based he
said sheepishly).
And lo and behold, if you upgrade Flash and firefox to the most recent
levels
(but nothing older than that...) VSphere web client works again.

Flash has been annoying me for years now. Glad it's on the way out.Nick
G


> S°
>
> --
> Sigmentation fault. Core dumped.
>
>

Ça mounte plus

[Txo]

Bonjour,

Jusquà il n'y a plus longtemps j'avais, sur ma sid, pour monter le
disque interne de la freebox et un disque sur l'usb de cette freebox,
les lignes suivantes dans fstab :

//192.168.1.254/Disque\040dur   /media/freebox  cifs
x-systemd.automount,_netdev,rw,users,iocharset=utf8,uid=1000,user=freebox,pass=,sec=ntlm,nofail,auto,vers=2.0
0   0
//192.168.1.254/Samsung /media/samsung  cifs
x-systemd.automount,_netdev,rw,users,iocharset=utf8,uid=1000,user=freebox,pass=,sec=ntlm,nofail,auto,vers=2.0
0   0

Nous filions, moi et mes scripts divers, un parfait montage de ces deux
disques.

Patatrac, a pus … Je me prends des « //192.168.1.254/Samsung: mount
error(112): Host is down », ce qui est bien sur faux. J'arrive à monter
le disque dans caja Réseau-> Freebox server -> Samsung mais je ne sais
pas où il est monté et quel chemin utiliser pour y accéder.

J'ai même essayé par curlftpfs et je n'ai qu'un fichier dans media qui
prend la place de /media/samsung.

J'ai dû louper un épisode sur une mise à jour mais je nage complètement.

Qui a une bouée ?


-- 
-- Dominique Marin http://txodom.free.fr  --
«La théorie, c'est quand on sait tout mais que rien ne fonctionne. La
pratique, c'est quand ça fonctionne mais qu'on ne sait pas pourquoi.»
-- Albert Einstein--

Rendimiento Debian o VPS

[Oswaldo Franco]

Hola, un saludo para todos.

Actualmente he instalado debian en un VPS, el cual me dice que tiene un
procesador Intel (R) Xeon (R) CPU E5-2630L v2 @ 2.40GHz donde el proveedor
de hosting me dice que tiene 24 núcleos. y según el comando "cat
/proc/cpuinfo" me dice lo mismo. También tiene 3gb de RAM. El caso es que
monté una web, luego de sus configuraciones y al monitorear con "top -i",
veo que a veces que el %CPU llega a 70 o hasta 90, mi pregunta es, este
dato quiere decir que se está chupando casi todo el procesador en esas
tareas?
Se recomienda subir de plan para obtener un mejor procesador?

Gracias de antemano.

-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Ron Leach]

On 19/10/2017 16:56, Dan Purgert wrote:

Brian wrote:

[...]
Isn't it sufficient to fix one end of the
connection to dispose of the vulnerability?



KRACK is an attack against the *client* side.  It MUST (rfc2119) be that
device that is patched against the attack.



Dan, I'm not sure it's that simple, either.

There are *two* WiFi connections in the Debian-box to Printer case:
i Debian box to Access Point
ii Printer to Access Point

Brian's idea is good for the connection from the Debian box to the 
Access Point1.


But the connection between the printer, and the Access Point remains 
vulnerable - particularly to the possible all-zero key.


Your advice is extremely close, and very pertinent, but *both* clients 
need to be fixed.  So Celejar's powerline link may be a reasonable 
solution for his case.


regards, Ron

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Celejar]

On Thu, 19 Oct 2017 16:39:34 +0100
Brian  wrote:

> On Thu 19 Oct 2017 at 11:07:01 -0400, Celejar wrote:
> 
> > On Thu, 19 Oct 2017 12:05:23 +0100
> > Brian  wrote:
> > 
> > > On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:
> > 
> > ...
> > 
> > > > developers, etc., but why should I not be worried and upset about the
> > > > situation with my phone, printer, etc.?
> > > 
> > > Depends on the level of your concern. There are USB and ethernet
> > > connections to the printer. This might require physical relocation
> > > of the printer but it could be worth it to be worry-free. Or use a 
> > > Debian-based, wireless-enabled print server in close proximity to
> > > the printer.
> > 
> > Yes, what I'm probably going to do is use the printer's ethernet
> > connection along with a Powerline adapter into a nearby power outlet.
> 
> That's a good idea, but thinking on: there two ends to the connection,
> the printer and the sending device. Fixing printers is unlikely to be
> high on vendors' lists of priorities, but a fix is available when the
> sending device uses Debian. Isn't it sufficient to fix one end of the
> connection to dispose of the vulnerability?

As I understand it, when I print something from some device (say, my
Debian laptop), the device establishes a TCP/IP connection with the
printer to do the printing. In my (typical) setup, at the link level,
the device connects to the AP / switch / router wirelessly (via WPA2),
and so does the printer. Assuming the device and router are both
patched, the link between the device and the router is secure, but the
link between the router and printer is not, so any data I send between
the device and the printer will be secure as it traverses the first
link, but not the second. As I understand things, patching the router
doesn't really help secure the link between it and vulnerable devices
like the printer. Henrique recently noted that there is a setting
available on new OpenWRT and LEDE builds that can help, but it's
apparently not yet included in any release yet:

https://lists.debian.org/debian-user/2017/10/msg00593.html

Celejar

Re: sources.list

[don magnify]

thanks...  i did. same result...  is there any particular src endpoint
directly affecting the "build-dep python-imaging --fix-missing"
commands/flags?

thanks...

On Thu, Oct 19, 2017 at 6:09 AM, Steve Kemp  wrote:

> >
> >#A sudo vi /etc/apt/sources.list
> >
> >shows this:
> >
> >deb  http://cdn-aws.deb.debian.org/debian  stretch  main
>
>   Lines beginning with "deb" are used for binary packages.  For
>  "source" packages you need a "deb-src" prefix.  Something like
>  this:
>
> deb-src  http://cdn-aws.deb.debian.org/debian  stretch  main
> deb-src  http://security.debian.org  stretch/updates  main
> ..
>
>   (Just add those, leave the binary-lines in-place.)
>
> Steve
> --
>

Re: [OT] Breaking WPA2 by forcing nonce reuse

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Oct 19, 2017 at 11:07:01AM -0400, Celejar wrote:
> On Thu, 19 Oct 2017 12:05:23 +0100
> Brian  wrote:
> 
> > On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:

[...]

> Yes, what I'm probably going to do is use the printer's ethernet
> connection along with a Powerline adapter into a nearby power outlet.

And how secure are the powerline adapters? Most probably they're
broadcasting their stuff over your and your neighbour's AC net on
top of some unspecified proprietary modulation. Just sayin'...

;-)

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnozbgACgkQBcgs9XrR2kbWgQCfQwm+ERBa9UL9HY38Z+YPuDOY
L9kAn3oJDwo3eNnFWZB2k3nA+skrytHm
=rld1
-END PGP SIGNATURE-

Re: [Pkg-utopia-maintainers] network-manager-gnome - Ethernet - Security - 802.1x - Password can't be changed

[Michael Biebl]

Am 19.10.2017 um 14:39 schrieb Daniel:
> Hello,
> 
> I'm using debian 9 up to date.
> 
> Desktop Environment: Gnome
> 
> Scenario: Where I work we connect to the network with Ethernet and
> 802.1x peap authentication. Each X days passwords expire and we need
> to change it.
> 
> Problem: When I try to change the password to the new one and I apply
> changes everything seems fine (I apply and get no errors), but when I
> open the same settings back again the old password still remains, so
> the password is not really changed no matter how many times I try.
> 
> Workaround so far: The only way I found so far to effectively set the
> password is to disable security completely and enable it back again to
> define all values from scratch.
It looks like you used gnome-control-center to change the password.
Does it make a difference if you use nm-connection-editor (from
network-manager-gnome) to change the password?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Dan Purgert]

Brian wrote:
> [...]
> That's a good idea, but thinking on: there two ends to the connection,
> the printer and the sending device. Fixing printers is unlikely to be
> high on vendors' lists of priorities, but a fix is available when the
> sending device uses Debian. Isn't it sufficient to fix one end of the
> connection to dispose of the vulnerability?
>

KRACK is an attack against the *client* side.  It MUST (rfc2119) be that
device that is patched against the attack.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Brian]

On Thu 19 Oct 2017 at 11:07:01 -0400, Celejar wrote:

> On Thu, 19 Oct 2017 12:05:23 +0100
> Brian  wrote:
> 
> > On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:
> 
> ...
> 
> > > developers, etc., but why should I not be worried and upset about the
> > > situation with my phone, printer, etc.?
> > 
> > Depends on the level of your concern. There are USB and ethernet
> > connections to the printer. This might require physical relocation
> > of the printer but it could be worth it to be worry-free. Or use a 
> > Debian-based, wireless-enabled print server in close proximity to
> > the printer.
> 
> Yes, what I'm probably going to do is use the printer's ethernet
> connection along with a Powerline adapter into a nearby power outlet.

That's a good idea, but thinking on: there two ends to the connection,
the printer and the sending device. Fixing printers is unlikely to be
high on vendors' lists of priorities, but a fix is available when the
sending device uses Debian. Isn't it sufficient to fix one end of the
connection to dispose of the vulnerability?

-- 
Brian.

Re: X crashes when closing one of two running X sessions

[Jimmy Johnson]

On 10/18/2017 09:13 AM, Robert Arkiletian wrote:

Using Debian Stretch x86_64. I don't use a greeter like lightdm. I
just log in at the virtual terminal, then startx (xfce desktop). I
like to use multiple accounts (running X) at the same time on
different virtual terminals (eg. ctrl-alt-f1  ctrl-alt-f2)

All is fine until I exit (shutdown) one X session, then the other
running X session freezes and then after a little while crashes. Any
ideas on how to find or diagnose what's causing this issue are much
appreciated.


I don't know about how you shutdown a terminal, me I just ctrl+d and it 
logs out.

--
Jimmy Johnson

Debian Buster - KDE Plasma 5.10.5 - AMD A8-7600 - EXT4 at sda7
Registered Linux User #380263

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Celejar]

On Thu, 19 Oct 2017 12:05:23 +0100
Brian  wrote:

> On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:

...

> > developers, etc., but why should I not be worried and upset about the
> > situation with my phone, printer, etc.?
> 
> Depends on the level of your concern. There are USB and ethernet
> connections to the printer. This might require physical relocation
> of the printer but it could be worth it to be worry-free. Or use a 
> Debian-based, wireless-enabled print server in close proximity to
> the printer.

Yes, what I'm probably going to do is use the printer's ethernet
connection along with a Powerline adapter into a nearby power outlet.

Celejar

Re: Performance RAID instable

[Seb]

Bonjour,


Merci beaucoup pour l'aide que vous m'avez apportée dans le diagnostic du 
problème. C'était bien un souci de gestion de la mémoire lié au PAE.


Sur la machine à la maison j'ai limité la RAM à 4 Go et depuis, la 
performance des disques est stable (980 Mo/s de moyenne).


Sur la machine au bureau, 4 Go de RAM est trop juste pour InDesign dans 
une VirtualBox alors j'ai réinstallé en amd64.



Seb.

Re: network-manager-gnome - Ethernet - Security - 802.1x - Password can't be changed

[Daniel]

wops, forgot the screenshot, silly me

2017-10-19 14:39 GMT+02:00 Daniel :
> Hello,
>
> I'm using debian 9 up to date.
>
> Desktop Environment: Gnome
>
> Scenario: Where I work we connect to the network with Ethernet and
> 802.1x peap authentication. Each X days passwords expire and we need
> to change it.
>
> Problem: When I try to change the password to the new one and I apply
> changes everything seems fine (I apply and get no errors), but when I
> open the same settings back again the old password still remains, so
> the password is not really changed no matter how many times I try.
>
> Workaround so far: The only way I found so far to effectively set the
> password is to disable security completely and enable it back again to
> define all values from scratch.
>
> Additional info:
> Passwords are 32 characters long include uppercase, lowercase, digits,
> minus, underline and special characters such as !, $, %, &, etc.
>
> Package list and debian package version:
> network-manager 1.6.2-3
> network-manager-gnome 1.4.4-1
> network-manager-vpnc 1.2.4-4
> network-manager-vpnc-gnome 1.2.4-4
>
> Find attached a screenshot which shows the window where I set the password.
> "/etc/NetworkManager/system-connections/Profile 1" contents:
>
>
> [connection]
> id=Profile 1
> uuid=**redacted**
> type=ethernet
> permissions=
> timestamp=1508396493
>
> [ethernet]
> mac-address-blacklist=
>
> [802-1x]
> eap=peap;
> identity=dferradal
> password=**redacted**
> phase2-auth=mschapv2
>
> [ipv4]
> dns-search=
> method=auto
>
> [ipv6]
> addr-gen-mode=stable-privacy
> dns-search=
> method=ignore
>
>
> If there is any more info I can provide, do not hesitate to ask.
> Thanks in advance!
>
>
> --
> Daniel Ferradal
> IT Specialist
>
> email dferradal at gmail.com
> linkedin es.linkedin.com/in/danielferradal



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

network-manager-gnome - Ethernet - Security - 802.1x - Password can't be changed

[Daniel]

Hello,

I'm using debian 9 up to date.

Desktop Environment: Gnome

Scenario: Where I work we connect to the network with Ethernet and
802.1x peap authentication. Each X days passwords expire and we need
to change it.

Problem: When I try to change the password to the new one and I apply
changes everything seems fine (I apply and get no errors), but when I
open the same settings back again the old password still remains, so
the password is not really changed no matter how many times I try.

Workaround so far: The only way I found so far to effectively set the
password is to disable security completely and enable it back again to
define all values from scratch.

Additional info:
Passwords are 32 characters long include uppercase, lowercase, digits,
minus, underline and special characters such as !, $, %, &, etc.

Package list and debian package version:
network-manager 1.6.2-3
network-manager-gnome 1.4.4-1
network-manager-vpnc 1.2.4-4
network-manager-vpnc-gnome 1.2.4-4

Find attached a screenshot which shows the window where I set the password.
"/etc/NetworkManager/system-connections/Profile 1" contents:


[connection]
id=Profile 1
uuid=**redacted**
type=ethernet
permissions=
timestamp=1508396493

[ethernet]
mac-address-blacklist=

[802-1x]
eap=peap;
identity=dferradal
password=**redacted**
phase2-auth=mschapv2

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore


If there is any more info I can provide, do not hesitate to ask.
Thanks in advance!


-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

Re: X crashes when closing one of two running X sessions

[Greg Wooledge]

On Thu, Oct 19, 2017 at 10:06:05AM +0200, Floris wrote:
> Maybe you can find more information in the log messages. /var/log/Xorg.x.log
> gives information about the X server. Or try journalctl to read all log
> messages.

The X log can either be in /var/log/Xorg.*.log or in
~/.local/share/xorg/Xorg.*.log depending on how X is started, in which
version of Debian, on which hardware.

See 

Re: sshfs en umask

[Paul van der Vlis]

Hallo,

Op 12-10-17 om 22:55 schreef Paul van der Vlis:
> Hallo,
> 
> Ik wil bestanden delen via sshfs, en daarom de umask wijzigen.
> 
> Als ik de umask op de client wijzig gaat alles goed. Maar eigenlijk
> lijkt het me beter om de umask op de server te bepalen, de client beheer
> ik soms niet. En wellicht willen er ook mensen met duistere operating
> systemen zoals Windows of MacOS op, waar ik weinig van weet.
> 
> Nu lees ik overal dat je de umask op de server in kunt stellen in
> /etc/ssh/sshd_config met bijvoorbeeld iets als:
> Subsystem   sftp/usr/lib/openssh/sftp-server -u 0002
> of:
> ForceCommand internal-sftp -u 0002
> 
> Maar dat werkt niet bij mij, de umask wordt gewoon zoals ingesteld op de
> client. Iemand een idee waarom het niet werkt, en of er iets tegen te
> doen is?
Het blijkt dat ik de rechten wel kan beperken, maar niet groter kan
maken dan dat ze op de client zijn. Iets als "-u 0222" heeft dus wel effect.

Groeten,
Paul

-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

Re: Firefox_entries

[Alexander V. Makartsev]

Your questions are not associated with Debian in any way.

You should ask it on Mozilla forums and you will find more people there
who are willing to help and has more information about Firefox.
https://support.mozilla.org/en-US/

On 19.10.2017 15:43, mala...@elude.in wrote:
> Firefox_About:config entries
>
> i have not an user.js file.
> - do you know a script for extracting all my [user set only] settings ?
>
>
> pref : user_pref(“xx”, string);
> - could someone tell me which syntax is correct ?
>
> a)   user_pref(“xx”, "");
> b)   user_pref(“xx”, " ");
>
>
> pref :
> browser.search.defaultenginename;data:text/plain,browser.search.defaultenginename
>
> a) does this line set my search settings (default) ?
> b) does this line set my browser.startup.homepage (default)?
> c) could i add it several (xxx, xxx, xxx, e.g.) & is it recommended to do
> it ?
>
>
>
> * i do not want use an add-on/plugin for my settings.
> * firefox does not provide an anonymity/privacy gui_mode.
>

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Debian 9.2 Release

[jan]

Tack för snabbt svar.

mvh
/Janne


On Thu, 19 Oct 2017 13:08:03 +0200
Jonathan Sélea  wrote:

> Stämmer, där laddar du ner Raspbian stretch
> 
> Annars kan du uppdatera dig till det i befintlig raspbian
> 
> 
> On 2017-10-19 10:30, j...@lillahusetiskogen.se wrote:
> > Var hittar man Raspbian 9.2? Jag kollade på debian.org men hittade
> > bara en länk till en version från 2012.
> > Är det den här som gäller (2017-09-07)?
> > https://www.raspberrypi.org/downloads/raspbian/
> >
> > mvh
> > /Janne
> >
> >
> > On Thu, 19 Oct 2017 00:52:19 +0200
> > Luna Jernberg  wrote:
> >
> >> Debian 9.2 är nu släppt för allt
> >>
> >> On 10/10/17, Luna Jernberg  wrote:
> >>> Debian 9.2 är nu släppt: https://www.debian.org/News/2017/20171007
> >>> Uppdaterade precis lite burkar här på jobbet Tibble Gymnasium /
> >>> Täby Friskola och hemma har funkat fint :) och images för
> >>> Raspberry Pi och Raspbian dyker upp om 1 vecka till
> >>>
> >>> Trevlig höst alla GNU/Linux människor :)
> >>>
> 
> 

Re: Debian 9.2 Release

[Jonathan Sélea]

Stämmer, där laddar du ner Raspbian stretch

Annars kan du uppdatera dig till det i befintlig raspbian


On 2017-10-19 10:30, j...@lillahusetiskogen.se wrote:
> Var hittar man Raspbian 9.2? Jag kollade på debian.org men hittade bara
> en länk till en version från 2012.
> Är det den här som gäller (2017-09-07)?
> https://www.raspberrypi.org/downloads/raspbian/
>
> mvh
> /Janne
>
>
> On Thu, 19 Oct 2017 00:52:19 +0200
> Luna Jernberg  wrote:
>
>> Debian 9.2 är nu släppt för allt
>>
>> On 10/10/17, Luna Jernberg  wrote:
>>> Debian 9.2 är nu släppt: https://www.debian.org/News/2017/20171007
>>> Uppdaterade precis lite burkar här på jobbet Tibble Gymnasium / Täby
>>> Friskola och hemma har funkat fint :) och images för Raspberry Pi
>>> och Raspbian dyker upp om 1 vecka till
>>>
>>> Trevlig höst alla GNU/Linux människor :)
>>>




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [OT] Breaking WPA2 by forcing nonce reuse

[Brian]

On Wed 18 Oct 2017 at 21:30:48 -0400, Celejar wrote:

> On Tue, 17 Oct 2017 19:20:08 +0100
> Brian  wrote:
> 
> > On Tue 17 Oct 2017 at 10:57:15 -0400, Celejar wrote:
> > 
> > > On Tue, 17 Oct 2017 08:43:00 +0530
> > > "tv.deb...@googlemail.com"  wrote:
> > > 
> > > > So using https or better for communications on the local network is a 
> > > > good idea, but is it the norm? Many router firmwares or built-in 
> > > > webservers from cameras to printers default to http, sometime don't 
> > > > even 
> > > > offer https as an option.
> > > 
> > > Yes, after I sent my mail I realized that my wirelessly networked
> > > printer is going to be a problem. Some printers apparently support
> > > access via SSL/TLS (IPPS), but it looks like mine (Brother
> > > HL-2280DW) does not. And what are the odds that Brother will do a
> > > firmware update to patch WPA for this some 6 years old model ;)
> > 
> > I, and you, probably, are not dealing with printing confidential
> > documents. Those entities which are should be more concerned.
> 
> I'm not? What happens when I need to print out some sort of financial
> statement?

Ok.

> > > > It's patched in most distributions, and in router firmwares like LEDE 
> > > > already, was patched in some BSD even before publication, but how long 
> > > > before we see a patches for all affected devices?
> > > 
> > > Never - for many / most Android devices, my printer (probably), etc.
> > 
> > A timely fix arrives in Debian. Users who update are once again safe.
> > What more could you ask for? What can you say apart from "thanks"?
> 
> ? Yes, my Debian installations are now safe, and I'm duly thankful to
> the Debian maintainers, the wpa_supplicant developers, the LEDE
> developers, etc., but why should I not be worried and upset about the
> situation with my phone, printer, etc.?

Depends on the level of your concern. There are USB and ethernet
connections to the printer. This might require physical relocation
of the printer but it could be worth it to be worry-free. Or use a 
Debian-based, wireless-enabled print server in close proximity to
the printer.

-- 
Brian.

Firefox_entries

[malakit]

Firefox_About:config entries

i have not an user.js file.
- do you know a script for extracting all my [user set only] settings ?


pref : user_pref(“xx”, string);
- could someone tell me which syntax is correct ?

a)   user_pref(“xx”, "");
b)   user_pref(“xx”, " ");


pref :
browser.search.defaultenginename;data:text/plain,browser.search.defaultenginename

a) does this line set my search settings (default) ?
b) does this line set my browser.startup.homepage (default)?
c) could i add it several (xxx, xxx, xxx, e.g.) & is it recommended to do
it ?



* i do not want use an add-on/plugin for my settings.
* firefox does not provide an anonymity/privacy gui_mode.

Re: (deb-cat) Buidar una bitacola de Systemd

[Narcis Garcia]

$ man journalctl

OPTIONS
-f, --follow
Show only the most recent journal entries, and continuously print new
entries as they are appended to the journal.




__
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 19/10/17 a les 11:20, Jordi Funollet ha escrit:
> No et tindries prou amb un 'journalctl -f' ?
> 
> I crec que tu ja ho saps i que ho fas conscientment, però per a qui
> estigui llegint: compte amb els 'sudo rm -rf' que més d'un ens hi hem
> fet mal. El '-f' no cal excepte en ocasions molt especials. I
> personalment intento fer 'sudo rm' en lloc de 'sudo rm -r', encara que
> em calgui esborrar un parell de subdirectoris a mà.
> --
> Jordi Funollet Pujol
> http://www.linkedin.com/in/jordifunollet
> 
> On Wed, Oct 18, 2017, at 08:34 PM, Narcis Garcia wrote:
>> Acabo de canviar una configuració i vull veure només les errades o
>> advertències a partir de què reinicii un servei.
>>
>> Algú sap com fer l'equivalent a això:
>> $ sudo rm -fr /var/log/gdm/*
>> però amb Systemd / journalctl ?
>>
>> Gràcies.
>>
>> -- 
>>
>>
>> __
>> I'm using this express-made address because personal addresses aren't
>> masked enough at this mail public archive. Public archive administrator
>> should fix this against automated addresses collectors.
>>
> 

Re: sources.list

[Steve Kemp]

> 
>#A sudo vi /etc/apt/sources.list
> 
>shows this:
> 
>deb  http://cdn-aws.deb.debian.org/debian  stretch  main

  Lines beginning with "deb" are used for binary packages.  For
 "source" packages you need a "deb-src" prefix.  Something like
 this:

deb-src  http://cdn-aws.deb.debian.org/debian  stretch  main
deb-src  http://security.debian.org  stretch/updates  main
..

  (Just add those, leave the binary-lines in-place.)

Steve
-- 

Re: sources.list

[Lucio Crusca]

Il 19/10/2017 12:00, don magnify ha scritto:
> # sudo apt-get build-dep python-imaging --fix-missing
>
> get:
>
> "E: You must put some 'source' URIs in your sources.list"

You need to add deb-src lines.

https://debgen.simplylinux.ch/

sources.list

[don magnify]

hi all..


brand new install of Debian 4.9.51-1 on aws. using apt-get for some stuff.
get to run:

# sudo apt-get build-dep python-imaging --fix-missing

get:

"E: You must put some 'source' URIs in your sources.list"

# sudo vi /etc/apt/sources.list

shows this:

deb http://cdn-aws.deb.debian.org/debian stretch main

deb http://security.debian.org stretch/updates main

deb http://cdn-aws.deb.debian.org/debian stretch-updates main


what else do i need to add to /etc/apt/sources.list


thanks...

Re: (deb-cat) Buidar una bitacola de Systemd

[Jordi Funollet]

No et tindries prou amb un 'journalctl -f' ?

I crec que tu ja ho saps i que ho fas conscientment, però per a qui
estigui llegint: compte amb els 'sudo rm -rf' que més d'un ens hi hem
fet mal. El '-f' no cal excepte en ocasions molt especials. I
personalment intento fer 'sudo rm' en lloc de 'sudo rm -r', encara que
em calgui esborrar un parell de subdirectoris a mà.
--
Jordi Funollet Pujol
http://www.linkedin.com/in/jordifunollet

On Wed, Oct 18, 2017, at 08:34 PM, Narcis Garcia wrote:
> Acabo de canviar una configuració i vull veure només les errades o
> advertències a partir de què reinicii un servei.
> 
> Algú sap com fer l'equivalent a això:
> $ sudo rm -fr /var/log/gdm/*
> però amb Systemd / journalctl ?
> 
> Gràcies.
> 
> -- 
> 
> 
> __
> I'm using this express-made address because personal addresses aren't
> masked enough at this mail public archive. Public archive administrator
> should fix this against automated addresses collectors.
> 

extundelete usage

[Lucio Crusca]

I need to recover a deleted file (no backup available obviously). The 
file was


/var/lib/libvirt/images/i5s.raw

As soon as I deleted it, I realized it was the wrong file to delete and 
I unplugged the power chord. Then I booted systemrescuecd and mounted 
the filesystem readonly.


root@sysresccd /mnt % mkdir /mnt/linux
root@sysresccd /mnt % mount -o ro /dev/mapper/vg0-root /mnt/linux

However the file wasn't there anymore:

root@sysresccd /mnt % ls /mnt/linux/var/lib/libvirt/images/i5s.raw
ls: cannot access /mnt/linux/var/lib/libvirt/images/i5s.raw: No such 
file or directory


I unmounted the filesystem and made a block level working copy with dd 
onto /dev/md1 (a raid volume I created for the task).


Finally I tried with extundelete:

root@sysresccd /mnt % extundelete --restore-file 
var/lib/libvirt/images/i5s.raw -o /mnt/custom/ /dev/md1

NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 14900 groups loaded.
Loading journal descriptors ... 30765 descriptors loaded.
Unable to restore inode 64618558 (var/lib/libvirt/images/i5s.raw): No 
undeleted copies found in the journal.

Unable to restore file var/lib/libvirt/images/i5s.raw
extundelete: Operation not permitted while restoring file.
extundelete: Operation not permitted when trying to examine filesystem

Some questions:

1) Does "Unable to restore inode 64618558" mean that extundelete 
actually found my file at that inode, but it cannot recover it for some 
other reason?


2) What does "No undeleted copies found in the journal" mean? I guess 
that if there where undeleted copies, I'd already had recovered my file, 
right?


3) Why am I getting "Operation not permitted"? Can that be the reason 
why extundelete cannot recover it? But I'm root...


4) Is there any chance I can recover that file in this situation?

Thanks in advance for any help.

Re: Debian 9.2 Release

[jan]

Var hittar man Raspbian 9.2? Jag kollade på debian.org men hittade bara
en länk till en version från 2012.
Är det den här som gäller (2017-09-07)?
https://www.raspberrypi.org/downloads/raspbian/

mvh
/Janne


On Thu, 19 Oct 2017 00:52:19 +0200
Luna Jernberg  wrote:

> Debian 9.2 är nu släppt för allt
> 
> On 10/10/17, Luna Jernberg  wrote:
> > Debian 9.2 är nu släppt: https://www.debian.org/News/2017/20171007
> > Uppdaterade precis lite burkar här på jobbet Tibble Gymnasium / Täby
> > Friskola och hemma har funkat fint :) och images för Raspberry Pi
> > och Raspbian dyker upp om 1 vecka till
> >
> > Trevlig höst alla GNU/Linux människor :)
> >
> 

Re: Lightweight Audio-Only DLNA player

[Floris]

Op Wed, 18 Oct 2017 15:06:13 +0200 schreef Rob McCathie  
:



On 17/10/17 23:37, Robert Latest wrote:

Hello,

there's plenty of DLNA capable media players around, but all of them
(or at least, all that I could find) are gargantuan packages with tons
of functionality and dependencies that I don't need or want. This is
supposed to run audio-only on a small headless SBC with a USB
connected DAC, nothing else.

Thanks,
robert



minidlna is not suitable?

--
Regards,

Rob McCathie



isn't minidlna a DLNA server instead of a client?

Floris

Re: X crashes when closing one of two running X sessions

[Floris]

Op Wed, 18 Oct 2017 18:13:39 +0200 schreef Robert Arkiletian  
:



Using Debian Stretch x86_64. I don't use a greeter like lightdm. I
just log in at the virtual terminal, then startx (xfce desktop). I
like to use multiple accounts (running X) at the same time on
different virtual terminals (eg. ctrl-alt-f1  ctrl-alt-f2)

All is fine until I exit (shutdown) one X session, then the other
running X session freezes and then after a little while crashes. Any
ideas on how to find or diagnose what's causing this issue are much
appreciated.

Thanks



Maybe you can find more information in the log messages.  
/var/log/Xorg.x.log gives information about the X server. Or try  
journalctl to read all log messages.


Floris

Re: dictionnaire

[bernard . schoenacker]

- Mail original -

> De: "Yuwen Dai" 
> À: "bernard schoenacker" 
> Cc: debian-user-french@lists.debian.org
> Envoyé: Jeudi 19 Octobre 2017 08:38:57
> Objet: Re: dictionnaire

> Bonjour Bernard,

> Je trouve que je peux utiliser aspell-fr dans Emacs, c'est plus
> facile que dicollecte. En effect, je travaille quotidiennement avec
> Emacs. Merci quand même!

> bonne journée
> yuwen

bonjour, 

grammalecte est un correcteur grammatical couplé à un correcteur orthographique 

slt 
bernard 

Re: dictionnaire

[Yuwen Dai]

Bonjour Bernard,

Je trouve que je peux utiliser aspell-fr dans Emacs,  c'est plus facile que
dicollecte.  En effect,  je travaille quotidiennement avec Emacs.  Merci
quand même!

bonne journée
yuwen

Le 12 octobre 2017 à 10:55,  a écrit :

> bonjour,
>
> voici un autre lien : https://www.dicollecte.org/
>
> il serait sage de passer par autre chose que Gedit :
>
> Emacs
> Vim
>
> slt
> bernard
>

Re: removing of sddm (debian 9 -kde5) to start in console mode then startx to start kde5

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Oct 18, 2017 at 07:22:53PM -0400, Felix Miata wrote:
> Ionel Mugurel Ciobîcă composed on 2017-10-18 20:47 (UTC+0200):
> 
> > I never understood the need for desktop managers. I use Debian since
> > hamm and Linux/Unix since 1995. My take is that desktop managers are
> > for people more used to microsoft OS'. Why do I need to click on
> > something when the xterm I type in can call any program I need?... 
> 
> Finding a wanted app to run from a classified tree list of 30 or 40 or 50 or
> more applications is easier for most people than remembering the name and any
> required startup options to type, both for those uncommonly used, and even for
> the commonly used ones if there are more than a scant few such.

All generalizations suck.

My experience is that there's some tension between "easy to learn for a
newcomer" and "ergonomic for an experienced user". And my hunch is that,
in the last decennium, the "newcomer" part has been overemphasized to
a paradoxical level, where even the newcomers aren't treated very well
(an over-padded desktop environment which behaves erratically because
their creators don't master its exploding complexity[1] *is*
user-unfriendly, after all).

I think we should strive for a continuum which welcomes newcomers but
offers them a path towards experienced users they may follow if they
wish. Baroque complexity and arbitrary barriers (here users, there
sysadmins, yonder app programmers and far out, system programmers)
don't help.

The worst part is that nowadays there are strong financial incentives
in keeping users dumb. Watch the silos of Apple, Microsoft, Google,
Facebook et al. to see what I mean.

Cheers

[1] And no, I don't think Gnome's or KDE's creators are idiots, on
   the contrary. But I definitely believe they've fallen to one of
   the programmers "virtues" (Larry Wall): hubris.

- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnoRfkACgkQBcgs9XrR2kb9hgCcClRTCCRavUMeLvzRkFFRCz9X
GaUAn00so0+WlID82DN3ZNLAhjHHaoLp
=lEYB
-END PGP SIGNATURE-