Re: What is the mailing list software used by lists.debian.org?
Brian Nguyen writes: > I think it's not GNU Mailman. What is the software used for official Debian > mailing lists? Is it free > software? Maybe following page do help for you. See /MailingLists/index.en.html. Yes that is not GNU Mailman. -- ^고맙습니다 _地平天成_ 감사합니다_^))//
Re: bts command `send-unmatched'
writes: > On Wed, Aug 15, 2018 at 04:13:32PM +0900, Byung-Hee HWANG (황병희, 黃炳熙) wrote: >> When i type command by email as follows: >> >> send-unmatched old|-2 >> send-unmatched [old|-2] >> >> Then BTS server tell me "Unknown command or malformed arguments to >> command." with both above commands. >> >> Yes, i'm now translating /Bugs/server-request >> [https://www.debian.org/Bugs/server-request.en.html]. >> >> Is that dead command? Or am i someting wrong? > > Hey, and thanks for your translation work! > > NOTE: I didnn't really try this, this is just a quick answer. > > I think those signs [ | and ] are just what is called "metasyntax" [1] > In this case, [...] seems to mean that what goes in [] is optional, > that is: > > index [full] > > means you can either say "index" or "index full". And ...|... means > either... or, for example: > > send-unmatched last|-1 > > means you can say "send-unmatched last" or "send-unmatched -1" (both > seem to mean the same thing). Finally > > send-unmatched [this|0] > > means you can say "send unmatched this", "send-unmatched 0" or just simply > "send-unmatched". Those also seem to mean the same thing. > > HTH > [1] https://en.wikipedia.org/wiki/Metasyntax Sorry for late. And thank you very so much for your explanation. By the way my friend told me the command is disabled by BTS server. In this case, may i do to comment on that to the translating page? Again thank you tomas and your time^^ Sincerely, Byung-Hee. -- ^고맙습니다 _地平天成_ 감사합니다_^))//
Re: Literal postings, was Re: Wanted - Debian(preferred)/Linux handheld
On Sat, Aug 18, 2018 at 6:42 PM, David Wright wrote: > > . A lot of OPs provide very little background information. Sometimes > this may be because they don't know what *is* relevant, but often a > thread turns into an episode of "Twenty Questions" because of what > seems like a reluctance to reveal any facts about their system. > > . Following this, when the OP apparently "disappears" after making > their first post, people are left little option but to make guesses > about what their problem might be caused by. In my opinion, the *proper* course of action is then to ask for more information instead of guessing. If OP then does not reply, then there's no need to keep going. I believe that my views on this have changed after the Stack Exchange network of websites sprung up. It makes such a huge difference in clarity when bad questions are forcibly closed until corrected. > . Some OPs provide facts which, when people start investigating, are > found to be incorrect, so the thread bifurcates into those accepting > the factoid and others disputing it. This is of course unfortunate but something even I have to admit that we have to accept. :)
Black screen with AMD graphics card
Since upgrading to Debian unstable I can't boot my system. It would show some text on a black background for a while and then the screen goes black. Ctrl+Alt+F5 doesn't work. https://ipfs.io/ipfs/QmRhCQNpCzSb2QAA5erUkFjXhVbuAS4czWfNxuf6iUMzRS
What is the mailing list software used by lists.debian.org?
I think it's not GNU Mailman. What is the software used for official Debian mailing lists? Is it free software?
Re: Repository Problem
On 2018-08-19 02:37, Cindy-Sue Causey wrote: On 8/18/18, Stephen P. Molnar wrote: On 08/18/2018 01:54 PM, Brian wrote: What does 'ip a' give you? And 'ping -cwww.debian.org? Thanksfot the reply. root@AbNormal:/home/comp# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp2s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether bc:ee:7b:5e:83:36 brd ff:ff:ff:ff:ff:ff inet 192.168.1.123/24 brd 192.168.1.255 scope global dynamic enp2s0 valid_lft 86368sec preferred_lft 86368sec inet6 2600:1700:4280:3690::33/128 scope global dynamic valid_lft 1209566sec preferred_lft 1209566sec inet6 2600:1700:4280:3690:f15f:a615:62e3:1b2d/64 scope global temporary dynamic valid_lft 604766sec preferred_lft 85961sec inet6 2600:1700:4280:3690:beee:7bff:fe5e:8336/64 scope global mngtmpaddr noprefixroute dynamic valid_lft 1209598sec preferred_lft 1209598sec inet6 fe80::beee:7bff:fe5e:8336/64 scope link valid_lft forever preferred_lft forever root@AbNormal:/home/comp# root@AbNormal:/home/comp# ping -c www.debian.org but, without the -c switch: PING www.debian.org(mirror-isc3.debian.org (2001:4f8:1:c::15)) 56 data bytes ^C --- www.debian.org ping statistics --- 12 packets transmitted, 0 received, 100% packet loss, time 11266ms root@AbNormal:/home/comp# ping: bad number of packets to transmit. root@AbNormal:/home/comp# I tried this, too, while lurking along. Received the same "bad number of packets" *abrupt retort* to "ping -c". I didn't want to interject/bother anyone here so I searched the Net instead. Only 175 pages pulled up when that advisement is enclosed in quotation marks. A slightly wider search with 'ping "bad number of packets"' only raised it to 360 pages. That seems curiously small. Does it mean it's something that people pretty much don't need and/or just don't know they could address somehow? Two for two of us here tried it and received that message so that's why I decided to put this out here. Are we the only two in the World with this... no, surely not... And ultimately does it matter enough that it could maybe use some, e.g. Publicity Team, airtime now that it has come up in a very informative way? It's the first time I've ever done the "ping -c", I always just ping because I never thought about taking it any further than just making sure I was connected to the Net... to which I am so am off to search for answers. :) Cindy :) I think you are supposed to put a number after -c man ping mick -- Key ID4BFEBB31
Re: Repository Problem
On 8/18/18, Stephen P. Molnar wrote: > > On 08/18/2018 01:54 PM, Brian wrote: >> What does 'ip a' give you? And 'ping -cwww.debian.org? >> >Thanksfot the reply. > > root@AbNormal:/home/comp# ip a > 1: lo: mtu 65536 qdisc noqueue state UNKNOWN > group default qlen 1 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: enp2s0: mtu 1500 qdisc pfifo_fast > state UP group default qlen 1000 > link/ether bc:ee:7b:5e:83:36 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.123/24 brd 192.168.1.255 scope global dynamic enp2s0 > valid_lft 86368sec preferred_lft 86368sec > inet6 2600:1700:4280:3690::33/128 scope global dynamic > valid_lft 1209566sec preferred_lft 1209566sec > inet6 2600:1700:4280:3690:f15f:a615:62e3:1b2d/64 scope global > temporary dynamic > valid_lft 604766sec preferred_lft 85961sec > inet6 2600:1700:4280:3690:beee:7bff:fe5e:8336/64 scope global > mngtmpaddr noprefixroute dynamic > valid_lft 1209598sec preferred_lft 1209598sec > inet6 fe80::beee:7bff:fe5e:8336/64 scope link > valid_lft forever preferred_lft forever > root@AbNormal:/home/comp# > > root@AbNormal:/home/comp# ping -c www.debian.org > > but, without the -c switch: > > PING www.debian.org(mirror-isc3.debian.org (2001:4f8:1:c::15)) 56 data > bytes > ^C > --- www.debian.org ping statistics --- > 12 packets transmitted, 0 received, 100% packet loss, time 11266ms > > root@AbNormal:/home/comp# > > ping: bad number of packets to transmit. > root@AbNormal:/home/comp# I tried this, too, while lurking along. Received the same "bad number of packets" *abrupt retort* to "ping -c". I didn't want to interject/bother anyone here so I searched the Net instead. Only 175 pages pulled up when that advisement is enclosed in quotation marks. A slightly wider search with 'ping "bad number of packets"' only raised it to 360 pages. That seems curiously small. Does it mean it's something that people pretty much don't need and/or just don't know they could address somehow? Two for two of us here tried it and received that message so that's why I decided to put this out here. Are we the only two in the World with this... no, surely not... And ultimately does it matter enough that it could maybe use some, e.g. Publicity Team, airtime now that it has come up in a very informative way? It's the first time I've ever done the "ping -c", I always just ping because I never thought about taking it any further than just making sure I was connected to the Net... to which I am so am off to search for answers. :) Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with duct tape *
Re: Sid: NFSv3 mounting problem
Grzegorz Sójka wrote: > > Hi there > > I have stretch x86_64 home server running NFSv3 and Sid-x86-64 desktop. > When I try to mount any NFS share on the desktop I always get the > following: > > # mount -v /home/trash > mount.nfs: timeout set for Sat Aug 18 18:55:52 2018 > mount.nfs: trying text-based options 'nfsvers=3,addr=192.168.0.129' > mount.nfs: prog 13, trying vers=3, prot=6 > mount.nfs: trying 192.168.0.129 prog 13 vers 3 prot TCP port 2049 > mount.nfs: prog 15, trying vers=3, prot=17 > mount.nfs: trying 192.168.0.129 prog 15 vers 3 prot UDP port 37385 > mount.nfs: Protocol not supported > > I'm pretty convinced that the server is running fine. It's because I > have Odroid-C2 client (and two other raspberry pi) using NFSv3 without > any problems. Actually, I did copy-paste the following line: > > Hermes:/home/trash /home/trash nfs vers=3,defaults,noatime,nodiratime 0 0 > > from the odroid to pc fstab. > > Thanks in advance for any help Did you add the new client to the exportfs file on the server?
Re: checkbox in libreoffice base doesn't work anymore
> > The best help I can offer is to recommend you don't use Base for > anything mission-critical. It's barely useable, buggy as hell and > it frequently regresses. It hasn't improved much in the last five years, > though at least it can talk to MySQL directly now rather than using the > even less functional ODBC. > > You and I must be two of about three people in the world using Base, > because there's no sense of urgency there. I'm doing pretty much all my > database work in PHP now. > It is kind of critical, I programmed my tax consultant with Base. At least it's not time critical :-) Regards, Flo
Re: checkbox in libreoffice base doesn't work anymore
On 08/18/18 20:14, Sven Joachim wrote: > On 2018-08-18 19:40 +0200, Flo wrote: > >> I wrote a database program where I built a form which uses a checkbox. >> It has always worked. >> >> I haven't used that program for a few months and now the checkbox in the >> form doesn't work anymore. >> >> I am using Version: 6.1.0.2 . > >>From which source? The version in Debian unstable and testing reports > itself as 6.1.0.3. > >> Does anyone have a clue what happened. I tried a lot to make it work but >> I failed. >> >> Going through the options menu now I realize that there are no check >> boxes. It looks like that they have disappeared completely in my >> LibreOffice. >> >> What can that be? > > Probably https://bugs.debian.org/905408, which has been closed by the > maintainer. If you are using a Debian package, and it is not 1:6.1.0-1 > (or 1:6.1.0-1~bpo9+2 if you use stretch-backports), please upgrade. > Yes, the upgrade solved that problem! Thank you. Regards, Flo
Sid: NFSv3 mounting problem
Hi there I have stretch x86_64 home server running NFSv3 and Sid-x86-64 desktop. When I try to mount any NFS share on the desktop I always get the following: # mount -v /home/trash mount.nfs: timeout set for Sat Aug 18 18:55:52 2018 mount.nfs: trying text-based options 'nfsvers=3,addr=192.168.0.129' mount.nfs: prog 13, trying vers=3, prot=6 mount.nfs: trying 192.168.0.129 prog 13 vers 3 prot TCP port 2049 mount.nfs: prog 15, trying vers=3, prot=17 mount.nfs: trying 192.168.0.129 prog 15 vers 3 prot UDP port 37385 mount.nfs: Protocol not supported I'm pretty convinced that the server is running fine. It's because I have Odroid-C2 client (and two other raspberry pi) using NFSv3 without any problems. Actually, I did copy-paste the following line: Hermes:/home/trash /home/trash nfs vers=3,defaults,noatime,nodiratime 0 0 from the odroid to pc fstab. Thanks in advance for any help -- Pozdrawiam Grzesiek Wysłane z kompa wolnego od wirusów Billa Gatesa.
Re: checkbox in libreoffice base doesn't work anymore
On Sat, 18 Aug 2018 19:40:50 +0200 Flo wrote: > Hi, > > I wrote a database program where I built a form which uses a checkbox. > It has always worked. > > I haven't used that program for a few months and now the checkbox in > the form doesn't work anymore. > > I am using Version: 6.1.0.2 . > > Does anyone have a clue what happened. I tried a lot to make it work > but I failed. > > Going through the options menu now I realize that there are no check > boxes. It looks like that they have disappeared completely in my > LibreOffice. > > What can that be? I hope anyone can help. > The best help I can offer is to recommend you don't use Base for anything mission-critical. It's barely useable, buggy as hell and it frequently regresses. It hasn't improved much in the last five years, though at least it can talk to MySQL directly now rather than using the even less functional ODBC. You and I must be two of about three people in the world using Base, because there's no sense of urgency there. I'm doing pretty much all my database work in PHP now. -- Joe
Re: Sid: NFSv3 mounting problem
On Sat 18 Aug 2018 at 21:31:05 +0200, Grzegorz Sójka wrote: > Hi there > > I have stretch x86_64 home server running NFSv3 and Sid-x86-64 desktop. When > I try to mount any NFS share on the desktop I always get the following: > > # mount -v /home/trash > mount.nfs: timeout set for Sat Aug 18 18:55:52 2018 > mount.nfs: trying text-based options 'nfsvers=3,addr=192.168.0.129' > mount.nfs: prog 13, trying vers=3, prot=6 > mount.nfs: trying 192.168.0.129 prog 13 vers 3 prot TCP port 2049 > mount.nfs: prog 15, trying vers=3, prot=17 > mount.nfs: trying 192.168.0.129 prog 15 vers 3 prot UDP port 37385 > mount.nfs: Protocol not supported > > I'm pretty convinced that the server is running fine. It's because I have > Odroid-C2 client (and two other raspberry pi) using NFSv3 without any > problems. Actually, I did copy-paste the following line: > > Hermes:/home/trash /home/trash nfs vers=3,defaults,noatime,nodiratime 0 0 > > from the odroid to pc fstab. > > Thanks in advance for any help You have put your post into an existing thread. That does help you or the people who are using this thread. Please post a completely new mail. -- Brian.
Sid: NFSv3 mounting problem
Hi there I have stretch x86_64 home server running NFSv3 and Sid-x86-64 desktop. When I try to mount any NFS share on the desktop I always get the following: # mount -v /home/trash mount.nfs: timeout set for Sat Aug 18 18:55:52 2018 mount.nfs: trying text-based options 'nfsvers=3,addr=192.168.0.129' mount.nfs: prog 13, trying vers=3, prot=6 mount.nfs: trying 192.168.0.129 prog 13 vers 3 prot TCP port 2049 mount.nfs: prog 15, trying vers=3, prot=17 mount.nfs: trying 192.168.0.129 prog 15 vers 3 prot UDP port 37385 mount.nfs: Protocol not supported I'm pretty convinced that the server is running fine. It's because I have Odroid-C2 client (and two other raspberry pi) using NFSv3 without any problems. Actually, I did copy-paste the following line: Hermes:/home/trash /home/trash nfs vers=3,defaults,noatime,nodiratime 0 0 from the odroid to pc fstab. Thanks in advance for any help -- Pozdrawiam Grzesiek Wysłane z kompa wolnego od wirusów Billa Gatesa.
Re: Literal postings, was Re: Wanted - Debian(preferred)/Linux handheld
On Sat 18 Aug 2018 at 12:31:38 -0500, Richard Owlett wrote: > On 08/18/2018 11:42 AM, David Wright wrote: > > On Sat 18 Aug 2018 at 10:02:39 (+0200), Anders Andersson wrote: > > > On Thu, Aug 16, 2018 at 7:47 PM, Richard Owlett > > > wrote: > > > > > > > > P.S. I wish my initial posts be taken literally. > > > > > > I wish this for every question on the mailing list but sadly that > > > rarely happens, leading to a lot of pointless traffic to wade through. > > > On every question there's always the "helpful" people who just wants > > > to share their 2 cents worth of opinion and derail the question in the > > > process. > > > > > > I guess that's partially because a lot of people don't know how to ask > > > a question[,] so everyone assumes that it is not to be taken literally. > > > > > > Maybe I'm not a hundred years old like you guys, but on the inside I'm > > > just as grumpy, err, I mean "opinionated"! > > > > . A lot of OPs provide very little background information. Sometimes > > this may be because they don't know what *is* relevant, but often a > > thread turns into an episode of "Twenty Questions" because of what > > seems like a reluctance to reveal any facts about their system. > > > > . Following this, when the OP apparently "disappears" after making > > their first post, people are left little option but to make guesses > > about what their problem might be caused by. One cannot but suspect > > that many OPs are helped by these discussions (the bits where the > > guess was correct), fix their system and then say nothing or, > > occasionally, post "Thanks. Period." Whereupon one of the helpers > > might ask them to be more helpful and reveal which solution fixed > > which problem so that others might benefit. > > > > . Some OPs provide facts which, when people start investigating, are > > found to be incorrect, so the thread bifurcates into those accepting > > the factoid and others disputing it. > > > > . Some OPs post what they want to do without realising their > > assumptions already made nor the implications of those assumptions > > which might lead to undesirable consequences they hadn't foreseen. > > > > . Many OPs are not writing in their native language, so it would > > be unkind to only take their words literally. > > > > All that said, "Careful what you wish for". A stilted overdefined > > conversation will probably not be as helpful to people. In a > > troubleshooting environment you want your thinking to be lateral: > > only the code itself is literal. > > > > In a way I've been on the other side of this topic. > I spent decades in what might be termed customer support, field service, or > engineering support. My background with milli-volt low frequency signals got > me a job in construction inspection where I ended up rejecting large > stainless steel pipes (welds rusted) and grade beams (out of square). > > I admit I have an atypical world view and wish constraints others don't see > as relevant. On another list I was asking questions about sources for some > odd equipment. I explicitly said certain characteristics were explicitly > unacceptable. I got replies telling me where I could square the unacceptable > product. A user on -user who takes on the task of answering a query or any mails which follow up cannot dictate the course or form of the responses. It's par for the course. Sometimes you win; sometimes you don't. But it's a risk the user takes. He makes the choice to respond and, in doing so, cannot direct the nature of the answer. The rough is taken with the smooth. It's part of the fun. The questioner who posts? Same rules apply. He does not have to respond because his whims are not obeyed or quality control regulations are not being followed. Take the rough with the smooth. That keeps everyone happy and rubbing along. -- Brian.
Re: Repository Problem
Hi. On Sat, Aug 18, 2018 at 01:46:31PM -0400, Stephen P. Molnar wrote: > > > On 08/18/2018 11:51 AM, Reco wrote: > > Hi. > > > > On Sat, Aug 18, 2018 at 11:13:04AM -0400, Stephen P. Molnar wrote: > > > > > > On 08/18/2018 10:20 AM, Dan Ritter wrote: > > > > On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: > > > > > On 18 August 2018 at 05:00, Stephen P. Molnar > > > > > wrote: > > > > > > I have just installed Stretch on a new SSD on my platform. > > > > > > > > > > > > During the installation I selected the University of Chicago mirror > > > > > > and > > > > > > accepted the defaults plus backports. > > > > > > > > > > > > When I fun apt-get install Thunderbird apt-get tries to log on to > > > > > > prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't > > > > > > find that > > > > > > address anywhere in /etc/apt. Why am I getting this behavior? > > > > > As explained at [1], the debian-security repo [2] might be provided to > > > > > you by fastly.net. > > > > > > > > > > Access to the debian-security repo is important because it is the > > > > > method > > > > > by which your system will receive future security updates. > > > > > > > > > > > Even more > > > > > > important, how do I get rid of the problem? > > > > > If by "the problem" you mean the "hang", then you need to investigate > > > > > why > > > > > that is occurring. > > > > Two cents says that he doesn't have upstream IPv6 connectivity. > > > > > > > > If ping6 fails for both prod.debian.map.fastly.net and > > > > www.google.com, that's a decent indicator I'm right. > > > > > > > > Then the question is whether he expects to have IPv6 > > > > connectivity (and so it's broken) or whether he doesn't (and we > > > > should tell Debian to stop using it). > > > > > > > Thank for the reply. > > > > > > Where can I send the two cents? It looks as if that's correct. > > > > > > The installer installed ipv6 without giving me any choice about the > > > matter. > > Don't blame the installer for that. The way IPv6 is provided there's > > nothing to configure on your host (and there's nothing to blame here > > either). > > You network hardware (aka router), on the other hand, most surely > > advertizes IPv6 prefix. So put the blame there or on your ISP. > > > > > How do I get rid of ipv6 and replace it WITH ipv4? > > 1) Delicate way of doing it (apply after each boot): > > > > ip6tables -I INPUT ! -o lo -p icmp6 --icmpv6-type 134 -j DROP > > > > 2) Hardcore way of doing it (ditto): > > > > sysctl -qw net.ipv6.conf.all.disable_ipv6=1 > > > > 3) Right way of doing things: > > > > Fix your router. > > > > Reco > > > > > > According to my AT&T BGW210 Router both ipv4 amd 1pv6 are active And AT&T is known to have strange views on IPv6 (works for some, broken for most). Unless IPv6 is something that you just cannot live with - disable IPv6 advertizing on a router. I.e. - locate a page looking like [1] and set Off all three knobs. Reco [1] http://setuprouter.com/router/arris/bgw210-700-att/ipv6-86430-large.htm
Re: Repository Problem
On 08/18/2018 01:54 PM, Brian wrote: On Sat 18 Aug 2018 at 13:46:31 -0400, Stephen P. Molnar wrote: On 08/18/2018 11:51 AM, Reco wrote: Hi. On Sat, Aug 18, 2018 at 11:13:04AM -0400, Stephen P. Molnar wrote: On 08/18/2018 10:20 AM, Dan Ritter wrote: On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: On 18 August 2018 at 05:00, Stephen P. Molnar wrote: I have just installed Stretch on a new SSD on my platform. During the installation I selected the University of Chicago mirror and accepted the defaults plus backports. When I fun apt-get install Thunderbird apt-get tries to log on to prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't find that address anywhere in /etc/apt. Why am I getting this behavior? As explained at [1], the debian-security repo [2] might be provided to you by fastly.net. Access to the debian-security repo is important because it is the method by which your system will receive future security updates. Even more important, how do I get rid of the problem? If by "the problem" you mean the "hang", then you need to investigate why that is occurring. Two cents says that he doesn't have upstream IPv6 connectivity. If ping6 fails for both prod.debian.map.fastly.net and www.google.com, that's a decent indicator I'm right. Then the question is whether he expects to have IPv6 connectivity (and so it's broken) or whether he doesn't (and we should tell Debian to stop using it). Thank for the reply. Where can I send the two cents? It looks as if that's correct. The installer installed ipv6 without giving me any choice about the matter. Don't blame the installer for that. The way IPv6 is provided there's nothing to configure on your host (and there's nothing to blame here either). You network hardware (aka router), on the other hand, most surely advertizes IPv6 prefix. So put the blame there or on your ISP. How do I get rid of ipv6 and replace it WITH ipv4? 1) Delicate way of doing it (apply after each boot): ip6tables -I INPUT ! -o lo -p icmp6 --icmpv6-type 134 -j DROP 2) Hardcore way of doing it (ditto): sysctl -qw net.ipv6.conf.all.disable_ipv6=1 3) Right way of doing things: Fix your router. Reco According to my AT&T BGW210 Router both ipv4 amd 1pv6 are active What does 'ip a' give you? And 'ping -cwww.debian.org? Thanksfot the reply. root@AbNormal:/home/comp# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp2s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether bc:ee:7b:5e:83:36 brd ff:ff:ff:ff:ff:ff inet 192.168.1.123/24 brd 192.168.1.255 scope global dynamic enp2s0 valid_lft 86368sec preferred_lft 86368sec inet6 2600:1700:4280:3690::33/128 scope global dynamic valid_lft 1209566sec preferred_lft 1209566sec inet6 2600:1700:4280:3690:f15f:a615:62e3:1b2d/64 scope global temporary dynamic valid_lft 604766sec preferred_lft 85961sec inet6 2600:1700:4280:3690:beee:7bff:fe5e:8336/64 scope global mngtmpaddr noprefixroute dynamic valid_lft 1209598sec preferred_lft 1209598sec inet6 fe80::beee:7bff:fe5e:8336/64 scope link valid_lft forever preferred_lft forever root@AbNormal:/home/comp# root@AbNormal:/home/comp# ping -c www.debian.org but, without the -c switch: PING www.debian.org(mirror-isc3.debian.org (2001:4f8:1:c::15)) 56 data bytes ^C --- www.debian.org ping statistics --- 12 packets transmitted, 0 received, 100% packet loss, time 11266ms root@AbNormal:/home/comp# ping: bad number of packets to transmit. root@AbNormal:/home/comp# -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
Re: checkbox in libreoffice base doesn't work anymore
On 2018-08-18 19:40 +0200, Flo wrote: > I wrote a database program where I built a form which uses a checkbox. > It has always worked. > > I haven't used that program for a few months and now the checkbox in the > form doesn't work anymore. > > I am using Version: 6.1.0.2 . >From which source? The version in Debian unstable and testing reports itself as 6.1.0.3. > Does anyone have a clue what happened. I tried a lot to make it work but > I failed. > > Going through the options menu now I realize that there are no check > boxes. It looks like that they have disappeared completely in my > LibreOffice. > > What can that be? Probably https://bugs.debian.org/905408, which has been closed by the maintainer. If you are using a Debian package, and it is not 1:6.1.0-1 (or 1:6.1.0-1~bpo9+2 if you use stretch-backports), please upgrade. Cheers, Sven
Re: Repository Problem
On 2018-08-18, Stephen P. Molnar wrote: >> >> Fix your router. >> >> Reco >> >> > > According to my AT&T BGW210 Router both ipv4 amd 1pv6 are active > Maybe you could try '-o Acquire::ForceIPv4=true' when running apt-get. I mean, I would try that in the spirit of the groping around in the dark troubleshooting techniques to which I am constrained by my irremediable ignorance. -- "She was a blank wall, fresh painted." Louise Erdrich, Love Medicine
Re: Fail2Ban Question: Can I do this without restarting the service?
On Sat 18 Aug 2018 at 17:55:50 +0200, john doe wrote: > On 8/17/2018 7:35 PM, Brian wrote: > > On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: > > > > > Also, a server without firewall capibility should never be facing > > > internet. > > > > Why? "never" seems a little strong. Mine does; what's the problem? > > > > Given the fact that the OP want's to use fail2ban and has at least two > services running on his public host (apache, ssh) it was a reasonable guess > to stress out that a firewall is a must in his situation. There it is again - "must". > > I can not talk about your server configuration because I don't know anything > about it! :) exim on port 25; openssh-server on port 22. Never used netfilter. > In general, the requirements for firewalling a public host depends on the > environment and other factors. > Googling this topick will show that there is no formal answer. The penultimate sentence more or less accords with my view too. In other words - there is no "must" about it. -- Brian.
checkbox in libreoffice base doesn't work anymore
Hi, I wrote a database program where I built a form which uses a checkbox. It has always worked. I haven't used that program for a few months and now the checkbox in the form doesn't work anymore. I am using Version: 6.1.0.2 . Does anyone have a clue what happened. I tried a lot to make it work but I failed. Going through the options menu now I realize that there are no check boxes. It looks like that they have disappeared completely in my LibreOffice. What can that be? I hope anyone can help. Thank you. Regards, Flo
Re: Repository Problem
On Sat 18 Aug 2018 at 13:46:31 -0400, Stephen P. Molnar wrote: > > > On 08/18/2018 11:51 AM, Reco wrote: > > Hi. > > > > On Sat, Aug 18, 2018 at 11:13:04AM -0400, Stephen P. Molnar wrote: > > > > > > On 08/18/2018 10:20 AM, Dan Ritter wrote: > > > > On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: > > > > > On 18 August 2018 at 05:00, Stephen P. Molnar > > > > > wrote: > > > > > > I have just installed Stretch on a new SSD on my platform. > > > > > > > > > > > > During the installation I selected the University of Chicago mirror > > > > > > and > > > > > > accepted the defaults plus backports. > > > > > > > > > > > > When I fun apt-get install Thunderbird apt-get tries to log on to > > > > > > prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't > > > > > > find that > > > > > > address anywhere in /etc/apt. Why am I getting this behavior? > > > > > As explained at [1], the debian-security repo [2] might be provided to > > > > > you by fastly.net. > > > > > > > > > > Access to the debian-security repo is important because it is the > > > > > method > > > > > by which your system will receive future security updates. > > > > > > > > > > > Even more > > > > > > important, how do I get rid of the problem? > > > > > If by "the problem" you mean the "hang", then you need to investigate > > > > > why > > > > > that is occurring. > > > > Two cents says that he doesn't have upstream IPv6 connectivity. > > > > > > > > If ping6 fails for both prod.debian.map.fastly.net and > > > > www.google.com, that's a decent indicator I'm right. > > > > > > > > Then the question is whether he expects to have IPv6 > > > > connectivity (and so it's broken) or whether he doesn't (and we > > > > should tell Debian to stop using it). > > > > > > > Thank for the reply. > > > > > > Where can I send the two cents? It looks as if that's correct. > > > > > > The installer installed ipv6 without giving me any choice about the > > > matter. > > Don't blame the installer for that. The way IPv6 is provided there's > > nothing to configure on your host (and there's nothing to blame here > > either). > > You network hardware (aka router), on the other hand, most surely > > advertizes IPv6 prefix. So put the blame there or on your ISP. > > > > > How do I get rid of ipv6 and replace it WITH ipv4? > > 1) Delicate way of doing it (apply after each boot): > > > > ip6tables -I INPUT ! -o lo -p icmp6 --icmpv6-type 134 -j DROP > > > > 2) Hardcore way of doing it (ditto): > > > > sysctl -qw net.ipv6.conf.all.disable_ipv6=1 > > > > 3) Right way of doing things: > > > > Fix your router. > > > > Reco > > > > > > According to my AT&T BGW210 Router both ipv4 amd 1pv6 are active What does 'ip a' give you? And 'ping -c www.debian.org? -- Brian.
Re: Repository Problem
On 08/18/2018 11:51 AM, Reco wrote: Hi. On Sat, Aug 18, 2018 at 11:13:04AM -0400, Stephen P. Molnar wrote: On 08/18/2018 10:20 AM, Dan Ritter wrote: On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: On 18 August 2018 at 05:00, Stephen P. Molnar wrote: I have just installed Stretch on a new SSD on my platform. During the installation I selected the University of Chicago mirror and accepted the defaults plus backports. When I fun apt-get install Thunderbird apt-get tries to log on to prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't find that address anywhere in /etc/apt. Why am I getting this behavior? As explained at [1], the debian-security repo [2] might be provided to you by fastly.net. Access to the debian-security repo is important because it is the method by which your system will receive future security updates. Even more important, how do I get rid of the problem? If by "the problem" you mean the "hang", then you need to investigate why that is occurring. Two cents says that he doesn't have upstream IPv6 connectivity. If ping6 fails for both prod.debian.map.fastly.net and www.google.com, that's a decent indicator I'm right. Then the question is whether he expects to have IPv6 connectivity (and so it's broken) or whether he doesn't (and we should tell Debian to stop using it). Thank for the reply. Where can I send the two cents? It looks as if that's correct. The installer installed ipv6 without giving me any choice about the matter. Don't blame the installer for that. The way IPv6 is provided there's nothing to configure on your host (and there's nothing to blame here either). You network hardware (aka router), on the other hand, most surely advertizes IPv6 prefix. So put the blame there or on your ISP. How do I get rid of ipv6 and replace it WITH ipv4? 1) Delicate way of doing it (apply after each boot): ip6tables -I INPUT ! -o lo -p icmp6 --icmpv6-type 134 -j DROP 2) Hardcore way of doing it (ditto): sysctl -qw net.ipv6.conf.all.disable_ipv6=1 3) Right way of doing things: Fix your router. Reco According to my AT&T BGW210 Router both ipv4 amd 1pv6 are active -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
Re: Literal postings, was Re: Wanted - Debian(preferred)/Linux handheld
On 08/18/2018 11:42 AM, David Wright wrote: On Sat 18 Aug 2018 at 10:02:39 (+0200), Anders Andersson wrote: On Thu, Aug 16, 2018 at 7:47 PM, Richard Owlett wrote: P.S. I wish my initial posts be taken literally. I wish this for every question on the mailing list but sadly that rarely happens, leading to a lot of pointless traffic to wade through. On every question there's always the "helpful" people who just wants to share their 2 cents worth of opinion and derail the question in the process. I guess that's partially because a lot of people don't know how to ask a question[,] so everyone assumes that it is not to be taken literally. Maybe I'm not a hundred years old like you guys, but on the inside I'm just as grumpy, err, I mean "opinionated"! . A lot of OPs provide very little background information. Sometimes this may be because they don't know what *is* relevant, but often a thread turns into an episode of "Twenty Questions" because of what seems like a reluctance to reveal any facts about their system. . Following this, when the OP apparently "disappears" after making their first post, people are left little option but to make guesses about what their problem might be caused by. One cannot but suspect that many OPs are helped by these discussions (the bits where the guess was correct), fix their system and then say nothing or, occasionally, post "Thanks. Period." Whereupon one of the helpers might ask them to be more helpful and reveal which solution fixed which problem so that others might benefit. . Some OPs provide facts which, when people start investigating, are found to be incorrect, so the thread bifurcates into those accepting the factoid and others disputing it. . Some OPs post what they want to do without realising their assumptions already made nor the implications of those assumptions which might lead to undesirable consequences they hadn't foreseen. . Many OPs are not writing in their native language, so it would be unkind to only take their words literally. All that said, "Careful what you wish for". A stilted overdefined conversation will probably not be as helpful to people. In a troubleshooting environment you want your thinking to be lateral: only the code itself is literal. In a way I've been on the other side of this topic. I spent decades in what might be termed customer support, field service, or engineering support. My background with milli-volt low frequency signals got me a job in construction inspection where I ended up rejecting large stainless steel pipes (welds rusted) and grade beams (out of square). I admit I have an atypical world view and wish constraints others don't see as relevant. On another list I was asking questions about sources for some odd equipment. I explicitly said certain characteristics were explicitly unacceptable. I got replies telling me where I could square the unacceptable product.
Re: Fail2Ban Question: Can I do this without restarting the service?
Hi. On Sat, Aug 18, 2018 at 05:55:50PM +0200, john doe wrote: > On 8/17/2018 7:35 PM, Brian wrote: > > On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: > > > > > Also, a server without firewall capibility should never be facing > > > internet. > > > > Why? "never" seems a little strong. Mine does; what's the problem? > > > > Given the fact that the OP want's to use fail2ban and has at least two > services running on his public host (apache, ssh) it was a reasonable guess > to stress out that a firewall is a must in his situation. > > I can not talk about your server configuration because I don't know anything > about it! :) > > In general, the requirements for firewalling a public host depends on the > environment and other factors. > Googling this topick will show that there is no formal answer. There is. Google for "TCP RST flood". Reco
Literal postings, was Re: Wanted - Debian(preferred)/Linux handheld
On Sat 18 Aug 2018 at 10:02:39 (+0200), Anders Andersson wrote: > On Thu, Aug 16, 2018 at 7:47 PM, Richard Owlett wrote: > > > > P.S. I wish my initial posts be taken literally. > > I wish this for every question on the mailing list but sadly that > rarely happens, leading to a lot of pointless traffic to wade through. > On every question there's always the "helpful" people who just wants > to share their 2 cents worth of opinion and derail the question in the > process. > > I guess that's partially because a lot of people don't know how to ask > a question[,] so everyone assumes that it is not to be taken literally. > > Maybe I'm not a hundred years old like you guys, but on the inside I'm > just as grumpy, err, I mean "opinionated"! . A lot of OPs provide very little background information. Sometimes this may be because they don't know what *is* relevant, but often a thread turns into an episode of "Twenty Questions" because of what seems like a reluctance to reveal any facts about their system. . Following this, when the OP apparently "disappears" after making their first post, people are left little option but to make guesses about what their problem might be caused by. One cannot but suspect that many OPs are helped by these discussions (the bits where the guess was correct), fix their system and then say nothing or, occasionally, post "Thanks. Period." Whereupon one of the helpers might ask them to be more helpful and reveal which solution fixed which problem so that others might benefit. . Some OPs provide facts which, when people start investigating, are found to be incorrect, so the thread bifurcates into those accepting the factoid and others disputing it. . Some OPs post what they want to do without realising their assumptions already made nor the implications of those assumptions which might lead to undesirable consequences they hadn't foreseen. . Many OPs are not writing in their native language, so it would be unkind to only take their words literally. All that said, "Careful what you wish for". A stilted overdefined conversation will probably not be as helpful to people. In a troubleshooting environment you want your thinking to be lateral: only the code itself is literal. Cheers, David.
Re: Fail2Ban Question: Can I do this without restarting the service?
On 8/17/2018 7:35 PM, Brian wrote: On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: Also, a server without firewall capibility should never be facing internet. Why? "never" seems a little strong. Mine does; what's the problem? Given the fact that the OP want's to use fail2ban and has at least two services running on his public host (apache, ssh) it was a reasonable guess to stress out that a firewall is a must in his situation. I can not talk about your server configuration because I don't know anything about it! :) In general, the requirements for firewalling a public host depends on the environment and other factors. Googling this topick will show that there is no formal answer. -- John Doe
Re: Repository Problem
Hi. On Sat, Aug 18, 2018 at 11:13:04AM -0400, Stephen P. Molnar wrote: > > > On 08/18/2018 10:20 AM, Dan Ritter wrote: > > On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: > > > On 18 August 2018 at 05:00, Stephen P. Molnar > > > wrote: > > > > I have just installed Stretch on a new SSD on my platform. > > > > > > > > During the installation I selected the University of Chicago mirror and > > > > accepted the defaults plus backports. > > > > > > > > When I fun apt-get install Thunderbird apt-get tries to log on to > > > > prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't find > > > > that > > > > address anywhere in /etc/apt. Why am I getting this behavior? > > > As explained at [1], the debian-security repo [2] might be provided to > > > you by fastly.net. > > > > > > Access to the debian-security repo is important because it is the method > > > by which your system will receive future security updates. > > > > > > > Even more > > > > important, how do I get rid of the problem? > > > If by "the problem" you mean the "hang", then you need to investigate why > > > that is occurring. > > Two cents says that he doesn't have upstream IPv6 connectivity. > > > > If ping6 fails for both prod.debian.map.fastly.net and > > www.google.com, that's a decent indicator I'm right. > > > > Then the question is whether he expects to have IPv6 > > connectivity (and so it's broken) or whether he doesn't (and we > > should tell Debian to stop using it). > > > Thank for the reply. > > Where can I send the two cents? It looks as if that's correct. > > The installer installed ipv6 without giving me any choice about the matter. Don't blame the installer for that. The way IPv6 is provided there's nothing to configure on your host (and there's nothing to blame here either). You network hardware (aka router), on the other hand, most surely advertizes IPv6 prefix. So put the blame there or on your ISP. > How do I get rid of ipv9 and replace it WITH ipv4? 1) Delicate way of doing it (apply after each boot): ip6tables -I INPUT ! -o lo -p icmp6 --icmpv6-type 134 -j DROP 2) Hardcore way of doing it (ditto): sysctl -qw net.ipv6.conf.all.disable_ipv6=1 3) Right way of doing things: Fix your router. Reco
Re: Repository Problem
On 08/18/2018 10:20 AM, Dan Ritter wrote: On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: On 18 August 2018 at 05:00, Stephen P. Molnar wrote: I have just installed Stretch on a new SSD on my platform. During the installation I selected the University of Chicago mirror and accepted the defaults plus backports. When I fun apt-get install Thunderbird apt-get tries to log on to prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't find that address anywhere in /etc/apt. Why am I getting this behavior? As explained at [1], the debian-security repo [2] might be provided to you by fastly.net. Access to the debian-security repo is important because it is the method by which your system will receive future security updates. Even more important, how do I get rid of the problem? If by "the problem" you mean the "hang", then you need to investigate why that is occurring. Two cents says that he doesn't have upstream IPv6 connectivity. If ping6 fails for both prod.debian.map.fastly.net and www.google.com, that's a decent indicator I'm right. Then the question is whether he expects to have IPv6 connectivity (and so it's broken) or whether he doesn't (and we should tell Debian to stop using it). -dsr- Thank for the reply. Where can I send the two cents? It looks as if that's correct. The installer installed ipv6 without giving me any choice about the matter. How do I get rid of ipv9 and replace it WITH ipv4? -- Stephen P. Molnar, Ph.D. Consultant www.molecular-modeling.net (614)312-7528 (c) Skype: smolnar1
Re: Repository Problem
On Sat, Aug 18, 2018 at 08:15:12PM +1000, David wrote: > On 18 August 2018 at 05:00, Stephen P. Molnar wrote: > > I have just installed Stretch on a new SSD on my platform. > > > > During the installation I selected the University of Chicago mirror and > > accepted the defaults plus backports. > > > > When I fun apt-get install Thunderbird apt-get tries to log on to > > prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't find that > > address anywhere in /etc/apt. Why am I getting this behavior? > > As explained at [1], the debian-security repo [2] might be provided to > you by fastly.net. > > Access to the debian-security repo is important because it is the method > by which your system will receive future security updates. > > > Even more > > important, how do I get rid of the problem? > > If by "the problem" you mean the "hang", then you need to investigate why > that is occurring. Two cents says that he doesn't have upstream IPv6 connectivity. If ping6 fails for both prod.debian.map.fastly.net and www.google.com, that's a decent indicator I'm right. Then the question is whether he expects to have IPv6 connectivity (and so it's broken) or whether he doesn't (and we should tell Debian to stop using it). -dsr-
Re: Boot problems: atombios stuck in loop for more than 5secs aborting [was: empty subject]
On 2018-08-17, wrote: > > I fear I can't help you with that -- but I "decorated" your mail subject > a bit for others to find it. The subject was garnished for me. I saw: [radeon]] *ERROR* atombios stuck in loop from Tom Arnall or (or maybe tom arnall, or e.e. cummings). > Cheers > - -- t > > -- "She was a blank wall, fresh painted." Louise Erdrich, Love Medicine
Re: Repository Problem
On 18 August 2018 at 05:00, Stephen P. Molnar wrote: > I have just installed Stretch on a new SSD on my platform. > > During the installation I selected the University of Chicago mirror and > accepted the defaults plus backports. > > When I fun apt-get install Thunderbird apt-get tries to log on to > prod.debian.map.fastly.net (2a04:4E42:2c::2040 and hangs. I can't find that > address anywhere in /etc/apt. Why am I getting this behavior? As explained at [1], the debian-security repo [2] might be provided to you by fastly.net. Access to the debian-security repo is important because it is the method by which your system will receive future security updates. > Even more > important, how do I get rid of the problem? If by "the problem" you mean the "hang", then you need to investigate why that is occurring. [1] https://deb.debian.org/ [2] specified in your /etc/apt/sources.list file as http://security.debian.org/debian-security/
Re: Debian 9 network management
Hi. On Sat, Aug 18, 2018 at 11:25:15AM +0200, Alessandro Vesely wrote: > On Thu 16/Aug/2018 14:02:08 +0200 Reco wrote: > > On Thu, Aug 16, 2018 at 12:04:28PM +0200, Alessandro Vesely wrote: > >> On Wed 15/Aug/2018 08:31:32 +0200 mick crane wrote: > >>> > >>> I too have been wondering about this and the wiki seems clear. > >>> https://wiki.debian.org/NetworkConfiguration#Setting_up_an_Ethernet_Interface > >> > >> However, that doesn't cover how to properly coordinate setting up IP links, > >> firewall, NAT, and netfilter daemons. > > > > If you're using userspace daemons for netfilter then you're doing it > > wrong. For instance, it has forced non-exsistent distinction between the > > firewall, NAT and netfilter in your e-mail. > > > > All these are merely the state of running kernel, and while you > > certainly need userspace for configuring them, there's no need for any > > userspace running for these things to function. > > A netfilter queue daemon runs in userspace, but that doesn't make much of a > difference. True. But said daemon (whenever it's used for NetFlow collection or L7 filtering) is not responsible for the netfilter rules themselves. > The point is in what order things are configured/ enabled, and > which files do you have to edit to check or change the corresponding > parameters. Also true. And this is where all userspace "firewall" daemons loose. Not a single one of them is not able to stomach a single netfilter rules that was not added by them. At best they ignore it. > >> IIRC it is possible, but difficult to make and maintain, and seemingly > >> fragile. > > > > A difficulty is in the eye of the beholder. > > So is his/ her learning curve, especially in a system where network management > leans toward casual laptop users rather than server admins —and rightly so. I agree that a server and desktop/laptop are configured differently. One of the main differences boils down to the fact that one can expect a netfilter rule set on a server, but it's a rare sight on a desktop/laptop. The reasons being - mDNS, SSDP, video casting, IPTV (multicast variant), torrents etc. Is it possible to allow all this via netfilter? Yes. Would end-user bother? Hardly, as it's easier to disable all netfilter rules altogether (in the case of Debian - not to enable them at all). And if security is wanted by end-user (which is rare in my experience), there is always intermediate network hardware for that. > In any case, a sysadmin has to learn the syntax of say, sysctl, ip, iptables, > vconfig, modprobe, and the like. Hence, just running the right sequence of > (kernel configuration) commands is more straightforward than trying to > discover > how to have them run in the same sequence indirectly, by properly setting a > number of configuration files, methinks. You forgot to mention one crucial part - troubleshooting. For us, mere mortals, writing a set of netfilter rules at first try without any errors is hard if not impossible. And all these high-level tools are hardly suited for the troubleshooting. > In addition, the semantics of high > level configuration files seems to be more likely to change across releases > than that of lower level commands. There's answer for that, but it's hardly for anyone's liking. RedHat's firewalld. It's tricky, with big 'S' for security in name, and it's written in Python, but end-user interface is stable. Reco
Re: Debian 9 network management
On Thu 16/Aug/2018 14:02:08 +0200 Reco wrote: > On Thu, Aug 16, 2018 at 12:04:28PM +0200, Alessandro Vesely wrote: >> On Wed 15/Aug/2018 08:31:32 +0200 mick crane wrote: >>> >>> I too have been wondering about this and the wiki seems clear. >>> https://wiki.debian.org/NetworkConfiguration#Setting_up_an_Ethernet_Interface >> >> However, that doesn't cover how to properly coordinate setting up IP links, >> firewall, NAT, and netfilter daemons. > > If you're using userspace daemons for netfilter then you're doing it > wrong. For instance, it has forced non-exsistent distinction between the > firewall, NAT and netfilter in your e-mail. > > All these are merely the state of running kernel, and while you > certainly need userspace for configuring them, there's no need for any > userspace running for these things to function. A netfilter queue daemon runs in userspace, but that doesn't make much of a difference. The point is in what order things are configured/ enabled, and which files do you have to edit to check or change the corresponding parameters. >> IIRC it is possible, but difficult to make and maintain, and seemingly >> fragile. > > A difficulty is in the eye of the beholder. So is his/ her learning curve, especially in a system where network management leans toward casual laptop users rather than server admins —and rightly so. In any case, a sysadmin has to learn the syntax of say, sysctl, ip, iptables, vconfig, modprobe, and the like. Hence, just running the right sequence of (kernel configuration) commands is more straightforward than trying to discover how to have them run in the same sequence indirectly, by properly setting a number of configuration files, methinks. In addition, the semantics of high level configuration files seems to be more likely to change across releases than that of lower level commands. Best Ale --
Re: Wanted - Debian(preferred)/Linux handheld
On Sat, 18 Aug 2018 10:02:39 +0200 Anders Andersson wrote: > On Thu, Aug 16, 2018 at 7:47 PM, Richard Owlett > wrote: > > > > P.S. I wish my initial posts be taken literally. > > I wish this for every question on the mailing list but sadly that > rarely happens, leading to a lot of pointless traffic to wade through. > On every question there's always the "helpful" people who just wants > to share their 2 cents worth of opinion and derail the question in the > process. > Is this a paid-for consultancy service? > I guess that's partially because a lot of people don't know how to ask > a question so everyone assumes that it is not to be taken literally. > And we all do things differently. Sometimes the question indicates that someone is taking an unnecessarily difficult path. Sometimes nobody knows the answer, and rather than just ignore the questioner, we chip in experiences as near to the subject as possible. Our friend Richard spends his life doing things that nobody else has done, and then gets ratty because nobody can answer his questions. > Maybe I'm not a hundred years old like you guys, but on the inside I'm > just as grumpy, err, I mean "opinionated"! > It is perfectly possible to be grumpy before you have even learned to speak. -- Joe
Re: Fail2Ban Question: Can I do this without restarting the service?
On Fri, Aug 17, 2018 at 05:28:50PM -0400, cyaiplexys wrote: > While I don't travel, the co-admin travels a LOT and doesn't always stay at > hotels. Sometimes they are on the road, getting wifi other places, etc. So > again, probably not possible to even get a good range. Yes, agreed, you probably will need to open your ssh port to the world. > >>Can I do this too? > >> > >>ufw deny 22/tcp # Deny connection to port 22 (ssh default port) > > > >You could, but there's generally no point because all ports are denied > >by default. You usually don't need to create specific deny rules unless > >you have a port that you want to have open to the world, but then close > >it for specific addresses, or if there's an IP address that you want to > >allow access to all ports, except for a few specific ports. > > But (unless I was mistaken) wasn't port 22 open by default for ssh? So > wouldn't I have to block it once I change and open the other ssh port? No, it's not open by default. That's why it's necessary to set up the "allow port 22 from..." (or whatever your alternate ssh port might be) rule before turning the firewall on with "ufw enable". If you've already opened port 22, then change your ssh port after enabling the firewall, you would handle this by adding an allow rule for the new port and then (after establishing a new ssh connection on the new port) deleting the "allow port 22" rule rather than by adding a "deny port 22". To do this, run "ufw status numbered" to find the number of the rule you want to remove, then "ufw delete [rule number]". (Handy tip: If you want to add a new rule that's similar to an existing rule, but can't remember the exact syntax, you can "ufw delete [the existing rule]" and say "no" when it asks to confirm the deletion. The confirmation message includes the command used to create the rule, so you can just copy/paste it and change the details as needed to create the new rule.) -- Dave Sherohman
Re: Wanted - Debian(preferred)/Linux handheld
On Thu, Aug 16, 2018 at 7:47 PM, Richard Owlett wrote: > > P.S. I wish my initial posts be taken literally. I wish this for every question on the mailing list but sadly that rarely happens, leading to a lot of pointless traffic to wade through. On every question there's always the "helpful" people who just wants to share their 2 cents worth of opinion and derail the question in the process. I guess that's partially because a lot of people don't know how to ask a question so everyone assumes that it is not to be taken literally. Maybe I'm not a hundred years old like you guys, but on the inside I'm just as grumpy, err, I mean "opinionated"!
