Multitasking, using a Multi-User Operating System

[Kenneth Parker]

Hello,

This is a General Post about using Debian.  But it refers to a thread I
started, when I jumped to a crazy conclusion, based on insufficient testing
before requesting help.

The original thread is  here:
https://lists.debian.org/debian-user/2019/01/msg00328.html

I am a Computer Consultant, who freely volunteers to help people, mainly on
the Support side.  When somebody asks me about a Program or Package I don't
know, I often will install it on my system to check it out.  Since these
Packages may not fit in to my own Philosophy, I often create special
Usernames, to test them with.  For example, I created separate User Names,
for KDE and Gnome.

Right from the start, with Yggdrasil Plug and Play Linux, was the fact that
you got Six Virtual Text Sessions, that you could, instantly switch
between.  I would even arrange them.

And, even when I embraced a Desktop (Gnome 2), I would switch back to my
Text Terminals, mainly because I liked to run Server Apps Interactively,
and be able to switch to the screen where their Messages were coming out.
Like, for instance, Alt-F1 would be for System Messages.  And yes, on
Alt-F5, I might be Playing Mahler's Third Symphony or a Chopin Piano piece.

And here's what is so great:  All of this can occur at once.
Multitasking.

So what is occurring now?   I hope I'm not supposed to "Dumb Myself Down".

What does it mean to be a Debian-User?

Thank you.

Kenneth Parker   http://eyeblinkuniverse.com (An Open Source Universe).



Now, I want

Re: is it possible to use wheezy CD to rescue stretch

[songbird]

Long Wind wrote:
...
> but initrd on CD is intended for install, not for my purpose
> no luck, i may have to find other way

  can you download and create a USB stick with the
relevant netinst image on it?

  that has a rescue aspect which should be compatible.


  songbird

Re: is it possible to use wheezy CD to rescue stretch

[Pascal Hambourg]

Le 10/01/2019 à 01:21, Long Wind a écrit :

Thanks, i browse Help of wheezy CD, i don't know what rescue it can do
its advanced option allows you to specify boot option before boot,vmlinuz, 
initrd, root=/dev/sda2 ...
(my stretch is installed at sda2)
but initrd on CD is intended for install, not for my purpose


The rescue mode will ask you to select the root filesystem and start a 
shell on it (with chroot). You can also start a shell in the installer 
(initramfs).

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

[Ben Caradoc-Davies]

On 10/01/2019 03:05, Kynn Jones wrote:

The only encryption tool I have used for encrypting files on my hard drive
is gpg2, which I have used for small, interactive encryption tasks
(half-dozen files, at most).
Therefore, my initial attempt was to use gpg2 for this new bulk-encryption
task, but I found myself constantly fighting with it, and finally had to
recognize that I was trying to use gpg2 for something it is not primarily
designed for.  (I am also a bit concerned with gpg2's future stability.
AFAICT, It's design has varied significantly over the years, and as a
result there's a lot of confusion on its use.  That has been my experience,
in any case.)


I use a pipe with gpg2 as one component for symmetric encryption:

gpg --batch --symmetric --cipher-algo AES256 --s2k-digest-algo SHA512 
--compress-algo none --passphrase-file $PASSPHRASE_FILE


My pipe input is usually a tar file gzipped with pigz for parallel 
compression, hence the "--compress-algo none". I then add another "pigz 
-0" wrapper to get a cryptographically weak checksum to allow testing 
for media failures without the passphrase. I like tar because it 
preserves file metadata and filesystem structure and is a very stable 
format. Other formats may be better for random access.


Recently I used gpg2 to decrypt files that were encrypted over 15 years 
ago; note that these were much smaller files and a simpler invocation of 
gpg1 (the then default cipher was CAST5 IIRC). The gpg file format seems 
well-documented and stable. Regular decryption tests are prudent to 
catch problems after gpg upgrade. Yes, the new interactive predilections 
of gpg2 were a pain at first when compared to gpg1, but "--batch" and 
"--passphrase-file" seem sufficient for batch symmetric encryption, if 
you do not mind your passphrase being in plain text on your filesystem.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: /etc/network/interfaces with multiple network interfaces

[Reco]

Hi.

On Wed, Jan 09, 2019 at 11:09:58PM +0100, Rainer Dorsch wrote:
> Hi,
> 
> I have a system with two network interfaces, connecting to two subnets. 
> 
> For some reason the default route is going through eth0.3, I would want to 
> have it through eth0.7.

Both of your VLANs are configured by DHCP, and have the same metric (0
by default).


> Is the default route determined by the order in /etc/network/interface of the 
> interfaces or is there another algorithm behind?

What really happens is one default route get replaced by another.
Whichever happens to be getting the lease last - wins.


If you need the default route on eno1.7 to appear and to be used -
assign lower metric to it. Like this (32 and 64 are arbitrary):

# cam
auto eno1.3
allow-hotplug eno1.3
iface eno1.3 inet dhcp
metric 64
iface eno1.3 inet6 auto
accept_ra 0

# data
auto eno1.7
allow-hotplug eno1.7
iface eno1.7 inet dhcp
metric 32
iface eno1.7 inet6 auto
accept_ra 0

Reco

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

[Celejar]

On Wed, 9 Jan 2019 09:05:32 -0500
Kynn Jones  wrote:

> I am looking for software to symmetric-encrypt large numbers of files on
> disk (terabytes' worth of data), and would appreciate some advice.
> 
> My basic requirements:
> 
>- It should be open source and no-cost (though, since I'm asking this
>question here, this goes without saying);
>- I should be able to program scripts (shell, Python, Perl, or Ruby) to
>run this software without human intervention; this rules out tools that are
>designed for interactive use.
>- It should be stable; I should be able to decrypt encrypted files that
>were encrypted several years earlier; (how much earlier?  hard to say;
>let's say 10 years, as a rough ballpark)
> 
> In addition, the following would be nice:
> 
>- good documentation;
>- good performance;
>- bindings for a high-level language (preferably Python).

The standard encryption technology for linux is LUKS. It works on the
block device level, not the file level. [I may be using the terminology
inaccurately.] You'll find the best compatibility, stability, and
documentation with LUKS, but you don't use it to create encrypted
copies of files - rather, you create a LUKS encrypted device, and
copy / move your files there. The LUKS tools (cryptsetup) are only
necessary for the creation and management of the encrypted volume; once
it's set up, you use the ondinary filesystem tools (cp, mv, ls, etc.)
to access files and move them to and from encrypted storage.

I believe that the most commonly used software for file level
encryption is EncFS. I haven't really used it much, and can't speak to
its long term stablity.



Celejar

Re: SSD TRIM software raid (mdadm)

[David Christensen]

On 1/9/19 1:22 PM, basti wrote:

Hello, I have create a software raid level 1 with mdadm.

One drive is a "classic" HDD. The 2'nd drive is a SSD with option 
"write-mostly".


Over the raid I have create and LVM with all the partitions 
(root,swap and qemu/KVM VM's).


When I understand mdadm the hole space is marked as used. So my 
question is how useful is fstrim on /dev/mdx and would it relay trim 
the SSD?


Best Regards,


On 1/9/19 3:51 PM, Pascal Hambourg wrote:
Why did you flag the SSD as write-mostly ? I would have expected the 
opposite.


+1  RTFM mdadm(8), --write-mostly would make more sense on the HDD.


But, one SSD and one HDD in an MD mirror seems strange.  If mirroring is 
not required, I would:


1.  Partition the SSD with boot, swap, root, and VM partitions.  Give 
each VM a small virtual drive image file for its system drive.


2.  Put one large partition on the HDD.  Give each VM a virtual drive 
image file, sized as required, for its data drive.



If you can install an additional SSD, mirror the two SSD's.  Similarly 
so for an additional HDD.



In any case:

1.  Try to characterize your I/O workload -- synchronous vs. 
asynchronous, read vs. write, sequential vs. random, small vs. large.


2.  Configure things to use asynchronous I/O, where possible.

3.  Install plenty of RAM.

4.  Try multiple configurations and benchmark each, preferably with 
realistic workloads.



David

Re: Taming the "lsblk" command

[David Wright]

On Wed 09 Jan 2019 at 16:36:16 (-0500), Michael Stone wrote:
> On Wed, Jan 09, 2019 at 12:45:02PM -0600, David Wright wrote:
> > But returning to lsblk, I can't figure out why the OP's lsblk -l
> > appears in such an odd order. Does it differ from that given by
> > lsblk with no arguments?
> > 
> > I've checked the unsorted order of my /sys/dev/block, which is
> > essentially random, as is the order of block devices in the output
> > of mount, yet lsblk gives me a nice sorted lists:
> 
> Without -x it's sorting in device major:minor order, which happens to
> be alphabetical in your install purely by chance.

So, looking at the OP, is the order of sdc a temporary state of
affairs, produced by adding partitions to sdc while sde is plugged in
and blocking the sequence? (I've never seen one letter split.)

Or is it quite normal when you reach fifteen partitions? I can
understand that the devices seem to be assigned in blocks of sixteen,
but I slightly surprised that they would be assigned in a broken
sequence when they all present at boot time.

And surely sr0, sitting there in the middle, has a completely
different major number from sdX.

OP's report:

However when I do
 > lsblk -l -o name,label
I get
 > sdc14 good-fvwm
 > sdc15 tst_mysql
 > sde
 > sde1  debian-2-go
 > sr0
 > sdc16 tst_mariadb
 > sdc17 dummy
 > sdc18 target

Cheers,
David.

Re: is it possible to use wheezy CD to rescue stretch

[Long Wind]

Thanks, i browse Help of wheezy CD, i don't know what rescue it can do
its advanced option allows you to specify boot option before boot,vmlinuz, 
initrd, root=/dev/sda2 ...
(my stretch is installed at sda2)
but initrd on CD is intended for install, not for my purpose
no luck, i may have to find other way


 

On Thursday, January 10, 2019 8:01 AM, Pascal Hambourg 
 wrote:
 

 Le 09/01/2019 à 23:26, Long Wind a écrit :
> i have wheezy CD, it has rescue option, is it possible to use it to boot 
> stretch?

Not always. Wheezy's kernel and e2fsprogs tools do not support newer 
ext4 features such as csum_metadata which are enabled by default on ext4 
filesystems created by Stretch's tools.



   

Re: allocating disk space (was: Upgrade Problem)

[David Wright]

On Fri 04 Jan 2019 at 19:36:42 (-0500), Felix Miata wrote:
> David Wright composed on 2019-01-04 14:27 (UTC-0600):
> > On Fri 04 Jan 2019 at 13:41:33 (-0500), Felix Miata wrote:
> >> David Wright composed on 2019-01-04 10:19 (UTC-0600):
> >> > On Fri 04 Jan 2019 at 04:30:00 (-0500), Felix Miata wrote:
> 
> >> >>> This partitioning scheme seems really odd and unwieldy.  
> 
> >> >> Indeed. Considering the absence of a sysadmin,
> 
> >> > What's so unusual about that?
> 
> >> Standing alone, absolutely nothing, but it wasn't standing alone
> 
> > (The OP is standing alone, leaving us aside.)
> 
> > By snipping the rhetorical question that introduces my paragraph, it
> > now appears that "unusual" refers to the partitioning scheme. It
> > doesn't.
> 
> It wasn't intended to.
> 
> > It refers to the absence of a sysadmin. 
> 
> Intended.
> 
> >> >> absence of 2 possible primary partitions on sda,
> >> 
> >> > If the OP partitioned an MBR disk intending to subdivide the
> >> > filesystem, then it might be expected that they create an extended
> >> > partition. Why bother with holding off until you've got two
> >> > primary partitions set up first?
> 
> >> Off the top of my head:
> 
> >> 1-trivial I know, but avoiding seeing fdisk report "Partition table 
> >> entries are not in disk order"
> 
> >> 2-less trivial: partitions not being in disk order
> 
> > I don't understand. The time sequence would be
> 
> > sda1=primary [ free 
> >  ]
> 
> > sda1=primary [  "sda2"=extended 
> >  ]
> 
> > sda1=primary [ sda5=logicalfree 
> >  ]
> 
> > sda1=primary [ sda5=logical sda6=logical   free 
> >  ]
> 
> > sda1=primary [ sda5=logical sda6=logical sda7=logical   free
> >  ]
> 
> > sda1=primary [ sda5=logical sda6=logical sda7=logical sda8=logical 
> > possibly-free ]
> 
> > What's out of order?
> 
> This looks like it's assuming reference to the OP's disk state, which is not 
> what I was writing
> about. AFAIK, when entries /are/ out of order, far more steps had to have 
> been involved than those
> you listed.
> 
> >> 3-potential to have a primary partition added following a logical, thereby 
> >> making following
> >> freespace unavailable for one or more added logicals (disappearing 
> >> freespace).
> 
> > With the scenario above, it would be usual to fill the disk with the
> > extended partition, so there's no possibility of adding another primary.
> 
> Yes, when filling the disk at the outset. With the escalation of disk sizes 
> over the years, it's
> become more common not to allocate 100% at the outset. In non-ancient memory 
> I only ever fully
> allocated with my own disks at the outset with data disks, until small SDDs 
> became cheap.

I don't understand the reasoning.

> Some partitioning tools are better than others at allowing oneself to shoot 
> oneself in the foot.
> 
> > Here's the partition table of this laptop. Care to guess it's
> > evolution?
> 
> > Number  Start (sector)End (sector)  Size
> >12048 2050047   1000.0 MiB
> >2 2050048 2582527   260.0 MiB
> >3 2582528 4630527   1000.0 MiB
> >4 4630528 4892671   128.0 MiB
> >5 4892672   347348991   163.3 GiB
> >6   347348992   429268991   39.1 GiB /
> >7   429268992   511188991   39.1 GiB
> >8   511188992   883275775   177.4 GiB/home
> >9   883275776   883292159   8.0 MiB
> >   10   883292160   892084223   4.2 GiB  swap
> >   11   892086272   892803071   350.0 MiB
> >   12   892803072   894900223   1024.0 MiB
> >   13   894900224   947329023   25.0 GiB
> >   14   947329024   976773119   14.0 GiB
> 
> > Constrained by an inability to repartition the disk, how would
> > you distribute a Debian system across it while wasting the
> > least space?
> 
> That's a bit sketchy.

Worse then that: I don't have a clue what most of the original
partitions were for, and still don't. I just don't touch them.

Here's what I inherited:

/dev/sda1   2048   2050047   2048000 1000M Windows recovery environment
/dev/sda22050048   2582527532480  260M EFI System
/dev/sda32582528   4630527   2048000 1000M Lenovo boot partition
/dev/sda44630528   4892671262144  128M Microsoft reserved
/dev/sda54892672 892086271 887193600  423G Microsoft basic data
/dev/sda6  892086272 892803071716800  350M Windows recovery environment
/dev/sda7  892803072 894900223   20971521G Microsoft basic data
/dev/sda8  894900224 947329023  52428800   25G Microsoft basic data
/dev/sda9  947329024 976773119  29444096   14G Windows recovery environment

I have no idea why there are three recovery partitions of vastly
differing sizes, a manufacturer's boot 

Re: is it possible to use wheezy CD to rescue stretch

[Pascal Hambourg]

Le 09/01/2019 à 23:26, Long Wind a écrit :

i have wheezy CD, it has rescue option, is it possible to use it to boot 
stretch?


Not always. Wheezy's kernel and e2fsprogs tools do not support newer 
ext4 features such as csum_metadata which are enabled by default on ext4 
filesystems created by Stretch's tools.

Re: SSD TRIM software raid (mdadm)

[Pascal Hambourg]

Le 09/01/2019 à 22:22, basti a écrit :

I have create a software raid level 1 with mdadm.

One drive is a "classic" HDD.
The 2'nd drive is a SSD with option "write-mostly".


Why did you flag the SSD as write-mostly ? I would have expected the 
opposite.



Over the raid I have create and LVM with all the partitions (root,swap
and qemu/KVM VM's).

When I understand mdadm the hole space is marked as used.


I don't understand what you mean.


So my question is how useful is fstrim on /dev/mdx and would it relay
trim the SSD?


RAID 1 supports TRIM since kernel 3.7. Since the HDD does not support 
TRIM, it will make discarded bloc contents inconsistent between the SSD 
and the HDD but it does not matter.


However you wrote that the RAID device is used by LVM, so you cannot run 
fstrim on it directly. You must enable TRIM/discard in LVM (see 
lvm.conf) and run fstrim on LVs which contain mounted filesystems 
supporting TRIM/discard.

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

[Linux-Fan]

Kynn Jones writes:

I am looking for software to symmetric-encrypt large numbers of files on disk  
(terabytes' worth of data), and would appreciate some advice.


My basic requirements:

• It should be open source and no-cost (though, since I'm asking this  
question here, this goes without saying);


• I should be able to program scripts (shell, Python, Perl, or Ruby) to run  
this software without human intervention; this rules out tools that are  
designed for interactive use.


• It should be stable; I should be able to decrypt encrypted files that were  
encrypted several years earlier; (how much earlier?  hard to say; let's say  
10 years, as a rough ballpark)

In addition, the following would be nice:

• good documentation;

• good performance;

• bindings for a high-level language (preferably Python).

The only encryption tool I have used for encrypting files on my hard drive is  
gpg2, which I have used for small, interactive encryption tasks (half-dozen  
files, at most).


[...]


What Debian packages would you recommend?


I actually tend to use 7-Zip for symmetric file encryption a lot because it  
ensures cross-platform compatibility and many users have 7-Zip already  
installed (I am always afraid that one day decryption software might not be  
available because then data would be close to being lost). The Debian  
package is `p7zip-full`.


Another program which I like is AESCrypt. Unfortunately it seems it is not  
included in Debian, but one might be able to install it via PIP (I have only  
ever used the Java and C version). I have actually read the Java  
implementation (which is also available as a very minimalistic commandline  
utility) and found the code understandable which is always a bonus when it  
comes to security :) Additionally, it was simple to adapt the library to  
provide a slightly different API and the result is still compatible with the  
AESCrypt commandline. As a result, you can use the API to automatically  
process data and the commandline utility to manually extract the data should  
something go wrong with the automatism. AESCrypt also seems to have Python  
bindings (but I have not used them). See https://www.aescrypt.com.


HTH
Linux-Fan


pgpXbZBrkpsDQ.pgp
Description: PGP signature

Re: /etc/network/interfaces with multiple network interfaces

[Lee]

On 1/9/19, Rainer Dorsch  wrote:
> Hi,
>
> I have a system with two network interfaces, connecting to two subnets.
>
> For some reason the default route is going through eth0.3, I would want to
> have it through eth0.7.

further down you've got:
rd@master:~$ ip r
default via 192.168.3.1 dev eno1.3
192.168.3.0/24 dev eno1.3 proto kernel scope link src 192.168.3.2
192.168.7.0/24 dev eno1.7 proto kernel scope link src 192.168.7.2

Just a guess, but the default gateway is 192.168.3.1 & eno1.3 is
directly connected to that subnet so that's the best route.

Change your default gateway to 192.168.7.1 (or whatever the router is
on that subnet) & it should pick eno1.7 for the default route.

Regards,
Lee

>
> Is the default route determined by the order in /etc/network/interface of
> the
> interfaces or is there another algorithm behind?
>
> rd@master:~$ cat /etc/network/interfaces
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> source /etc/network/interfaces.d/*
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> auto eno1
> allow-hotplug eno1
> #iface eno1 inet dhcp
> iface eno1 inet6 auto
>   accept_ra 0
>
> # cam
> auto eno1.3
> allow-hotplug eno1.3
> iface eno1.3 inet dhcp
> iface eno1.3 inet6 auto
>   accept_ra 0
>
> # data
> auto eno1.7
> allow-hotplug eno1.7
> iface eno1.7 inet dhcp
> iface eno1.7 inet6 auto
>   accept_ra 0
> rd@master:~$ ip a show
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eno1:  mtu 1500 qdisc pfifo_fast state
> UP
> group default qlen 1000
> link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
> inet6 fe80::1a66:daff:fe20:6f2d/64 scope link
>valid_lft forever preferred_lft forever
> 3: eno1.3@eno1:  mtu 1500 qdisc noqueue
> state
> UP group default qlen 1000
> link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
> inet 192.168.3.2/24 brd 192.168.3.255 scope global eno1.3
>valid_lft forever preferred_lft forever
> inet6 fe80::1a66:daff:fe20:6f2d/64 scope link
>valid_lft forever preferred_lft forever
> 4: eno1.7@eno1:  mtu 1500 qdisc noqueue
> state
> UP group default qlen 1000
> link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
> inet 192.168.7.2/24 brd 192.168.7.255 scope global eno1.7
>valid_lft forever preferred_lft forever
> inet6 fe80::1a66:daff:fe20:6f2d/64 scope link
>valid_lft forever preferred_lft forever
> rd@master:~$ ip r
> default via 192.168.3.1 dev eno1.3
> 192.168.3.0/24 dev eno1.3 proto kernel scope link src 192.168.3.2
> 192.168.7.0/24 dev eno1.7 proto kernel scope link src 192.168.7.2
> rd@master:~$
>
>
> Thanks
> Rainer
> --
> Rainer Dorsch
> http://bokomoko.de/
>
>
>

Re: Debian booting into initramfs shell

[Pascal Hambourg]

Le 09/01/2019 à 10:29, Thomas Schweikle a écrit :


Since latest upgrades debian boots into initramfs shell:

(...)

Booting into rescue mode with the very same kernel/initrd works:


Consistently ? AFAIK, the only difference between normal and rescue mode 
which may affect the initramfs process is the presence or absence of the 
option "quiet" in the kernel command line which displays more or less 
messages. Could you test the normal mode without "quiet" and the rescue 
mode with "quiet" ?

Re: Aide offline libreoffice 6

[Migrec]

Le 07/01/2019 à 18:00, ajh-valmer a écrit :

On Friday 04 January 2019 15:02:12 Nicolas FRANCOIS wrote:

quand elle encadre deux caractères dans la même police, elle obtient 2
caractères encadrés, et pas un cadre pour les deux caractères...).

Il y en a un autre :
OpenOffice et maintenant LibreOffice ont toujours eu ce défaut récurrent,
le Copier/Coller à l'intérieur d'un document LO ne fonctionne pas avec la
roulette de la souris.
Il faut mettre le texte en surbrillance, clic droit, "Copier", puis encore
clic droit et "Coller".

(alors qu'avec la roulette, texte en surbrillance puis clic roulette,
quel gain de temps !)


Si ça peut rassurer, sur ma Kubuntu 18.10 avec LibreOffice 6.1.3.2, ça 
fonctionne désormais !
Par contre le copier-coller avec le clic droit fonctionne une fois sur 2 
dans calc. Bogue saisi.


--
Migrec

Re: Réseau : accès VPN et LAN simultanés

[Pascal Hambourg]

Le 09/01/2019 à 21:21, roger.tar...@free.fr a écrit :


- Original Message -
From: "Pascal Hambourg" 


Serait-il possible de configurer ton logiciel de messagerie pour citer 
correctement (avec des marques de citation ">") le message auquel tu 
réponds, parce que là c'est difficile à lire.



Le 09/01/2019 à 08:35, roger.tar...@free.fr a écrit :

C'est "l'IP publique de la box" utilisée par les clients VPN (visible dans le 
fichier de conf client openvpn). Donc, oui c'est l'IP publique du serveur VPN.


Tu aurais pu préciser que le serveur VPN était une freebox. Je pensais, 
parce que c'est la situation la plus courante, que la freebox était la 
box internet des deux clients, et du coup je ne comprenais pas.



192.168.0.0/24 dev eth0  proto kernel  scope link  src LAN_CLIENT_IP1  # IP_LAN 
est en 192.168.
IP_VPN_CLIENT/27 via FREEBOX_IP dev tun0
FREEBOX_IP dev tun0  proto kernel  scope link  src VPN_CLIENT_IP1


Et franchement, pas besoin de caviarder toutes ces adresses IP. 
L'adresse du freeplayer est la même pour toutes les box. Quant aux 
adresses privées des clients, elles ne sont pas uniques et injoignables 
depuis l'extérieur.



$ iptables-save
bash: iptables-save: command not found


Il faut l'exécuter en tant que root.

Réponse :
hum.. oui !
Sur cette machine, exécuter en root n'est pas exigé car l'utilisateur a /sbin 
dans son PATH et accède donc directement à itables-save.


Il ne suffit pas que l'exécutable soit dans le $PATH (ce qui n'est 
manifestement pas le cas d'après la réponse de bash), il faut aussi 
l'exécuter avec les privilèges root.



c'est un RPi3b en Raspbian8, et d'ailleurs c'est configuré d'office.


Peu importe.


MACHINE 2

(...)

192.168.0.0/24 via FREEBOX_IP dev tun0


Cette route est erronée. Elle ne devrait pas exister et est la cause
probable de la perte de connectivité entre les deux machines : celle-ci
croit que l'autre est joignable via le VPN, mais le serveur de VPN ne
route pas ce préfixe.

Si elle est mise en place par l'ouverture du VPN, il faut rechercher
quelle est l'option erronée qui la crée dans la configuration VPN du
client (route) ou du serveur (push).

Réponse :
ce résultat de ip route correspond à une situation avec connectivité via VPN ou 
via LAN entre les 2 machines.


Je ne comprends pas ce que tu veux dire.


J'ai fait un test en modifiant /etc/network/interfaces
où j'ai commenté les directives (optionnelles) qui sont absentes de l'autre 
machine qui
# gateway 192.168.0.1


Si l'interface est configurée avec la méthode "static", l'absence de 
l'option gateway l'empêchera d'atteindre l'extérieur du réseau.



# network 192.168.0.1


Cette valeur est invalide. L'adresse de réseau est par convention la 
première adresse du préfixe, 192.168.0.0, et traitée comme une adresse 
de broadcast quand elle est définie.



ça ne change rien


Normal. J'ai dit que cette route venait de la configuration du VPN, pas 
du fichier interfaces.



J'ai refait ip route avec/sans VPN :


Résultat qui confirme que la route est ajoutée par le VPN.


Je ne peux pas couper eth0 (sudo ifdown eth0) pour avoir juste le vpn, 
puisqu'il passe par ce seul tuyau ethernet. Et donc ça va tout couper même le 
lien vpn.


Je n'ai jamais dit de couper eth0. Pourquoi vouloir faire une chose 
pareille ? Non seulement cela couperait le VPN, mais cela couperait 
aussi la communication directe sur le LAN avec l'autre machine.



En même temps, le client vpn ne gère-il pas son affaire grâce à la directive 
ajouté au fichier de conf ? (route 192.168.40.0 255.255.255.0 net_gateway)


Cette directive est juste une rustine qui sert à masquer une erreur de 
configuration.

Re: is it possible to use wheezy CD to rescue stretch

[Roberto C . Sánchez]

On Wed, Jan 09, 2019 at 10:26:51PM +, Long Wind wrote:
>i have stretch, but can't boot it, i think its grub is bad, i want to boot
>into it so that i can run grub-install to fix it.
>i have wheezy CD, it has rescue option, is it possible to use it to boot
>stretch? in early Debian CD, it's possible. Thanks!

Yes, that should be possible.  If the tools available in the wheezy
installer environment are insufficient, then you chroot into the broken
jessie environment to issue whatever grub commands you need to restore
your installation to working order.

Regards,

-Roberto

-- 
Roberto C. Sánchez

is it possible to use wheezy CD to rescue stretch

[Long Wind]

i have stretch, but can't boot it, i think its grub is bad, i want to boot into 
it so that i can run grub-install to fix it.
i have wheezy CD, it has rescue option, is it possible to use it to boot 
stretch? in early Debian CD, it's possible. Thanks! 

/etc/network/interfaces with multiple network interfaces

[Rainer Dorsch]

Hi,

I have a system with two network interfaces, connecting to two subnets. 

For some reason the default route is going through eth0.3, I would want to 
have it through eth0.7.

Is the default route determined by the order in /etc/network/interface of the 
interfaces or is there another algorithm behind?

rd@master:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto eno1
allow-hotplug eno1
#iface eno1 inet dhcp
iface eno1 inet6 auto
  accept_ra 0

# cam
auto eno1.3
allow-hotplug eno1.3
iface eno1.3 inet dhcp
iface eno1.3 inet6 auto
  accept_ra 0

# data
auto eno1.7
allow-hotplug eno1.7
iface eno1.7 inet dhcp
iface eno1.7 inet6 auto
  accept_ra 0
rd@master:~$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
inet6 fe80::1a66:daff:fe20:6f2d/64 scope link 
   valid_lft forever preferred_lft forever
3: eno1.3@eno1:  mtu 1500 qdisc noqueue state 
UP group default qlen 1000
link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.3.2/24 brd 192.168.3.255 scope global eno1.3
   valid_lft forever preferred_lft forever
inet6 fe80::1a66:daff:fe20:6f2d/64 scope link 
   valid_lft forever preferred_lft forever
4: eno1.7@eno1:  mtu 1500 qdisc noqueue state 
UP group default qlen 1000
link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.7.2/24 brd 192.168.7.255 scope global eno1.7
   valid_lft forever preferred_lft forever
inet6 fe80::1a66:daff:fe20:6f2d/64 scope link 
   valid_lft forever preferred_lft forever
rd@master:~$ ip r
default via 192.168.3.1 dev eno1.3 
192.168.3.0/24 dev eno1.3 proto kernel scope link src 192.168.3.2 
192.168.7.0/24 dev eno1.7 proto kernel scope link src 192.168.7.2 
rd@master:~$ 


Thanks
Rainer
-- 
Rainer Dorsch
http://bokomoko.de/

Fwd: Fwd: DNS SQUID

[Eriel Perez]

bueno no era firewall ya que esta deshabilitado por ahora.

aqui la solucion o mejor la deteccion del problema.

la cuestion es que clone mi  CT cambie la ip y funcionaba para afuera.

pero entre las pc clonadas no se veian, era porque las mac tambien se 
clonaron. y no las habia cambiado al menos 1 caracter.


bueno, la cambie, el caracter, reinicie y listo.

Cosas que pasan.

anoten esto por si a alguien le pasa.

Casi que llego a reinstalar el proxmox again! :(

Slds



 Forwarded Message 
Subject:Fwd: DNS SQUID
Date:   Wed, 9 Jan 2019 16:48:49 -0500
From:   Eriel Perez 
To: debian-user-spanish 



viendo un poco mas del problema, he acabado de descubrir que

la pc del proxy la tengo en un proxmox con debian 9 donde los equipos 
sin problema ninguno trabajano se conectan.


la pc de apache otro debia en proxmo igual. donde los equipos din 
problemas se conectan al apache SIN PROXY.


ahora el problema esta cuando el proxy se va a conectar al apache, o sea 
al pc de apache que esta en proxmo. este no lo hace.


haciendo unos test y desde la pc del apache hago ping a la del proxy y 
no funciona y viceversa. o sea no se ven.


no hay nada de cortafuegos.


alguna idea sobre este problema?



 Forwarded Message 
Subject:DNS SQUID
Date:   Wed, 9 Jan 2019 15:52:19 -0500
From:   Eriel Perez 
To: debian-user-spanish 



Saludos amigos.

Tengo mi squid que me resuelve perfectamente todas las paginas a 
internet. mas las que estan en mi intranet no.


me explico mejor.

tengo el servidor mio dns en 1 pc, el squid en otra y un simple apache 
en otra.


salgo para internet mas no me resuelve por ejemplo site.domain.com que 
seria un host en el dns.



en el navegador desde una pc interna sin proxy carga bien el site, mas 
el squid no me lo carga. tengo la directiva


dns_nameservers domain.com

establecida en el proxy y nada.

alguna sugerencia.

por cierto desde la misma pc donde esta el proxy

nslookup site.domain.com

funciona correctamente.


slds.

Re: /etc/network/interfaces and IPv6

[Rainer Dorsch]

Hi Reco,

many thanks, your answer worked well.

Rainer

Am Mittwoch, 9. Januar 2019, 11:23:46 CET schrieb Reco:
>   Hi.
> 
> On Wed, Jan 09, 2019 at 10:42:27AM +0100, Rainer Dorsch wrote:
> > Hello,
> > 
> > I am just wondering why ipv6 gets configured for enp1s0, even though I do
> > not request that in /etc/network/interfaces (?).
> 
> 
> 
> > 2: enp1s0:  mtu 1500 qdisc pfifo_fast
> > state UP group default qlen 1000
> > 
> > link/ether 74:d4:35:7b:0d:d8 brd ff:ff:ff:ff:ff:ff
> > inet6 2a02:8070:898f:e4fc:76d4:35ff:fe7b:dd8/64 scope global
> > mngtmpaddr dynamic> 
> >valid_lft 14307sec preferred_lft 14307sec
> 
> You've got your IPv6 address via Router Advertisement (mngtmpaddr
> dynamic, limited address lifetime).
> And you don't need anything but a Linux kernel to get it.
> 
> If you don't need IPv6 on that interface for some reason - add the
> following to your /etc/network/interfaces:
> 
> iface enp1s0 inet6 auto
>   accept_ra 0
> 
> Reco


-- 
Rainer Dorsch
http://bokomoko.de/

Fwd: DNS SQUID

[Eriel Perez]

viendo un poco mas del problema, he acabado de descubrir que

la pc del proxy la tengo en un proxmox con debian 9 donde los equipos 
sin problema ninguno trabajano se conectan.


la pc de apache otro debia en proxmo igual. donde los equipos din 
problemas se conectan al apache SIN PROXY.


ahora el problema esta cuando el proxy se va a conectar al apache, o sea 
al pc de apache que esta en proxmo. este no lo hace.


haciendo unos test y desde la pc del apache hago ping a la del proxy y 
no funciona y viceversa. o sea no se ven.


no hay nada de cortafuegos.


alguna idea sobre este problema?



 Forwarded Message 
Subject:DNS SQUID
Date:   Wed, 9 Jan 2019 15:52:19 -0500
From:   Eriel Perez 
To: debian-user-spanish 



Saludos amigos.

Tengo mi squid que me resuelve perfectamente todas las paginas a 
internet. mas las que estan en mi intranet no.


me explico mejor.

tengo el servidor mio dns en 1 pc, el squid en otra y un simple apache 
en otra.


salgo para internet mas no me resuelve por ejemplo site.domain.com que 
seria un host en el dns.



en el navegador desde una pc interna sin proxy carga bien el site, mas 
el squid no me lo carga. tengo la directiva


dns_nameservers domain.com

establecida en el proxy y nada.

alguna sugerencia.

por cierto desde la misma pc donde esta el proxy

nslookup site.domain.com

funciona correctamente.


slds.

Re: DNS SQUID

[Eriel Perez]

acabo creo de encontrar el problema.


las 2 pc, la del proxy y la del apache las dos son virtualizadas, pero 
entre ellas hago ping y no se ven. alguna sugerencia?


On 1/9/2019 4:14 PM, Paynalton wrote:
donde tienes tu gateway, lo mejor sería que usaras un archivo de 
configuración .pac para indicar a los navegadores qué segmentos de red 
no pasan por el proxy.

Re: Taming the "lsblk" command

[Michael Stone]

On Wed, Jan 09, 2019 at 12:45:02PM -0600, David Wright wrote:

But returning to lsblk, I can't figure out why the OP's lsblk -l
appears in such an odd order. Does it differ from that given by
lsblk with no arguments?

I've checked the unsorted order of my /sys/dev/block, which is
essentially random, as is the order of block devices in the output
of mount, yet lsblk gives me a nice sorted lists:


Without -x it's sorting in device major:minor order, which happens to be 
alphabetical in your install purely by chance.

SSD TRIM software raid (mdadm)

[basti]

Hello,
I have create a software raid level 1 with mdadm.

One drive is a "classic" HDD.
The 2'nd drive is a SSD with option "write-mostly".

Over the raid I have create and LVM with all the partitions (root,swap
and qemu/KVM VM's).

When I understand mdadm the hole space is marked as used.
So my question is how useful is fstrim on /dev/mdx and would it relay
trim the SSD?

Best Regards,

Re: DNS SQUID

[Paynalton]

Depende de la topología de tu red. Si instalaste squid en el mismo lugar
donde tienes tu gateway, lo mejor sería que usaras un archivo de
configuración .pac para indicar a los navegadores qué segmentos de red no
pasan por el proxy.

El mié., 9 de enero de 2019 2:52 p. m., Eriel Perez <
erielperezg...@gmail.com> escribió:

> Saludos amigos.
>
> Tengo mi squid que me resuelve perfectamente todas las paginas a
> internet. mas las que estan en mi intranet no.
>
> me explico mejor.
>
> tengo el servidor mio dns en 1 pc, el squid en otra y un simple apache
> en otra.
>
> salgo para internet mas no me resuelve por ejemplo site.domain.com que
> seria un host en el dns.
>
>
> en el navegador desde una pc interna sin proxy carga bien el site, mas
> el squid no me lo carga. tengo la directiva
>
> dns_nameservers domain.com
>
> establecida en el proxy y nada.
>
> alguna sugerencia.
>
> por cierto desde la misma pc donde esta el proxy
>
> nslookup site.domain.com
>
> funciona correctamente.
>
>
> slds.
>
>

Re: [OT] Sustituir texto en un fichero con SED.

[Paynalton]

Puedes usar diagonal invertida para escapar las diagonales: \/

El mié., 9 de enero de 2019 2:34 p. m., Ramses 
escribió:

> -Mensaje original-
> De: Ramses [mailto:ramses.sevi...@gmail.com]
> Enviado el: jueves, 3 de enero de 2019 13:08
> Para: debian-user-spanish@lists.debian.org
> Asunto: Re: [OT] Sustituir texto en un fichero con SED.
>
> El 3 de enero de 2019 12:58:34 CET, Matias Mucciolo <
> mmucci...@suteba.org.ar> escribió:
> >
> >On Wednesday, January 2, 2019 10:24:03 PM -03 Ramses wrote:
> >> El 2 de enero de 2019 20:14:50 CET, Ramses 
> >
> >escribió:
> >> >El 2 de enero de 2019 20:03:31 CET, Matias Mucciolo
> >> >
> >> > escribió:
> >> >>On Wednesday, January 2, 2019 7:53:42 PM -03 Ramses wrote:
> >> >>> El 2 de enero de 2019 19:44:38 CET, Matias Mucciolo
> >> >>
> >> >> escribió:
> >> >>> >> On Wednesday, January 2, 2019 6:39:15 PM -03 Ramses wrote:
> >> >>> >> > Hola a tod@s y feliz año...
> >> >>> >> >
> >> >>> >> > Tengo un fichero de texto con líneas, entre otras tantas,
> >que
> >> >>> >
> >> >>> >comienzan
> >> >>> >
> >> >>> >> > con:
> >> >>> >> >
> >> >>> >> > # P1 =
> >> >>> >> > # P12 =
> >> >>> >> > # P123 =
> >> >>> >> > # P1234 =
> >> >>> >> >
> >> >>> >> > Donde cada dígito es variable entre 0 y 9, es decir, lo
> >mismo
> >> >
> >> >te
> >> >
> >> >>> >> > encuentras
> >> >>> >> > un '# P8' que un '# P5487', pero también te encuentras con
> >> >>
> >> >>líneas
> >> >>
> >> >>> >que
> >> >>> >
> >> >>> >> > empiezan por '# P pepito'.
> >> >>> >> >
> >> >>> >> > Me gustaría saber si hay forma de cambiar con SED todas las
> >> >>
> >> >>líneas
> >> >>
> >> >>> >que
> >> >>> >
> >> >>> >> > comienzan por:
> >> >>> >> >
> >> >>> >> > # P1 =
> >> >>> >> > # P12 =
> >> >>> >> > # P123 =
> >> >>> >> > # P1234 =
> >> >>> >> >
> >> >>> >> > Y dejarlas comenzando así:
> >> >>> >> >
> >> >>> >> > P1 =
> >> >>> >> > P12 =
> >> >>> >> > P123 =
> >> >>> >> > P1234 =
> >> >>> >> >
> >> >>> >> > Claro, manteniendo el resto de líneas del fichero tal cual
> >> >>
> >> >>están,
> >> >>
> >> >>> >por
> >> >>> >
> >> >>> >> > ejemplo, las que comienzan por  y el resto.
> >> >>> >> >
> >> >>> >> >
> >> >>> >> > Saludos y gracias,
> >> >>> >> >
> >> >>> >> > Ramsés
> >> >>> >>
> >> >>> >> Buenas Ramses
> >> >>> >>
> >> >>> >> si esta todo bien como dijiste y tenes exactamente esas lineas
> >> >>> >> con el siguiente sed podes "descomentar" las lineas
> >> >>> >> que empiezas con "# PN" siendo N un numero del 0-9
> >> >>> >>
> >> >>> >> sed:
> >> >>> >>
> >> >>> >> sed '/P[0-9]/s/# //g'
> >> >>> >>
> >> >>> >> ejemplo la linea '# P pepito' no se modifica...
> >> >>> >> probalo y cualquier duda pregunta.
> >> >>> >> o pone las lineas exactamente como son y cual falla..
> >> >>> >>
> >> >>> >> saludos.
> >> >>> >> Matias.-
> >> >>> >
> >> >>> >acomodo el sed se me paso la parte de "empieza por bla"
> >> >>> >
> >> >>> >sed '/^# P[0-9]/s/# //g'
> >> >>> >
> >> >>> >ahora si ...
> >> >>> >saludos
> >> >>> >Matias.
> >> >>>
> >> >>> Ha, bien, te estaba contestando a tu correo para comentarte que
> >si
> >> >
> >> >no
> >> >
> >> >>> faltaba el ^.
> >> >>>
> >> >>> Ahora, está línea (sed '/^# P[0-9]/s/# //g') sustituiría las
> >líneas
> >> >>
> >> >>que
> >> >>
> >> >>> comienzan, por ejemplo, por '# P8', pero como he comentado, ¿y
> >para
> >> >>
> >> >>las
> >> >>
> >> >>> líneas que comienzan por '# P65', '# P756' o '# P 6548'?
> >> >>>
> >> >>> Es decir, las líneas pueden comenzar desde '# PN =' hasta '#
> >P
> >> >>
> >> >>='.
> >> >>
> >> >>> Saludos y gracias,
> >> >>>
> >> >>> Ramsés
> >> >>
> >> >>Mientras no tengan espacio, es decir, '# P N' (que veo en tu
> >pregunta
> >> >>'# P 6548' ) serviria desde '# PN'  hasta  '# PNN(...)'
> >> >>infinito.
> >> >>
> >> >>ahora si hay espacio...lo mas facil es correr este comando
> >> >>y una segunda pasada con este otro:
> >> >>
> >> >>sed '/^# P [0-9]/s/# //g'
> >> >>
> >> >>y con esas dos pasadas se solucionaria.
> >> >>
> >> >>ejemplo:
> >> >>
> >> >>$ cat aa
> >> >># P1 =
> >> >># P12 =
> >> >># P123 =
> >> >># P1234 =
> >> >># P31234 =
> >> >># P pepito =
> >> >># P 6548 =
> >> >>$
> >> >>$ cat aa | sed '/^# P[0-9]/s/# //g' | sed '/^# P [0-9]/s/# //g'
> >> >>P1 =
> >> >>P12 =
> >> >>P123 =
> >> >>P1234 =
> >> >>P31234 =
> >> >># P pepito =
> >> >>P 6548 =
> >> >>
> >> >>
> >> >>
> >> >>Saludos.
> >> >>Matias
> >> >
> >> >No, no, Matías, los números están pegados a la P, no hay espacios.
> >> >
> >> >
> >> >Saludos,
> >> >
> >> >Ramsés
> >>
> >> Bien, Matías, muchas gracias, creo que este tema solucionado...
> >>
> >> Con comando:
> >>
> >> sed '/^# P[0-9]/s/# //g' fichero-A.txt > fichero-A-LIMPIO.txt
> >>
> >> Genero el mismo "fichero-A.txt" con todas las líneas que comenzaban
> >con "#
> >> P" cambiadas por "P".
> >>
> >> Ahora tengo que hacer otra cosa que no sé si se podrá hacer con SED o
> >habrá
> >> que usar otro comando.
> >>
> >> Por ejemplo, tengo el "fichero-A-LIMPIO.txt" que contiene:
> >>
> >> fichero-A-LIMPIO.txt

DNS SQUID

[Eriel Perez]

Saludos amigos.

Tengo mi squid que me resuelve perfectamente todas las paginas a 
internet. mas las que estan en mi intranet no.


me explico mejor.

tengo el servidor mio dns en 1 pc, el squid en otra y un simple apache 
en otra.


salgo para internet mas no me resuelve por ejemplo site.domain.com que 
seria un host en el dns.



en el navegador desde una pc interna sin proxy carga bien el site, mas 
el squid no me lo carga. tengo la directiva


dns_nameservers domain.com

establecida en el proxy y nada.

alguna sugerencia.

por cierto desde la misma pc donde esta el proxy

nslookup site.domain.com

funciona correctamente.


slds.

Re: Why choose Debian on server

[Brian]

On Wed 09 Jan 2019 at 12:47:42 -0600, David Wright wrote:

> On Mon 07 Jan 2019 at 23:51:36 (+), Brian wrote:
> > On Mon 07 Jan 2019 at 14:37:30 -0600, David Wright wrote:
> > > On Mon 07 Jan 2019 at 18:21:07 (+), Brian wrote:
> > > > On Sun 06 Jan 2019 at 18:13:58 -0600, David Wright wrote:
> > > > 
> > > > [...]
> > > > 
> > > > > BTW if this Screenshot method is meant to yield a "printable"
> > > > > document, I haven't yet figured out how to print it sensibly.
> > > > > $ lp -d PDF very-long-image.png   gives me the image on one page,
> > > > > and looks, as it happens, like the sort of output that FF sometimes
> > > > > gives when printing articles: a narrow column of minute text.
> > > > 
> > > > To nitpick, the claim was that the Raspberry Pi Stack Exchange page
> > > > was printable. Whether the marks on paper satisfied a user in all
> > > > regards wasn't touched on until now.
> > > 
> > > I think it's reasonable to demand a certain level of legibility.
> > 
> > Indeed. That is why I am looking at printouts from Firefox and lp which
> > nobody with reasonable eyesight would have any trouble reading.
> > 
> > > > For me, printing the screen image obtained from my chosen page from
> > > > the Print Preview of FireFox gave an acceptable output with a Custom
> > > > Scale. It helped to choose Landscape mode.
> 
> I think I see what you're doing now: you take the snapshot in FF, then
> open the snapshot in FF again and then use Print Preview to set the
> scaling factor before you print it.

That's spot-on, but do not think I am wedded to this technique. If I had
a desperate to print a one-off (like the originator of this sub-thread)
I would use it but would be cogniscent of its limitations. Manipulating
images within the printing system is fraught as far as I am concerned.

Curt informatively posted:

  https://lists.debian.org/debian-user/2019/01/msg00447.html

A twist with the page he refers to is that getting the whole page with a
right click is not possible at this site.
 
> > > The landscape mode changes the output from a very tall image printed
> > > on a portrait page to the same image printed across it instead,
> > > reducing the scale by the golden proportion.
> > > 
> > > > 'lp -d.' benefits from fiddling with the scaling= option and from
> > > > orientation-requested=4.
> > > 
> > > This gets very involved. Having tried feeding convert with the image,
> > > I see that it can produce a pretty faithful PDF which suffers only
> > > from the usual problem of being overtall.
> > 
> > Printing from Firefox is hardly involved. Basically, choose the scaling.
> > Forget about lp; most people never use it directly.
> 
> Well, I couldn't see any scaling options in lp except fit-to-page
> which would be fighting what one is trying to do.

CUPS itself has removed or deprecated such options:

  https://github.com/apple/cups/issues/4010

It is cups-filters which carries the flag now.

> > > If I was going to indulge in this very often (which I'm not) I think
> > > it would be worth writing a script to run convert on page-size slices
> > > of the image, outputting them as PDFs, and collate them into a
> > > conventional multipage document with pdftk. It would be fairly simple
> > > to compute the y-size by ratioing the x-size according to the paper
> > > regime, and even allow for some overlap between pages (because one
> > > doesn't know where to slice in between lines of text).
> > 
> > Sounds more involved than using lp.
> 
> I've found that the package posterazor can split the FF image and,
> trying it out, it seemed to be able to fit-to-width. It can also
> yield overlapping pages so you don't get lines of print split across
> pages as with your method.
> 
> But again, if I were having to do this regularly, I would prefer to
> write a script rather than have to go through its 5-step interactive
> dialogue on each occasion. Most of the degrees of freedom given by
> posterazor are unnecessary because the values can all be computed

An ordinary user shouldn't have to do this. OTOH, an ordinary user
should not feel it is acceptable to impute motives and spread false
information. A skilled user (such as the starter of this sub-thread)
could have copied and pasted or used 'lynx -dump ." to get what
was wanted.

It's a pain, But needs must on occasion.

-- 
Brian.

RE: [OT] Sustituir texto en un fichero con SED.

[Ramses]

-Mensaje original-
De: Ramses [mailto:ramses.sevi...@gmail.com] 
Enviado el: jueves, 3 de enero de 2019 13:08
Para: debian-user-spanish@lists.debian.org
Asunto: Re: [OT] Sustituir texto en un fichero con SED.

El 3 de enero de 2019 12:58:34 CET, Matias Mucciolo  
escribió:
>
>On Wednesday, January 2, 2019 10:24:03 PM -03 Ramses wrote:
>> El 2 de enero de 2019 20:14:50 CET, Ramses 
>
>escribió:
>> >El 2 de enero de 2019 20:03:31 CET, Matias Mucciolo
>> >
>> > escribió:
>> >>On Wednesday, January 2, 2019 7:53:42 PM -03 Ramses wrote:
>> >>> El 2 de enero de 2019 19:44:38 CET, Matias Mucciolo
>> >>
>> >> escribió:
>> >>> >> On Wednesday, January 2, 2019 6:39:15 PM -03 Ramses wrote:
>> >>> >> > Hola a tod@s y feliz año...
>> >>> >> > 
>> >>> >> > Tengo un fichero de texto con líneas, entre otras tantas,
>que
>> >>> >
>> >>> >comienzan
>> >>> >
>> >>> >> > con:
>> >>> >> > 
>> >>> >> > # P1 =
>> >>> >> > # P12 =
>> >>> >> > # P123 =
>> >>> >> > # P1234 =
>> >>> >> > 
>> >>> >> > Donde cada dígito es variable entre 0 y 9, es decir, lo
>mismo
>> >
>> >te
>> >
>> >>> >> > encuentras
>> >>> >> > un '# P8' que un '# P5487', pero también te encuentras con
>> >>
>> >>líneas
>> >>
>> >>> >que
>> >>> >
>> >>> >> > empiezan por '# P pepito'.
>> >>> >> > 
>> >>> >> > Me gustaría saber si hay forma de cambiar con SED todas las
>> >>
>> >>líneas
>> >>
>> >>> >que
>> >>> >
>> >>> >> > comienzan por:
>> >>> >> > 
>> >>> >> > # P1 =
>> >>> >> > # P12 =
>> >>> >> > # P123 =
>> >>> >> > # P1234 =
>> >>> >> > 
>> >>> >> > Y dejarlas comenzando así:
>> >>> >> > 
>> >>> >> > P1 =
>> >>> >> > P12 =
>> >>> >> > P123 =
>> >>> >> > P1234 =
>> >>> >> > 
>> >>> >> > Claro, manteniendo el resto de líneas del fichero tal cual
>> >>
>> >>están,
>> >>
>> >>> >por
>> >>> >
>> >>> >> > ejemplo, las que comienzan por  y el resto.
>> >>> >> > 
>> >>> >> > 
>> >>> >> > Saludos y gracias,
>> >>> >> > 
>> >>> >> > Ramsés
>> >>> >> 
>> >>> >> Buenas Ramses
>> >>> >> 
>> >>> >> si esta todo bien como dijiste y tenes exactamente esas lineas
>> >>> >> con el siguiente sed podes "descomentar" las lineas
>> >>> >> que empiezas con "# PN" siendo N un numero del 0-9
>> >>> >> 
>> >>> >> sed:
>> >>> >> 
>> >>> >> sed '/P[0-9]/s/# //g'
>> >>> >> 
>> >>> >> ejemplo la linea '# P pepito' no se modifica...
>> >>> >> probalo y cualquier duda pregunta.
>> >>> >> o pone las lineas exactamente como son y cual falla..
>> >>> >> 
>> >>> >> saludos.
>> >>> >> Matias.-
>> >>> >
>> >>> >acomodo el sed se me paso la parte de "empieza por bla"
>> >>> >
>> >>> >sed '/^# P[0-9]/s/# //g'
>> >>> >
>> >>> >ahora si ...
>> >>> >saludos
>> >>> >Matias.
>> >>> 
>> >>> Ha, bien, te estaba contestando a tu correo para comentarte que
>si
>> >
>> >no
>> >
>> >>> faltaba el ^.
>> >>> 
>> >>> Ahora, está línea (sed '/^# P[0-9]/s/# //g') sustituiría las
>líneas
>> >>
>> >>que
>> >>
>> >>> comienzan, por ejemplo, por '# P8', pero como he comentado, ¿y
>para
>> >>
>> >>las
>> >>
>> >>> líneas que comienzan por '# P65', '# P756' o '# P 6548'?
>> >>> 
>> >>> Es decir, las líneas pueden comenzar desde '# PN =' hasta '#
>P
>> >>
>> >>='.
>> >>
>> >>> Saludos y gracias,
>> >>> 
>> >>> Ramsés
>> >>
>> >>Mientras no tengan espacio, es decir, '# P N' (que veo en tu
>pregunta
>> >>'# P 6548' ) serviria desde '# PN'  hasta  '# PNN(...)'
>> >>infinito.
>> >>
>> >>ahora si hay espacio...lo mas facil es correr este comando
>> >>y una segunda pasada con este otro:
>> >>
>> >>sed '/^# P [0-9]/s/# //g'
>> >>
>> >>y con esas dos pasadas se solucionaria.
>> >>
>> >>ejemplo:
>> >>
>> >>$ cat aa
>> >># P1 =
>> >># P12 =
>> >># P123 =
>> >># P1234 =
>> >># P31234 =
>> >># P pepito =
>> >># P 6548 =
>> >>$
>> >>$ cat aa | sed '/^# P[0-9]/s/# //g' | sed '/^# P [0-9]/s/# //g'
>> >>P1 =
>> >>P12 =
>> >>P123 =
>> >>P1234 =
>> >>P31234 =
>> >># P pepito =
>> >>P 6548 =
>> >>
>> >>
>> >>
>> >>Saludos.
>> >>Matias
>> >
>> >No, no, Matías, los números están pegados a la P, no hay espacios.
>> >
>> >
>> >Saludos,
>> >
>> >Ramsés
>> 
>> Bien, Matías, muchas gracias, creo que este tema solucionado...
>> 
>> Con comando:
>> 
>> sed '/^# P[0-9]/s/# //g' fichero-A.txt > fichero-A-LIMPIO.txt
>> 
>> Genero el mismo "fichero-A.txt" con todas las líneas que comenzaban
>con "#
>> P" cambiadas por "P".
>> 
>> Ahora tengo que hacer otra cosa que no sé si se podrá hacer con SED o
>habrá
>> que usar otro comando.
>> 
>> Por ejemplo, tengo el "fichero-A-LIMPIO.txt" que contiene:
>> 
>> fichero-A-LIMPIO.txt
>> 
>> P2315 = 7
>> P6 = manolo
>> P35 = www.jose.com
>> 
>> Y tengo un "fichero-B.txt" que contiene:
>> 
>> fichero-B.txt
>> 
>> P2315=38
>> P6=paco
>> P35=1.2.3.4
>> 
>> Ahora tendría que buscar, por ejemplo, cada una de las líneas P
>del
>> "fichero-A-LIMPIO.txt", buscarlas en el "fichero-B.txt' y sustituir
>la
>> línea del "fichero-A-LIMPIO.txt" por la que aparece en el
>"fichero-B.txt".
>> 
>> Por ejemplo, buscar la línea 'P2315 = 

Re: Réseau : accès VPN et LAN simultanés

[roger . tarani]

- Original Message -
From: "Pascal Hambourg" 
To: debian-user-french@lists.debian.org
Sent: Wednesday, January 9, 2019 7:49:45 PM
Subject: Re: Réseau : accès VPN et LAN simultanés

Le 09/01/2019 à 08:35, roger.tar...@free.fr a écrit :
> 
> MACHINE 1
> 
> $ ip route
> default via FREEBOX_IP dev tun0# correspond à freeplayer.freebox.fr
> default via FREEBOX_IP dev tun0  proto static  metric 1024

Bizarre qu'il y ait deux routes par défaut pour le tunnel, mais passons.

Que représente FREEBOX_IP ?

Réponse :
correspond à freeplayer.freebox.fr (212.27.38.253)
De cette page web tu peux entrer l'adresse de ta box si tu l'as configurée pour 
t'y connecter à distance (https://monbidule.freeboxos.fr:40870) .



> FREEBOX_IP_PUBLIQUE via LAN_GATEWAY_IP dev eth0

Que représente FREEBOX_IP_PUBLIQUE ? Normalement ça devrait être 
l'adresse IP publique du serveur VPN.

Réponse :
C'est "l'IP publique de la box" utilisée par les clients VPN (visible dans le 
fichier de conf client openvpn). Donc, oui c'est l'IP publique du serveur VPN.


> 192.168.0.0/24 dev eth0  proto kernel  scope link  src LAN_CLIENT_IP1  # 
> IP_LAN est en 192.168.
> IP_VPN_CLIENT/27 via FREEBOX_IP dev tun0
> FREEBOX_IP dev tun0  proto kernel  scope link  src VPN_CLIENT_IP1

> $ iptables-save
> bash: iptables-save: command not found

Il faut l'exécuter en tant que root.

Réponse :
hum.. oui ! 
Sur cette machine, exécuter en root n'est pas exigé car l'utilisateur a /sbin 
dans son PATH et accède donc directement à itables-save.
c'est un RPi3b en Raspbian8, et d'ailleurs c'est configuré d'office.


> MACHINE 2
> 
> $ ip route
> default via FREEBOX_IP dev tun0
> FREEBOX_IP_PUBLIQUE via LAN_GATEWAY_IP dev eth0
> 192.168.0.0/24 via FREEBOX_IP dev tun0

Cette route est erronée. Elle ne devrait pas exister et est la cause 
probable de la perte de connectivité entre les deux machines : celle-ci 
croit que l'autre est joignable via le VPN, mais le serveur de VPN ne 
route pas ce préfixe.

Si elle est mise en place par l'ouverture du VPN, il faut rechercher 
quelle est l'option erronée qui la crée dans la configuration VPN du 
client (route) ou du serveur (push).

Réponse : 
ce résultat de ip route correspond à une situation avec connectivité via VPN ou 
via LAN entre les 2 machines.
 
J'ai fait un test en modifiant /etc/network/interfaces
où j'ai commenté les directives (optionnelles) qui sont absentes de l'autre 
machine qui 
# gateway 192.168.0.1
# network 192.168.0.1
# broadcast 192.168.0.255

ça ne change rien

J'ai refait ip route avec/sans VPN :

MACHINE 2
avecVPN
$ ip route   
default via FREEBOX_IP dev tun0
FREEBOX_IP_PUBLIQUE via 192.168.0.1 dev eth0

192.168.0.0/24 via 192.168.0.1 dev eth0 
  
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.101  metric 
202  
IP_VPN_CLIENT2/27 via FREEBOX_IP dev tun0   
FREEBOX_IP dev tun0  proto kernel  scope link  src 192.168.27.70  

sans VPN
$ ip route  
default via 192.168.0.1 dev eth0
 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.101  metric 
202 

Je ne peux pas couper eth0 (sudo ifdown eth0) pour avoir juste le vpn, 
puisqu'il passe par ce seul tuyau ethernet. Et donc ça va tout couper même le 
lien vpn.
D'ailleurs, est-ce possible ? 
Et est-ce pertinent ?

En même temps, le client vpn ne gère-il pas son affaire grâce à la directive 
ajouté au fichier de conf ? (route 192.168.40.0 255.255.255.0 net_gateway)


> 192.168.0.0/24 dev eth0  proto kernel  scope link  src LAN_CLIENT_IP2  metric 
> 202
> IP_VPN_CLIENT2/27 via FREEBOX_IP dev tun0
> FREEBOX_IP dev tun0  proto kernel  scope link  src VPN_CLIENT_IP2
> 
> $ iptables-save
> # rien

Re: Help figuring out what is causing this log entry

[Kelvin Jones]

Thank you for your response. I cannot find anything on how to fix “deref”, so i 
can get rid of these log entries. Anyone have an answer on this?

Kelvin

> On Jan 7, 2019, at 2:57 PM, Dan Ritter  wrote:
> 
> Kelvin Jones wrote: 
>> My syslog is being filled up with 
>> 
>> Jan  7 00:10:06 magpie slapd[9168]: slap_global_control: unrecognized 
>> control: 1.3.6.1.4.1.4203.666.5.16
>> Jan  7 00:10:06 magpie slapd[9168]: slap_global_control: unrecognized 
>> control: 1.3.6.1.4.1.4203.666.5.16
>> Jan  7 00:10:06 magpie slapd[9168]: slap_global_control: unrecognized 
>> control: 1.3.6.1.4.1.4203.666.5.16
>> Jan  7 00:10:06 magpie slapd[9168]: slap_global_control: unrecognized 
>> control: 1.3.6.1.4.1.4203.666.5.16
>> 
>> What is causing this? I have googled this log entry a number of times but 
>> have found no solution. We are running Debian nine.
>> 
> 
> slapd is an LDAP directory/authentication server. 
> 
> 1.3.6.1.4.1.4203.666.5.16 is the identifier for a control called
> "deref".
> 
> slapd is probably looking for an overlay called slapo-deref.
> 
> I don't know much more than that.
> 
> -dsr-

Re: Taming the "lsblk" command

[David Wright]

On Wed 09 Jan 2019 at 16:13:19 (+), mick crane wrote:
> On 2019-01-09 14:14, David Wright wrote:
> > On Wed 09 Jan 2019 at 13:54:45 (+), Curt wrote:
> > > On 2019-01-09, rhkra...@gmail.com  wrote:
> > > > On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:
> > > >> On 9/01/19 6:04 PM, Jude DaShiell wrote:
> > > >> > lsblk -l -o name,label | sort | script
> > > >>
> > > >> lsblk -ln -o name,label |sort | 

Re: Why choose Debian on server

[David Wright]

On Mon 07 Jan 2019 at 23:51:36 (+), Brian wrote:
> On Mon 07 Jan 2019 at 14:37:30 -0600, David Wright wrote:
> > On Mon 07 Jan 2019 at 18:21:07 (+), Brian wrote:
> > > On Sun 06 Jan 2019 at 18:13:58 -0600, David Wright wrote:
> > > 
> > > [...]
> > > 
> > > > BTW if this Screenshot method is meant to yield a "printable"
> > > > document, I haven't yet figured out how to print it sensibly.
> > > > $ lp -d PDF very-long-image.png   gives me the image on one page,
> > > > and looks, as it happens, like the sort of output that FF sometimes
> > > > gives when printing articles: a narrow column of minute text.
> > > 
> > > To nitpick, the claim was that the Raspberry Pi Stack Exchange page
> > > was printable. Whether the marks on paper satisfied a user in all
> > > regards wasn't touched on until now.
> > 
> > I think it's reasonable to demand a certain level of legibility.
> 
> Indeed. That is why I am looking at printouts from Firefox and lp which
> nobody with reasonable eyesight would have any trouble reading.
> 
> > > For me, printing the screen image obtained from my chosen page from
> > > the Print Preview of FireFox gave an acceptable output with a Custom
> > > Scale. It helped to choose Landscape mode.

I think I see what you're doing now: you take the snapshot in FF, then
open the snapshot in FF again and then use Print Preview to set the
scaling factor before you print it.

> > The landscape mode changes the output from a very tall image printed
> > on a portrait page to the same image printed across it instead,
> > reducing the scale by the golden proportion.
> > 
> > > 'lp -d.' benefits from fiddling with the scaling= option and from
> > > orientation-requested=4.
> > 
> > This gets very involved. Having tried feeding convert with the image,
> > I see that it can produce a pretty faithful PDF which suffers only
> > from the usual problem of being overtall.
> 
> Printing from Firefox is hardly involved. Basically, choose the scaling.
> Forget about lp; most people never use it directly.

Well, I couldn't see any scaling options in lp except fit-to-page
which would be fighting what one is trying to do.

> > If I was going to indulge in this very often (which I'm not) I think
> > it would be worth writing a script to run convert on page-size slices
> > of the image, outputting them as PDFs, and collate them into a
> > conventional multipage document with pdftk. It would be fairly simple
> > to compute the y-size by ratioing the x-size according to the paper
> > regime, and even allow for some overlap between pages (because one
> > doesn't know where to slice in between lines of text).
> 
> Sounds more involved than using lp.

I've found that the package posterazor can split the FF image and,
trying it out, it seemed to be able to fit-to-width. It can also
yield overlapping pages so you don't get lines of print split across
pages as with your method.

But again, if I were having to do this regularly, I would prefer to
write a script rather than have to go through its 5-step interactive
dialogue on each occasion. Most of the degrees of freedom given by
posterazor are unnecessary because the values can all be computed.

Cheers,
David.

Re: Réseau : accès VPN et LAN simultanés

[Pascal Hambourg]

Le 09/01/2019 à 18:10, Jérémy Prego a écrit :

Le 09/01/2019 à 14:05, roger.tar...@free.fr a écrit :

Avec traceroute :
MACHINE 2
  1  freeplayer.freebox.fr (FREEPLAYER)  39.753 ms  39.531 ms  39.427 ms
  2  freeplayer.freebox.fr (FREEPLAYER)  3139.230 ms !H  3139.549 ms !H  
3139.457 ms !H


ce traceroute n'est pas bon.


Normal et prévisible. Cette "solution" est sous-optimale. La route 
normale devrait être directe, sans next hop, mais l'option que tu as 
suggérée impose le routeur du réseau comme next hop, ce qu'on voit dans 
le traceroute.

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

[David Christensen]

On 1/9/19 6:05 AM, Kynn Jones wrote:

I am looking for software to symmetric-encrypt large numbers of files on
disk (terabytes' worth of data), and would appreciate some advice.

My basic requirements:

- It should be open source and no-cost (though, since I'm asking this
question here, this goes without saying);
- I should be able to program scripts (shell, Python, Perl, or Ruby) to
run this software without human intervention; this rules out tools that are
designed for interactive use.
- It should be stable; I should be able to decrypt encrypted files that
were encrypted several years earlier; (how much earlier?  hard to say;
let's say 10 years, as a rough ballpark)

In addition, the following would be nice:

- good documentation;
- good performance;
- bindings for a high-level language (preferably Python).

The only encryption tool I have used for encrypting files on my hard drive
is gpg2, which I have used for small, interactive encryption tasks
(half-dozen files, at most).

Therefore, my initial attempt was to use gpg2 for this new bulk-encryption
task, but I found myself constantly fighting with it, and finally had to
recognize that I was trying to use gpg2 for something it is not primarily
designed for.  (I am also a bit concerned with gpg2's future stability.
AFAICT, It's design has varied significantly over the years, and as a
result there's a lot of confusion on its use.  That has been my experience,
in any case.)

So I am back to square one.

I stress that I am interested only in symmetric encryption.  The issues
that asymmetric encryption addresses are not at all part of the problem I
am dealing with, and therefore I don't want to have to deal with the
complexities of asymmetric encryption.

What Debian packages would you recommend?

Many thanks in advance!

kj


I use the ccrypt(1) suite for encrypting files using only a password 
(e.g. not PKI).  I wrap the CLI tools with Bash and/or Perl scripts to 
automate repetitive tasks (Python, Ruby, and other scripting languages 
should also work).  It is available via the Debian package 'ccrypt'.


http://ccrypt.sourceforge.net/


David

Re: Réseau : accès VPN et LAN simultanés

[Pascal Hambourg]

Le 09/01/2019 à 08:35, roger.tar...@free.fr a écrit :


MACHINE 1

$ ip route
default via FREEBOX_IP dev tun0# correspond à freeplayer.freebox.fr
default via FREEBOX_IP dev tun0  proto static  metric 1024


Bizarre qu'il y ait deux routes par défaut pour le tunnel, mais passons.

Que représente FREEBOX_IP ?


FREEBOX_IP_PUBLIQUE via LAN_GATEWAY_IP dev eth0


Que représente FREEBOX_IP_PUBLIQUE ? Normalement ça devrait être 
l'adresse IP publique du serveur VPN.



192.168.0.0/24 dev eth0  proto kernel  scope link  src LAN_CLIENT_IP1  # IP_LAN 
est en 192.168.
IP_VPN_CLIENT/27 via FREEBOX_IP dev tun0
FREEBOX_IP dev tun0  proto kernel  scope link  src VPN_CLIENT_IP1



$ iptables-save
bash: iptables-save: command not found


Il faut l'exécuter en tant que root.


MACHINE 2

$ ip route
default via FREEBOX_IP dev tun0
FREEBOX_IP_PUBLIQUE via LAN_GATEWAY_IP dev eth0
192.168.0.0/24 via FREEBOX_IP dev tun0


Cette route est erronée. Elle ne devrait pas exister et est la cause 
probable de la perte de connectivité entre les deux machines : celle-ci 
croit que l'autre est joignable via le VPN, mais le serveur de VPN ne 
route pas ce préfixe.


Si elle est mise en place par l'ouverture du VPN, il faut rechercher 
quelle est l'option erronée qui la crée dans la configuration VPN du 
client (route) ou du serveur (push).



192.168.0.0/24 dev eth0  proto kernel  scope link  src LAN_CLIENT_IP2  metric 
202
IP_VPN_CLIENT2/27 via FREEBOX_IP dev tun0
FREEBOX_IP dev tun0  proto kernel  scope link  src VPN_CLIENT_IP2

$ iptables-save
# rien

Re: Réseau : accès VPN et LAN simultanés

[roger . tarani]

- Original Message -
From: "Jérémy Prego" 
To: debian-user-french@lists.debian.org
Sent: Wednesday, January 9, 2019 6:10:02 PM
Subject: Re: Réseau : accès VPN et LAN simultanés

Le 09/01/2019 à 14:05, roger.tar...@free.fr a écrit :
>   Avec traceroute :
> MACHINE 2
>  1  freeplayer.freebox.fr (FREEPLAYER)  39.753 ms  39.531 ms  39.427 ms
>  2  freeplayer.freebox.fr (FREEPLAYER)  3139.230 ms !H  3139.549 ms !H  
> 3139.457 ms !H
>
ce traceroute n'est pas bon.
> Problème résolu. 

tant mieux si c'est résolu, mais le traceroute n'est pas convainquant

Réponse :
Le traceroute communiqué pour les deux machines est celui indiqué SANS la 
configuration salvatrice côté client openvpn ("on visualise le cas où il y a 
blocage entre les 2 machines via le LAN").

AVEC la bonne config, le traceroute montre juste un saut :
$ traceroute IP_machine2
traceroute to IP_machine2 (IP_machine2), 30 hops max, 60 byte packets
 1  IP_machine2 (IP_machine2)  5.358 ms  5.654 ms  5.677 ms

Idem depuis l'autre machine.


> PS : une question de sécurité qui devrait intéresser les gens, je crois :
> Est-il normal que l'adresse IP d'une machine du LAN soit visible depuis un 
> site internet auquel elle se connecte par un navigateur ??
> On la lit en clair, par exemple avec 
> http://www.whatsmyip.org/more-info-about-you/ qui fournit d'abord (et c'est 
> normal) l'adresse IP publique du réseau (de la Box).

> l'adresse privé de la machine est visible parce que ton navigateur utilise la 
> technologie webRTC. 

> Est-ce un danger ?

Je ne sais pas vraiment.

Réponse :
Test : sans VPN, http://www.whatsmyip.org/more-info-about-you/ voit l'adresse 
IP de la machine sur le LAN.
Cette situation me choque. Peux-tu/pouvez-vous essayer avec votre machine pour 
voir si votre IP LAN "fuit" ?

> Si oui, y a-t-il une solution ? (tiens, là je sens que l'on va me parler de 
> FW que je devrais configurer...)

désactivvé WebRTC ? mais c'est pas forcément une bonne idée si des services 
l'utilisent

Réponse :
Je n'utilise pas webRTC, mais il est utilisé à mon insu.
Je viens d'installer l'extension FF Disable WebRTC  et, ô joie, whatsmyip ne 
voit plus l'IP LAN :
Internal LAN IP: Local IP address is not supported in this browser 

Notez que noscript n'empêchait pas l'IP LAN d'être lue.

Je suis en train de plancher sur Securing Debian Manual ( 
https://www.debian.org/doc/manuals/securing-debian-howto/ ). Je veux tout 
passer au crible. Et je sens que je vais découvrir un tas de fissures de ce 
genre dans mon système.

Avant que j'ai fait le tour de la sécurité d'une machine Debian, 
y a-t-il d'autres choses évidentes (comme WebRTC) à vérifier ?
Déjà au niveau du navigateur qui expose beaucoup la machine au monde extérieur

Merci


Jerem
>
> - Original Message -
> From: "Eric Degenetais" 
> To: "roger tarani" 
> Cc: "ML Debian User French" 
> Sent: Wednesday, January 9, 2019 10:10:47 AM
> Subject: Re: Réseau : accès VPN et LAN simultanés
>
> bonjour,
> Le mer. 9 janv. 2019 à 09:22,  a écrit :
>> Je vais essayer. C'est simple, une ligne.
>>
>> A part constater que la communication fonctionne entre elles via le LAN 
>> lorsque les machines sont aussi reliées au VPN, quel outil SIMPLE utiliser 
>> pour vérifier les liens et les flux ?
>> Je connais un peu nmap mais c'est de la grosse artillerie (pour moi). Ce pb 
>> réseau est l'occasion de se mettre à jour.
>>
> pourquoi ne pas commencer par un simple traceroute tout con ?
>> Bonne journée
>>
>> - Original Message -
>> From: "Jérémy Prego" 
>> To: debian-user-french@lists.debian.org
>> Sent: Wednesday, January 9, 2019 8:47:07 AM
>> Subject: Re: Réseau : accès VPN et LAN simultanés
>>
>>
>>
>> Le 09/01/2019 à 07:25, Pascal Hambourg a écrit :
>>> Le 09/01/2019 à 02:35, Jérémy Prego a écrit :
 Le 09/01/2019 à 02:23, roger.tar...@free.fr a écrit :

> J'ai un petit blocage sur un sujet de réseau :
> Openvpn client est installé sur 2 machiness Jessie qui sont sur le
> même LAN.
> Le serveur est dans un lieu différent.
> Dès que la connexion vpn est demarrée, impossible de communiquer via
> le LAN entre les deux machines. Seule l'adresse IP du VPN est
> accessible.
> C'est surtout gênant pour les gros transferts de fichiers.
>>> Peux-tu poster la table de routage et le jeu de règles iptables des
>>> deux machines lorsqu'elles sont connectées au VPN ?
>>>
>>> ip route
>>> iptables-save
>>>
 dans le fichier openvpn sur les clients ou sur le serveur

 client:
 route 192.168.40.0 255.255.255.0 net_gateway
>>> En quoi est-ce censé répondre au besoin ?
>>> Je ne pense pas que Roger souhaite que les communications entre les
>>> deux machines passent par le VPN (cf. phrase sur le transfert de gros
>>> fichiers).
>>>
>> ça tombe bien, c'est le but de net_gateway par oposition a l'option
>> vpn_gateway.
>>
>> Jerem
>>
> Éic Dégenètais
>

Re: Debian booting into initramfs shell

[deloptes]

Thomas Schweikle wrote:

> Did you read my post? /dev/sd* are missing, but modules are loaded!
> 
you mean modules for the disks?

> Looks like /dev/sd* entries are not created.

is udev OK?

Re: Debian booting into initramfs shell

[Michael Wagner]

On Jan 09, 2019 at 16:56:05, Thomas Schweikle wrote:
> On 09.01.2019 14:00, songbird wrote:
> > Thomas Schweikle wrote:
> >>
> >> Since latest upgrades debian boots into initramfs shell:
> >>
> >> Gave up Waiting for suspend/resum device
> >> Gave up waiting for root file system device. Gommon problems:
> >> ...
> >>
> >> ALERT! UUID=c92b... does not exist.
> >> Dropping to a shell!
> >>
> >> Looking at devices, none exist: /dev/sda* are all missing.
> >> Looking at loaded drivers/modules: all required are loaded.
> >>
> >> Booting into rescue mode with the very same kernel/initrd works:
> >> devices are there, modules are loaded, file systems are accessible.
> >>
> >> Any idea how to solve this problem, when none of the kernels available
> >> boots into multiuser? And only the rescue system is working?
> > 
> >   Debian stable, testing or unstable or ?
> > and what hardware setup?
> 
> testing, then checked unstable -- same.
> stable does work as expected.

Look here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908796

Hth Michael

-- 
Procrastination: The art of keeping up with yesterday.


signature.asc
Description: PGP signature

Re: Mediatek 802.11ac USB devices in kernel 4.19

[deloptes]

Miguel A. Vallejo wrote:

> Some time ago I read the kernel 4.19 include support for some Mediatek
> 802.11ac USB devices. When I saw the kernel 4.19 arrived into
> unstable/testing I ordered one of these devices.
> 
> The device arrived but it does not work at all. A quick look at the
> kernel configuration shows those modules are not compiled in the
> Debian kernel:
> 
> grep -i mt76x /boot/config-4.19.0-1-amd64
> 
> # CONFIG_MT76x0U is not set
> # CONFIG_MT76x2E is not set
> # CONFIG_MT76x2U is not set
> 
> I noticed there is an open bug about this:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918331
> 
> Meanwhile, is there a quick way to compile only those modules and
> install them in a working kernel?

I don't know for sure - it depends, but I do make deb-pkg after
configuration and install the packages. You have the source download and
compile - depends on pc speed may take some time.


regards

Re: Réseau : accès VPN et LAN simultanés

[Jérémy Prego]

Le 09/01/2019 à 14:05, roger.tar...@free.fr a écrit :
>   Avec traceroute :
> MACHINE 2
>  1  freeplayer.freebox.fr (FREEPLAYER)  39.753 ms  39.531 ms  39.427 ms
>  2  freeplayer.freebox.fr (FREEPLAYER)  3139.230 ms !H  3139.549 ms !H  
> 3139.457 ms !H
>
ce traceroute n'est pas bon.
> Problème résolu. 

tant mieux si c'est résolu, mais le traceroute n'est pas convainquant
> PS : une question de sécurité qui devrait intéresser les gens, je crois :
> Est-il normal que l'adresse IP d'une machine du LAN soit visible depuis un 
> site internet auquel elle se connecte par un navigateur ??
> On la lit en clair, par exemple avec 
> http://www.whatsmyip.org/more-info-about-you/ qui fournit d'abord (et c'est 
> normal) l'adresse IP publique du réseau (de la Box).

> l'adresse privé de la machine est visible parce que ton navigateur utilise la 
> technologie webRTC. 

> Est-ce un danger ?

Je ne sais pas vraiment.

> Si oui, y a-t-il une solution ? (tiens, là je sens que l'on va me parler de 
> FW que je devrais configurer...)

désactivvé WebRTC ? mais c'est pas forcément une bonne idée si des
services l'utilisent

Jerem
>
> - Original Message -
> From: "Eric Degenetais" 
> To: "roger tarani" 
> Cc: "ML Debian User French" 
> Sent: Wednesday, January 9, 2019 10:10:47 AM
> Subject: Re: Réseau : accès VPN et LAN simultanés
>
> bonjour,
> Le mer. 9 janv. 2019 à 09:22,  a écrit :
>> Je vais essayer. C'est simple, une ligne.
>>
>> A part constater que la communication fonctionne entre elles via le LAN 
>> lorsque les machines sont aussi reliées au VPN, quel outil SIMPLE utiliser 
>> pour vérifier les liens et les flux ?
>> Je connais un peu nmap mais c'est de la grosse artillerie (pour moi). Ce pb 
>> réseau est l'occasion de se mettre à jour.
>>
> pourquoi ne pas commencer par un simple traceroute tout con ?
>> Bonne journée
>>
>> - Original Message -
>> From: "Jérémy Prego" 
>> To: debian-user-french@lists.debian.org
>> Sent: Wednesday, January 9, 2019 8:47:07 AM
>> Subject: Re: Réseau : accès VPN et LAN simultanés
>>
>>
>>
>> Le 09/01/2019 à 07:25, Pascal Hambourg a écrit :
>>> Le 09/01/2019 à 02:35, Jérémy Prego a écrit :
 Le 09/01/2019 à 02:23, roger.tar...@free.fr a écrit :

> J'ai un petit blocage sur un sujet de réseau :
> Openvpn client est installé sur 2 machiness Jessie qui sont sur le
> même LAN.
> Le serveur est dans un lieu différent.
> Dès que la connexion vpn est demarrée, impossible de communiquer via
> le LAN entre les deux machines. Seule l'adresse IP du VPN est
> accessible.
> C'est surtout gênant pour les gros transferts de fichiers.
>>> Peux-tu poster la table de routage et le jeu de règles iptables des
>>> deux machines lorsqu'elles sont connectées au VPN ?
>>>
>>> ip route
>>> iptables-save
>>>
 dans le fichier openvpn sur les clients ou sur le serveur

 client:
 route 192.168.40.0 255.255.255.0 net_gateway
>>> En quoi est-ce censé répondre au besoin ?
>>> Je ne pense pas que Roger souhaite que les communications entre les
>>> deux machines passent par le VPN (cf. phrase sur le transfert de gros
>>> fichiers).
>>>
>> ça tombe bien, c'est le but de net_gateway par oposition a l'option
>> vpn_gateway.
>>
>> Jerem
>>
> Éic Dégenètais
>

Re: Taming the "lsblk" command

[Curt]

On 2019-01-09, Richard Owlett  wrote:
> On 01/09/2019 08:14 AM, David Wright wrote:
>> On Wed 09 Jan 2019 at 13:54:45 (+), Curt wrote:
>>> On 2019-01-09, rhkra...@gmail.com  wrote:
 On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:
> On 9/01/19 6:04 PM, Jude DaShiell wrote:
>> lsblk -l -o name,label | sort | script
>
> lsblk -ln -o name,label |sort | 

Re: Debian booting into initramfs shell

[Thomas Schweikle]

On 09.01.2019 15:20, Stefan Krusche wrote:
> Am Mittwoch, 9. Januar 2019 schrieb Thomas Schweikle:
>> Hi!
>>
>> Since latest upgrades debian boots into initramfs shell:
>>
>> Gave up Waiting for suspend/resum device
>> Gave up waiting for root file system device. Gommon problems:
>> ...
>>
>> ALERT! UUID=c92b... does not exist.
>> Dropping to a shell!
> 
> Have you checked your grub configuration for "UUID=c92b..." ?

Did you read my post? /dev/sd* are missing, but modules are loaded!

Looks like /dev/sd* entries are not created.


-- 
Thomas

Re: Debian booting into initramfs shell

[Thomas Schweikle]

On 09.01.2019 14:00, songbird wrote:
> Thomas Schweikle wrote:
>> Hi!
>>
>> Since latest upgrades debian boots into initramfs shell:
>>
>> Gave up Waiting for suspend/resum device
>> Gave up waiting for root file system device. Gommon problems:
>> ...
>>
>> ALERT! UUID=c92b... does not exist.
>> Dropping to a shell!
>>
>> Looking at devices, none exist: /dev/sda* are all missing.
>> Looking at loaded drivers/modules: all required are loaded.
>>
>> Booting into rescue mode with the very same kernel/initrd works:
>> devices are there, modules are loaded, file systems are accessible.
>>
>> Any idea how to solve this problem, when none of the kernels available
>> boots into multiuser? And only the rescue system is working?
> 
>   Debian stable, testing or unstable or ?
> and what hardware setup?

testing, then checked unstable -- same.
stable does work as expected.


-- 
Thomas

Re: Taming the "lsblk" command

[mick crane]

On 2019-01-09 14:14, David Wright wrote:

On Wed 09 Jan 2019 at 13:54:45 (+), Curt wrote:

On 2019-01-09, rhkra...@gmail.com  wrote:
> On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:
>> On 9/01/19 6:04 PM, Jude DaShiell wrote:
>> > lsblk -l -o name,label | sort | script
>>
>> lsblk -ln -o name,label |sort | 

Re: Using mercurial with kdevelop

[Michael Wagner]

On Jan 09, 2019 at 15:06:57, Sébastien Kalt wrote:
 
> I'm trying KDevelop, and I'd like to use mercurial directly from KDevelop.
> 
> It seems to be possible, as said here : https://www.kdevelop.org/features
> 
> There's a small * explaining "Items marked with * might require an extra
> package to be installed on a Linux system. On Windows and in the Linux 
> AppImage
> we provide, they are included and enabled by default."
> 
> Ok, I need an extra package, but where do I get it and how do I install it ?

Hello Sébastien,

I don't use kdevelop neither mercurial, but google gave me this

https://github.com/KDE/kdev-mercurial

Hth Michael

-- 
Russian Express Card motto: Don't leave home!


signature.asc
Description: PGP signature

Re: taming lsblk command

[tomas]

On Wed, Jan 09, 2019 at 10:31:46AM -0500, Jude DaShiell wrote:
> On Wed, 9 Jan 2019, Jochen Spieker wrote:
> 
> > Date: Wed, 9 Jan 2019 10:17:50
> > From: Jochen Spieker 
> > To: debian-user@lists.debian.org
> > Subject: Re: taming lsblk command
> >
> > Jude DaShiell:
> > > what works over here:
> > > lsblk -n < /usr/bin/sort
> >
> > This command feeds the content of the file /usr/bin/sort into stdin of
> > lsblk. That does not make sense and I guess lsblk is just ignoring this
> > input.
> >
> > J.
> >
> Script started on Wed 09 Jan 2019 10:30:00 AM EST
> jude[~]$ lsblk -n < /usr/bin/sort
> sda  8:00 111.8G  0 disk
> ??sda1   8:10 111.8G  0 part /
> ??sda2   8:20  32.5M  0 part [SWAP]
> sdb  8:16   0  55.9G  0 disk
> ??sdb1   8:17   055G  0 part
> sr0 11:01  1024M  0 rom
> jude[~]$ exit
> exit
> 
> Script done on Wed 09 Jan 2019 10:30:50 AM EST

Still, I agree with Jochen here.

Lsblk just ignores its standard input (lucky you! -- who knows what
lurking bugs this unexpected input might tickle!). Your command
would do just the same without the < /usr/bin/sort.

With

  lsblk -n < /usr/bin/sort

you are feeding the contents of the /usr/bin/sort binary program to
lsblk's standard input.

Rather do:

  lsblk  | /usr/bin/sort 

or, typically:

  lsblk  | sort 

since /usr/bin *is* in your PATH (is it not? Complain to your sysadmin)
or (attention, bashism ahead!):

  sort <(lsblk)

(whitespaces matter here!), which will only work if your shell is bash,
but is the next resemblance to your command line above I could come
up with.

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: taming lsblk command

[Greg Wooledge]

On Wed, Jan 09, 2019 at 10:31:46AM -0500, Jude DaShiell wrote:
> jude[~]$ lsblk -n < /usr/bin/sort
> sda  8:00 111.8G  0 disk
> ??sda1   8:10 111.8G  0 part /
> ??sda2   8:20  32.5M  0 part [SWAP]
> sdb  8:16   0  55.9G  0 disk
> ??sdb1   8:17   055G  0 part
> sr0 11:01  1024M  0 rom

root@wooledg:/home/wooledg# lsblk -n 

Re: Taming the "lsblk" command

[Richard Owlett]

On 01/09/2019 08:14 AM, David Wright wrote:

On Wed 09 Jan 2019 at 13:54:45 (+), Curt wrote:

On 2019-01-09, rhkra...@gmail.com  wrote:

On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:

On 9/01/19 6:04 PM, Jude DaShiell wrote:

lsblk -l -o name,label | sort | script


lsblk -ln -o name,label |sort | 

Re: taming lsblk command

[Jude DaShiell]

On Wed, 9 Jan 2019, Jochen Spieker wrote:

> Date: Wed, 9 Jan 2019 10:17:50
> From: Jochen Spieker 
> To: debian-user@lists.debian.org
> Subject: Re: taming lsblk command
>
> Jude DaShiell:
> > what works over here:
> > lsblk -n < /usr/bin/sort
>
> This command feeds the content of the file /usr/bin/sort into stdin of
> lsblk. That does not make sense and I guess lsblk is just ignoring this
> input.
>
> J.
>
Script started on Wed 09 Jan 2019 10:30:00 AM EST
jude[~]$ lsblk -n < /usr/bin/sort
sda  8:00 111.8G  0 disk
??sda1   8:10 111.8G  0 part /
??sda2   8:20  32.5M  0 part [SWAP]
sdb  8:16   0  55.9G  0 disk
??sdb1   8:17   055G  0 part
sr0 11:01  1024M  0 rom
jude[~]$ exit
exit

Script done on Wed 09 Jan 2019 10:30:50 AM EST
-- 

Re: taming lsblk command

[Jude DaShiell]

It would if you had entered it backward.  Now I'm going to have to do a
typescript for you.
On Wed, 9 Jan 2019, Jochen Spieker wrote:

> Date: Wed, 9 Jan 2019 10:17:50
> From: Jochen Spieker 
> To: debian-user@lists.debian.org
> Subject: Re: taming lsblk command
>
> Jude DaShiell:
> > what works over here:
> > lsblk -n < /usr/bin/sort
>
> This command feeds the content of the file /usr/bin/sort into stdin of
> lsblk. That does not make sense and I guess lsblk is just ignoring this
> input.
>
> J.
>

-- 

Re: taming lsblk command

[Jochen Spieker]

Jude DaShiell:
> what works over here:
> lsblk -n < /usr/bin/sort

This command feeds the content of the file /usr/bin/sort into stdin of
lsblk. That does not make sense and I guess lsblk is just ignoring this
input.

J.
-- 
I enjoy shopping, eating, sex and doing jigsaw puzzles of idealised
landscapes.
[Agree]   [Disagree]
 


signature.asc
Description: PGP signature

re: taming lsblk command

[Jude DaShiell]

what works over here:
lsblk -n < /usr/bin/sort


-- 

Re: Taming the "lsblk" command

[David Wright]

On Wed 09 Jan 2019 at 07:51:31 (-0500), Felix Miata wrote:
> Jude DaShiell composed on 2019-01-09 06:48 (UTC-0500):
> 
> > Felix Miata wrote:
> 
> >> Jude DaShiell composed on 2019-01-09 00:04 (UTC-0500):
> 
> >>> lsblk -l -o name,label | sort | script
> 
> >> I tried exactly that on Buster multiple times, and always get the 
> >> following:
> 
> >> root@gb250:~# NAME  LABEL
> >> bash: NAME: command not found
> >> root@gb250:~# sda
> >> bash: sda: command not found
> >> root@gb250:~# sda10 k25p10deb10
> >> bash: sda10: command not found
> >> root@gb250:~# sda11 k25p11deb10fat
> >> bash: sda11: command not found
> ...
> >> root@gb250:~# sda8  k25p08s150
> >> bash: sda8: command not found
> >> root@gb250:~# sda9  k25p09s151
> >> bash: sda9: command not found
> >> root@gb250:~# sr0
> >> bash: sr0: command not found
> >> root@gb250:~# exit
> 
> > That can happen if bash doesn't find sort in its default binary
> > directory.  Could be pointing bash directly at sort will clear the
> > command not found error out of the output.
> 
> # cat /etc/debian_version
> buster/sid
> # which sort
> /usr/bin/sort
> # which script
> /usr/bin/script
> 
> Same result from:
> 
>   lsblk -l -o name,label | /usr/bin/sort | /usr/bin/script

You've attempted to run a shell using the output of lsblk as a series
of commands for it to execute.

Cheers,
David.

Mediatek 802.11ac USB devices in kernel 4.19

[Miguel A. Vallejo]

Hello.

Some time ago I read the kernel 4.19 include support for some Mediatek
802.11ac USB devices. When I saw the kernel 4.19 arrived into
unstable/testing I ordered one of these devices.

The device arrived but it does not work at all. A quick look at the
kernel configuration shows those modules are not compiled in the
Debian kernel:

grep -i mt76x /boot/config-4.19.0-1-amd64

# CONFIG_MT76x0U is not set
# CONFIG_MT76x2E is not set
# CONFIG_MT76x2U is not set

I noticed there is an open bug about this:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918331

Meanwhile, is there a quick way to compile only those modules and
install them in a working kernel?

Thank you.

Re: Debian booting into initramfs shell

[Stefan Krusche]

Am Mittwoch, 9. Januar 2019 schrieb Thomas Schweikle:
> Hi!
>
> Since latest upgrades debian boots into initramfs shell:
>
> Gave up Waiting for suspend/resum device
> Gave up waiting for root file system device. Gommon problems:
> ...
>
> ALERT! UUID=c92b... does not exist.
> Dropping to a shell!

Have you checked your grub configuration for "UUID=c92b..." ?

Kind regards,
Stefan

Re: Taming the "lsblk" command

[David Wright]

On Wed 09 Jan 2019 at 13:54:45 (+), Curt wrote:
> On 2019-01-09, rhkra...@gmail.com  wrote:
> > On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:
> >> On 9/01/19 6:04 PM, Jude DaShiell wrote:
> >> > lsblk -l -o name,label | sort | script
> >> 
> >> lsblk -ln -o name,label |sort | 

Mediatek 802.11ac USB devices in kernel 4.19

[Miguel A. Vallejo]

Hello.

Some time ago I read the kernel 4.19 include support for some Mediatek
802.11ac USB devices. When I saw the kernel 4.19 arrived into
unstable/testing I ordered one of these devices.

The device arrived but it does not work at all. A quick look at the kernel
configuration shows those modules are not compiled in the Debian kernel:

grep -i mt76x /boot/config-4.19.0-1-amd64

# CONFIG_MT76x0U is not set
# CONFIG_MT76x2E is not set
# CONFIG_MT76x2U is not set

I noticed there is an open bug about this:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918331

Meanwhile, is there a quick way to compile only those modules and install
them in a working kernel?

Thank you.

Using mercurial with kdevelop

[Sébastien Kalt]

Hi,

I was using emacs and mercurial from the command line to develop small
scripts in python.

I'm trying KDevelop, and I'd like to use mercurial directly from KDevelop.

It seems to be possible, as said here : https://www.kdevelop.org/features

There's a small * explaining "*Items marked with * might require an extra
package to be installed on a Linux system. On Windows and in the Linux
AppImage we provide, they are included and enabled by default."*

Ok, I need an extra package, but where do I get it and how do I install it ?

I found nothing in Kdevelop doc, nothing on kde.org.

Does anyone on this list have KDevelop and mercurial working together ?

Sébastien

Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files

[Kynn Jones]

I am looking for software to symmetric-encrypt large numbers of files on
disk (terabytes' worth of data), and would appreciate some advice.

My basic requirements:

   - It should be open source and no-cost (though, since I'm asking this
   question here, this goes without saying);
   - I should be able to program scripts (shell, Python, Perl, or Ruby) to
   run this software without human intervention; this rules out tools that are
   designed for interactive use.
   - It should be stable; I should be able to decrypt encrypted files that
   were encrypted several years earlier; (how much earlier?  hard to say;
   let's say 10 years, as a rough ballpark)

In addition, the following would be nice:

   - good documentation;
   - good performance;
   - bindings for a high-level language (preferably Python).

The only encryption tool I have used for encrypting files on my hard drive
is gpg2, which I have used for small, interactive encryption tasks
(half-dozen files, at most).

Therefore, my initial attempt was to use gpg2 for this new bulk-encryption
task, but I found myself constantly fighting with it, and finally had to
recognize that I was trying to use gpg2 for something it is not primarily
designed for.  (I am also a bit concerned with gpg2's future stability.
AFAICT, It's design has varied significantly over the years, and as a
result there's a lot of confusion on its use.  That has been my experience,
in any case.)

So I am back to square one.

I stress that I am interested only in symmetric encryption.  The issues
that asymmetric encryption addresses are not at all part of the problem I
am dealing with, and therefore I don't want to have to deal with the
complexities of asymmetric encryption.

What Debian packages would you recommend?

Many thanks in advance!

kj

Re: Taming the "lsblk" command

[Curt]

On 2019-01-09, rhkra...@gmail.com  wrote:
> On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:
>> On 9/01/19 6:04 PM, Jude DaShiell wrote:
>> > lsblk -l -o name,label | sort | script
>> 
>> lsblk -ln -o name,label |sort | 

Re: Réseau : accès VPN et LAN simultanés

[roger . tarani]

La modification du fichier de configuration du client vpn a réglé 
instantanément le problème.
En l'occurence :
route 192.168.0.0 255.255.255.0 net_gateway   # permettre intercom via LAN

Avec traceroute :
on lit la route immédiate pour accéder via VPN, et on visualise le cas où il y 
a blocage entre les 2 machines via le LAN. Ça confirme en termes de réseau le 
blocage observé.  

MACHINE 1
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 
MACHINE 2
 1  freeplayer.freebox.fr (FREEPLAYER)  39.753 ms  39.531 ms  39.427 ms
 2  freeplayer.freebox.fr (FREEPLAYER)  3139.230 ms !H  3139.549 ms !H  
3139.457 ms !H


Problème résolu. 
Merci.


PS : une question de sécurité qui devrait intéresser les gens, je crois :
Est-il normal que l'adresse IP d'une machine du LAN soit visible depuis un site 
internet auquel elle se connecte par un navigateur ??
On la lit en clair, par exemple avec 
http://www.whatsmyip.org/more-info-about-you/ qui fournit d'abord (et c'est 
normal) l'adresse IP publique du réseau (de la Box).

D'accord, c'est la machine qui se connecte via un navigateur à ce site. Mais ça 
me gêne dans le principe. Quand on veut pouvoir accéder à une machine du LAN 
via l'IP publique, on fait du NAT ou du PAT puisqu'elle n'est pas accessible 
directement.

Est-ce un danger ?
Si oui, y a-t-il une solution ? (tiens, là je sens que l'on va me parler de FW 
que je devrais configurer...)


- Original Message -
From: "Eric Degenetais" 
To: "roger tarani" 
Cc: "ML Debian User French" 
Sent: Wednesday, January 9, 2019 10:10:47 AM
Subject: Re: Réseau : accès VPN et LAN simultanés

bonjour,
Le mer. 9 janv. 2019 à 09:22,  a écrit :
>
> Je vais essayer. C'est simple, une ligne.
>
> A part constater que la communication fonctionne entre elles via le LAN 
> lorsque les machines sont aussi reliées au VPN, quel outil SIMPLE utiliser 
> pour vérifier les liens et les flux ?
> Je connais un peu nmap mais c'est de la grosse artillerie (pour moi). Ce pb 
> réseau est l'occasion de se mettre à jour.
>
pourquoi ne pas commencer par un simple traceroute tout con ?
> Bonne journée
>
> - Original Message -
> From: "Jérémy Prego" 
> To: debian-user-french@lists.debian.org
> Sent: Wednesday, January 9, 2019 8:47:07 AM
> Subject: Re: Réseau : accès VPN et LAN simultanés
>
>
>
> Le 09/01/2019 à 07:25, Pascal Hambourg a écrit :
> > Le 09/01/2019 à 02:35, Jérémy Prego a écrit :
> >> Le 09/01/2019 à 02:23, roger.tar...@free.fr a écrit :
> >>
> >>> J'ai un petit blocage sur un sujet de réseau :
> >>> Openvpn client est installé sur 2 machiness Jessie qui sont sur le
> >>> même LAN.
> >>> Le serveur est dans un lieu différent.
> >>> Dès que la connexion vpn est demarrée, impossible de communiquer via
> >>> le LAN entre les deux machines. Seule l'adresse IP du VPN est
> >>> accessible.
> >>> C'est surtout gênant pour les gros transferts de fichiers.
> >
> > Peux-tu poster la table de routage et le jeu de règles iptables des
> > deux machines lorsqu'elles sont connectées au VPN ?
> >
> > ip route
> > iptables-save
> >
> >> dans le fichier openvpn sur les clients ou sur le serveur
> >>
> >> client:
> >> route 192.168.40.0 255.255.255.0 net_gateway
> >
> > En quoi est-ce censé répondre au besoin ?
> > Je ne pense pas que Roger souhaite que les communications entre les
> > deux machines passent par le VPN (cf. phrase sur le transfert de gros
> > fichiers).
> >
>
> ça tombe bien, c'est le but de net_gateway par oposition a l'option
> vpn_gateway.
>
> Jerem
>

Éic Dégenètais

Re: Taming the "lsblk" command

[rhkramer]

On Wednesday, January 09, 2019 03:01:42 AM Richard Hector wrote:
> On 9/01/19 6:04 PM, Jude DaShiell wrote:
> > lsblk -l -o name,label | sort | script
> 
> lsblk -ln -o name,label |sort | 

Re: Debian booting into initramfs shell

[songbird]

Thomas Schweikle wrote:
> Hi!
>
> Since latest upgrades debian boots into initramfs shell:
>
> Gave up Waiting for suspend/resum device
> Gave up waiting for root file system device. Gommon problems:
> ...
>
> ALERT! UUID=c92b... does not exist.
> Dropping to a shell!
>
> Looking at devices, none exist: /dev/sda* are all missing.
> Looking at loaded drivers/modules: all required are loaded.
>
> Booting into rescue mode with the very same kernel/initrd works:
> devices are there, modules are loaded, file systems are accessible.
>
> Any idea how to solve this problem, when none of the kernels available
> boots into multiuser? And only the rescue system is working?

  Debian stable, testing or unstable or ?
and what hardware setup?


  songbird

Re: Taming the "lsblk" command

[Felix Miata]

Jude DaShiell composed on 2019-01-09 06:48 (UTC-0500):

> Felix Miata wrote:

>> Jude DaShiell composed on 2019-01-09 00:04 (UTC-0500):

>>> lsblk -l -o name,label | sort | script

>> I tried exactly that on Buster multiple times, and always get the following:

>> root@gb250:~# NAME  LABEL
>> bash: NAME: command not found
>> root@gb250:~# sda
>> bash: sda: command not found
>> root@gb250:~# sda10 k25p10deb10
>> bash: sda10: command not found
>> root@gb250:~# sda11 k25p11deb10fat
>> bash: sda11: command not found
...
>> root@gb250:~# sda8  k25p08s150
>> bash: sda8: command not found
>> root@gb250:~# sda9  k25p09s151
>> bash: sda9: command not found
>> root@gb250:~# sr0
>> bash: sr0: command not found
>> root@gb250:~# exit

> That can happen if bash doesn't find sort in its default binary
> directory.  Could be pointing bash directly at sort will clear the
> command not found error out of the output.

# cat /etc/debian_version
buster/sid
# which sort
/usr/bin/sort
# which script
/usr/bin/script

Same result from:

lsblk -l -o name,label | /usr/bin/sort | /usr/bin/script
-- 
Evolution as taught in public schools is religion, not science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: problemas con nginx

[Fernando Romero]

El mar., 8 ene. 2019 a las 5:57, Darthcoli - Alejandro Izquierdo (<
darthc...@gmail.com>) escribió:

> No conozco iredmail, pero por lo que comentas parece un problema de
> configuracion de nginx claramente siempre que iredmail no este usando antes
> el puerto 80/443.
> Revisa que el nginx este corriendo correctamente y luego ponnos la
> configuracion del nginx.conf y del resto de los sites-enabled para ver
> donde puede estar el fallo.
>
> El sáb., 5 ene. 2019 a las 3:43, Fernando Romero ()
> escribió:
>
>> Hola como están.
>> Alguien de la lista usa iredmail?
>> Estoy teniendo problemas con nginx, pero solo me pasa con iredmail.
>> Tengo nginx corriendo con varias aplicaciones y no tuve problemas pero
>> cuando instalo iredmail en el mismo servidor ya deje de funcionarme las
>> demás aplicaciones y por mas que cree los virtuales siempre me levanta la
>> url de iredmail.
>> No se si es algo que toca en la instala iredmail de nginx que no puedo
>> encontrar.
>>
>> Saludos
>>
>
Estos son los archivos de configuración:

nginx.conf:

user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/conf-enabled/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}

Esta en los site-enabled

El 00-default.conf:

# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server {
# Listen on ipv4
listen 80;
# Listen on ipv6.
# Note: this setting listens on both ipv4 and ipv6 with Nginx release
#   shipped in some Linux/BSD distributions.
#listen [::]:80;
server_name _;
# Redirect all insecure http:// requests to https://
return 301 https://$host$request_uri;

El 00-default-ssl.conf.

#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
listen 443;
server_name _;
root /var/www/html;
index index.php index.html;
include /etc/nginx/templates/misc.tmpl;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/iredadmin.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
include /etc/nginx/templates/sogo.tmpl;
include /etc/nginx/templates/netdata.tmpl;
include /etc/nginx/templates/php-catchall.tmpl;
include /etc/nginx/templates/stub_status.tmpl;
}
Y este es el virtual que uso para odoo:

upstream odoo {
server 127.0.0.1:8069;
}
server {
listen  443 default;
server_name portal.odoospain.org;
access_log  /var/log/nginx/odoo.access.log;
error_log   /var/log/nginx/odoo.error.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/
portal.odoospain.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/
portal.odoospain.org/privkey.pem;
keepalive_timeout   60;
ssl_ciphers
"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass  http://odoo;
proxy_next_upstream error timeout invalid_header http_500 http_502
http_503 http_504;
proxy_redirect off;
proxy_set_headerHost$host;
proxy_set_headerX-Real-IP   $remote_addr;
proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_headerX-Forwarded-Proto https;
}
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
}
server {
listen  80;
server_name portal.odoospain.org;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}

Saludos

Re: Taming the "lsblk" command

[Jude DaShiell]

On Wed, 9 Jan 2019, Felix Miata wrote:

> Date: Wed, 9 Jan 2019 01:47:24
> From: Felix Miata 
> To: debian-user@lists.debian.org
> Subject: Re: Taming the "lsblk" command
> Resent-Date: Wed,  9 Jan 2019 06:47:41 + (UTC)
> Resent-From: debian-user@lists.debian.org
>
> Jude DaShiell composed on 2019-01-09 00:04 (UTC-0500):
>
> > lsblk -l -o name,label | sort | script
>
> I tried exactly that on Buster multiple times, and always get the following:
>
> root@gb250:~# NAME  LABEL
> bash: NAME: command not found
> root@gb250:~# sda
> bash: sda: command not found
> root@gb250:~# sda10 k25p10deb10
> bash: sda10: command not found
> root@gb250:~# sda11 k25p11deb10fat
> bash: sda11: command not found
> root@gb250:~# sda12 k25p12Ubionic
> bash: sda12: command not found
> root@gb250:~# sda13
> bash: sda13: command not found
> root@gb250:~# sda14
> bash: sda14: command not found
> root@gb250:~# sda15
> bash: sda15: command not found
> root@gb250:~# sda16
> bash: sda16: command not found
> root@gb250:~# sda1  K25P01ESP
> bash: sda1: command not found
> root@gb250:~# sda2  k25p02swap
> bash: sda2: command not found
> root@gb250:~# sda3  k25p03res
> bash: sda3: command not found
> root@gb250:~# sda4  k25p04usrlcl
> bash: sda4: command not found
> root@gb250:~# sda5  k25p05home
> bash: sda5: command not found
> root@gb250:~# sda6  k25p06pub
> bash: sda6: command not found
> root@gb250:~# sda7  k25p07stw
> bash: sda7: command not found
> root@gb250:~# sda8  k25p08s150
> bash: sda8: command not found
> root@gb250:~# sda9  k25p09s151
> bash: sda9: command not found
> root@gb250:~# sr0
> bash: sr0: command not found
> root@gb250:~# exit
>
That can happen if bash doesn't find sort in its default binary
directory.  Could be pointing bash directly at sort will clear the
command not found error out of the output.

-- 

Re: Formattage EXT4 d'une clé de 2To

[Patrick Menier]

Le 07/01/2019 à 19:59, Pascal Hambourg a écrit :

Le 07/01/2019 à 14:48, Patrick Menier a écrit :

Le 07/01/2019 à 10:30, C. Mourad Jaber a écrit :


sudo mount /dev/sdb1 /media/usbkey/
mount: /media/usbkey : mauvais type de système de fichiers, option erronée, 
superbloc erroné sur /dev/sdb1, page de code ou programme auxiliaire 
manquant, ou autre erreur.


Fdisk me donne les informations suivantes :

Commande (m pour l'aide) : p
Disque /dev/sdb : 1,9 TiB, 209715200 octets, 409600 secteurs
Unités : secteur de 1 × 512 = 512 octets
Taille de secteur (logique / physique) : 512 octets / 512 octets
taille d'E/S (minimale / optimale) : 512 octets / 512 octets
Type d'étiquette de disque : gpt
Identifiant de disque : 896CE1F7-6EC3-2A4D-BC2B-809402441080

Périphérique Début    Fin   Secteurs Taille Type
/dev/sdb1 2048 409566 4095997919   1,9T Racine Linux (x86-64)

(...)

Ca ne serait pas le type de partition gpt? Tu as essayé de le modifier ?


Qu'est-ce qui te fait suggérer cela ?
Linux gère très bien le format GPT, et mount et le pilote ext4 s'en fichent 
complètement. A noter que le format GPT n'est pas indispensable pour une taille 
de 2 To puisque la limite du format DOS/MBR est de 2 Tio (avec des secteurs 
logiques de 512 octets), légèrement supérieure.




Oui je sais. Mais c'est pour l'avoir vécu... c'est tout.

Patrick

Re: /etc/network/interfaces and IPv6

[Reco]

Hi.

On Wed, Jan 09, 2019 at 10:42:27AM +0100, Rainer Dorsch wrote:
> Hello,
> 
> I am just wondering why ipv6 gets configured for enp1s0, even though I do not 
> request that in /etc/network/interfaces (?).
 
> 2: enp1s0:  mtu 1500 qdisc pfifo_fast state 
> UP 
> group default qlen 1000
> link/ether 74:d4:35:7b:0d:d8 brd ff:ff:ff:ff:ff:ff
> inet6 2a02:8070:898f:e4fc:76d4:35ff:fe7b:dd8/64 scope global mngtmpaddr 
> dynamic 
>valid_lft 14307sec preferred_lft 14307sec

You've got your IPv6 address via Router Advertisement (mngtmpaddr
dynamic, limited address lifetime).
And you don't need anything but a Linux kernel to get it.

If you don't need IPv6 on that interface for some reason - add the
following to your /etc/network/interfaces:

iface enp1s0 inet6 auto
accept_ra 0

Reco

Debian booting into initramfs shell

[Thomas Schweikle]

Hi!

Since latest upgrades debian boots into initramfs shell:

Gave up Waiting for suspend/resum device
Gave up waiting for root file system device. Gommon problems:
...

ALERT! UUID=c92b... does not exist.
Dropping to a shell!

Looking at devices, none exist: /dev/sda* are all missing.
Looking at loaded drivers/modules: all required are loaded.

Booting into rescue mode with the very same kernel/initrd works:
devices are there, modules are loaded, file systems are accessible.

Any idea how to solve this problem, when none of the kernels available
boots into multiuser? And only the rescue system is working?


-- 
Thomas

/etc/network/interfaces and IPv6

[Rainer Dorsch]

Hello,

I am just wondering why ipv6 gets configured for enp1s0, even though I do not 
request that in /etc/network/interfaces (?).

I suspect NetworkManager takes care of that, but I always thought, network 
manager does not touch interfaces mentioned in /etc/network/interface?

System is stretch.

[   17.057438] r8169 :01:00.0 enp1s0: link down 
[   17.057440] r8169 :01:00.0 enp1s0: link down 
[   17.057546] IPv6: ADDRCONF(NETDEV_UP): enp1s0: link is not ready 
[   28.782440] r8169 :01:00.0 enp1s0: link up 
[   28.782473] IPv6: ADDRCONF(NETDEV_CHANGE): enp1s0: link becomes ready


root@gigabyte:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto enp1s0
allow-hotplug enp1s0
iface enp1s0 inet dhcp
#iface eno1.7 inet6 auto
root@gigabyte:~# ip addr show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: enp1s0:  mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
link/ether 74:d4:35:7b:0d:d8 brd ff:ff:ff:ff:ff:ff
inet 192.168.7.201/24 brd 192.168.7.255 scope global enp1s0
   valid_lft forever preferred_lft forever
inet6 2a02:8070:898f:e4fc:76d4:35ff:fe7b:dd8/64 scope global mngtmpaddr 
dynamic 
   valid_lft 14307sec preferred_lft 14307sec
inet6 fe80::76d4:35ff:fe7b:dd8/64 scope link 
   valid_lft forever preferred_lft forever
root@gigabyte:~# 

Many thanks
Rainer

-- 
Rainer Dorsch
http://bokomoko.de/

Re: Réseau : accès VPN et LAN simultanés

[Eric Degenetais]

bonjour,
Le mer. 9 janv. 2019 à 09:22,  a écrit :
>
> Je vais essayer. C'est simple, une ligne.
>
> A part constater que la communication fonctionne entre elles via le LAN 
> lorsque les machines sont aussi reliées au VPN, quel outil SIMPLE utiliser 
> pour vérifier les liens et les flux ?
> Je connais un peu nmap mais c'est de la grosse artillerie (pour moi). Ce pb 
> réseau est l'occasion de se mettre à jour.
>
pourquoi ne pas commencer par un simple traceroute tout con ?
> Bonne journée
>
> - Original Message -
> From: "Jérémy Prego" 
> To: debian-user-french@lists.debian.org
> Sent: Wednesday, January 9, 2019 8:47:07 AM
> Subject: Re: Réseau : accès VPN et LAN simultanés
>
>
>
> Le 09/01/2019 à 07:25, Pascal Hambourg a écrit :
> > Le 09/01/2019 à 02:35, Jérémy Prego a écrit :
> >> Le 09/01/2019 à 02:23, roger.tar...@free.fr a écrit :
> >>
> >>> J'ai un petit blocage sur un sujet de réseau :
> >>> Openvpn client est installé sur 2 machiness Jessie qui sont sur le
> >>> même LAN.
> >>> Le serveur est dans un lieu différent.
> >>> Dès que la connexion vpn est demarrée, impossible de communiquer via
> >>> le LAN entre les deux machines. Seule l'adresse IP du VPN est
> >>> accessible.
> >>> C'est surtout gênant pour les gros transferts de fichiers.
> >
> > Peux-tu poster la table de routage et le jeu de règles iptables des
> > deux machines lorsqu'elles sont connectées au VPN ?
> >
> > ip route
> > iptables-save
> >
> >> dans le fichier openvpn sur les clients ou sur le serveur
> >>
> >> client:
> >> route 192.168.40.0 255.255.255.0 net_gateway
> >
> > En quoi est-ce censé répondre au besoin ?
> > Je ne pense pas que Roger souhaite que les communications entre les
> > deux machines passent par le VPN (cf. phrase sur le transfert de gros
> > fichiers).
> >
>
> ça tombe bien, c'est le but de net_gateway par oposition a l'option
> vpn_gateway.
>
> Jerem
>

Éic Dégenètais

Re: Réseau : accès VPN et LAN simultanés

[roger . tarani]

Je vais essayer. C'est simple, une ligne.

A part constater que la communication fonctionne entre elles via le LAN lorsque 
les machines sont aussi reliées au VPN, quel outil SIMPLE utiliser pour 
vérifier les liens et les flux ?
Je connais un peu nmap mais c'est de la grosse artillerie (pour moi). Ce pb 
réseau est l'occasion de se mettre à jour.

Bonne journée

- Original Message -
From: "Jérémy Prego" 
To: debian-user-french@lists.debian.org
Sent: Wednesday, January 9, 2019 8:47:07 AM
Subject: Re: Réseau : accès VPN et LAN simultanés



Le 09/01/2019 à 07:25, Pascal Hambourg a écrit :
> Le 09/01/2019 à 02:35, Jérémy Prego a écrit :
>> Le 09/01/2019 à 02:23, roger.tar...@free.fr a écrit :
>>
>>> J'ai un petit blocage sur un sujet de réseau :
>>> Openvpn client est installé sur 2 machiness Jessie qui sont sur le
>>> même LAN.
>>> Le serveur est dans un lieu différent.
>>> Dès que la connexion vpn est demarrée, impossible de communiquer via
>>> le LAN entre les deux machines. Seule l'adresse IP du VPN est
>>> accessible.
>>> C'est surtout gênant pour les gros transferts de fichiers.
>
> Peux-tu poster la table de routage et le jeu de règles iptables des
> deux machines lorsqu'elles sont connectées au VPN ?
>
> ip route
> iptables-save
>
>> dans le fichier openvpn sur les clients ou sur le serveur
>>
>> client:
>> route 192.168.40.0 255.255.255.0 net_gateway
>
> En quoi est-ce censé répondre au besoin ?
> Je ne pense pas que Roger souhaite que les communications entre les
> deux machines passent par le VPN (cf. phrase sur le transfert de gros
> fichiers).
>

ça tombe bien, c'est le but de net_gateway par oposition a l'option
vpn_gateway.

Jerem

Re: Taming the "lsblk" command

[Richard Hector]

On 9/01/19 6:04 PM, Jude DaShiell wrote:
> lsblk -l -o name,label | sort | script

lsblk -ln -o name,label |sort |