Re: ssh access with all ports close.
On 12/10/2020 6:40 AM, latin...@vcn.bc.ca wrote: latincom writes: I am not able to access my server at home using ssh, but i can see in logs, that someone can access my home server! What, exactly, are you seeing? Copy and paste examples. -- John Hasler jhas...@newsguy.com Elmwood, WI USA Dec 9 20:48:58 xxx sshd[4945]: Failed password for invalid user greengo from 49.235.125.17 port 43200 ssh2 Dec 9 20:48:58 xxx sshd[4948]: Invalid user mysql from 13.74.46.65 port 56021 Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): check pass; user unknown Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.74.46.65 Dec 9 20:48:59 xxx sshd[4945]: Received disconnect from 49.235.125.17 port 43200:11: Bye Bye [preauth] Dec 9 20:48:59 xxx sshd[4945]: Disconnected from invalid user greengo 49.235.125.17 port 43200 [preauth] Dec 9 20:49:00 xxx sshd[4948]: Failed password for invalid user mysql from 13.74.46.65 port 56021 ssh2 Dec 9 20:49:01 xxx sshd[4948]: Received disconnect from 13.74.46.65 port 56021:11: Bye Bye [preauth] Dec 9 20:49:01 xxx sshd[4948]: Disconnected from invalid user mysql 13.74.46.65 port 56021 [preauth] From (1), I would suggest adding the below three options in /etc/ssh/sshd_config: "MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6. MaxSessions Specifies the maximum number of open sessions permitted per network connection. The default is 10. MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values ''start:rate:full'' (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of ''rate/100'' (30%) if there are currently ''start'' (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches ''full'' (60)." Also adding the below line might be useful: AllowUsers If you have a firewall, try to limit the connection there as well (2). It looks like you are using password auth, if yes, consider using key instead. 1) https://linux.die.net/man/5/sshd_config 2) https://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts -- John Doe
Re: ssh tunnelling testing [solved]
On Mi, 09 dec 20, 10:58:48, Gary Dale wrote: > > My ISP has confirmed this seems to be a generic issue with that > modem/router. While I suspect that a firmware update could fix it, I can't > find any way to upgrade the firmware, which is another good reason for > having an inner and outer network. I think it is utterly irresponsible for > anyone to sell internet-connected hardware that can't have its firmware > upgraded. In case it helps and is an acceptable option for you, you could put the internal router in the DMZ (if this is supported by the ISPs modem). Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: running microsoft team on debian 10.3
Hello, ke 9. jouluk. 2020 klo 15.55 Yoann LE BARS (yo...@le-bars.net) kirjoitti: > > Hello everybody out there! > > On 2020/12/09 at 1:57 pm, Carl Fink wrote: > > You have to know the vocabulary. > > > > They say that "window" sharing is not available. "Screen" sharing is. > > That is, you can't share a specific application, but you can share your > > entire screen. > > Regardless of the vocabulary, I have hit several times the screen > sharing button, nothing ever happened. > > Now, to be honest, this is one of the annoying thing about > Microsoft > Teams, it is the kind of application that make you waste time rather > than saving time. > > I mainly using Fedora and the native client works OK for sharing the screen and also for audio. Concerning your point not to use MS - like other proprietary programs - I agree with you in principle. However, in practice I have no choice: since Corona I have to use Teams on my work, and technically Teams works surprisingly good and seams to be actively supported. Salut, Roland Best regards. > > -- > Yoann LE BARS > https://le-bars.net/yoann/ > Diaspora* : yleb...@framasphere.org > >
Re: ssh access with all ports close.
> latincom writes: >> I am not able to access my server at home using ssh, but i can see in >> logs, that someone can access my home server! > > What, exactly, are you seeing? Copy and paste examples. > -- > John Hasler > jhas...@newsguy.com > Elmwood, WI USA > Dec 9 20:48:58 xxx sshd[4945]: Failed password for invalid user greengo from 49.235.125.17 port 43200 ssh2 Dec 9 20:48:58 xxx sshd[4948]: Invalid user mysql from 13.74.46.65 port 56021 Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): check pass; user unknown Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.74.46.65 Dec 9 20:48:59 xxx sshd[4945]: Received disconnect from 49.235.125.17 port 43200:11: Bye Bye [preauth] Dec 9 20:48:59 xxx sshd[4945]: Disconnected from invalid user greengo 49.235.125.17 port 43200 [preauth] Dec 9 20:49:00 xxx sshd[4948]: Failed password for invalid user mysql from 13.74.46.65 port 56021 ssh2 Dec 9 20:49:01 xxx sshd[4948]: Received disconnect from 13.74.46.65 port 56021:11: Bye Bye [preauth] Dec 9 20:49:01 xxx sshd[4948]: Disconnected from invalid user mysql 13.74.46.65 port 56021 [preauth]
[OT] Problemas frecuentes con /home en Buster...
Hola gente... Es un equipo nuevo con un disco SSD SATA y tiene... Linux version 4.19.0-12-amd64 (debian-ker...@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.152-1 (2020-10-18) Aparentemente el equipo no se apaga bien porque el boot.log muestra lo siguiente... /dev/sda7: recovering journal /dev/sda7: clean, 2434/610800 files, 124741/2441216 blocks /dev/sda6: recovering journal /dev/sda6: clean, 267023/1222992 files, 2334762/4882432 blocks [.[0;1;31mFAILED.[0m] Failed to start .[0;1;39mFile Syste…6-92c0-42a5-97fc-770b58bddd40.[0m. See 'systemctl status "systemd-fsck@dev…\x2d770b58bddd40.service"' for details. [.[0;1;33mDEPEND.[0m] Dependency failed for .[0;1;39m/home.[0m. [.[0;1;33mDEPEND.[0m] Dependency failed for .[0;1;39mLocal File Systems.[0m. Starting .[0;1;39mSet console font and keymap.[0m... el UUID que termina con 92c0-42a5-97fc-770b58bddd40 (donde da el error) corresponde a /dev/sda8, no entiendo porqué motivo no lo recupera como a sda6 y sda7 que sí son "normalizadas". Cada vez que pasa esto el equipo no inicia, así que tengo que entrar como root y hacer el fsck a sda8 manualmente, corrige algunos problemas y luego arranca bien. Alguna idea de porqué no recupera el sda8 y sí las dos particiones anteriores ? Gracias y saludos, -- Walter O. Dari http://swcomputacion.com/ http://swcomputacion.com/sistemas/ https://facebook.com/swcomputacion/ https://facebook.com/sistemasSW/ Nuestros horarios: L a V 9 a 12 hs. - 16:30 a 19:30 hs. S 11 a 14 hs. WhatsApp: 2396 577140 (no se atienden llamadas)
Re: ssh access with all ports close.
On 2020-12-09 16:33, latin...@vcn.bc.ca wrote: I had a Buster server at home, but the owner of the house close all ports in the router, i can not access it anymore; i rented a server without root access, and transfer the server. There are many vendors who can rent a Debian virtual private server (VPS) to you with root access. I use Linode: https://www.linode.com/ I am not able to access my server at home using ssh, I assume you mean "when connected to the Internet at a remote location, I cannot access my home server using SSH". If all ports on the home router have been closed, then the router is working correctly and that is why you cannot connect. The solution is to carefully configure sshd on your home server, open TCP port 22 in the router, and have the router forward TCP port 22 to your home server. but i can see in logs, that someone can access my home server! I assume you mean "when accessing my home server via the console or via SSH and the home network (LAN), I see in my home server logs that someone has accessed my home server via SSH". Please post the Debian and kernel versions of your home server -- e.g.: $ cat /etc/debian_version ; uname -a Please post your username on your home server -- e.g.: $ whoami Please post the relevant log entries. How can these people access my home server? I am curios! Does somebody know how? If all ports on the home router have been closed, then people can access your home server via the home network (LAN). Please post the sshd configuration file -- e.g.: $ egrep '^[^#]' /etc/ssh/sshd_config David
Re: ssh access with all ports close.
latincom writes: > I am not able to access my server at home using ssh, but i can see in > logs, that someone can access my home server! What, exactly, are you seeing? Copy and paste examples. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
ssh access with all ports close.
I had a Buster server at home, but the owner of the house close all ports in the router, i can not access it anymore; i rented a server without root access, and transfer the server. I am not able to access my server at home using ssh, but i can see in logs, that someone can access my home server! How can these people access my home server? I am curios! Does somebody know how? Thanks.
Re: Installation instructions.
On Sun 06 Dec 2020 at 07:20:38 (-0800), pe...@easthope.ca wrote: > From: David Wright > Date: Fri, 4 Dec 2020 15:12:16 -0600 > > With such a small disk, I'd try modifying that suggestion: dispense > > with /home, but only during the installation, making partition 3 the > > one used for the iso ( and marked "do not use"): > > > > Part 1 labeled ROOT. 7 GB. Format ext4. > > Part 2 labeled SWAP. 1 GB. Format swap or linux-swap. > > Part 3 labeled HOME. 4 GB. Format ext4. (The LABEL doesn't affect > > things.) > > > > When the installation has completed, you can now, as root, > > > > . mount Part 3 as /mnt > > . clear any installation files off it > > . cp -a /home/ /mnt/ (which should be user 1000's ~, > > containing just the files that were copied from /etc/skel) > > . edit /etc/fstab to mount LABEL=HOME on /home > > . umount /mnt/ > > . mount -a (to mount /home) > > . login ordinarily, as sysadmin. > > > > That increases your space on /home by 14%. > > That's similar to the proceedure described in this message. > https://lists.debian.org/debian-user/2020/12/msg00197.html Yes, that's because I based the partitioning on your own https://lists.debian.org/debian-user/2020/12/msg00045.html to which I was going to thread it until David's comment came in. But I posted my reply merely to place this method (using future /home) on record. You'd rather modify the partition table instead, which I've always avoided. Your new partition layout is not one I'd personally use, but then, I don't know what your first two (unused) partitions are going to be used for. (I presume they're not reserved for BIOS Boot and ESP, like the two I always put on my GPT disks.) I haven't created an extended partition since 1997, and eliminated those I'd created or inherited by 1999. Cheers, David.
Re: SanDisk USB stick problem
On Wed, Dec 09, 2020 at 03:35:16PM -0600, Nicholas Geovanis wrote: > On Wed, Dec 9, 2020, 3:28 PM wrote: > > > ... > > > > > Instead I took it as a criticism of background processes in our society > > and > > > economy: mass-marketing and lack-of-choice (ineffective but enforced > > > product buy-in, in this case). > > > > We are in violent agreement, then :) > > > > I just noticed that I called them "background processes" :-) > You see, computing is a slowly-progressing disease :-) > > Wouldn't it be more accurate to call those "Ring 0" processes or some such? > Just a thought. > What would Herr Doktor Karl Marx say? Dialectical processes, I guess ;-P (Ok, ok, I'll stop now). Cheers - t signature.asc Description: Digital signature
Re: SanDisk USB stick problem
On Wed, Dec 9, 2020, 3:28 PM wrote: > ... > > Instead I took it as a criticism of background processes in our society > and > > economy: mass-marketing and lack-of-choice (ineffective but enforced > > product buy-in, in this case). > > We are in violent agreement, then :) > I just noticed that I called them "background processes" :-) You see, computing is a slowly-progressing disease :-) Wouldn't it be more accurate to call those "Ring 0" processes or some such? Just a thought. What would Herr Doktor Karl Marx say? :-D Cheers > - t >
Re: SanDisk USB stick problem
On Wed, Dec 09, 2020 at 03:14:51PM -0600, Nicholas Geovanis wrote: > On Wed, Dec 9, 2020, 5:12 AM wrote: > > > On Wed, Dec 09, 2020 at 10:16:46AM +0100, Thomas Schmitt wrote: > > > > > > deloptes wrote: > > > > > Your idea is not bad but only in theory of a dreamer. > > > > > > to...@tuxteam.de wrote: > > > > Your life would be miserable weren't it for many such "dreamers". > > > > > > The problem i see is that the companies which issue questionable > > > equipment obviously are not paying attention to problems and features > > > of what they sell. > > > > Definitely: everyone should pick her/his fights. I was just expressing > > my (strong) disagreement with such a generalised statement, which doesn't > > pay respect to those who sometimes choose the difficult path, to the > > benefit of us all. > > > > I did not take the original statement to disrespect those who contribute. I did not imply that (nor did I for deloptes, to whom I was responding). I just wanted to point out that we might regard such folks as "dreamers", but we actually need dreamers. > Instead I took it as a criticism of background processes in our society and > economy: mass-marketing and lack-of-choice (ineffective but enforced > product buy-in, in this case). We are in violent agreement, then :) Cheers - t signature.asc Description: Digital signature
Re: Faire fonctionner une Webcam sous Debian Buster
salut, Le 9/12/20 à 20:53, ajh-valmer a écrit : > Hello, > > J'ai retrouvé une ancienne Webcam sur port USB. > Je tente de la faire marcher sur un ordinateur de bureau. Bonne initiative. > lsusb donne : > Primax Electronics, Ltd HP Optical Mouse > Bus 001 Device 003: ID 046d:0840 Logitech, Inc. QuickCam Express Il semble que ta webcam soit déjà dans la liste des périphériques connus et répertoriés. > Il semble que 2 webcam soient détectés (je n'en ai qu'une) Pourquoi dis-tu cela ? Parce que tu vois 2 devices /dev/video{1,2} ? Parfois, une même webcam a plusieurs entrées dans /dev, chacune ayant des fonctions différentes. > Je la teste depuis un site Web, mais aucune image sur mon écran. > > Je teste avec l'appli cheese : aucun périphérique détecté. Je te conseille d'installer le paquet v4l-utils. J'ai essayé de donner un coup de main sur la liste du BxLUG il n'y a pas très longtemps : https://chahut.domainepublic.net/pipermail/linux-bruxelles/2020-November/173363.html Il faut aussi t'assurer que le bon pilote est installé. > Merci d'une aide et bonne soirée. > > A. Valmer > -- Jean-Marc OpenPGP_signature Description: OpenPGP digital signature
Re: SanDisk USB stick problem
On Wed, Dec 9, 2020, 5:12 AM wrote: > On Wed, Dec 09, 2020 at 10:16:46AM +0100, Thomas Schmitt wrote: > > > > deloptes wrote: > > > > Your idea is not bad but only in theory of a dreamer. > > > > to...@tuxteam.de wrote: > > > Your life would be miserable weren't it for many such "dreamers". > > > > The problem i see is that the companies which issue questionable > > equipment obviously are not paying attention to problems and features > > of what they sell. > > Definitely: everyone should pick her/his fights. I was just expressing > my (strong) disagreement with such a generalised statement, which doesn't > pay respect to those who sometimes choose the difficult path, to the > benefit of us all. > I did not take the original statement to disrespect those who contribute. Instead I took it as a criticism of background processes in our society and economy: mass-marketing and lack-of-choice (ineffective but enforced product buy-in, in this case). Cheers > - t >
Re: Permissions on NFS mounts
Paul M Foster wrote: > I have two users on the client: paulf 1000 and nancyf 1001. On the > server, I have two users: pi 1000 and paulf 1001. I can mount the NFS > share from the server to /mnt on my client. But any files belonging to > me (user 1001 on the server) look like they belong to nancy (user 1001 > on the client. More importantly, if I copy files to this share from the > client, they will look like they belong to pi (user 1000) on the server. > > Is there some way in the /etc/exports file to adjust the parameters so > that files retain my ownership on the server? You're looking for userid mapping, handled by idmapd. Your best long-term solution is to make the userids consistent across machines by making a decision about who will be 1000, 1001 and 1002, and then changing /etc/passwd and running suitable "chown -R" commands, probably followed by find commands. Debian automatically starts user numbering at 1000, so it's a good idea to have a consistent install username, if you can arrange it. -dsr-
Re: Faire fonctionner une Webcam sous Debian Buster
tu devrais trouver ton bonheur ici: https://wiki.debian.org/fr/Webcam/qc-usb-source?highlight=%28quickcam%29 si tu veux automatiser la compilation du module concerné à chaque upgrade du noyau il y a un exemple DKMS là: https://wiki.debian.org/fr/DkmsXr17v25x#M.2BAOk-thode_automatis.2BAOk-e_avec_dkms
Permissions on NFS mounts
I have two users on the client: paulf 1000 and nancyf 1001. On the server, I have two users: pi 1000 and paulf 1001. I can mount the NFS share from the server to /mnt on my client. But any files belonging to me (user 1001 on the server) look like they belong to nancy (user 1001 on the client. More importantly, if I copy files to this share from the client, they will look like they belong to pi (user 1000) on the server. Is there some way in the /etc/exports file to adjust the parameters so that files retain my ownership on the server? Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com
Re: Faire fonctionner une Webcam sous Debian Buster
Bonjour, ajh-valmer, on 2020-12-09 20:53:15 +0100: > J'ai retrouvé une ancienne Webcam sur port USB. > Je tente de la faire marcher sur un ordinateur de bureau. > > lsusb donne : > Primax Electronics, Ltd HP Optical Mouse > Bus 001 Device 003: ID 046d:0840 Logitech, Inc. QuickCam Express > > Il semble que 2 webcam soient détectés (je n'en ai qu'une) Je pense que la première entrée correspond à une souris optique HP raccordée en USB, et non une caméra. La seconde entrée devrait correspondre à votre caméra Logitech. > Je la teste depuis un site Web, mais aucune image sur mon écran. > > Je teste avec l'appli cheese : aucun périphérique détecté. Est-ce que le fichier /dev/video* est bien construit après branchement de la caméra ? $ ls /dev/video* Si non, quelque chose de bas niveau empêche le fonctionnement de la caméra, par exemple elle pourrait ne pas être supportée par Linux. Mais si le fichier video* est présent, personnellement, je teste avec un lecteur vidéo aussi simple que possible, que je peux accéder au contenu, et qu'il correspond bien à ce qui est capturé par la caméra. Avec mpv(1), en utilisant l'exemple piqué dans le man : $ mpv av://v4l2:/dev/video0 S'il y a une sortie vidéo cohérente, alors le problème se situe au niveau de la configuration des applications qui ne renvoient rien pour le moment. Sinon, il est probable que la caméra soit défectueuse. Bonne soirée, -- Étienne Mollier Fingerprint: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da Sent from /dev/pts/1, please excuse my verbosity. signature.asc Description: PGP signature
Re: SanDisk USB stick problem
On Wed, 9 Dec 2020 15:23:44 -0500 Celejar wrote: > On Wed, 9 Dec 2020 19:10:42 + > Joe wrote: > > > On Wed, 9 Dec 2020 13:35:57 -0500 > > Celejar wrote: > > > > > On Tue, 8 Dec 2020 20:39:35 -0800 > > > David Christensen wrote: > > > > > > ... > > > > > > > As you have not stated how you mounted the drive, I will assume > > > > that you plugged it in, an icon appeared on the desktop, you > > > > interacted with the icon, and the drive was mounted at > > > > /media/usb0. If so, AIUI the various Debian desktops with > > > > automounting use FUSE. The user account running > > > > > > They do? Do you have documentation of this? I can't find anything > > > about this in the documentation of, say, Xfce4's thunar-volman: > > > > > > https://docs.xfce.org/xfce/thunar/using-removable-media > > > > > > > the desktop and automounter will have whatever access controls > > > > that are supported by the filesystem and/or by FUSE. But all > > > > other user accounts, including the root account (!), are denied > > > > access to the filesystem. This is a security feature of FUSE. > > > > See mount.fuse(8). > > > > > > > I haven't investigated it thoroughly, but when I have casually > > checked what is mounted, I see that any USB sticks plugged in are > > on fuse. Xfce on sid, no usbmount, automounting done by systemd, by > > the way. > > Interesting. I haven't been using automounting, but I just enabled > Xfce's native automounting (Thunar / Edit / Preferences / Advanced / > Volume Management:Configure / Mount removable drives when hot-plugged) > and stuck in a flash drive. It gets mounted and I don't see any FUSE > involved: > > ~$ mount | grep sdb > /dev/sdb on /media//disk type vfat > (rw,nosuid,nodev,relatime,uid=1000,gid=1000,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,showexec,utf8,flush,errors=remount-ro,uhelper=udisks2) > > ~$ mount | grep fuse > fusectl on /sys/fs/fuse/connections type fusectl > (rw,nosuid,nodev,noexec,relatime) portal on /run/user/1000/doc type > fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) > > I'm curious about this because I can't imagine that FUSE performance > is as good as native, so why would automounters pay the performance > penalty of FUSE when native mounting would seem easy enough to do? > With a quick trial, it depends on the filesystem. Many of my USB sticks are FAT for portability, but they get mounted as fuseblk rather than fat or vfat. Linux partitions are indeed mounted natively. -- Joe
Re: Faire fonctionner une Webcam sous Debian Buster
Le mercredi 09 décembre 2020 à 20:53 +0100, ajh-valmer a écrit : > Hello, > > J'ai retrouvé une ancienne Webcam sur port USB. > Je tente de la faire marcher sur un ordinateur de bureau. > > lsusb donne : > Primax Electronics, Ltd HP Optical Mouse > Bus 001 Device 003: ID 046d:0840 Logitech, Inc. QuickCam Express > > Il semble que 2 webcam soient détectés (je n'en ai qu'une) Pourquoi 2 ? lsusb n'en indique qu'une d'après ce que tu indiques ? Mais lsusb ne dit pas si elle a bien été vu par le système. Pour cela il faut aller voir dans les log et chercher par exemple "Bus 001 Device 003" ou par l'ID et voir si un driver a été associé au périphérique. Gaëtan signature.asc Description: This is a digitally signed message part
Re: Can't print to CUPS printer on my server
On 2020-12-09 10:25, Brian wrote: On Wed 09 Dec 2020 at 10:04:14 -0500, Gary Dale wrote: On 2020-12-08 13:29, Brian wrote: avahi-browse -art > log1 -bash: avahi-browse: command not found - for both regular user and root on the server and post log here as an attachment. avahi-browse is in the avahi-utils package. How about installing avahi-utils? :) I don't seem to need it for anything else. I'm leery of installing packages, especially on a server, that I don't use. +br0 IPv6 THELIBRARIAN Microsoft Windows Network local +br0 IPv4 THELIBRARIAN Microsoft Windows Network local +br0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian Internet Printer local +br0 IPv6 Samsung C410 Series @ TheLibrarianInternet Printer local +br0 IPv6 PDF @ TheLibrarianInternet Printer local +br0 IPv6 Samsung ML-1210 @ TheLibrarianInternet Printer local +br0 IPv6 EPSON Stylus Photo R300 @ TheLibrarianInternet Printer local +br0 IPv4 HP Color LaserJet CP1215 @ TheLibrarian Internet Printer local +br0 IPv4 Samsung C410 Series @ TheLibrarianInternet Printer local +br0 IPv4 PDF @ TheLibrarianInternet Printer local +br0 IPv4 Samsung ML-1210 @ TheLibrarianInternet Printer local +br0 IPv4 EPSON Stylus Photo R300 @ TheLibrarianInternet Printer local + enp5s0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian Internet Printer local + enp5s0 IPv6 Samsung C410 Series @ TheLibrarianInternet Printer local + enp5s0 IPv6 PDF @ TheLibrarianInternet Printer local + enp5s0 IPv6 Samsung ML-1210 @ TheLibrarianInternet Printer local + enp5s0 IPv6 EPSON Stylus Photo R300 @ TheLibrarianInternet Printer local +br0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian Secure Internet Printer local +br0 IPv6 Samsung C410 Series @ TheLibrarianSecure Internet Printer local +br0 IPv6 PDF @ TheLibrarianSecure Internet Printer local +br0 IPv6 Samsung ML-1210 @ TheLibrarianSecure Internet Printer local +br0 IPv6 EPSON Stylus Photo R300 @ TheLibrarianSecure Internet Printer local +br0 IPv4 HP Color LaserJet CP1215 @ TheLibrarian Secure Internet Printer local +br0 IPv4 Samsung C410 Series @ TheLibrarianSecure Internet Printer local +br0 IPv4 PDF @ TheLibrarianSecure Internet Printer local +br0 IPv4 Samsung ML-1210 @ TheLibrarianSecure Internet Printer local +br0 IPv4 EPSON Stylus Photo R300 @ TheLibrarianSecure Internet Printer local + enp5s0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian Secure Internet Printer local + enp5s0 IPv6 Samsung C410 Series @ TheLibrarianSecure Internet Printer local + enp5s0 IPv6 PDF @ TheLibrarianSecure Internet Printer local + enp5s0 IPv6 Samsung ML-1210 @ TheLibrarianSecure Internet Printer local + enp5s0 IPv6 EPSON Stylus Photo R300 @ TheLibrarianSecure Internet Printer local +br0 IPv6 EPSON Stylus Photo R300 @ TheLibrarianUNIX Printer local +br0 IPv6 Samsung ML-1210 @ TheLibrarianUNIX Printer local +br0 IPv6 PDF @ TheLibrarianUNIX Printer local +br0 IPv6 Samsung C410 Series @ TheLibrarianUNIX Printer local +br0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian UNIX Printer local +br0 IPv4 EPSON Stylus Photo R300 @ TheLibrarianUNIX Printer local +br0 IPv4 Samsung ML-1210 @ TheLibrarianUNIX Printer local +br0 IPv4 PDF @ TheLibrarianUNIX Printer local +br0 IPv4 Samsung C410 Series @ TheLibrarianUNIX Printer local +br0 IPv4 HP Color LaserJet CP1215 @ TheLibrarian UNIX Printer local + enp5s0 IPv6 EPSON Stylus Photo R300 @ TheLibrarianUNIX Printer local + enp5s0 IPv6 Samsung ML-1210 @ TheLibrarianUNIX Printer local + enp5s0 IPv6 PDF @ TheLibrarianUNIX Printer local + enp5s0 IPv6 Samsung C410 Series @ TheLibrarianUNIX Printer local + enp5s0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian UNIX Printer local +br0 IPv4 RT-ACRH13-54A4 [88:d7:f6:a7:54:a4]Workstation local =br0 IPv4 RT-ACRH13-54A4 [88:d7:f6:a7:54:a4]Workstation local hostname = [RT-ACRH13-54A4.local] address = [192.168.1.1] port = [9] txt = [] +br0 IPv6 THELIBRARIAN
Re: SanDisk USB stick problem [solved]
On Wed, Dec 09, 2020 at 07:47:14PM +, Joe wrote: > I believe a mount point will always be owned by root, regardless of the > permissions of the underlying directory, because only root is allowed > to mount things. unicorn:~$ mkdir mtpt unicorn:~$ ls -ld mtpt drwxr-xr-x 2 greg greg 4096 Dec 9 15:22 mtpt/ unicorn:~$ sshfs remote: mtpt unicorn:~$ ls -ld mtpt drwxr-xr-x 1 greg greg 4096 Dec 6 23:09 mtpt/ FUSE changes a few things.
Re: SanDisk USB stick problem
On Wed, 9 Dec 2020 19:10:42 + Joe wrote: > On Wed, 9 Dec 2020 13:35:57 -0500 > Celejar wrote: > > > On Tue, 8 Dec 2020 20:39:35 -0800 > > David Christensen wrote: > > > > ... > > > > > As you have not stated how you mounted the drive, I will assume > > > that you plugged it in, an icon appeared on the desktop, you > > > interacted with the icon, and the drive was mounted at /media/usb0. > > > If so, AIUI the various Debian desktops with automounting use > > > FUSE. The user account running > > > > They do? Do you have documentation of this? I can't find anything > > about this in the documentation of, say, Xfce4's thunar-volman: > > > > https://docs.xfce.org/xfce/thunar/using-removable-media > > > > > the desktop and automounter will have whatever access controls that > > > are supported by the filesystem and/or by FUSE. But all other user > > > accounts, including the root account (!), are denied access to the > > > filesystem. This is a security feature of FUSE. See > > > mount.fuse(8). > > > > I haven't investigated it thoroughly, but when I have casually checked > what is mounted, I see that any USB sticks plugged in are on fuse. Xfce > on sid, no usbmount, automounting done by systemd, by the way. Interesting. I haven't been using automounting, but I just enabled Xfce's native automounting (Thunar / Edit / Preferences / Advanced / Volume Management:Configure / Mount removable drives when hot-plugged) and stuck in a flash drive. It gets mounted and I don't see any FUSE involved: ~$ mount | grep sdb /dev/sdb on /media//disk type vfat (rw,nosuid,nodev,relatime,uid=1000,gid=1000,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,showexec,utf8,flush,errors=remount-ro,uhelper=udisks2) ~$ mount | grep fuse fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) I'm curious about this because I can't imagine that FUSE performance is as good as native, so why would automounters pay the performance penalty of FUSE when native mounting would seem easy enough to do? Celejar
Re: Two questions as I prepare for a new install
On Wed 09 Dec 2020 at 19:10:53 (+), Mark Fletcher wrote: > On Mon, Dec 07, 2020 at 06:06:43PM -0700, Charles Curley wrote: > > On Tue, 8 Dec 2020 00:00:54 + Mark Fletcher wrote: > > > > > 1. Does anyone have any advice (or a link to offcial advice) > > > regarding whether a new bullseye install is better done with the > > > testing installer at this time, or by first installing buster and > > > then upgrading? > > > > In general, you are better off installing new rather than upgrading. > > Installing new means less Buster cruft on your system compared to > > upgrading buster. Upgrading is a PITA. Why install and then upgrade > > when installing will get you what you want? > > Thanks, great to know -- but just for the record that didn't use to be > the advice -- I'm sure a search through the archives of this list will > show times when people advised that the way to install testing was to > install stable and then upgrade. Well, it does seem reasonable that every time a new release comes out, advice will revert to "use the stable installer and upgrade". To be fair, people's old advice remains on the archives for ever, whether or not it's appropriate for the present time. > That sounded like a faff, for exactly > the reasons you mentioned, hence why I asked -- was hoping I'd get the > answer you gave! One might hope that a 3-day-old version of the d-i can make a reasonable success of installing bullseye. After all, we're now only a few months out from its release. Cheers, David.
Re: ssh tunnelling testing [solved]
On 2020-12-07 16:02, Gary Dale wrote: On 2020-12-07 14:23, john doe wrote: On 12/7/2020 8:11 PM, Gary Dale wrote: On 2020-12-07 14:03, john doe wrote: On 12/7/2020 7:54 PM, Gary Dale wrote: On 2020-12-07 13:24, john doe wrote: On 12/7/2020 6:38 PM, Gary Dale wrote: (actually through the /etc/hosts file using the server's name). I've set up port forwarding on both my routers (I have an inner network and an outer one, using the outer network for devices I don't really control). I can access my Apache2 server on the inner network by forwarding port 80 on the outer network to the WAN address of the inner router and forwarding that to my server. Pointing my browser to the external IP address of the outer router brings up the default page - which I can change so I know it's the actual local page > However, when I try to ssh to the same address, it just times out. I've compared the sshd.conf file on my local server to one on a remote server and they are identical. The only uncommented lines are: PasswordAuthentication no ChallengeResponseAuthentication no UsePAM yes X11Forwarding yes PrintMotd no AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server Any ideas on what's going wrong? - This looks like your port forwarding is not working... - What are the logs saying? - Is the SSH server allowing access from the outside? Note that it is unclear to me how you can test outside access from the inside. Your first point is what I am complaining about. The outer router doesn't have a log function and an ssh attempt never shows up on the inner router. As I explained in the initial post, I've set up the port forwarding to allow it and the sshd.conf file is identical to one that allows access from the outside. I can test outside access from the inside by trying to connect to the external address. As with my browser example, the request goes to the device that has the particular IP address being sought. That is the external port on the outer router. I can also ssh to the external port on the inner router (which I can't think of a reason to do except for testing). Interestingly, this works but doesn't get logged. Sorry, I'm lost at your setup, the only thing that I can say is that something looks to be rong with regard to your firewall config. The thing is the forwarding setup is the same for port 22 as it is for port 80. I know that the port 80 forwarding is working so why isn't the port 22 forwarding? I still don't know the answer to that one, but when I changed the external port to something else (on the outer router), it started working. Something is rong if it works that way. You did not use the same rule for both port 80 and 22, if yes, this would mean that port 22 and 80 are redirected to port 80, which is not what you want. In other words, you need one rule per redirect port. I didn't say I used the same rule. I said the setup is the same. Any external traffic on that port is directed to the same port on the inner router. It's kind of difficult to get that wrong. I suspect that my ISP is using port 22 for their own purposes but didn't bother excluding it in the router's programming. Now I just have to remember to set the -p option in ssh to connect. To avoid the -p option: $ cat ~/.ssh/config Host sshserver HostName Port $ ssh sshserver I could, but it's not something I'm using often. If I forget, I'll be reminded when it fails to connect. My ISP has confirmed this seems to be a generic issue with that modem/router. While I suspect that a firmware update could fix it, I can't find any way to upgrade the firmware, which is another good reason for having an inner and outer network. I think it is utterly irresponsible for anyone to sell internet-connected hardware that can't have its firmware upgraded.
Faire fonctionner une Webcam sous Debian Buster
Hello, J'ai retrouvé une ancienne Webcam sur port USB. Je tente de la faire marcher sur un ordinateur de bureau. lsusb donne : Primax Electronics, Ltd HP Optical Mouse Bus 001 Device 003: ID 046d:0840 Logitech, Inc. QuickCam Express Il semble que 2 webcam soient détectés (je n'en ai qu'une) Je la teste depuis un site Web, mais aucune image sur mon écran. Je teste avec l'appli cheese : aucun périphérique détecté. Merci d'une aide et bonne soirée. A. Valmer
Re: SanDisk USB stick problem [solved]
On Wed, 9 Dec 2020 12:22:28 -0700 Fred wrote: > When I was denied permission to write a file to the device as a > regular user I checked the permissions and then discovered root could > not change them. Being a hardware oriented person I was concerned > the SecureAccess software needed to change a write protect bit in the > device and decided to ask for help. I should have tried writing to > the device as root but being very busy I didn't. It is writable by > root and anyone can read it so there is no problem. I believe a mount point will always be owned by root, regardless of the permissions of the underlying directory, because only root is allowed to mount things. The device mounted on the mount point will normally be owned by the logged-in user, unless /etc/fstab contains instructions to the contrary. A device mounted while no user is logged in will be owned by root (again, subject to fstab), something that usually happens if an external drive has been left attached after shutting down. It's generally a bad idea to boot with an external medium attached, unless it's bootable and you explicitly want to boot it. If it isn't bootable, it will either be mounted as root (which may not prevent other users writing to it) or the BIOS may hang. -- Joe
Re: fsck amb raid1 + lvm
Hola Àlex i companyia, El raid + lvm està muntat amb l'instal·lador d'una Stretch que ha passat a Buster i poc més. Jo tampoc tinc experiència amb lvmraid. A continuació, la captura que vaig fer per si algú en treu més informació. https://lh3.googleusercontent.com/MVklyTTBM3KWcLjLVO1dR6MJPQAOzd24S-TQ2dnwwOyWpYDuGm2yi59MDH_PzTjI_X1vDkkPKbrp1daxHUNOx6T0LOzFxLtjUYflKiuVXSEVuU1iSGkzfRAI-H_Sf3A3yEwT2ToIXg2HyuWU9jtmoGpBB0I0BOF7feui5w4Z-4pifZYW1L0LC27BgvGTEEK5-qW8zn_wt-woEKd037aj5NUjHCN0XULxmAkN0w2iO1tdcJO373Br080snDsXGyzkFG0qt3CrCqm63f42XbJCkUPEbI_02cWlv60OdT97JinvNlZBgD8aorORcvEGD3f_oG2LxF67ksBjogi3sQsVfBWeRBYWEYCS9cwOHJLmFKTiO4YI61R7Kv6ANbQVcI6P5gUDlHhpY566khi_la2jcCLoFjY5foTuuH1FbQ-1szS5QLt01sKkvSvyIuK4y4Ox0sYMd7VXDCKV1t_ZtnTK4tdoulLBcKNbkPhP9KQBKHWdGhTeL_KcbAtP5YUh3xA8uaWwleeEpuerU3xfYpW0a-TS5iFUp4XWNoEhDzaYBVzDS8oMjYqgjLeelCZzjXGw5qaQ8K6OnioSNQemfsWU3rnMoW8j57zRC9HUgXE6SeMJazaBu0IBl2zcMZFTQIBtGoTWrf6nVz391iE378FYfztoeMkMTw3Xk2F3_twbGj1y4v4U2yKxU5sLpQRqgTU=w495-h880-no?authuser=0 Missatge de Alex Muntada del dia dc., 9 de des. 2020 a les 10:28: > Hola Lluís > > > la pregunta és si algú s'hi ha trobat i perquè el fsck em diu > > que ja ha corregit tots els errors i quan torna a arrencar en > > torna a trobar en inodes diferents, etc ... > > Jo no m'he trobat mai en la situació que comentes, tot i haver > gestionat durant una pila d'anys força servidors amb mdadm en > RAID1 i amb LVM per als volums. En aquests anys vam tenir una > pila de discos avariats i alguns talls de corrent que el SAI no > va poder gestionar, però no recordo un escenari com el que tu > descrius. > > Pensant-hi una mica se m'acut que potser la diferència en el teu > cas sigui si el RAID1 el gestiona lvmraid enlloc de mdadm? No > tinc experiència amb lvmraid, així que no et puc dir si els trets > van per aquí però és l'única diferència que se m'acut que podria > haver-hi entre la teva experiència i la meva. > > Salut i records! > Alex > > -- > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ Alex Muntada > ⢿⡄⠘⠷⠚⠋ Debian Developer log.alexm.org > ⠈⠳⣄ > >
Re: Two questions as I prepare for a new install
On Wed, 9 Dec 2020 19:10:53 + Mark Fletcher wrote: > On Mon, Dec 07, 2020 at 06:06:43PM -0700, Charles Curley wrote: > > On Tue, 8 Dec 2020 00:00:54 + > > Mark Fletcher wrote: > > > > > 1. Does anyone have any advice (or a link to offcial advice) > > > regarding whether a new bullseye install is better done with the > > > testing installer at this time, or by first installing buster and > > > then upgrading? > > > > In general, you are better off installing new rather than upgrading. > > Installing new means less Buster cruft on your system compared to > > upgrading buster. Upgrading is a PITA. Why install and then upgrade > > when installing will get you what you want? > > > > Thanks, great to know -- but just for the record that didn't use to > be the advice -- I'm sure a search through the archives of this list > will show times when people advised that the way to install testing > was to install stable and then upgrade. That sounded like a faff, for > exactly the reasons you mentioned, hence why I asked -- was hoping > I'd get the answer you gave! There's a big difference between upgrading a fresh installation of stable, and one that's a couple of years old and has picked up some cruft. There's an even bigger difference between upgrading a fresh, *minimal* installation of stable before adding the desired applications, and upgrading one packed with applications, any of which may have issues when upgraded. I've never had problems upgrading a new, very minimal stable directly to unstable, something I wouldn't want to do with a well-used, mature stable. And I have recently upgraded a working netbook from stretch to buster, which was a sort of trial run to doing it on my server. The test served its purpose, I won't be upgrading the server. > > Anyone have any thoughts on the second question I asked? > No, currently on AMD and Intel. -- Joe
Re: SanDisk USB stick problem [solved]
On 12/8/20 9:39 PM, David Christensen wrote: On 2020-12-08 07:29, Fred wrote: Hello, I bought a SanDisk Cruzer Glide USB stick. The fine print on the package says it has SecureAccess software. It is so secure it prevents me from writing to it without running the included Bill Gates cancerous, virus infested, scourge of the Earth software. fred@ragnok:/media/usb0$ ls -l total 8416 drwxr-xr-x 2 root root 16384 Jul 9 2018 SanDiskSecureAccess -rwxr-xr-x 1 root root 8600360 Nov 4 2016 SanDiskSecureAccessV3.01_win.exe fred@ragnok:/media/usb0$ I have many SanDisk USB flash drives, including several Cruzer Glide. They typically have an MBR partition scheme and one large VFAT or NTFS partition. "SanDisk Secure Access" is optional Windows encryption software that is bundled with SanDisk USB flash drives. Use it, ignore it, or delete it as you please; the software is not required to use the drive on any computer that supports the factory partitioning scheme and filesystem. When I was denied permission to write a file to the device as a regular user I checked the permissions and then discovered root could not change them. Being a hardware oriented person I was concerned the SecureAccess software needed to change a write protect bit in the device and decided to ask for help. I should have tried writing to the device as root but being very busy I didn't. It is writable by root and anyone can read it so there is no problem. root@ragnok:/home/fred# chown fred /media/usb0 chown: changing ownership of '/media/usb0': Operation not permitted Attempts to add write permission are also denied. As you have not stated how you mounted the drive, I will assume that you plugged it in, an icon appeared on the desktop, you interacted with the icon, and the drive was mounted at /media/usb0. If so, AIUI the various Debian desktops with automounting use FUSE. The user account running the desktop and automounter will have whatever access controls that are supported by the filesystem and/or by FUSE. But all other user accounts, including the root account (!), are denied access to the filesystem. This is a security feature of FUSE. See mount.fuse(8). I do not use a DE. Just openbox and xterm/command line. Something automagically mounts USB devices. Fuse is installed so maybe that is it. Is there any way to disable or remove the SecureAccess software? If you want to use the flash drive to move files between DOS, Windows, Linux, macOS, BSD, etc., leave the factory partitioning scheme and filesystem intact. Use the desktop to mount and unmount the filesystem on the flash drive. Use the file manager or a normal, non-root, terminal to delete or move aside the "Secure Access" stuff. If you want to use the drive for some other purpose, such as burning a Debian Installer ISO image onto it, do not mount the drive using the desktop. (You may have to disable the desktop automounting feature). Instead, open a terminal and use sudo(8) or su(1) to work with the drive. David Thanks for the help. Best regards, Fred
Re: running microsoft team on debian 10.3
On 2020-12-08 22:37, Dan Hitt wrote: One of the local government agencies that i would like to interact with communicates using Microsoft Team. The software actually has a debian package, which i have downloaded, but not installed yet. I have a computer running debian 10.3, but it does not have a web cam or a mic. So presumably i need to set up both of those items to make this work. Does anybody have any experience using Microsoft Team on debian, and is there anything i need to be cautious about (of course apart from running software from a giant software company)? Any advice about the web cam or mic? TIA for any pointers. dan Any of the Logitech cameras with an integrated mic should work fine. They are readily available, reliable and reasonably priced. I've been using them for years without problems.
Re: Two questions as I prepare for a new install
On Mon, Dec 07, 2020 at 06:06:43PM -0700, Charles Curley wrote: > On Tue, 8 Dec 2020 00:00:54 + > Mark Fletcher wrote: > > > 1. Does anyone have any advice (or a link to offcial advice) > > regarding whether a new bullseye install is better done with the > > testing installer at this time, or by first installing buster and > > then upgrading? > > In general, you are better off installing new rather than upgrading. > Installing new means less Buster cruft on your system compared to > upgrading buster. Upgrading is a PITA. Why install and then upgrade > when installing will get you what you want? > Thanks, great to know -- but just for the record that didn't use to be the advice -- I'm sure a search through the archives of this list will show times when people advised that the way to install testing was to install stable and then upgrade. That sounded like a faff, for exactly the reasons you mentioned, hence why I asked -- was hoping I'd get the answer you gave! Anyone have any thoughts on the second question I asked? Thanks Mark
Re: SanDisk USB stick problem
On Wed, 9 Dec 2020 13:35:57 -0500 Celejar wrote: > On Tue, 8 Dec 2020 20:39:35 -0800 > David Christensen wrote: > > ... > > > As you have not stated how you mounted the drive, I will assume > > that you plugged it in, an icon appeared on the desktop, you > > interacted with the icon, and the drive was mounted at /media/usb0. > > If so, AIUI the various Debian desktops with automounting use > > FUSE. The user account running > > They do? Do you have documentation of this? I can't find anything > about this in the documentation of, say, Xfce4's thunar-volman: > > https://docs.xfce.org/xfce/thunar/using-removable-media > > > the desktop and automounter will have whatever access controls that > > are supported by the filesystem and/or by FUSE. But all other user > > accounts, including the root account (!), are denied access to the > > filesystem. This is a security feature of FUSE. See > > mount.fuse(8). > I haven't investigated it thoroughly, but when I have casually checked what is mounted, I see that any USB sticks plugged in are on fuse. Xfce on sid, no usbmount, automounting done by systemd, by the way. -- Joe
Re: VPN ideas
On Wed, 9 Dec 2020 10:03:59 -0500 Henning Follmann wrote: > On Wed, Dec 09, 2020 at 11:00:41AM +, Joe wrote: > > On Wed, 9 Dec 2020 12:49:44 +0200 > > Andrei POPESCU wrote: > > > > > On Mi, 09 dec 20, 10:21:46, Joe wrote: > > > > On Wed, 9 Dec 2020 11:49:45 +0200 > > > > Andrei POPESCU wrote: > > > > > > > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > > > [...] > > > > > > > Let me rephrase that: how is connecting to the internet from some > > > public hot-spot decreasing my security? > > > > > > I can think of possibly messing with DNS queries (use "own" DNS > > > server instead, maybe with DNSSEC) and possible some attacks are > > > easier via the local network (e.g. by other hot-spot users or > > > local staff). > > > > > > Other that that, as far as I'm aware, the biggest threat are the > > > servers I access with my client software (typically web sites > > > accessed with a browser), in which case it doesn't make any > > > difference whether I access them via some VPN and/or (home) > > > firewall. > > > > > > (Assuming one doesn't run NFS, Samba, etc. *listening* software on > > > the laptop in which case stopping those and/or running a firewall > > > would be indicated.) > > > > > > > I suppose it may depend on where you are. In the UK, public wifi > > normally uses no encryption, because there are no local staff who > > can help with problems. So any unencrypted protocol you use can be > > overheard. > > > > So let me be devils advocat here. > > Is the network connection from your ISP encrypted? > I guess not. So why is it more secure or trustworthy? > It's not more secure, (apart from using wifi only occasionally) but the kind of people looking at other peoples' network activities are more likely to target public wifi than to sit outside my house. It will require significantly more resources and risk to tap into an ISP cable than to sit in a cafe somewhere with a laptop (running Linux) and some black hat software. -- Joe
Re: Can't print to CUPS printer on my server
On 2020-12-08 13:29, Brian wrote: On Tue 08 Dec 2020 at 12:27:18 -0500, Gary Dale wrote: I'm running Debian/Bullseye on my workstation and Debian/Buster on my server. I have an old HP CP-1215 color laserjet attached to the server by a USB cable. I can print a CUPS test page from the server but not from my The server is not the problem if printing from it is successful. Please do avahi-browse -art > log1 -bash: avahi-browse: command not found - for both regular user and root on the server and post log here as an attachment. avahi-browse is in the avahi-utils package. Also give 'lpstat -t'. device for CP1215: hp:/usb/HP_Color_LaserJet_CP1215?serial=LJ090T7 device for EPSON_Stylus_Photo_R300: usb://EPSON/Stylus%20Photo%20R300 device for ML-1210: usb://Samsung/ML-1210 device for PDF: cups-pdf:/ device for Samsung_C410_Series: usb://Samsung/C410%20Series?serial=ZEVQB8GF3A00HFJ CP1215 accepting requests since Tue 08 Dec 2020 10:46:27 AM EST EPSON_Stylus_Photo_R300 accepting requests since Tue 28 Apr 2015 05:49:05 PM EDT ML-1210 accepting requests since Thu 12 Jul 2012 03:12:20 PM EDT PDF accepting requests since Mon 16 May 2016 05:35:30 PM EDT Samsung_C410_Series accepting requests since Thu 20 Aug 2020 04:44:57 PM EDT printer CP1215 is idle. enabled since Tue 08 Dec 2020 10:46:27 AM EST printer EPSON_Stylus_Photo_R300 is idle. enabled since Tue 28 Apr 2015 05:49:05 PM EDT printer ML-1210 is idle. enabled since Thu 12 Jul 2012 03:12:20 PM EDT printer PDF is idle. enabled since Mon 16 May 2016 05:35:30 PM EDT printer Samsung_C410_Series is idle. enabled since Thu 20 Aug 2020 04:44:57 PM EDT workstation. When I try to print anything from my workstation to that printer, I get /"No suitable destination host found by cups-browsed."/ This is a cups-browsed issue. Give 'lpstat -t' on the client. scheduler is running no system default destination members of class ColourLaser: unknown device for ColourLaser: ///dev/null device for EPSON_Stylus_Photo_R300_TheLibrarian: implicitclass://EPSON_Stylus_Photo_R300_TheLibrarian/ device for EPSON_XP-820_Series: usb://EPSON/XP-820%20Series?serial=554638593032343867=1 device for HP_Color_LaserJet_CP1215_TheLibrarian: implicitclass://HP_Color_LaserJet_CP1215_TheLibrarian/ device for PDF_TheLibrarian: implicitclass://PDF_TheLibrarian/ device for Samsung_C410_Series: dnssd://Samsung%20C410%20Series%20(SEC30CDA71CB48A)._printer._tcp.local/ device for Samsung_C410_Series_SEC30CDA71CB48A_: ///dev/null device for Samsung_C410_Series_TheLibrarian: implicitclass://Samsung_C410_Series_TheLibrarian/ device for Samsung_ML_1210_TheLibrarian: implicitclass://Samsung_ML_1210_TheLibrarian/ ColourLaser accepting requests since Fri Dec 11 23:27:13 2015 EPSON_Stylus_Photo_R300_TheLibrarian accepting requests since Wed Dec 9 00:00:30 2020 EPSON_XP-820_Series accepting requests since Tue Dec 8 11:50:18 2020 HP_Color_LaserJet_CP1215_TheLibrarian accepting requests since Wed Dec 9 00:00:28 2020 PDF_TheLibrarian accepting requests since Wed Dec 9 00:00:29 2020 Samsung_C410_Series accepting requests since Fri Sep 11 17:44:23 2020 Samsung_C410_Series_SEC30CDA71CB48A_ not accepting requests since Fri Aug 21 00:00:10 2020 - reason unknown Samsung_C410_Series_TheLibrarian accepting requests since Wed Dec 9 00:00:28 2020 Samsung_ML_1210_TheLibrarian accepting requests since Wed Dec 9 00:00:29 2020 printer ColourLaser is idle. enabled since Fri Dec 11 23:27:13 2015 printer EPSON_Stylus_Photo_R300_TheLibrarian is idle. enabled since Wed Dec 9 00:00:30 2020 printer EPSON_XP-820_Series is idle. enabled since Tue Dec 8 11:50:18 2020 printer HP_Color_LaserJet_CP1215_TheLibrarian is idle. enabled since Wed Dec 9 00:00:28 2020 printer PDF_TheLibrarian is idle. enabled since Wed Dec 9 00:00:29 2020 printer Samsung_C410_Series is idle. enabled since Fri Sep 11 17:44:23 2020 printer Samsung_C410_Series_SEC30CDA71CB48A_ disabled since Fri Aug 21 00:00:10 2020 - reason unknown printer Samsung_C410_Series_TheLibrarian is idle. enabled since Wed Dec 9 00:00:28 2020 printer Samsung_ML_1210_TheLibrarian is idle. enabled since Wed Dec 9 00:00:29 2020 I've deleted and re-added the printer on the server and rebooted my workstation but I still get the same problem. The printer is using the foomatic drivers. CUPS reports that it is 2.3.3op1 on my workstation and 2.2.10 on my server. // Executing avahi-browse -art > log2 on the client and sending log2 here could be useful. -bash: avahi-browse: command not found - for both regular user and root.
Re: Can't print to CUPS printer on my server
On 2020-12-08 16:19, Joe Pfeiffer wrote: Gary Dale writes: I'm running Debian/Bullseye on my workstation and Debian/Buster on my server. I have an old HP CP-1215 color laserjet attached to the server by a USB cable. I can print a CUPS test page from the server but not from my workstation. When I try to print anything from my workstation to that printer, I get "No suitable destination host found by cups-browsed." I've deleted and re-added the printer on the server and rebooted my workstation but I still get the same problem. The printer is using the foomatic drivers. CUPS reports that it is 2.3.3op1 on my workstation and 2.2.10 on my server. Did you set the printer to be shared? Yes
Re: running microsoft team on debian 10.3
On Wed, 2020-12-09 at 18:34 +, Eric S Fraga wrote: > > I tried with somebody using a Windows 10 laptop and there did not > appear > to be any zooming capability in the Teams viewer unfortunately ... That's correct. MS has this on its development roadmap, but it is not part of the app or the web client at this time. -- Carl Fink c...@finknetwork.comhttps://reasonablyliterate.com If you want to make a point, somebody will take the point and stab you with it.-Kenne Estes
Re: SanDisk USB stick problem
On Tue, 8 Dec 2020 20:39:35 -0800 David Christensen wrote: ... > As you have not stated how you mounted the drive, I will assume that you > plugged it in, an icon appeared on the desktop, you interacted with the > icon, and the drive was mounted at /media/usb0. If so, AIUI the various > Debian desktops with automounting use FUSE. The user account running They do? Do you have documentation of this? I can't find anything about this in the documentation of, say, Xfce4's thunar-volman: https://docs.xfce.org/xfce/thunar/using-removable-media > the desktop and automounter will have whatever access controls that are > supported by the filesystem and/or by FUSE. But all other user > accounts, including the root account (!), are denied access to the > filesystem. This is a security feature of FUSE. See mount.fuse(8). Celejar
Re: running microsoft team on debian 10.3
On Wednesday, 9 Dec 2020 at 17:13, Andrei POPESCU wrote: > In case it helps someone, zooming by the viewer in Teams should work on > mobile devices (tested on company iPad), no ideea about the desktop or > web app. Good to know. I tried with somebody using a Windows 10 laptop and there did not appear to be any zooming capability in the Teams viewer unfortunately. Zoom (the application) worked a little better in this regard in that it allows zooming in but not panning (or at least it wasn't apparent that panning was possible). Basically, Linux versions of these apps are not as good which, these days, is rather surprising (to me) as platform independent software should be much easier to write than it used to be. In the case of Teams, of course, there is a disincentive for MS to support Linux properly... -- Eric S Fraga via Emacs 28.0.50 & org 9.4 on Debian bullseye/sid
Re: Replying. [was Re: AMD GPU Sea Islands Problem]
On Wed, 9 Dec 2020 08:04:19 + Brad Rogers wrote: > On Tue, 8 Dec 2020 20:37:37 -0500 > Celejar wrote: > > Hello Celejar, > > >Under Preferences, I have a Compose tab, but no Writing one, and the > > Writing is under Compose; This is in Claws - Sylpheed may well differ. Yes; as I said, I'm pretty sure we've found one of the actual differences between Sylpheed and Claws. In Sylpheed, there's no "Writing" under "Compose". Celejar
Re: Ipv6, but no Ipv4 after reboot
On Wednesday, 9 December 2020 16:43:01 CET Andrei POPESCU wrote: > Did something change or has it "always" been like this? What about other > systems on the same network (if any). I had this problem on a tower on the same network. It's now gone (or flapping...) I currently have this is issue on a laptop through the wired lan (eno2). Looks like the Ipv6 connection is setup by the kernel: $ journalctl -b -g eno2 -- Journal begins at Sun 2020-08-09 16:30:57 CEST, ends at Wed 2020-12-09 18:20:06 CET. -- Dec 09 18:13:45 ylum kernel: e1000e :00:1f.6 eno2: renamed from eth0 Dec 09 18:13:45 ylum kernel: e1000e :00:1f.6 eno2: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx Dec 09 18:13:45 ylum kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno2: link becomes ready Dec 09 18:13:46 ylum avahi-daemon[968]: Joining mDNS multicast group on interface eno2.IPv6 with address 2a01:e0a:3d9:ddd0:c23e:baff:fe4e:7ad2. Dec 09 18:13:46 ylum avahi-daemon[968]: New relevant interface eno2.IPv6 for mDNS. Dec 09 18:13:46 ylum avahi-daemon[968]: Registering new address record for 2a01:e0a:3d9:ddd0:c23e:baff:fe4e:7ad2 on eno2.*. Dec 09 18:13:46 ylum avahi-daemon[968]: Failed to parse address 'fe80::211:32ff:fe97:4c1a%eno2', ignoring. Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7753] device (eno2): carrier: link connected Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7756] manager: (eno2): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2) Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7778] device (eno2): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7787] device (eno2): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7794] device (eno2): Activation: starting connection 'eno2' (7336013e-afac-4377-972e-6a44ba571385) Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7867] device (eno2): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7872] device (eno2): state change: prepare -> config (reason 'none', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7876] device (eno2): state change: config -> ip-config (reason 'none', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7880] device (eno2): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7898] device (eno2): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7900] device (eno2): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external') Dec 09 18:13:46 ylum NetworkManager[972]: [1607534026.7909] device (eno2): Activation: successful, device activated. For what it's worth, the whole NetworkManager log can be found there: https://paste.debian.net/1176256/ But I could not find more relevant information. After boot, NetworkManager lists 2 eno2 interface: - one created at boot time with Ipv6 and no DNS (even though /etc/resolv.conf contains the dns entries given by dhcp) - one configured before which requires Ipv4 This configuration is detailed in the output of "nmcli c show eno2": https://paste.debian.net/1176258/ > > Still, this is cumbersome. I've found no obvious problems in the logs. > > How / where did you check? What is the difference in the logs between > reboot and disconnect / reconnect? When reconnecting with NM, I can see that DHCP is run and both Ipv4 and v6 are setup: https://paste.debian.net/1176261/ > In case it helps, 'journalctl --unit NetworkManager.service' will filter > entries (need to be root or member of 'adm' or 'systemd-journald'). See above > Is this with DHCP or static IP? If DHCP, can you tell us more about the > DHCP server (device, software, etc.)? It might be useful to check the > status / logs / etc. there if you have access. DHCP server is provided by my internet box (for French readers, that's Free's pop box ). I don't think there's a DHCP request sent when the eno2 interface is set by the kernel. > Does it still happen if you switch to a static config? ipv4 is brought up: $ journalctl -b -g eno2 -- Journal begins at Sun 2020-08-09 16:30:57 CEST, ends at Wed 2020-12-09 18:57:15 CET. -- Dec 09 18:51:47 ylum kernel: e1000e :00:1f.6 eno2: renamed from eth0 Dec 09 18:51:47 ylum kernel: e1000e :00:1f.6 eno2: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx Dec 09 18:51:47 ylum kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eno2: link becomes ready Dec 09 18:51:48 ylum avahi-daemon[1232]: Joining mDNS multicast group on interface eno2.IPv6 with address
Re: Can't print to CUPS printer on my server
On Wed 09 Dec 2020 at 11:29:28 -0500, Gary Dale wrote: > On 2020-12-09 10:25, Brian wrote: > > On Wed 09 Dec 2020 at 10:04:14 -0500, Gary Dale wrote: > > > > > On 2020-12-08 13:29, Brian wrote: > > > > avahi-browse -art > log1 > > > -bash: avahi-browse: command not found - for both regular user and root > > > > > > > on the server and post log here as an attachment. avahi-browse is in the > > > > avahi-utils package. > > How about installing avahi-utils? :) > > I don't seem to need it for anything else. I'm leery of installing packages, > especially on a server, that I don't use. I bet you have cups-browsed installed on the server. It's completely unneeded and doesn't do anything to enhance the printing system there. But that is BTW. :) > = enp5s0 IPv6 HP Color LaserJet CP1215 @ TheLibrarian Secure Internet > Printer local >hostname = [TheLibrarian.local] >address = [fe80::feaa:14ff:fe9b:b835] >port = [631] >txt = ["printer-type=0x80901E" "printer-state=3" "Duplex=T" "Color=T" > "TLS=1.2" "UUID=bd713eeb-c38d-39f4-40b6-a997738b33d1" "URF=DM3" > "pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg,image/png,image/pwg-raster,image/urf" > "product=(HP Color LaserJet CP1215)" "priority=0" "note=family room" > "adminurl=https://TheLibrarian.local.:631/printers/CP1215; "ty=HP Color > LaserJet CP1215 Foomatic/foo2hp (recommended)" "rp=printers/CP1215" > "qtotal=1" "txtvers=1"] The printer is found at TheLibrarian.local and its resource path is printers/CP1215, giving a URI of ipp://TheLibrarian.local:631/printers/CP1215 At present you are relying on cups-browsed on the client to discover, auto-setup and manage the CP1215; it appears to be having an off day. Let's manage the print queue ourselves. Execute lpadmin -p -v -E -m raw The -p option can be anything you want, for example, cp1215. -- Brian.
Re: Ipv6, but no Ipv4 after reboot
On 12/9/20, Andrei POPESCU wrote: > On Mi, 09 dec 20, 15:54:53, Dominique Dumont wrote: >> Hi >> >> I've run in a weird problem. After a reboot, only Ipv6 address is setup on >> my >> wired network card. > > Did something change or has it "always" been like this? What about other > systems on the same network (if any). > >> The workaround is fairly simple: disconnect and reconnect with network >> manager. Note that Ipv4 is brought up after suspend/resume >> >> Still, this is cumbersome. I've found no obvious problems in the logs. Maybe 2-year-old Bullseye with experimental wicd-curses here. Updates are ALL current except for Linux kernel. It's on Developer hold. 1,000 other packages were, too, but they installed well so far. I just didn't feel like fighting with the kernel if it failed. Nope, I just installed all those files about 2 days ago. My version of this issue began somewhere in the week or more before that. :) In my case, I started having similar issues with wicd-curses. I THOUGHT it was due to occasionally having to hit the hardware button to shut down and then restart. I've experienced similar program disfunction with other packages in the past so I just took it all as being behavior that should be expected. Then about two days ago, it happened during a nice, safe, normal reboot. So far, it just takes ANOTHER reboot to become functional again. My Firefox-ESR sessions are massive right now so it's a pain to open to have to then immediately reboot, grin. I've finally figured out that testing IPv4's presence before opening anything else works the same as finding out after a large Firefox session has been brought up. Testing is done with a simple disconnect then attempt to reconnect. It will fail at that second if it's going to be a problem. Tried purging and reinstalling ALL associated packages. That didn't help. Tried altering the /etc/wicd/wired-settings.conf configuration file since it was different between several instances of Bullseye installs. Still no change. Which brings up that it's initially functional *in my case*. It remains functional until the first time it's disconnected during those times that it's going to fail. Yes, I've tried searching for a remedy. Nothing has clicked to date. The rest of Andrei's email was over my comprehension ability just now. Wouldn't even know where to start. Just wanted to chime in to say that a second person is suddenly experiencing some form of this same thing. PS The "ip a" command that came up here in last couple days was perfectly timed. I'm able to see the IPv4 address appear and disappear when I connect and disconnect via wicd-curses. I'm a-suming that disappearing and reappearing in "ip a" output is IPv4's normal behavior... Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with birdseed *
Re: VPN ideas
On Wed, 9 Dec 2020 17:04:43 +0200 Andrei POPESCU wrote: > On Mi, 09 dec 20, 11:00:41, Joe wrote: > > > > I suppose it may depend on where you are. In the UK, public wifi > > normally uses no encryption, because there are no local staff who can > > help with problems. So any unencrypted protocol you use can be > > overheard. > > It doesn't matter much whether the public WiFi is using encryption or > not. > > Any unencrypted communication over the internet is vulnerable. Period. > > Even if some segments[1] are somewhat protected, the segment between the > router/firewall/VPN exit point and the server on the internet is still > completely vulnerable. > > It's probably a good idea to always assume your system is connected > directly to the internet. If you really need to run (vulnerable) > listening services on it configure them to be stopped and/or firewalled > whenever outside your home/company network. > > [1] in this case the segment between the laptop and the AP via WPA, or > the segments between the laptop and the VPN exit point. It's certainly true that "any unencrypted communication over the internet is vulnerable," but security is not black and white. Say we're talking about some sort of 0-day MITM vulnerability. Yes, you'll never be entirely safe insofar as you don't control the entire network path, but I might be (marginally?) more worried about random people having access to my network traffic via an unencrypted wireless connection than about the proprietor of that wireless network or the staff at my ISP. Unless my threat model includes state actors, in which case compromising my ISP might actually be easier and more straightforward for them ;) But of course, they could also just use the $5 wrench ... Celejar
Re: VPN ideas
On Wed, 9 Dec 2020 12:03:33 +0200 Andrei POPESCU wrote: > On Ma, 08 dec 20, 17:37:43, Celejar wrote: > > On Tue, 8 Dec 2020 17:00:44 -0500 > > Roberto C. Sánchez wrote: > > > > > On Tue, Dec 08, 2020 at 02:48:26PM -0500, Celejar wrote: > > > > On Tue, 8 Dec 2020 11:44:36 +0200 > > > > Andrei POPESCU wrote: > > > > > > > > ... > > > > > > > > >Unless you have access to a system on the internet to set up your > > > > > own > > > > >VPN server you have to rely on (paid) VPN providers. > > > > > > > > There are free ones as well, e.g.: > > > > > > > > https://www.techradar.com/vpn/best-free-vpn > > > > > > > > I don't know how good they are - but then, again, I don't know how good > > > > all the paid ones are, as well ;) > > > > > > > If something is free, you aren't the customer, you are the product. > > I'd have a reasonable degree of trust in ProtonVPN. > > > A fair point, but an overstatement insofar as you're implying that one > > *cannot rely* upon a free VPN service. Many people are willing to rely > > upon free services for at least some of their online activity. After > > all, Andrei himself is using Gmail (as am I). > > I'm using Gmail to post to public mailing lists or similar. All private > correspondence currently goes to a ProtonMail account. Of course. My point just was that most people are willing to put up with "being the product" when they consider the cost of "being the product" to be low ;) As to ProtonMail, as we've discussed in the past, I'm sort of tempted, but I'm not willing to give up standards based email, nor am I that interested in running their proprietary (albeit apparently GPL?) bridge application. > I still have my contacts on Gmail, because of the convenient integration > with Android, though I'd like to migrate those away as well at some > point. At this point, I pretty much use Gmail only for public list traffic (although my other email accounts are also with (other) free services). I keep thinging I really should go with either one of the inexpensive, dedicated email providers (like Newsguy that John Hasler often recommends) or a self-hosting solution (but I'm scared of the apparently enormous hassle necessary to ensure reliable delivery, etc.). Celejar
Re: Where to report: root fails to edit other users file in sticky bit directory
Your right /tmp is not a tmpfs by default on Debian. I though it was, maybe being too much used to it as this is configured by default on our images. /dev/shm or /run would work better then, although /run IMO is more aimed for non-temporary files, relevant through the whole runtime of the related process or system, while /tmp is more aimed for short-term temporary files. However it was/is not my choice to use /tmp in the particular case and out of my control. Background, if interested: --- In my particular case where I ran into the issue, it is a 3rd party software that chooses to store information to /tmp/ via sub process which is then read by originating process. Indeed the circumstance is a bid special, the solution is even commented as an "ugly" one within the code, but no better method had been found until now. The software collects information about the Python environment by doing a dummy module install (that is aimed to fail). The dummy modules installer collects info about where it was installed to (venv/user-level/system-level, ...) and writes that to /tmp/ to be read by the originating Python script. It has an internal updater which invokes pip the "correct" way based on the /tmp/ content (e.g. --user flag or not). I want the software to run as system service with an own limited user, but aim to have it installed as global/system Python module to /usr/local/lib|bin instead of in --user mode into its own UNIX user home directory, or as vnev, to prevent doubled Python module installs (target is small embedded systems with potentially limited disk space), easier access/maintenance for the real (login) user and clear separation between data/config and the Python modules. To retain the functionality of the internal updater, it requires specifically limited "sudo pip install " permissions to self-upgrade and do it's Python environment collection dummy install that is out of my control. The problem is now that it pre-creates /tmp/ as its limited service user but since pip is called via sudo, the dummy installer then tries and fails to write to that file as root user. --- I am actually sort of Linux distributor, more precisely developing Debian-based images mostly for ARM SBCs together with a tool set to easily install and configure system a bunch of software titles. See the domain of my mail address. If I was a system administrator only, of course, why should I feel forced to follow any standard, but as a software developer I clearly disagree with you! The FHS is exactly what software developers should then be able to count on and respect themselves (to allow others count on it), which directories are present and used in the same (at least similar) way by the distributions own software packages as well as most 3rd party software installers. Without FHS one would quickly have all sorts of files messed across a bunch of different directory structures and sub structures, making it impossible for admins to follow any logic to find certain types of files, like software and system configuration files, variable data, temporary files etc, also to know where files are expected to survive a reboot and where not (potentially tmpfs) etc. Without FHS (or any other standard across Linux/UNIX systems) we had a mess, so FHS is no "crap" but very valuable and important, IMO. But that is a discussion that has nothing to do with the originating issue, which has been identified thanks to your help! :) It's now a bid others and whether the default has actually been changed intentionally, and if so more like "why not" or if there have been actual concerns, serious enough to change a default, which implies different and probably unexpected behaviour. And if so, if there is a plan to have this documented a bid wider. Best regards and stay healthy, Micha
Re: Loadbearing services
On Wed, Dec 09, 2020 at 10:30:52AM -0500, Stefan Monnier wrote: > > This reminds me of an article from ESR. > > He pointed out that there are essential pieces we use everyday > > without any afterthought or payment. There are people who maintain > > software or services for free on their own time we could not > > live without. NTP comes to mind. I thing gnupg is basically maintained > > by one person. > > Indeed. Part of the distinction is one of resources: NTP does not > require much resources, so it costs very little to maintain an > NTP server even if used by a fairly large number of clients. > > In contrast, maintaining a VPN service used by a large number of clients > can be costly because of the needs to encrypt/decrypt or because of the > amount of bandwidth it uses. > > If it's cheap enough, you'll probably be able to find people willing to > offer the service just because it makes them feel good. But past > a certain monetary cost it's going to be hard to find such people and > you'll instead have to start figuring out how to actually pay for it, > either by selling the service or by selling its clients or a mix of > the two. > [...] I think you are missing the point. Sure these services are cheap. Still some of them are essential, and there is only one person caring for it. Raymond pointed out one case where this one person was already retired. He was one of these old unix geeks and being old dealing with some (severe) health issues. I forgot already what exactly he was maintaining (see I also totally block this out), but just imagine what happens when this one person maintaining an essential piece dies or gets a stroke. There are no classifieds for "time zone changes management" apprenticeships. You might be right that it doesn't need much resources but there is a lower limit and that might be "the last person" willing to do this. -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: Where to report: root fails to edit other users file in sticky bit directory
On Mi, 09 dec 20, 16:46:17, MichaIng wrote: > Please note that it by default appears on Bullseye only. See that last mails > regarding this issue, the related changed sysfs setting has identified > already do: > --- > sysctl fs.protected_regular=2 > --- > and retry the steps, which will then fail. > --- > sysctl fs.protected_regular=0 > --- > to revert to default until up to Buster. From Bullseye on that defaults to > "2" which prevents any user from write + "O_CREAT" to a file within a > world-writeable + sticky bit directory (1777) that is owned by another user. Saw that later. Sorry list, should have read the entire thread before sending my message. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Where to report: root fails to edit other users file in sticky bit directory
Please note that it by default appears on Bullseye only. See that last mails regarding this issue, the related changed sysfs setting has identified already do: --- sysctl fs.protected_regular=2 --- and retry the steps, which will then fail. --- sysctl fs.protected_regular=0 --- to revert to default until up to Buster. From Bullseye on that defaults to "2" which prevents any user from write + "O_CREAT" to a file within a world-writeable + sticky bit directory (1777) that is owned by another user. Best regards, Micha
Re: Ipv6, but no Ipv4 after reboot
On Mi, 09 dec 20, 15:54:53, Dominique Dumont wrote: > Hi > > I've run in a weird problem. After a reboot, only Ipv6 address is setup on my > wired network card. Did something change or has it "always" been like this? What about other systems on the same network (if any). > The workaround is fairly simple: disconnect and reconnect with network > manager. Note that Ipv4 is brought up after suspend/resume > > Still, this is cumbersome. I've found no obvious problems in the logs. How / where did you check? What is the difference in the logs between reboot and disconnect / reconnect? In case it helps, 'journalctl --unit NetworkManager.service' will filter entries (need to be root or member of 'adm' or 'systemd-journald'). > Where should I look to investigate this problem ? Is this with DHCP or static IP? If DHCP, can you tell us more about the DHCP server (device, software, etc.)? It might be useful to check the status / logs / etc. there if you have access. Does it still happen if you switch to a static config? Hope this helps, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Loadbearing services
> This reminds me of an article from ESR. > He pointed out that there are essential pieces we use everyday > without any afterthought or payment. There are people who maintain > software or services for free on their own time we could not > live without. NTP comes to mind. I thing gnupg is basically maintained > by one person. Indeed. Part of the distinction is one of resources: NTP does not require much resources, so it costs very little to maintain an NTP server even if used by a fairly large number of clients. In contrast, maintaining a VPN service used by a large number of clients can be costly because of the needs to encrypt/decrypt or because of the amount of bandwidth it uses. If it's cheap enough, you'll probably be able to find people willing to offer the service just because it makes them feel good. But past a certain monetary cost it's going to be hard to find such people and you'll instead have to start figuring out how to actually pay for it, either by selling the service or by selling its clients or a mix of the two. And then there are those services which are offered for free as a form of advertisement, because serious users of the service are willing to pay for it and hence subsidize the non-paying users. This is the case of most gratis dynamic-dns services, for example. This always risks sliding into selling the clients, of course. Stefan
Re: Ipv6, but no Ipv4 after reboot
On Wed 09 Dec 2020 at 15:54:53 (+0100), Dominique Dumont wrote: > > I've run in a weird problem. After a reboot, only Ipv6 address is setup on my > wired network card. > > The workaround is fairly simple: disconnect and reconnect with network > manager. Note that Ipv4 is brought up after suspend/resume > > Still, this is cumbersome. I've found no obvious problems in the logs. > > Where should I look to investigate this problem ? Perhaps you could check the clock comes up at the right time at boot, and also grep -i dhin the logs to see whether DHCP is ok. Cheers, David.
Re: Can't print to CUPS printer on my server
On Wed 09 Dec 2020 at 10:04:14 -0500, Gary Dale wrote: > On 2020-12-08 13:29, Brian wrote: > > > >avahi-browse -art > log1 > > -bash: avahi-browse: command not found - for both regular user and root > > > on the server and post log here as an attachment. avahi-browse is in the > > avahi-utils package. How about installing avahi-utils? :) -- Brian.
Re: running microsoft team on debian 10.3
On Mi, 09 dec 20, 14:10:54, Eric S Fraga wrote: > On Wednesday, 9 Dec 2020 at 07:57, Carl Fink wrote: > > They say that "window" sharing is not available. "Screen" sharing is. > > That is, you can't share a specific application, but you can share your > > entire screen. > > Exactly. And very frustrating it is when your choice of screens is a > wide 38" or a 27" in portrait mode... Why they cannot support window > sharing is beyond me. > > Zoom has the same limitation on Linux but at least zoom allows the other > participants to zoom (no pun intended) into the view presented by the > application. In case it helps someone, zooming by the viewer in Teams should work on mobile devices (tested on company iPad), no ideea about the desktop or web app. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Ipv6, but no Ipv4 after reboot
On 12/9/20 4:54 PM, Dominique Dumont wrote: > Hi > > I've run in a weird problem. After a reboot, only Ipv6 address is setup on my > wired network card. > > The workaround is fairly simple: disconnect and reconnect with network > manager. Note that Ipv4 is brought up after suspend/resume > > Still, this is cumbersome. I've found no obvious problems in the logs. > > Where should I look to investigate this problem ? > Hi, try to edit the connection parameters in network manager and check the following checkbox "IPv4 is required for this connection" on "IPv4" tab. Kind regards Georgi
Re: VPN ideas
On Mi, 09 dec 20, 11:00:41, Joe wrote: > > I suppose it may depend on where you are. In the UK, public wifi > normally uses no encryption, because there are no local staff who can > help with problems. So any unencrypted protocol you use can be > overheard. It doesn't matter much whether the public WiFi is using encryption or not. Any unencrypted communication over the internet is vulnerable. Period. Even if some segments[1] are somewhat protected, the segment between the router/firewall/VPN exit point and the server on the internet is still completely vulnerable. It's probably a good idea to always assume your system is connected directly to the internet. If you really need to run (vulnerable) listening services on it configure them to be stopped and/or firewalled whenever outside your home/company network. [1] in this case the segment between the laptop and the AP via WPA, or the segments between the laptop and the VPN exit point. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Wed, Dec 09, 2020 at 11:00:41AM +, Joe wrote: > On Wed, 9 Dec 2020 12:49:44 +0200 > Andrei POPESCU wrote: > > > On Mi, 09 dec 20, 10:21:46, Joe wrote: > > > On Wed, 9 Dec 2020 11:49:45 +0200 > > > Andrei POPESCU wrote: > > > > > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > [...] > > > > Let me rephrase that: how is connecting to the internet from some > > public hot-spot decreasing my security? > > > > I can think of possibly messing with DNS queries (use "own" DNS > > server instead, maybe with DNSSEC) and possible some attacks are > > easier via the local network (e.g. by other hot-spot users or local > > staff). > > > > Other that that, as far as I'm aware, the biggest threat are the > > servers I access with my client software (typically web sites > > accessed with a browser), in which case it doesn't make any > > difference whether I access them via some VPN and/or (home) firewall. > > > > (Assuming one doesn't run NFS, Samba, etc. *listening* software on > > the laptop in which case stopping those and/or running a firewall > > would be indicated.) > > > > I suppose it may depend on where you are. In the UK, public wifi > normally uses no encryption, because there are no local staff who can > help with problems. So any unencrypted protocol you use can be > overheard. > So let me be devils advocat here. Is the network connection from your ISP encrypted? I guess not. So why is it more secure or trustworthy? -H -- Henning Follmann | hfollm...@itcfollmann.com
Loadbearing services
On Wed, Dec 09, 2020 at 09:46:07AM +0100, to...@tuxteam.de wrote: > On Tue, Dec 08, 2020 at 05:00:44PM -0500, Roberto C. Sánchez wrote: > > [...] > > > If something is free, you aren't the customer, you are the product. > > All generalizations suck. > This reminds me of an article from ESR. He pointed out that there are essential pieces we use everyday without any afterthought or payment. There are people who maintain software or services for free on their own time we could not live without. NTP comes to mind. I thing gnupg is basically maintained by one person. But in general I agree with the statement: "if you are not paying, you are the product". -H -- Henning Follmann | hfollm...@itcfollmann.com
Ipv6, but no Ipv4 after reboot
Hi I've run in a weird problem. After a reboot, only Ipv6 address is setup on my wired network card. The workaround is fairly simple: disconnect and reconnect with network manager. Note that Ipv4 is brought up after suspend/resume Still, this is cumbersome. I've found no obvious problems in the logs. Where should I look to investigate this problem ? All the best Dod
Re: VPN ideas
> I suppose it may depend on where you are. In the UK, public wifi > normally uses no encryption, because there are no local staff who can > help with problems. So any unencrypted protocol you use can be > overheard. Around here we have a mix: - for small businesses (like coffeehouses or family-owned businesses), it's typically WPA-PSK with the password displayed somewhere like at the bottom of the menu, on the bathroom door, you name it (and/or given upon request). - for more "corporate" environments, it's typically an open wifi with a "portal" where they get to show some advertisement and collect email addresses. Supposedly with WPA other machines connected to the same wifi can't see your traffic, but often enough the AP is likely easy to hack into, so it's safer to assume that your network packets are easy for someone to see. Nevertheless, I largely agree with Andrei that this is but a small part of the potential attacks. Stefan
Re: VPN ideas
On Wed, Dec 09, 2020 at 09:46:07AM +0100, to...@tuxteam.de wrote: > On Tue, Dec 08, 2020 at 05:00:44PM -0500, Roberto C. Sánchez wrote: > > [...] > > > If something is free, you aren't the customer, you are the product. > > All generalizations suck. > chuckle, that was a good one. :) -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: running microsoft team on debian 10.3
On Wednesday, 9 Dec 2020 at 07:57, Carl Fink wrote: > They say that "window" sharing is not available. "Screen" sharing is. > That is, you can't share a specific application, but you can share your > entire screen. Exactly. And very frustrating it is when your choice of screens is a wide 38" or a 27" in portrait mode... Why they cannot support window sharing is beyond me. Zoom has the same limitation on Linux but at least zoom allows the other participants to zoom (no pun intended) into the view presented by the application. -- Eric S Fraga via Emacs 28.0.50 & org 9.4 on Debian bullseye/sid
Re: running microsoft team on debian 10.3
Hello everybody out there! On 2020/12/09 at 1:57 pm, Carl Fink wrote: > You have to know the vocabulary. > > They say that "window" sharing is not available. "Screen" sharing is. > That is, you can't share a specific application, but you can share your > entire screen. Regardless of the vocabulary, I have hit several times the screen sharing button, nothing ever happened. Now, to be honest, this is one of the annoying thing about Microsoft Teams, it is the kind of application that make you waste time rather than saving time. Best regards. -- Yoann LE BARS https://le-bars.net/yoann/ Diaspora* : yleb...@framasphere.org
Re: running microsoft team on debian 10.3
On Wed, 2020-12-09 at 13:51 +0100, Yoann LE BARS wrote: > > Hello everybody out there! > > On 2020/12/09 at 12:54 pm, Carl Fink wrote: > > This has not been my experience. I can share my screen just fine > > using > > the Teams client. > > According to Microsoft, this option is not available on Linux > client > ( > https://support.microsoft.com/en-us/office/share-content-in-a-meeting-in-teams-fcc2bf59-aecd-4481-8f99-ce55dd836ce8?ui=en-us=en-us=us > ). > I do not know how you managed to share your screen. You have to know the vocabulary. They say that "window" sharing is not available. "Screen" sharing is. That is, you can't share a specific application, but you can share your entire screen. -- Carl Fink c...@finknetwork.comhttps://reasonablyliterate.com If you want to make a point, somebody will take the point and stab you with it.-Kenne Estes
Re: running microsoft team on debian 10.3
Hello everybody out there! On 2020/12/09 at 12:54 pm, Carl Fink wrote: > This has not been my experience. I can share my screen just fine using > the Teams client. According to Microsoft, this option is not available on Linux client (https://support.microsoft.com/en-us/office/share-content-in-a-meeting-in-teams-fcc2bf59-aecd-4481-8f99-ce55dd836ce8?ui=en-us=en-us=us). I do not know how you managed to share your screen. Best regards. -- Yoann LE BARS https://le-bars.net/yoann/ Diaspora* : yleb...@framasphere.org
Re: running microsoft team on debian 10.3
On Tue, Dec 08, 2020 at 07:37:12PM -0800, Dan Hitt wrote: > Does anybody have any experience using Microsoft Team on debian, and is > there anything i need to be cautious about (of course apart from running > software from a giant software company)? I've used it several times, but never using Microsoft's package. I just use the in-browser version under Google Chrome.
Re: running microsoft team on debian 10.3
On Wed, 2020-12-09 at 05:21 +0100, Yoann LE BARS wrote: > Microsoft Teams do runs on Linux, except for screen > sharing—you will > not be able to share your screen, even using the web application. > Except > for that, you will not have more troubles than other users, but I > have > seen people using Microsoft Windows and macOS having trouble to > connect > with Microsoft Teams … This has not been my experience. I can share my screen just fine using the Teams client. I cannot, however, share system audio, and the microphone, while it will work initially, will stop working if you adjust the volume through Teams (as opposed to using the Cinnamon volume applet). What everyone said: it works, but it will look and act differently from all other apps and you just have to adapt to Microsoft's off-kilter design to use it. As Eric S. Fraga said, turn off most or all notifications. I have a company cell phone, so I installed the Teams app on that, and use the phone for all my audio and notifications, just using the Linux app to display shared video. FWIW, my Logitech webcam works fine with Teams. -- Carl Fink c...@finknetwork.comhttps://reasonablyliterate.com If you want to make a point, somebody will take the point and stab you with it.-Kenne Estes
Re: fsck amb raid1 + lvm
Hola Narcis > C) La controladora de placa o del mateix disc o la memòria RAM > produeix corrupció de dades al desar-les. Això em recorda que, a la feina, al principi de tenir servidors linux compràvem controladores RAID amb discos SAS per tenir un millor rendiment. La nostra experiència amb diverses marces i models de controladores va ser molt negativa i finalment vam decidir apostar per mdadm, que a més a més ens permetia moure els discos d'un servidor a un altre sense cap tipus de problema tot conservant el RAID, ampliar la mida del RAID en calent, etc. Salut, Alex -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Alex Muntada ⢿⡄⠘⠷⠚⠋ Debian Developer log.alexm.org ⠈⠳⣄ signature.asc Description: PGP signature
Re: SanDisk USB stick problem
On Wed, Dec 09, 2020 at 10:16:46AM +0100, Thomas Schmitt wrote: > Hi, > > Stefan Monnier wrote: > > > > If you never complain those products broken-by-design, the > > > > companies will keep bringing them to the market. > > deloptes wrote: > > > Your idea is not bad but only in theory of a dreamer. > > to...@tuxteam.de wrote: > > Your life would be miserable weren't it for many such "dreamers". > > The problem i see is that the companies which issue questionable > equipment obviously are not paying attention to problems and features > of what they sell. Definitely: everyone should pick her/his fights. I was just expressing my (strong) disagreement with such a generalised statement, which doesn't pay respect to those who sometimes choose the difficult path, to the benefit of us all. Cheers - t signature.asc Description: Digital signature
Re: VPN ideas
On Wed, 9 Dec 2020 12:49:44 +0200 Andrei POPESCU wrote: > On Mi, 09 dec 20, 10:21:46, Joe wrote: > > On Wed, 9 Dec 2020 11:49:45 +0200 > > Andrei POPESCU wrote: > > > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > > > This application is also useful with a home VPN server, if > > > > you're not trying to hide anything, but just want to use the Net > > > > reasonably safely from an unsafe location e.g. Internet cafe. > > > > You can tailor a set of firewall rules to allow nothing in or > > > > out except DNS, DHCP and HTTP (normally a local web login is > > > > required), not forgetting the tunnelling protocol port out. A > > > > VPN client will normally have a switch to route everything > > > > through the tunnel to achieve this. > > > > > > Sorry, I must be dense. How is this improving safety compared to > > > accessing the internet from my home network? > > > > > It isn't. It's improving safety compared to surfing the web from > > public wifi or other untrusted network. It then uses your home > > Internet connection for surfing the web, etc., which should be > > safer. > > Let me rephrase that: how is connecting to the internet from some > public hot-spot decreasing my security? > > I can think of possibly messing with DNS queries (use "own" DNS > server instead, maybe with DNSSEC) and possible some attacks are > easier via the local network (e.g. by other hot-spot users or local > staff). > > Other that that, as far as I'm aware, the biggest threat are the > servers I access with my client software (typically web sites > accessed with a browser), in which case it doesn't make any > difference whether I access them via some VPN and/or (home) firewall. > > (Assuming one doesn't run NFS, Samba, etc. *listening* software on > the laptop in which case stopping those and/or running a firewall > would be indicated.) > I suppose it may depend on where you are. In the UK, public wifi normally uses no encryption, because there are no local staff who can help with problems. So any unencrypted protocol you use can be overheard. -- Joe
Re: fsck amb raid1 + lvm
M'hi he trobat diverses vegades, i aquestes han pogut ser les causes en els meus casos: A) El revisador fsck corregeix importants errades, i potser rescata fitxers o inodes que també tenen els seus problemes. A la següent revisió fsck corregeix errades de les coses que han aflorat abans. B) Alguna errada de configuració o de programari segueix donant problemes, i subsegüents revisions els tornen a trobar i corregir. C) La controladora de placa o del mateix disc o la memòria RAM produeix corrupció de dades al desar-les. Amb la qual cosa fsck troba noves incoherències al sistema de fitxers. Això podria implicar que també es desin continguts erronis als fitxers, que fsck no corregiria. Narcis Garcia __ I'm using this dedicated address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors. El 8/12/20 a les 11:54, Lluís Gras ha escrit: > Bones, > > Aquest matí m'he trobat el servidoret de casa "gripat", ahir se'n va > anar el corrent i aparentment quan va tornar a arrencar va tirar de > journal i corregir errors en inodes i aquests coses màgiques que fa el fsck. > > El cas és que he reiniciat l'equip i m'he trobat el prompt (initramfs), > he fet un fsck -p /dev/mapper/gv00-arrel i aparentment s'han corregit > els errors, torno a engegar i ara el sistema arrenca però en mode ro, > més fsck més comprovacions amb smartctl (sense errors, 18076 hores de > funcionament) i més reinicis fins que quan ja en començava a estar fins > al capdamunt i després de l'enèssim fsck + reinici, la maquineta ha > arrencat sense donar errors. > > I la pregunta ??? ... doncs la pregunta és si algú s'hi ha trobat i > perquè el fsck em diu que ja ha corregit tots els errors i quan torna a > arrencar en torna a trobar en inodes diferents, etc ... >
Re: VPN ideas
On Mi, 09 dec 20, 10:21:46, Joe wrote: > On Wed, 9 Dec 2020 11:49:45 +0200 > Andrei POPESCU wrote: > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > This application is also useful with a home VPN server, if you're > > > not trying to hide anything, but just want to use the Net > > > reasonably safely from an unsafe location e.g. Internet cafe. You > > > can tailor a set of firewall rules to allow nothing in or out > > > except DNS, DHCP and HTTP (normally a local web login is required), > > > not forgetting the tunnelling protocol port out. A VPN client will > > > normally have a switch to route everything through the tunnel to > > > achieve this. > > > > Sorry, I must be dense. How is this improving safety compared to > > accessing the internet from my home network? > > > It isn't. It's improving safety compared to surfing the web from public > wifi or other untrusted network. It then uses your home Internet > connection for surfing the web, etc., which should be safer. Let me rephrase that: how is connecting to the internet from some public hot-spot decreasing my security? I can think of possibly messing with DNS queries (use "own" DNS server instead, maybe with DNSSEC) and possible some attacks are easier via the local network (e.g. by other hot-spot users or local staff). Other that that, as far as I'm aware, the biggest threat are the servers I access with my client software (typically web sites accessed with a browser), in which case it doesn't make any difference whether I access them via some VPN and/or (home) firewall. (Assuming one doesn't run NFS, Samba, etc. *listening* software on the laptop in which case stopping those and/or running a firewall would be indicated.) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: running microsoft team on debian 10.3
On Ma, 08 dec 20, 19:37:12, Dan Hitt wrote: > One of the local government agencies that i would like to interact with > communicates using Microsoft Team. The software actually has a debian > package, which i have downloaded, but not installed yet. Teams also has a web interface (teams.microsoft.com) that I would expect should work on at least Firefox. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: SanDisk USB stick problem
On Ma, 08 dec 20, 20:39:35, David Christensen wrote: > > If you want to use the drive for some other purpose, such as burning a > Debian Installer ISO image onto it, do not mount the drive using the > desktop. (You may have to disable the desktop automounting feature). > Instead, open a terminal and use sudo(8) or su(1) to work with the drive. Or just eject / unmount / safe remove / etc. it before "burning" the image file to it. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Wed, 9 Dec 2020 11:49:45 +0200 Andrei POPESCU wrote: > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > This application is also useful with a home VPN server, if you're > > not trying to hide anything, but just want to use the Net > > reasonably safely from an unsafe location e.g. Internet cafe. You > > can tailor a set of firewall rules to allow nothing in or out > > except DNS, DHCP and HTTP (normally a local web login is required), > > not forgetting the tunnelling protocol port out. A VPN client will > > normally have a switch to route everything through the tunnel to > > achieve this. > > Sorry, I must be dense. How is this improving safety compared to > accessing the internet from my home network? > > It isn't. It's improving safety compared to surfing the web from public wifi or other untrusted network. It then uses your home Internet connection for surfing the web, etc., which should be safer. Only local DHCP, DNS and HTTP must be allowed to the local network initially, and once the VPN is up, even these are routed through the encrypted tunnel. -- Joe
Re: Proprietary drivers management
On Mi, 09 dec 20, 12:08:11, Victor Sudakov wrote: > Georgi Naplatanov wrote: > > > > drivers can be: > > > > - kernel space only - Network Interface Card (NIC) for example, USB, > > SATA controllers, etc. > > They come in the form of *.ko files under /lib/modules/`uname > -r`/kernel/drivers/, > correct? Yes, unless they are already built-in. The Linux kernel allows both methods for most of the drivers. Debian (and most distro) kernels are typically compiled with most drivers as modules, because then you can have one kernel working with lots of hardware. > Are there .deb packages (other than linux-image-*.deb itself ) which > install kernel drivers? The -dkms packages are for drivers that can't be included in upstream Linux and must be compiled on the user's system (typically due to incompatible licenses, like the ZFS modules (free, but incompatible license) and Nvidia (non-free). Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Ma, 08 dec 20, 17:37:43, Celejar wrote: > On Tue, 8 Dec 2020 17:00:44 -0500 > Roberto C. Sánchez wrote: > > > On Tue, Dec 08, 2020 at 02:48:26PM -0500, Celejar wrote: > > > On Tue, 8 Dec 2020 11:44:36 +0200 > > > Andrei POPESCU wrote: > > > > > > ... > > > > > > >Unless you have access to a system on the internet to set up your > > > > own > > > >VPN server you have to rely on (paid) VPN providers. > > > > > > There are free ones as well, e.g.: > > > > > > https://www.techradar.com/vpn/best-free-vpn > > > > > > I don't know how good they are - but then, again, I don't know how good > > > all the paid ones are, as well ;) > > > > > If something is free, you aren't the customer, you are the product. I'd have a reasonable degree of trust in ProtonVPN. > A fair point, but an overstatement insofar as you're implying that one > *cannot rely* upon a free VPN service. Many people are willing to rely > upon free services for at least some of their online activity. After > all, Andrei himself is using Gmail (as am I). I'm using Gmail to post to public mailing lists or similar. All private correspondence currently goes to a ProtonMail account. I still have my contacts on Gmail, because of the convenient integration with Android, though I'd like to migrate those away as well at some point. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Ma, 08 dec 20, 12:27:40, Joe wrote: > > This application is also useful with a home VPN server, if you're not > trying to hide anything, but just want to use the Net reasonably safely > from an unsafe location e.g. Internet cafe. You can tailor a set of > firewall rules to allow nothing in or out except DNS, DHCP and HTTP > (normally a local web login is required), not forgetting the tunnelling > protocol port out. A VPN client will normally have a switch to route > everything through the tunnel to achieve this. Sorry, I must be dense. How is this improving safety compared to accessing the internet from my home network? Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Where to report: root fails to edit other users file in sticky bit directory
On Ma, 08 dec 20, 15:57:17, MichaIng wrote: > > root@VM-Bullseye:/tmp# cd /root > root@VM-Bullseye:~# mkdir testdir > root@VM-Bullseye:~# chmod 1777 testdir > root@VM-Bullseye:~# > testdir/testfile > root@VM-Bullseye:~# chown www-data testdir/testfile > root@VM-Bullseye:~# > testdir/testfile > -bash: testdir/testfile: Permission denied > --- Works for me on buster with linux-image-5.9.0-4-arm64 (5.9.11-1) running on PINE A64+, logged in as root via ssh. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: fsck amb raid1 + lvm
Hola Lluís > la pregunta és si algú s'hi ha trobat i perquè el fsck em diu > que ja ha corregit tots els errors i quan torna a arrencar en > torna a trobar en inodes diferents, etc ... Jo no m'he trobat mai en la situació que comentes, tot i haver gestionat durant una pila d'anys força servidors amb mdadm en RAID1 i amb LVM per als volums. En aquests anys vam tenir una pila de discos avariats i alguns talls de corrent que el SAI no va poder gestionar, però no recordo un escenari com el que tu descrius. Pensant-hi una mica se m'acut que potser la diferència en el teu cas sigui si el RAID1 el gestiona lvmraid enlloc de mdadm? No tinc experiència amb lvmraid, així que no et puc dir si els trets van per aquí però és l'única diferència que se m'acut que podria haver-hi entre la teva experiència i la meva. Salut i records! Alex -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Alex Muntada ⢿⡄⠘⠷⠚⠋ Debian Developer log.alexm.org ⠈⠳⣄ signature.asc Description: PGP signature
Re: Where to report: root fails to edit other users file in sticky bit directory
On Ma, 08 dec 20, 16:45:08, MichaIng wrote: > > Jep, based on the way the list mail address was shown on the Debian bug > report page, I was actually hoping to reach official maintainers, but this > seems to be more an end-user support list? Yes, this is an end-user support list. The idea is that you can get help in determining the correct (or at least close enough) package to file a bug against (which is reaching the package Maintainer(s) and all other persons interested in that package). In any case, if you do end up filling a bug please use 'reportbug'. If you will be filling a bug against the kernel make sure you are booted with the same kernel in order to enable 'reportbug' to collect information about it and your system. Bugs should also be reported only from pristine Debian environments (including the kernel) and preferably from bare metal systems (unless the bug is related to running in a VM, of course). Hope this explains, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: SanDisk USB stick problem
Fred writes: >> If you never complain those products broken-by-design, the >> companies will keep bringing them to the market. >> Stefan >> > I agree but taking something that doesn't work back to Walmart or > other large company won't inform the manufacturer about the problem. > Walmart is going to throw it in the trash. May be or may be not. We can't say. But every deviation from the normal process is a big hassle for everyone in the supplychain. Imagine driving in the wrong direction. Everyone feels the pain.
Re: SanDisk USB stick problem
Hi, Stefan Monnier wrote: > > > If you never complain those products broken-by-design, the > > > companies will keep bringing them to the market. deloptes wrote: > > Your idea is not bad but only in theory of a dreamer. to...@tuxteam.de wrote: > Your life would be miserable weren't it for many such "dreamers". The problem i see is that the companies which issue questionable equipment obviously are not paying attention to problems and features of what they sell. Look at the example of my 4 TB Western Digital Gold hard disk with its Preemptive Wear Leveling click every 4 seconds. It is a feature, it is indirectly advertised, and still the seller takes such a disk back and hands out a new one with the same behavior. They simply are ignorant to any problem description which accompanies a sent-back drive. I did not try whether they would do a second swap. My solution was to get a noise dampened 5.25 inch enclosure for the 3.5 inch disk and to put it into a slot which i actually planned to keep clear for better access to the lower of the two optical drives. (I did not dare to put the HDD in a sandwich of two burners. Now at least its bottom is in the flow of cool air.) Have a nice day :) Thomas
Re: running microsoft team on debian 10.3
I use it (have to for work) on Debian testing. Works generally okay. The main problem is that it does not play well with the window manager or desktop environment. For instance, it re-invents the wheel when it comes to notifications which causes some annoyance as notifications steal the focus. And don't get me started with the chat feature... Best is to turn off most notifications. I also did have to turn off gpu acceleration in teams as it consistently crashed my video but that was potentially an issue with the nouveau driver. -- Eric S Fraga via Emacs 28.0.50 & org 9.4 on Debian bullseye/sid
Re: SanDisk USB stick problem
On Tue, Dec 08, 2020 at 11:13:38PM +0100, deloptes wrote: > Stefan Monnier wrote: > > > If you never complain those products broken-by-design, the > > companies will keep bringing them to the market. > > > > Your idea is not bad but only in theory of a dreamer. Your life would be miserable weren't it for many such "dreamers". Mine too. That's why I give them due respect and do my best to "dream" a little from time to time. In the hope to make your, my, and other people's lives a tad better. Dream on! Cheers - t signature.asc Description: Digital signature
Re: VPN ideas
On Tue, Dec 08, 2020 at 05:00:44PM -0500, Roberto C. Sánchez wrote: [...] > If something is free, you aren't the customer, you are the product. All generalizations suck. Cheers - t signature.asc Description: Digital signature
Re: Replying. [was Re: AMD GPU Sea Islands Problem]
On Tue, 8 Dec 2020 20:37:37 -0500 Celejar wrote: Hello Celejar, >Under Preferences, I have a Compose tab, but no Writing one, and the Writing is under Compose; This is in Claws - Sylpheed may well differ. -- Regards _ / ) "The blindingly obvious is / _)radnever immediately apparent" We are the chosen Changed - Judgement Centre pgpsrcGePUURR.pgp Description: OpenPGP digital signature
Re: SanDisk USB stick problem
James H. H. Lampert wrote: > Hmm. When I put a new flash device into service, at the very least, I > wipe all bundled content from it, and may completely reformat it, > depending on my needs, just as a matter of course. I was buying recently many (about 10 SanDisk drives in the past 2-3y). All of them come the same with the EXE and doc files on top. Linux formatted or not they all work as designed and expected. The problem OP has, might be result of: 1. wrong expectation (disk is extfat can not change permissions) 2. wrong driver in use (because usb0 indicates may be usb1 device) 3. some other unrelated issue Knowing what people do (when they have the freedom like in linux) I'm not surprised to hear any kind of problems.