Re: xhost-command in Debian1

[Keith Bainbridge]

On 24/10/21 05:31, Charles Curley wrote:

alias su="su --whitelist-environment=DISPLAY,XAUTHORITY"



Doesn't that mean that when you type 'su' at a command prompt, the 
response will be running the command

--whitelist-environment=DISPLAY,XAUTHORITY
as root.

You won't be able to switch to root using   su  in future?

--
All the best

Keith Bainbridge

keithrbaugro...@gmail.com

mac-boot suggestion, where can I report?

[westlake]

hi debianers!

there a better source to report suggestions for mac builds? (intel x86)

i found out that the debian installer is able to boot in UEFI-mode if I 
replace the DOSMBR with a GPT header within the usb installer media.


I'm wondering who I can send this suggestion to, as there are mac users 
who are resorting to the more dangerous hybrid dosmbr+GPT configuration.


By being able to boot the installer in UEFI-mode(as opposed to CSM-MBR), 
here I can completely avoid having to use the problematic gptsync...


.. and would like the debian installer to be improved for macs.

there's a mac iso on the debian servers, but I am not sure how I can 
determine who is in charge of maintaining it.


I'm thinking I may have sent it to the wrong mailing list, and not sure 
where to look.


thanks

Held Back Packages on Debian Sid

[Ashish Kujur]

Hello everyone!
I switched to Sid from Stable last month and everything seems to be going 
great. I have setup Timeshift to take snapsnots once everyday, in case, any 
packages break.
I use GNU Octave 6.2 and it depends on older version of libhypre. There's a 
newer version of libhypre available from apt and it has been held back. If I 
try to upgrade libhypre using full-upgrade (which is not recommended, of 
course) or install it manually, apt tries to remove Octave. What are my options 
here? Should I be okay with packages getting held back? Also, will libhypre be 
upgrade when there's a newer version of GNU Octave available? In general, if 
some package x depends on a package y and there's a upgrade available for y, 
will both x and y be upgraded when there's an upgrade available for x?

Thanking You!

Best Regards,
Ashish Kujur.

Re: A .profile puzzle

[Gene Heskett]

On Saturday 23 October 2021 22:00:42 piorunz wrote:

> On 17/10/2021 17:18, Gene Heskett wrote:
> > The local electrical system, while better than Haiti's is getting to
> > be a nuisance with 5 second power failures about weekly, or is that
> > weakly? (...)
> > I made some mods to a 3d printer project in openscad last week,
> > printed it, but forgot to save it. So I lost it when the latest
> > failure rebooted that machine.
>
> With all due respect, you should know that UPS to power up one
> computer for an hour cost £150 on eBay, or even £70 if you can buy
> used and/or replace batteries yourself etc, as I did. Just buy that
> and begone will be all reboots due to flaky electric, forever.
>
Not forever, only as long aa the batteries last. And 95% of the ups's 
seriously overcharge their batteries just to burn them up in 2 or 3 
years. All to get an extra 10% runtime they can advertise.  Ask ma bell 
how long those racks of big, glass tanked lead acid batteries in the 
back room that power your local phone company, last.  Some of them are 
now more than 70 years old and still as good as new. The secret is the 
correct charge as measured by the SG of the acid in them. You cannot of 
course meaure a gell cell that way, the only thing you can do is quit 
charging them when you stop the charge and measure the tempurature 
sensitive volts, or in the case of a maintenance charger, reduce it over 
time until arriving at a voltage that results in a charge current below 
that which produces gas.

An experiment I did back in the 70's at a tv station with a 335 commings 
engine spinning a 150 kw alternator, which could run the transmitter at 
about 40% power since it was a twin klystron transmitter needing nearly 
300 kwh for full power. When I walked in the door in '69 the starter 
batteries were about 2 years old and about burned up since the 
maintenance charger was a 20 amp gas station type with a 50 ohm current 
limiter, no smarts at all. 3 months later they didn't have what it took 
when those 2 big 225 ah truck batteries were switched to 24 volts to 
start that cummings.  So I cut a P.O. and went to Norfolk and bought two 
new batteries. And put a 2200 ohm current limiter in circuit to replace 
the 50 which was litterally boiling the batteries. 2 weeks later they 
were still warm and gassing so I changed the resistor to 4.7k ohms. 
Another week and I'd put a 10k in. SG 2 weeks later was nearly 1.28, 
still too high, 3 or 4 months later the resistor had been raised to 47k, 
the charging current was then less than 5 milliamps, the SG was still a 
bit high at 1.27, but the gassing was close to stopped. 8 years later, 
when I headed on down the road to an office door that said Chief 
Engineer with my name on it, those two 8 yo batteries were still turning 
that cum-along 335 everything but wrong side out starting it for its 
weekly exercise 15 minute run. The start relays closed, the bendix 
slammed into the flywheel, the first cylinder to hit tdc fired and about 
a second later the governor hit 1800 rpm and throttled it. All in about 
1 short second, and the batteries were then 8 years old. That was in 
1977,  45 years ago, maybe they are still there, I haven't checked. 

While I was there, the alternator on my wagon failed and I got a 120 amp 
version off a wrecked ambulance and built my own voltage regulator, 
putting in 4 or 5 times the tempcomp that factory regulators give. Kept 
a 600 cranking amp battery at around 1.265 SG. No gassing, no water 
loss, started a 348 pumpjack in -30F weather like it was summertime. The 
wild tempcomp put that alternator wide open for around a minute after 
starting but the headlights were a little bright. W/O adding any water, 
that alternator, regulator and battery were moved to the next 3 wagons I 
bought while living there. So I think I know a bit about Lead acid 
batteries.

But the little cyberpower 650 I put on the rpi4 doesn't see a very much 
measurable load, so if the standby doesn't start, it dumps the power to 
the pi 2 minutes after I pull the plug, bummer & hard on the pi. Idiotic 
even. from upsc myups:

ups.delay.shutdown: 120
ups.delay.start: 0
ups.load: 8

8 watts to run the pi and its interfacing, and the 120 seconds to 
shutdown is not adjustable.

IMO I got took. OTOH it was only 40 bucks. shrug. The 20kw standby is up 
and running in about 4 seconds, so the 120 does cover it.

--< there is no space here Piotr, so your sig gets copied in the quote, 
put a space after the -- and your sig will, or should, disappear in 
replies from others to your posts.

> With kindest regards, Piotr.
>
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
> ⠈⠳⣄

Thank you Piotr.

Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis 

Re: A .profile puzzle

[piorunz]

On 17/10/2021 17:18, Gene Heskett wrote:

The local electrical system, while better than Haiti's is getting to be a
nuisance with 5 second power failures about weekly, or is that weakly?
(...)
I made some mods to a 3d printer project in openscad last week, printed
it, but forgot to save it. So I lost it when the latest failure rebooted
that machine.


With all due respect, you should know that UPS to power up one computer
for an hour cost £150 on eBay, or even £70 if you can buy used and/or
replace batteries yourself etc, as I did. Just buy that and begone will
be all reboots due to flaky electric, forever.

--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: A .profile puzzle

[mick crane]

On 2021-10-17 19:09, Greg Wooledge wrote:

On Sun, Oct 17, 2021 at 06:35:01PM +0200, deloptes wrote:

> 2. and another pesky thing is starting a konsole to do work, needs a
> $PATH modification that we used to put in ~.profile. But opening a
> terminal hasn't called a ". .profile" since about jessie.  So thats
> another PITA.
>
> So, what has replaced .profile as the function for such as that in recent
> releases?

AFAIK bash is not reading profile when you login, but not sure - it 
could be

also that it is not a login shell.
AFAIK you should open the terminal with "bash --login" to read the 
profile.

So try in the terminal "bash --login"

I have put in my .profile

alias bash='bash --login'

long time ago


OK, first thing first: that alias won't do *anything* useful.  If Gene
is talking about starting a terminal from his window manager or desktop
environment, that terminal is going to run $SHELL which is /bin/bash.
It will not look at his aliases, no matter where they're defined.  It's
just going to run bash.  Not "bash --login".

Now let's step back a bit.

When you run an instance of a shell, there are two ways you can do it.
You either run a "login shell", or a "non-login shell".

The purpose of a login shell is to be executed when you login.  That's
the original intent.  Back in the 70s and 80s, there was no such thing
as a "desktop".  There was just the shell.  You logged in by connecting
your terminal or your modem to the host system, and getting a textual
prompt.  After authentication, you were "logged in", and the system 
would

run your account's shell with a "-" character in front of it.  This is
the ancient way that your system said "this should be a login shell, 
not

a regular shell".

It looks like this:

unicorn:~$ ps -ft tty1
UID  PIDPPID  C STIME TTY  TIME CMD
root 699   1  0 Oct09 tty1 00:00:00 /bin/login -p --
greg 851 699  0 Oct09 tty1 00:00:00 -bash
greg 863 851  0 Oct09 tty1 00:00:00 /bin/sh 
/usr/bin/startx

[...]

See where it says "-bash"?  That's my login shell.

The purpose of having a "login shell" and a "regular shell" is because
you probably have some things that you need to do once per session,
when you login.  Like, setting up your environment variables.  Or
printing today's calendar, or today's message from the administration.
All of those things are unnecessary in a regular shell.  The 
environment
is already set up, and you've already seen today's calendar or 
whatever.


Any other time you started a shell, it would not have a "-" in front of 
its

name, so it would be a regular shell.  This included shell escapes from
your text editor or mail reader or news reader or pager.  Any time you
escaped to a new shell from inside your editor, you didn't need to go
through all the gyrations that a login shell did.  You don't want to
see the calendar again, etc.

A decade or two later, some people developed a windowing system.

In this windowing system, there's a terminal emulator.  Normally when 
you

run a terminal emulator, you run a shell inside it.  (Not always, but
usually.)  This shell doesn't need to be a login shell.  You're 
probably
going to open half a dozen terminal emulators with shells in them, 
maybe

more.  You don't need to run the day's calendar, or set up the session
environment, in every single terminal.  All of that has been taken care
of already.  (Right?)

So, in an X terminal emulator, you normally run a NON-login shell.  
Just

a regular shell.

That's how it's supposed to work.

However.

Some people found that they had a really hard time getting their 
initial
environment set up during their X logins.  This was common among 
newbies

especially, because they didn't understand the new login procedure, and
had no idea how to customize it.

And where did we have a shit-load of Unix newbies?  Universities.

So, in the world of academia, there is a whole different paradigm.  In
this world, where everyone is expected to be incompetent, the old way
of setting up your environment one time and inheriting it in every
shell... that doesn't work.

In the newbie-centric environment, where nobody knows how to do 
anything

correctly, terminal emulators are configured to run login shells.

There's an option for it, of course.  The people who wrote xterm 
realized

that one might wish to run either a regular shell or a login shell.  So
xterm has this option:

   -ls This option indicates that the shell that is started in 
the
   xterm window will be a login shell (i.e., the first 
character
   of argv[0] will be a dash, indicating to the shell that 
it

   should read the user's .login or .profile).

Universities configured things so that their users' terminals would all
run with this option, which means the users would get a login shell in
each terminal.

And then the users, who were all newbies and don't know any better, 
could

simply be told "if you 

Re: xhost-command in Debian1

[Charles Curley]

On Fri, 22 Oct 2021 09:44:25 -0500
David Wright  wrote:

> > root@jhegaala:~#  
> 
> I think you need su --whitelist-environment=DISPLAY,XAUTHORITY -

Thank you, also to Reco.

I did:

$ alias su="su --whitelist-environment=DISPLAY,XAUTHORITY"

That works. So I will add that to my other aliases in ~/.bashrc and in
/etc/skel/.bashrc.

I tried editing /etc/security/pam_env.conf, as to...@tuxteam.de
suggested earlier, but that caused problems.

DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
XAUTHORITY  DEFAULT="/home/charles/.Xauthority" OVERRIDE=${XAUTHORITY}

The DISPLAY line appears to work; that XUTHORITY line does not. It
caused /home/charles/.Xauthority to be owned by root, which in turn
caused problems when SSHing in as charles.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: drawing smith charts

[Gene Heskett]

On Saturday 23 October 2021 06:06:12 Andrew M.A. Cater wrote:

> On Sat, Oct 23, 2021 at 04:58:30AM -0400, Gene Heskett wrote:
> > Greetings;
> >
> > One of the things I occasionally do is service my local AM radio
> > station when its off the air. This includes trying to keep the VSWR
> > under control.
> >
> > I have a redpitaya Vector Network Analyser that I use to tune the
> > tower, and it gives me the tuning state in the form of a smith
> > chart. But while it claims to run with a linux system as the
> > display, it doesn't, so I had to buy a cheap all-in-one with win 10
> > home edition on it. Works great but is a pita to setup and get
> > started. The windows driver is also about 50x the size of the linux
> > driver that doesn't work.
> >
> > What can I install to a buster machine that might make this
> > graphical display work?  We had, a decade back, a something or other
> > "plot" that might have been able to draw a smith chart but I haven't
> > seen it in the repos recently. It also was a square plotter, whereas
> > the smith chart is circular at its maximum error limits.
>
> Python3-scikit-rf looks promising to plot the data.
>
> Debian electronics / Debian ham teams might have some good ideas
>
> apt-cache search Smith threw this up
>
> There's also various gnuplot / octave plots that might work.
>
> Hope this helps
>
> All best, as ever,
>
> Andy Cater
>
Progress report Andy. The code kit I got from a link Didier posted failed 
to find a resource it needed, but I in my dotage finally remembered I 
had previously installed pip3 on that rpi4b, which found the missing 
code and installed it, and it now runs but without connecting to the VNA 
because its in a briefcase in the truck. Now I need to obtain another 
rpi4b and put raspbian buster on it, and a full cups install so I can 
print the smith charts right in the antenna shack that the FCC likes to 
see.

So progress is being made. Gotta spend a few sheckles yet, but the first 
job will pay for that.  Since the resources to do it with linux have now 
been rounded up, probably my best bet is to put a 60Gb kingston SSD that 
isn't doing anything else in the winblows all-in-one, in place of the 
winblows spinning rust install, and put buster on it.

Progress, for some definition of the word. That guy Murphy, that wrote 
all those laws, is alive and plotting against me of course. Thats been 
an 87 year battle he has lost every time, but he's a stubborn SOB.

Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: drawing smith charts

[Gene Heskett]

On Saturday 23 October 2021 05:58:12 didier gaumet wrote:

> Le samedi 23 octobre 2021 à 04:58 -0400, Gene Heskett a écrit :
> > Greetings;
> >
> > One of the things I occasionally do is service my local AM radio
> > station
> > when its off the air. This includes trying to keep the VSWR under
> > control.
> >
> > I have a redpitaya Vector Network Analyser that I use to tune the
> > tower,
> > and it gives me the tuning state in the form of a smith chart. But
> > while
> > it claims to run with a linux system as the display, it doesn't, so
> > I had to buy a cheap all-in-one with win 10 home edition on it.
> > Works great but is a pita to setup and get started. The windows
> > driver is also
> > about 50x the size of the linux driver that doesn't work.
> >
> > What can I install to a buster machine that might make this
> > graphical display work?  We had, a decade back, a something or other
> > "plot" that
> > might have been able to draw a smith chart but I haven't seen it in
> > the
> > repos recently. It also was a square plotter, whereas the smith
> > chart is
> > circular at its maximum error limits.
> >
> > Can anyone suggest a linux substitute?
> >
> > Cheers, Gene Heskett.
>
> Hello,
>
> I do not know nothing about radio setup, your hardware and this brand,
> so I am afraid I can not help you much.
>
> But the manufacturer claims it works under Linux and provides
> instructions to get it running:
> https://redpitaya.readthedocs.io/en/latest/appsFeatures/applications/v
>na/appVNA.html#linux-users-only Albeit there is an error in the link to
> download the "control program" which points to the Windows client
> instead of the Linux one.
> The correct link
> is:https://downloads.redpitaya.com/downloads/Clients/vna/vna-linux-too
>l.zip

Thank you very very much Didier. In my conversations with the maker in cz 
land I was never able to acquire that link from them. Every link they 
gave me pointed at the winblows version. Now to see if I can make it run 
on a pi4b. Or something similar that looks like a lappy but with a 
screen big enough to read.

Attempting to run it on a pi4b running raspbian buster, which is normally 
running a cnc'd 11x54 lathe, with a preempt-rt kernel, it takes about 30 
seconds to get to line 32 and a failure.
line 32 tells it:

from mpldatacursor import datacursor

but it can't find mpldatacursor. found some mpl suspects, installing them 
on that pi now. Then runniing sudo updatedb, then try python3 ./vna.py 
again. And it still bails out, same error:(paste)

pi@rpi4:/media/pi/workspace/vna-linux-tool $ python3 ./vna.py
Traceback (most recent call last):
  File "./vna.py", line 32, in 
from mpldatacursor import datacursor
ModuleNotFoundError: No module named 'mpldatacursor'

And according to synaptic, there isn't such a critter. Any suggestions?

I'll ask on the python list. Maybe someone there knows.

Thank you Didier. that link is much appreciated.

Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: openssh server remote access

[Andrei POPESCU]

On Sb, 23 oct 21, 09:33:44, Joe wrote:
> 
> The ssh protocol by default works on TCP port 22, but the sshd (server)
> configuration file allows different ports to be specified. If you have
> port 22 open to the Internet, you will get many firewall logs for
> people trying brute-force password attacks, which tells you why you
> should be using keys. Using a different port won't be any more secure,
> but it will stop these logs.

I've seen such brute-force attacks[1] also on different ports, they are
just much rarer.

The simple (temporary) solution for me was to reboot the router so it 
gets a different IP from the ISP. Long term I should probably look into 
something like fail2ban and/or port knocking.
 
> Wherever you want to connect from must have a clear path to the ssh
> port of your server. If you want to connect across the Internet, then
> your Internet router must forward the ssh port to the server computer.
> How to do this is specific to each model of router, but it's usually
> easy to work out. It will ask for an incoming protocol (TCP) and port
> number, the IP address of the destination computer in your network, and
> sometimes a destination port. In the latter case, you can still use
> port 22 on the server but accept something else entirely from over the
> Net.

My recommendation as well, as I prefer to run with defaults whenever 
possible. If already configuring a port forwarding in the router it's 
easy to use a different port on the public face of the router and keep 
the SSH server at its default.

It also makes local SSH connections much easier as it's not necessary to 
reconfigure each client for each host.

[1] The attacks didn't get past guessing an existing user name, even 
though one is a common English word and one is a Romanian given name :D

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: drawing smith charts

[Andrew M.A. Cater]

On Sat, Oct 23, 2021 at 04:58:30AM -0400, Gene Heskett wrote:
> Greetings;
> 
> One of the things I occasionally do is service my local AM radio station 
> when its off the air. This includes trying to keep the VSWR under 
> control.
> 
> I have a redpitaya Vector Network Analyser that I use to tune the tower, 
> and it gives me the tuning state in the form of a smith chart. But while 
> it claims to run with a linux system as the display, it doesn't, so I 
> had to buy a cheap all-in-one with win 10 home edition on it. Works 
> great but is a pita to setup and get started. The windows driver is also 
> about 50x the size of the linux driver that doesn't work. 
> 
> What can I install to a buster machine that might make this graphical 
> display work?  We had, a decade back, a something or other "plot" that 
> might have been able to draw a smith chart but I haven't seen it in the 
> repos recently. It also was a square plotter, whereas the smith chart is 
> circular at its maximum error limits.

Python3-scikit-rf looks promising to plot the data.

Debian electronics / Debian ham teams might have some good ideas

apt-cache search Smith threw this up

There's also various gnuplot / octave plots that might work.

Hope this helps

All best, as ever,

Andy Cater
> 
> Can anyone suggest a linux substitute?
> 
> Cheers, Gene Heskett.
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author, 1940)
> If we desire respect for the law, we must first make the law respectable.
>  - Louis D. Brandeis
> Genes Web page 
> 

Re: drawing smith charts

[didier gaumet]

Le samedi 23 octobre 2021 à 04:58 -0400, Gene Heskett a écrit :
> Greetings;
> 
> One of the things I occasionally do is service my local AM radio
> station 
> when its off the air. This includes trying to keep the VSWR under 
> control.
> 
> I have a redpitaya Vector Network Analyser that I use to tune the
> tower, 
> and it gives me the tuning state in the form of a smith chart. But
> while 
> it claims to run with a linux system as the display, it doesn't, so I
> had to buy a cheap all-in-one with win 10 home edition on it. Works 
> great but is a pita to setup and get started. The windows driver is
> also 
> about 50x the size of the linux driver that doesn't work. 
> 
> What can I install to a buster machine that might make this graphical
> display work?  We had, a decade back, a something or other "plot"
> that 
> might have been able to draw a smith chart but I haven't seen it in
> the 
> repos recently. It also was a square plotter, whereas the smith chart
> is 
> circular at its maximum error limits.
> 
> Can anyone suggest a linux substitute?
> 
> Cheers, Gene Heskett.

Hello,

I do not know nothing about radio setup, your hardware and this brand,
so I am afraid I can not help you much.

But the manufacturer claims it works under Linux and provides
instructions to get it running:
https://redpitaya.readthedocs.io/en/latest/appsFeatures/applications/vna/appVNA.html#linux-users-only
Albeit there is an error in the link to download the "control program"
which points to the Windows client instead of the Linux one.
The correct link
is:https://downloads.redpitaya.com/downloads/Clients/vna/vna-linux-tool.zip

Re: [SOLVED] SDDM doesn't show up at boot

[Andrew M.A. Cater]

On Fri, Oct 22, 2021 at 05:13:10PM -0400, Cmdte Alpha Tigre Z wrote:
> Hi,
> 
> El vie, 22 oct 2021 a las 10:50, David Wright
> () escribió:
> > That may depend on whether you ran it on a "real" VC (rather an
> > oxymoron) or on an Alt-Ctrl-Fn console reached from X. I've
> > certainly had aspects not work when run in the latter manner,
> > particularly /etc/console-setup/remap.inc stuff IIRC.
> 
> Excuse me, Mr. Wright, what do you mean by a "real" virtual console?
> Those ones you reach by pressing Ctrl+Alt+Fn are virtual consoles,
> right?

Seven virtual terminals - full screen grey/white on black - if you don't 
install X/Wayland/any desktop environment - Alt-F1 to Alt-F7.

If you're running from within X, there's an extra layer / ke4ystrokes to
trap is what's meant, I think.

All the best, as ever,

Andy Cater
> 
> Well, it is a little confusing.
> 
> Have a good day.
> 
> -- 
> Time zone: GMT-4
> 

drawing smith charts

[Gene Heskett]

Greetings;

One of the things I occasionally do is service my local AM radio station 
when its off the air. This includes trying to keep the VSWR under 
control.

I have a redpitaya Vector Network Analyser that I use to tune the tower, 
and it gives me the tuning state in the form of a smith chart. But while 
it claims to run with a linux system as the display, it doesn't, so I 
had to buy a cheap all-in-one with win 10 home edition on it. Works 
great but is a pita to setup and get started. The windows driver is also 
about 50x the size of the linux driver that doesn't work. 

What can I install to a buster machine that might make this graphical 
display work?  We had, a decade back, a something or other "plot" that 
might have been able to draw a smith chart but I haven't seen it in the 
repos recently. It also was a square plotter, whereas the smith chart is 
circular at its maximum error limits.

Can anyone suggest a linux substitute?

Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: openssh server remote access

[Joe]

On Sat, 23 Oct 2021 08:42:09 +0300
Semih Ozlem  wrote:

> Are there specific tutorials websites that you can recommend, how
> about port forwarding. From where which sites in particular can I
> learn about these topics?

Here's a good practical guide:

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-2

This site generally isn't specific to Debian, but it has lots of useful
tutorials. The Arch Linux site is also good for documentation.

Here is the ultimate authority, but it may contain too much detail for
a beginner. These are the client and server configuration files, which
are commented, but there's more detail here:

https://www.ssh.com/academy/ssh/config
https://www.ssh.com/academy/ssh/sshd_config

Mostly the default configuration files are OK, you may want to change
the port number or disable passwords. Most of the insecure options are
already disabled.

> 
> Joe , 22 Eki 2021 Cum, 00:08 tarihinde şunu yazdı:
> 
> > On Thu, 21 Oct 2021 23:48:38 +0300
> > Semih Ozlem  wrote:
> >  
> > > I think it was something like "ssh: connect to host  port 22:
> > > Connection refused" It will take me a little while to get the same
> > > error message again.

The ssh protocol by default works on TCP port 22, but the sshd (server)
configuration file allows different ports to be specified. If you have
port 22 open to the Internet, you will get many firewall logs for
people trying brute-force password attacks, which tells you why you
should be using keys. Using a different port won't be any more secure,
but it will stop these logs.

Wherever you want to connect from must have a clear path to the ssh
port of your server. If you want to connect across the Internet, then
your Internet router must forward the ssh port to the server computer.
How to do this is specific to each model of router, but it's usually
easy to work out. It will ask for an incoming protocol (TCP) and port
number, the IP address of the destination computer in your network, and
sometimes a destination port. In the latter case, you can still use
port 22 on the server but accept something else entirely from over the
Net. If the ssh server computer has a firewall, then it must have the
relevant port opened, which again will be specific to the software you
use for the firewall.
 

Re: eMail Com Between Hosts on a Private Net

[Andrei POPESCU]

On Vi, 22 oct 21, 11:09:14, Martin McCormick wrote:
> One more question I should know the answer to but am not sure of.
> The debian Buster system I use for email presently uses fetchmail
> to get mail from the ISP and is configured to use that ISP's
> smarthost for out-going mail.  I do not want to  effect
> (= muck this up) this  functionality because  it works well for
> now.

Then don't touch it ;)
 
>   Shouldn't I be able to install an imap server on the
> debian box and forward messages of interest to it, then reach
> imap4 on the private net from any system that speaks imap or has
> an imap client?

Of course. It's probably easiest to have the IMAP server on the same 
system as the local SMTP server so there shouldn't be any "forwarding" 
involved. Just configure both to use the same storage location.

In case of different programs accessing the same mail store the maildir 
format is recommended (over mbox), so that would be something like 
/home//Maildir.

>   That would do what I need to do.
> 
>   When I was researching, the article in wikipedia I read
> said that many commercial systems have email clients which
> understand imap, pop3, etc.  The systems likely to do this on our
> network are a windows10 box, an iMac and maybe an iPad.  The idea
> would be to forward an email message needing this attention to
> imap on the linux box, contact the Linux box from one of the
> devices I mentioned, and download the message at which point it
> would e as if that system had been hooked up to the ISP and
> received it.

If you mean "download" as in use something like fetchmail than I would 
recommend against it. IMAP was designed to keep messages on the server, 
the client only has its local cache. With the IMAP server on the same 
LAN operations should be almost as fast as dealing with locally stored 
mails.

For comparison, I'm reading this (and many other Debian lists) via IMAP 
to GMX with neomutt as IMAP client.

Just the debian-user folder currently has more than 38000 messages. 
There are occasional pauses (a few seconds or so), particularly when 
changing folders, but I suspect this is due to the slow local storage 
(the entire OS runs from a USB stick).

>   I was all ready to use .local as our domain name and then
> I looked that up and there is a good wikipedia article which
> explains how that is problematic and recommends using something
> like .lan, .office or something else that isn't likely to be
> registered as a top-level resolvable domain name.
> 
>   The machine I receive email on presently would be a good
> candidate for running a mdns but our netgear router advertises
> whatever dns's the isp uses for obvious reasons and that's fine
> but it would be nice if the mdns's address could also be known to clients
> on our network which could make DNS queries to each other's names
> that would resolve properly.

If you are referring to mDNS here, that is actually meant to work 
without a server[1]. It's probably also much less flexible because it's 
meant to work with minimal or no configuration.

A good candidate for a local DNS server would be your router, provided 
its firmware (more accurately operating system) supports this 
functionality.

>   Is there a way to advertise the mdns so that the router
> picks it up but doesn't drop the internet DNS's that we all need
> to resolve the rest of the world?

What is the router supposed to do with your mDNS after it "picks it up"?

>   I do remember when I was working, we explored open-source
> network authentication systems which involved fake DNS's that one
> had to advertise as such so their information wouldn't corrupt
> the proper working DNS's which could really mess things up if
> somebody happened to pickup and cache the wild card * that sent
> all new supplicants to the authentication server after they were
> already up and running.
> 
>   In our case, the corruption would be okay and done for
> good reasons but the dhcp server in our router  already advertises two
> domain name servers so ours would have to be learned about by
> discovery.

It shouldn't be necessary to pass the ISP's DNS servers to all local 
systems because most home routers can act as a caching DNS server (I 
would be really surprised if yours didn't), so they can advertise 
themselves as DNS server for your LAN via DHCP and forward queries to 
the ISP DNS servers (or other DNS servers of your choice) as needed.

If this is somehow not possible (why?) you could either try to change 
the router's firmware (e.g. to something like OpenWrt) or use another 
system running 24/7 for DNS and DHCP (e.g. with something dnsmasq). It 
could very well be the same system running the SMTP (and IMAP) server.


You would probably get better, specific suggestions if you would 
describe your network in more detail, in particular the router (model, 
firmware, configuration), and other systems that are providing (or 
planned to do so) services for your