Re: Server hardware advice.
Steven Mainor wrote: > I would say a server is any piece of software or hardware that serves data > to other devices. > Well strictly speaking two different things are referred as server: hardware software In your case you are talking about buying hardware - correct? And if you intend to use a PC, than the correct wording for this would be A second hand PC that will be used as a home server. > I have run an apache2/mariadb/php server from an old laptop with a > headless LTS Linux for over two years without issue. > > Surely you aren't saying only a rack mounted 64 core monstrosity with a TB > of ram is qualified to be called a "server" > On hardware level - yes. Any PC can be used as a server, but it is still not a server from HW POV. There are many many technical details that make the difference, like memory channels, caches etc. > For my needs, I doubt anything more than a modern single board computer is > necessary. At least as far as compute power is concerned. Yes any modern PC would work. What was suggested that you take one with enough CPU and RAM. I think today one could get 4-8 CPUs with 16-32GB of RAM at a fair price. Do not underestimate the disks. I had a terrible experience with PC style drives. Take NAS style harddrives like the WD Red. You really want to use RAID there and all other drives I have been using in the past had to be replaced either because they failed or because the latency was unacceptable. I had Seagate Baraccuda, WD Green and WD Blue. A fellow sys admin told me they use WD Red and indeed the 2TB WD Red are very reliable, but not the bigger once - amazing what one should know. So I replaced all the drives over the years with WD Red 2TB. I use RAID1. I build a backup server recently out of older Intel DG45FC board I bought with CPU for ~100,- some years ago, gain with WD Red 2TB in RAID5, so that there is 6TB now. What I want to say is that not every fairly modern PC works, because you want to attach at least two disks to build a RAID - the more SATA connectors you have - the better.
Re: How free is Debian
Shahryar Afifi wrote: > Very well said. If debian free is not using amd64 microcode, so what > kernel module runs my cpu as 64bit? I was thinking the CPU is running and not something else running the CPU. I do not think you need something special to run 64bit CPU as such.
Re: How free is Debian
Joe Pfeiffer wrote: > You may not reverse engineer, decompile, or disassemble this > Software or any portion thereof. The irony here is that AMD started by reverse engineering Intel. And unfortunately the US has been protecting monopoly and fake competition for years. Such things as Microsoft, Apple and Google should not exist, not to speak of Intel, IBM and many other monsters. Amazon, Uber ... many many of them - it is cancer. Some time ago I read good article why the Patent Law should change, but I forgot where I found the article. The problems are in the patent law, as I understood the article regards
Re: How free is Debian
On Wed 07 Aug 2019 at 17:33:52 (-0700), Shahryar Afifi wrote: > With respect to all the contributors, developers, hobbyist and users, > who made GNU/Linux and Debian and all other distributions possible, > here lies a humble, ignorance and yet curious question. > > Are all binaries in the kernel code were writing from scratch? Are > there any binary blobs in the kernel that it was given to developers? > If amd64 license is not free, how is it that we have amd64 microcode in > the debian free? It isn't free; look: Package: amd64-microcode Version: 3.20160316.3 Installed-Size: 68 Maintainer: Henrique de Moraes Holschuh Architecture: amd64 Recommends: initramfs-tools (>= 0.113~) | dracut (>= 044) | tiny-initramfs Breaks: intel-microcode (<< 2) Description: Processor microcode firmware for AMD CPUs Description-md5: 093f190e183c7cfeca05b52ecd2116e3 Section: non-free/admin Priority: extra Filename: pool/non-free/a/amd64-microcode/amd64-microcode_3.20160316.3_amd64.deb Size: 31116 MD5sum: 7056e449d8bac87d85a4e434379d0e6e SHA256: f7bddaf712ffaa833ff65ef94bdd86720d55c2c56ae982c3db58181bbe70f147 > and if they are not the same, are we using the full > potential of our hardware? Cheers, David.
Re: How free is Debian
Joe Pfeiffer writes: > The LICENCE.amd-ucode file > includes the paragraph: >You may not reverse engineer, decompile, or disassemble this >Software or any portion thereof. Quite unenforceable, of course. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
Re: How free is Debian
Shahryar Afifi writes: > With respect to all the contributors, developers, hobbyist and users, > who made GNU/Linux and Debian and all other distributions possible, > here lies a humble, ignorance and yet curious question. > > Are all binaries in the kernel code were writing from scratch? Are > there any binary blobs in the kernel that it was given to developers? > If amd64 license is not free, how is it that we have amd64 microcode in > the debian free? and if they are not the same, are we using the full > potential of our hardware? > > I apologize in advance for my ignorance. > Thank you. Typically the binary blobs are not free. If you get the source for a package that includes a blob (for instance, amd64-microcode) you'll see where the blob came from. In the case of that package, it's all just binary -- no source code for the microcode. The LICENCE.amd-ucode file includes the paragraph: You may not reverse engineer, decompile, or disassemble this Software or any portion thereof. So... not free at all.
Re: WiFi interface unexpected response
El 7/8/19 a las 03:48, Andrei POPESCU escribió: > Let me rephrase that: why do you need *both* /etc/network/interfaces and > wpa_supplicant.conf? > > Kind regards, > Andrei Thank you Andrei. Your insights driven me to solve the blob. By reading no haste and at the right place, I can understand it. Everything was there https://wiki.debian.org/WiFi/HowToUse However, Patrick's quote make sense too. If you ggle out you will find a lot of tuts teaching the configuration of both tools at the same time. Of course keyword was wpa_ssid ;) Finally I left empty wpa_supplicant.conf file, reboot et... voilà thinks work fine now! The curious detail was to verify wpa_supplicant was not running I got a funny surprise. root@:~ # ps ax | grep supp 696 ? Ss 0:00 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlp3s0.pid -i wlp3s0 -D nl80211,wext -C /run/wpa_supplicant Thank you guys
Re: How free is Debian
You don't need a license for an ISA to compile for it. You need a license only if you're developing a CPU that uses that ISA. On Wed, Aug 7, 2019, 19:34 Shahryar Afifi wrote: > With respect to all the contributors, developers, hobbyist and users, > who made GNU/Linux and Debian and all other distributions possible, > here lies a humble, ignorance and yet curious question. > > Are all binaries in the kernel code were writing from scratch? Are > there any binary blobs in the kernel that it was given to developers? > If amd64 license is not free, how is it that we have amd64 microcode in > the debian free? and if they are not the same, are we using the full > potential of our hardware? > > I apologize in advance for my ignorance. > Thank you. > >
Re: Trackman Marble under wayland in Buster
On Wed, Aug 07, 2019 at 11:29:48AM -0400, Henning Follmann wrote: > Hello, > I just updated to buster and with that comes wayland. > I am using a Trackman marble and I do have a custom > configuration for it to switch to scoll when I hold > button 8 (called "EmulateWheel"). > Is there a way to do this under wayland? > > here is my previous marblemouse.conf for X: > > Section "InputClass" > Identifier "Marble Mouse" > MatchProduct "Logitech USB Trackball" > MatchIsPointer "on" > MatchDevicePath "/dev/input/event*" > Driver "evdev" > Option "Buttons""9" > Option "ButtonMapping" "1 9 3 4 5 6 7 2 8" > Option "EmulateWheel" "true" > Option "EmulateWheelButton" "8" > Option "Emulate3Buttons" "true" > EndSection > # +1 BTW, why do you have buttons "9"? My marble conf is: Section "InputClass" Identifier "Marble Mouse" MatchProduct "Logitech USB Trackball" MatchIsPointer "on" MatchDevicePath "/dev/input/event*" Driver "evdev" Option "ButtonMapping" "1 8 3 4 5 6 7 2 2" Option "EmulateWheel" "true" Option "EmulateWheelButton" "8" Option "ZAxisMapping" "4 5" Option "XAxisMapping" "6 7" Option "Emulate3Buttons" "true" EndSection Greatest mouse in the world once it's set up right - keep one on each side of the keyboard too, very handy :)
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Wed, 07 Aug 2019 23:05:13 +0200 Nimrod wrote: > On Wed, 2019-08-07 at 14:45 -0400, bw wrote: > > In-Reply-To: > > > > > > 2) The output of `iwlist scan` to see if the network you > > > > re looking for is detected from the hardware. > > > This is interesting, I didn't know this command. It would rather > > > strange if the hotspot is shown by the above command but not by > > > Network Manager. > > > > No, it would not be strange at all. Network-manager is in it's own > > time-zone, and is often rather strange and hard to figure > > out. Sometimes you must be patient, it does not scan immediately. > > For CLI tools I prefer 'iw' to the older iwlist command, but either > > may help you. If the device is scanning and finding other ap, then > > it probably is a network-manager quirk. It often > > misses/adds/deletes aps from the list IME. > > I tried iw while Network Manager was not finding my hotspot, and iw > found it instead. > But suddenly NM found it too! Last time it worked was several days > ago. I really can't understand. I'm happy it's working now, but I'm > afraid it will stop working sooner or later. I restarted several > times both laptop and hotspot, using both Gnome Shell and Mate, and > the hotspot always appeared almost immediately, as it was used to do > before. I then turned on another Nokia 3 hotspot (I have three > identical smartphone, mine and those of my sons). The second one is > still invisible, while other devices, including my own smartphone, can > connect to it with no problems. > Issuing iw scan now has no effect. > For everyone who answered here is the output of dmesg | grep wl: > [ 10.811861] wlan0: Broadcom BCM4315 802.11 Hybrid Wireless > Controller 6.30.223.271 (r587334)[ 11.084358] wl :02:00.0 wls1: > renamed from wlan0[ 16.562792] IPv6: ADDRCONF(NETDEV_UP): wls1: link > is not ready[ 17.614802] IPv6: ADDRCONF(NETDEV_UP): wls1: link is > not ready[ 161.102549] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link > becomes ready[ 725.746601] IPv6: ADDRCONF(NETDEV_UP): wls1: link is > not ready[ 725.770340] ERROR @wl_cfg80211_scan : [ 729.858749] IPv6: > ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1264.074169] IPv6: > ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1537.300735] IPv6: > ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1540.111204] IPv6: > ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1655.286877] IPv6: > ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1821.082896] IPv6: > ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1845.425123] IPv6: > ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1849.392169] IPv6: > ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1909.187372] IPv6: > ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1909.219378] ERROR > @wl_cfg80211_scan : [ 1909.248580] ERROR @wl_cfg80211_scan : > After the link became ready, I disabled wifi intentionally, and > reenabled after some seconds. Also, I tried many time "iw scan". > I can provide other data if you need it, just tell me. > Many thanks. > > Good Luck,bw > > `iwlist` command was very useful to me once debugging a raspberi pi with failing wireless adapter (networks appearing and disappearing). Tbh the errors there don't look good but not serious either. If the related output from `iwlist scan` shows only 2.4 Ghz networks (it maybe detecting only networks in the 2.4 GHz - if your nic is old). `lshw` output might be of use if you know what hardware you have in the laptop as a driver/device mismatch might cause the device not work very well (I ve seen it once only with usb wireless adapter). Regards -- Nektarios Katakis
Re: Server hardware advice.
On Wed, 07 Aug 2019 17:12:20 +0200 deloptes wrote: > Michael Stone wrote: > > > Newer server hardware is much more power efficient and will draw very > > little power when idle. This is one of the drawbacks to saving money by > > using old hardware. (You can still use old hardware, just be sure it's > > new enough that it's from the era when power efficiency became a thing.) > > I am not sure who you are answering to. I recently looked at HP DL360 and > DL380 Gen10. Yes indeed they are more power efficient compared to Gen9 in > terms they provide more calculation cycles for the same power, but this can > not be compared to a PC. This sort of stuff is discussed endlessly on the homelab subreddit, but for some personal data points: I run Debian on a Dell R210 II, with 1 CPU with 4 cores / 8 threads and 16GB of RAM, and a single HDD: the thing idles at about 23 watts. A Windows 10 VM (KVM / libvirt) adds about 5-7 watts, but a Debian Sid VM adds nothing. [Of course, the Debian VM is a fairly minimal thing, with under 400 packages installed, while the Windows installation is a pretty standard one.] Celejar
Re: mount weirdness
Hi, i wrote: > >mount -v /dev/sdc /wa1 > >echo $? Duh. "/dev/sdb2", not "/dev/sdc". (Do as i mean, not as i write.) Dennis Wicks wrote: > I'll put a note in my fstab so the next time I boot I can find it if the > mount fails again! Did i miss the report about some miracle cure beyond the link to /wa11 ? I did a search for "wa1" in Linux kernel git. https://github.com/torvalds/linux/search?utf8=%E2%9C%93=wa1= The name seems not to be hardcoded there. So my best guess is that it is mistaken by mount(8) for something other than a target path. This opportunity to be mistaken could be excluded by a test program which uses mount(2). I tested this program "ts_mount.c": - #include #include #include #include #include int main() { int ret; ret = mount("/dev/sr4", "/mnt/iso", "iso9660", MS_RDONLY, ""); if(ret == 0) { printf("Success\n"); exit(0); } printf("Failed\n"); printf("errno= %d (%s)\n", errno, strerror(errno)); exit(1); } - with a DVD drive by: cc -g -Wall -o ts_mount ts_mount.c ./ts_mount As normal user i got Failed errno= 1 (Operation not permitted) and as superuser Success Drive noise and listed files confirm the optimistic message. Without medium i get Failed errno= 123 (No medium found) Have a nice day :) Thomas
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Wed, 2019-08-07 at 14:45 -0400, bw wrote: > In-Reply-To: > > > 2) The output of `iwlist scan` to see if the network you > > > re looking for is detected from the hardware. > > This is interesting, I didn't know this command. It would rather > > strange if the hotspot is shown by the above command but not by > > Network Manager. > > No, it would not be strange at all. Network-manager is in it's own > time-zone, and is often rather strange and hard to figure > out. Sometimes you must be patient, it does not scan immediately. > For CLI tools I prefer 'iw' to the older iwlist command, but either > may help you. If the device is scanning and finding other ap, then > it probably is a network-manager quirk. It often misses/adds/deletes > aps from the list IME. I tried iw while Network Manager was not finding my hotspot, and iw found it instead. But suddenly NM found it too! Last time it worked was several days ago. I really can't understand. I'm happy it's working now, but I'm afraid it will stop working sooner or later. I restarted several times both laptop and hotspot, using both Gnome Shell and Mate, and the hotspot always appeared almost immediately, as it was used to do before. I then turned on another Nokia 3 hotspot (I have three identical smartphone, mine and those of my sons). The second one is still invisible, while other devices, including my own smartphone, can connect to it with no problems. Issuing iw scan now has no effect. For everyone who answered here is the output of dmesg | grep wl: [ 10.811861] wlan0: Broadcom BCM4315 802.11 Hybrid Wireless Controller 6.30.223.271 (r587334)[ 11.084358] wl :02:00.0 wls1: renamed from wlan0[ 16.562792] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 17.614802] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 161.102549] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 725.746601] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 725.770340] ERROR @wl_cfg80211_scan : [ 729.858749] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1264.074169] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1537.300735] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1540.111204] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1655.286877] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1821.082896] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1845.425123] IPv6: ADDRCONF(NETDEV_CHANGE): wls1: link becomes ready[ 1849.392169] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1909.187372] IPv6: ADDRCONF(NETDEV_UP): wls1: link is not ready[ 1909.219378] ERROR @wl_cfg80211_scan : [ 1909.248580] ERROR @wl_cfg80211_scan : After the link became ready, I disabled wifi intentionally, and reenabled after some seconds. Also, I tried many time "iw scan". I can provide other data if you need it, just tell me. Many thanks. > Good Luck,bw
Re: mount weirdness
On Wed 07 Aug 2019 at 12:44:39 (-0500), Dennis Wicks wrote: > David Wright wrote on 8/6/19 1:48 PM: > > On Tue 06 Aug 2019 at 12:18:21 (-0500), Dennis Wicks wrote: > > > Thomas Schmitt wrote on 8/6/19 10:30 AM: > > > > Dennis Wicks wrote: > > > > > I *cannot* mount *any* partition on /wa1 > > > > > but I *can* mount *any* partition on any other mount point. > > > > > > > > So what do you get from these shell commands ? > > > I am currently running with "ln -s /wa11 /wa1" so this isn't the > > > config I booted with. Anyway; > > > > > > > > ls -ld /wa1 /wa11 > > > > > > wix@dgwicks:~$ ls -ld /wa1 /wa11 > > > lrwxrwxrwx 1 root root4 Aug 1 17:40 /wa1 -> wa11 > > > drwxrwxrwx 17 root root 4096 Jun 17 14:07 /wa11 > > > wix@dgwicks:~$ > > > > > > > > > > > find /wa1 > > > > > > wix@dgwicks:~$ cd / > > > wix@dgwicks:/$ find /wa1 > > > /wa1 > > > wix@dgwicks:/$ lg wa1 > > > lrwxrwxrwx 1 root root 4 Aug 1 17:40 wa1 -> wa11/ > > > drwxrwxrwx 17 root root 4.0K Jun 17 14:07 wa11/ > > > lrwxrwxrwx 1 root root 7 Aug 1 17:43 www -> wa1/www/ > > > wix@dgwicks:/$ > > > > > > > > > > > What happens if you create a new /wa1 ? > > > > > > > > mv /wa1 /wa1_old > > > > mkdir /wa1 > > > > mount /dev/sdb2 /wa1 > > > > > > > > > > Same failure. One of the many things I tried to get the mount on /wa1 > > > to work, without any success. > > > > Shouldn't that fail with: > > > > ~# mkdir /wa1 > > ~# mount /dev/sda4 /wa1 > > mount: /dev/sda4 is already mounted or /wa1 busy > > /dev/sda4 is already mounted on /ya > > ~# > > No, it won't fail because the first mount to /wa1 did not succeed! No, but your sdb2 is already mounted (on /wa11): sdb ├─sdb1 xfs PubDtaMaster 4283d59b-8e0b-4f6a-ad33-47dff4e2198c 32.7G 86% /edrv └─sdb2 xfs Work-Area-1 20173008-eeaa-41cd-b862-f7d0b871895d 241.9G 65% /wa11 > And > the system does not object or give an error when you mount the same > partition on two diff dirs anyway! Mine does: I just posted it. > > > > > > > > > > > > As for your fstab, there is this "x-systemd.device-timeout=20" where > > > > all others have "=60". But the web says this is for automounting. > > > > > > This param is to stop the boot process from stopping because all of > > > the mounts have failed, temporarily. A previous thread from a few > > > weeks(?) back. > > > > > > > > I fail to imagine any explanation for the symptoms you report. > > > > Especially > > > > the silent failure riddles me. > > > > Unfortunately there's too much reported speech in this thread, > > and not enough direct speech. Some timely copy/paste might help. And, once again, you post *reports* of what is supposed to have happened. BTW what is lg? Cheers, David.
Re: Server hardware advice.
Am 07.08.2019 um 10:21 schrieb Jonas Smedegaard: Quoting Reco (2019-08-07 08:53:52) On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: I'm looking for advice on how to build a home server with a primary focus on security. I plan to run nextcloud and a mail server that will serve 3 to 5 people at most. My requirements are: A server setup that can be run with completely open source software and doesn't require any binaries to boot. I don't trust anything closed source for this particular project. A gigabit ethernet port. A USB3.0 port or SATA connector to attach storage to. Enough processor power and ram to run nextcloud and the mail server from an encrypted hard drive (LUKS) efficiently with moderate throughput saving and reading files from nextcloud. These fit all your requirements (i.e. it'll run stock buster kernel without any additional firmware): Helios4 - [1]. 4 SATA ports controller attached to PCI-E. GnuBee - [2]. 6 SATA ports attached to PCI-E. Odroid HC2 - [3]. Single SATA port, attached to USB bus. No powerful computers exist today completely without non-free parts: Since you point to Open Source Hardware below, beware that none of above devices are OSHWA certified: https://certification.oshwa.org/list.html - if however your freedom concerns are limited to _software_ parts then it is easier: Look for boards supported in mainline Linux and u-boot, and supported in Debian! Disregarding OSHW I agree that above options are good highlights. Additionally I suggest Olimex A64-Olinuxino and ESPRESSObin, both (unlike above options) known to be mainlined and work with Debian Buster. Personally, for hosting mail + Nextcloud for a small team I would tolerate USB2.0 and use the OSHWA certified board Olimex A64-Olinuxino. Only for heavy professional demands (e.g. an advertising agency pushing big files across a LAN all the time) I would use a Helios4. So far I have been looking at single board computers like the ones listed here: https://wiki.debian.org/CheapServerBoxHardware#OSHW Happy to see that list being of use beyond the FreedomBox project and my own competing https://solidbox.org/ :-) Please note that above list is limited to more consumer-oriented devices than your spec needs - e.g. must be sold with a proper case and be cheaper than you tolerate. That list is outdated somewhat. But it gave me good ideas back in the day. I just got myself a Zotac CI329 Nano. The Ethernet drivers (Realtek r8169 module) seem to use some binary blob. It was a bit strange as the system asked me for them in the debian installer, but then worked without providing any files... If that is ok for the OP, this provides a powerful fanless system. It is very compact, has four cores and it didn't complain when it was very hot here, recently. I'm using it as a router, because the FritzBox! Routers are becoming useless for more ambitious users. It has 2x Gigabit Ethernet and Intel WiFi with a single antenna. I'm also having 2x Windows Server 2016 core running in VMs to play around with Active Directory. The CPU is Atom based and officially supports only 8G, but I bought a 16GB dual channel kit and it works without flaw. I did the same on my QNAP, which has an older generation Celeron without AES instructions. A €30 240GB Kingston SSD provides plenty of fast storage and all together this is a powerful, clean system using <10W. Jochen
Re: Acceso remoto consola (simil Teamviewer)
Si un ave no rompe su huevo morirá antes de nacer. Nosotros somos el ave y el mundo es nuestro huevo. POR LA REVOLUCIÓN DEL MUNDO Ciudad de México El mié., 7 ago. 2019 a las 14:40, Guido Ignacio () escribió: > A ver si entendí, te refieres a usar un tunel ssh, pero debo tener > activo ese tunel desde mi servidor por lo cual voy a necesitar un > servidor del otro lado que me sirva para hacer el tunel > > A eso vas? > > No, un tunel VPN, y ya si quieres puedes usar ssh dentro del túnel vpn. Este manual explica como implementarlo en debian: https://wiki.debian.org/OpenVPN Para que funcione usas un servidor VPN que puedes contratar o poner como servicio expuesto en cualquier lado. Los equipos cliente se conectan a este y crean interfaces virtuales que funcionan como si físicamente se encontraran dentro de la misma red, actuando el servidor como un router. Adicionalmente, puedes usar los equipos cliente como gateway para conectar otras máquinas a la red VPN. El mié., 7 ago. 2019 a las 16:29, Paynalton () > escribió: > > > > mmm, usar una vpn para poder acceder a través de un túnel a los equipos. > > > > > > Si un ave no rompe su huevo morirá antes de nacer. > > Nosotros somos el ave y el mundo es nuestro huevo. > > POR LA REVOLUCIÓN DEL MUNDO > > > > Ciudad de México > > > > > > El mié., 7 ago. 2019 a las 13:52, Guido Ignacio () > escribió: > >> > >> Estimados buenas tardes > >> > >> Les hago una consulta, tengo un servidor casero que por temas de > >> restricción del ISP no tiene direccionamiento público por lo cual no > >> tengo llegada desde la wan a mi lan (aun routeando y poniendo la DMZ > >> en el router. > >> > >> La unica solución es usar algo similar a Teamviewer, pero necesito > >> algo que no use las X, dado que solo tengo modo consola. > >> > >> Que alternativas tengo para llegar a la consola de mi servidor? > >> > >> GRacias! > >> > >
Re: Acceso remoto consola (simil Teamviewer)
A ver si entendí, te refieres a usar un tunel ssh, pero debo tener activo ese tunel desde mi servidor por lo cual voy a necesitar un servidor del otro lado que me sirva para hacer el tunel A eso vas? El mié., 7 ago. 2019 a las 16:29, Paynalton () escribió: > > mmm, usar una vpn para poder acceder a través de un túnel a los equipos. > > > Si un ave no rompe su huevo morirá antes de nacer. > Nosotros somos el ave y el mundo es nuestro huevo. > POR LA REVOLUCIÓN DEL MUNDO > > Ciudad de México > > > El mié., 7 ago. 2019 a las 13:52, Guido Ignacio () > escribió: >> >> Estimados buenas tardes >> >> Les hago una consulta, tengo un servidor casero que por temas de >> restricción del ISP no tiene direccionamiento público por lo cual no >> tengo llegada desde la wan a mi lan (aun routeando y poniendo la DMZ >> en el router. >> >> La unica solución es usar algo similar a Teamviewer, pero necesito >> algo que no use las X, dado que solo tengo modo consola. >> >> Que alternativas tengo para llegar a la consola de mi servidor? >> >> GRacias! >>
Re: Acceso remoto consola (simil Teamviewer)
mmm, usar una vpn para poder acceder a través de un túnel a los equipos. Si un ave no rompe su huevo morirá antes de nacer. Nosotros somos el ave y el mundo es nuestro huevo. POR LA REVOLUCIÓN DEL MUNDO Ciudad de México El mié., 7 ago. 2019 a las 13:52, Guido Ignacio () escribió: > Estimados buenas tardes > > Les hago una consulta, tengo un servidor casero que por temas de > restricción del ISP no tiene direccionamiento público por lo cual no > tengo llegada desde la wan a mi lan (aun routeando y poniendo la DMZ > en el router. > > La unica solución es usar algo similar a Teamviewer, pero necesito > algo que no use las X, dado que solo tengo modo consola. > > Que alternativas tengo para llegar a la consola de mi servidor? > > GRacias! > >
Acceso remoto consola (simil Teamviewer)
Estimados buenas tardes Les hago una consulta, tengo un servidor casero que por temas de restricción del ISP no tiene direccionamiento público por lo cual no tengo llegada desde la wan a mi lan (aun routeando y poniendo la DMZ en el router. La unica solución es usar algo similar a Teamviewer, pero necesito algo que no use las X, dado que solo tengo modo consola. Que alternativas tengo para llegar a la consola de mi servidor? GRacias!
Re: mais ou est passee la place manquante ?
Le 07/08/2019 à 00:17, hamster a écrit : Pascal Hambourg a écrit : Le 06/08/2019 Ã 12:48, hamster a écrit : if [[ "$(grep "/home" /etc/mtab | cut -d" " -f3)" = "ext?" ]] Cette expression n'est pas assez sélective. Elle prend en compte n'importe quel montage contenant "/home" dans le point de montage (/home/data) ou le périphérique (/dev/vg/home). Très juste. Je pense que rajouter des espaces résout le problème : if [[ "$(grep " /home " /etc/mtab | cut -d" " -f3)" = "ext?" ]] C'est mieux, et probablement suffisant. Pour provoquer un faux positif il faudrait un chemin contenant des espaces, ce qui n'est pas courant.
Re: mount weirdness
On Wed, Aug 07, 2019 at 12:44:39PM -0500, Dennis Wicks wrote: > And the > system does not object or give an error when you mount the same partition on > two diff dirs anyway! Sadly. And *very* surprisingly. You can only wish that it did.
Re: mount weirdness
Thomas Schmitt wrote on 8/6/19 1:58 PM: Hi, more ideas: exit value, verbous mode. mount -v /dev/sdc /wa1 echo $? A nominally successful mount command would yield 0 as "$?". Maybe -v yields some extra insight. Have a nice day :) Thomas Thanks, Thomas! I'll put a note in my fstab so the next time I boot I can find it if the mount fails again! You too! Dennnis
Re: Exim4 as a smarthost : Unrouteable address
On Wed, 7 Aug 2019 18:37:05 +0200 rudu wrote: > Thank you Dan for your input. > > Le 07/08/2019 à 17:28, Dan Purgert a écrit : > > rudu wrote: > >> Hi all, > >> > >> Until recently my machines running debian testing used to send me > >> e-mails as reports from cron tasks or from LAMP applications. > >> This is not working anymore. > >> I did of course a dpkg-reconfigure exim4-config to get this > >> /etc/exim4/update-exim4.conf.conf file : > >> [...] > >> # This is a Debian specific file > >> > >> dc_eximconfig_configtype='satellite' > >> dc_other_hostnames='*' > > Not sure if it makes a difference or not; but my exim satellite > > configs have this entry (dc_other_hostnames) set to the local > > system's name. > > > > [...] > >> dc_smarthost='mail.myprovider.fr::465' > > This is another problem I noticed. My satellite configs simply > > state dc_smarthost='mail.djph.net'; without any port > > configurations. > As you suggested, I changed both parameters and this is what I get : > > > $ echo 'Hello there !!' | mail my.n...@domain.org -s Test13 -v > LOG: MAIN > <= j...@example.org U=jean P=local S=453 > jean@poste1:~$ delivering 1hvOe8-000392-5m > R: smarthost for my.n...@domain.org > T: remote_smtp_smarthost for my.n...@domain.org > Connecting to mail.myprovider.fr [91.217.154.228]:25 ... connected > SMTP<< 220 mx0.myprovider.fr ESMTP Postfix (Debian/GNU) > SMTP>> EHLO example.org > SMTP<< 250-mx0.myprovider.fr > 250-PIPELINING > 250-SIZE 18442404 > 250-VRFY > 250-ETRN > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-DSN > 250 SMTPUTF8 > SMTP>> MAIL FROM: SIZE=1490 > SMTP>> RCPT TO: > SMTP>> DATA > SMTP<< 250 2.1.0 Ok > SMTP<< 554 5.7.1 Service unavailable; Client host [109.12.75.40] > blocked using lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; > https://www.spamhaus.org/query/ip/109.12.75.40 > SMTP<< 554 5.5.1 Error: no valid recipients > SMTP>> QUIT > SMTP(close)>> > LOG: MAIN > ** my.n...@domain.org R=smarthost T=remote_smtp_smarthost > H=mail.myprovider.fr [91.217.154.228]: SMTP error from remote mail > server after RCPT TO:: 554 5.7.1 Service > unavailable; Client host [109.12.75.40] blocked using > lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; > https://www.spamhaus.org/query/ip/109.12.75.40 > LOG: MAIN > <= <> R=1hvOe8-000392-5m U=Debian-exim P=local S=2163 > delivering 1hvOe8-000395-GS > R: system_aliases for j...@example.org > R: hub_user for j...@example.org > R: system_aliases for j...@example.org > R: hub_user_smarthost for j...@example.org > T: remote_smtp_smarthost for j...@example.org > LOG: MAIN > Completed > Connecting to mail.myprovider.fr [91.217.154.228]:25 ... connected > SMTP<< 220 mx0.myprovider.fr ESMTP Postfix (Debian/GNU) > SMTP>> EHLO example.org > SMTP<< 250-mx0.myprovider.fr > 250-PIPELINING > 250-SIZE 18442404 > 250-VRFY > 250-ETRN > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-DSN > 250 SMTPUTF8 > SMTP>> MAIL FROM:<> SIZE=3243 > SMTP>> RCPT TO: > SMTP>> DATA > SMTP<< 250 2.1.0 Ok > SMTP<< 554 5.7.1 Service unavailable; Client host [109.12.75.40] > blocked using lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; > https://www.spamhaus.org/query/ip/109.12.75.40 > SMTP<< 554 5.5.1 Error: no valid recipients > SMTP>> QUIT > SMTP(close)>> > LOG: MAIN > ** j...@example.org R=hub_user_smarthost T=remote_smtp_smarthost > H=mail.myprovider.fr [91.217.154.228]: SMTP error from remote mail > server after RCPT TO:: 554 5.7.1 Service > unavailable; Client host [109.12.75.40] blocked using > lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; > https://www.spamhaus.org/query/ip/109.12.75.40 > LOG: MAIN > Frozen (delivery error message) > > I understand that I've been rejected as a spammer. > My provider insist on using port 465 though and maybe I didn't tell > exim4 to use ssl/tls ?? > Where should I look ? > Here's one of many how-tos: https://somoit.net/linux/linux-exim-authenticated-and-tls-mail-through-smarthost I have done it in the past for a client, but too long ago to remember anything. -- Joe
Re: mount weirdness
David Wright wrote on 8/6/19 1:48 PM: On Tue 06 Aug 2019 at 12:18:21 (-0500), Dennis Wicks wrote: Thomas Schmitt wrote on 8/6/19 10:30 AM: Dennis Wicks wrote: I *cannot* mount *any* partition on /wa1 but I *can* mount *any* partition on any other mount point. So what do you get from these shell commands ? I am currently running with "ln -s /wa11 /wa1" so this isn't the config I booted with. Anyway; ls -ld /wa1 /wa11 wix@dgwicks:~$ ls -ld /wa1 /wa11 lrwxrwxrwx 1 root root4 Aug 1 17:40 /wa1 -> wa11 drwxrwxrwx 17 root root 4096 Jun 17 14:07 /wa11 wix@dgwicks:~$ find /wa1 wix@dgwicks:~$ cd / wix@dgwicks:/$ find /wa1 /wa1 wix@dgwicks:/$ lg wa1 lrwxrwxrwx 1 root root 4 Aug 1 17:40 wa1 -> wa11/ drwxrwxrwx 17 root root 4.0K Jun 17 14:07 wa11/ lrwxrwxrwx 1 root root 7 Aug 1 17:43 www -> wa1/www/ wix@dgwicks:/$ What happens if you create a new /wa1 ? mv /wa1 /wa1_old mkdir /wa1 mount /dev/sdb2 /wa1 Same failure. One of the many things I tried to get the mount on /wa1 to work, without any success. Shouldn't that fail with: ~# mkdir /wa1 ~# mount /dev/sda4 /wa1 mount: /dev/sda4 is already mounted or /wa1 busy /dev/sda4 is already mounted on /ya ~# No, it won't fail because the first mount to /wa1 did not succeed! And the system does not object or give an error when you mount the same partition on two diff dirs anyway! As for your fstab, there is this "x-systemd.device-timeout=20" where all others have "=60". But the web says this is for automounting. This param is to stop the boot process from stopping because all of the mounts have failed, temporarily. A previous thread from a few weeks(?) back. I fail to imagine any explanation for the symptoms you report. Especially the silent failure riddles me. Unfortunately there's too much reported speech in this thread, and not enough direct speech. Some timely copy/paste might help. Me too! Happens during boot and when done manually! Cheers, David.
Re: WiFi interface unexpected response
On Wed, 7 Aug 2019 09:48:03 +0300 Andrei POPESCU wrote: > On Ma, 06 aug 19, 18:13:02, zetam.imap wrote: > > > > > Why do you need this if you configure wpa in /etc/network/interfaces? > > > > Normally the wireless interface is activated when a user accesses their > > account on the graphical interface. > > This host has to perform unattended tasks on that network even if no > > user is logged in. > > Let me rephrase that: why do you need *both* /etc/network/interfaces and > wpa_supplicant.conf? I wondered this, too. But every doc, wiki or article I read about manually setting up wireless with encryption said that's the way you do it. However, just to find out, I commented out the network stanza for my USB wireless dongle in wpa_supplicant.conf, and rebooted. Wireless works fine just with the basic info from /etc/network/interfaces. Only thing left not commented out in wpa_supplicant.conf is the config to enable wpa_cli, which doesn't run by default. FWIW: My system, a box under the desk, not a laptop, is very basic with an atypical install of Stretch -- window manager only, sysvinit, no wired Ethernet -- built part by part from a terminal-only install. Boots to terminal, login there, then startx to bring up GUI. B
Re: Server hardware advice.
I would say a server is any piece of software or hardware that serves data to other devices. I have run an apache2/mariadb/php server from an old laptop with a headless LTS Linux for over two years without issue. Surely you aren't saying only a rack mounted 64 core monstrosity with a TB of ram is qualified to be called a "server" For my needs, I doubt anything more than a modern single board computer is necessary. At least as far as compute power is concerned. -- Steven Mainor On August 7, 2019 10:53:52 AM EDT, deloptes wrote: Steven Mainor wrote: I would like to keep the budget under $500 not including the hard drive(s) I already have drives. Less is better. When I read server hardware I understand also server hardware. It has many CPUs a lot of ram, redundant power supply etc. It consumes a lot of power and costs a lot. For under 500 you can not get any of this and for your use case you do not need this as well. Years ago I build one to serve our needs at home. It has 4 virtual CPU and 32GB RAM - it uses 85Watt of power when not under load and it goes to above 100 if I compile software on it. It uses 10Watt more if I run a virtual machine (virtual box or vmware - I do not test containers, but I assume this will add overhead). The disks (I have 8) use also 3-5Watt each. Buying newer - larger disks, pays off, but it is insignificant what you save on power per year, most is burned by the CPU, so choose CPU and mainboard carefully. Unless you do not have to, avoid virtualization - it costs more energy. I hope this helps -- Steven Mainor On August 7, 2019 10:53:52 AM EDT, deloptes wrote: >Steven Mainor wrote: > >> I would like to keep the budget under $500 not including the hard >drive(s) >> I already have drives. Less is better. > >When I read server hardware I understand also server hardware. It has >many >CPUs a lot of ram, redundant power supply etc. It consumes a lot of >power >and costs a lot. >For under 500 you can not get any of this and for your use case you do >not >need this as well. > >Years ago I build one to serve our needs at home. It has 4 virtual CPU >and >32GB RAM - it uses 85Watt of power when not under load and it goes to >above >100 if I compile software on it. It uses 10Watt more if I run a virtual >machine (virtual box or vmware - I do not test containers, but I assume >this will add overhead). The disks (I have 8) use also 3-5Watt each. >Buying >newer - larger disks, pays off, but it is insignificant what you save >on >power per year, most is burned by the CPU, so choose CPU and mainboard >carefully. >Unless you do not have to, avoid virtualization - it costs more energy. > >I hope this helps
Re: Exim4 as a smarthost : Unrouteable address
Thank you Dan for your input. Le 07/08/2019 à 17:28, Dan Purgert a écrit : rudu wrote: Hi all, Until recently my machines running debian testing used to send me e-mails as reports from cron tasks or from LAMP applications. This is not working anymore. I did of course a dpkg-reconfigure exim4-config to get this /etc/exim4/update-exim4.conf.conf file : [...] # This is a Debian specific file dc_eximconfig_configtype='satellite' dc_other_hostnames='*' Not sure if it makes a difference or not; but my exim satellite configs have this entry (dc_other_hostnames) set to the local system's name. [...] dc_smarthost='mail.myprovider.fr::465' This is another problem I noticed. My satellite configs simply state dc_smarthost='mail.djph.net'; without any port configurations. As you suggested, I changed both parameters and this is what I get : $ echo 'Hello there !!' | mail my.n...@domain.org -s Test13 -v LOG: MAIN <= j...@example.org U=jean P=local S=453 jean@poste1:~$ delivering 1hvOe8-000392-5m R: smarthost for my.n...@domain.org T: remote_smtp_smarthost for my.n...@domain.org Connecting to mail.myprovider.fr [91.217.154.228]:25 ... connected SMTP<< 220 mx0.myprovider.fr ESMTP Postfix (Debian/GNU) SMTP>> EHLO example.org SMTP<< 250-mx0.myprovider.fr 250-PIPELINING 250-SIZE 18442404 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 SMTPUTF8 SMTP>> MAIL FROM: SIZE=1490 SMTP>> RCPT TO: SMTP>> DATA SMTP<< 250 2.1.0 Ok SMTP<< 554 5.7.1 Service unavailable; Client host [109.12.75.40] blocked using lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; https://www.spamhaus.org/query/ip/109.12.75.40 SMTP<< 554 5.5.1 Error: no valid recipients SMTP>> QUIT SMTP(close)>> LOG: MAIN ** my.n...@domain.org R=smarthost T=remote_smtp_smarthost H=mail.myprovider.fr [91.217.154.228]: SMTP error from remote mail server after RCPT TO:: 554 5.7.1 Service unavailable; Client host [109.12.75.40] blocked using lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; https://www.spamhaus.org/query/ip/109.12.75.40 LOG: MAIN <= <> R=1hvOe8-000392-5m U=Debian-exim P=local S=2163 delivering 1hvOe8-000395-GS R: system_aliases for j...@example.org R: hub_user for j...@example.org R: system_aliases for j...@example.org R: hub_user_smarthost for j...@example.org T: remote_smtp_smarthost for j...@example.org LOG: MAIN Completed Connecting to mail.myprovider.fr [91.217.154.228]:25 ... connected SMTP<< 220 mx0.myprovider.fr ESMTP Postfix (Debian/GNU) SMTP>> EHLO example.org SMTP<< 250-mx0.myprovider.fr 250-PIPELINING 250-SIZE 18442404 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 SMTPUTF8 SMTP>> MAIL FROM:<> SIZE=3243 SMTP>> RCPT TO: SMTP>> DATA SMTP<< 250 2.1.0 Ok SMTP<< 554 5.7.1 Service unavailable; Client host [109.12.75.40] blocked using lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; https://www.spamhaus.org/query/ip/109.12.75.40 SMTP<< 554 5.5.1 Error: no valid recipients SMTP>> QUIT SMTP(close)>> LOG: MAIN ** j...@example.org R=hub_user_smarthost T=remote_smtp_smarthost H=mail.myprovider.fr [91.217.154.228]: SMTP error from remote mail server after RCPT TO:: 554 5.7.1 Service unavailable; Client host [109.12.75.40] blocked using lk55tga7gkjpcy432ojwxtvvim.zen.dq.spamhaus.net; https://www.spamhaus.org/query/ip/109.12.75.40 LOG: MAIN Frozen (delivery error message) I understand that I've been rejected as a spammer. My provider insist on using port 465 though and maybe I didn't tell exim4 to use ssl/tls ?? Where should I look ? Thanks Rudu
Re: Comment faire - set upload_tmp_dir to a non-world-readable directory
D'autres utilisateurs que www-data peuvent appartenir au groupe www-data. Il est possible que das ce cas l'outil trouve que c'est trop large parce que seul l'utilisateur www-data, sans exception, devrait pouvoir lire (il est le seul utilisateur censé créer et utiliser ces fichiers) . => 0700 Cordialement __ Éric Dégenètais Henix http://www.henix.com http://www.squashtest.org Le mer. 7 août 2019 à 17:29, G2PC a écrit : > > Mais, en attendant, sur le système debian, les droits sont de 1777 sur > les dossiers tmp /tmp et /var/tmp > > À noter, le 1 de départ, le sticky bit, qui veut dire que tout le monde peut > créer un fichier > mais que le fichier créé ne peut ensuite être modifié que par son proprio > (`man chmod` pour le > détail). > > > Dès lors, pourquoi le dossier /upload_tmp_dir pour php ne serait t'il > pas lui aussi en 1777 ? > > Tout le monde doit pouvoir écrire dans /tmp, c'est l'OS qui te met à dispo un > endroit où tu > peux écrire, mais pour php y'a aucune raison que qqun d'autre que php puisse > lire / écrire dans > un dossier qui lui est réservé. > > En général on met ce dossier en 700 ou 750, en mettant en proprio le user qui > fait tourner php > (ça dépend de ton installation de php). > > > Je vois, merci pour tes explications, ça semble logique. > Donc, dans mon cas, c'est www-data qui fait tourner PHP, avec Apache. > > Dès lors, je crée mon dossier dans /var/www/dossier_pour_tmp_php > chown www-data:www-data -R /var/www/dossier_pour_tmp_php/ > > chmod 750 -R /var/www/dossier_pour_tmp_php > > ( Ou éventuellement 1750 ? ) > > ça semble être acceptable comme conf ? Mais, alors, qu'en est t'il si > Joomla me crie une erreur rendant la page inaccessible ? > Je vais sur mon domaine, le site Joomla ne charge plus et affiche Error > Par contre, d'autres contenu sont accessibles ( domaine.ext/phpsecinfo/ ) > > Idem si je le met en 755. > Le site ne fonctionne que si je met les droits en 777 > > Après test, je me rend compte que je me trompe ! Le dossier temporaire > était donné à root:root > > Maintenant, il est bien donné à www-data:www-data en 750 et le site Joomla > est accessible ! > > > Par contre, depuis phpsecinfo j'ai toujours le message en orange, qui > considère les conditions comme non réalisées : > Notice > upload_tmp_dir is disabled, or is set to a common world-writable > directory. This typically allows other users on this server to access > temporary copies of files uploaded via your PHP scripts. You should set > upload_tmp_dir to a non-world-readable directory > > Current Value: /var/www/dossier_pour_tmp_php (0750) > Recommended Value: A non-world readable/writable directory > > > Pour ça, si vous utilisez PHP et que vous pensez que votre configuration > est fonctionnelle, merci de tester ce script, il suffit de le télécharger > https://github.com/ZerooCool/phpsecinfo/tree/phpsecinfo-zeroocool-v0.2.1 > > Le test est effectué ligne 71 : > > https://github.com/ZerooCool/phpsecinfo/blob/phpsecinfo-zeroocool-v0.2.1/20070406-phpsecinfo-v0.2.1/PhpSecInfo/Test/Core/upload_tmp_dir.php > > Merci de vos avis. >
Re: Server hardware advice.
Depends on what you're trying to do. I run a small domain on a T1 without pictures or audio, so I'm using a Raspberry Pi 3 as a server. Quite a bit faster than the old PDP-11s the 'Net started out with, and significantly less expensive. And smaller. My domain used to be a lot larger, but still a T1 and very little video/audio. I used the bottom-of-the-line Dell servers back then, and bought my own RAM (Dell gets a lot for a RAM stick). The biggest advantage to the Dell servers, aside from the reliability of the components (over 15 years, I never had one fail), was that they could be bought without the Windows tax. If you're looking to do a full blown Google level server on a 10G connection, advice there is above my pay scale... -- Glenn English
Re: Server hardware advice.
On Wed, Aug 07, 2019 at 05:12:20PM +0200, deloptes wrote: Michael Stone wrote: Newer server hardware is much more power efficient and will draw very little power when idle. This is one of the drawbacks to saving money by using old hardware. (You can still use old hardware, just be sure it's new enough that it's from the era when power efficiency became a thing.) I am not sure who you are answering to. What's confusing about the attribution and text that I quoted? I recently looked at HP DL360 and DL380 Gen10. Yes indeed they are more power efficient compared to Gen9 in terms they provide more calculation cycles for the same power, but this can not be compared to a PC. HP g9 and g10 are both well past the dawn of the era of low idle consumption so there aren't huge differences to be found there. The base power consumption of that class of system is rather higher than a small desktop primarily because of redundancy and BMC (IPMI/remote management)--not the CPU. A different server chassis & motherboard choice will result in much lower base consumption, if the redundancy and remote management aren't needed. But even the HP DLs of the g9/g10 era can idle at around half the 85W you mentioned. (Whereas a comparable g6 might have idled over 100W, and even older servers idled at 300 or 400W.) The point is that it's not correct to assume that a "server" will have a high idle consumption, and if power efficiency is a goal it's achievable through reasonable selection of components. (Conversely, a "desktop" may have higher power consumption if it has a beefy GPU, and older desktops have much higher idle power just like older servers.)
Re: Exim4 as a smarthost : Unrouteable address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 rudu wrote: > Hi all, > > Until recently my machines running debian testing used to send me > e-mails as reports from cron tasks or from LAMP applications. > This is not working anymore. > I did of course a dpkg-reconfigure exim4-config to get this > /etc/exim4/update-exim4.conf.conf file : > [...] > # This is a Debian specific file > > dc_eximconfig_configtype='satellite' > dc_other_hostnames='*' Not sure if it makes a difference or not; but my exim satellite configs have this entry (dc_other_hostnames) set to the local system's name. [...] > dc_smarthost='mail.myprovider.fr::465' This is another problem I noticed. My satellite configs simply state dc_smarthost='mail.djph.net'; without any port configurations. Here's what I get in a log when sending from a test VM: 2019-08-07 11:25:40 1hvNoq-0007iY-NR <= d...@ironhide.djph.net U=dan P=local S=471 2019-08-07 11:25:40 1hvNoq-0007iY-NR => d...@djph.net R=smarthost T=remote_smtp_smarthost H=mail.djph.net [192.168.10.55] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes DN="CN=djph.net" C="250 2.0.0 Ok: queued as D20325FB0E" 2019-08-07 11:25:40 1hvNoq-0007iY-NR Completed -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAl1K7gsACgkQjhHd8xJ5 ooHvmgf/TD5v/YZmqyy4swp8feYF2SieOMrUQasUIehqm5jJkt8ksFjV/Um3ML36 47Yj1HsANxJQM6eWiMO8/4v3d/vPx0P+Rza3YRN8507iSXUGQa33K5W91WtlV7k7 k/DXJMt/wgVfnoa4bNYMnaUuGuguJ8tXMwh03Jb0Ro/hA0VS62zcyhYxCmRqLjvM xZplAplJfQg/Sp8/zLB59QQi95EkIBprEBxsZScN2z1HBI4bWfeA7kwA+zBsPuEB Gxuf6dRUpYOEhy8PAfeJBHruRwgUVzOTeNE8yl+F8Nip8GPXUHyFArm/he75qi7C 6P1v/pyf3qMLpvPY6wPysLArqBrXhw== =4iwV -END PGP SIGNATURE- -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
Trackman Marble under wayland in Buster
Hello, I just updated to buster and with that comes wayland. I am using a Trackman marble and I do have a custom configuration for it to switch to scoll when I hold button 8 (called "EmulateWheel"). Is there a way to do this under wayland? here is my previous marblemouse.conf for X: Section "InputClass" Identifier "Marble Mouse" MatchProduct "Logitech USB Trackball" MatchIsPointer "on" MatchDevicePath "/dev/input/event*" Driver "evdev" Option "Buttons""9" Option "ButtonMapping" "1 9 3 4 5 6 7 2 8" Option "EmulateWheel" "true" Option "EmulateWheelButton" "8" Option "Emulate3Buttons" "true" EndSection # TIA -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: Comment faire - set upload_tmp_dir to a non-world-readable directory
>> Mais, en attendant, sur le système debian, les droits sont de 1777 sur >> les dossiers tmp /tmp et /var/tmp > À noter, le 1 de départ, le sticky bit, qui veut dire que tout le monde peut > créer un fichier > mais que le fichier créé ne peut ensuite être modifié que par son proprio > (`man chmod` pour le > détail). > >> Dès lors, pourquoi le dossier /upload_tmp_dir pour php ne serait t'il >> pas lui aussi en 1777 ? > Tout le monde doit pouvoir écrire dans /tmp, c'est l'OS qui te met à dispo un > endroit où tu > peux écrire, mais pour php y'a aucune raison que qqun d'autre que php puisse > lire / écrire dans > un dossier qui lui est réservé. > > En général on met ce dossier en 700 ou 750, en mettant en proprio le user qui > fait tourner php > (ça dépend de ton installation de php). Je vois, merci pour tes explications, ça semble logique. Donc, dans mon cas, c'est www-data qui fait tourner PHP, avec Apache. Dès lors, je crée mon dossier dans /var/www/dossier_pour_tmp_php chown www-data:www-data -R /var/www/dossier_pour_tmp_php/ chmod 750 -R /var/www/dossier_pour_tmp_php ( Ou éventuellement 1750 ? ) ça semble être acceptable comme conf ? Mais, alors, qu'en est t'il si Joomla me crie une erreur rendant la page inaccessible ? Je vais sur mon domaine, le site Joomla ne charge plus et affiche Error Par contre, d'autres contenu sont accessibles ( domaine.ext/phpsecinfo/ ) Idem si je le met en 755. Le site ne fonctionne que si je met les droits en 777 Après test, je me rend compte que je me trompe ! Le dossier temporaire était donné à root:root Maintenant, il est bien donné à www-data:www-data en 750 et le site Joomla est accessible ! Par contre, depuis phpsecinfo j'ai toujours le message en orange, qui considère les conditions comme non réalisées : Notice upload_tmp_dir is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access temporary copies of files uploaded via your PHP scripts. You should set upload_tmp_dir to a non-world-readable directory Current Value: /var/www/dossier_pour_tmp_php (0750) Recommended Value: A non-world readable/writable directory Pour ça, si vous utilisez PHP et que vous pensez que votre configuration est fonctionnelle, merci de tester ce script, il suffit de le télécharger https://github.com/ZerooCool/phpsecinfo/tree/phpsecinfo-zeroocool-v0.2.1 Le test est effectué ligne 71 : https://github.com/ZerooCool/phpsecinfo/blob/phpsecinfo-zeroocool-v0.2.1/20070406-phpsecinfo-v0.2.1/PhpSecInfo/Test/Core/upload_tmp_dir.php Merci de vos avis.
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Aug 7, 2019 11:38, Nektarios Katakis wrote:On Wed, 07 Aug 2019 10:42:09 +0200 Nimrod wrote: > Hi, > > my (very old) laptop has been working like a charm until I updated > from Stretch to Buster. Among the other, the issue in the subject is > very relevant for me. > > Here is what happens when I turn on wi-fi hotspot on Nokia 3 > smartphone (Android up to date): > > 1) any smartphone or tablet in the family can connect to my Nokia 3 > hotspot. > > 2) my laptop can connect at least to a tablet hotspot (the tablet has > a rather old Android version, I guess 6 or even less, and it cannot be > updated); also, my laptop finds a lot of wi-fi networks around > (currently I'm in a building in the small town of Anzio, Italy, but > almost every corner of the town is full of wi-fi networks) > > 3) my laptop cannot even see any hotspot provided by a Nokia 3 > smartphone with Android up to date; we have three of them, and I > checked everyone one of them: they all can be used by the tablet in > point 2) above, and none of them are even found by my laptop. > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem > via Bluetooth, but the connection is rather slow. When the wi-fi > hotspot was working the speed was much higher. > > Some data: > > - the laptop is a HP 6730s, quite slow but incredibly robust; Buster > is up to date > - all the Nokia 3 have Android 9 July update > > Thanks in advance for any hint. > > A good place to check your wireless issues is the excellent wifi howto page from debian docs https://wiki.debian.org/WiFi/HowToUse. I'll certainly take a look at it. You re not mentioning what software you re using to connect to wifi. Just Gnome Shell interface, which I guess is just a GUI for Network Manager.From the right upper corner of the screen I can look at all wifi networks available. There are many, my wife's tablet hotspot immediately appears if turned on, but none of our three Nokia 3 even appears there when hotspot is turned on, not even after many many minutes.But my wife's tablet immediately connects to any of the Nokia 3 hotspot. So does her Alcatel smartphone, a very low level device. Ah, the laptop even connects without problem at all with my wife's Alcatel hotspot. For your case I would check 2 things: 1) `dmesg` output to check if you see any errors from your network card driver or if its loaded correctly. I definitely exclude any problems with the network card driver, because it perfectly works with many other wifi devices, as I told above. Nevertheless I'll follow your suggestion as soon as I come back home. 2) The output of `iwlist scan` to see if the network you re looking for is detected from the hardware. This is interesting, I didn't know this command. It would rather strange if the hotspot is shown by the above command but not by Network Manager.Thanks a lots. Regards -- Nektarios Katakis
Re: Server hardware advice.
Michael Stone wrote: > Newer server hardware is much more power efficient and will draw very > little power when idle. This is one of the drawbacks to saving money by > using old hardware. (You can still use old hardware, just be sure it's > new enough that it's from the era when power efficiency became a thing.) I am not sure who you are answering to. I recently looked at HP DL360 and DL380 Gen10. Yes indeed they are more power efficient compared to Gen9 in terms they provide more calculation cycles for the same power, but this can not be compared to a PC.
Re: Server hardware advice.
On Wed, Aug 07, 2019 at 04:53:52PM +0200, deloptes wrote: Years ago I build one to serve our needs at home. It has 4 virtual CPU and 32GB RAM - it uses 85Watt of power when not under load and it goes to above 100 if I compile software on it. It uses 10Watt more if I run a virtual machine (virtual box or vmware - I do not test containers, but I assume this will add overhead). Newer server hardware is much more power efficient and will draw very little power when idle. This is one of the drawbacks to saving money by using old hardware. (You can still use old hardware, just be sure it's new enough that it's from the era when power efficiency became a thing.)
Re: Server hardware advice.
Steven Mainor wrote: > I would like to keep the budget under $500 not including the hard drive(s) > I already have drives. Less is better. When I read server hardware I understand also server hardware. It has many CPUs a lot of ram, redundant power supply etc. It consumes a lot of power and costs a lot. For under 500 you can not get any of this and for your use case you do not need this as well. Years ago I build one to serve our needs at home. It has 4 virtual CPU and 32GB RAM - it uses 85Watt of power when not under load and it goes to above 100 if I compile software on it. It uses 10Watt more if I run a virtual machine (virtual box or vmware - I do not test containers, but I assume this will add overhead). The disks (I have 8) use also 3-5Watt each. Buying newer - larger disks, pays off, but it is insignificant what you save on power per year, most is burned by the CPU, so choose CPU and mainboard carefully. Unless you do not have to, avoid virtualization - it costs more energy. I hope this helps
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Aug 7, 2019 16:15, Curt wrote:On 2019-08-07, Nimrod wrote: > > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem via > > Thanks in advance for any hint. > I really have no idea, but I was just reading that if it's a 5 ghz hotspot you've created, an older device might not be able see it. I thought so too, but my hotspot is 2.4 GHz, and I can't even change that. -- “We are all in the gutter, but some of us are looking at the stars.” ― Oscar Wilde, Lady Windermere's Fan
Re: Where do I find the Debian CAs?
Stephan Seitz wrote: > On Di, Aug 06, 2019 at 06:57:51 -0400, Dan Ritter wrote: > > Stephan Seitz wrote: > > > I’ve noticed that the Debian mailing list server is offering a > > > certificate as a client: > > > Client CN „clientcerts/bendel.debian.org”, Issuer „Debian SMTP CA” > > > > > > I can’t verify it because I can’t find the CA. There doesn’t seem to be a > > > package with internal CAs. > > > > > > Where can I find them? > > > > dpkg -S /etc/ssl/certs > > will show you: > > ssl-cert, ca-certificates, openssl > > I think there is a misunderstanding. I know about /etc/ssl/certs, but there > isn’t a Debian SMTP CA. > > So I would like to know where I can download this CA (or others as well) and > then put them in /etc/ssl/certs. Ah. You can't. Connection converted to SSL SSLVersion in use: TLSv1_2 Cipher in use: ECDHE-RSA-AES256-GCM-SHA384 Certificate 1 of 2 in chain: Cert VALIDATION ERROR(S): self signed certificate in certificate chain So email is encrypted but the recipient domain is not verified Cert Hostname VERIFIED (bendel.debian.org = bendel.debian.org) Not Valid Before: Apr 1 11:07:15 2019 GMT Not Valid After: Mar 31 11:07:15 2020 GMT subject= /C=NA/ST=NA/L=Ankh Morpork/O=Debian SMTP/OU=Debian SMTP CA/CN=bendel.debian.org issuer= /C=NA/ST=NA/L=Ankh Morpork/O=Debian SMTP/OU=Debian SMTP CA/CN=Debian SMTP CA Certificate 2 of 2 in chain: Cert VALIDATION ERROR(S): self signed certificate in certificate chain So email is encrypted but the recipient domain is not verified Not Valid Before: Mar 31 12:54:52 2019 GMT Not Valid After: Mar 28 12:54:52 2029 GMT subject= /C=NA/ST=NA/L=Ankh Morpork/O=Debian SMTP/OU=Debian SMTP CA/CN=Debian SMTP CA issuer= /C=NA/ST=NA/L=Ankh Morpork/O=Debian SMTP/OU=Debian SMTP CA/CN=Debian SMTP CA That's a self-signed cert. Note that it's from Ankh Morpork, a city on the Discworld. You can't verify that, and they don't expect you to be able to do so. -dsr-
Re: Buster on laptop cannot find Nokia 3 hotspot...
On 2019-08-07, Nimrod wrote: > > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem via > > Thanks in advance for any hint. > I really have no idea, but I was just reading that if it's a 5 ghz hotspot you've created, an older device might not be able see it. -- “We are all in the gutter, but some of us are looking at the stars.” ― Oscar Wilde, Lady Windermere's Fan
Exim4 as a smarthost : Unrouteable address
Hi all, Until recently my machines running debian testing used to send me e-mails as reports from cron tasks or from LAMP applications. This is not working anymore. I did of course a dpkg-reconfigure exim4-config to get this /etc/exim4/update-exim4.conf.conf file : [...] # This is a Debian specific file dc_eximconfig_configtype='satellite' dc_other_hostnames='*' dc_local_interfaces='127.0.0.1;192.168.0.20' dc_readhost='example.org' dc_relay_domains='*' dc_minimaldns='false' dc_relay_nets='192.168.0.0/24' dc_smarthost='mail.myprovider.fr::465' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' But here is an attempt to actually send a mail : ~$ echo 'Hello there !!' | mail my.n...@domain.org -s Test13 -v LOG: MAIN <= j...@example.org U=jean P=local S=453 jean@poste1:~$ delivering 1hvLI6-0001yn-GI R: system_aliases for my.n...@domain.org LOG: MAIN ** my.n...@domain.org: Unrouteable address LOG: MAIN <= <> R=1hvLI6-0001yn-GI U=Debian-exim P=local S=1668 delivering 1hvLI6-0001yp-Kr R: system_aliases for j...@example.org R: hub_user for j...@example.org R: system_aliases for j...@example.org R: hub_user_smarthost for j...@example.org T: remote_smtp_smarthost for j...@example.org LOG: MAIN Completed LOG: retry_defer MAIN == j...@example.org R=hub_user_smarthost T=remote_smtp_smarthost defer (-53): retry time not reached for any host for 'example.org' I keep getting this "Unrouteable address" whatever address I try to write to, addresses who do receive mails via thunderbird. Thunderbird is also successfully using the smtp server credentials I feed exim4 with ... I must be missing something obvious here but I'm completely in the dark. Thanks for any help, Rudu
Re: Server hardware advice.
On 2019-08-07 11:13, Nektarios Katakis wrote: On Wed, 07 Aug 2019 02:08:30 -0400 Steven Mainor wrote: You are correct. That was an oversight. Of all the items on that page I could probably afford the screwdriver and the heatsinks. I would like to keep the budget under $500 not including the hard drive(s) I already have drives. Less is better. -- Steven Mainor On August 7, 2019 1:52:15 AM EDT, Richard Hector wrote: >On 7/08/19 5:29 PM, Steven Mainor wrote: >> Hi all, >> >> I'm looking for advice on how to build a home server with a >> primary >focus on >> security. I plan to run nextcloud and a mail server that will >> serve 3 >to 5 >> people at most. >> >> My requirements are: >> >> A server setup that can be run with completely open source >> software >and >> doesn't require any binaries to boot. I don't trust anything >> closed >source for >> this particular project. >> >> A gigabit ethernet port. >> >> A USB3.0 port or SATA connector to attach storage to. >> >> Enough processor power and ram to run nextcloud and the mail >> server >from an >> encrypted hard drive (LUKS) efficiently with moderate throughput >saving and >> reading files from nextcloud. >> >> I would just build something x86 based but the amd/intel Platform >Security >> Processor/IME stuff makes me nervous. >> >> So far I have been looking at single board computers like the >> ones >listed >> here: https://wiki.debian.org/CheapServerBoxHardware#OSHW >> >> I like the OLinuXino A20 LIME2 but I am not sure the processor >> will >be enough >> to handle the overhead from an encrypted hard drive. I also don't >like that it >> is only 32-bit since that will limit the file size nextcloud can >handle as I >> understand it. >> >> Is there anything similar to the OLinuXino A20 LIME2 but more >powerful or is >> there a better option I haven't read about yet? > >You haven't mentioned a budget, but strong emphasis on security and >openness ... > >https://www.raptorcs.com/TALOSII/ ? > >Richard I have a similar home setup and have to say that with the mail service and seafile server (and a few smaller services) running in docker the setup the PC is already consuming 1G of ram. I m using an old PC. I wouldnt suggest a less powerful box as you will run out of ram. If you need fanless checkout an intel nuc. Debian should run fine with it although I think it will need some drivers from the non-free repos. Regards, I use old Lenovos which are quiet and so cheap (20UKP)you can have one for each job. Don't bother with cloud but scp files about. Don't know how the webmail would manage with multiple connections. mick -- Key ID4BFEBB31
Re: Comment faire - set upload_tmp_dir to a non-world-readable directory
Le 07/08/19 à 13:38, G2PC a écrit : > Mais, en attendant, sur le système debian, les droits sont de 1777 sur > les dossiers tmp /tmp et /var/tmp À noter, le 1 de départ, le sticky bit, qui veut dire que tout le monde peut créer un fichier mais que le fichier créé ne peut ensuite être modifié que par son proprio (`man chmod` pour le détail). > Dès lors, pourquoi le dossier /upload_tmp_dir pour php ne serait t'il > pas lui aussi en 1777 ? Tout le monde doit pouvoir écrire dans /tmp, c'est l'OS qui te met à dispo un endroit où tu peux écrire, mais pour php y'a aucune raison que qqun d'autre que php puisse lire / écrire dans un dossier qui lui est réservé. En général on met ce dossier en 700 ou 750, en mettant en proprio le user qui fait tourner php (ça dépend de ton installation de php). -- Daniel Un homme qui a réussi est un homme qui gagne plus d’argent que sa femme n’en dépense. Et une femme qui a réussi est une femme qui a trouvé un tel homme. Lana Turner
Re: Comment faire - set upload_tmp_dir to a non-world-readable directory
Le 07/08/2019 à 13:13, Daniel Caillibaud a écrit : > Le 07/08/19 à 12:49, G2PC a écrit : Avant toute chose, j'aimerais réellement trouver de l'information sur ce qu'est, officiellement, un dossier dit " A non-world readable/writable directory ". C'est un dossier dans lequel tout le monde ne peut pas lire/écrire, donc un chmod xx1 max. drwxrwx--x ^^^ le proprio peut lire / écrire / entrer ^^^ le groupe peut lire / écrire / entrer ^^^ les autres ne peuvent pas lire / écrire, seulement entrer >> - Donc tu dois faire un chmod 700 ou 750 ou ce que tu veux mais avec du xxy >> ou y vaut 0 ou 1 >> Daniel Caillibaud >> >> - Essaie `chmod 407` sur le répertoire temporaire. > Et pour trancher => `man chmod` > > > Un 407 ne devrait pas marcher puisque le proprio ne pourrait plus entrer dans > le dossier > mais que n'importe qui pourrait entrer, lire et écrire… > > Et ça parait curieux de refuser tous les droits au groupe et de les > accepter pour tout le monde, mais on peut faire ça pour justement donner > "tous les droits sauf > pour un groupe". > > Je pense que jm pensais au masque, le complémentaire, un masque de 407 > donnerait un chmod 370, > qui est curieux (moins de droits pour le proprio que le groupe) mais serait > d'équerre avec la > demande initiale de ne pas avoir de "world writable". > >> Une chose est sur c'est que si les droits du /tmp_upload >> pour les " autres " n'est pas égal à 7, Joomla me hurle dessus avec un >> message d'erreur. Je ne peux dès lors plus naviguer sur le CMS Joomla. > Donc Joomla n'est pas compatible avec des réglages de sécurité minimaux, mais > ça c'est pas une > nouvelle :-D (ça me surprend quand même, mais on en voit de belles tous les > jours) > > Car ce 7 signifie justement rwx pour "other", donc tout le monde peut > lire/écrire/entrer Mais, en attendant, sur le système debian, les droits sont de 1777 sur les dossiers tmp /tmp et /var/tmp Dès lors, pourquoi le dossier /upload_tmp_dir pour php ne serait t'il pas lui aussi en 1777 ?
Re: lenteur maladive
Le 05/08/19 à 19:59, hamster a écrit : > De temps en temps, le processeur se bloque a 800 MHz, c'est dans ces > moments la qu'il est particulièrement lent. Pourtant toutes les > températures sont en dessous de 60 °C. Alors tu as peut-être qqchose qui fait passer ton processeur en mode économe en énergie, regarde dans les réglages d'énergie. Ou alors c'est un réglage bios ou OS qui le fait passer dans ce mode quand la batterie est faible… -- Daniel L'homme est imparfait, mais ce n'est pas étonnant si l'on songe à l'époque où il fut créé. Alphonse Allais
Re: Comment faire - set upload_tmp_dir to a non-world-readable directory
Le 07/08/19 à 12:49, G2PC a écrit : > >> Avant toute chose, j'aimerais réellement trouver de l'information sur ce > >> qu'est, officiellement, un dossier dit " A non-world readable/writable > >> directory ". > > >> C'est un dossier dans lequel tout le monde ne peut pas lire/écrire, donc > >> un chmod xx1 max. > >> > >> drwxrwx--x > >> ^^^ le proprio peut lire / écrire / entrer > >> ^^^ le groupe peut lire / écrire / entrer > >>^^^ les autres ne peuvent pas lire / écrire, seulement entrer > > - Donc tu dois faire un chmod 700 ou 750 ou ce que tu veux mais avec du xxy > ou y vaut 0 ou 1 > Daniel Caillibaud > > - Essaie `chmod 407` sur le répertoire temporaire. > jm > > Bon, au final, vous vous contredisez, et, ça me rassure un peu, Tant mieux, c'est une très bonne illustration de l'adage "ne JAMAIS lancer une commande lue qq part sans comprendre ce que ça fait !" Et pour trancher => `man chmod` Un 407 ne devrait pas marcher puisque le proprio ne pourrait plus entrer dans le dossier mais que n'importe qui pourrait entrer, lire et écrire… Et ça parait curieux de refuser tous les droits au groupe et de les accepter pour tout le monde, mais on peut faire ça pour justement donner "tous les droits sauf pour un groupe". La règle est assez simple, pour un chmod xyz, x donne les droits du proprio, y ceux du groupe et z ceux pour tous les autres. La combinaison de droits se fait en additionnant 4 : r / lecture (read) 2 : w / modification (write), pour un dossier ça veut dire pouvoir le renommer/supprimer ou créer un fichier/dossier dedans 1 : x / exécution, pour un dossier ça signifie pouvoir entrer dedans donc ici le 407 donne : 4 : r-- pour le proprio 0 : --- pour le groupe 7 : rwx pour tous les autres Je pense que jm pensais au masque, le complémentaire, un masque de 407 donnerait un chmod 370, qui est curieux (moins de droits pour le proprio que le groupe) mais serait d'équerre avec la demande initiale de ne pas avoir de "world writable". > Une chose est sur c'est que si les droits du /tmp_upload > pour les " autres " n'est pas égal à 7, Joomla me hurle dessus avec un > message d'erreur. Je ne peux dès lors plus naviguer sur le CMS Joomla. Donc Joomla n'est pas compatible avec des réglages de sécurité minimaux, mais ça c'est pas une nouvelle :-D (ça me surprend quand même, mais on en voit de belles tous les jours) Car ce 7 signifie justement rwx pour "other", donc tout le monde peut lire/écrire/entrer -- Daniel Apprendre, pour Socrate, c'est se ressouvenir de ce qu'on a oublié. Platon
Re: Server hardware advice.
Hi. On Wed, Aug 07, 2019 at 05:58:57AM -0400, Steven Mainor wrote: > Thanks for the reply. Those seem like options to consider. The > pre-orders for the helios4 seem to be sold out for now. They are currently at fourth "campaign", i.e. they're manufacturing a fourth batch. Supply is limited (they produce like a thousand boards per batch), your best bet is a preorder (I got mine at their second "campaign"). Hopefully they do fifth. Reco
Re: Comment faire - set upload_tmp_dir to a non-world-readable directory
>> Avant toute chose, j'aimerais réellement trouver de l'information sur ce >> qu'est, officiellement, un dossier dit " A non-world readable/writable >> directory ". >> C'est un dossier dans lequel tout le monde ne peut pas lire/écrire, donc un >> chmod xx1 max. >> >> drwxrwx--x >> ^^^ le proprio peut lire / écrire / entrer >> ^^^ le groupe peut lire / écrire / entrer >>^^^ les autres ne peuvent pas lire / écrire, seulement entrer - Donc tu dois faire un chmod 700 ou 750 ou ce que tu veux mais avec du xxy ou y vaut 0 ou 1 Daniel Caillibaud - Essaie `chmod 407` sur le répertoire temporaire. jm Bon, au final, vous vous contredisez, et, ça me rassure un peu, ça ne semble pas évident pour tout le monde. Un "A non-world readable/writable directory " Une chose est sur c'est que si les droits du /tmp_upload pour les " autres " n'est pas égal à 7, Joomla me hurle dessus avec un message d'erreur. Je ne peux dès lors plus naviguer sur le CMS Joomla. La proposition de faire un 407 pourrait être plus adapté, je n'ai pas encore testé. Quoi qu'il en soit, j'invite les utilisateurs de PHP à tester ce script : https://github.com/ZerooCool/phpsecinfo/tree/phpsecinfo-zeroocool-v0.2.1 C'est la version de PhpSecInfo officielle, améliorée pour intégrer phpinfo() et la fin de ligne Unix sur les fichiers. Un simple wget sur votre serveur, pour observer ce qu'il vous dit sur les droits accordés à ce dossier Upload_tmp. Voir si du coup, vous êtes au vert, ou non ? Le premier qui passe au vert, sans message d'erreur, gagne une bière.
Re: Server hardware advice.
Quoting Steven Mainor (2019-08-07 12:04:35) > Perhaps you are right about usb 2.0. And the Olimex A64-OLinuXino does > seem like a solid option otherwise. > > I wasn't able to verify which usb the Olimex A64-OLinuXino had. It > didn't specifically say on the specs page. And the github link for the > schematic seems to be broken. > > https://github.com/OLIMEX/OLINUXINO/blob/master/HARDWARE/A64-OLinuXino/A64-OlinuXino_Rev_C.pdf They reorganized and updated that git. Try step back to https://github.com/OLIMEX/OLINUXINO/tree/master/HARDWARE/A64-OLinuXino See also https://linux-sunxi.org/Olimex_A64-OLinuXino - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: Server hardware advice.
On Wed, 07 Aug 2019 02:08:30 -0400 Steven Mainor wrote: > You are correct. That was an oversight. > > Of all the items on that page I could probably afford the screwdriver > and the heatsinks. > > I would like to keep the budget under $500 not including the hard > drive(s) I already have drives. Less is better. -- > Steven Mainor > > On August 7, 2019 1:52:15 AM EDT, Richard Hector > wrote: > >On 7/08/19 5:29 PM, Steven Mainor wrote: > >> Hi all, > >> > >> I'm looking for advice on how to build a home server with a > >> primary > >focus on > >> security. I plan to run nextcloud and a mail server that will > >> serve 3 > >to 5 > >> people at most. > >> > >> My requirements are: > >> > >> A server setup that can be run with completely open source > >> software > >and > >> doesn't require any binaries to boot. I don't trust anything > >> closed > >source for > >> this particular project. > >> > >> A gigabit ethernet port. > >> > >> A USB3.0 port or SATA connector to attach storage to. > >> > >> Enough processor power and ram to run nextcloud and the mail > >> server > >from an > >> encrypted hard drive (LUKS) efficiently with moderate throughput > >saving and > >> reading files from nextcloud. > >> > >> I would just build something x86 based but the amd/intel Platform > >Security > >> Processor/IME stuff makes me nervous. > >> > >> So far I have been looking at single board computers like the > >> ones > >listed > >> here: https://wiki.debian.org/CheapServerBoxHardware#OSHW > >> > >> I like the OLinuXino A20 LIME2 but I am not sure the processor > >> will > >be enough > >> to handle the overhead from an encrypted hard drive. I also don't > >like that it > >> is only 32-bit since that will limit the file size nextcloud can > >handle as I > >> understand it. > >> > >> Is there anything similar to the OLinuXino A20 LIME2 but more > >powerful or is > >> there a better option I haven't read about yet? > > > >You haven't mentioned a budget, but strong emphasis on security and > >openness ... > > > >https://www.raptorcs.com/TALOSII/ ? > > > >Richard I have a similar home setup and have to say that with the mail service and seafile server (and a few smaller services) running in docker the setup the PC is already consuming 1G of ram. I m using an old PC. I wouldnt suggest a less powerful box as you will run out of ram. If you need fanless checkout an intel nuc. Debian should run fine with it although I think it will need some drivers from the non-free repos. Regards, -- Nektarios Katakis
Re: Server hardware advice.
Perhaps you are right about usb 2.0. And the Olimex A64-OLinuXino does seem like a solid option otherwise. I wasn't able to verify which usb the Olimex A64-OLinuXino had. It didn't specifically say on the specs page. And the github link for the schematic seems to be broken. https://github.com/OLIMEX/OLINUXINO/blob/master/HARDWARE/A64-OLinuXino/A64-OlinuXino_Rev_C.pdf -- Steven Mainor On August 7, 2019 4:21:25 AM EDT, Jonas Smedegaard wrote: >Quoting Reco (2019-08-07 08:53:52) >> On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: >> > I'm looking for advice on how to build a home server with a primary > >> > focus on security. I plan to run nextcloud and a mail server that >> > will serve 3 to 5 people at most. >> > >> > My requirements are: >> > >> > A server setup that can be run with completely open source software > >> > and doesn't require any binaries to boot. I don't trust anything >> > closed source for this particular project. >> > >> > A gigabit ethernet port. >> > >> > A USB3.0 port or SATA connector to attach storage to. >> > >> > Enough processor power and ram to run nextcloud and the mail server > >> > from an encrypted hard drive (LUKS) efficiently with moderate >> > throughput saving and reading files from nextcloud. >> >> These fit all your requirements (i.e. it'll run stock buster kernel >> without any additional firmware): >> >> Helios4 - [1]. 4 SATA ports controller attached to PCI-E. >> GnuBee - [2]. 6 SATA ports attached to PCI-E. >> Odroid HC2 - [3]. Single SATA port, attached to USB bus. > >No powerful computers exist today completely without non-free parts: >Since you point to Open Source Hardware below, beware that none of >above >devices are OSHWA certified: https://certification.oshwa.org/list.html >- >if however your freedom concerns are limited to _software_ parts then >it >is easier: Look for boards supported in mainline Linux and u-boot, and >supported in Debian! > >Disregarding OSHW I agree that above options are good highlights. >Additionally I suggest Olimex A64-Olinuxino and ESPRESSObin, both >(unlike above options) known to be mainlined and work with Debian >Buster. > >Personally, for hosting mail + Nextcloud for a small team I would >tolerate USB2.0 and use the OSHWA certified board Olimex A64-Olinuxino. > >Only for heavy professional demands (e.g. an advertising agency pushing > >big files across a LAN all the time) I would use a Helios4. > > >> > So far I have been looking at single board computers like the ones >> > listed here: https://wiki.debian.org/CheapServerBoxHardware#OSHW > >Happy to see that list being of use beyond the FreedomBox project and >my >own competing https://solidbox.org/ :-) > >Please note that above list is limited to more consumer-oriented >devices >than your spec needs - e.g. must be sold with a proper case and be >cheaper than you tolerate. > > >> That list is outdated somewhat. But it gave me good ideas back in the > >> day. > >Care to elaborate? > > > - Jonas > >-- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private
Re: Server hardware advice.
Thanks for the reply. Those seem like options to consider. The pre-orders for the helios4 seem to be sold out for now. -- Steven Mainor On August 7, 2019 2:53:52 AM EDT, Reco wrote: >On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: >> Hi all, >> >> I'm looking for advice on how to build a home server with a primary >focus on >> security. I plan to run nextcloud and a mail server that will serve 3 >to 5 >> people at most. >> >> My requirements are: >> >> A server setup that can be run with completely open source software >and >> doesn't require any binaries to boot. I don't trust anything closed >source for >> this particular project. >> >> A gigabit ethernet port. >> >> A USB3.0 port or SATA connector to attach storage to. >> >> Enough processor power and ram to run nextcloud and the mail server >from an >> encrypted hard drive (LUKS) efficiently with moderate throughput >saving and >> reading files from nextcloud. > > These fit all your requirements (i.e. it'll run stock buster kernel >without any additional firmware): > >Helios4 - [1]. 4 SATA ports controller attached to PCI-E. >GnuBee - [2]. 6 SATA ports attached to PCI-E. >Odroid HC2 - [3]. Single SATA port, attached to USB bus. > > >> So far I have been looking at single board computers like the ones >listed >> here: https://wiki.debian.org/CheapServerBoxHardware#OSHW > >That list is outdated somewhat. But it gave me good ideas back in the >day. > >Reco > >[1] https://kobol.io/ >[2] http://gnubee.org/ >[3] https://www.hardkernel.com/shop/odroid-hc2-home-cloud-two/
Re: Where do I find the Debian CAs?
On Di, Aug 06, 2019 at 06:57:51 -0400, Dan Ritter wrote: Stephan Seitz wrote: I’ve noticed that the Debian mailing list server is offering a certificate as a client: Client CN „clientcerts/bendel.debian.org”, Issuer „Debian SMTP CA” I can’t verify it because I can’t find the CA. There doesn’t seem to be a package with internal CAs. Where can I find them? dpkg -S /etc/ssl/certs will show you: ssl-cert, ca-certificates, openssl I think there is a misunderstanding. I know about /etc/ssl/certs, but there isn’t a Debian SMTP CA. So I would like to know where I can download this CA (or others as well) and then put them in /etc/ssl/certs. Stephan -- | If your life was a horse, you'd have to shoot it. |
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Aug 7, 2019 11:14, Jonas Smedegaard wrote:Quoting Nimrod (2019-08-07 10:42:09) > my (very old) laptop has been working like a charm until I updated > from Stretch to Buster. Among the other, the issue in the subject is > very relevant for me. > > Here is what happens when I turn on wi-fi hotspot on Nokia 3 > smartphone (Android up to date): > > 1) any smartphone or tablet in the family can connect to my Nokia 3 > hotspot. > > 2) my laptop can connect at least to a tablet hotspot (the tablet has > a rather old Android version, I guess 6 or even less, and it cannot be > updated); also, my laptop finds a lot of wi-fi networks around > (currently I'm in a building in the small town of Anzio, Italy, but > almost every corner of the town is full of wi-fi networks) > > 3) my laptop cannot even see any hotspot provided by a Nokia 3 > smartphone with Android up to date; we have three of them, and I > checked everyone one of them: they all can be used by the tablet in > point 2) above, and none of them are even found by my laptop. > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem > via Bluetooth, but the connection is rather slow. When the wi-fi > hotspot was working the speed was much higher. > > Some data: > > - the laptop is a HP 6730s, quite slow but incredibly robust; Buster > is up to date > - all the Nokia 3 have Android 9 July update > > Thanks in advance for any hint. Perhaps your hotspot uses insecure encryption rejected by modern systems? Some encryption (e.g. WEP) is so insecure that it is practically useless: If you cannot upgrade then consider turning off encryption altogether and see if that works. Thanks, Jonas,but the encryption provided by Nokia 3 hotspot is WPA2, and it works perfectly with many client devices, except for my laptop.Since I upgraded to Buster, it worked for a while, but some days ago it stopped working.I repeat, it doesn't work with my laptop only, and my laptop can't connect with Nokia 3 hotspots only.This is rather weird.Best regards. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Re: Buster on laptop cannot find Nokia 3 hotspot...
On Wed, 07 Aug 2019 10:42:09 +0200 Nimrod wrote: > Hi, > > my (very old) laptop has been working like a charm until I updated > from Stretch to Buster. Among the other, the issue in the subject is > very relevant for me. > > Here is what happens when I turn on wi-fi hotspot on Nokia 3 > smartphone (Android up to date): > > 1) any smartphone or tablet in the family can connect to my Nokia 3 > hotspot. > > 2) my laptop can connect at least to a tablet hotspot (the tablet has > a rather old Android version, I guess 6 or even less, and it cannot be > updated); also, my laptop finds a lot of wi-fi networks around > (currently I'm in a building in the small town of Anzio, Italy, but > almost every corner of the town is full of wi-fi networks) > > 3) my laptop cannot even see any hotspot provided by a Nokia 3 > smartphone with Android up to date; we have three of them, and I > checked everyone one of them: they all can be used by the tablet in > point 2) above, and none of them are even found by my laptop. > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem > via Bluetooth, but the connection is rather slow. When the wi-fi > hotspot was working the speed was much higher. > > Some data: > > - the laptop is a HP 6730s, quite slow but incredibly robust; Buster > is up to date > - all the Nokia 3 have Android 9 July update > > Thanks in advance for any hint. > > A good place to check your wireless issues is the excellent wifi howto page from debian docs https://wiki.debian.org/WiFi/HowToUse. You re not mentioning what software you re using to connect to wifi. For your case I would check 2 things: 1) `dmesg` output to check if you see any errors from your network card driver or if its loaded correctly. 2) The output of `iwlist scan` to see if the network you re looking for is detected from the hardware. Regards -- Nektarios Katakis
Re: Buster on laptop cannot find Nokia 3 hotspot...
Quoting Nimrod (2019-08-07 10:42:09) > my (very old) laptop has been working like a charm until I updated > from Stretch to Buster. Among the other, the issue in the subject is > very relevant for me. > > Here is what happens when I turn on wi-fi hotspot on Nokia 3 > smartphone (Android up to date): > > 1) any smartphone or tablet in the family can connect to my Nokia 3 > hotspot. > > 2) my laptop can connect at least to a tablet hotspot (the tablet has > a rather old Android version, I guess 6 or even less, and it cannot be > updated); also, my laptop finds a lot of wi-fi networks around > (currently I'm in a building in the small town of Anzio, Italy, but > almost every corner of the town is full of wi-fi networks) > > 3) my laptop cannot even see any hotspot provided by a Nokia 3 > smartphone with Android up to date; we have three of them, and I > checked everyone one of them: they all can be used by the tablet in > point 2) above, and none of them are even found by my laptop. > > It seems there is something wrong with my laptop and Nokia 3 when they > try to communicate. Currently I'm still using my Nokia 3 as a modem > via Bluetooth, but the connection is rather slow. When the wi-fi > hotspot was working the speed was much higher. > > Some data: > > - the laptop is a HP 6730s, quite slow but incredibly robust; Buster > is up to date > - all the Nokia 3 have Android 9 July update > > Thanks in advance for any hint. Perhaps your hotspot uses insecure encryption rejected by modern systems? Some encryption (e.g. WEP) is so insecure that it is practically useless: If you cannot upgrade then consider turning off encryption altogether and see if that works. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: Server hardware advice.
Quoting Reco (2019-08-07 10:53:35) > On Wed, Aug 07, 2019 at 10:21:25AM +0200, Jonas Smedegaard wrote: > > > That list is outdated somewhat. But it gave me good ideas back in > > > the day. > > > > Care to elaborate? > > Specifically it gave me an idea to buy that Linksys WRT1200. > Works for me since stretch, the only disadvantages are the need to > build an out-of-tree kernel module (mwlwifi) for WiFi and feed it > non-free firmware. > But I needed a router, the thing fit the need. So when you wrote "That list is outdated somewhat" you really meant "That list didn't fit my needs and was inspirational even then." Great to hear that! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: Server hardware advice.
On Wed, Aug 07, 2019 at 10:21:25AM +0200, Jonas Smedegaard wrote: > > That list is outdated somewhat. But it gave me good ideas back in the > > day. > > Care to elaborate? Specifically it gave me an idea to buy that Linksys WRT1200. Works for me since stretch, the only disadvantages are the need to build an out-of-tree kernel module (mwlwifi) for WiFi and feed it non-free firmware. But I needed a router, the thing fit the need. Reco
Buster on laptop cannot find Nokia 3 hotspot...
Hi, my (very old) laptop has been working like a charm until I updated from Stretch to Buster. Among the other, the issue in the subject is very relevant for me. Here is what happens when I turn on wi-fi hotspot on Nokia 3 smartphone (Android up to date): 1) any smartphone or tablet in the family can connect to my Nokia 3 hotspot. 2) my laptop can connect at least to a tablet hotspot (the tablet has a rather old Android version, I guess 6 or even less, and it cannot be updated); also, my laptop finds a lot of wi-fi networks around (currently I'm in a building in the small town of Anzio, Italy, but almost every corner of the town is full of wi-fi networks) 3) my laptop cannot even see any hotspot provided by a Nokia 3 smartphone with Android up to date; we have three of them, and I checked everyone one of them: they all can be used by the tablet in point 2) above, and none of them are even found by my laptop. It seems there is something wrong with my laptop and Nokia 3 when they try to communicate. Currently I'm still using my Nokia 3 as a modem via Bluetooth, but the connection is rather slow. When the wi-fi hotspot was working the speed was much higher. Some data: - the laptop is a HP 6730s, quite slow but incredibly robust; Buster is up to date - all the Nokia 3 have Android 9 July update Thanks in advance for any hint. -- Nimrod
Re: Server hardware advice.
Quoting john doe (2019-08-07 09:33:35) > On 8/7/2019 8:53 AM, Reco wrote: > > On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: > >> I'm looking for advice on how to build a home server with a primary > >> focus on security. I plan to run nextcloud and a mail server that > >> will serve 3 to 5 people at most. > >> > >> My requirements are: > >> > >> A server setup that can be run with completely open source software > >> and doesn't require any binaries to boot. I don't trust anything > >> closed source for this particular project. > >> > >> A gigabit ethernet port. > >> > >> A USB3.0 port or SATA connector to attach storage to. > >> > >> Enough processor power and ram to run nextcloud and the mail server > >> from an encrypted hard drive (LUKS) efficiently with moderate > >> throughput saving and reading files from nextcloud. > > > > These fit all your requirements (i.e. it'll run stock buster kernel > > without any additional firmware): > > > > Helios4 - [1]. 4 SATA ports controller attached to PCI-E. > > GnuBee - [2]. 6 SATA ports attached to PCI-E. > > Odroid HC2 - [3]. Single SATA port, attached to USB bus. > > > > > >> So far I have been looking at single board computers like the ones > >> listed here: https://wiki.debian.org/CheapServerBoxHardware#OSHW > > > > That list is outdated somewhat. But it gave me good ideas back in > > the day. > > > > Reco > > > > [1] https://kobol.io/ > > [2] http://gnubee.org/ > > [3] https://www.hardkernel.com/shop/odroid-hc2-home-cloud-two/ > > > > I don't have a room dedicated to my devices, is there any solution > that is fan less? > Url (3) looks to be the case. The ODroid board ships with huge passive cooling which helps if the room is adequately cool - and otherwise will "throttle" - i.e. run at lower speeds to avoid meltdown. Heat is indeed a reason to consider other boards than above. My recommendation is to buy the industrial-grade A64-OLinuXino-2Ge8G-IND https://www.olimex.com/Products/OLinuXino/A64/A64-OLinuXino/open-source-hardware - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: Server hardware advice.
Quoting Reco (2019-08-07 08:53:52) > On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: > > I'm looking for advice on how to build a home server with a primary > > focus on security. I plan to run nextcloud and a mail server that > > will serve 3 to 5 people at most. > > > > My requirements are: > > > > A server setup that can be run with completely open source software > > and doesn't require any binaries to boot. I don't trust anything > > closed source for this particular project. > > > > A gigabit ethernet port. > > > > A USB3.0 port or SATA connector to attach storage to. > > > > Enough processor power and ram to run nextcloud and the mail server > > from an encrypted hard drive (LUKS) efficiently with moderate > > throughput saving and reading files from nextcloud. > > These fit all your requirements (i.e. it'll run stock buster kernel > without any additional firmware): > > Helios4 - [1]. 4 SATA ports controller attached to PCI-E. > GnuBee - [2]. 6 SATA ports attached to PCI-E. > Odroid HC2 - [3]. Single SATA port, attached to USB bus. No powerful computers exist today completely without non-free parts: Since you point to Open Source Hardware below, beware that none of above devices are OSHWA certified: https://certification.oshwa.org/list.html - if however your freedom concerns are limited to _software_ parts then it is easier: Look for boards supported in mainline Linux and u-boot, and supported in Debian! Disregarding OSHW I agree that above options are good highlights. Additionally I suggest Olimex A64-Olinuxino and ESPRESSObin, both (unlike above options) known to be mainlined and work with Debian Buster. Personally, for hosting mail + Nextcloud for a small team I would tolerate USB2.0 and use the OSHWA certified board Olimex A64-Olinuxino. Only for heavy professional demands (e.g. an advertising agency pushing big files across a LAN all the time) I would use a Helios4. > > So far I have been looking at single board computers like the ones > > listed here: https://wiki.debian.org/CheapServerBoxHardware#OSHW Happy to see that list being of use beyond the FreedomBox project and my own competing https://solidbox.org/ :-) Please note that above list is limited to more consumer-oriented devices than your spec needs - e.g. must be sold with a proper case and be cheaper than you tolerate. > That list is outdated somewhat. But it gave me good ideas back in the > day. Care to elaborate? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: Server hardware advice.
On 8/7/2019 8:53 AM, Reco wrote: > On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: >> Hi all, >> >> I'm looking for advice on how to build a home server with a primary focus on >> security. I plan to run nextcloud and a mail server that will serve 3 to 5 >> people at most. >> >> My requirements are: >> >> A server setup that can be run with completely open source software and >> doesn't require any binaries to boot. I don't trust anything closed source >> for >> this particular project. >> >> A gigabit ethernet port. >> >> A USB3.0 port or SATA connector to attach storage to. >> >> Enough processor power and ram to run nextcloud and the mail server from an >> encrypted hard drive (LUKS) efficiently with moderate throughput saving and >> reading files from nextcloud. > > These fit all your requirements (i.e. it'll run stock buster kernel > without any additional firmware): > > Helios4 - [1]. 4 SATA ports controller attached to PCI-E. > GnuBee - [2]. 6 SATA ports attached to PCI-E. > Odroid HC2 - [3]. Single SATA port, attached to USB bus. > > >> So far I have been looking at single board computers like the ones listed >> here: https://wiki.debian.org/CheapServerBoxHardware#OSHW > > That list is outdated somewhat. But it gave me good ideas back in the > day. > > Reco > > [1] https://kobol.io/ > [2] http://gnubee.org/ > [3] https://www.hardkernel.com/shop/odroid-hc2-home-cloud-two/ > I don't have a room dedicated to my devices, is there any solution that is fan less? Url (3) looks to be the case. -- John Doe
Re: Don't disable recoomends by default
On Tue, Aug 06, 2019 at 07:40:25PM +0100, Brian wrote: > On Tue 06 Aug 2019 at 09:32:11 +0200, to...@tuxteam.de wrote: [...] > > And now let me get down from my soapbox and hand it over to someone > > else :-) > > We'd rather you stayed there to keep us up to the mark. Anyway, we > like the snazzy shirt you are wearing. Oops! And I thought I had my webcam covered? ;-) Cheers -- t signature.asc Description: Digital signature
Re: Server hardware advice.
On Wed, Aug 07, 2019 at 01:29:21AM -0400, Steven Mainor wrote: > Hi all, > > I'm looking for advice on how to build a home server with a primary focus on > security. I plan to run nextcloud and a mail server that will serve 3 to 5 > people at most. > > My requirements are: > > A server setup that can be run with completely open source software and > doesn't require any binaries to boot. I don't trust anything closed source > for > this particular project. > > A gigabit ethernet port. > > A USB3.0 port or SATA connector to attach storage to. > > Enough processor power and ram to run nextcloud and the mail server from an > encrypted hard drive (LUKS) efficiently with moderate throughput saving and > reading files from nextcloud. These fit all your requirements (i.e. it'll run stock buster kernel without any additional firmware): Helios4 - [1]. 4 SATA ports controller attached to PCI-E. GnuBee - [2]. 6 SATA ports attached to PCI-E. Odroid HC2 - [3]. Single SATA port, attached to USB bus. > So far I have been looking at single board computers like the ones listed > here: https://wiki.debian.org/CheapServerBoxHardware#OSHW That list is outdated somewhat. But it gave me good ideas back in the day. Reco [1] https://kobol.io/ [2] http://gnubee.org/ [3] https://www.hardkernel.com/shop/odroid-hc2-home-cloud-two/
Re: WiFi interface unexpected response
On Ma, 06 aug 19, 18:13:02, zetam.imap wrote: > > > Why do you need this if you configure wpa in /etc/network/interfaces? > > Normally the wireless interface is activated when a user accesses their > account on the graphical interface. > This host has to perform unattended tasks on that network even if no > user is logged in. Let me rephrase that: why do you need *both* /etc/network/interfaces and wpa_supplicant.conf? Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: qDslrDashboard anyone?
Johann Spies wrote: > How do I solve these problems? Read https://dslrdashboard.info/introduction/ Install dependencies. The application is written in C++ using the Qt Framework. It uses the OpenCV library for image processing, LibRaw library for RAW image processing and the libusb library for the USB communication. regards
Re: PROGRESS!! - was {Re: Wireless home LAN - WiFi vs Bluetooth?}
On Ma, 06 aug 19, 08:34:20, David Wright wrote: > On Tue 06 Aug 2019 at 08:44:41 (+0300), Andrei POPESCU wrote: > > On Lu, 05 aug 19, 14:55:11, David Wright wrote: > > > > > > I think it's made clear in the tomás quotation, about 18 lines above > > > Richard's citation of the same. Regardless, the OP is connecting two > > > machines (requiring firmware) running DEs on stretch, and has an > > > 8-port switch lying around too, so not much chance of needing to > > > chop up cables (unless in frustration at having to use them at all). > > > No progress reported yet, though, AFAICT. > > > > Maybe it's just me, but it was quite clear the OP excluded ethernet and > > the cable lying around was USB-to-USB. > > We live in hope. The OP may realise eventually that the USB-to-USB is > a dead end, a useful dead end in its day, like Kermit over RS232 which > gave me years of service in the 1980s and 1990s. It was 2013 when I > finally disposed of my 9/25-pin to 9/25-pin serial crossover cable. > It could have been very useful for the OP's Kaypro 10. Yes, they have > one of these lying around, but no room for Cat5 cables to any of their > other computers. So our hope is forlorn. Or should I say, we are a > forlorn hope. Regardless, it still make the entire "to crossover or not to crossover" pointless. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Server hardware advice.
You are correct. That was an oversight. Of all the items on that page I could probably afford the screwdriver and the heatsinks. I would like to keep the budget under $500 not including the hard drive(s) I already have drives. Less is better. -- Steven Mainor On August 7, 2019 1:52:15 AM EDT, Richard Hector wrote: >On 7/08/19 5:29 PM, Steven Mainor wrote: >> Hi all, >> >> I'm looking for advice on how to build a home server with a primary >focus on >> security. I plan to run nextcloud and a mail server that will serve 3 >to 5 >> people at most. >> >> My requirements are: >> >> A server setup that can be run with completely open source software >and >> doesn't require any binaries to boot. I don't trust anything closed >source for >> this particular project. >> >> A gigabit ethernet port. >> >> A USB3.0 port or SATA connector to attach storage to. >> >> Enough processor power and ram to run nextcloud and the mail server >from an >> encrypted hard drive (LUKS) efficiently with moderate throughput >saving and >> reading files from nextcloud. >> >> I would just build something x86 based but the amd/intel Platform >Security >> Processor/IME stuff makes me nervous. >> >> So far I have been looking at single board computers like the ones >listed >> here: https://wiki.debian.org/CheapServerBoxHardware#OSHW >> >> I like the OLinuXino A20 LIME2 but I am not sure the processor will >be enough >> to handle the overhead from an encrypted hard drive. I also don't >like that it >> is only 32-bit since that will limit the file size nextcloud can >handle as I >> understand it. >> >> Is there anything similar to the OLinuXino A20 LIME2 but more >powerful or is >> there a better option I haven't read about yet? > >You haven't mentioned a budget, but strong emphasis on security and >openness ... > >https://www.raptorcs.com/TALOSII/ ? > >Richard