Re: Aptitude package manager "package"

[john doe]

On 1/23/2018 8:44 PM, OECT T wrote:


What other command line packages are recommended instead of Aptitude?



https://www.debian.org/doc/manuals/debian-faq/ch-pkgtools.en.html

--
John Doe

The perfect venue for your Wedding Celebration

[Ms. Karen Dilay]

You are receiving this email because you have subscribed to our email 
newsletters services or are registered with one of our Partner or affiliate 
sites.

If you no longer to wish to receive emails please Click Here

Aptitude package manager "package"

[OECT T]

Hi all:


I just installed Debian Stretch 9.3.0 and noticed that the Aptitude package was 
not installed by default.

I searched into Synaptics package manager and noticed that the package is not 
marked with the Debian icon indicating that the package is not supported.

I would appreciate any comments about it.

What other command line packages are recommended instead of Aptitude?

Is Aptitude or will be soon a deprecated package ? (Debian Reference still 
contains a good deal of information about Aptitude)

Regards

Oscar Corte

Re: Re: Re: (resend) trouble installing Debian 8.10 via netboot

[Karasawa, Mizuki]

Further research, seems to related to bug #883938 identified in 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883938

The temporary workaround is to turn NUMA off when booting…

Mizuki

Re: Question on CVE-2017-5754 on Debian 8.9

[Richard Hector]

On 24/01/18 12:11, Michael Stone wrote:
> Unless you took specific steps to disable kpti on a kernel that supports
> it, it will be on.

Only if the CPU needs it, I think. It's enabled on my i5, but not on my
AMD or my atom.

Richard
(I'm on the list; please don't cc me)



signature.asc
Description: OpenPGP digital signature

Debmirror - 3rd Party Repo Error (Kali)

[Derek Murphy]

Package: debmirror
Version: 1:2.16+deb8u1

When I run debmirror to sync the Kali repo, I get several errors regarding
uninitialized value $size. I've included a copy of the script that I run to
sync below. You will also notice a blank -r, this is due to Kali not using
the exact folder structure there is no url/ubuntu or url/debian directory.

kali_amd64_root=kali
kali_amd64_section=contrib,main,non-free
kali_amd64_release=kali-rolling,kali-experimental
kali_amd64_server=http.kali.org
kali_amd64_outPath=${basePath}/mirror/${kali_amd64_server}
#start the mirroring of kali
debmirror  -v -a amd64 --no-source -s $kali_amd64_section -h
$kali_amd64_server -d $kali_amd64_release -r "" --progress --method=http
--checksums --postcleanup --debug $kali_amd64_outPath

debmirror log:
user@localhost:/mnt/d/Linux_Repo# ./mirrorbuild_kali.sh
Mirroring to /mnt/d/Linux_Repo/mirror/http.kali.org from
http://http.kali.org//
Arches: amd64
Dists: kali-rolling,kali-experimental
Sections: contrib,main,non-free
Pdiff mode: use
Veriftying checksums.
Will clean up after mirroring.
Attempting to get lock ...
Not able to use rsync to update remote trace files ...
Getting meta files ...
[  0%] Getting: dists/kali-rolling/Release...#** GET
http://http.kali.org//dists/kali-rolling/Release ==> 302 Found (1s)
** GET http://archive-8.kali.org/kali/dists/kali-rolling/Release ==> 200 OK
ok
[  0%] Getting: dists/kali-rolling/InRelease...  #** GET
http://http.kali.org//dists/kali-rolling/InRelease ==> 302 Found
** GET http://archive-2.kali.org/kali/dists/kali-rolling/InRelease ==> 200
OK
ok
[  0%] Getting: dists/kali-rolling/Release.gpg...#** GET
http://http.kali.org//dists/kali-rolling/Release.gpg ==> 302 Found
** GET http://archive-5.kali.org/kali/dists/kali-rolling/Release.gpg ==>
200 OK
ok
gpgv: Signature made Tue 16 Jan 2018 07:07:26 AM STD using RSA key ID
7D8D0BF6
gpgv: Good signature from "Kali Linux Repository "
gpgv: Signature made Tue 16 Jan 2018 07:07:26 AM STD using RSA key ID
7D8D0BF6
gpgv: Good signature from "Kali Linux Repository "
[  0%] Getting: dists/kali-experimental/Release...   #** GET
http://http.kali.org//dists/kali-experimental/Release ==> 302 Found (1s)
** GET http://archive-2.kali.org/kali/dists/kali-experimental/Release ==>
200 OK
ok
[  0%] Getting: dists/kali-experimental/InRelease... #** GET
http://http.kali.org//dists/kali-experimental/InRelease ==> 302 Found
** GET http://archive-6.kali.org/kali/dists/kali-experimental/InRelease ==>
200 OK
ok
[  0%] Getting: dists/kali-experimental/Release.gpg...   #** GET
http://http.kali.org//dists/kali-experimental/Release.gpg ==> 302 Found
** GET http://archive-2.kali.org/kali/dists/kali-experimental/Release.gpg
==> 200 OK
ok
gpgv: Signature made Tue 09 Jan 2018 09:38:19 AM STD using RSA key ID
7D8D0BF6
gpgv: Good signature from "Kali Linux Repository "
gpgv: Signature made Tue 09 Jan 2018 09:38:19 AM STD using RSA key ID
7D8D0BF6
gpgv: Good signature from "Kali Linux Repository "
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in sprintf at /usr/bin/debmirror line 1679.
Mismatch '.temp/dists/kali-experimental/contrib/binary-amd64/Packages.xz':
size is 32, expected 0
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in sprintf at /usr/bin/debmirror line 1679.
Mismatch '.temp/dists/kali-experimental/main/binary-amd64/Packages.xz':
size is 1264, expected 0
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in sprintf at /usr/bin/debmirror line 1679.
Mismatch '.temp/dists/kali-experimental/non-free/binary-amd64/Packages.xz':
size is 32, expected 0
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in sprintf at /usr/bin/debmirror line 1679.
Mismatch '.temp/dists/kali-rolling/contrib/binary-amd64/Packages.xz': size
is 91412, expected 0
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in numeric eq (==) at /usr/bin/debmirror
line 1645.
Use of uninitialized value $size in sprintf at /usr/bin/debmirror line 1679.
Mismatch '.temp/dists/kali-rolling/main/binary-amd64/Packages.xz': size is
1474560, expected 0

Re: Question on CVE-2017-5754 on Debian 8.9

[Michael Stone]

On Tue, Jan 23, 2018 at 05:02:39PM -0600, Nicholas Geovanis wrote:

So my question becomes: Is it just my server, or others too? And why me?


dmesg reads a ring buffer; there are a limited number of entries, after 
which the oldest lines are dropped to make room for newer lines. Relying 
on dmesg is bad in general for this reason. If you were to reboot and 
run the script immediately (before many new lines are added to dmesg) it 
will likely work. Unless you took specific steps to disable kpti on a 
kernel that supports it, it will be on. You can also look for 
"Kernel/User page tables isolation: enabled" in syslog or the journal 
(journalctl -b | grep isolation) which will typically retain logs for 
longer than the dmesg buffer.


Mike Stone

Re: Question on CVE-2017-5754 on Debian 8.9

[Nicholas Geovanis]

Sorry, should have added that the string "Linux version" also does not
appear in the dmesg results
after a reboot. So despite the check script's advice, a reboot doesn't
change the results here.

On Tue, Jan 23, 2018 at 5:02 PM, Nicholas Geovanis
 wrote:
> There was a newer version of the script (about 4 hours newer), but the
> new version yields the same result.
>
> So I have a debian 8.6 machine for which this test in the script is failing:
> if ! dmesg | grep -qE '(^|\] )Linux version [0-9]'; then
> # dmesg truncated
> return 2
> fi
>
> So on that one debian server, the string "Linux version" does _not_
> appear in dmesg output, like so:
> # dmesg | grep Linux
> [0.564432] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
> [1.108492] Linux agpgart interface v0.103
> [2.192537] pps_core: LinuxPPS API ver. 1 registered
> [2.209475] usb usb1: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
> [2.225593] usb usb2: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
>
> So my question becomes: Is it just my server, or others too? And why me?
>
>
> On Tue, Jan 23, 2018 at 4:54 PM, Richard Hector  wrote:
>> On 24/01/18 11:27, Michael Fothergill wrote:
>>>
>>>
>>>
>>>
>>>
>>> Hi there,  I am running kernel 4.14.14 under gentoo testing on an
>>> AMD kaveri box.
>>>
>>> The version of GCC I am using is 7.2.  Whether that means the
>>> reptoline patch is working for me I am not quite sure but it could
>>> be I guess.
>>>
>>> Someone who is smarter than the average bear has written a patch for
>>> the spectre problem with no performance penalty:
>>>
>>> 
>>> https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414
>>> 
>>> 
>>>
>>> I am not sure if you can do this as debian testing or experimental.
>>>
>>> Cheers
>>>
>>> Michael Fothergill
>>>
>>>
>>> You can compile the kernel in debian:
>>>
>>> https://www.debian.org/releases/jessie/i386/ch08s06.html.en
>>>
>>>
>>> There is also a debian page on gcc7
>>>
>>> https://wiki.debian.org/GCC7
>>>
>>> If I ask the gentoo folks they will tell me if the KPTI and retpoline
>>> patches are turned on automatically in kernel 4.14.14
>>> or if you have to set a specific flag when you run make menuconfig (runs
>>> in Debian too); then if GCC7 is new enough for this
>>> you are good to go..
>>
>> The neowin link above has a link to a Phoronix article[1], which
>> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was
>> 9 days ago, of course ... Stretch only has 6.3, and even sid only has
>> 7.2, so I don't see it hitting debian soon.
>>
>> Richard
>>
>> [1]
>> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-4.14-Retpoline
>>

Re: Question on CVE-2017-5754 on Debian 8.9

[Nicholas Geovanis]

There was a newer version of the script (about 4 hours newer), but the
new version yields the same result.

So I have a debian 8.6 machine for which this test in the script is failing:
if ! dmesg | grep -qE '(^|\] )Linux version [0-9]'; then
# dmesg truncated
return 2
fi

So on that one debian server, the string "Linux version" does _not_
appear in dmesg output, like so:
# dmesg | grep Linux
[0.564432] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
[1.108492] Linux agpgart interface v0.103
[2.192537] pps_core: LinuxPPS API ver. 1 registered
[2.209475] usb usb1: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
[2.225593] usb usb2: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd

So my question becomes: Is it just my server, or others too? And why me?


On Tue, Jan 23, 2018 at 4:54 PM, Richard Hector  wrote:
> On 24/01/18 11:27, Michael Fothergill wrote:
>>
>>
>>
>>
>>
>> Hi there,  I am running kernel 4.14.14 under gentoo testing on an
>> AMD kaveri box.
>>
>> The version of GCC I am using is 7.2.  Whether that means the
>> reptoline patch is working for me I am not quite sure but it could
>> be I guess.
>>
>> Someone who is smarter than the average bear has written a patch for
>> the spectre problem with no performance penalty:
>>
>> 
>> https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414
>> 
>> 
>>
>> I am not sure if you can do this as debian testing or experimental.
>>
>> Cheers
>>
>> Michael Fothergill
>>
>>
>> You can compile the kernel in debian:
>>
>> https://www.debian.org/releases/jessie/i386/ch08s06.html.en
>>
>>
>> There is also a debian page on gcc7
>>
>> https://wiki.debian.org/GCC7
>>
>> If I ask the gentoo folks they will tell me if the KPTI and retpoline
>> patches are turned on automatically in kernel 4.14.14
>> or if you have to set a specific flag when you run make menuconfig (runs
>> in Debian too); then if GCC7 is new enough for this
>> you are good to go..
>
> The neowin link above has a link to a Phoronix article[1], which
> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was
> 9 days ago, of course ... Stretch only has 6.3, and even sid only has
> 7.2, so I don't see it hitting debian soon.
>
> Richard
>
> [1]
> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-4.14-Retpoline
>

Re: Question on CVE-2017-5754 on Debian 8.9

[Richard Hector]

On 24/01/18 11:27, Michael Fothergill wrote:
> 
> 
> 
> 
> 
> ​Hi there,  I am running kernel 4.14.14 under gentoo testing on an
> AMD kaveri box.
> 
> The version of GCC I am using is 7.2.  Whether that means the
> reptoline patch is working for me I am not quite sure but it could
> be I guess.
> 
> Someone who is smarter than the average bear has written a patch for
> the spectre problem with no performance penalty:
> 
> 
> https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414
> 
> 
> 
> ​I am not sure if you can do this as debian testing or experimental.
> 
> Cheers
> 
> Michael Fothergill
> 
> 
> ​You can compile the kernel in debian:​
> 
> ​https://www.debian.org/releases/jessie/i386/ch08s06.html.en
> 
> 
> ​There is also a debian page on gcc7
> ​
> https://wiki.debian.org/GCC7
> 
> ​If I ask the gentoo folks they will tell me if the KPTI and retpoline
> patches are turned on automatically in kernel 4.14.14
> or if you have to set a specific flag when you run make menuconfig (runs
> in Debian too); then if GCC7 is new enough for this
> you are good to go..

The neowin link above has a link to a Phoronix article[1], which
suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was
9 days ago, of course ... Stretch only has 6.3, and even sid only has
7.2, so I don't see it hitting debian soon.

Richard

[1]
https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-4.14-Retpoline



signature.asc
Description: OpenPGP digital signature

Re: Update warning.

[Frank M]

On 01/23/2018 05:31 PM, Richard Hector wrote:

On 24/01/18 11:08, Frank M wrote:

Just a warning for Debian Sid users - this one caught me today and

now a bunch of necessary things ( mostly systemd related ) won't run and

things like apt . aptitude, dpkg, etc are useless.


I don't know at this point how I am going to repair this system. Had to

boot Mint Mate to send this.


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888180

Looks like symlinking /bin/sh to /bin/bash (or maybe /usr/bin/dash?)
instead of /bin/dash might get you going?

Richard




Well after looking again at the bug report, I copied DASH from /usr/bin 
to /bin and
that did it. It's just a temporary fix, but it got the system going for 
now. A repackaged

DASH is apparently on the way.
I'll undo my fix after the new package gets installed.

Re: Update warning.

[Richard Hector]

On 24/01/18 11:35, Sven Joachim wrote:
> On 2018-01-24 11:31 +1300, Richard Hector wrote:
> 
>> On 24/01/18 11:08, Frank M wrote:
>>> Just a warning for Debian Sid users - this one caught me today and
>>>
>>> now a bunch of necessary things ( mostly systemd related ) won't run and
>>>
>>> things like apt . aptitude, dpkg, etc are useless.
>>>
>>>
>>> I don't know at this point how I am going to repair this system. Had to
>>>
>>> boot Mint Mate to send this.
>>>
>>>
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888180
>>
>> Looks like symlinking /bin/sh to /bin/bash (or maybe /usr/bin/dash?)
>> instead of /bin/dash might get you going?
> 
> That would probably work, but the correct fix is this one:
> 
> # mv /usr/bin/dash /bin/dash

Ok - I saw the patch doing that, but wasn't sure dash was there at all
if the package installation had failed. But then, I didn't try anything :-)

Richard




signature.asc
Description: OpenPGP digital signature

Re: Question on CVE-2017-5754 on Debian 8.9

[Michael Fothergill]

>>
> ​Hi there,  I am running kernel 4.14.14 under gentoo testing on an AMD
> kaveri box.
>
> The version of GCC I am using is 7.2.  Whether that means the reptoline
> patch is working for me I am not quite sure but it could be I guess.
>
> Someone who is smarter than the average bear has written a patch for the
> spectre problem with no performance penalty:
>
> https://www.neowin.net/news/retpoline-patch-coming-to-
> linux-49-and-linux-414
>
> ​I am not sure if you can do this as debian testing or experimental.
>
> Cheers
>
> Michael Fothergill
>

​You can compile the kernel in debian:​

> ​https://www.debian.org/releases/jessie/i386/ch08s06.html.en
>

​There is also a debian page on gcc7
​
https://wiki.debian.org/GCC7

​If I ask the gentoo folks they will tell me if the KPTI and retpoline
patches are turned on automatically in kernel 4.14.14
or if you have to set a specific flag when you run make menuconfig (runs in
Debian too); then if GCC7 is new enough for this
you are good to go..

Cheers

MF

Re: Update warning.

[Sven Joachim]

On 2018-01-24 11:31 +1300, Richard Hector wrote:

> On 24/01/18 11:08, Frank M wrote:
>> Just a warning for Debian Sid users - this one caught me today and
>> 
>> now a bunch of necessary things ( mostly systemd related ) won't run and
>> 
>> things like apt . aptitude, dpkg, etc are useless.
>> 
>> 
>> I don't know at this point how I am going to repair this system. Had to
>> 
>> boot Mint Mate to send this.
>> 
>> 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888180
>
> Looks like symlinking /bin/sh to /bin/bash (or maybe /usr/bin/dash?)
> instead of /bin/dash might get you going?

That would probably work, but the correct fix is this one:

# mv /usr/bin/dash /bin/dash

Cheers,
   Sven

Re: Update warning.

[Richard Hector]

On 24/01/18 11:08, Frank M wrote:
> Just a warning for Debian Sid users - this one caught me today and
> 
> now a bunch of necessary things ( mostly systemd related ) won't run and
> 
> things like apt . aptitude, dpkg, etc are useless.
> 
> 
> I don't know at this point how I am going to repair this system. Had to
> 
> boot Mint Mate to send this.
> 
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888180

Looks like symlinking /bin/sh to /bin/bash (or maybe /usr/bin/dash?)
instead of /bin/dash might get you going?

Richard



signature.asc
Description: OpenPGP digital signature

Update warning.

[Frank M]

Just a warning for Debian Sid users - this one caught me today and

now a bunch of necessary things ( mostly systemd related ) won't run and

things like apt . aptitude, dpkg, etc are useless.


I don't know at this point how I am going to repair this system. Had to

boot Mint Mate to send this.


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888180

Re: Question on CVE-2017-5754 on Debian 8.9

[Michael Fothergill]

On 23 January 2018 at 21:16, Sven Hartge  wrote:

> Nicholas Geovanis  wrote:
>
> > I've installed the patch for CVE-2017-5754 as well as the microcode
> update:
>
> Well, Intel majorly fscked up their microcodes and strongly recommends
> to revert to an earlier BIOS/UEFI firmware (if possible) and also
> advised all vendors shipping microcode as a separate package (meaning
> VMware and all Linux vendors here) to revert to the version from
> November 2017, which so far all major Linux distributions have done.
>
> (Debian didn't even ship the update for Stable/Oldstable because the
> problems where already showing two weeks ago.)
>
> So, right now, unless you have the latest bleeding edge kernel, compiled
> with a repoline-aware pre-release GCC, you will be vulnerable for
> CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some
> time.
>
>
​Hi there,  I am running kernel 4.14.14 under gentoo testing on an AMD
kaveri box.

The version of GCC I am using is 7.2.  Whether that means the reptoline
patch is working for me I am not quite sure but it could be I guess.

Someone who is smarter than the average bear has written a patch for the
spectre problem with no performance penalty:

https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414

​I am not sure if you can do this as debian testing or experimental.

Cheers

Michael Fothergill
​


> > # uname -a
> > Linux ftp51 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08)
> > x86_64 GNU/Linux
> > # dmesg | grep isolation
> > [0.00] Kernel/User page tables isolation: enabled
>
> > And yet, the widely-recommended test script at
> > https://raw.githubusercontent.com/speed47/spectre-meltdown-
> checker/master/spectre-meltdown-checker.sh
>
> Did you run the script as root? Did you use the most recent version of
> it? It gets developed quite rapidly, maybe you got a version which was
> not correctly functioning at that moment, giving that you download the
> script from the master-branch instead of one of the tagged releases.
>
> S°
>
> --
> Sigmentation fault. Core dumped.
>
>

Re: Debian mate wifi

[Jude DaShiell]

Best to run the report-bug program if on your system and have an 
internet connection open.
On Tue, 23 Jan 2018, michael caron couturier 
wrote:



Date: Tue, 23 Jan 2018 14:34:21
From: michael caron couturier 
To: debian-user 
Subject: Debian mate wifi
Resent-Date: Tue, 23 Jan 2018 19:51:09 + (UTC)
Resent-From: debian-user@lists.debian.org

How I file a bug ?




--

Re: Question on CVE-2017-5754 on Debian 8.9

[Sven Hartge]

Nicholas Geovanis  wrote:
> On Tue, Jan 23, 2018 at 3:16 PM, Sven Hartge  wrote:
>> Nicholas Geovanis  wrote:

>>> I've installed the patch for CVE-2017-5754 as well as the microcode update:

>> So, right now, unless you have the latest bleeding edge kernel, compiled
>> with a repoline-aware pre-release GCC, you will be vulnerable for
>> CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some
>> time.

> Correct. But the installed fixes were for CVE-2017-5754 as I
> mentioned, not for those two.

Sure. But there is no Microcode update fixing or even mitigating
CVE-2017-5754 (Meltdown). KPTI (or VA Shadowing as Microsoft calls it)
is the only workaround on affected CPUs (at the moment).

>>> And yet, the widely-recommended test script at
>>> https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
>>

>> It gets developed quite rapidly, maybe you got a version which was
>> not correctly functioning at that moment, giving that you download
>> the script from the master-branch instead of one of the tagged
>> releases.

> OK, I'll do that again to ensure that I have the right one. Thanks
> very much.

I can say: works for me, version
3e454f1817c447baab60990fc5c4b11ca9880c73 (Tue Jan 23 22:20:34 2018
+0100) on Linux 4.14.0-3-amd64 #1 SMP Debian 4.14.13-1 (2018-01-14)
x86_64 GNU/Linux

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: Question on CVE-2017-5754 on Debian 8.9

[Nicholas Geovanis]

On Tue, Jan 23, 2018 at 3:16 PM, Sven Hartge  wrote:
> Nicholas Geovanis  wrote:
>
>> I've installed the patch for CVE-2017-5754 as well as the microcode update:
>
> So, right now, unless you have the latest bleeding edge kernel, compiled
> with a repoline-aware pre-release GCC, you will be vulnerable for
> CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some
> time.
>

Correct. But the installed fixes were for CVE-2017-5754 as I
mentioned, not for those two.

>> And yet, the widely-recommended test script at
>> https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
>
> Did you run the script as root?

Yes.

> Did you use the most recent version of
> it?

Yes.

> It gets developed quite rapidly, maybe you got a version which was
> not correctly functioning at that moment, giving that you download the
> script from the master-branch instead of one of the tagged releases.

OK, I'll do that again to ensure that I have the right one. Thanks very much.

> S°
>
> --
> Sigmentation fault. Core dumped.
>

Re: Question on CVE-2017-5754 on Debian 8.9

[Sven Hartge]

Nicholas Geovanis  wrote:

> I've installed the patch for CVE-2017-5754 as well as the microcode update:

Well, Intel majorly fscked up their microcodes and strongly recommends
to revert to an earlier BIOS/UEFI firmware (if possible) and also
advised all vendors shipping microcode as a separate package (meaning
VMware and all Linux vendors here) to revert to the version from
November 2017, which so far all major Linux distributions have done.

(Debian didn't even ship the update for Stable/Oldstable because the
problems where already showing two weeks ago.)

So, right now, unless you have the latest bleeding edge kernel, compiled
with a repoline-aware pre-release GCC, you will be vulnerable for
CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some
time.

> # uname -a
> Linux ftp51 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08)
> x86_64 GNU/Linux
> # dmesg | grep isolation
> [0.00] Kernel/User page tables isolation: enabled

> And yet, the widely-recommended test script at
> https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

Did you run the script as root? Did you use the most recent version of
it? It gets developed quite rapidly, maybe you got a version which was
not correctly functioning at that moment, giving that you download the
script from the master-branch instead of one of the tagged releases.

S°

-- 
Sigmentation fault. Core dumped.

Question on CVE-2017-5754 on Debian 8.9

[Nicholas Geovanis]

I've installed the patch for CVE-2017-5754 as well as the microcode update:

# uname -a
Linux ftp51 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08)
x86_64 GNU/Linux
# dmesg | grep isolation
[0.00] Kernel/User page tables isolation: enabled

And yet, the widely-recommended test script at
https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

...still reports that CVE-2017-5754 vulnerability exists (as well as
the other 2).

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  UNKNOWN  (dmesg truncated, please reboot
and relaunch this script)
* Checking if we're running under Xen PV (64 bits):  UNKNOWN  (dmesg
truncated, please reboot and relaunch this script)
> STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)

And for the record, this is not under Xen and as you see further
above, the kernel reports that PTI is indeed enabled.
So my question is: What have I missed? Is the test script flawed? Is
the fix flawed? Am I flawed?
ThanksNick

Re: Debian mate wifi

[john doe]

On 1/23/2018 8:34 PM, michael caron couturier wrote:

How I file a bug ?



https://www.debian.org/Bugs/Reporting

--
John Doe

Re: stretch and DNS name resolution service for other devices on a LAN

[Pascal Hambourg]

Le 23/01/2018 à 18:08, David Wright a écrit :


[My Laptop] --- wireless connection IPv4 --- [Router] --- Internet Modem
  | / |
  | CAT5 cable IPv6/  |
  |   /   | wireless/wired
[My Desktop] --- wireless connection IPv4 __/| connections
  | IPv4
  |
 [TVs]


Both devices will allocate themselves an address in the 'link local' range,
and these addresses can then be used for communicating between the devices.


They can, but they should not be used with application-layer protocols. 
Really. IPv6 link local addresses are not meant for this.


On disadvantage is that these addresses are not globally unique (the 
link local prefix exists on all interfaces) and must be appended with an 
interface name. The second disadvantage is that if the interface is 
replaced for whatever reason, the interface name may change and the MAC 
address will change. The link local addresses is based on the MAC 
addresses, so it will change too. IMO, simple static configuration with 
a ULA prefix, or with a global prefix if you own one, would be much 
reliable.


So Andy is right : you could use IPv4 for this. But rather with static 
configuration than unpredictable APIPA assignments.

Debian mate wifi

[michael caron couturier]

How I file a bug ?

-- 
Michaël Caron Couturier

Re: policykit rule example.

[Kamil Jońca]

Brian  writes:

> Is
>
> https://lists.debian.org/debian-user/2015/10/msg00641.html
>
> more suitable for your task?

It is possible, although:
1. openvpn has to be run as root (routing and network interfaces) I do
not know if I can define proper systemd unit.

2. I want to learn something about policykit.

KJ

-- 
http://wolnelektury.pl/wesprzyj/teraz/

Re: Re: (resend) trouble installing Debian 8.10 via netboot

[Karasawa, Mizuki]

I’m using the latest netboot kernel for installation (dated in Dec 5th 2017, 
http://http.us.debian.org/debian/dists/jessie/main/installer-amd64/current/images/
 )
One machine had kernel crash at the very beginning, other machines I had better 
luck but ran into ‘partitioning trouble’, I backed out the latest netboot 
kernel, put the old ones back, still running into the same trouble. It suspect 
it is the upstream partman pkgs doing this.
If I install Debian 7 or 9 then no trouble, everything installs just fine.

Thanks!
Mizuki

Re: stretch and DNS name resolution service for other devices on a LAN

[David Wright]

On Tue 23 Jan 2018 at 16:06:01 (-), Andy Hawkins wrote:
> Hi,
> 
> In article <20180123144327.GA6815@alum>,
>David Wright wrote:
> > This would all be a step in the wrong direction here. Point (2) was
> > that using IPv6 over CAT5 avoids swamping the router. (Of course,
> > that's already been snipped out of the thread.) If the DHCP server
> > is down, then the router is down, and there are no links to anywhere
> > except the CAT5 cable I've just connected.
> >
> > So why would I worry about whether the IPv4 had reconfigured itself
> > when I've got a perfectly good dedicated IPv6 link between the two
> > computers? And why should I be worrying about DHCP failures?—the
> > only time my router is dead is during power cuts.
> 
> You were giving your reasoning for using IPv6 as being able to handle direct
> cable connections between devices.
> 
> I was simply explaining that you don't need IPv6 to do this, as IPv4 will
> probably fall back to 'link local' addresses if they receive no response
> from a DHCP server (which they won't, as all they're connected to is some
> other PC). 

You still don't quite understand what I'm doing, so here's a diagram
(needs monospace font):

[My Laptop] --- wireless connection IPv4 --- [Router] --- Internet Modem
 | / |
 | CAT5 cable IPv6/  |
 |   /   | wireless/wired
[My Desktop] --- wireless connection IPv4 __/| connections
 | IPv4
 |
[TVs]

> Both devices will allocate themselves an address in the 'link local' range,
> and these addresses can then be used for communicating between the devices.

… but meanwhile *I* can carry on using them both on the Internet
while transfers are taking place, and the TVs are unaffected by
any excessive traffic through the router.

In the case where a desktop is wired to the router, then just that
PC would lose its connectivity to all other machines (except
[My Laptop] of course) during a CAT5 connection (assuming it had
just the usual single ethernet port).

Cheers,
David.

Re: policykit rule example.

[Brian]

On Tue 23 Jan 2018 at 16:28:57 +0100, Kamil Jońca wrote:

> Brian  writes:
> 
> > On Tue 23 Jan 2018 at 13:29:35 +0100, Kamil Jońca wrote:
> >
> >> 
> [...]
> 
> >> 
> >> Any hints/examples?
> >
> > https://lists.debian.org/search.html
> >
> > Search debian-user with "pkla".
> 
> Thread "Embarrassing security bug in systemd"
> (https://lists.debian.org/debian-user/2017/12/msg00172.html) looks most
> promising, but even there is no documentation but rather reference to
> distribution config files.
> So there is nothing more comprehensive?
> 
> I am even  does not know how to check if my rules work. :)
> (when define sudo rules  for "do_something' I always can "sudo
> do_something" to check)
> 
> what would be equivalent of "sudo systemctl start openvpn@xxx" in terms
> of policykit command?

Is

https://lists.debian.org/debian-user/2015/10/msg00641.html

more suitable for your task?

-- 
Brian.

Re: stretch and DNS name resolution service for other devices on a LAN

[Andy Hawkins]

Hi,

In article <20180123144327.GA6815@alum>,
   David Wright wrote:
> This would all be a step in the wrong direction here. Point (2) was
> that using IPv6 over CAT5 avoids swamping the router. (Of course,
> that's already been snipped out of the thread.) If the DHCP server
> is down, then the router is down, and there are no links to anywhere
> except the CAT5 cable I've just connected.
>
> So why would I worry about whether the IPv4 had reconfigured itself
> when I've got a perfectly good dedicated IPv6 link between the two
> computers? And why should I be worrying about DHCP failures?—the
> only time my router is dead is during power cuts.

You were giving your reasoning for using IPv6 as being able to handle direct
cable connections between devices.

I was simply explaining that you don't need IPv6 to do this, as IPv4 will
probably fall back to 'link local' addresses if they receive no response
from a DHCP server (which they won't, as all they're connected to is some
other PC). 

Both devices will allocate themselves an address in the 'link local' range,
and these addresses can then be used for communicating between the devices.

Andy

Re: policykit rule example.

[Kamil Jońca]

Brian  writes:

> On Tue 23 Jan 2018 at 13:29:35 +0100, Kamil Jońca wrote:
>
>> 
[...]

>> 
>> Any hints/examples?
>
> https://lists.debian.org/search.html
>
> Search debian-user with "pkla".

Thread "Embarrassing security bug in systemd"
(https://lists.debian.org/debian-user/2017/12/msg00172.html) looks most
promising, but even there is no documentation but rather reference to
distribution config files.
So there is nothing more comprehensive?

I am even  does not know how to check if my rules work. :)
(when define sudo rules  for "do_something' I always can "sudo
do_something" to check)

what would be equivalent of "sudo systemctl start openvpn@xxx" in terms
of policykit command?
KJ


 
-- 
http://wolnelektury.pl/wesprzyj/teraz/
KRETYNIZM - ułomność predysponująca często do wampiryzmu
(J.Collin de Plancy "Słownik wiedzy tajemnej")

Re: stretch and DNS name resolution service for other devices on a LAN

[David Wright]

On Tue 23 Jan 2018 at 13:41:31 (+), Joe wrote:
> On Tue, 23 Jan 2018 11:12:41 + (UTC)
> Curt  wrote:
> 
> > On 2018-01-23, Andy Hawkins  wrote:
> > > Hi,
> > > In article <20180122185135.GA12212@alum>,
> > >David Wright wrote:  
> > >>> You should be able to do that with IPv4 too. If DHCP address
> > >>> allocation fails,  
> > >>
> > >> Elaborate on this please. What do you mean by "fails".
> > >> What am I meant to want to fail?  
> > >
> > > If a host that's expecting to receive its address via DHCP receives
> > > no response from the DHCP server, it should fall back automatically
> > > to a 'link local' address.  
> > 
> > Is this what you're referring to ("an IPv4 address within the
> > 169.254/16 prefix that is valid for communication with other devices
> > connected to the same physical (or logical) link," failing--or in the
> > absence of--automatic or manual assignment)?
> > 
> > https://tools.ietf.org/html/rfc3927
> 
> Indeed so. It ensures that if the DHCP server temporarily suffers a
> problem, any Windows machine on the network (I have no data for Linux)
> that gets rebooted stands absolutely zero chance of communicating with
> any network machine which hasn't been rebooted. The idea that the
> previous working address (even within the lease period), or the
> [Windows] manually entered 'alternate' address should be tried does not
> arise.
> 
> I would hope that the Linux network management utilities take a more
> intelligent view of the situation, I haven't yet had cause to find out.

This would all be a step in the wrong direction here. Point (2) was
that using IPv6 over CAT5 avoids swamping the router. (Of course,
that's already been snipped out of the thread.) If the DHCP server
is down, then the router is down, and there are no links to anywhere
except the CAT5 cable I've just connected.

So why would I worry about whether the IPv4 had reconfigured itself
when I've got a perfectly good dedicated IPv6 link between the two
computers? And why should I be worrying about DHCP failures?—the
only time my router is dead is during power cuts.

Cheers,
David.

Re: PDF displayed incorrectly by certain software

[Ionel Mugurel Ciobîcă]

On 23-01-2018, at 10h 11'43", Curt wrote about "Re: PDF displayed incorrectly 
by certain software"
> 
> Same problem here with bank statements (recent bank statements unviewable in
> xpdf but viewable in evince).
> 
> (Actually it appears the pdfs viewable in xpdf are 'PDF document, version 1.4'
> and the pdfs that are not are 'PDF document, version 1.7' according to 
> 'file'.)

Here are all 1.4:

file dec2016.pdf aug2017.pdf
dec2016.pdf: PDF document, version 1.4
aug2017.pdf: PDF document, version 1.4

> 
> Seems to be a pinpointable difference here.
> 
> Old bank statement:
> 
> curty@einstein:~/releve$ pdffonts dec2014.pdf 
> name type  emb sub uni object ID
>  - --- --- --- -
> Times-Roman  Type 1no  no  no   8  0
> HelveticaType 1no  no  no   7  0
> Helvetica-Bold   Type 1no  no  no   5  0
> Courier  Type 1no  no  no   9  0
> 
> New bank statement:
> 
> curty@einstein:~/releve$ pdffonts dec2017.pdf 
> name type  emb sub uni object ID
>  - --- --- --- -
> [none]   Type 3yes no  no  10  0
> [none]   Type 3yes no  no  11  0
> [none]   Type 3yes no  no  12  0
> [none]   Type 3yes no  no  13  0
> [none]   Type 3yes no  no  14  0
> [none]   Type 3yes no  no  15  0
> [none]   Type 3yes no  no  16  0
> [none]   Type 3yes no  no  17  0
> [none]   Type 3yes no  no  18  0
> [none]   Type 3yes no  no  19  0
> [none]   Type 3yes no  no  20  0
> [none]   Type 3yes no  no  21  0
> [none]   Type 3yes no  no  22  0
> [none]   Type 3yes no  no  23  0
> [none]   Type 3yes no  no  26  0
> [none]   Type 3yes no  no  27  0
> 

In my case:

pdffonts dec2016.pdf
name type  encoding emb sub uni object ID
 -  --- --- --- -
[none]   Type 3Custom   yes no  yes 19  0
[none]   Type 3Custom   yes no  yes 20  0
HelveticaType 1Custom   no  no  no  21  0
Courier  Type 1Custom   no  no  no  22  0

pdffonts aug2017.pdf
name type  encoding emb sub uni object ID
 -  --- --- --- -
[none]   Type 3Custom   yes no  yes  7  0
[none]   Type 3Custom   yes no  yes  8  0
[none]   Type 3Custom   yes no  yes  9  0
[none]   Type 3Custom   yes no  yes 10  0
[none]   Type 3Custom   yes no  yes 11  0



Ionel

Re: stretch and DNS name resolution service for other devices on a LAN

[Joe]

On Tue, 23 Jan 2018 11:12:41 + (UTC)
Curt  wrote:

> On 2018-01-23, Andy Hawkins  wrote:
> > Hi,
> > In article <20180122185135.GA12212@alum>,
> >David Wright wrote:  
> >>> You should be able to do that with IPv4 too. If DHCP address
> >>> allocation fails,  
> >>
> >> Elaborate on this please. What do you mean by "fails".
> >> What am I meant to want to fail?  
> >
> > If a host that's expecting to receive its address via DHCP receives
> > no response from the DHCP server, it should fall back automatically
> > to a 'link local' address.  
> 
> Is this what you're referring to ("an IPv4 address within the
> 169.254/16 prefix that is valid for communication with other devices
> connected to the same physical (or logical) link," failing--or in the
> absence of--automatic or manual assignment)?
> 
> https://tools.ietf.org/html/rfc3927

Indeed so. It ensures that if the DHCP server temporarily suffers a
problem, any Windows machine on the network (I have no data for Linux)
that gets rebooted stands absolutely zero chance of communicating with
any network machine which hasn't been rebooted. The idea that the
previous working address (even within the lease period), or the
[Windows] manually entered 'alternate' address should be tried does not
arise.

I would hope that the Linux network management utilities take a more
intelligent view of the situation, I haven't yet had cause to find out.

-- 
Joe

Re: PDF displayed incorrectly by certain software

[Ionel Mugurel Ciobîcă]

On 23-01-2018, at 11h 18'26", Michael Lange wrote about "Re: PDF displayed 
incorrectly by certain software"
> Hi again,
> 
> On Tue, 23 Jan 2018 11:03:24 +0100
> Michael Lange  wrote:
> 
> uh no, appears to be rather this bug in libpoppler:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886733

Downgraded some poppler packages and I can view now all pdf files
with xpdf. The difference between the old and new files now (for me)
is that they use (visible) different fonts.

Ionel

Re: policykit rule example.

[Brian]

On Tue 23 Jan 2018 at 13:29:35 +0100, Kamil Jońca wrote:

> 
> I try to use policykit.
> But (maybe I use wrong key words for googling) I cannot find any
> non-trivial example for pkla files (onyl JS-like ones)
> Can anybot help me with this?
> Simple task:
> want to user kjonca be able to start/stop openvpn without asking
> password.
> 
> Any hints/examples?

https://lists.debian.org/search.html

Search debian-user with "pkla".

-- 
Brian.

policykit rule example.

[Kamil Jońca]

I try to use policykit.
But (maybe I use wrong key words for googling) I cannot find any
non-trivial example for pkla files (onyl JS-like ones)
Can anybot help me with this?
Simple task:
want to user kjonca be able to start/stop openvpn without asking
password.

Any hints/examples?
KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
God is the tangential point between zero and infinity.
-- Alfred Jarry

Re: stretch and DNS name resolution service for other devices on a LAN

[Curt]

On 2018-01-23, Andy Hawkins  wrote:
> Hi,
> In article <20180122185135.GA12212@alum>,
>David Wright wrote:
>>> You should be able to do that with IPv4 too. If DHCP address allocation
>>> fails,
>>
>> Elaborate on this please. What do you mean by "fails".
>> What am I meant to want to fail?
>
> If a host that's expecting to receive its address via DHCP receives no 
> response from the
> DHCP server, it should fall back automatically to a 'link local' address.

Is this what you're referring to ("an IPv4 address within the 169.254/16
prefix that is valid for communication with other devices connected to
the same physical (or logical) link," failing--or in the absence
of--automatic or manual assignment)?

https://tools.ietf.org/html/rfc3927

> Andy
>
>


-- 
“True terror is to wake up one morning and discover that your high school class
is running the country.” – Kurt Vonnegut

Re: PDF displayed incorrectly by certain software

[Michael Lange]

Hi again,

On Tue, 23 Jan 2018 11:03:24 +0100
Michael Lange  wrote:

> just a shot in the dark: I think okular and qpdfview use qt, some of the
> "working" viewers seem to use gtk. Not sure about the toolkit xpdf and
> some of the other programs use, but maybe the problem has something to
> do with the toolkit in use rather than with a bug in the applications?

uh no, appears to be rather this bug in libpoppler:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886733

Similar bug reports are:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886798
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783607

Semms like this has been fixed in unstable meanwhile.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

We have phasers, I vote we blast 'em!
-- Bailey, "The Corbomite Maneuver", stardate 1514.2

Re: PDF displayed incorrectly by certain software

[Curt]

On 2018-01-23, Ionel Mugurel Ciobîcă  wrote:
> On 22-01-2018, at 18h 28'13", Greg Marks wrote about "PDF displayed 
> incorrectly by certain software"
>> I have encountered a peculiar situation where a PDF file displays as
>> gibberish with certain PDF viewers but displays correctly with others.
>> [...]
>> numerous "Missing or bad Type3 CharProc entry" syntax errors) followed by
>> [...]
>
> I encounter similar issue with my bank statements... xpdf will not
> show any glyphs, only lines and logo, same as okular; gv on the other
> hand will show everything. The pdf files are version 1.4. Funny is
> that older files (still 1.4) will show fine with xpdf and okular. Only
> newer ones have this issue... xpdf will spit out few hundreds times
> Syntax Error: "Missing or bad Type3 CharProc entry".

Same problem here with bank statements (recent bank statements unviewable in
xpdf but viewable in evince).

(Actually it appears the pdfs viewable in xpdf are 'PDF document, version 1.4'
and the pdfs that are not are 'PDF document, version 1.7' according to 'file'.)

> I can't ping point the difference between the older files and the
> newer ones, except the size. The newer ones are more than twice the

Seems to be a pinpointable difference here.

Old bank statement:

curty@einstein:~/releve$ pdffonts dec2014.pdf 
name type  emb sub uni object ID
 - --- --- --- -
Times-Roman  Type 1no  no  no   8  0
HelveticaType 1no  no  no   7  0
Helvetica-Bold   Type 1no  no  no   5  0
Courier  Type 1no  no  no   9  0

New bank statement:

curty@einstein:~/releve$ pdffonts dec2017.pdf 
name type  emb sub uni object ID
 - --- --- --- -
[none]   Type 3yes no  no  10  0
[none]   Type 3yes no  no  11  0
[none]   Type 3yes no  no  12  0
[none]   Type 3yes no  no  13  0
[none]   Type 3yes no  no  14  0
[none]   Type 3yes no  no  15  0
[none]   Type 3yes no  no  16  0
[none]   Type 3yes no  no  17  0
[none]   Type 3yes no  no  18  0
[none]   Type 3yes no  no  19  0
[none]   Type 3yes no  no  20  0
[none]   Type 3yes no  no  21  0
[none]   Type 3yes no  no  22  0
[none]   Type 3yes no  no  23  0
[none]   Type 3yes no  no  26  0
[none]   Type 3yes no  no  27  0

The OP's pdf shows a slew of Type 3 fonts also.

I read installing 'cm-super' might magically fix things so I did, but it didn't
(although I believe the output of pdffonts on the cklppaper.pdf changed
afterwards with some of the Type 3 fonts subsisted with Type 1--is that
possible)?

Anyhow I'm a blind man trying to lead the sighted.

(PS: Seems like all the math more or less renders in xpdf when viewing 
'cklppaper.pdf'
here.) 

-- 
“True terror is to wake up one morning and discover that your high school class
is running the country.” – Kurt Vonnegut

Re: PDF displayed incorrectly by certain software

[Michael Lange]

Hi,

On Mon, 22 Jan 2018 18:28:13 -0600
Greg Marks  wrote:

> I have encountered a peculiar situation where a PDF file displays as
> gibberish with certain PDF viewers but displays correctly with others.
> The PDF file in question can be downloaded from the site:
> 
>https://link.springer.com/article/10.1007/s11856-017-1616-6
> 
> however, you might need an institutional subscription to view the full
> document, so I am temporarily posting a copy here:
> 
>https://gmarks.org/cklppaper.pdf
> 
> The file displays correctly using any of these programs: evince
> (version 3.22.1), zathura (version 0.3.7), acroread (version 9.5.5),
> mupdf (version 1.9a), xournal (version 0.4.8), gv (version 3.7.4).
> As you can perhaps confirm, the file does not display correctly--one
> sees only scattered mathematical symbols throughout the pages--if it is
> opened with any of the following programs: qpdfview (version 0.4.14),
> xpdf (version 3.04), okular (version 0.26.1).

just a shot in the dark: I think okular and qpdfview use qt, some of the
"working" viewers seem to use gtk. Not sure about the toolkit xpdf and
some of the other programs use, but maybe the problem has something to do
with the toolkit in use rather than with a bug in the applications?

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

The man on tops walks a lonely street; the "chain" of command is often a
noose.

Re: stretch and DNS name resolution service for other devices on a LAN

[Andy Hawkins]

Hi,
In article <20180122185135.GA12212@alum>,
   David Wright wrote:
>> You should be able to do that with IPv4 too. If DHCP address allocation
>> fails,
>
> Elaborate on this please. What do you mean by "fails".
> What am I meant to want to fail?

If a host that's expecting to receive its address via DHCP receives no response 
from the
DHCP server, it should fall back automatically to a 'link local' address.

Andy