Re: dropbox security situation

[Andrei POPESCU]

On Lu, 09 dec 19, 14:17:39, John Hasler wrote:
>  Jonas Smedegaard writes:
> > I dislike APG because it generates passwords difficult to remember -
> > without aiding in how to deal with that, which has a high risk of
> > passwords getting stored on physical notes in the top drawer...
> 
> Bruce Schneier recommends writing passwords down and then keeping the
> document containing them secure.

Not everybody has the luxury of typing password without danger of 
someone taking a peek over the shoulder.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: dropbox security situation

[Andrei POPESCU]

On Lu, 09 dec 19, 18:35:46, Celejar wrote:
> 
> I understand that many recommend encrypting the password store, but I
> haven't yet done this. 'pass', recommended by Jonas in another message
> in this thread, uses gpg to do this, and your recommendation of scrypt,
> IIUC, would serve a similar goal.
> 
> I don't want to have to constantly enter a master password to access my
> passwords. pass recommends using gpg-agent, but then how much does one
> really gain by the encryption? I use full disk encryption (cryptsetup /
> LUKS), so the password file is secure at rest, and when I'm actually
> using the system, if gpg-agent is used, then anyone with access to the
> machine can access the password file anyway. I guess one gets some
> additional security in the case where one walks away from
> the machine and leaves it running (and an attacker doesn't get there
> before gpg-agent evicts the password from the cache), and similar cases.
> 
> I admit that I'm not that familiar with gpg-agent, and am no expert in
> the topics under discussion. Please feel free to explain / remind
> me of aspects of the issues that I'm missing.

The recommendation to encrypt the password store is meant to avoid 
storing password in clear text on un-encrypted media, which is not much 
more secure than sticking them on post-its on your monitor.

Let's not forget https://www.xkcd.com/538/.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Best/Proper way to dist-upgrade Debian Testing except the kernel?

[Andrei POPESCU]

On Lu, 09 dec 19, 20:27:28, riveravaldez wrote:
> 
> Just to clarify: How long one could go on upgrading debian-testing
> (kernel included) without rebooting?

As long as it is acceptable for you to run the system with known 
security flaws.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: iptables firewall and web sites not loading

[Pascal Hambourg]

Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :


I am running an iptables firewall on an openwrt router I ve got. Which
acts as Firewall/gateway and performs NATing for my internal network -
debian PCs and android phones.

All good but specific web sites are not loading for the machines that
are sitting behind the home router.

When attempting on the browser (firefox but tried different ones) the
browser stays at `Performing a TLS handshake to bitbucket.org`. wget has
similar results:
```
wget  https://bitbucket.org
--2019-12-09 22:07:32--  https://bitbucket.org/
Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1,
18.205.93.2, ... Connecting to bitbucket.org
(bitbucket.org)|18.205.93.0|:443... connected.
```
When doing a tcpdump on the router side I can see some initial TCP
session establishment and then nothing:

(...)

Of course doing a wget from the router itself works fine as it also
works fine on my desktop if I do dynamic port-forwarding with eg. `ssh
-D 1050 router` (and configure of course firefox to use it).


Maybe a "MTU black hole" issue with PPPoE.
Workarounds :
- lower the MTU on the client side to 1492
- add a "TCPMSS --clamp-to-pmtu" iptables rule on the router

Re: Best/Proper way to dist-upgrade Debian Testing except the kernel?

[songbird]

riveravaldez wrote:
...
> Hi, thanks a lot for the answers/info.
>
> Just to clarify: How long one could go on upgrading debian-testing
> (kernel included) without rebooting?

  why would you not want to reboot?  if you aren't going to
use the upgrades why are you making them?  if you think there
are too many risks in rebooting then you perhaps should be
sticking to stable.

  every time i start up in the morning i check updates and
reboot or restart if checkrestart shows anything is using
updated libraries.  checkrestart is in package debian-goodies.


  songbird

Re: iptables firewall and web sites not loading

[john doe]

On 12/10/2019 12:01 AM, Nektarios Katakis wrote:
> Hello,
>
> I am running an iptables firewall on an openwrt router I ve got. Which
> acts as Firewall/gateway and performs NATing for my internal network -
> debian PCs and android phones.
>
> All good but specific web sites are not loading for the machines that
> are sitting behind the home router.
>
> When attempting on the browser (firefox but tried different ones) the
> browser stays at `Performing a TLS handshake to bitbucket.org`. wget has
> similar results:
> ```
> wget  https://bitbucket.org
> --2019-12-09 22:07:32--  https://bitbucket.org/
> Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1,
> 18.205.93.2, ... Connecting to bitbucket.org
> (bitbucket.org)|18.205.93.0|:443... connected.
> ```
> When doing a tcpdump on the router side I can see some initial TCP
> session establishment and then nothing:
> ```
> tcpdump -vvvi br-lan port 443 | grep bitbucket.org
> tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size
> 262144 bytes
> 192.168.2.168.54440 > bitbucket.org.443: Flags [S], cksum 0xb3a3
> (correct), seq 2816225641, win 29200, options [mss 1460,sackOK,TS val
> 15744661 ecr 0,nop,wscale 7], length 0 bitbucket.org.443 >
> 192.168.2.168.54440: Flags [S.], cksum 0x5c8d (correct), seq
> 1149625734, ack 2816225642, win 26847, options [mss 1460,sackOK,TS val
> 4256708721 ecr 15744661,nop,wscale 7], length 0 192.168.2.168.54440 >
> bitbucket.org.443: Flags [.], cksum 0xf33d (correct), seq 1, ack 1, win
> 229, options [nop,nop,TS val 15744683 ecr 4256708721], length 0
> 192.168.2.168.54440 > bitbucket.org.443: Flags [P.], cksum 0x58a5
> (correct), seq 1:221, ack 1, win 229, options [nop,nop,TS val 15744684
> ecr 4256708721], length 220 bitbucket.org.443 > 192.168.2.168.54440:
> Flags [.], cksum 0xf211 (correct), seq 1, ack 221, win 219, options
> [nop,nop,TS val 4256708810 ecr 15744684], length 0 bitbucket.org.443 >
> 192.168.2.168.54440: Flags [P.], cksum 0x9998 (correct), seq 2897:3668,
> ack 221, win 219, options [nop,nop,TS val 4256708810 ecr 15744684],
> length 771 192.168.2.168.54440 > bitbucket.org.443: Flags [.], cksum
> 0x4e08 (correct), seq 221, ack 1, win 251, options [nop,nop,TS val
> 15744705 ecr 4256708810,nop,nop,sack 1 {2897:3668}], length 0 ```
>
> Of course doing a wget from the router itself works fine as it also
> works fine on my desktop if I do dynamic port-forwarding with eg. `ssh
> -D 1050 router` (and configure of course firefox to use it).
>
> I m not sure what might be wrong here tbh. Of course other (most) sites
> work fine without dynamic forwarding or anything.
>
> I am attaching the output of `iptables --list-rules` for whoever is
> patient enough to read.
>
> Any help would be appreciated.
>

Are you still seeing the error if you do:

$ /etc/init.d/firewall stop


WARNING: You will not have any firewall protection if you do that

Is the issue still manifesting itself if the configuration is reset to
factory default?


This is a Debian mailing list, you might be better off on the OpenWrt forum.

--
John Doe

Re: Shouldn't a window manager has xserver as dependency ?

[Roberto C . Sánchez]

On Tue, Dec 10, 2019 at 02:04:54AM +0200, aprekates wrote:
>sudo apt-cache depends twm
>twm
>  Depends: menu
>  Depends: libc6
>  Depends: libice6
>  Depends: libsm6
>  Depends: libx11-6
>  Depends: libxext6
>  Depends: libxmu6
>  Depends: libxt6
> 
>$ sudo apt-cache show twm
>
>Provides: x-window-manager
>
>Description-en: Tab window manager
> twm is a window manager for the X Window System.  It provides title bars,
> shaped windows, several forms of icon management, user-defined macro
> functions, click-to-type and pointer-driven keyboard focus, and
> user-specified key and pointer button bindings.
> 
>So my question is , shouldnt a window manager has the xserver as a
>depedency?

Why?  There is no reason that the X server must be running on the same
host.

Regards,

-Roberto
-- 
Roberto C. Sánchez

Shouldn't a window manager has xserver as dependency ?

[aprekates]

sudo apt-cache depends twm
twm
  Depends: menu
  Depends: libc6
  Depends: libice6
  Depends: libsm6
  Depends: libx11-6
  Depends: libxext6
  Depends: libxmu6
  Depends: libxt6

$ sudo apt-cache show twm

Provides: x-window-manager

Description-en: Tab window manager
 twm is a window manager for the X Window System. It provides title bars,
 shaped windows, several forms of icon management, user-defined macro
 functions, click-to-type and pointer-driven keyboard focus, and
 user-specified key and pointer button bindings.

So my question is , shouldnt a window manager has the xserver as a 
depedency?


Alexandros.

Re: dropbox security situation

[Celejar]

On Mon, 9 Dec 2019 19:34:29 +
Brian  wrote:

> On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:

...

> > Although I almost always use it with its --secure option, since I
> > don't try to memorize passwords, but instead record them (in a plain
> > text file) - who can remember hundreds of passwords?
> 
> Indeed. Memorising is part of the password problem. I've indicated a
> possible solution that does not rely on the fallibility of memory in 
> another mail.
> 
> Your plain text storage method would benefit immensley from using the
> scrypt package.

I understand that many recommend encrypting the password store, but I
haven't yet done this. 'pass', recommended by Jonas in another message
in this thread, uses gpg to do this, and your recommendation of scrypt,
IIUC, would serve a similar goal.

I don't want to have to constantly enter a master password to access my
passwords. pass recommends using gpg-agent, but then how much does one
really gain by the encryption? I use full disk encryption (cryptsetup /
LUKS), so the password file is secure at rest, and when I'm actually
using the system, if gpg-agent is used, then anyone with access to the
machine can access the password file anyway. I guess one gets some
additional security in the case where one walks away from
the machine and leaves it running (and an attacker doesn't get there
before gpg-agent evicts the password from the cache), and similar cases.

I admit that I'm not that familiar with gpg-agent, and am no expert in
the topics under discussion. Please feel free to explain / remind
me of aspects of the issues that I'm missing.

Celejar

Re: Best/Proper way to dist-upgrade Debian Testing except the kernel?

[riveravaldez]

On 12/4/19, songbird  wrote:
> Sven Hartge wrote:
>> riveravaldez  wrote:
>>
>>> Because updating the kernel requires to reboot the system -AFAIK- in
>>> many cases I would prefer to 'dist-upgrade' (all packages) except the
>>> kernel -until a moment in which I can reboot the system-, so:
>>
>>> 1. Is this something right/viable/acceptable to do?
>>
>> You don't *need* to reboot the system the very moment an new kernel is
>> installed. Just upgrade all packages including the kernel and reboot
>> when it is convenient for you.
>
>   yes, the other thing worth mentioning is how to find
> out which versions you have installed to begin with.
>
>   i commonly use dpkg -l with grep to find out so for
> the kernel images i would use:
>
>  $ dpkg -l | grep linux-image

Hi, thanks a lot for the answers/info.

Just to clarify: How long one could go on upgrading debian-testing
(kernel included) without rebooting?

Thanks again.

Re: EPSON TM-T20

[Leandro Guimarães Faria Corcete DUTRA]

9 dez 2019 à 19:42 −3, Luís Cláudio A. Gama:
> Eu já imprimo qrcode em outras impressoras, porém todas seriais
> (daruma e tanca). Essa tanca usa os mesmos comandos escpos da epson.
> A tanca eu tive que trocar o firmware pra serial.  Todas as que
> imprimem estão em /dev/tty(alguma coisa) e essa Epson está em
> /dev/usb/lp1... não encontro nenhuma info que me ajude.  E contatar
> o suporte Epson não está fácil.  Não acho que meu problema está nos
> comandos escpos .

Não sabemos ainda qual o programa aplicativo, qual o sistema de
impressão, qual a interface de conexão, nem sequer qual o sintoma.
Fica difícil ajudar.

Isso dito, nunca ouvi falar de Escpos.  Não sei se alguém aqui
na lista conhece.


-- 
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 99302 2691   http://en.dutras.org/
BRAZIL GMT−3
https://useplaintext.email/#why-plaintext

iptables firewall and web sites not loading

[Nektarios Katakis]

Hello,

I am running an iptables firewall on an openwrt router I ve got. Which
acts as Firewall/gateway and performs NATing for my internal network -
debian PCs and android phones.

All good but specific web sites are not loading for the machines that
are sitting behind the home router. 

When attempting on the browser (firefox but tried different ones) the
browser stays at `Performing a TLS handshake to bitbucket.org`. wget has
similar results: 
```
wget  https://bitbucket.org
--2019-12-09 22:07:32--  https://bitbucket.org/
Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1,
18.205.93.2, ... Connecting to bitbucket.org
(bitbucket.org)|18.205.93.0|:443... connected.
```
When doing a tcpdump on the router side I can see some initial TCP
session establishment and then nothing:
```
tcpdump -vvvi br-lan port 443 | grep bitbucket.org
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size
262144 bytes
192.168.2.168.54440 > bitbucket.org.443: Flags [S], cksum 0xb3a3
(correct), seq 2816225641, win 29200, options [mss 1460,sackOK,TS val
15744661 ecr 0,nop,wscale 7], length 0 bitbucket.org.443 >
192.168.2.168.54440: Flags [S.], cksum 0x5c8d (correct), seq
1149625734, ack 2816225642, win 26847, options [mss 1460,sackOK,TS val
4256708721 ecr 15744661,nop,wscale 7], length 0 192.168.2.168.54440 >
bitbucket.org.443: Flags [.], cksum 0xf33d (correct), seq 1, ack 1, win
229, options [nop,nop,TS val 15744683 ecr 4256708721], length 0
192.168.2.168.54440 > bitbucket.org.443: Flags [P.], cksum 0x58a5
(correct), seq 1:221, ack 1, win 229, options [nop,nop,TS val 15744684
ecr 4256708721], length 220 bitbucket.org.443 > 192.168.2.168.54440:
Flags [.], cksum 0xf211 (correct), seq 1, ack 221, win 219, options
[nop,nop,TS val 4256708810 ecr 15744684], length 0 bitbucket.org.443 >
192.168.2.168.54440: Flags [P.], cksum 0x9998 (correct), seq 2897:3668,
ack 221, win 219, options [nop,nop,TS val 4256708810 ecr 15744684],
length 771 192.168.2.168.54440 > bitbucket.org.443: Flags [.], cksum
0x4e08 (correct), seq 221, ack 1, win 251, options [nop,nop,TS val
15744705 ecr 4256708810,nop,nop,sack 1 {2897:3668}], length 0 ```

Of course doing a wget from the router itself works fine as it also
works fine on my desktop if I do dynamic port-forwarding with eg. `ssh
-D 1050 router` (and configure of course firefox to use it).

I m not sure what might be wrong here tbh. Of course other (most) sites
work fine without dynamic forwarding or anything.

I am attaching the output of `iptables --list-rules` for whoever is
patient enough to read.

Any help would be appreciated.

-- 
Regards,
Nektarios Katakis
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N forwarding_dmz_rule
-N forwarding_lan_rule
-N forwarding_rule
-N forwarding_wan_rule
-N input_dmz_rule
-N input_lan_rule
-N input_rule
-N input_wan_rule
-N output_dmz_rule
-N output_lan_rule
-N output_rule
-N output_wan_rule
-N reject
-N syn_flood
-N zone_dmz_dest_ACCEPT
-N zone_dmz_forward
-N zone_dmz_input
-N zone_dmz_output
-N zone_dmz_src_ACCEPT
-N zone_lan_dest_ACCEPT
-N zone_lan_forward
-N zone_lan_input
-N zone_lan_output
-N zone_lan_src_ACCEPT
-N zone_wan_dest_ACCEPT
-N zone_wan_dest_REJECT
-N zone_wan_forward
-N zone_wan_input
-N zone_wan_output
-N zone_wan_src_REJECT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" 
-j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment 
"!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i br-dmz -m comment --comment "!fw3" -j zone_dmz_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j 
forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment 
"!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i br-dmz -m comment --comment "!fw3" -j zone_dmz_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment 
"!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o br-dmz -m comment --comment "!fw3" -j zone_dmz_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with 
icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 
25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_dmz_dest_ACCEPT 

Re: Impressão com Epson M3170

[Leandro Guimarães Faria Corcete DUTRA]

6 dez 2019 15:10 −3, Lucio Stringari Junior:
> > Não sei que interface usas — tem o famoso http://localhost:631/ que
> > é a interface nativa do Cups.  
> Uso aqui na interface do mate, vou em "Sistema > Administração > 
> Configuração de impressora"

E que acionador de dispositivo diz que está selecionado lá?


> > Mas sempre se pode olhar em
> > file:/etc/cups/printers.conf
> fiz um cat deste arquivo e postei aqui 
> https://paste.debian.net/1119827/

A linha relevante é MakeModel M3170 Series - IPP Everywhere.  Não a
compreendo.  Talvez o protocolo IPP tenha alguma forma de resolver a
linguagem de impressão, mas até aí, morreu o Neves.


> Tentei fazer uma nova instalação, desta vez utilizei a conexão
> "Fila LPD/LPR "PASSTHRU"".

Isso, que eu saiba, só funciona com conexão Ethernet.  Seria o caso?


> Procurei o driver na lista Epson M3170

Sim, mas qual?  Postscript, Esc/P?



> Então eu extraí o *.deb que baixei do site, e procurei o ppd, 
> descompactei e informei usando a interface de instalação 
> http://localhost:631/, porém, após a instalação a coluna status da 
> impressora apresentou a seguinte mensagem:
> 
> Idle - "Arquivo 
> "/opt/epson-inkjet-printer-escpr2/cups/lib/filter/epson-escpr-
> wrapper2" não está disponível: No such file or directory"

Bom, pelo jeito o PPD não é padrão; em vez de descrever uma impressora
Postscript, aponta para um conversor Esc/P.


> A interface não fará diferença.  O que tem de ver é o cabeçalho do
> arquivo de impressão, e o PPD ou conversor utilizado.

Ainda falta o cabeçalho para tentar o diagnóstico.


-- 
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 99302 2691   http://en.dutras.org/
BRAZIL GMT−3
https://useplaintext.email/#why-plaintext

Re: EPSON TM-T20

[Luís Cláudio A . Gama]

Eu já imprimo qrcode em outras impressoras, porém todas seriais ( daruma e
tanca ). Essa tanca usa os mesmos comandos escpos da epson.
A tanca eu tive que trocar o firmware pra serial.
Todas as que imprimem estão em /dev/tty(alguma coisa) e essa Epson está em
/dev/usb/lp1... não encontro nenhuma info que me ajude.
E contatar o suporte Epson não está fácil.
Não acho que meu problema está nos comandos escpos .

Grato

Em seg, 9 de dez de 2019 19:34, Leandro Guimarães Faria Corcete DUTRA <
l...@dutras.org> escreveu:

> 9 dez 2019 18:49 −3, Luís Cláudio A. Gama:
> > Pessoal, uma perguntinha fora do Debianmas estou com um problema
> > para imprimir QR Code com ESC POS, na Epson TM-T20 ( térmica
> > )...estou tentando contatar o suporte Epson, mas está sendo um
> > verdadeiro calvário.
>
> Absolutamente impossível ajudar sem maiores informações.
>
>
> --
> +55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
> +55 (61) 99302 2691   http://en.dutras.org/
> BRAZIL GMT−3
> https://useplaintext.email/#why-plaintext
>
>

Re: EPSON TM-T20

[Leandro Guimarães Faria Corcete DUTRA]

9 dez 2019 18:49 −3, Luís Cláudio A. Gama:
> Pessoal, uma perguntinha fora do Debianmas estou com um problema
> para imprimir QR Code com ESC POS, na Epson TM-T20 ( térmica
> )...estou tentando contatar o suporte Epson, mas está sendo um
> verdadeiro calvário.

Absolutamente impossível ajudar sem maiores informações.


-- 
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 99302 2691   http://en.dutras.org/
BRAZIL GMT−3
https://useplaintext.email/#why-plaintext

Re: [OT] Google security

[Nicholas Geovanis]

On Mon, Dec 9, 2019 at 2:29 PM John Hasler  wrote:

>  Nicholas Geovanis writes:
> > You are safe (now) so others' freedoms need not be respected. Your
> > first jump down the slippery slope :-) Jefferson the slave-master
> > would have said that you have taken one hand off the wolf's ears.
> > Good luck :-) don't let go the other ear or you become the slave this
> > time..
>
> You clearly didn't read the rest of what I wrote.


Incorrect. I read it all closely. Hence my response.


> Attempting to use
> technical measures to prevent NSA from analyzing the packets I send off
> to Web sites should they choose to do so is hopeless.


I made no such claim for any technical solution. Despite 4 decades as a
technologist, I have never
made such a claim here or elsewhere.


> The correct
> approach to that problem is through the political process (limit their
> budget).  However, they do not pose an immediate threat of injury.
>

They do not pose an immediate threat of injuryto you.
Others are not so fortunate. So you missed Thomas Jefferson's point.


> Criminals do.  Concentrate technical efforts on the latter threat, where
> they have some hope of working.  Concentrate political efforts on the
> former.
>

Our elected officials are constantly indicted as criminals. So are our
law-enforcement
officers. Therefore the set of criminals and the set of "political
processes" intersect and
their intersection is non-null. So concentrating on one threat means, in
reality, concentrating
on both. Welcome to the real Real World :-)

-- 
> John Hasler
> jhas...@newsguy.com
> Elmwood, WI USA
>
>

Re: Impossible de supprimer repertoire : Fonction non implantée

[Pascal Hambourg]

Le 09/12/2019 à 23:04, ajh-valmer a écrit :

On Monday 09 December 2019 22:17:34 Pascal Hambourg wrote:

Le 09/12/2019 à 21:16, ajh-valmer a écrit :

Je souhaite supprimer des répertoires dans ce répertoire :
/var/lib/os-prober/mount/home/vmail/

Pour quelle raison ?

(...)

Ça ne répond pas à la question.


Toi non plus, tu ne réponds pas à ma question.

"Dis-moi de quoi tu as besoin et je te dirai comment t'en passer" n'est 
pas toujours une blague communiste.



Ce répertoire contient une quantité énorme de répertoires et fichiers,
qui correspond à mon serveur de mails.


Et donc, pourquoi veux-tu les supprimer ?
Et pourquoi via /var/lib/os-prober/mount/ et non via son emplacement 
normal /home/vmail/ ?



D'ou vient ce répertoire "virtuel" ?


Qu'en dit mount ?

Re: Impossible de supprimer repertoire : Fonction non implantée

[ajh-valmer]

On Monday 09 December 2019 22:17:34 Pascal Hambourg wrote:
> Le 09/12/2019 à 21:16, ajh-valmer a écrit :
> > Je souhaite supprimer des répertoires dans ce répertoire :
> > /var/lib/os-prober/mount/home/vmail/
> Pour quelle raison ?
> > rm -Rf Maildir/cur
> > rm: impossible de supprimer 'Maildir/cur': Fonction non implantée
> > ce répertoire existe pourtant...
> 
> Le message ne dit pas que le répertoire n'existe pas mais que la 
> suppression n'est pas implantée (implémentée).
> As-tu essayé en anglais ? Il faut préfixer la commande avec LANG=C sur 
> la même ligne.
> Mais il me semble que /var/lib/os-prober/mount/ est un point de montage 
> temporaire utilisé par os-prober avec le type fuse.grub-mount pour 
> explorer les systèmes de fichiers à la recherche d'autres systèmes 
> d'exploitation.
> $ mount | grep grub
> grub-mount on /var/lib/os-prober/mount type fuse.grub-mount 
> (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
> Il se pourrait que ce type de montage interdise la modification.

Ça ne répond pas à la question.

(un peu comme les répertoires /proc et /sys).

Ce répertoire contient une quantité énorme de répertoires et fichiers,
qui correspond à mon serveur de mails.

/var/lib/os-prober/mount/home/vmail/
# du -h
"impossible d'accéder à :
'./...-bounces/Maildir/new/1553593757.M457220P19528.association-.,S=7305,W=7449':
 
Argument invalide".

et ce, sur des milliers de lignes.

D'ou vient ce répertoire "virtuel" ?

EPSON TM-T20

[Luís Cláudio A . Gama]

Pessoal, uma perguntinha fora do Debianmas estou com um problema para
imprimir QR Code com ESC POS, na Epson TM-T20 ( térmica )...estou tentando
contatar o suporte Epson, mas está sendo um verdadeiro calvário.
Eu imprimo em outras impressoras, mas nessa trava...acho que tem que fazer
alguma configuração nela.

Agradeço a atenção

Luís Cláudio A. Gama
Fones: TIM:  11 9 7765-1735  Res: 11-4602-3400
Skype: luisclaudiogama   http://luisgama.googlepages.com

br.linkedin.com/in/luisclaudiogama



||\|_
|  Voto Distrital !|||"'|""\__
|__|||_||)
!(@)'(@)*!(@)(@)*!(@)

[image: Mailtrack]

Remetente
notificado por
Mailtrack

09/12/19
18:47:16

Re: Instalar debian

[Paynalton]

después de que inicie presiona CONTROL mas ALT mas  EFE UNO para que el
sistema pase a la consola TE TE UNO.

Después ingresa con el usuario ROOT, Enter, y la contraseña que elegiste,
eso te dejará con la terminal abierta y permisos de administrador, a partir
de allí puedes revisar los registros de error para ver porqué no inicia o
que está sucediendo. Igual puedes instalar paquetes o iniciar servicios si
es que el instalador olvidó algo.





El lun., 9 dic. 2019 a las 14:22, mauro ()
escribió:

> Hola compañeros, buenos días para todos.
>
> otra vez he vuelto con un par de consultas sobre la instalación de debian.
>
>
> He seguido sus recomendaciones de la mejor manera de instalar el sistema
> base más el escritorio gnome, pero no sé que hago mal, porque cuando
> termina la instalación, y tiene que reiniciarse el sistema, nunca pasa
> nada, se queda cargando por un largo rato, y pulso ALT+SUPER+S varias
> veces sin ninguna respuesta.
>
> Que no era que cuando se instalaba el sistema con las opciones de
> accesibilidad al momento de arrancar por primera vez estas
> características ya estarían activadas?
>
> o eso me pareció leer en la página.
>
>
>
> también he probado ejecutar el sistema desde el live, y no comprendo
> porqué cuando ejecuto la opción de instalar debian, el orca en esa
> ventana se silencia, como si no fuese compatible.
>
> ¿Alguno sabe por qué pasa esto?
>
>
>
> Muchas gracias por sus respuestas,
>
> un saludo para todos.
>
>
>

Re: Wifi gencat ENS EDU

[xavi]

Només t'ho fa amb aquesta connexió wifi?

Que te diu /var/log/syslog quan proves de connectar-te?

Exactament quin wifi tens al portàtil? quina és la sortida de la comanda 
lspci?


Dona'ns una mica més d'informació :-)

PD: jo també em connecto via Eduroam everywhere sense problemes amb 
Debian 10. I també em temo que serà un asunto de configuració.


x.

El 9/12/19 a les 18:39, Iker Bilbao ha escrit:

Bones,

Val la pena provar amb un altre gestor (wicd) o fins i tot amb un 
usb-wifi per descartar problema del hardware?


No vull defallir però és que ni és meu el portàtil i davant hi ha una 
pared.


Gràcies,
*
*
*Iker.*
*
*


-Missatge original-

*Data*: Mon, 9 Dec 2019 18:25:03 +0100
*Assumpte*: Re: Wifi gencat ENS EDU
*Per a*: debian-user-catalan@lists.debian.org 


*De*: Enric mailto:enric%20%3cen...@musaik.net%3e>>
Salut,

amb tot l'amor del món. El que et dóna un consell com aquest, 
senzillament et dóna la millor opció que et pot oferir, però 
evidentment que t'hi pots connectar.
Em connecto a eduroam sense problemes amb debian o la distribució que 
vulguis.
Però si que és cert que amb eduroam, que no és el mateix, però en 
l'enllaç que has posat dóna la sensació que la configuració 
s'assembla, has d'anar en compte amb els paràmetres.


Ser que he configurat eduroam seguint els passos del PEAP, que no cal 
certificat, MSCHAPv2, ... tal i com diu l'enllaç, però en altres no hi 
he posat res d'això i se m'ha configurat a la primera.
No t'ajudo, però t'animo i si cal, miraré al portàtil com ho tinc 
configurat.


Vinga,

Salut i desobediència!

  Enric.

El 9/12/19 a les 18:19, Iker Bilbao ha escrit:

bones,

Tinc problemes per connectar un portàtil amb Ubuntu a l'institut.
Tot i la guia: 
http://linkat.xtec.cat/portal_linkat/wikilinkat/index.php/Wifi_gencat_ENS_EDU


L'únic consell que em donen és passar-me a Windows.
Algú s'hi ha trobat? Cap recomanació?
Em diuen el login és correcte.

Gràcies,

*Iker.*





--
Llibertat d'Expressió! Prou Feixisme!
*Rap per la llibertat d'Expressió 
*

Re: [OT] Google security

[Nicolas George]

Charles Curley (12019-12-09):
> Archaeological record.

Are not history.

Can we close this useless subthread now?

Re: Impossible de supprimer repertoire : Fonction non implantée

[Pascal Hambourg]

Le 09/12/2019 à 21:16, ajh-valmer a écrit :


Je souhaite supprimer des répertoires dans ce répertoire :
/var/lib/os-prober/mount/home/vmail/


Pour quelle raison ?


rm -Rf Maildir/cur
rm: impossible de supprimer 'Maildir/cur': Fonction non implantée
ce répertoire existe pourtant...


Le message ne dit pas que le répertoire n'existe pas mais que la 
suppression n'est pas implantée (implémentée).



Google ne connait pas ce message.


As-tu essayé en anglais ? Il faut préfixer la commande avec LANG=C sur 
la même ligne.


Mais il me semble que /var/lib/os-prober/mount/ est un point de montage 
temporaire utilisé par os-prober avec le type fuse.grub-mount pour 
explorer les systèmes de fichiers à la recherche d'autres systèmes 
d'exploitation.


$ mount | grep grub
grub-mount on /var/lib/os-prober/mount type fuse.grub-mount 
(rw,nosuid,nodev,relatime,user_id=0,group_id=0)


Il se pourrait que ce type de montage interdise la modification.

Re: dropbox security situation

[Jonas Smedegaard]

Quoting John Hasler (2019-12-09 21:17:39)
>  Jonas Smedegaard writes:
> > I dislike APG because it generates passwords difficult to remember - 
> > without aiding in how to deal with that, which has a high risk of 
> > passwords getting stored on physical notes in the top drawer...
> 
> Bruce Schneier recommends writing passwords down and then keeping the 
> document containing them secure.

Yes, and that's what the tool "pass" helps you do.

(among others, and you can choose to debate all options to death here if 
you really reay want).

Even better is to reduce the use of passwords, e.g. using monkeysphere - 
but that's a whole new discussion.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: [OT] Google security

[Andrei POPESCU]

On Lu, 09 dec 19, 14:28:39, John Hasler wrote:
>  Nicholas Geovanis writes:
> > You are safe (now) so others' freedoms need not be respected. Your
> > first jump down the slippery slope :-) Jefferson the slave-master
> > would have said that you have taken one hand off the wolf's ears.
> > Good luck :-) don't let go the other ear or you become the slave this
> > time..
> 
> You clearly didn't read the rest of what I wrote.  Attempting to use
> technical measures to prevent NSA from analyzing the packets I send off
> to Web sites should they choose to do so is hopeless.  The correct
> approach to that problem is through the political process (limit their
> budget).  However, they do not pose an immediate threat of injury.
> Criminals do.  Concentrate technical efforts on the latter threat, where
> they have some hope of working.  Concentrate political efforts on the
> former.

"Criminals" are what the law defines them to be. Laws can be created and 
/ or changed as needed.

Kind regards,
Andrei (still remembering a regime where listening to the "wrong" radio 
station could get one in trouble).
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: [OT] Google security

[Charles Curley]

On Mon, 9 Dec 2019 20:01:04 +0100
Nicolas George  wrote:

> Maybe you have studied a lot of it, but apparently not in depth enough
> to know that we have less than 5500 years of it.

Archaeological record.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/


pgpCNcIPoc1FJ.pgp
Description: OpenPGP digital signature

Re: dropbox security situation

[Jonas Smedegaard]

Quoting John Hasler (2019-12-09 20:40:06)
>  Charles Curley writes:
> > There is a handy password generator available on Debian, called APG
> > (Automated Password Generator), which will generate passwords for you.
> > The default settings yield a fairly strong password, but you can
> > modify those to make the results even stronger.
> 
> Considering the comments in the package description pwgen might be a
> better choice.

Agreed.  And xkcdpass even better.

Please read my previous post, where I link to an article documenting in 
detail why.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: [OT] Google security

[John Hasler]

Charles Curley writes:
> How do you know that? Mr. Snowden, among others, has made it
> abundantly clear that the US government is perfectly willing to do
> mass surveillance and other intrusions without the slightest notice to
> the Congress, never mind the public.

Read what I actually wrote.  I did not say that they do not do mass
surveillance nor did I say that I do not find that objectionable.

What I did say is that realistically, the government is not going to
take any action against me based on what NSA's computers read.  I am
simply not a "person of interest".  This is not true of criminals who
attempt similar efforts, so I concentrate my technical efforts on them.
If the goverment's efforts are blocked as a side-effect, fine.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: [OT] Google security

[John Hasler]

 Nicholas Geovanis writes:
> You are safe (now) so others' freedoms need not be respected. Your
> first jump down the slippery slope :-) Jefferson the slave-master
> would have said that you have taken one hand off the wolf's ears.
> Good luck :-) don't let go the other ear or you become the slave this
> time..

You clearly didn't read the rest of what I wrote.  Attempting to use
technical measures to prevent NSA from analyzing the packets I send off
to Web sites should they choose to do so is hopeless.  The correct
approach to that problem is through the political process (limit their
budget).  However, they do not pose an immediate threat of injury.
Criminals do.  Concentrate technical efforts on the latter threat, where
they have some hope of working.  Concentrate political efforts on the
former.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Running sudo without being in sudo group.

[Andrei POPESCU]

On Lu, 09 dec 19, 12:54:24, aprekates wrote:
> 
> I'll refreshed my wiki creds. I'll try to use it. Just wasnt sure for that.

If in doubt just ask here ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: [OT] Google security

[Andrei POPESCU]

On Lu, 09 dec 19, 11:16:32, John Hasler wrote:
> Charlie writes:
> > Over many years, although, I may not ever be in possession of anything
> > of interest to anyone?
> 
> There are two distinct "security" condsiderations here that are often
> munged together:
> 
> 1) Our ethical/moral/political objections to being tracked and snooped
>on.
> 
> 2) Our actual risk of injury[1] due to security failures.
> 
> Both are important, but the second should be addressed first.  It should
> be done objectively, by first constructing a threat model: who or what
> could (and would) actually harm you?  The data trawling activities of my
> government[2] angers me but when I think about it objectively I realize
> that it does me no actual harm: I'm simply not someone they care about.
 
In my opinion that's a dangerous assumption. If you're not aware of any 
actual case of harm you probably didn't look close enough.

(Not trying to single out your government. Even if mine would turn out 
to be "better" it would likely be so only due to incompetence and/or 
lack of resources, not the moral or ethics of the decision makers.)

> [1] Injury in a legal sense, ranging from death to loss of property to
> embarrassment.
> 
> [2] If you believe that your government doesn't do it too you are
> extremely naive.

With the current technology and the (increasing) willingness of ordinary 
people to expose so many aspects about themselves I believe the current 
capabilities of governments significantly surpass those of 80s 
totalitarian regimes.

This by itself should be scary and reminds me of the "boiling frog".
https://en.wikipedia.org/wiki/Boiling_frog

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Instalar debian

[mauro]

Hola compañeros, buenos días para todos.

otra vez he vuelto con un par de consultas sobre la instalación de debian.


He seguido sus recomendaciones de la mejor manera de instalar el sistema 
base más el escritorio gnome, pero no sé que hago mal, porque cuando 
termina la instalación, y tiene que reiniciarse el sistema, nunca pasa 
nada, se queda cargando por un largo rato, y pulso ALT+SUPER+S varias 
veces sin ninguna respuesta.


Que no era que cuando se instalaba el sistema con las opciones de 
accesibilidad al momento de arrancar por primera vez estas 
características ya estarían activadas?


o eso me pareció leer en la página.



también he probado ejecutar el sistema desde el live, y no comprendo 
porqué cuando ejecuto la opción de instalar debian, el orca en esa 
ventana se silencia, como si no fuese compatible.


¿Alguno sabe por qué pasa esto?



Muchas gracias por sus respuestas,

un saludo para todos.

Re: dropbox security situation

[John Hasler]

 Jonas Smedegaard writes:
> I dislike APG because it generates passwords difficult to remember -
> without aiding in how to deal with that, which has a high risk of
> passwords getting stored on physical notes in the top drawer...

Bruce Schneier recommends writing passwords down and then keeping the
document containing them secure.

"Never write a password down!" comes from the days when the typical user
had a single password which she used to log on to the Vax from the VT220
on her desk in her cubicle. The admonition was intended to stop her from
writing it on a Post-It note and sticking it on the corner of her
terminal (or, if she was security minded, hiding it under her blotter).
The sysadmins, who kept a copy of the root passsword in the safe, saw no
reason why she couldn't just memorize the damn thing.  It was only six
letters, after all, and if she forgot it they would give her a new one.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Impossible de supprimer repertoire : Fonction non implantée

[ajh-valmer]

Bonsoir,

Je souhaite supprimer des répertoires dans ce répertoire :
/var/lib/os-prober/mount/home/vmail/

rm -Rf Maildir/cur
rm: impossible de supprimer 'Maildir/cur': Fonction non implantée
ce répertoire existe pourtant...

Je n'ai jamais eu ce type de message d'erreur.
Google ne connait pas ce message.

Que faire ?

Bonne soirée.

A. Valmer

Re: [OT] Google security

[Brian]

On Mon 09 Dec 2019 at 19:50:21 +, Brian wrote:

> On Mon 09 Dec 2019 at 11:58:57 -0600, Nicholas Geovanis wrote:
> 
> > On Mon, Dec 9, 2019 at 11:17 AM John Hasler  wrote:
> > 
> > >  The data trawling activities of my
> > > government[2] angers me but when I think about it objectively I realize
> > > that it does me no actual harm: I'm simply not someone they care about.
> 
> I see nothing like this in the John Hasler post you are responding to.
> You might want to reconsider waht you said.

Forget about this. I am losing my grip.

-- 
Brian.

Re: [OT] Google security

[Brian]

On Mon 09 Dec 2019 at 11:58:57 -0600, Nicholas Geovanis wrote:

> On Mon, Dec 9, 2019 at 11:17 AM John Hasler  wrote:
> 
> >  The data trawling activities of my
> > government[2] angers me but when I think about it objectively I realize
> > that it does me no actual harm: I'm simply not someone they care about.

I see nothing like this in the John Hasler post you are responding to.
You might want to reconsider waht you said.

-- 
Brian.

Re: dropbox security situation

[John Hasler]

 Charles Curley writes:
> There is a handy password generator available on Debian, called APG
> (Automated Password Generator), which will generate passwords for you.
> The default settings yield a fairly strong password, but you can
> modify those to make the results even stronger.

Considering the comments in the package description pwgen might be a
better choice.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: dropbox security situation

[Brian]

On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:

> On Mon, 09 Dec 2019 16:31:35 +0100
> Jonas Smedegaard  wrote:
> 
> > Quoting Charles Curley (2019-12-09 15:56:26)
> > > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> > >  wrote:
> > > 
> > > > Usual advice : use strong passwords (i.e. long enough with high
> > > > entropy => generated in a dedicated password manager) AND 1
> > > > different per service, never the same.
> > > 
> > > There is a handy password generator available on Debian, called APG
> > > (Automated Password Generator), which will generate passwords for you.
> > > The default settings yield a fairly strong password, but you can modify
> > > those to make the results even stronger.
> > 
> > I dislike APG because it generates passwords difficult to remember - 
> > without aiding in how to deal with that, which has a high risk of 
> > passwords getting stored on physical notes in the top drawer...
> 
> 
> I use 'pwgen', whose manpage begins thus:
> 
> *
> The  pwgen program generates passwords which are designed to be easily
> memorized by humans, while being as secure as possible.  Human-memo‐
> rable passwords are never going to be as secure as completely
> completely random passwords.  In particular,  passwords  generated  by
> pwgen without  the -s option should not be used in places where the
> password could be attacked via an off-line brute-force attack.   On the
> other hand, completely randomly generated  passwords have a tendency to
> be written down, and are subject to being compromised in that fashion.
> *
> 
> Although I almost always use it with its --secure option, since I
> don't try to memorize passwords, but instead record them (in a plain
> text file) - who can remember hundreds of passwords?

Indeed. Memorising is part of the password problem. I've indicated a
possible solution that does not rely on the fallibility of memory in 
another mail.

Your plain text storage method would benefit immensley from using the
scrypt package.

-- 
Brian.

Re: dropbox security situation

[Celejar]

On Mon, 09 Dec 2019 16:31:35 +0100
Jonas Smedegaard  wrote:

> Quoting Charles Curley (2019-12-09 15:56:26)
> > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> >  wrote:
> > 
> > > Usual advice : use strong passwords (i.e. long enough with high
> > > entropy => generated in a dedicated password manager) AND 1
> > > different per service, never the same.
> > 
> > There is a handy password generator available on Debian, called APG
> > (Automated Password Generator), which will generate passwords for you.
> > The default settings yield a fairly strong password, but you can modify
> > those to make the results even stronger.
> 
> I dislike APG because it generates passwords difficult to remember - 
> without aiding in how to deal with that, which has a high risk of 
> passwords getting stored on physical notes in the top drawer...


I use 'pwgen', whose manpage begins thus:

*
The  pwgen program generates passwords which are designed to be easily
memorized by humans, while being as secure as possible.  Human-memo‐
rable passwords are never going to be as secure as completely
completely random passwords.  In particular,  passwords  generated  by
pwgen without  the -s option should not be used in places where the
password could be attacked via an off-line brute-force attack.   On the
other hand, completely randomly generated  passwords have a tendency to
be written down, and are subject to being compromised in that fashion.
*

Although I almost always use it with its --secure option, since I
don't try to memorize passwords, but instead record them (in a plain
text file) - who can remember hundreds of passwords?

> For strong yet rememberable passwords, I recommend this:
> 
>   xkcdpass
> 
> More information: https://lwn.net/Articles/713806/
> 
> (yes, above aricle also references the XKCD cartoon!)
> 
> For non-rememberable passwords, I recommend this:
> 
>   pass
> 
> More information: https://lwn.net/Articles/714473/

I suppose that this is just a better, more scalable / manageable
version of what I'm doing by hand - generating secure passwords and
recording them to disk. I'm going to look into it.

Celejar

Re: [OT] Google security

[Nicolas George]

Charles Curley (12019-12-09):
> Having studied more than ten thousand years of history

Maybe you have studied a lot of it, but apparently not in depth enough
to know that we have less than 5500 years of it.

Regards,

-- 
  Nicolas George


signature.asc
Description: PGP signature

Re: [OT] Google security

[Charles Curley]

On Mon, 09 Dec 2019 11:16:32 -0600
John Hasler  wrote:

> The data trawling activities of my
> government[2] angers me but when I think about it objectively I
> realize that it does me no actual harm: 

How do you know that? Mr. Snowden, among others, has made it abundantly
clear that the US government is perfectly willing to do mass
surveillance and other intrusions without the slightest notice to the
Congress, never mind the public.

Having studied more than ten thousand years of history, I have come to
the conclusions that no government should be trusted any further than
you can throw it, and that all governments are guilty until proven
innocent.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Wifi gencat ENS EDU

[Josep Lladonosa]

Hola,

A la feina tenim eduroam però com que també tenim un altre SSID
connecto amb aquest darrer. Sincerament he d'investigar per què no
acaba de funcionar.
Ara bé, en altres llocs amb eduroam (i usant Debian amb
NetworkManager) em vaig trobar que no hi podia accedir. Tot consultant
els registres de /var/log/messages (crec que era aquest) i cercant per
internet vaig provar una cosa i bé que em va funcionar:

Si ho vols provar, edita /etc/NetworkManager/NetworkManager.conf
i hi afegeixes aquesta secció:

[device]
wifi.scan-rand-mac-address=no

Reinicia networkmanager: sudo service network-manager restart

i proves a connectar. Molt bona sort!

Ja ens explicaràs!
Josep

On Mon, 9 Dec 2019 at 18:19, Iker Bilbao  wrote:
>
> bones,
>
> Tinc problemes per connectar un portàtil amb Ubuntu a l'institut.
> Tot i la guia: 
> http://linkat.xtec.cat/portal_linkat/wikilinkat/index.php/Wifi_gencat_ENS_EDU
>
> L'únic consell que em donen és passar-me a Windows.
> Algú s'hi ha trobat? Cap recomanació?
> Em diuen el login és correcte.
>
> Gràcies,
>
> Iker.
>
>


-- 
--
Salutacions...Josep
--

Re: dropbox security situation

[Brian]

On Mon 09 Dec 2019 at 16:31:35 +0100, Jonas Smedegaard wrote:

> Quoting Charles Curley (2019-12-09 15:56:26)
> > On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
> >  wrote:
> > 
> > > Usual advice : use strong passwords (i.e. long enough with high
> > > entropy => generated in a dedicated password manager) AND 1
> > > different per service, never the same.
> > 
> > There is a handy password generator available on Debian, called APG
> > (Automated Password Generator), which will generate passwords for you.
> > The default settings yield a fairly strong password, but you can modify
> > those to make the results even stronger.
> 
> I dislike APG because it generates passwords difficult to remember - 
> without aiding in how to deal with that, which has a high risk of 
> passwords getting stored on physical notes in the top drawer...
> 
> For strong yet rememberable passwords, I recommend this:
> 
>   xkcdpass
> 
> More information: https://lwn.net/Articles/713806/
> 
> (yes, above aricle also references the XKCD cartoon!)
> 
> For non-rememberable passwords, I recommend this:
> 
>   pass
> 
> More information: https://lwn.net/Articles/714473/
> 
> There are several other tools similar to the above.  I recommend to read 
> above referenced articles if in doubt!

How about not having to remember (or write down) any passwords for
the places you log in to?

https://masterpassword.app/

Not in Debian, unfortunately.

-- 
Brian.

Re: [OT] Google security

[Nicholas Geovanis]

On Mon, Dec 9, 2019 at 11:17 AM John Hasler  wrote:

>  The data trawling activities of my
> government[2] angers me but when I think about it objectively I realize
> that it does me no actual harm: I'm simply not someone they care about.
>

You are safe (now) so others' freedoms need not be respected. Your first
jump down the slippery slope :-) Jefferson the slave-master would have said
that
you have taken one hand off the wolf's ears.
Good luck :-) don't let go the other ear or you become the slave this
time..

-- 
> John Hasler
> jhas...@newsguy.com
> Elmwood, WI USA
>
>

Re: Authentication for telnet.

[Charles Curley]

On Mon, 09 Dec 2019 08:21:27 -0800
pe...@easthope.ca wrote:

> > telnetd is INSECURE and SHOULD NOT BE USED unless you have ... 
> > EXPLICITLY STATED reason.  
> 
> Where is that policy published?  Where should the description of use 
> be submitted for approval?

I have no idea whose policy you refer to, so I don't know if it's policy
or not. One of the main reasons telnet is deprecated is because it
sends passwords in the clear, so a malevolent snooper can harvest
passwords.

> 
> A session is routinely opened with xterm, gnome-terminal, lxterm and 
> etc. without authentication.  Why is authentication so necessary for 
> "telnet localhost"?

telnet localhost was not the typical use case. I suspect a malevolent
user on the same computer might be able to sniff passwords and other
traffic from memory. Since you are probably the sole user on your
computer, that is an unlikely scenario. Remember that Unix security
evolved in a day when Unix boxen were multi-user, and one (especially
administrators) could not assume benevolence on the part of all users.

Be aware of risks, and assess your own situation accordingly. If you
still prefer to use telnet, go for it.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Wifi gencat ENS EDU

[Iker Bilbao]

Bones,
Val la pena provar amb un altre gestor (wicd) o fins i tot amb un usb-
wifi per descartar problema del hardware?
No vull defallir però és que ni és meu el portàtil i davant hi ha una
pared.
Gràcies,
Iker.

-Missatge original-
Data: Mon, 9 Dec 2019 18:25:03 +0100Assumpte: Re: Wifi gencat ENS
EDUPer a: debian-user-catalan@lists.debian.orgDe: Enric 
  

  
  
Salut,

  

  amb tot l'amor del món. El que et dóna un consell com aquest,
  senzillament et dóna la millor opció que et pot oferir, però
  evidentment que t'hi pots connectar.

  Em connecto a eduroam sense problemes amb debian o la distribució
  que vulguis.

  Però si que és cert que amb eduroam, que no és el mateix, però en
  l'enllaç que has posat dóna la sensació que la configuració
  s'assembla, has d'anar en compte amb els paràmetres.

  

  Ser que he configurat eduroam seguint els passos del PEAP, que no
  cal certificat, MSCHAPv2, ... tal i com diu l'enllaç, però en
  altres no hi he posat res d'això i se m'ha configurat a la
  primera.

  No t'ajudo, però t'animo i si cal, miraré al portàtil com ho tinc
  configurat. 

  

  Vinga,

  

  Salut i desobediència!

  

    Enric.

  

  El 9/12/19 a les 18:19, Iker Bilbao ha escrit:



>   
>   bones,
>   
> 
>   
>    Tinc problemes per connectar un portàtil amb Ubuntu a
> l'institut.
>    Tot i la guia: http://linkat.xtec.cat/portal_linkat/wikilinkat
> /index.php/Wifi_gencat_ENS_EDU
>   
> 
>   
>    L'únic consell que em donen és passar-me a Windows. 
>    Algú s'hi ha trobat? Cap recomanació?
>    Em diuen el login és correcte.
>   
> 
>   
>    Gràcies,
>   
> 
>   
>   Iker.
>   
> 
>   
>    
>   
> 
>   
> 





-- 

  Llibertat d'Expressió! Prou Feixisme!

  Rap
  per la llibertat d'Expressió
  
  

Re: Wifi gencat ENS EDU

[Enric]

Salut,

amb tot l'amor del món. El que et dóna un consell com aquest,
senzillament et dóna la millor opció que et pot oferir, però evidentment
que t'hi pots connectar.
Em connecto a eduroam sense problemes amb debian o la distribució que
vulguis.
Però si que és cert que amb eduroam, que no és el mateix, però en
l'enllaç que has posat dóna la sensació que la configuració s'assembla,
has d'anar en compte amb els paràmetres.

Ser que he configurat eduroam seguint els passos del PEAP, que no cal
certificat, MSCHAPv2, ... tal i com diu l'enllaç, però en altres no hi
he posat res d'això i se m'ha configurat a la primera.
No t'ajudo, però t'animo i si cal, miraré al portàtil com ho tinc
configurat.

Vinga,

Salut i desobediència!

  Enric.

El 9/12/19 a les 18:19, Iker Bilbao ha escrit:
> bones,
>
> Tinc problemes per connectar un portàtil amb Ubuntu a l'institut.
> Tot i la guia:
> http://linkat.xtec.cat/portal_linkat/wikilinkat/index.php/Wifi_gencat_ENS_EDU
>
> L'únic consell que em donen és passar-me a Windows.
> Algú s'hi ha trobat? Cap recomanació?
> Em diuen el login és correcte.
>
> Gràcies,
>
> *Iker.*
>
>


-- 
Llibertat d'Expressió! Prou Feixisme!
*Rap per la llibertat d'Expressió
*

Wifi gencat ENS EDU

[Iker Bilbao]

bones,

Tinc problemes per connectar un portàtil amb Ubuntu a
l'institut.
Tot i la guia: http://linkat.xtec.cat/portal_linkat/wikilinkat/
index.php/Wifi_gencat_ENS_EDU

L'únic consell que em donen és passar-me a Windows. 
Algú s'hi ha trobat? Cap recomanació?
Em diuen el login és correcte.

Gràcies,

Iker.

Re: [OT] Google security

[John Hasler]

Charlie writes:
> Over many years, although, I may not ever be in possession of anything
> of interest to anyone?

There are two distinct "security" condsiderations here that are often
munged together:

1) Our ethical/moral/political objections to being tracked and snooped
   on.

2) Our actual risk of injury[1] due to security failures.

Both are important, but the second should be addressed first.  It should
be done objectively, by first constructing a threat model: who or what
could (and would) actually harm you?  The data trawling activities of my
government[2] angers me but when I think about it objectively I realize
that it does me no actual harm: I'm simply not someone they care about.


[1] Injury in a legal sense, ranging from death to loss of property to
embarrassment.

[2] If you believe that your government doesn't do it too you are
extremely naive.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Bullying; was: Re: Authentication for telnet.

[peter]

From: Greg Wooledge 
Date: Wed, 2 Oct 2019 09:11:55 -0400
> They gave you the rope and the instructions.  It's up to you to actually
> tie the noose around your own neck.
> 
> Just delete the stupidly obvious this-line-is-commented-out-on-purpose
> token, and then reload inetd.  If you don't know how to do those things,
> or if you can't figure this out just by glancing at the configuration
> file, then you have zero business f.. with telnetd.

Violation of https://www.debian.org/code_of_conduct part 1 and of 
https://www.debian.org/MailingLists/#codeofconduct .

> They didn't even bother putting a comment in the script, ...

## telnet ... is a comment.  Although ## is styled as formal 
syntax. Why not just prefix the telnet line with "#" and add a comment 
such as 
# telnet is commented out in case you installed it but don't really want 
# to use it. If you really, really ... really want to use it, remove the "#".

> telnetd is INSECURE and SHOULD NOT BE USED unless you have ... 
> EXPLICITLY STATED reason.

Where is that policy published?  Where should the description of use 
be submitted for approval?  

A session is routinely opened with xterm, gnome-terminal, lxterm and 
etc. without authentication.  Why is authentication so necessary for 
"telnet localhost"? At least a little cognizance of 
https://www.debian.org/code_of_conduct , part 2, might be exercised.

As far as my question is concerned, telnetd is in Debian but the 
client is not specific to Debian.  According to 
https://wiki.debian.org/DebianMailingLists , "Debian lists are for 
discussion of Debian issues. Discussion of other distributions, or 
other operating systems, unless related to a Debian issue, are 
inappropriate."  Therefore discussion of the telnet client involved in 
my query is questionable.  The trouble with mentioning the client is 
that too many will forget the question and dash to a flame war.

> I'm adding you to the same file that the illustrious Mr. Owlett is in, ...

Finally!  Good!  =8~)  Here are a couple of links which might help.
https://en.wikipedia.org/wiki/Bullying 
https://www.stopbullying.gov/
A family doctor can refer to professional counselling.

Meanwhile, from https://www.debian.org/intro/organization .
"Mailing Lists Administration and Mailing List Archives ... 
member  Alexander Wirt 
member  Cord Beermann 
member  David Moreno Garza 
member  Don Armstrong 
member  Joey Schulze 
member  Martin Zobel-Helas 
member  Pascal Hakim"

With any luck, at least one of these noticed the message cited at the 
top and took appropriate action.

Regards,  ... Peter E.





-- 
https://en.wikibooks.org/wiki/Medical_Machines
Tel: +1 604 670 0140Bcc: peter at easthope. ca

Re: dropbox security situation

[Jonas Smedegaard]

Quoting Charles Curley (2019-12-09 15:56:26)
> On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
>  wrote:
> 
> > Usual advice : use strong passwords (i.e. long enough with high
> > entropy => generated in a dedicated password manager) AND 1
> > different per service, never the same.
> 
> There is a handy password generator available on Debian, called APG
> (Automated Password Generator), which will generate passwords for you.
> The default settings yield a fairly strong password, but you can modify
> those to make the results even stronger.

I dislike APG because it generates passwords difficult to remember - 
without aiding in how to deal with that, which has a high risk of 
passwords getting stored on physical notes in the top drawer...

For strong yet rememberable passwords, I recommend this:

  xkcdpass

More information: https://lwn.net/Articles/713806/

(yes, above aricle also references the XKCD cartoon!)

For non-rememberable passwords, I recommend this:

  pass

More information: https://lwn.net/Articles/714473/

There are several other tools similar to the above.  I recommend to read 
above referenced articles if in doubt!


  - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: dropbox security situation

[Jude DaShiell]

On Mon, 9 Dec 2019, Charles Curley wrote:

> Date: Mon, 9 Dec 2019 09:56:26
> From: Charles Curley 
> To: debian-user@lists.debian.org
> Subject: Re: dropbox security situation
> Resent-Date: Mon,  9 Dec 2019 14:57:02 + (UTC)
> Resent-From: debian-user@lists.debian.org
>
> On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
>  wrote:
>
> > Usual advice : use strong passwords (i.e. long enough with high
> > entropy => generated in a dedicated password manager) AND 1
> > different per service, never the same.
>
> There is a handy password generator available on Debian, called APG
> (Automated Password Generator), which will generate passwords for you.
> The default settings yield a fairly strong password, but you can modify
> those to make the results even stronger.
>
What can be done with apg to make the passwords stronger?

>

--

Re: dropbox security situation

[Charles Curley]

On Sun, 8 Dec 2019 18:55:12 +0100 (CET)
 wrote:

> Usual advice : use strong passwords (i.e. long enough with high
> entropy => generated in a dedicated password manager) AND 1
> different per service, never the same.

There is a handy password generator available on Debian, called APG
(Automated Password Generator), which will generate passwords for you.
The default settings yield a fairly strong password, but you can modify
those to make the results even stronger.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Lenteur anormale au démarrage de certains logiciels.

[benoitlst]

Le 2019-12-09 10:40, Sébastien NOBILI a écrit :

Bonjour,

9 décembre 2019 09:51 benoit...@ouvaton.org a écrit:

Comment diagnostiquer ?


Dans un terminal :

strace 

Tu devrais voir si ça boucle ou si ça bloque sur une lecture 
quelconque.


Un tout grand merci !
Grace à toi, j’ai pu faire une recherche sur la ligne qui cale avec -t

strace -t /usr/bin/atril > /tmp/straceAtril.txt 2>&1

13:41:27 read(11, "\1\0\0\0\0\0\0\0", 16) = 8
13:41:27 poll([{fd=11, events=POLLIN}], 1, 24999) = 0 (Timeout)   /* 25s 
ici */

13:41:52 write(11, "\1\0\0\0\0\0\0\0", 8) = 8

Cf.
https://bbs.archlinux.org/viewtopic.php?id=239331

Comme indiqué sur le forum, il manque la ligne :

. /etc/X11/Xsession

Dans mon .xinitrc à permis de résoudre le problème.
Maintenant je n’ai pas l’explication du pourquoi et du comment,
mais ça marche !

Avec gratitude,
–
Benoit

Re: pas de son avec buster ?????

[G2PC]

>> je viens d'installer buster dans mon ordi très usagé
>>
>> pas de son
>
> Salut,
> Il m’est déjà arrivé après certaines installations que le son soit
> sur mute (MM en bas du curseur) quand tu lances alsamixer  pour la
> première fois. C’est un peu trivial comme réponse, mais on ne sait
>  jamais...

Et toujours ma technique, quand Alsamixer ne permet pas de réactiver le
son, je dois redémarrer sous Windows, lancer une application audio, et,
redémarrer sous Linux, ce qui me permet d'avoir à nouveau un retour son.

Re: Running sudo without being in sudo group.

[aprekates]

Thanks all for the usefull feedback.

I was finding many related tutorials from popular searchengines some 
using the method to add to the group and others editing /etc/sudoers


I think the remarks made  put the issue in the correct perspective and 
wiki change  is more correct.


I'll refreshed my wiki creds. I'll try to use it. Just wasnt sure for that.

Alexandros

On 9/12/19 12:03 μ.μ., Ansgar wrote:

aprekates writes:

In https://wiki.debian.org/sudo it says:

In order for a user to run sudo, the user must belong to group=sudo.

But i see that adding a line in /etc/sudoers can allow me execute sudo
without being in the sudo group.

Do i miss sth or the wiki miss sth?

The Wiki isn't correct.  Debian's default configuration of sudo allows
all users in the `sudo` group to run whatever they want:

 # Allow members of group sudo to execute any command
 %sudo  ALL=(ALL:ALL) ALL

But any other use of sudo, that is any custom rules, doesn't require the
user to be in the `sudo` group.

I've updated the Wiki to say

   Debian's default configuration allows users in the sudo group to run
   any command via sudo.

instead.  Please remember that anyone can improve it ;-)

Ansgar

Re: Is this ALL good advise

[Reco]

On Mon, Dec 09, 2019 at 08:46:13PM +1100, Keith Bainbridge wrote:
> On 9/12/19 6:57 pm, Reco wrote:
> > ll it takes is to look at APNIC record with whois.
> > Shows your ISP and a city it's operating at.
> > I could dig deeper, but I'm lazy.
> Thanks Andrei
> 
> 
> I got 3 addresses
> 2 of them about 3Km away from me (1 in a public park)
> the 3rd, about 4,500Km away from me, but referring specifically to my ISP, 
> must be head office.
> 
> and 3 references to my ISP
> 2 by a very old name
> 1 current name (for about 5 years), but referring to that address 4,500Km away
> 
> Somewhere I found this curl method.

Why would you need an Web API if you have whois (/32 mask is chosen
deliberately to avoid possible privacy concerns)?

$ whois 2402:b801::/32
% [whois.apnic.net]
% Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html
...
inet6num:   2402:b801::/32
netname:IINET-AU-20120806
descr:  iiNet Limited
...
irt:IRT-IINET-AU
address:iiNet Limited
address:Level 9, 250 St Georges Tce
address:Perth
...

Does not show *your* location per se, of course. Hence the "lazy" remark.


> curl http://api.db-ip.com/v2/free/2402:b801:2859::
> {
> "ipAddress": "2402:b801:2859::",
> "continentCode": "OC",
> "continentName": "Oceania",
> "countryCode": "AU",
> "countryName": "Australia",
> "stateProvCode": "VIC",
> "stateProv": "Victoria",
> "city": "Melbourne"
> 
> 
> Only problem is there is no such continent. How can I believe in its accuracy?

And that's GEOIP, a totally different beast. Somewhat accurate for IPv4,
wildly inaccurate for IPv6.

Reco

Re: Running sudo without being in sudo group.

[Joe]

On Mon, 9 Dec 2019 11:22:56 +0200
aprekates  wrote:

> In https://wiki.debian.org/sudo it says:
> 
> In order for a user to run sudo, the user must belong to group=sudo.
> 
> But i see that adding a line in /etc/sudoers can allow me execute
> sudo without being in the sudo group.
> 
> Do i miss sth or the wiki miss sth?
> 
> Alexandros.
> 

Group sudo is the easy way of granting full root power to users, which
is fine for a home PC with one user. /etc/sudoers can be a bit
difficult for beginners to learn.

But if you want to tailor what particular users can do as root, and do
this across a network, then you must use /etc/sudoers to get fine
control. 

In fact you are advised to create your own files in /etc/sudoers.d as
that way the base /etc/sudoers can be upgraded without messing up your
additions.

-- 
Joe

Re: Running sudo without being in sudo group.

[Ansgar]

aprekates writes:
> In https://wiki.debian.org/sudo it says:
>
> In order for a user to run sudo, the user must belong to group=sudo.
>
> But i see that adding a line in /etc/sudoers can allow me execute sudo
> without being in the sudo group.
>
> Do i miss sth or the wiki miss sth?

The Wiki isn't correct.  Debian's default configuration of sudo allows
all users in the `sudo` group to run whatever they want:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

But any other use of sudo, that is any custom rules, doesn't require the
user to be in the `sudo` group.

I've updated the Wiki to say

  Debian's default configuration allows users in the sudo group to run
  any command via sudo.

instead.  Please remember that anyone can improve it ;-)

Ansgar

Re: Is this ALL good advise

[Keith Bainbridge]

On 9/12/19 6:57 pm, Reco wrote:

ll it takes is to look at APNIC record with whois.
Shows your ISP and a city it's operating at.
I could dig deeper, but I'm lazy.

Thanks Andrei


I got 3 addresses
2 of them about 3Km away from me (1 in a public park)
the 3rd, about 4,500Km away from me, but referring specifically to my 
ISP, must be head office.


and 3 references to my ISP
2 by a very old name
1 current name (for about 5 years), but referring to that address 
4,500Km away




Somewhere I found this curl method.

curl http://api.db-ip.com/v2/free/2402:b801:2859::
{
"ipAddress": "2402:b801:2859::",
"continentCode": "OC",
"continentName": "Oceania",
"countryCode": "AU",
"countryName": "Australia",
"stateProvCode": "VIC",
"stateProv": "Victoria",
"city": "Melbourne"


Only problem is there is no such continent. How can I believe in its 
accuracy?



Thanks again. I'll mail the results of using the other SMTPs
--
Keith Bainbridge

keith.bainbridge.3...@gmail.com
+61 (0)447 667 468

Re: Running sudo without being in sudo group.

[David]

On Mon, 9 Dec 2019 at 20:23, aprekates  wrote:
>
> In https://wiki.debian.org/sudo it says:
>
> In order for a user to run sudo, the user must belong to group=sudo.

This refers to the fact that the sudo group is already configured
in the /etc/sudoers file to have certain rights.

If you search inside that file you will find it there.

> But i see that adding a line in /etc/sudoers can allow me execute sudo 
> without being in the sudo group.

Sure, you can add anything else you desire using the defined
syntax, see 'man 5 sudoers'.

Re: Lenteur anormale au démarrage de certains logiciels.

[Sébastien NOBILI]

Bonjour,

9 décembre 2019 09:51 benoit...@ouvaton.org a écrit:
> Comment diagnostiquer ?

Dans un terminal :

strace 

Tu devrais voir si ça boucle ou si ça bloque sur une lecture quelconque.

Sébastien

Running sudo without being in sudo group.

[aprekates]

In https://wiki.debian.org/sudo it says:

In order for a user to run sudo, the user must belong to group=sudo.

But i see that adding a line in /etc/sudoers can allow me execute sudo 
without being in the sudo group.


Do i miss sth or the wiki miss sth?

Alexandros.

Re: xdm config

[didier . gaumet]

Perhaps wdm would be of interest for you:
 https://packages.debian.org/buster/wdm

Re: pas de son avec buster ?????

[benoitlst]

Le 2019-12-03 04:56, eau céan a écrit :

bonjour

je viens d'installer buster dans mon ordi très usagé

pas de son


Salut,
Il m’est déjà arrivé après certaines installations que le son soit
sur mute (MM en bas du curseur) quand tu lances alsamixer  pour la
première fois. C’est un peu trivial comme réponse, mais on ne sait
 jamais...

--
Benoit

--8<--

Lenteur anormale au démarrage de certains logiciels.

[benoitlst]

Bonjour à toutes et à tous,

Depuis quelque temps il me semble (à vérifier), que les logiciels qui
ont une dépendance avec gnome3 (geary, epiphany, atril…) mettent
très longtemps à se lancer entre 20 et 30 secs.
Pour info je ne suis pas sous gnome, mais sous openbox seul.
Comment diagnostiquer ?
Ici je vois que la dépendance n’est pas affichée et pourtant il me
semble qu'atril ne peut pas fonctionner sans gnome3 :

apt-cache depends atril
atril
  Dépend: atril-common
  Dépend: libatrildocument3
  Dépend: libatrilview3
  Dépend: shared-mime-info
 |Dépend: dconf-gsettings-backend
  Dépend: 
dconf-gsettings-backend
gconf-gsettings-backend
  Dépend: libatk1.0-0
  Dépend: libc6
  Dépend: libcairo-gobject2
  Dépend: libcairo2
  Dépend: libcaja-extension1
  Dépend: libgail-3-0
  Dépend: libgdk-pixbuf2.0-0
  Dépend: libglib2.0-0
  Dépend: libgtk-3-0
  Dépend: libice6
  Dépend: libjavascriptcoregtk-4.0-18
  Dépend: libpango-1.0-0
  Dépend: libpangocairo-1.0-0
  Dépend: libsecret-1-0
  Dépend: libsm6
  Dépend: libsoup2.4-1
  Dépend: libwebkit2gtk-4.0-37
  Dépend: libx11-6
  Dépend: libxml2
  Dépend: zlib1g
  Casse: libatrildocument3
 |Recommande: 
dbus-user-session
  Recommande: 
dbus-user-session
dbus-x11
  Recommande: gvfs
  Suggère: caja
  Suggère: poppler-data
  Suggère: 
  Remplace: libatrildocument3

Merci d’avance pour vos conseils de diagnostique.
–
Benoit

Re: Trying to uninstall xfce4

[john doe]

On 12/9/2019 9:06 AM, Reco wrote:
>   Hi.
>
> On Mon, Dec 09, 2019 at 09:55:22AM +0200, aprekates wrote:
>> In a fresh debian10 installation with xfce4 when i try:
>>
>>   $ sudo apt-get remove xfce4
>>
>> will present me with a maybe a hundred of packages that 'were automatically 
>> installed and no longer needed' and that i should remove if i want with 'apt
>> autoremove'. And the only packages that would be removed are xfce4 and 
>> task-xfce-desktop.
>>
>> In my eyes i'd be more logical apt to remove the depedencies xfce4 have. I 
>> cant understand the logic of the message presented to me.
>
> apt cannot help you if you're using it wrong. In your case it's:
>
> sudo apt-get autoremove xfce4
>
> Also, apt-get(8).
>

If you want to purge along with autoremoving:

$ apt-get --autoremove purge xfce4

--
John Doe

Re: Trying to uninstall xfce4

[Reco]

Hi.

On Mon, Dec 09, 2019 at 09:55:22AM +0200, aprekates wrote:
> In a fresh debian10 installation with xfce4 when i try:
> 
>   $ sudo apt-get remove xfce4
> 
> will present me with a maybe a hundred of packages that 'were automatically 
> installed and no longer needed' and that i should remove if i want with 'apt
> autoremove'. And the only packages that would be removed are xfce4 and 
> task-xfce-desktop.
> 
> In my eyes i'd be more logical apt to remove the depedencies xfce4 have. I 
> cant understand the logic of the message presented to me.

apt cannot help you if you're using it wrong. In your case it's:

sudo apt-get autoremove xfce4

Also, apt-get(8).

Reco

Re: Is this ALL good advise

[Reco]

Hi.

On Mon, Dec 09, 2019 at 04:05:00PM +1100, Keith Bainbridge wrote:
> On 4/12/19 11:11 am, John Hasler wrote:
> > Yes.  I suggest Newsguy o
> 
> 
> Um
> 
> Firefox gave me this when I went to their web page
> 
> Warning: Potential Security Risk Ahead

Firefox messages are useless for troubleshooting.


> Should I be worried???

$ openssl s_client -connect member.newsguy.com:443 -showcerts
...
 3 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust 
External CA Root
   i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust 
External CA Root
...
Verify return code: 21 (unable to verify the first certificate)


Your Firefox certificate store (which does not have anything in common
with ca-certificate package) lacks this CA certificate.

File a bug against firefox-esr, or something. CA certificate seems
legit.


> Or am I also cynical?

Nah, that's just TLS.

Reco

Re: Trying to uninstall xfce4

[Andrei POPESCU]

On Lu, 09 dec 19, 09:55:22, aprekates wrote:
> In a fresh debian10 installation with xfce4 when i try:
> 
>   $ sudo apt-get remove xfce4
> 
> will present me with a maybe a hundred of packages that 'were automatically
> installed and no longer needed' and that i should remove if i want with 'apt
> autoremove'. And the only packages that would be removed are xfce4 and
> task-xfce-desktop.
> 
> In my eyes i'd be more logical apt to remove the depedencies xfce4 have. I
> cant understand the logic of the message presented to me.

Use aptitude instead.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature