Re: (deb-cat) Sticky-enganxos pel propietari de directori

[Narcis Garcia]

El propi grup principal de l'usuari (->gid) també actua com a «grup per
defecte», doncs si un directori està marcat amb g+s ja preval el grup
del directori per a nous elements per sobre del grup que aplica l'usuari
de forma predeterminada.
Així doncs, el mateix comportament hauria de tenir u+s per davant de la
màscara (umask).




__
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 28/11/17 a les 20:56, Robert Marsellés ha escrit:
> 
> 
> El 28/11/17 a les 20:19, Narcis Garcia ha escrit:
>> La meva proposta és per a què s'heretin només els permisos r,w,s
>>
>>
> 
> Per curiositat i per allò de pensar amb els pros i contres de les
> propostes. D'aquesta forma que proposes deixaria de tenir sentit
> mantenir a la vegada la màscara per defecte 0022 per usuari i per grups
> ¿Correcte? ¿Quina de les 2 versions de donar permisos és/sembla més útil
> a la majoria dels usuaris?
> 
> robert
> 

Re: Upgrading from very-old Debian

[Michael Fothergill]

>
>
>>
>>>
>>>
>>
>>> As a friendly recommendation:
> If it was about me, I would encourage to backup the home directories as
> well as mail or similar, depending what other kind of services running
> under the particular system.
>
> Backup the data to an external usb drive or the whole source drive if you
> are keen on that, for example. Then do a "clean" install of a new system on
> the original drive. Otherwise you might run into issues, where you might
> miss out on an important package, if you snapshot upgrade one by one.
>

​I agree here.  Forget about rummaging through the last 5 years of
Icelandic telephone directories; phooey to creating a cyclical re-run of
the monolith scene from 2001 space odyssey, let the romantic notion of
upgrading from the operating system of an ancient Egyptian abacus to a yet
to be constructed quantum computer wither and fade away

And back up your work files etc and

reinstall stretch "Jessieson"

​and sing the title track song from the sound of music NOT the one about
climbing every mountain etc.

​Why bother?

Cheers

MF

​

Re: Désinstallation et réinstallation

[didier gaumet]

Le 28/11/2017 à 17:54, stephane.le...@free.fr a écrit :
> Bonjour à tous,
> 
> J'ai besoin d'aide. On m'a installé Debian et je dois faire echap avant que 
> l'ordi cherche à réparer : "préparation de la réparation automatique" puis 
> "diagnostic de votre ordinateur" et cela en boucle (et je n'ai plus accès à 
> Windows : j'aurais aimé le garder).
> 
> Quelqu'un pourrait-il m'aider?

Bonjour,

Le plus simple serait probablement de demander à la personne qui t'a
installé Debian de se pencher sur ton cas.
Le problème que tu signales me semble être du fait de Windows et si tu
veux garder ce dernier, je pense qu'il faut le réparer (voire le
réinstaller si le "réparateur" Windows ne s'en sort pas...

Re: Désinstallation et réinstallation

[Étienne Mollier]

Stéphane Lebel, le 2017-11-28 :
> Bonjour à tous,

Bonjour Stéphane,


> J'ai besoin d'aide. On m'a installé Debian et je dois faire
> echap avant que l'ordi cherche à réparer : "préparation de la
> réparation automatique" puis "diagnostic de votre ordinateur"
> et cela en boucle (et je n'ai plus accès à Windows : j'aurais
> aimé le garder).
>
> Quelqu'un pourrait-il m'aider?

Les réparations de Windows ne sont pas le sujet principal de la
liste, mais on va tout de même voir ce qu'on peut faire ; la
question revient de temps en temps à la suite d'installations
malheureuses.  :(

Allons y méthodiquement...
Si une étape coince, ou si vous avez besoin de plus de détails,
n'hésitez pas à répondre à la liste de diffusion, en particulier
en indiquant le message d'erreur, s'il s'en présente.


1. Sauvegardes

La première chose à faire, si ce n'est déjà le cas et si vous
avez commencé à travailler avec votre Debian, est de sauvegarder
votre répertoire utilisateur sur un disque externe.

Si vous pouvez également accéder à vos partitions Windows depuis
votre Debian, en installant le paquet ntfs-3g par exemple, alors
une sauvegarde de vos données stockées sous Windows serait aussi
la bienvenue.

Si vous avez déjà fait des sauvegardes, ce qui devrait être le
cas normalement[1], alors vérifiez simplement qu'elles sont assez
récentes et toujours lisibles.


2. Réparations

À moins que vous n'ayez pas de données à sauvegarder, n'allez pas
plus loin tant que vos sauvegardes ne sont pas vérifiées.  Ces
« réparations » peuvent potentiellement nécessiter de détruire
les données présentes sur le disque de votre machine pour
remettre le système d'aplomb.

Saisissez vous de votre ISO/CD/DVD de Windows, et votre clé de
licence, il se peut que vous en ayez besoin.  Si vous n'avez pas
un tel disque, il me semble que Microsoft distribue les ISO
d'installation de son système quelque part sur son site web.
Prenez bien la version qui correspond à l'OS que vous avez acheté
dans ce cas.

Normalement, en démarrant sur cette ISO, vous devriez vous voir
proposer un utilitaire de réparation qui devrait remettre en état
(au pire, réinstaller) votre partition Windows (dans mes
souvenirs, le disque d'installation de Windows 7 proposait un tel
mode de réparation, je n'ai pas encore eu l'occasion de constater
ça sur des versions plus récentes, mais j'imagine que ça existe
toujours).  Si vous souhaitez toujours installer Debian, et que
l'utilitaire de partitionnement de Microsoft vous le permet,
n'allouez pas tout le disque pour Windows, mais laissez de
l'espace pour Debian.  Vous n'aurez ainsi pas besoin d'effectuer
de redimensionnement de partition, potentiellement source de
casse.

Si la réparation se passe bien et que votre Windows démarre,
alors désactivez le « Fast boot » puis redémarrez sur l'ISO
Debian en suivant le manuel d'installation[2].  Il est peut-être
possible que cette réinstallation ne soit pas nécessaire, mais ça
dépendra fortement du résultat de la « réparation ».

Étant donné les symptômes que vous décrivez, je soupçonne le
mécanisme de « Fast Boot » de vous avoir fait des misères[3].
Mais je peux me tromper, notamment si vous avez réussi à accéder
à la partition Windows depuis Debian lorsque vous avez effectué
vos sauvegardes avant opérations.


3. Restauration

Restaurez vos données depuis les sauvegardes, en particulier si
les partitions qui stockaient vos données on dû être supprimées
pendant la manipulation.


Évitez le bouton « Shutdown » de Windows à l'avenir, il en fait
moins que ce qu'il est censé faire, préférez un « Restart », vers
Debian.  ;)


En espérant que ça puisse vous aider,
Librement,
-- 
Étienne Mollier 

[1] https://www.debian.org/releases/stable/amd64/ch03s02.html.fr
[2] https://www.debian.org/releases/stable/amd64/index.html.fr
[3] 
https://www.debian.org/releases/stable/amd64/ch03s06.html.fr#disable-fast-boot

Re: Upgrading from very-old Debian

[Umarzuki Mochlis]

2017-11-29 14:45 GMT+08:00 Jan :
>
>
> On 28.11.2017 17:58, The Wanderer wrote:
>>
>> On 2017-11-28 at 11:53, Patrick Bartek wrote:
>>
>>> On Tue, 28 Nov 2017 10:28:57 -0500 The Wanderer
>>>  wrote:
>>>
 I've run across someone who says her machine is running Debian
 oldoldoldstable or maybe even oldoldoldoldstable, and who
 consequently can't upgrade to newer Debian.

 I seem to recall that there *is* a way to do step-wise upgrades of
 such old systems, i.e. upgrading from oldoldoldoldstable to
 oldoldoldstable, then to oldoldstable, then to oldstable, then to
 stable. However, I'm stumped as to how to actually get started on
 doing that.

 The last few steps of this are straightforward; oldoldstable is
 still available in the repos, as far as I'm aware. The first ones
 are more of a problem; if I understand matters correctly, anything
 prior to oldoldstable is removed from the live repos, although its
 .deb files are still maintained on e.g. snapshot.debian.org. (Which
 doesn't really suffice for the equivalent of a dist-upgrade,
 because you'd have to manually download all the correct .debs by
 hand and then install them with dpkg.)

 Is there in fact a way to manage the first steps of this stepwise
 upgrade, from one aged-out-of-the-repos release to another?

 If so, any pointers to information on how to go about it?
>>>
>>>
>>> Save yourself time and lots of problems, back up your data and do a
>>> clean install of the current Debian release.
>>
>>
>> A: This isn't me, this is someone I encountered.
>>
>> B: That's not always a viable option, depending on the circumstances.
>> It's probably the easier option when it is viable, but that doesn't mean
>> it should be the only option considered, for cases when something else
>> may be more viable.
>>
>>> To do what you want requires dist-upgrading each release, in order,
>>> one-at-a-time, then troubleshooting each dist-upgrade once done with
>>> no guarantees it will work.
>>
>>
>> Yes, of course. That's established procedure, and it's entirely
>> reasonable to expect people to follow it. (Is there any reason it
>> shouldn't work, when it worked for people at the time when those
>> releases were made?)
>>
>>> Be sure to read and explicitly follow the dist-upgrade instructions
>>> in the Release Notes for each release. Many times there are special
>>> things that must be done. Just dist-upgrading from your current old
>>> install to Stretch, skipping all those inbetween is "not
>>> recommended," meaning it won't work.
>>
>>
>> Of course. That's exactly why accessible repositories containing those
>> older releases are needed; my question was about how / where to manage
>> those, and that was answered in the first reply.
>>
>
> As a friendly recommendation:
> If it was about me, I would encourage to backup the home directories as well
> as mail or similar, depending what other kind of services running under the
> particular system.
>
> Backup the data to an external usb drive or the whole source drive if you
> are keen on that, for example. Then do a "clean" install of a new system on
> the original drive. Otherwise you might run into issues, where you might
> miss out on an important package, if you snapshot upgrade one by one.
>
> Running such a old and obsolete system is not only a security risk, but also
> in other areas where improvements has been made, you miss out on a lot. This
> was not the question of course, but it simply doesn't make much sense to
> keep such an old operating system around which is not even actively
> supported by documentation or people likewise anymore.
>
> And it might not simply be worth the hassle to upgrade step by step,
> possible breaking something in the process and troubleshoot why one package
> depends on another or crippling other services, having obsolete folders or
> even configuration files and settings laying around, which are not needed
> anymore. As stated by other people here, it might and perhaps will, take
> much longer time to troubleshoot everything or simply end up to be
> impossible to do correctly.
>
> Better clean and start from scratch install with a known supported
> installation.
> Ensure just to backup mail(dirs), mail, .ssh, .config or similar folders in
> "home" (or better the whole home folders" or "var" or other locations which
> might contain data you need. Or "etc" for configuration settings - but "etc"
> content, might and will most likely have changed dramatically depending on
> what was installed previously.
>
> To backup the software list of what was installed on the system, I would use
> something like an "apt list | grep installed" and pipe the output into a
> file. But for "apt-get" this does not seem to be an option, so perhaps
> theres another way to get a list of installed packages using dpkg or such,
> I'm just not aware of that.
> This way, you can 

Re: Debian 8 and Debian 9 Dual Boot

[Michael Fothergill]

On 29 November 2017 at 03:15, Dan Norton  wrote:

>
> On 11/13/2017 01:55 PM, Joe wrote:
>
> On Mon, 13 Nov 2017 11:01:27 -0500
> Dan Norton   wrote:
>
>
>
> Although I didn't say so, each install would have its own set of
> directories. Please say more about how to mount the other
> installation and share data. How to mount things in another volume
> group?
>
>
> Good advice so far, but to add a bit: all LVM groups will be seen at
> boot, and /dev will know about them. See man lvm2 and also here:
> https://wiki.debian.org/LVM  for complete information about the
> commands you have available. There are also numerous tutorials on the
> Net which show basic usage of the simpler commands. It's worth having a
> look when you have some spare time, as one day you'll need to know some
> of this and won't have any spare time.
>
>
> Reading the wiki reveals "Grub and ? LiLo
> are not compatible with LVM, so /boot should be outside the storage disk
> managed by LVM." Here's what I have:
>
> Attempts to boot normally do not work. But using Super Grub2 on a bootable
> cd and selecting "Boot manually" and picking the hd1 entry brings up the
> jessie system that the installer reports as successfully installed on sda3.
> Using fdisk to take a look:
>
> dan@debian8:~$ sudo fdisk /dev/sda
> Command (m for help): p
> Disk /dev/sda: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
> Units: sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disklabel type: gpt
> Disk identifier: A615A904-0620-459F-BF44-5E53E54FDF24
>
> Device StartEndSectors   Size Type
> /dev/sda1   2048 411647 409600   200M BIOS boot
> /dev/sda2 411648   16783359   16371712   7.8G Linux swap
> /dev/sda3   16783360  151001087  13421772864G Linux LVM
> /dev/sda4  151001088  285218815  13421772864G Linux LVM
> /dev/sda5  285218816  419436543  13421772864G Linux LVM
> /dev/sda6  419436544  553654271  13421772864G Linux LVM
> /dev/sda7  553654272 1953525134 1399870863 667.5G Linux filesystem
>
> Is there a problem here?
>

​I have been using Supergrub for ages now.   If you use Gentoo as I do you
appreciate the irritation of continuous babysitting of grub2 every time
you reconfigure the kernel (e.g. after setting up the long winded nonsense
required to make a firewall work properly) then grub tends to go awol
and requires TLC, massage therapy and soft music to start working
properly.

Meanwhile you will feel so frustrated that you want to chew on barbed wire
etc.

But supergrub is cool.  It is like a bloodhound.  You just can't fool it.  ​

The more you use it the dumber you feel using grub2 until you have finally
sorted the gripes and things have calmed down and stabilised - usually a
month later.

Remember the scene from 2001 space odyssey where the monkey throws the
bones up in the air.

​Do the same with grub2, then use supergrub until things work and then
de-evolve again and vegetate in this area as I do.

Cheers​

​MF​

>
> dan@debian8:~$ df -h
> FilesystemSize  Used Avail Use% Mounted on
> /dev/dm-0 9.1G  3.0G  5.7G  35% /
> udev   10M 0   10M   0% /dev
> tmpfs 775M  9.0M  766M   2% /run
> tmpfs 1.9G   68K  1.9G   1% /dev/shm
> tmpfs 5.0M  4.0K  5.0M   1% /run/lock
> tmpfs 1.9G 0  1.9G   0% /sys/fs/cgroup
> /dev/sda1 992K  142K  851K  15% /boot/efi
> /dev/mapper/debian8--vg-var   8.2G  1.3G  6.4G  17% /var
> /dev/mapper/debian8--vg-home  9.1G  356M  8.3G   5% /home
> /dev/mapper/debian8--vg-tmp   268M  2.1M  247M   1% /tmp
> tmpfs 388M  4.0K  388M   1% /run/user/115
> tmpfs 388M   12K  388M   1% /run/user/1000
>
>
> Doesn't this satisfy the statement that "/boot should be outside the
> storage disk managed by LVM" since it is on sda1?
>
> Look in /etc/fstab for lines beginning /dev/mapper/[volume] which will
> be the volumes mounted in the running installation. The 'mapper' is
> turning LVM volumes into things which look like partitions for many
> purposes.
>
>
> Here is fstab:
> # /etc/fstab: static file system information.
> #
> # Use 'blkid' to print the universally unique identifier for a
> # device; this may be used with UUID= as a more robust way to name devices
> # that works even if disks are added and removed. See fstab(5).
> #
> #
> /dev/mapper/debian8--vg-root /  ext4errors=remount-ro
> 0   1
> # /boot/efi was on /dev/sda1 during installation
> UUID=B07E-1F0B  /boot/efi   vfatumask=0077  0   1
> /dev/mapper/debian8--vg-home /home  ext4defaults
> 0   2
> /dev/mapper/debian8--vg-tmp /tmp

Re: Upgrading from very-old Debian

[Jan]

On 28.11.2017 17:58, The Wanderer wrote:

On 2017-11-28 at 11:53, Patrick Bartek wrote:


On Tue, 28 Nov 2017 10:28:57 -0500 The Wanderer
 wrote:


I've run across someone who says her machine is running Debian
oldoldoldstable or maybe even oldoldoldoldstable, and who
consequently can't upgrade to newer Debian.

I seem to recall that there *is* a way to do step-wise upgrades of
such old systems, i.e. upgrading from oldoldoldoldstable to
oldoldoldstable, then to oldoldstable, then to oldstable, then to
stable. However, I'm stumped as to how to actually get started on
doing that.

The last few steps of this are straightforward; oldoldstable is
still available in the repos, as far as I'm aware. The first ones
are more of a problem; if I understand matters correctly, anything
prior to oldoldstable is removed from the live repos, although its
.deb files are still maintained on e.g. snapshot.debian.org. (Which
doesn't really suffice for the equivalent of a dist-upgrade,
because you'd have to manually download all the correct .debs by
hand and then install them with dpkg.)

Is there in fact a way to manage the first steps of this stepwise
upgrade, from one aged-out-of-the-repos release to another?

If so, any pointers to information on how to go about it?


Save yourself time and lots of problems, back up your data and do a
clean install of the current Debian release.


A: This isn't me, this is someone I encountered.

B: That's not always a viable option, depending on the circumstances.
It's probably the easier option when it is viable, but that doesn't mean
it should be the only option considered, for cases when something else
may be more viable.


To do what you want requires dist-upgrading each release, in order,
one-at-a-time, then troubleshooting each dist-upgrade once done with
no guarantees it will work.


Yes, of course. That's established procedure, and it's entirely
reasonable to expect people to follow it. (Is there any reason it
shouldn't work, when it worked for people at the time when those
releases were made?)


Be sure to read and explicitly follow the dist-upgrade instructions
in the Release Notes for each release. Many times there are special
things that must be done. Just dist-upgrading from your current old
install to Stretch, skipping all those inbetween is "not
recommended," meaning it won't work.


Of course. That's exactly why accessible repositories containing those
older releases are needed; my question was about how / where to manage
those, and that was answered in the first reply.



As a friendly recommendation:
If it was about me, I would encourage to backup the home directories as 
well as mail or similar, depending what other kind of services running 
under the particular system.


Backup the data to an external usb drive or the whole source drive if 
you are keen on that, for example. Then do a "clean" install of a new 
system on the original drive. Otherwise you might run into issues, where 
you might miss out on an important package, if you snapshot upgrade one 
by one.


Running such a old and obsolete system is not only a security risk, but 
also in other areas where improvements has been made, you miss out on a 
lot. This was not the question of course, but it simply doesn't make 
much sense to keep such an old operating system around which is not even 
actively supported by documentation or people likewise anymore.


And it might not simply be worth the hassle to upgrade step by step, 
possible breaking something in the process and troubleshoot why one 
package depends on another or crippling other services, having obsolete 
folders or even configuration files and settings laying around, which 
are not needed anymore. As stated by other people here, it might and 
perhaps will, take much longer time to troubleshoot everything or simply 
end up to be impossible to do correctly.


Better clean and start from scratch install with a known supported 
installation.
Ensure just to backup mail(dirs), mail, .ssh, .config or similar folders 
in "home" (or better the whole home folders" or "var" or other locations 
which might contain data you need. Or "etc" for configuration settings - 
but "etc" content, might and will most likely have changed dramatically 
depending on what was installed previously.


To backup the software list of what was installed on the system, I would 
use something like an "apt list | grep installed" and pipe the output 
into a file. But for "apt-get" this does not seem to be an option, so 
perhaps theres another way to get a list of installed packages using 
dpkg or such, I'm just not aware of that.
This way, you can then, after some cleanup in an editor for example, 
pipe the output of listed installed packages into the new system 
apt/apt-get and reinstall as available in the repository everything that 
was installed earlier, most likely.


Of course, after the home directories have been created accordingly 
using add user and copy 

Re: software to do drawings of houses, gardens, etc.

[Erik Christiansen]

On 28.11.17 21:41, Emanuel Berg wrote:
> Erik Christiansen wrote:
> 
> > After trying to get various GUI drawing
> > packages to function at the most basic level,
> > and failing to produce anything, I'm just
> > finishing the 8 drawings for my new house
> > build (floor plan, elevations, sections, and
> > site plan), using raw postscript. That has
> > proven a better fit for a retired programmer.
> > [...]
> 
> Sounds *great* and my thinking/style is exactly
> the same!
> 
> Do you mind sharing the source and Makefile?

It's not necessary to build anything - I've just defined a few
postscript procedures at the start of the postscript document.
Job done.

On 28.11.17 21:45, Emanuel Berg wrote:
> Erik Christiansen wrote:
> 
> > Interesting ... I had not heard of it
> > previously. Looking at it on wikipedia, I see
> > "Most operations in Xfig are performed using
> > the mouse," For the first, I've had no luck
> > mouse-wrangling GUI drawing packages - it's
> > all so counter-intuitive, and nothing works
> > for me. For the second, after my 8 drawings
> > I cannot imagine how I'd mouse-wrangle
> > something as simple as a wall cross-section
> > with complete positional and dimensional
> > precision. In postscript, it's just:
> >
> > /wall_height 2700 def % X Y X Y 3600 0 moveto
> > 100 wall_height box % Let's put it at 3600 mm
> > from origin, % at floor level.
> 
> This is, again, exactly what I want. Is there
> a collection somewhere of the postscript syntax
> or how did you pick it up?

The Adobe book "Postscript Language Reference", third edition, is useful
for looking up commands, but the bulk of the text is prolix and obtusely
dense reading.

Better for readability and examples is the BLUEBOOK.PDF, which is the
first hit on a google for "postscript blue book".

Two methods of specifying paper size are required for both printers and
software packages to pick it up. I found a way that works, by googling.

What I've put together is only a beginning - enough to satisfactorily
complete one drafting job of 8 drawings. It's only one way to do it.
(And a couple of things would need generalising, e.g the WC and kitchen
sink are currently just drawn in situ, rather than being in a procedure.

One thing which makes editing 840 lines of postscript more manageable
has nothing to do with the language. Enabling Vim's text folding renders
the entire document as 26 lines of top level headings. That greatly
simplifies navigating. (Though I also use search on the comments.)

If there's a place to put an example and some very basic howto guff -
enough for someone to get started, then I could clean up what I have,
and put together a little bit of intro text. (There'd need to be some
explanation of the way I chain and abut walls of differing rotation to
build rooms and dividers.)

After that, the seed can be grown into anything you care to program.

Erik

Re: open on nfs server -> resource temporarily unavailable

[Salvatore Bonaccorso]

Hi Andrey

> Hello *,
>   creating a file in the directory exported by the NFS server
> sometimes returns an error - "resource temporarily unavailable",
> when a client on importing computer is keeping reading that file.
> 
> serv:~# cat /etc/exports
> /home/me/data-t   cli(ro,sync,no_subtree_check)
> 
> serv:~# systemctl restart nfs-kernel-server
> 
> cli:~# cat /etc/fstab
> ...
> mhfpklytsserv:/home/me/data-t /home/me/dt nfs noauto,ro,noac,user 0 0
> 
> me@cli:~$ mount dt
> me@cli:~$ mount
> ...
> serv:/home/me/data-t on /home/me/dt type nfs4 
> (ro,nosuid,nodev,noexec,relatime,sync,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,acregmin=0,acregmax=0,acdirmin=0,acdirmax=0,hard,noac,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.209.174,local_lock=none,addr=192.168.238.113,user=me)
> 
> It could be provoked in a few minutes by running on the server serv:~$ while 
> : ; do date > data-t/now.txt; sleep 1; done
> 
> 
> while on the client computer
> me@cli:~$ while : ; do cat dt/now.txt; sleep 1; done
> 
> After a while (it's unpredictable might take up 10 minutes or a few seconds,
> but in average about 2 minutes)
> on the server I get:
> data-t/now.txt: Resource temporarily unavailable
> 
> Lesser 'sleep', of 0.2 for ex., doesn't necessarily make the error appear 
> quicker.
> Also it doesn't depend whether a directory is exported read-only or 
> read-write.
> But without reading client the error never appears.
> 
> To narrow down the case a bit I made a test on 'C' for the server
> which does the same thing as the script above - just writing down a date in 
> the same file
> - but checking an error on creating a file and writing to it.
> 
> Sometimes error appears just in a few seconds:
> serv:~$ date;./tnfs-open data-t/now.txt ;date
> Mon Aug  1 18:58:23 CEST 2016
> open fd=-1 errno=11 -> Resource temporarily unavailable
> Mon Aug  1 18:58:25 CEST 2016
> 
> serv:~$ errno 11
> EAGAIN 11 Resource temporarily unavailable
> 
> I am at a loss :(
> 
> my system on the server and the client computes is the same Debian 8.5

Were you ever able to narrow down the issue? I'm able to reproduce the issue
easily as well just on localhost doing the following on a Debian 8, running
3.16.43-2+deb8u5 or 3.16.48-1, but the issue seems disapeared (or at least
harder to reproduce in 4.9, when installed from jessie-backports):

Sort of "minimal" reproducing steps:

# apt-get install nfs-kernel-server
# mkdir -p /srv/test
# echo '/srv/test *' >> /etc/exports
# systemctl restart nfs-kernel-server.service
# mount localhost:/srv/test /mnt

1. terminal
# while : ; do date >/srv/test/foo ; sleep 1 ; done

2. terminal
# while : ; do cat /mnt/foo ; sleep 1 ; done

I'm currently trying to bisect the issue. But since in the good cases it's not
clear if it's always fixed I can only guess at the moment that the 4.9 claim is
true.

Were you sucessful on isolating the issue?

Regards,
Salvatore

[SOLUCIONADO] Configurar manualmente una red wifi.

[divagante]

 Mensaje reenviado 
Asunto: Re: Configurar manualmente una red wifi.
Fecha: Wed, 29 Nov 2017 02:28:35 -0300
De: divagante 
A: debian-user-spanish@lists.debian.org


  Bien, aplique los pasos de la guia de geekland, mas algo de howtouse wifi
en debian: https://wiki.debian.org/WiFi/HowToUse#connman

  Los resultados no fueron del todo satisfactorios, debido a que hay cierto
problema con el DNS. Puedo conectarme al router, establecer una ip fija,
pero no tengo salida a internet.
  Bueno, al menos en el navegador ya que si hago un ping 8.8.8.8 (DNS google)
los paquetes son enviados y recibidos.

  Hice un nmap -sn y en efecto veo el router, se conecta, pero sale un aviso
o advertencia sobre los DNS. Lamentablemtne lo copie en el portapapeles y al
reiniciar se borro. :(


  Primero utilice en el archivo /etc/network/interfaces el parametro
dns-nameservers pero no resulto!
  Luego intente escribir el archivo /etc/resolv.conf y colocar alli un DNS
pero no me lo permite! no lo puedo crear o escribir ni como root!?!?

  Ahora que vuelvo a ver el archivo y activar networkmanager este mismo pudo
escribir en el al menos 3 ips y otras en ipv6 tambien..

  La configuracion de /etc/network/interfaces que utilize es esta:

(lo copio todo por la linea del "source", hace una referencia a donde aun no
coloque nada)

Se puede apreciar tambien que numere (#) dos parametros primero uno y luego
el otro a ver si la situacion cambiaba, pero no se conecto y el mensaje de
los DNS mostrado por nmap persistio. reiniciando cada vez el equipo para
refrescar la red ya que con systemd no se como dar de baja y alta la
interfaz de red (ppfff..). Los viejos comandos ya no sirven :(

=

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
address 192.168.2.123
netmask 255.255.255.0
#   broadcast 192.168.0.255
gateway 192.168.2.1
#   dns-nameservers 8.8.8.8
wpa-ssid TeleCentro-
wpa-psk 6909729dc24a6f84d4f217a1c09ab14c

=


¿Tu router asigna ips por dhcp? verifica que no tengas conflictos.


Si, aunque si coloco ips fijas mediante networkmanger o en el archivo 
interfaces para ethernet nunca tuve problema.



Si usaste esa misma dirección de broadcast, esta fuera de tu red.


 jeje.. habia editado para ocultar valores reales. No problem con esto.


En tu caso el que tiene los dns es el router intenta dar la dirección
del router para el dns.


 Si! apenas vi esta respuesta sabia que la iva a aplicar! y pense que 
con exito pero no!! :(
 lo mismo que antes.. ping a 8.8.8.8 (DNS google) bien, pero no se 
conecta a ningun sitio.


 Tambien estuve leyendo la wiki de debian respecto a DNS, con lo cual 
probare una solucion instalando resolvconf y definiendo a estos en el 
interfaces.


 Otro link (del 2012, no se si el sistema tiene o no systemd) asegura 
que mientras se tenga networkmanager instalado este borra el contenido 
de /etc/resolv.conf


http://www.forosdelweb.com/f92/reiniciar-vps-archivo-etc-resolv-conf-le-borran-dns-1020844/

 Su solucion fue desinstalarlo de raiz. Tambien tengo esta opcion.
 Bueno, luego me estare autorespondiendo espero que con la solucion.


 Pude conectarme mediante wireless sin network-manager aplicando los 
pasos entendidos hasta aqui e instalando resolvconf, una entre 
soluciones que brinda la wiki de debian al respecto de resolv.conf y 
seleccion de dns. Hay otras soluciones! enfatizo leer el articulo.


 Saludos y gracias.

https://wiki.debian.org/resolv.conf

Re: Configurar manualmente una red wifi.

[divagante]

  Bien, aplique los pasos de la guia de geekland, mas algo de howtouse wifi
en debian: https://wiki.debian.org/WiFi/HowToUse#connman

  Los resultados no fueron del todo satisfactorios, debido a que hay cierto
problema con el DNS. Puedo conectarme al router, establecer una ip fija,
pero no tengo salida a internet.
  Bueno, al menos en el navegador ya que si hago un ping 8.8.8.8 (DNS google)
los paquetes son enviados y recibidos.

  Hice un nmap -sn y en efecto veo el router, se conecta, pero sale un aviso
o advertencia sobre los DNS. Lamentablemtne lo copie en el portapapeles y al
reiniciar se borro. :(


  Primero utilice en el archivo /etc/network/interfaces el parametro
dns-nameservers pero no resulto!
  Luego intente escribir el archivo /etc/resolv.conf y colocar alli un DNS
pero no me lo permite! no lo puedo crear o escribir ni como root!?!?

  Ahora que vuelvo a ver el archivo y activar networkmanager este mismo pudo
escribir en el al menos 3 ips y otras en ipv6 tambien..

  La configuracion de /etc/network/interfaces que utilize es esta:

(lo copio todo por la linea del "source", hace una referencia a donde aun no
coloque nada)

Se puede apreciar tambien que numere (#) dos parametros primero uno y luego
el otro a ver si la situacion cambiaba, pero no se conecto y el mensaje de
los DNS mostrado por nmap persistio. reiniciando cada vez el equipo para
refrescar la red ya que con systemd no se como dar de baja y alta la
interfaz de red (ppfff..). Los viejos comandos ya no sirven :(

=

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
address 192.168.2.123
netmask 255.255.255.0
#   broadcast 192.168.0.255
gateway 192.168.2.1
#   dns-nameservers 8.8.8.8
wpa-ssid TeleCentro-
wpa-psk 6909729dc24a6f84d4f217a1c09ab14c

=


¿Tu router asigna ips por dhcp? verifica que no tengas conflictos.


Si, aunque si coloco ips fijas mediante networkmanger o en el archivo 
interfaces para ethernet nunca tuve problema.



Si usaste esa misma dirección de broadcast, esta fuera de tu red.


 jeje.. habia editado para ocultar valores reales. No problem con esto.


En tu caso el que tiene los dns es el router intenta dar la dirección
del router para el dns.


 Si! apenas vi esta respuesta sabia que la iva a aplicar! y pense que 
con exito pero no!! :(
 lo mismo que antes.. ping a 8.8.8.8 (DNS google) bien, pero no se 
conecta a ningun sitio.


 Tambien estuve leyendo la wiki de debian respecto a DNS, con lo cual 
probare una solucion instalando resolvconf y definiendo a estos en el 
interfaces.


 Otro link (del 2012, no se si el sistema tiene o no systemd) asegura 
que mientras se tenga networkmanager instalado este borra el contenido 
de /etc/resolv.conf


http://www.forosdelweb.com/f92/reiniciar-vps-archivo-etc-resolv-conf-le-borran-dns-1020844/

 Su solucion fue desinstalarlo de raiz. Tambien tengo esta opcion.
 Bueno, luego me estare autorespondiendo espero que con la solucion.

Re: Is it possible to have temperature and fan speed readings on modern hardware?

[Michael Stone]

On Wed, Nov 29, 2017 at 01:34:41AM +0500, Alexander V. Makartsev wrote:

On 28.11.2017 20:32, Michael Stone wrote:

   On Mon, Nov 27, 2017 at 05:41:10PM +0500, Alexander V. Makartsev wrote:

   Found unknown chip with ID 0x8628


   https://github.com/groeck/it87/issues/5

   Mike Stone

Who knew it is simple like that.

I wonder now if I should file a bug on "lm-sensors" package for not trying to
"modprobe it87" during execution of "sensors-detect" script and scare people
off with bogus "unknown chip" messages...


The last time I looked at this it was harder, but things have gotten 
better with newer kernels so it actually works in a straightfoward 
fashion now. It's on my todo list to figure out whether this is 
something that works upstream but not in debian or something that needs 
to be fixed in the detect script and file the appropriate bugs. (But if 
someone else wants to do it first, I won't be mad. :) )


Mike Stone

Re: Debian 8 and Debian 9 Dual Boot

[Dan Norton]

On 11/13/2017 01:55 PM, Joe wrote:

On Mon, 13 Nov 2017 11:01:27 -0500
Dan Norton  wrote:



Although I didn't say so, each install would have its own set of
directories. Please say more about how to mount the other
installation and share data. How to mount things in another volume
group?


Good advice so far, but to add a bit: all LVM groups will be seen at
boot, and /dev will know about them. See man lvm2 and also here:

https://wiki.debian.org/LVM  for complete information about the
commands you have available. There are also numerous tutorials on the
Net which show basic usage of the simpler commands. It's worth having a
look when you have some spare time, as one day you'll need to know some
of this and won't have any spare time.


Reading the wiki reveals "Grub and ? LiLo 
are not compatible with LVM, so /bootshould be outside the storage disk 
managed by LVM." Here's what I have:


Attempts to boot normally do not work. But using Super Grub2 on a 
bootable cd and selecting "Boot manually" and picking the hd1 entry 
brings up the jessie system that the installer reports as successfully 
installed on sda3. Using fdisk to take a look:


dan@debian8:~$ sudo fdisk /dev/sda
Command (m for help): p
Disk /dev/sda: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: A615A904-0620-459F-BF44-5E53E54FDF24

Device Start    End    Sectors   Size Type
/dev/sda1   2048 411647 409600   200M BIOS boot
/dev/sda2 411648   16783359   16371712   7.8G Linux swap
/dev/sda3   16783360  151001087  134217728    64G Linux LVM
/dev/sda4  151001088  285218815  134217728    64G Linux LVM
/dev/sda5  285218816  419436543  134217728    64G Linux LVM
/dev/sda6  419436544  553654271  134217728    64G Linux LVM
/dev/sda7  553654272 1953525134 1399870863 667.5G Linux filesystem

Is there a problem here?

dan@debian8:~$ df -h
Filesystem    Size  Used Avail Use% Mounted on
/dev/dm-0 9.1G  3.0G  5.7G  35% /
udev   10M 0   10M   0% /dev
tmpfs 775M  9.0M  766M   2% /run
tmpfs 1.9G   68K  1.9G   1% /dev/shm
tmpfs 5.0M  4.0K  5.0M   1% /run/lock
tmpfs 1.9G 0  1.9G   0% /sys/fs/cgroup
/dev/sda1 992K  142K  851K  15% /boot/efi
/dev/mapper/debian8--vg-var   8.2G  1.3G  6.4G  17% /var
/dev/mapper/debian8--vg-home  9.1G  356M  8.3G   5% /home
/dev/mapper/debian8--vg-tmp   268M  2.1M  247M   1% /tmp
tmpfs 388M  4.0K  388M   1% /run/user/115
tmpfs 388M   12K  388M   1% /run/user/1000


Doesn't this satisfy the statement that "/boot should be outside the 
storage disk managed by LVM" since it is on sda1?



Look in /etc/fstab for lines beginning /dev/mapper/[volume] which will
be the volumes mounted in the running installation. The 'mapper' is
turning LVM volumes into things which look like partitions for many
purposes.


Here is fstab:
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#           
/dev/mapper/debian8--vg-root /  ext4 errors=remount-ro 0   1
# /boot/efi was on /dev/sda1 during installation
UUID=B07E-1F0B  /boot/efi   vfat    umask=0077  0   1
/dev/mapper/debian8--vg-home /home  ext4 defaults    0   2
/dev/mapper/debian8--vg-tmp /tmp    ext4 defaults    0   2
/dev/mapper/debian8--vg-var /var    ext4 defaults    0   2
# swap was on /dev/sda2 during installation
UUID=6aa1846f-34dd-424d-b02c-dbd0af037a23 none    swap 
sw  0   0

/dev/sr0    /media/cdrom0   udf,iso9660 user,noauto 0   0


Why won't it boot normally, that is without using the bootable Grub2 cd?

 - Dan

Re: Wild cursor, was Re: OT plain text missing from web mail

[Dan Norton]

On 11/24/2017 10:08 AM, David Wright wrote:

Dan Norton composed on 2017-11-22 19:09 (UTC-0500):
...

4. This laptop I'm borrowing is notorious for having a hyper-sensitive touch
pad. You can be typing along in the spot you have chosen for input and suddenly
it gets a wild hair and relocates the cursor to somewhere else. As a hunt and
peck typist, I've been victimized many times by this and had to undo and start
over. The new insertion point is unpredictable AFAICT.

Perhaps you need to investigate syndaemon. This disables the Synaptics
touchpad whenever a key is struck. The disabled period is configurable,
so if I type
$ syndaemon -i 1
into any old Xterm, the cursor will be dead for one second after any
key is struck. You can set it up in the background with   -d   and
put it in .xsession or equivalent.

The only downside is if you're adept at two-handed work with cursor
and keystrokes, but bear in mind that any attached mouse is unaffected.
Thanks for the reference, however I've stopped trying to use that 
ThinkPad and am writing this from Thunderbird on jessie. Found more than 
one place to set touchpad sensitivity so I changed both of them to low 
or the equivalent. So far, the ThinkPad owner has experienced no wild 
excursions of the text cursor. I, as the cursor curser, want to avoid 
any spurious html, so I'm staying on jessie. :-)


 - Dan

Re: libapache2-mod-speedycgi debian jessie

[likcoras]

On 11/29/2017 08:42 AM, Frederic Robert wrote:
> Hello,
> 
> How are you? i don't find libapache2-mod-speedycgi in jessie. Only for 
> Wheezy. What is this name in Jessie?
> 
> Thank you for your help,
> 

It was removed after wheezy, it seems. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707335

libapache2-mod-speedycgi debian jessie

[Frederic Robert]

Hello,

How are you? i don't find libapache2-mod-speedycgi in jessie. Only for Wheezy. 
What is this name in Jessie?

Thank you for your help,

-- 
Frederic Robert

Re: [1/2 HS] La fin du choix Linux à Münich

[MENGUAL Jean-Philippe]

signature_jp_2
Logo Hypra  JEAN-PHILIPPE MENGUAL
DIRECTEUR TECHNIQUE ET QUALITÉ
102, rue des poissonniers, 75018, Paris
Tel : +331 84 73 06 61  Mob : +336 76 34 93 37

jpmeng...@hypra.fr 
www.hypra.fr 
Facebook Hypra  Twitter Hypra
 Linkedin Jean-Philippe



Le 28/11/2017 à 20:29, Dominique Asselineau a écrit :
> andre_deb...@numericable.fr wrote on Tue, Nov 28, 2017 at 08:00:40PM +0100
>> On Tuesday 28 November 2017 13:44:37 MENGUAL Jean-Philippe wrote:
>>> A une nuance près: pour un dossier ponctuel comme celui-là, 
>>> Canonical ou Redhat auraient largement les moyens de faire 
>>> face à Microsoft sur ce terrain. 
>>> Et leur intérêt: le même que celui de Microsoft 
>>> (le long terme et l'image)
> Les choses sont probablement plus simple.  M$ a implanté un centre de
> recherche à munich (entre autres), alors évidemment...  ça se
> « négocie ».

C'est bien un truc du genre qu'auraient dû mettre dans la balance IBM,
Canonical, Redhat, ce genre de projet est à leur portée.

Amitiés,

> Dominique
> --
>
>

Re: Clé 4G+WIFI pour GNU/Linux

[Bernard Schoenacker]

- Mail original -
> De: "Benoit B" 
> À: "debian-user-french" 
> Envoyé: Mardi 28 Novembre 2017 21:12:24
> Objet: Clé 4G+WIFI pour GNU/Linux
> 
> Bonjour à tous,
> 
> Je recherche une clé 4G, si possible avec une puce WiFi facile à
> installer sous Debian (avec des pilotes libres en paquets debian) et
> sans firmware propriétaire.
> 
> Merci d'avance,
> 
> --
> Benoit
> 
> 
bonjour,


ce que tu recherches se trouve ici :

https://www.happy-tux.org/repair-cafe/

autrement c'est dans :

adaptateur pour clé 4G et routeurs wifi :

https://www.amazon.fr/TP-Link-Routeur-150Mbps-Ethernet-TL-MR3020/dp/B00634PLTW/ref=sr_1_1?ie=UTF8=1509718742
https://www.amazon.fr/Huawei-e3372-Modem-LTE-Micro-Blanc/dp/B00M2JO9LI

le reste est du wifi classique


autrement en direct sans le petit boitier tp link :

http://www.monblocnotes.com/node/1943
https://nvdcstuff.blogspot.fr/2015/04/huawei-e3372-in-linux-raspberry-pi.html

paquets nécessaires :

wvdial
usb-modeswitch
usb-modeswitch-data



slt
bernard

Re: [OT a bit] -- OpenVPN and mobile safety

[Mark Fletcher]

On Tue, Nov 28, 2017 at 02:31:16PM +, Joe wrote:
> On Tue, 28 Nov 2017 21:28:55 +0900
> Mark Fletcher  wrote:
> 
> > On Sun, Nov 26, 2017 at 04:18:12PM +, Joe wrote:
> 
> > > 
> > > Note that most (maybe all) free wifi systems will want you to
> > > provide some authentication before you are connected to the Net,
> > > generally through a web page. In some systems, you may have a need
> > > to access the web page after the VPN is up, so it is probably
> > > advisable to allow web access to the wifi network as well as DHCP
> > > and OpenVPN. 
> > That would defeat some of the purpose -- allowing the tablet 
> > (specifically bloatware) to access the local network would (continue
> > to) expose me to gawd alone knows what on unknown and untrusted
> > networks. Obviously the network outside my home LAN is no more
> > trusted than a hotel / coffee shop / airport WiFi is, but bad actors
> > are known to loiter on such public networks waiting for idiots like
> > me to come along, and I'm interested in seeing to what extent I can
> > dodge them.
> 
> But in a network of that kind, you have no choice: you *must* connect
> to the authentication web server, in order to be granted access to the
> rest of the Net. If you try to connect to anything else, you will be
> redirected to that server. If that server has been hacked and malware
> installed, tough, there's no way to avoid it, it's one of the risks of
> using free wifi.

Yes that is true. Perhaps I wasn't clear. At the beginning of this we 
were talking about the state of things after the VPN is up. We weren't 
talking about what happens before the VPN is up.

> 
> Allowing web access *out* through the wifi interface is not optional
> before the VPN is up, and will only allow the tablet to initiate a
> connection to a web server in that local network after the VPN is up. 

Again true, but not what we were talking about, or at least not what I 
thought we were talking about. I'm imagining the firewall in the default 
state at boot, and using a hook script or something to configure the 
firewall as part of connecting to the VPN. I'm dimly aware that is 
possible although on my home LAN I configure the firewall to open the 
VPN port on the server and then manually start the VPN server, and the 
desktop VPN client is on a trusted LAN anyway so its firewall settings 
don't in practice come into it. It is the tablet that is out in the 
wild, hence the focus of this discussion on the tablet.

I realise the realities you point out above leave holes in the tablet's 
protection, but as I believe you are saying there isn't much I can do 
about that except minimise the time the tablet is on and connected to an 
untrusted WiFi without the VPN being on and the firewall in a sensible 
state.

> It
> will not allow anything there to initiate inbound connections at any
> time, nor outbound web connections to anywhere else, they will get
> routed through the VPN. If you have something installed which can make a
> connection to another web server in that local network without action
> on your part, you've already been hacked, and there's nothing left to
> worry about...

I wouldn't imagine the firewall by default is blocking anything. I'll 
need to set it up to do so. Even on Debian that is the case. And the 
point of this sub-thread of the conversation, which unfortunately has 
been lost due to snipping by both of us, was what would happen if I 
could use the redirect-gateway capability of OpenVPN but _couldn't_ 
control the firewall, which fortunately has turned out not to be the 
situation...

Anyway appreciate your engagement on this, and I think I've got what I 
need to set this up now. Thanks!

Mark

Re: Upgrading from very-old Debian

[Jimmy Johnson]

On 11/28/2017 08:58 AM, The Wanderer wrote:

On 2017-11-28 at 11:53, Patrick Bartek wrote:


On Tue, 28 Nov 2017 10:28:57 -0500 The Wanderer
 wrote:


I've run across someone who says her machine is running Debian
oldoldoldstable or maybe even oldoldoldoldstable, and who
consequently can't upgrade to newer Debian.

I seem to recall that there *is* a way to do step-wise upgrades of
such old systems, i.e. upgrading from oldoldoldoldstable to
oldoldoldstable, then to oldoldstable, then to oldstable, then to
stable. However, I'm stumped as to how to actually get started on
doing that.

The last few steps of this are straightforward; oldoldstable is
still available in the repos, as far as I'm aware. The first ones
are more of a problem; if I understand matters correctly, anything
prior to oldoldstable is removed from the live repos, although its
.deb files are still maintained on e.g. snapshot.debian.org. (Which
doesn't really suffice for the equivalent of a dist-upgrade,
because you'd have to manually download all the correct .debs by
hand and then install them with dpkg.)

Is there in fact a way to manage the first steps of this stepwise
upgrade, from one aged-out-of-the-repos release to another?

If so, any pointers to information on how to go about it?


Save yourself time and lots of problems, back up your data and do a
clean install of the current Debian release.


A: This isn't me, this is someone I encountered.

B: That's not always a viable option, depending on the circumstances.
It's probably the easier option when it is viable, but that doesn't mean
it should be the only option considered, for cases when something else
may be more viable.


And all the fun you could have too. is the system running? Can you 
currently apt-get update?


If nothing else you can always delete the system and the system files in 
home too saving home and do a new install with no format of root.


I would go to whezzy for the upgrade and unless you have active repos to 
your current install all your packages will orphaned, that don't help, 
but with the whezzy repos make sure you don't lose your internet 
connection or all will be lost and or make it harder to do the upgrade.


Upgrade linux-image, linux-headers and apt, aptitude, net-tools, 
firmware-linux, xorg, grub, etc. Stay away from meta-packages as much as 
you can and some applications you may want to start by upgrading the 
lib-common package first. Installing synaptic after xorg could help and 
from the command line using package 'upgrade-system' can help, but first 
thing is to get the base going. And remember to have fun!



To do what you want requires dist-upgrading each release, in order,
one-at-a-time, then troubleshooting each dist-upgrade once done with
no guarantees it will work.


Yes, of course. That's established procedure, and it's entirely
reasonable to expect people to follow it. (Is there any reason it
shouldn't work, when it worked for people at the time when those
releases were made?)


Be sure to read and explicitly follow the dist-upgrade instructions
in the Release Notes for each release. Many times there are special
things that must be done. Just dist-upgrading from your current old
install to Stretch, skipping all those inbetween is "not
recommended," meaning it won't work.


Of course. That's exactly why accessible repositories containing those
older releases are needed; my question was about how / where to manage
those, and that was answered in the first reply.


Cheers!
--
Jimmy Johnson

KDE Plasma 5.8.7 - AMD A8-7600 - EXT4 at sda2
Registered Linux User #380263

Re: Configurar manualmente una red wifi.

[Felix Perez]

El 28 de noviembre de 2017, 17:32, divagante
 escribió:
>
>>Lo que no recuerdo bien como hacer manualmente la configuracion. Si
>> era en
>> /etc/network/interfaces y alli poner todo el essid y password o en
>> otro
>> lugar, o bien desinstalar networkmanger junto con su applet e interfas
>> anula
>> esta configuracio y debo realizarla en otro lugar.
>>Estoy un poco ciego en este asunto, utlize el buscador pero es
>> mucha
>> informacion cruzada y hasta superficial la que puedo encontrar.
>>
>>Ahh.. uso debian stretch y esta funcionando todo bien.
>
>
> Man IP
> https://linux.die.net/man/8/ip
>
>>> Es muy interesante el comando IP, lamentablemnte apenas puedo leer
>>> ingles.
>>> Vos planteas que con este comando se pueden resolver todo tipo de
>>> conexiones?
>>
>>
>> Lo coloque, ya que IP reemplaza a ifconfig lo que pasa es que envié el
>> correo antes de terminarlo de redactar.
>>
>>>   Use el traductor en la misma pagina pero como era de esperarse tambien
>>> cambia el nombre de los argumentos.. nah!
>>>
>>
>> Es mejor traducirlo de a poco.
>>

 Y este:
 https://geekland.eu/conectarse-wifi-sin-entorno-grafico/

>>> Claro.. este se entiende mas facil. Pero me dejaste con la duda sobre IP.
>>>   Seguramente aplique los pasos de este ultimo...
>>
>>
>> Revisa iwconfig también.
>>
>> https://manpages.debian.org/stretch/wireless-tools/iwconfig.8.en.html
>
>
>  Bien, aplique los pasos de la guia de geekland, mas algo de howtouse wifi
> en debian: https://wiki.debian.org/WiFi/HowToUse#connman
>
>  Los resultados no fueron del todo satisfactorios, debido a que hay cierto
> problema con el DNS. Puedo conectarme al router, establecer una ip fija,
> pero no tengo salida a internet.
>  Bueno, al menos en el navegador ya que si hago un ping 8.8.8.8 (DNS google)
> los paquetes son enviados y recibidos.
>
>  Hice un nmap -sn y en efecto veo el router, se conecta, pero sale un aviso
> o advertencia sobre los DNS. Lamentablemtne lo copie en el portapapeles y al
> reiniciar se borro. :(
>
>
>  Primero utilice en el archivo /etc/network/interfaces el parametro
> dns-nameservers pero no resulto!
>  Luego intente escribir el archivo /etc/resolv.conf y colocar alli un DNS
> pero no me lo permite! no lo puedo crear o escribir ni como root!?!?
>
>  Ahora que vuelvo a ver el archivo y activar networkmanager este mismo pudo
> escribir en el al menos 3 ips y otras en ipv6 tambien..
>
>  La configuracion de /etc/network/interfaces que utilize es esta:
>
> (lo copio todo por la linea del "source", hace una referencia a donde aun no
> coloque nada)
>
> Se puede apreciar tambien que numere (#) dos parametros primero uno y luego
> el otro a ver si la situacion cambiaba, pero no se conecto y el mensaje de
> los DNS mostrado por nmap persistio. reiniciando cada vez el equipo para
> refrescar la red ya que con systemd no se como dar de baja y alta la
> interfaz de red (ppfff..). Los viejos comandos ya no sirven :(
>
> =
>
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> source /etc/network/interfaces.d/*
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> auto wlan0
> iface wlan0 inet static
>address 192.168.2.123
>netmask 255.255.255.0
> #   broadcast 192.168.0.255
>gateway 192.168.2.1
> #   dns-nameservers 8.8.8.8
>wpa-ssid TeleCentro-
>wpa-psk 6909729dc24a6f84d4f217a1c09ab14c
>
> =
>
¿Tu router asigna ips por dhcp? verifica que no tengas conflictos.

Si usaste esa misma dirección de broadcast, esta fuera de tu red.

En tu caso el que tiene los dns es el router intenta dar la dirección
del router para el dns.



-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: software to do drawings of houses, gardens, etc.

[Emanuel Berg]

Speaking of pic(1), this URL in the man page is broken

   Brian  W. Kernighan, PIC — A Graphics Language for Typesetting
   (User Manual).   AT  Bell  Laboratories,  Computing  Science
   Technical Report No. 116
     (revised  May,
   1991).

And not just any guy's book that is missing...

-- 
underground experts united
http://user.it.uu.se/~embe8573

Re: (deb-cat) Sticky-enganxos pel propietari de directori

[Ernest Adrogué]

2017-11-28, 20:19 (+0100); Narcis Garcia escriu:
> La meva proposta és per a què s'heretin només els permisos r,w,s

Ho trobo una mica rebuscat.  En el cas de memòries USB els ids d'usuari
i grup no tenen sentit perquè la informació sobre usuaris i grups és
independent del sistema de fitxers.  Si, per exemple, en un ordinador
assignes un fitxer a l'usuari "xyz", a l'altre ordinador pot ser que
t'aparegui un altre usuari com a propietari, o a vegades t'apareixerà un
número que no correspon a cap usuari.  Llavors els permisos d'accés
tampoc tenen sentit, perquè es refereixen a usuaris i grups que no tenen
una identitat definida fora d'aquell ordinador.  En aquests casos és
millor un sistema de fitxer tipus FAT i fer servir arxius tar si vols
preservar les metadades fitxers.

Re: software to do drawings of houses, gardens, etc.

[Emanuel Berg]

Erik Christiansen wrote:

> Interesting ... I had not heard of it
> previously. Looking at it on wikipedia, I see
> "Most operations in Xfig are performed using
> the mouse," For the first, I've had no luck
> mouse-wrangling GUI drawing packages - it's
> all so counter-intuitive, and nothing works
> for me. For the second, after my 8 drawings
> I cannot imagine how I'd mouse-wrangle
> something as simple as a wall cross-section
> with complete positional and dimensional
> precision. In postscript, it's just:
>
> /wall_height 2700 def % X Y X Y 3600 0 moveto
> 100 wall_height box % Let's put it at 3600 mm
> from origin, % at floor level.

This is, again, exactly what I want. Is there
a collection somewhere of the postscript syntax
or how did you pick it up?

-- 
underground experts united
http://user.it.uu.se/~embe8573

Re: software to do drawings of houses, gardens, etc.

[Emanuel Berg]

Erik Christiansen wrote:

> After trying to get various GUI drawing
> packages to function at the most basic level,
> and failing to produce anything, I'm just
> finishing the 8 drawings for my new house
> build (floor plan, elevations, sections, and
> site plan), using raw postscript. That has
> proven a better fit for a retired programmer.
> [...]

Sounds *great* and my thinking/style is exactly
the same!

Do you mind sharing the source and Makefile?

-- 
underground experts united
http://user.it.uu.se/~embe8573

Re: Is it possible to have temperature and fan speed readings on modern hardware?

[Alexander V. Makartsev]

On 28.11.2017 20:32, Michael Stone wrote:
> On Mon, Nov 27, 2017 at 05:41:10PM +0500, Alexander V. Makartsev wrote:
>> Found unknown chip with ID 0x8628
>
> https://github.com/groeck/it87/issues/5
>
> Mike Stone

Who knew it is simple like that.

I wonder now if I should file a bug on "lm-sensors" package for not
trying to "modprobe it87" during execution of "sensors-detect" script
and scare people off with bogus "unknown chip" messages...

Anyway, thanks for help.

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Configurar manualmente una red wifi.

[divagante]

   Lo que no recuerdo bien como hacer manualmente la configuracion. Si
era en
/etc/network/interfaces y alli poner todo el essid y password o en otro
lugar, o bien desinstalar networkmanger junto con su applet e interfas
anula
esta configuracio y debo realizarla en otro lugar.
   Estoy un poco ciego en este asunto, utlize el buscador pero es mucha
informacion cruzada y hasta superficial la que puedo encontrar.

   Ahh.. uso debian stretch y esta funcionando todo bien.


Man IP
https://linux.die.net/man/8/ip


Es muy interesante el comando IP, lamentablemnte apenas puedo leer ingles.
Vos planteas que con este comando se pueden resolver todo tipo de
conexiones?


Lo coloque, ya que IP reemplaza a ifconfig lo que pasa es que envié el
correo antes de terminarlo de redactar.


  Use el traductor en la misma pagina pero como era de esperarse tambien
cambia el nombre de los argumentos.. nah!



Es mejor traducirlo de a poco.



Y este:
https://geekland.eu/conectarse-wifi-sin-entorno-grafico/


Claro.. este se entiende mas facil. Pero me dejaste con la duda sobre IP.
  Seguramente aplique los pasos de este ultimo...


Revisa iwconfig también.

https://manpages.debian.org/stretch/wireless-tools/iwconfig.8.en.html


 Bien, aplique los pasos de la guia de geekland, mas algo de howtouse 
wifi en debian: https://wiki.debian.org/WiFi/HowToUse#connman


 Los resultados no fueron del todo satisfactorios, debido a que hay 
cierto problema con el DNS. Puedo conectarme al router, establecer una 
ip fija, pero no tengo salida a internet.
 Bueno, al menos en el navegador ya que si hago un ping 8.8.8.8 (DNS 
google) los paquetes son enviados y recibidos.


 Hice un nmap -sn y en efecto veo el router, se conecta, pero sale un 
aviso o advertencia sobre los DNS. Lamentablemtne lo copie en el 
portapapeles y al reiniciar se borro. :(



 Primero utilice en el archivo /etc/network/interfaces el parametro 
dns-nameservers pero no resulto!
 Luego intente escribir el archivo /etc/resolv.conf y colocar alli un 
DNS pero no me lo permite! no lo puedo crear o escribir ni como root!?!?


 Ahora que vuelvo a ver el archivo y activar networkmanager este mismo 
pudo escribir en el al menos 3 ips y otras en ipv6 tambien..


 La configuracion de /etc/network/interfaces que utilize es esta:

(lo copio todo por la linea del "source", hace una referencia a donde 
aun no coloque nada)


Se puede apreciar tambien que numere (#) dos parametros primero uno y 
luego el otro a ver si la situacion cambiaba, pero no se conecto y el 
mensaje de los DNS mostrado por nmap persistio. reiniciando cada vez el 
equipo para refrescar la red ya que con systemd no se como dar de baja y 
alta la interfaz de red (ppfff..). Los viejos comandos ya no sirven :(


=

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
   address 192.168.2.123
   netmask 255.255.255.0
#   broadcast 192.168.0.255
   gateway 192.168.2.1
#   dns-nameservers 8.8.8.8
   wpa-ssid TeleCentro-
   wpa-psk 6909729dc24a6f84d4f217a1c09ab14c

=

Re: Upgrading from very-old Debian

[Michael Fothergill]

On 28 November 2017 at 19:22, David Wright  wrote:

> On Tue 28 Nov 2017 at 10:28:57 (-0500), The Wanderer wrote:
> > I've run across someone who says her machine is running Debian
> > oldoldoldstable or maybe even oldoldoldoldstable, and who consequently
> > can't upgrade to newer Debian.
> >
> > I seem to recall that there *is* a way to do step-wise upgrades of such
> > old systems, i.e. upgrading from oldoldoldoldstable to oldoldoldstable,
> > then to oldoldstable, then to oldstable, then to stable. However, I'm
> > stumped as to how to actually get started on doing that.
> >
> > The last few steps of this are straightforward; oldoldstable is still
> > available in the repos, as far as I'm aware. The first ones are more of
> > a problem; if I understand matters correctly, anything prior to
> > oldoldstable is removed from the live repos, although its .deb files are
> > still maintained on e.g. snapshot.debian.org. (Which doesn't really
> > suffice for the equivalent of a dist-upgrade, because you'd have to
> > manually download all the correct .debs by hand and then install them
> > with dpkg.)
> >
> > Is there in fact a way to manage the first steps of this stepwise
> > upgrade, from one aged-out-of-the-repos release to another?
> >
> > If so, any pointers to information on how to go about it?
>
> If and when you upgrade oldoldoldoldstable (lenny) to oldoldoldstable
> (squeeze), upgrade the kernel and check the firmware is all there
> before you upgrade udev.


​This makes me think of the​ naming system people use in Iceland where the
telephone directly is listed by first name not the second name..

Thus if Lenny had a son called Squeeze it would be names Squeeze Lennyson
and if Squeeze had a son called Wheezy he would be called Wheezy Lennyson
and if
Wheezy had a daughter called Jessie she would be called Jessie Wheezydottir
(dottir =daughter in Icelandic) and if Jessie had a son called Stretch he
would be called Stretch Jessieson etc.

Just saying...

MF

PS Upgrading to the next release can be idiosyncratic depending which
release it is - as I recall there are specific sets of instructions for
each release.  You have to keep changing the
contents of the apt sources file as you go through each one.  I've done it
from Woody to etch a few times.
It feels like all change at Piccadilly circus for a while but you will get
used to it.


> That's the only tricky one, AFAIK
>
​


>
> Cheers,
> David.
>
>

Clé 4G+WIFI pour GNU/Linux

[Benoit B]

Bonjour à tous,

Je recherche une clé 4G, si possible avec une puce WiFi facile à
installer sous Debian (avec des pilotes libres en paquets debian) et
sans firmware propriétaire.

Merci d'avance,

--
Benoit

Re: Need Help restoring a filesystem on an external drive WD 'My Book'

[Brian J. Oney]

Hello,
the last bit made me laugh. If the situation is truly dire, you may consider 
file carving with 'scalpel' or 'foremost', both of which are in the 
repositories.

$ apt-cache show foremost scalpel
Package: foremost
Version: 1.5.7-6
Installed-Size: 123
Maintainer: Raúl Benencia 
Depends: libc6 (>= 2.14)
Description-en: forensic program to recover lost files
 Foremost is a forensic program to recover lost files based on
 their headers, footers, and internal data structures.
 .
 Foremost can work on image files, such as those generated by dd,
 Safeback, Encase, etc, or directly on a drive. The headers and
 footers can be specified by a configuration file or you can use
 command line switches to specify built-in file types. These built-in
 types look at the data structures of a given file format allowing
 for a more reliable and faster recovery.
Homepage: http://foremost.sourceforge.net/
Tag: admin::forensics, admin::recovery, hardware::storage,
 interface::commandline, role::program, scope::utility,
 security::forensics, use::scanning
Filename: pool/main/f/foremost/foremost_1.5.7-6_amd64.deb

Package: scalpel
Version: 1.60-4
Installed-Size: 82
Maintainer: Debian Forensics 
Depends: libc6 (>= 2.14)
Description-en: fast filesystem-independent file recovery
 scalpel is a fast file carver that reads a database of header and footer
 definitions and extracts matching files from a set of image files or raw
 device files.
 .
 scalpel is filesystem-independent and will carve files from FAT16, FAT32,
 exFAT, NTFS, Ext2, Ext3, Ext4, JFS, XFS, ReiserFS, raw partitions, etc.
 .
 scalpel is a complete rewrite of the Foremost 0.69 file carver and is
 useful for both digital forensics investigations and file recovery.
Homepage: http://www.digitalforensicssolutions.com/Scalpel
Tag: admin::forensics, admin::recovery, role::program, scope::utility,
 security::forensics
Filename: pool/main/s/scalpel/scalpel_1.60-4_amd64.deb

Cheers,
Brian


On Tue, 2017-11-28 at 19:48 +0100, Thomas Schmitt wrote:
> Hi,
> 
> arne wrote:
> > and I doubt if I understand what is a 'sparse' superblock
> 
> It's not a bad sign, as it seems:
> 
>   http://www.nongnu.org/ext2-doc/ext2.html#SUPERBLOCK
>   "The first version of ext2 (revision 0) stores a copy at the start of
>every block group, along with backups of the group descriptor block(s).
>Because this can consume a considerable amount of space for large
>filesystems, later revisions can optionally reduce the number of backup
>copies by only putting backups in specific groups (this is the sparse
>superblock feature)."
> 
> 
> > Command line: TestDisk /log /dev/sdb
> > ...
> > 1 P partition_map  1 63 63
> 
> Looks like it recognized a GUID partition table (GPT).
> 
> > 3 P HFS   262208 1953525151 1953262944
> 
> This would be the ext filesystem's partition.
> The following superuser command establishes a read-only loop device which
> begins at the given block:
> 
>   losetup -o $(expr 262208 '*' 512) -r -f /dev/sdb
> 
> (Contrary to the man page, losetup -f does not tell me the used device path.
>  I have to run
>losetup -l | fgrep /dev/sdb
>  to learn that it's /dev/loop0.)
> 
> 
> > Linux 262208 1953525151 1953262944
> > ext2 blocksize=4096 Large file Sparse superblock, 1000 GB / 931 GiB
> > recover_EXT2: "e2fsck -b 32768 -B 4096 device" may be needed
> 
> This is probably the normal superblock in that partition.
> But running e2fsck might cause the end of the remaining data in the
> filesystem.
> 
> I'd try to mount the loop device and hope to recover some files.
> When this is queezed out, then maybe a run of e2fsck might recover more
> valid files ... or ruin the filesystem.
> 
> 
> Have a nice day :)
> 
> Thomas
> 

Re: Boot et RAID5

[Sil]

Le 27/11/2017 à 22:27, Christophe a écrit :

Hello,
Le 27/11/2017 à 20:36, Sil a écrit :
Je voulais juste avoir votre avis sur l'architecture d'un serveur 
basé sur du RAID5.

Il manque une info primordiale : RAID5 matériel ou logiciel ?

Du raid logiciel, j'ai oublié de le préciser.
Sil

Re: [1/2 HS] La fin du choix Linux à Münich

[Dominique Asselineau]

andre_deb...@numericable.fr wrote on Tue, Nov 28, 2017 at 08:00:40PM +0100
> On Tuesday 28 November 2017 13:44:37 MENGUAL Jean-Philippe wrote:
> > A une nuance près: pour un dossier ponctuel comme celui-là, 
> > Canonical ou Redhat auraient largement les moyens de faire 
> > face à Microsoft sur ce terrain. 
> > Et leur intérêt: le même que celui de Microsoft 
> > (le long terme et l'image)

Les choses sont probablement plus simple.  M$ a implanté un centre de
recherche à munich (entre autres), alors évidemment...  ça se
« négocie ».

Dominique
--

Re: Upgrading from very-old Debian

[David Wright]

On Tue 28 Nov 2017 at 10:28:57 (-0500), The Wanderer wrote:
> I've run across someone who says her machine is running Debian
> oldoldoldstable or maybe even oldoldoldoldstable, and who consequently
> can't upgrade to newer Debian.
> 
> I seem to recall that there *is* a way to do step-wise upgrades of such
> old systems, i.e. upgrading from oldoldoldoldstable to oldoldoldstable,
> then to oldoldstable, then to oldstable, then to stable. However, I'm
> stumped as to how to actually get started on doing that.
> 
> The last few steps of this are straightforward; oldoldstable is still
> available in the repos, as far as I'm aware. The first ones are more of
> a problem; if I understand matters correctly, anything prior to
> oldoldstable is removed from the live repos, although its .deb files are
> still maintained on e.g. snapshot.debian.org. (Which doesn't really
> suffice for the equivalent of a dist-upgrade, because you'd have to
> manually download all the correct .debs by hand and then install them
> with dpkg.)
> 
> Is there in fact a way to manage the first steps of this stepwise
> upgrade, from one aged-out-of-the-repos release to another?
> 
> If so, any pointers to information on how to go about it?

If and when you upgrade oldoldoldoldstable (lenny) to oldoldoldstable
(squeeze), upgrade the kernel and check the firmware is all there
before you upgrade udev. That's the only tricky one, AFAIK.

Cheers,
David.

Re: (deb-cat) Sticky-enganxos pel propietari de directori

[Narcis Garcia]

La meva proposta és per a què s'heretin només els permisos r,w,s




__
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 28/11/17 a les 18:56, Ernest Adrogué ha escrit:
> 2017-11-28, 09:03 (+0100); Alex Muntada escriu:
>> Narcis Garcia:
>>
>>> Que el grup dels nous elements creats a dins hereti els
>>> permisos de grup.
>>
>> Has mirat si els ACL et serveixen? Existeix el concepte de
>> «default ACL» que permet indicar els permisos que han de tenir
>> per defecte els elements creats dins un directori determinat.
> 
> Per altra banda, segons aquesta regla, tots els fitxers nous es crearien
> amb permís d'execució (ja que el directori té permís d'execució), cosa
> que no sembla desitjable.  O potser ho entenc malament...
> 

Re: [1/2 HS] La fin du choix Linux à Münich

[andre_debian]

On Tuesday 28 November 2017 13:44:37 MENGUAL Jean-Philippe wrote:
> A une nuance près: pour un dossier ponctuel comme celui-là, 
> Canonical ou Redhat auraient largement les moyens de faire 
> face à Microsoft sur ce terrain. 
> Et leur intérêt: le même que celui de Microsoft 
> (le long terme et l'image)

Je vais peut-être écrire une grosse bêtise, mais aussi IBM.

IBM a investi un milliard de dollars en 2013 dans Linux et l'Opensource.

www-03.ibm.com/systems/fr/z/os/linux/about.html

www.zdnet.fr/actualites/ibm-va-investir-un-milliard-de-dollars-dans-linux-et-l-open-source-pour-power-systems-39794142.htm

Re: Need Help restoring a filesystem on an external drive WD 'My Book'

[Thomas Schmitt]

Hi,

arne wrote:
> and I doubt if I understand what is a 'sparse' superblock

It's not a bad sign, as it seems:

  http://www.nongnu.org/ext2-doc/ext2.html#SUPERBLOCK
  "The first version of ext2 (revision 0) stores a copy at the start of
   every block group, along with backups of the group descriptor block(s).
   Because this can consume a considerable amount of space for large
   filesystems, later revisions can optionally reduce the number of backup
   copies by only putting backups in specific groups (this is the sparse
   superblock feature)."


> Command line: TestDisk /log /dev/sdb
> ...
> 1 P partition_map  1 63 63

Looks like it recognized a GUID partition table (GPT).

> 3 P HFS   262208 1953525151 1953262944

This would be the ext filesystem's partition.
The following superuser command establishes a read-only loop device which
begins at the given block:

  losetup -o $(expr 262208 '*' 512) -r -f /dev/sdb

(Contrary to the man page, losetup -f does not tell me the used device path.
 I have to run
   losetup -l | fgrep /dev/sdb
 to learn that it's /dev/loop0.)


> Linux 262208 1953525151 1953262944
> ext2 blocksize=4096 Large file Sparse superblock, 1000 GB / 931 GiB
> recover_EXT2: "e2fsck -b 32768 -B 4096 device" may be needed

This is probably the normal superblock in that partition.
But running e2fsck might cause the end of the remaining data in the
filesystem.

I'd try to mount the loop device and hope to recover some files.
When this is queezed out, then maybe a run of e2fsck might recover more
valid files ... or ruin the filesystem.


Have a nice day :)

Thomas

Re: (deb-cat) Sticky-enganxos pel propietari de directori

[Ernest Adrogué]

2017-11-28, 09:03 (+0100); Alex Muntada escriu:
> Narcis Garcia:
> 
> > Que el grup dels nous elements creats a dins hereti els
> > permisos de grup.
> 
> Has mirat si els ACL et serveixen? Existeix el concepte de
> «default ACL» que permet indicar els permisos que han de tenir
> per defecte els elements creats dins un directori determinat.

Per altra banda, segons aquesta regla, tots els fitxers nous es crearien
amb permís d'execució (ja que el directori té permís d'execució), cosa
que no sembla desitjable.  O potser ho entenc malament...

Re: Upgrading from very-old Debian

[Michael Stone]

On Tue, Nov 28, 2017 at 03:42:15PM +, Richard Zimmerman wrote:

I'm pretty new to the Debian list here but over on the CentOS list I'm on, 
migrating from init system to systemd isn't for the faint of heart as I 
understand it.


Well, centos upgrades aren't a particularly useful indicator for how 
debian upgrades work. :)


Mike Stone

Re: Upgrading from very-old Debian

[The Wanderer]

On 2017-11-28 at 11:53, Patrick Bartek wrote:

> On Tue, 28 Nov 2017 10:28:57 -0500 The Wanderer
>  wrote:
> 
>> I've run across someone who says her machine is running Debian
>> oldoldoldstable or maybe even oldoldoldoldstable, and who
>> consequently can't upgrade to newer Debian.
>> 
>> I seem to recall that there *is* a way to do step-wise upgrades of
>> such old systems, i.e. upgrading from oldoldoldoldstable to
>> oldoldoldstable, then to oldoldstable, then to oldstable, then to
>> stable. However, I'm stumped as to how to actually get started on
>> doing that.
>> 
>> The last few steps of this are straightforward; oldoldstable is
>> still available in the repos, as far as I'm aware. The first ones
>> are more of a problem; if I understand matters correctly, anything
>> prior to oldoldstable is removed from the live repos, although its
>> .deb files are still maintained on e.g. snapshot.debian.org. (Which
>> doesn't really suffice for the equivalent of a dist-upgrade,
>> because you'd have to manually download all the correct .debs by
>> hand and then install them with dpkg.)
>> 
>> Is there in fact a way to manage the first steps of this stepwise
>> upgrade, from one aged-out-of-the-repos release to another?
>> 
>> If so, any pointers to information on how to go about it?
> 
> Save yourself time and lots of problems, back up your data and do a
> clean install of the current Debian release.

A: This isn't me, this is someone I encountered.

B: That's not always a viable option, depending on the circumstances.
It's probably the easier option when it is viable, but that doesn't mean
it should be the only option considered, for cases when something else
may be more viable.

> To do what you want requires dist-upgrading each release, in order,
> one-at-a-time, then troubleshooting each dist-upgrade once done with
> no guarantees it will work.

Yes, of course. That's established procedure, and it's entirely
reasonable to expect people to follow it. (Is there any reason it
shouldn't work, when it worked for people at the time when those
releases were made?)

> Be sure to read and explicitly follow the dist-upgrade instructions
> in the Release Notes for each release. Many times there are special
> things that must be done. Just dist-upgrading from your current old
> install to Stretch, skipping all those inbetween is "not
> recommended," meaning it won't work.

Of course. That's exactly why accessible repositories containing those
older releases are needed; my question was about how / where to manage
those, and that was answered in the first reply.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Désinstallation et réinstallation

[stephane . lebel]

Bonjour à tous,

J'ai besoin d'aide. On m'a installé Debian et je dois faire echap avant que 
l'ordi cherche à réparer : "préparation de la réparation automatique" puis 
"diagnostic de votre ordinateur" et cela en boucle (et je n'ai plus accès à 
Windows : j'aurais aimé le garder).

Quelqu'un pourrait-il m'aider?

Re: Upgrading from very-old Debian

[Patrick Bartek]

On Tue, 28 Nov 2017 10:28:57 -0500 The Wanderer 
wrote:

> I've run across someone who says her machine is running Debian
> oldoldoldstable or maybe even oldoldoldoldstable, and who consequently
> can't upgrade to newer Debian.
> 
> I seem to recall that there *is* a way to do step-wise upgrades of
> such old systems, i.e. upgrading from oldoldoldoldstable to
> oldoldoldstable, then to oldoldstable, then to oldstable, then to
> stable. However, I'm stumped as to how to actually get started on
> doing that.
> 
> The last few steps of this are straightforward; oldoldstable is still
> available in the repos, as far as I'm aware. The first ones are more
> of a problem; if I understand matters correctly, anything prior to
> oldoldstable is removed from the live repos, although its .deb files
> are still maintained on e.g. snapshot.debian.org. (Which doesn't
> really suffice for the equivalent of a dist-upgrade, because you'd
> have to manually download all the correct .debs by hand and then
> install them with dpkg.)
> 
> Is there in fact a way to manage the first steps of this stepwise
> upgrade, from one aged-out-of-the-repos release to another?
> 
> If so, any pointers to information on how to go about it?

Save yourself time and lots of problems, back up your data and do a
clean install of the current Debian release.

To do what you want requires dist-upgrading each release, in
order, one-at-a-time, then troubleshooting each dist-upgrade once
done with no guarantees it will work.  Be sure to read and explicitly
follow the dist-upgrade instructions in the Release Notes for each
release. Many times there are special things that must be done. Just
dist-upgrading from your current old install to Stretch, skipping all
those inbetween is "not recommended," meaning it won't work.

Good Luck

B

Re: [rkhunter] coyote.coyote.den - Daily report

[Dejan Jocic]

On 28-11-17, Michael Stone wrote:
> On Tue, Nov 28, 2017 at 01:20:52PM +0100, Dejan Jocic wrote:
> > If you do not understand it, purge it and
> > warnings will be gone. That rkhunter is approved, tested and well used
> > and recommended tool by some security experts is of no value at all.
> 
> I think you'd find more security experts who roll their eyes at it.
> 
> Mike Stone
> 

Well, I would love to see sources where you've found that. Any links
perhaps, or is it more based on personal opinion and/or conversations
you had with some security experts?

RE: Upgrading from very-old Debian

[Richard Zimmerman]

>>The last few steps of this are straightforward; oldoldstable is still 
>>available in the repos, as far as I'm aware. The first ones are more of 
>>a problem; if I understand matters correctly, anything prior to 
>>oldoldstable is removed from the live repos, although its .deb files 
>>are still maintained on e.g. snapshot.debian.org. (Which doesn't really 
>>suffice for the equivalent of a dist-upgrade, because you'd have to 
>>manually download all the correct .debs by hand and then install them 
>>with dpkg.)
>
>Use archive.debian.org instead of ftp.debian.org or whatever for very old 
>releases.
>Mike Stone

Is there an absolute requirement to do many upgrades that could take a day or 
better? Almost seems start on a new system and migrate the data over... 

I'm pretty new to the Debian list here but over on the CentOS list I'm on, 
migrating from init system to systemd isn't for the faint of heart as I 
understand it.

For what that is worth...

Richard

Re: Need Help restoring a filesystem on an external drive WD 'My Book'

[Bernard]

Thanks to All for your advises. Indeed, I most likely have a hardware 
problem with this WD external drive. It no longer boots, that is for 
sure... But, at most starts it get registered as scsi drive, as reveals


$cat /proc/scsi/scsi

it does most times, not all times. When it does not, I have to unplug 
an,d replug it, and it will likely registers. Once registered, it 
remains so.


Anyway, for a start I tried 'TestDisk. the test lasted about five hours, 
and I copy/paste the log file below. In this text, I pointed out 16 
lines that suggest a call to 'e2fsck', each with different paramaters 
for -b and -B. Prior to try this, I thought I'd better ask your advices 
first.


"e2fsck -b 214990848 -B 4096 device" may be needed

.

I also noticed such lines :

ext2 blocksize=4096 Large file Sparse superblock, 1000 GB / 931 GiB

and I doubt if I understand what is a 'sparse' superblock

Also, about what the logfile mentions on FAT partitions... I don't think I had 
a fat partition left ever since I had, about 4-5 years ago,reformatted the 
whole drive to ext2. But there maybe remains of erased FAT partition, as I 
can't remember whether the reformat that I did was a deep reformat or not.

Now, here is the logfile as its whole :


Using locale 'fr_FR.UTF-8'.
Terminal has only 22 lines
Using locale 'fr_FR.UTF-8'.
Terminal has only 22 lines
Using locale 'fr_FR.UTF-8'.


Mon Nov 27 16:20:47 2017
Command line: TestDisk /log /dev/sdb

TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER 
http://www.cgsecurity.org
OS: Linux, kernel 3.13.0-32-generic (#57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 
2014) x86_64
Compiler: GCC 4.8
Compilation date: 2013-10-29T01:29:29
ext2fs lib: 1.42.9, ntfs lib: libntfs-3g, reiserfs lib: none, ewf lib: none
Hard disk list
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63, sector size=512 - WD My 
Book, FW:1028

Partition table type (auto): Mac
Disk /dev/sdb - 1000 GB / 931 GiB - WD My Book
Partition table type: Mac

Analyse Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63
check_part_mac failed for partition type AF
Current partition structure:
1 P partition_map  1 63 63
2 P Free  64 262207 262144
3 P HFS   262208 1953525151 1953262944
3 P HFS   262208 1953525151 1953262944
4 P Free  1953525152 1953525167 16

search_part()
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock, 1000 GB / 931 GiB

interface_write()
  P Linux 262208 1953525151 1953262944

search_part()
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock, 1000 GB / 931 GiB
recover_EXT2: "e2fsck -b 32768 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 98304 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 163840 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 229376 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 294912 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 819200 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 884736 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 1605632 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 2654208 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse superblock Backup superblock, 1000 GB 
/ 931 GiB
recover_EXT2: "e2fsck -b 4096000 -B 4096 device" may be needed
Linux 262208 1953525151 1953262944
ext2 blocksize=4096 Large file Sparse 

Re: Upgrading from very-old Debian

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Nov 28, 2017 at 10:55:22AM -0500, The Wanderer wrote:
> On 2017-11-28 at 10:34, Michael Stone wrote:
> 
> > On Tue, Nov 28, 2017 at 10:28:57AM -0500, The Wanderer wrote:
> > 
> >> I've run across someone who says her machine is running Debian 
> >> oldoldoldstable or maybe even oldoldoldoldstable, and who
> >> consequently can't upgrade to newer Debian.
> > 
> > It's easier to say the code name than oldoldoldoldodlodlsdosdld.
> 
> Yeah, but I don't remember offhand which release had which codename, and
> I couldn't be arsed to look it up when I had a name that would work just
> as well. (Which happened to be the one she told it to me as.)

As Michael said. Some more info also here:

  https://wiki.debian.org/DebianReleases

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlodiegACgkQBcgs9XrR2kasUQCfe4PumE5Do6rbGdcTPnQywSkr
EmoAnjzoh9QV9Tse0+eEt111+J8F7dMC
=hUl5
-END PGP SIGNATURE-

Re: Configurar manualmente una red wifi.

[Felix Perez]

El 27 de noviembre de 2017, 22:28, divagante
 escribió:
> El 27/11/17 a las 20:52, Felix Perez escribió:
>>
>> El 27 de noviembre de 2017, 20:49, Felix Perez
>>  escribió:
>>>
>>> El 27 de noviembre de 2017, 19:12, divagante
>>>  escribió:

 hola debianitos! (jiji..)

   Che, les queria prenguntar como hacer lo que dice el asunto, debido a
 que
 tengo una notebook que nunca sale de casa por lo que pesa -es pesada!
 4,5kg-
 y al tener tan solo 1,5 gb de ram busco optimizar el consumo. Ya sea 20,
 50
 o 100 megas me sirven.
   Para esto pense que afectivamente tengo el networkmanager demas -al
 pedo
 decimos aqui-, y wicd resulto que consumio lo mismo, algo mas de 20
 megas.
   Lo que no recuerdo bien como hacer manualmente la configuracion. Si
 era en
 /etc/network/interfaces y alli poner todo el essid y password o en otro
 lugar, o bien desinstalar networkmanger junto con su applet e interfas
 anula
 esta configuracio y debo realizarla en otro lugar.
   Estoy un poco ciego en este asunto, utlize el buscador pero es mucha
 informacion cruzada y hasta superficial la que puedo encontrar.

   Ahh.. uso debian stretch y esta funcionando todo bien.
>>>
>>>
>>> Man IP
>>> https://linux.die.net/man/8/ip
>>>
> Es muy interesante el comando IP, lamentablemnte apenas puedo leer ingles.
> Vos planteas que con este comando se pueden resolver todo tipo de
> conexiones?

Lo coloque, ya que IP reemplaza a ifconfig lo que pasa es que envié el
correo antes de terminarlo de redactar.


>  Use el traductor en la misma pagina pero como era de esperarse tambien
> cambia el nombre de los argumentos.. nah!
>

Es mejor traducirlo de a poco.

>>
>> Y este:
>> https://geekland.eu/conectarse-wifi-sin-entorno-grafico/
>>
> Claro.. este se entiende mas facil. Pero me dejaste con la duda sobre IP.
>  Seguramente aplique los pasos de este ultimo...
>
>

Revisa iwconfig también.

https://manpages.debian.org/stretch/wireless-tools/iwconfig.8.en.html


>



-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: Upgrading from very-old Debian

[The Wanderer]

On 2017-11-28 at 10:34, Michael Stone wrote:

> On Tue, Nov 28, 2017 at 10:28:57AM -0500, The Wanderer wrote:
> 
>> I've run across someone who says her machine is running Debian 
>> oldoldoldstable or maybe even oldoldoldoldstable, and who
>> consequently can't upgrade to newer Debian.
> 
> It's easier to say the code name than oldoldoldoldodlodlsdosdld.

Yeah, but I don't remember offhand which release had which codename, and
I couldn't be arsed to look it up when I had a name that would work just
as well. (Which happened to be the one she told it to me as.)

>> I seem to recall that there *is* a way to do step-wise upgrades of
>> such old systems, i.e. upgrading from oldoldoldoldstable to
>> oldoldoldstable, then to oldoldstable, then to oldstable, then to
>> stable. However, I'm stumped as to how to actually get started on
>> doing that.
> 
> The order of the releases is documented at
> https://www.debian.org/releases/
> 
> Basically, adjust the sources.list to point to each one in oder, and
> do the upgrades. Check the release notes for each upgrade to see if
> special steps are necessary.

That's the basic procedure for stepwise upgrades in general. It only
works when there's an available repository to point to, however, which
I thought was not the case for anything prior to oldoldstable.

>> The last few steps of this are straightforward; oldoldstable is
>> still available in the repos, as far as I'm aware. The first ones
>> are more of a problem; if I understand matters correctly, anything
>> prior to oldoldstable is removed from the live repos, although its
>> .deb files are still maintained on e.g. snapshot.debian.org. (Which
>> doesn't really suffice for the equivalent of a dist-upgrade,
>> because you'd have to manually download all the correct .debs by
>> hand and then install them with dpkg.)
> 
> Use archive.debian.org instead of ftp.debian.org or whatever for very
> old releases.

Hm. I'd forgotten about that being available, if I'd ever known about it.

I'll pass that information on; thank you!

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: [rkhunter] coyote.coyote.den - Daily report

[Michael Stone]

On Tue, Nov 28, 2017 at 01:20:52PM +0100, Dejan Jocic wrote:

If you do not understand it, purge it and
warnings will be gone. That rkhunter is approved, tested and well used
and recommended tool by some security experts is of no value at all.


I think you'd find more security experts who roll their eyes at it.

Mike Stone

Re: Upgrading from very-old Debian

[Michael Stone]

On Tue, Nov 28, 2017 at 10:28:57AM -0500, The Wanderer wrote:

I've run across someone who says her machine is running Debian
oldoldoldstable or maybe even oldoldoldoldstable, and who consequently
can't upgrade to newer Debian.


It's easier to say the code name than oldoldoldoldodlodlsdosdld.


I seem to recall that there *is* a way to do step-wise upgrades of such
old systems, i.e. upgrading from oldoldoldoldstable to oldoldoldstable,
then to oldoldstable, then to oldstable, then to stable. However, I'm
stumped as to how to actually get started on doing that.


The order of the releases is documented at 
https://www.debian.org/releases/


Basically, adjust the sources.list to point to each one in oder, and do 
the upgrades. Check the release notes for each upgrade to see if special 
steps are necessary.



The last few steps of this are straightforward; oldoldstable is still
available in the repos, as far as I'm aware. The first ones are more of
a problem; if I understand matters correctly, anything prior to
oldoldstable is removed from the live repos, although its .deb files are
still maintained on e.g. snapshot.debian.org. (Which doesn't really
suffice for the equivalent of a dist-upgrade, because you'd have to
manually download all the correct .debs by hand and then install them
with dpkg.)


Use archive.debian.org instead of ftp.debian.org or whatever for very 
old releases.


Mike Stone

Re: Is it possible to have temperature and fan speed readings on modern hardware?

[Michael Stone]

On Mon, Nov 27, 2017 at 05:41:10PM +0500, Alexander V. Makartsev wrote:

Found unknown chip with ID 0x8628


https://github.com/groeck/it87/issues/5

Mike Stone

Upgrading from very-old Debian

[The Wanderer]

I've run across someone who says her machine is running Debian
oldoldoldstable or maybe even oldoldoldoldstable, and who consequently
can't upgrade to newer Debian.

I seem to recall that there *is* a way to do step-wise upgrades of such
old systems, i.e. upgrading from oldoldoldoldstable to oldoldoldstable,
then to oldoldstable, then to oldstable, then to stable. However, I'm
stumped as to how to actually get started on doing that.

The last few steps of this are straightforward; oldoldstable is still
available in the repos, as far as I'm aware. The first ones are more of
a problem; if I understand matters correctly, anything prior to
oldoldstable is removed from the live repos, although its .deb files are
still maintained on e.g. snapshot.debian.org. (Which doesn't really
suffice for the equivalent of a dist-upgrade, because you'd have to
manually download all the correct .debs by hand and then install them
with dpkg.)

Is there in fact a way to manage the first steps of this stepwise
upgrade, from one aged-out-of-the-repos release to another?

If so, any pointers to information on how to go about it?

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: software to do drawings of houses, gardens, etc.

[David Wright]

On Tue 28 Nov 2017 at 23:12:19 (+1100), Erik Christiansen wrote:

> If I used a mouse, all the walls would differ in thickness, and only be
> approximately in the right position. Yeah, there's probably snap-to-grid,
> but that has to be too fine to add anything, if it's to handle arbitrary
> dimensions.

But generally, wall thicknesses are not arbitrary. For example, an
internal wall is going to be constructed on 2x4 framing. With an
architectural CAD program, one click would increase that to 2x6
if, say, you decided you wanted a pocket door. Likewise if you
wanted more insulation or stiffness in a particular exterior wall.

> If you have to create with the mouse, then mouse-select a
> side to give it a precise dimension via a dialogue box, then it seems
> easier to skip the mouse-wrangling, as it doesn't add anything.
> 
> The only disadvantages are that programming a suite of artifacts to place
> would drive 99% of users nuts at the outset, 

But those artifacts correspond with the in-built preferences of the
CAD program. Many of the dimensions you mention aren't as arbitrary
as they might appear once you consider the consequences; door and
window sizes, ceiling heights, etc.

But a solution depends on how much help with designing is needed, and
how much is just drafting.

Cheers,
David.

Re:squid basic_ldap_auth con samba4

[Alberto Cabrejas Pérez]

El 28/11/17 a las 07:21, Ariel Alvarez escribió:
hola lista recien estoy estudiendo la posibilidad de migrar mis 
servicios para debian9 y ya pronunciarme en sustituir mi viejo samba3 
a samba4, al implementar squid 3.5.23 la cual es la que tengo 
disponible en mis repos locales me encuentro que el mecanismo de 
autenticacion que usaba para samba3 ya no me funciona para samba4, he 
buscado en internet y probado con algunas variantes las cuales pongo 
mas abajo, sin resultado positivo, pudieran hecharme una mano con esto 
y darme alguna idea.


auth_param basic program /usr/lib/squid/basic_ldap_auth -b 
"cn=Users,dc=midominio,dc=cu" -f "uid=%s" -h direccion.ip.servidor.samba


auth_param basic program /usr/lib/squid/basic_ldap_auth -b 
"dc=midominio,dc=cu" -f "uid=%s" -h direccion.ip.servidor.samba


auth_param basic program /usr/lib/squid/basic_ldap_auth -v 3 -b 
"dc=midominio,dc=cu" -D uid=administrator,ou=Users,dc=midominio,dc=cu 
-w *** -f uid=%s -h direccion.ip.servidor.samba


auth_param basic program /usr/lib/squid/basic_ldap_auth -v 3 -b 
"dc=midominio,dc=cu" -D uid=administrator,ou=Users,dc=midominio,dc=cu 
-w  -f uid=%s direccion.ip.servidor.samba


auth_param basic program /usr/ lib/squid/ squid_ldap_auth -P -R -b 
"dc=midominio,dc=cu" -D 
"cn=administrator,cn=Users,dc=midominio,dc=cu"  -w "***" -f 
sAMAccountName=%s -h direccion.ip.servidor.samba



gracias de antemano por su acostumbrada ayuda.

-
Consejo Nacional de Casas de Cultura
http://www.casasdecultura.cult.cu


auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b 
"dc=dominio,dc=sub-dominio,dc=cu" -D 
"cn=administrator,cn=Users,dc=dominio,dc=sub-dominio,dc=cu" -w "Pass" -f 
sAMAccountName=%s -h ldap://ip_samba4
external_acl_type ldap_group %LOGIN /usr/lib/squid3/ext_ldap_group_acl 
-R -b "dc=dominio,dc=sub-dominio,dc=cu" -D 
"cn=administrator,cn=Users,dc=dominio,dc=sub-dominio,dc=cu" -w "Pass" -f 
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,dc=dominio,dc=sub-dominio,dc=cu))" 
-h ldap://ip_samba4


--

Saludos, *Alberto Cabrejas Pérez*
Administrador de Redes Informáticas
ARTex S.A. Sucursal Granma
http://www.scgr.artex.cu
http://boletin.scgr.artex.cu
Linux Usuario Registrado # 31 666
Teléf.+53 23481956, 23481912 (Ext 115)
Atención al Cliente.+53 23483239
Jabber: albe...@scgr.artex.cu
"BE FREE BE LINUX!!!"


ARTex S.A.   ...el arte de lo cubano. Este mensaje ha

sido analizado por clamav antivirus y se considera totalmente

limpio.

Re: [OT a bit] -- OpenVPN and mobile safety

[Joe]

On Tue, 28 Nov 2017 21:28:55 +0900
Mark Fletcher  wrote:

> On Sun, Nov 26, 2017 at 04:18:12PM +, Joe wrote:

> > 
> > Note that most (maybe all) free wifi systems will want you to
> > provide some authentication before you are connected to the Net,
> > generally through a web page. In some systems, you may have a need
> > to access the web page after the VPN is up, so it is probably
> > advisable to allow web access to the wifi network as well as DHCP
> > and OpenVPN. 
> That would defeat some of the purpose -- allowing the tablet 
> (specifically bloatware) to access the local network would (continue
> to) expose me to gawd alone knows what on unknown and untrusted
> networks. Obviously the network outside my home LAN is no more
> trusted than a hotel / coffee shop / airport WiFi is, but bad actors
> are known to loiter on such public networks waiting for idiots like
> me to come along, and I'm interested in seeing to what extent I can
> dodge them.

But in a network of that kind, you have no choice: you *must* connect
to the authentication web server, in order to be granted access to the
rest of the Net. If you try to connect to anything else, you will be
redirected to that server. If that server has been hacked and malware
installed, tough, there's no way to avoid it, it's one of the risks of
using free wifi.

Allowing web access *out* through the wifi interface is not optional
before the VPN is up, and will only allow the tablet to initiate a
connection to a web server in that local network after the VPN is up. It
will not allow anything there to initiate inbound connections at any
time, nor outbound web connections to anywhere else, they will get
routed through the VPN. If you have something installed which can make a
connection to another web server in that local network without action
on your part, you've already been hacked, and there's nothing left to
worry about...

-- 
Joe

Re: Bug (?) affecting dramatically laptop battery life introduced in the latest debian testing updates

[Thomas Amm]

On Mon, 27 Nov 2017 12:37:10 -0500
Cindy-Sue Causey  wrote:

> On 11/27/17, Pietro Vischia  wrote:
> > Dear All,
> >
> > I apologize in advance if this is not the correct forum: I am
> > following the instructions at
> > https://www.debian.org/Bugs/Reporting.en.html in the case in which
> > the user is not sure of which package is affected.
> >
> > I have a Lenovo T460P, and with stretch I enjoyed a reasonable
> > battery life (~4 hours). At the beginning of November I switched to
> > buster, and things were still OK.
> >
> > Last week I made an upgrade as usual, and since reboot the battery
> > lasts half an hour to one hour tops, which led me to think that a
> > bug has been introduced in the latest updates.
> >
> > I am not sure of how to pinpoint which is the package responsible
> > for that, although I suspect it might be either the ACPI package or
> > the battery module of the kernel: could you perhaps please suggest
> > me the best way to pinpoint the culprit for producing a detailed
> > bug report?  
> 
> 
> Hi, Pietro.. I don't have a direct answer, but one thought occurred to
> me. Do you have a way to boot again from either of the other releases
> again to see if it goes back to your ~4 hour expectation?
> 
> That's all I got, grin. It would have to be almost exactly the same as
> before. In other words, it's well, on second thought, I don't
> know.
> 
> Can anyone present a test screnario where the power usage would be at
> least somewhat similar without having to undo a new installation? What
> I'm imagining is testing via a memory stick'ish or external hard drive
> situation. Not scientific, but it might yield something of possible
> use, anyway... Or not. :)
> 
> Cindy :)

I'd suppose running both live images (buster/stretch) from a thumb
drive for debugging. Power consumption should be similar to SSD,
effort is minimal and it should be fairly easy to compare the results
from 'top' and 'ps axf' - and the actual battery life, of course.


-- 
--
Backup not found: (A)bort (R)etry (P)anic

Re: [rkhunter] coyote.coyote.den - Daily report

[Gene Heskett]

On Tuesday 28 November 2017 05:16:42 Brian wrote:

> On Tue 28 Nov 2017 at 14:04:58 +0500, Alexander V. Makartsev wrote:
> > On 28.11.2017 07:45, Gene Heskett wrote:
> > > On Monday 27 November 2017 17:39:45 Brian wrote:
> > >> On Mon 27 Nov 2017 at 16:56:15 -0500, Gene Heskett wrote:
> > >>> On Monday 27 November 2017 15:57:34 Brian wrote:
> >  On Mon 27 Nov 2017 at 15:46:55 -0500, Gene Heskett wrote:
> > > On Monday 27 November 2017 14:35:17 root wrote:
> > >
> > > Installed new firefox-esr yesterday, from the wheezy repos.
> > > Today, rkhunter has a cow:
> > 
> >  [rkhunter nonsense snipped]
> > >>
> > >> I'd ignore it. Better still, purge rkhunter from the system. It
> > >> is renowned for giving false positives. There is no
> > >> well-substantiated account of it ever discovering anything of
> > >> consequence.
> > >
> > > Thats another possibility, I get tired of its mewling about stuff
> > > thats normal here. I use amanda, so yes, xinetd is in use, and
> > > other similar crap. I am amazed it doesn't fuss about
> > > ~/gene/bin/mailwatcher, which is my coupling between fetchmail and
> > > kmail.
> > >
> > > Cheers, Gene Heskett
> >
> > IMHO "ignore it and purge" is a terrible advice for anything. It is
> > better to understand the logic behind those triggers, even if they
> > are indeed false positive in this case.
>
> The advice was not intended to be generalised for all software. It was
> given in a particular context for a software which has an extensive
> track record for producing output which is of no consequence. I would
> be very, very surprised if Gene Heskett had obtained firefox-esr from
> an untrusted source. Yet another reason for not giving any credence to
> what it reported.
>
> > "rkhunter" has panicked and rightfully so because it found a working
> > process with suspicious ports in listening state. As it explained
> > these ports were known for usage by malware, ex. 6667 could be used
> > for IRC-bot which is used for remote control of the malware.
> > The name of process was "portsentry" and as stated in its package
> > description is used for portscan detection, so it must have opened
> > ports to "see" if there any portscans of known ports going.
> > Did you installed "portsentry", or should you trust "portsentry" to
> > open ports like this, are another questions.
> >
> > I don't use "rkhunter", but there is probably some mechanism to
> > whitelist, so it won't trigger on the same things (xinetd) every
> > time.
>
There is a specific setup to ignore /etc/xinetd.d stuff, but setting it 
up doesn't work.

> I am all in favour of finding causes for software behaviour but make
> an exception for rkhunter. Discovering that xinitrd is running is no
> great achievement. Labelling it as suspicious and the source of a
> possible rootkit comes close to generating FUD and inducing panic
> in less experienced users.

I'll agree. It has never squawked about /etc/xinetd.d/amanda being 
enabled before, and adding an pair of ignore that options in its .conf 
file has had no effect on its bitching about it. 


okaying firefox to use shared memory however did silence that.

I have also used portsentry for many years, and this is the first time 
its ever fussed about it. According to its own logs, nothing has 
changed, but suddenly its fussing. portsentry has triggered, but always 
from my fumble fingers logging in from one of my other machines.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

squid basic_ldap_auth con samba4

[Ariel Alvarez]

hola lista recien estoy estudiendo la posibilidad de migrar mis 
servicios para debian9 y ya pronunciarme en sustituir mi viejo samba3 a 
samba4, al implementar squid 3.5.23 la cual es la que tengo disponible 
en mis repos locales me encuentro que el mecanismo de autenticacion que 
usaba para samba3 ya no me funciona para samba4, he buscado en internet 
y probado con algunas variantes las cuales pongo mas abajo, sin 
resultado positivo, pudieran hecharme una mano con esto y darme alguna idea.


auth_param basic program /usr/lib/squid/basic_ldap_auth -b 
"cn=Users,dc=midominio,dc=cu" -f "uid=%s" -h direccion.ip.servidor.samba


auth_param basic program /usr/lib/squid/basic_ldap_auth -b 
"dc=midominio,dc=cu" -f "uid=%s" -h direccion.ip.servidor.samba


auth_param basic program /usr/lib/squid/basic_ldap_auth -v 3 -b 
"dc=midominio,dc=cu" -D uid=administrator,ou=Users,dc=midominio,dc=cu -w 
*** -f uid=%s -h direccion.ip.servidor.samba


auth_param basic program /usr/lib/squid/basic_ldap_auth -v 3 -b 
"dc=midominio,dc=cu" -D uid=administrator,ou=Users,dc=midominio,dc=cu -w 
 -f uid=%s direccion.ip.servidor.samba


auth_param basic program /usr/ lib/squid/ squid_ldap_auth -P -R -b 
"dc=midominio,dc=cu" -D "cn=administrator,cn=Users,dc=midominio,dc=cu"  
-w "***" -f sAMAccountName=%s -h direccion.ip.servidor.samba



gracias de antemano por su acostumbrada ayuda.

-
Consejo Nacional de Casas de Cultura
http://www.casasdecultura.cult.cu

Re: [1/2 HS] La fin du choix Linux à Münich

[MENGUAL Jean-Philippe]

A une nuance près: pour un dossier ponctuel comme celui-là, Canonical ou
Redhat auraient largement les moyens de faire face à Microsoft sur ce
terrain. Et leur intérêt: le même que celui de Microsoft (le long terme
et l'image)

 

signature_jp_2
Logo Hypra  JEAN-PHILIPPE MENGUAL
DIRECTEUR TECHNIQUE ET QUALITÉ
102, rue des poissonniers, 75018, Paris
Tel : +331 84 73 06 61  Mob : +336 76 34 93 37

jpmeng...@hypra.fr 
www.hypra.fr 
Facebook Hypra  Twitter Hypra
 Linkedin Jean-Philippe



Le 28/11/2017 à 13:03, Txo a écrit :
> Le 28/11/2017 à 11:58, MENGUAL Jean-Philippe a écrit :
>> Quand comprendra-t-on que pour que le
>> libre gagnne, il faut lutter sur le même terrain que les autres:
>
> La où le libre ne pourra jamais concurrencer les monstres, c'est la
> petite enveloppe pour les bonnes œuvres. Le capitalisme actuel pense que
> tout le monde est à vendre, il suffit de mettre le prix. Et
> malheureusement, les faits leur donnent raison.
>
>

Re: [OT a bit] -- OpenVPN and mobile safety

[Mark Fletcher]

On Sun, Nov 26, 2017 at 04:18:12PM +, Joe wrote:
> On Mon, 27 Nov 2017 00:33:02 +0900
> Mark Fletcher  wrote:
> 
> > On Tue, Nov 21, 2017 at 05:46:23PM +, Joe wrote:

> 'Send everything through the VPN' means everything which would be sent
> to the default gateway, which does *not* include traffic destined for
> the local network. After all, the VPN packets still have to be sent out
> of the wifi interface...
> 
> Your link to the local wifi network has set up routing whereby anything
> sent explicitly to *that* *network* will pass directly through the wifi
> interface and not through the VPN. That will take care of any local
> DHCP issues.

Hmmm. That also makes sense, but then why did the section of the docos 
you pointed me at tell me to expect problems with DHCP when using this 
function?

Well, I guess there is one way to find out -- try it! ;)

In the meantime, I have discovered that Android indeed has iptables, so 
I just need an iptables binary which I am in the process of sourcing to 
communicate with the iptables in the kernel. The iptables executable 
program isn't installed by default, but the kernel support for iptables 
is.

> 
> Note that most (maybe all) free wifi systems will want you to provide
> some authentication before you are connected to the Net, generally
> through a web page. In some systems, you may have a need to access the
> web page after the VPN is up, so it is probably advisable to allow web
> access to the wifi network as well as DHCP and OpenVPN.
> 
That would defeat some of the purpose -- allowing the tablet 
(specifically bloatware) to access the local network would (continue to) 
expose me to gawd alone knows what on unknown and untrusted networks. 
Obviously the network outside my home LAN is no more trusted than a 
hotel / coffee shop / airport WiFi is, but bad actors are known to 
loiter on such public networks waiting for idiots like me to come along, 
and I'm interested in seeing to what extent I can dodge them.

Thanks a lot for your advice -- it is starting to feel like I have 
everything I need to achieve my goal here.

Mark

Re: [rkhunter] coyote.coyote.den - Daily report

[Brian]

On Tue 28 Nov 2017 at 16:38:24 +0500, Alexander V. Makartsev wrote:

> On 28.11.2017 15:16, Brian wrote:
> > On Tue 28 Nov 2017 at 14:04:58 +0500, Alexander V. Makartsev wrote:
> >
> >> IMHO "ignore it and purge" is a terrible advice for anything. It is
> >> better to understand the logic behind those triggers, even if they are
> >> indeed false positive in this case.
> > The advice was not intended to be generalised for all software. It was
> > given in a particular context for a software which has an extensive
> > track record for producing output which is of no consequence. I would
> > be very, very surprised if Gene Heskett had obtained firefox-esr from
> > an untrusted source. Yet another reason for not giving any credence to
> > what it reported.
> That could be nothing to do with firefox-esr. Just because some package
> was installed last doesn't always means it will be the source of the
> problem.
> Anyway, creating software that will reliably detect something meant to
> be undetectable like rootkit, while evading rootkit's protection
> measures against well-known anti-rootkit software is impossible.
> When I read that log Gene posted and seen "6667 port" I was like "Holy
> shit this is serious", but then I looked up for "portsentry" and
> realized it is FP.
> "rkhunter" had every right to panic and it's user's fault to not know
> about how "portsentry" works. (IF this is legit "portsentry" not
> something that just has its name)
> >> "rkhunter" has panicked and rightfully so because it found a working
> >> process with suspicious ports in listening state. As it explained these
> >> ports were known for usage by malware, ex. 6667 could be used for
> >> IRC-bot which is used for remote control of the malware.
> >> The name of process was "portsentry" and as stated in its package
> >> description is used for portscan detection, so it must have opened ports
> >> to "see" if there any portscans of known ports going.
> >> Did you installed "portsentry", or should you trust "portsentry" to open
> >> ports like this, are another questions.
> >>
> >> I don't use "rkhunter", but there is probably some mechanism to
> >> whitelist, so it won't trigger on the same things (xinetd) every time.
> > I am all in favour of finding causes for software behaviour but make
> > an exception for rkhunter. Discovering that xinitrd is running is no
> > great achievement. Labelling it as suspicious and the source of a
> > possible rootkit comes close to generating FUD and inducing panic
> > in less experienced users.
> >
> That said, it is better to know at least something and investigate, than
> just saying "meh its another FP" and uninstall the software.
> "rkhunter" has served it's purpose at least to urge "less experienced
> users" to do a research and learn.

Two decent arguments. All it needs now is for somene to come forward and
recount how rkhunter's objective (Rootkit Hunter scans systems for known
and unknown rootkits, backdoors, sniffers and exploits) has resulted in
a positve outcome of benefit to the security of the machine. 

-- 
Brian.

Re: [rkhunter] coyote.coyote.den - Daily report

[Dejan Jocic]

On 27-11-17, Gene Heskett wrote:
> On Monday 27 November 2017 17:39:45 Brian wrote:
> 
> > On Mon 27 Nov 2017 at 16:56:15 -0500, Gene Heskett wrote:
> > > On Monday 27 November 2017 15:57:34 Brian wrote:
> > > > On Mon 27 Nov 2017 at 15:46:55 -0500, Gene Heskett wrote:
> > > > > On Monday 27 November 2017 14:35:17 root wrote:
> > > > >
> > > > > Installed new firefox-esr yesterday, from the wheezy repos.
> > > > > Today, rkhunter has a cow:
> > > >
> > > > [rkhunter nonsense snipped]
> > > >
> > > > > How should I restore?
> > > >
> > > > Restore what?
> > >
> > > An obviously contaminated firefox-esr. Or whatever in this list is
> > > contaminated: Its to complete list from the last wheezy update.
> > >
> > > Turns out that rkhunter looked over firefox-esr on its previous run
> > > and apparently gave it a passing grade. So I have to assume its
> > > something in yesterdays list:
> >
> > [Long list snipped]
> >
> > I'd ignore it. Better still, purge rkhunter from the system. It is
> > renowned for giving false positives. There is no well-substantiated
> > account of it ever discovering anything of consequence.
> 
That is terrible advice. If you do not understand it, purge it and
warnings will be gone. That rkhunter is approved, tested and well used
and recommended tool by some security experts is of no value at all.

> Thats another possibility, I get tired of its mewling about stuff thats 
> normal here. I use amanda, so yes, xinetd is in use, and other similar 
> crap. I am amazed it doesn't fuss about ~/gene/bin/mailwatcher, which is 
> my coupling between fetchmail and kmail.
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page 
> 

If you are tired of its "mewling about stuff thats normal here" then do
something about it. Rkhunter has conf file where you can whitelist that
stuff.

All that rkhunter did was its job. He issued you warnings about some
stuff that according to its conf file is suspicious. Now, it is on you
to investigate that and see if those warnings  are serious, or not.

Re: software to do drawings of houses, gardens, etc.

[Erik Christiansen]

On 28.11.17 07:58, Eric S Fraga wrote:
> On Tuesday, 28 Nov 2017 at 15:37, Erik Christiansen wrote:
> > After trying to get various GUI drawing packages to function at the most
> > basic level, and failing to produce anything, I'm just finishing the 8
> > drawings for my new house build (floor plan, elevations, sections, and
> > site plan), using raw postscript. That has proven a better fit for a
> > retired programmer.
> 
> Wow, definitely old skool!  It's been years since I wrote raw
> postscript.
> 
> On that note, did you look at xfig?  Not a CAD program, as such, but
> quite good for drawings of the sort you are doing maybe.  Also old
> skool...

Interesting ... I had not heard of it previously. Looking at it on
wikipedia, I see "Most operations in Xfig are performed using the
mouse," For the first, I've had no luck mouse-wrangling GUI drawing
packages - it's all so counter-intuitive, and nothing works for me. For
the second, after my 8 drawings I cannot imagine how I'd mouse-wrangle
something as simple as a wall cross-section with complete positional and
dimensional precision. In postscript, it's just:

/wall_height 2700 def
%X  Y X  Y   
   3600 0 moveto 100 wall_height box   % Let's put it at 3600 mm from origin,
   % at floor level.

(OK, I have a "box" function, as that's not native postscript.)

If I used a mouse, all the walls would differ in thickness, and only be
approximately in the right position. Yeah, there's probably snap-to-grid,
but that has to be too fine to add anything, if it's to handle arbitrary
dimensions. If you have to create with the mouse, then mouse-select a
side to give it a precise dimension via a dialogue box, then it seems
easier to skip the mouse-wrangling, as it doesn't add anything.

The only disadvantages are that programming a suite of artifacts to place
would drive 99% of users nuts at the outset, and drawing with text would
finish that job, despite the fact that drawing 14 solar panels on the
roof was just:

  14 { 1650 500 box 70 0 rmoveto } repeat stroke   % PV panels

(They're only 500 high, as viewed, because the roof is at 30°)

Erik

Re: [1/2 HS] La fin du choix Linux à Münich

[Txo]

Le 28/11/2017 à 11:58, MENGUAL Jean-Philippe a écrit :
> Quand comprendra-t-on que pour que le
> libre gagnne, il faut lutter sur le même terrain que les autres:


La où le libre ne pourra jamais concurrencer les monstres, c'est la
petite enveloppe pour les bonnes œuvres. Le capitalisme actuel pense que
tout le monde est à vendre, il suffit de mettre le prix. Et
malheureusement, les faits leur donnent raison.


-- 
-- Dominique Marin http://txodom.free.fr  --
  « Le mot RÉSISTER doit toujours se conjuguer au présent.»
--   Lucie Aubrac --

Re: unsure how to track down kernel stack traces in debian 9.2 on vmware ESXi

[Tom Stocker]

Hi list, hi deloptes
Many thanks for this hint. I'll test it first with 
linux-image-4.13.0-1-amd64/testing, if this will still occur I will have to 
take a deep read to understand cgroups, which I avoided successfully until now 
:)
Thanks again for pointing me in the this, hopefully right direction.
Tom Stocker

Re: ny greylisting-demon med några förbättringar

[Jonathan Sélea]

Tjena igen,

Eftersom du använde dig utav exim, så vill jag bara uppmärksamma dig på 
detta:


https://cert.se/2017/11/allvarliga-sarbarheter-i-mailserven-exim

I dagsläget finns det inte någon fix utan man får helt enkelt stänga av 
chunking.


/J



On 11/22/2017 09:39 PM, Per Eric Rosén wrote:

Intressant, tack för att du delade med dig :)
Själv kör jag postfix, men jag antar att man kan köra den som ett 
milter?

Eller ska man avvakta tills postfix är supporterat?


Tack!

I exim anropas greylisting av olika slag från en ACL genom att skicka 
en rad med data kuvert-data till en socket (lokal eller TCP), och sen 
få en rad till svar, till exempel grey|black|white. Så också för ddgrey.

Det används IIRC för några andra MTA också.

Postfix verkar (http://www.postfix.org/SMTPD_POLICY_README.html) 
skicka ett antal rader med key=value, och sen skicka en rad key=value. 
Det borde gå rätt lätt att en version av GreylistServer.pm och 
GreylistClientConnection.pm i ddgrey som tar emot data enligt postfix 
support. För bästa stöd bör det också finnas en modul som kan läsa 
postfix händelselogg för att få information om mail levererades, 
klassades som spam, gick till okänd mottagere etc. Alltså en version 
på Exim4.pm.


Så det behövs nog lite anpassning för Postfix, men inget oöverkomligt. 
Jag har inte erfarenhet av postfix själv, men skriver upp det på TODO. 
Om du någon mer postfix-van admin vill testa att göra en sådan modul 
är såklart patchar eller pull request välkomna :-)


/Per Eric
--
^): Per Eric Rosén http://rosnix.net/~per/
/   p...@rosnix.net GPG 7A7A BD68 ADC0 01E1 F560 79FD 33D1 1EC3 1EBB 7311





smime.p7s
Description: S/MIME Cryptographic Signature

Re: [rkhunter] coyote.coyote.den - Daily report

[Alexander V. Makartsev]

On 28.11.2017 15:16, Brian wrote:
> On Tue 28 Nov 2017 at 14:04:58 +0500, Alexander V. Makartsev wrote:
>
>> IMHO "ignore it and purge" is a terrible advice for anything. It is
>> better to understand the logic behind those triggers, even if they are
>> indeed false positive in this case.
> The advice was not intended to be generalised for all software. It was
> given in a particular context for a software which has an extensive
> track record for producing output which is of no consequence. I would
> be very, very surprised if Gene Heskett had obtained firefox-esr from
> an untrusted source. Yet another reason for not giving any credence to
> what it reported.
That could be nothing to do with firefox-esr. Just because some package
was installed last doesn't always means it will be the source of the
problem.
Anyway, creating software that will reliably detect something meant to
be undetectable like rootkit, while evading rootkit's protection
measures against well-known anti-rootkit software is impossible.
When I read that log Gene posted and seen "6667 port" I was like "Holy
shit this is serious", but then I looked up for "portsentry" and
realized it is FP.
"rkhunter" had every right to panic and it's user's fault to not know
about how "portsentry" works. (IF this is legit "portsentry" not
something that just has its name)
>> "rkhunter" has panicked and rightfully so because it found a working
>> process with suspicious ports in listening state. As it explained these
>> ports were known for usage by malware, ex. 6667 could be used for
>> IRC-bot which is used for remote control of the malware.
>> The name of process was "portsentry" and as stated in its package
>> description is used for portscan detection, so it must have opened ports
>> to "see" if there any portscans of known ports going.
>> Did you installed "portsentry", or should you trust "portsentry" to open
>> ports like this, are another questions.
>>
>> I don't use "rkhunter", but there is probably some mechanism to
>> whitelist, so it won't trigger on the same things (xinetd) every time.
> I am all in favour of finding causes for software behaviour but make
> an exception for rkhunter. Discovering that xinitrd is running is no
> great achievement. Labelling it as suspicious and the source of a
> possible rootkit comes close to generating FUD and inducing panic
> in less experienced users.
>
That said, it is better to know at least something and investigate, than
just saying "meh its another FP" and uninstall the software.
"rkhunter" has served it's purpose at least to urge "less experienced
users" to do a research and learn.


-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: [1/2 HS] La fin du choix Linux à Münich

[MENGUAL Jean-Philippe]

Le jour où le libre sera défendu, dans ces dossiers énormes, par de
vrais politiciens et plus uniquement des tech idéalistes, ce genre de
déconvenues devrait reculer. Et ici la politique, c'était déployer un
siège à côté, savoir accompagner l'utilisateur final, et communiquer.
Nouvel échec de Canonical, incapable de mettre les moyens au service de
sa distribution. Après l'assemblée nationale, après la Gendarmerie
qu'ils n'ont pas suivi, après le grand public qu'ils ont raté faute de
point de proximité" autres que les asso, voilà un nouveau revers. Aux
mêmes causes, les mêmes effets. Quand comprendra-t-on que pour que le
libre gagnne, il faut lutter sur le même terrain que les autres:
politique, communication; et se démarquer avec ce que le libre permet
mieux que tout autre licence: le service. A la place, on déplace le pb:
on fait du libre dans le cloud, et donc on le vide de sa substance
éthique, on poursuit l'approche techno, et ça va conduire aux mêmes
échecs à terme, voire une technophobie grandissante. Tant que la tech
prétendra transofmrer l'humain par la tech, elle va se planter, et
risque de faire passer l'humain à côté de sacrées opportunités, à cause
de ce mutisme technocentré.


Cordialement,


signature_jp_2
Logo Hypra  JEAN-PHILIPPE MENGUAL
DIRECTEUR TECHNIQUE ET QUALITÉ
102, rue des poissonniers, 75018, Paris
Tel : +331 84 73 06 61  Mob : +336 76 34 93 37

jpmeng...@hypra.fr 
www.hypra.fr 
Facebook Hypra  Twitter Hypra
 Linkedin Jean-Philippe



Le 28/11/2017 à 11:38, andre_deb...@numericable.fr a écrit :
> Alors que la ville de Münich avait choisi Linux,
> faisant d'elle une ville pionnière,
> en créant la distribution Limux, basée sur Ubuntu,
> et bien aujourd'hui, stop, retour à la case départ = Micro$oft !
>
> www.constructioncayola.com/batiment/article/2017/07/12/113642/nouveau-siege-microsoft-allemagne.php
>
> www.linformaticien.com/actualites/id/45694/a-munich-le-reve-open-source-prend-fin-au-profit-de-windows-10.aspx
>
> Le conseil municipal de Münich a en effet voté un budget de 49,3 millions 
> d’euros afin de (re)migrer entièrement sous M$-Windows 10.
>
> Triste nouvelle pour la communauté du Libre...
>
> André
>
>

[1/2 HS] La fin du choix Linux à Münich

[andre_debian]

Alors que la ville de Münich avait choisi Linux,
faisant d'elle une ville pionnière,
en créant la distribution Limux, basée sur Ubuntu,
et bien aujourd'hui, stop, retour à la case départ = Micro$oft !

www.constructioncayola.com/batiment/article/2017/07/12/113642/nouveau-siege-microsoft-allemagne.php

www.linformaticien.com/actualites/id/45694/a-munich-le-reve-open-source-prend-fin-au-profit-de-windows-10.aspx

Le conseil municipal de Münich a en effet voté un budget de 49,3 millions 
d’euros afin de (re)migrer entièrement sous M$-Windows 10.

Triste nouvelle pour la communauté du Libre...

André

Re: [rkhunter] coyote.coyote.den - Daily report

[Brian]

On Tue 28 Nov 2017 at 14:04:58 +0500, Alexander V. Makartsev wrote:

> On 28.11.2017 07:45, Gene Heskett wrote:
> > On Monday 27 November 2017 17:39:45 Brian wrote:
> >
> >> On Mon 27 Nov 2017 at 16:56:15 -0500, Gene Heskett wrote:
> >>> On Monday 27 November 2017 15:57:34 Brian wrote:
>  On Mon 27 Nov 2017 at 15:46:55 -0500, Gene Heskett wrote:
> > On Monday 27 November 2017 14:35:17 root wrote:
> >
> > Installed new firefox-esr yesterday, from the wheezy repos.
> > Today, rkhunter has a cow:
>  [rkhunter nonsense snipped]
> 
> >> I'd ignore it. Better still, purge rkhunter from the system. It is
> >> renowned for giving false positives. There is no well-substantiated
> >> account of it ever discovering anything of consequence.
> > Thats another possibility, I get tired of its mewling about stuff thats 
> > normal here. I use amanda, so yes, xinetd is in use, and other similar 
> > crap. I am amazed it doesn't fuss about ~/gene/bin/mailwatcher, which is 
> > my coupling between fetchmail and kmail.
> >
> > Cheers, Gene Heskett
> IMHO "ignore it and purge" is a terrible advice for anything. It is
> better to understand the logic behind those triggers, even if they are
> indeed false positive in this case.

The advice was not intended to be generalised for all software. It was
given in a particular context for a software which has an extensive
track record for producing output which is of no consequence. I would
be very, very surprised if Gene Heskett had obtained firefox-esr from
an untrusted source. Yet another reason for not giving any credence to
what it reported.

> "rkhunter" has panicked and rightfully so because it found a working
> process with suspicious ports in listening state. As it explained these
> ports were known for usage by malware, ex. 6667 could be used for
> IRC-bot which is used for remote control of the malware.
> The name of process was "portsentry" and as stated in its package
> description is used for portscan detection, so it must have opened ports
> to "see" if there any portscans of known ports going.
> Did you installed "portsentry", or should you trust "portsentry" to open
> ports like this, are another questions.
> 
> I don't use "rkhunter", but there is probably some mechanism to
> whitelist, so it won't trigger on the same things (xinetd) every time.

I am all in favour of finding causes for software behaviour but make
an exception for rkhunter. Discovering that xinitrd is running is no
great achievement. Labelling it as suspicious and the source of a
possible rootkit comes close to generating FUD and inducing panic
in less experienced users.

-- 
Brian.

Re: Boot et RAID5

[Eric Bernard]

Bonjour,
je confirme que l'on peut booter en raid5 logiciel sur le tout pour 
l'avoir fait à l'époque ou j'étais en poste physique (j'avais suivi une 
doc trouvée sur le net).
le seul problème rencontré a été lors de la bascule en virtuel car 
l'utilitaire de vmware n'aime pas du tout ce genre de boot
il est plutôt recommandé d’être en raid matériel mais attention au choix 
de la carte...



Cordialement


--



  Eric BERNARD
  Responsable informatique
  et multimédia
  02 41 51 11 36






Le 27/11/2017 à 22:27, Christophe a écrit :

Hello,

Le 27/11/2017 à 20:36, Sil a écrit :


Je voulais juste avoir votre avis sur l'architecture d'un serveur 
basé sur du RAID5.




Il manque une info primordiale : RAID5 matériel ou logiciel ?


Quelle solution vous semble la plus solide ?

- Un disque dédié à /boot + des disques en RAID sans GRUB.

- Pas de disque dédié et GRUB sur tous les disques de la grappe.



Si RAID matériel, RAID 5 sur le tout.

Si RAID logiciel, je doute sérieusement que l'on puisse booter un 
Linux par ce biais, et auquel cas, je conseillerais plutôt :


Un RAID1 pour le /boot, et / (notamment pour /etc) et un RAID5 pour le 
reste.


@+
Christophe.

Re: [rkhunter] coyote.coyote.den - Daily report

[Alexander V. Makartsev]

On 28.11.2017 07:45, Gene Heskett wrote:
> On Monday 27 November 2017 17:39:45 Brian wrote:
>
>> On Mon 27 Nov 2017 at 16:56:15 -0500, Gene Heskett wrote:
>>> On Monday 27 November 2017 15:57:34 Brian wrote:
 On Mon 27 Nov 2017 at 15:46:55 -0500, Gene Heskett wrote:
> On Monday 27 November 2017 14:35:17 root wrote:
>
> Installed new firefox-esr yesterday, from the wheezy repos.
> Today, rkhunter has a cow:
 [rkhunter nonsense snipped]

>> I'd ignore it. Better still, purge rkhunter from the system. It is
>> renowned for giving false positives. There is no well-substantiated
>> account of it ever discovering anything of consequence.
> Thats another possibility, I get tired of its mewling about stuff thats 
> normal here. I use amanda, so yes, xinetd is in use, and other similar 
> crap. I am amazed it doesn't fuss about ~/gene/bin/mailwatcher, which is 
> my coupling between fetchmail and kmail.
>
> Cheers, Gene Heskett
IMHO "ignore it and purge" is a terrible advice for anything. It is
better to understand the logic behind those triggers, even if they are
indeed false positive in this case.
"rkhunter" has panicked and rightfully so because it found a working
process with suspicious ports in listening state. As it explained these
ports were known for usage by malware, ex. 6667 could be used for
IRC-bot which is used for remote control of the malware.
The name of process was "portsentry" and as stated in its package
description is used for portscan detection, so it must have opened ports
to "see" if there any portscans of known ports going.
Did you installed "portsentry", or should you trust "portsentry" to open
ports like this, are another questions.

I don't use "rkhunter", but there is probably some mechanism to
whitelist, so it won't trigger on the same things (xinetd) every time.

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Boot et RAID5

[Seb]

Hello,



Quelle solution vous semble la plus solide ?
- Un disque dédié à /boot + des disques en RAID sans GRUB.


Si un downtime de quelques heures est acceptable pour changer un disque 
système, ce qui n'arrive pas tous les ans, cette solution est acceptable 
aussi. Un tout petit SSD est alors parfait pour le système (+swap). Dans 
ce cas, il est pratique qu'une crontab copie (rsync) sur le RAID une fois 
par jour tout /etc, + la liste des packages installés, afin que la 
réinstallation soit rapide. C'est ce que j'utilise pour 2 de mes 3 
serveurs (je mets aussi les /home sur le RAID).



- Pas de disque dédié et GRUB sur tous les disques de la grappe.


Ça marche aussi (RAID logiciel), plutôt avec la variante suivante: du 
RAID1 pour le système (pas seulement /boot), avec grub installé sur le MBR 
de chaque disque, et du RAID6 pour les données (et /home). C'est ce que 
j'utilise sur le 3e serveur (le plus précieux).



Seb.

Re: (deb-cat) Sticky-enganxos pel propietari de directori

[Narcis Garcia]

Establir ACL ho trobo excessiu per als meus fins.
De vegades ho vull aplicar a petits directoris d'un ordinador, però
normalment ho vull aplicar a memòries USB, i això últim encara fa menys
probable que tingui efecte, en un ordinador desconegut.




__
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 28/11/17 a les 09:03, Alex Muntada ha escrit:
> Narcis Garcia:
> 
>> Que el grup dels nous elements creats a dins hereti els
>> permisos de grup.
> 
> Has mirat si els ACL et serveixen? Existeix el concepte de
> «default ACL» que permet indicar els permisos que han de tenir
> per defecte els elements creats dins un directori determinat.
> 
> Salut,
> Alex
> 

Re: [rkhunter] coyote.coyote.den - Daily report

[Alexander V. Makartsev]

On 28.11.2017 12:09, deloptes wrote:
> Gene Heskett wrote:
>
>> [21:15:19]          Process: /usr/lib/firefox-esr/firefox-esr    PID:
>> 16994    Owner: gene
>> [21:15:19]          Process: /usr/lib/firefox-esr/firefox-esr    PID:
>> 16994    Owner: gene
> the only reason for using esr is flash - do you have it enabled active or
> running - might be worth looking in firefox what is causing the problem.
>
> otherwise I would ignore it - just a warning.
>
> regards
>
FYI, Adobe Flash Plugin is working normally with latest Mozilla Firefox
57.0 64-bit. FF57 is great performance wise too.


-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: (deb-cat) Sticky-enganxos pel propietari de directori

[Alex Muntada]

Narcis Garcia:

> Que el grup dels nous elements creats a dins hereti els
> permisos de grup.

Has mirat si els ACL et serveixen? Existeix el concepte de
«default ACL» que permet indicar els permisos que han de tenir
per defecte els elements creats dins un directori determinat.

Salut,
Alex



signature.asc
Description: PGP signature

Re: software to do drawings of houses, gardens, etc.

[Brian J. Oney]

Hello there,
if you want to make the investment in learning CAD and want to do drawings 
programmatically, then FreeCAD with the the CadQuery Module for FreeCAD 
(https://github.com/jmwright/cadquery-freecad-module) is an elegant option.
CheersBrian

On Tue, 2017-11-28 at 15:37 +1100, Erik Christiansen wrote:
> On 23.11.17 21:35, Doug wrote:
> > On 11/23/2017 05:06 PM, Emanuel Berg wrote:
> > > Joe wrote:
> > > 
> > > > What you won't be given is a dialog box with
> > > > X and Y size and coordinates, and invited to
> > > > edit them, it doesn't work that way.
> > > > That's how an object-oriented drawing program
> > > > would work.
> > > 
> > > Well, this is certainly a first that I'm an
> > > OO guy by intuition, because yes, that is how
> > > I would expect it to work. But that is drawing,
> > > not CAD?
> > > 
> > > I wonder if I should get an OO drawing
> > > application instead, and what would that be -
> > > Dia?
> > > 
> > > Or perhaps learn CAD as that's more powerful in
> > > the long run?
> > > 
> > 
> > Learning CAD is a hard road, but a worthwhile one, I think, because it is so
> > versatile.
> > Which one you learn will make some difference, depending on what you wind up
> > wanting to do with it.
> 
> After trying to get various GUI drawing packages to function at the most
> basic level, and failing to produce anything, I'm just finishing the 8
> drawings for my new house build (floor plan, elevations, sections, and
> site plan), using raw postscript. That has proven a better fit for a
> retired programmer.
> 
> I just made up functions for wall sections, windows, smoke alarms, ...,
> and then placed them programmatically at the desired coordinates, with
> the desired orientation. There is never any doubt about where a
> structure is located, and wall lengths are auto-calculated by summing
> the lengths of individual components. Using that in a "dimension"
> primitive ensures that the annotated dimension is real. And saving some
> floorplan offsets in variables ensured that the corresponding features
> were accurately placed in the sections on the next page.
> 
> And a variable was used for wallheight. When I was talked into changing
> from 2.4m to 2.7m ceilings, editing one variable instantly lifted the
> roof on four elevation and two section drawings. 
> 
> The 8 detailed drawings required around 800 lines of postscript, but
> that's creeping up toward 900 now that I'm adding notes and
> specifications.
> 
> It's faster for me, because GUI produced nothing, but not everyone
> enjoys first programming a stack-based language for a door:
> 
> /door% S: length (door width)
> { dup
> /wall_length exch wall_length add 60 add def % Keep global variable outside 
> dict scope.
>   1 dict begin  % 60 = 2*30 jambs.
>   /length exch def  % Take length off the stack.
>   30 100 box
>   currentpoint translate 
>   0 length lineto length length length 0 length arct 30 100 box gstroke
>   gsave 200 300 moveto length buf cvs show   % Size 
> text.
>   grestore
>   end  % End of local var scope.  
> } def
> 
> but after that, "820 door" chains an 820 mm wide door on the end of the
> current wall, in the current orientation, with lines for the open door
> and swing arc, plus the dimension in text. The variable wall_length is
> kept in global scope, because it accumulates the whole wall length for
> dimensioning purposes.
> 
> If I were building more than one house, it might almost be worth taking
> the thing beyond a one-off convenience hack, but the output is currently
> in for planning approval, and building approval will hopefully not
> require major edits. (It is, however, a delight to be able to edit my
> drawings with Vim. :-))
> 
> For viewing, ps2pdf, then xpdf or whatever
> Applications->Graphics->Document_Viewer is in reality, do the job.
> It's worth knowing that 'r' causes xpdf to reload the pdf file.
> And when diving into postscript, it's worthwhile having downloaded the
> BLUEBOOK.PDF first.
> 
> Erik
>