Re: Networking book recommendation

[Jeremy Ardley]

On 4/5/22 12:57 pm, to...@tuxteam.de wrote:

On Wed, May 04, 2022 at 04:27:52AM +0800, Jeremy Ardley wrote:

[...]


[...] NAT in itself
provides quite good security because internal hosts can't be scanned by
attackers.

Uh, oh. I think general opinion these days disagree with this
statement strongly (see e.g. [1], but this has been rough
consensus since at least the 2000s).


Your consensus is 20 years old. Times move

Natural evolution has developed standard features in routers that out of 
the box are 'good enough' for SOHO implementations.


That is when you plug it in and connect to your home LAN you can 
reasonably expect your LAN won't be compromised in 5 minutes or even 5 
years of persistent attacks.


The only problem is when the enthusiastic owner starts opening ports to 
allow internal mail or web, or even just to run some games. This problem 
will also occur when you have the latest fancy dandy firewall. It is 
users who are insecure, not NAT or routers as such.


More interesting is IPv6 which many ISPs now offer. Modern routers know 
about Prefix delegation and all your windows hosts will automatically 
pick up IPv6 Addresses. These are 'raw' on the internet, no NAT 
involved. It will depend on your router firewall on how well protected 
you are.


In the IPv6 case, modern Windows machines all have inbuilt firewalls 
that work reasonably well. Linux systems are variable in firewall 
configuration and may not be as well protected.


I run my own Armbian dual homed router that does the IPv6 stuff and I 
have a reasonable set of ip6tables rules to allow specific hosts to 
provide IPv6 services on well known addresses (ie in DNS) but at the 
same time protect most other hosts from any unsolicited IPv6 Traffic.


If I was still in the 90s I'd set up a DMZ blah blah. Now I just expose 
services on the router using HA proxy for IPv4 Stuff and specific rules 
for IPv6. I also run a postfix instance on the router for IPv4 connectivity.



Jeremy



OpenPGP_signature
Description: OpenPGP digital signature

Re: Odd reproducible problem - but is it a bug?

[tomas]

On Wed, May 04, 2022 at 05:23:31AM +0200, Anders Andersson wrote:

[on sbin]

> On this note, I've always found it annoying that debian (and likely
> others) don't put /sbin in the normal user's $PATH. A lot of the tools
> there have uses other than modifying the system.

I've grown accustomed to that. For example, `ifconfig' is just named
`/sbin/ifconfig'.

That said, the pattern seems to be dying out. Ifconfig's new and
all-shiny cousin, ip,  already is lodged in /bin, so there you go.
My muscle memory has adapted.

I don't think you can convince others to follow along, so you're
better off "enhancing", e.g. your /etc/profile. That's what it's
for, after all :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Networking book recommendation

[tomas]

On Wed, May 04, 2022 at 04:27:52AM +0800, Jeremy Ardley wrote:

[...]

> [...] NAT in itself
> provides quite good security because internal hosts can't be scanned by
> attackers.

Uh, oh. I think general opinion these days disagree with this
statement strongly (see e.g. [1], but this has been rough
consensus since at least the 2000s).

That said, even "normal" hands-off firewalls don't help against
the most widespread threats of these days: malicious actors that
are located inside your network: be it some random javascript
running in your browser, a printer phoning home or your so-called
smart TV.

All of those will connect to outside things from the inside, and
a no-trouble hands-off firewall is configured to allow just that.

The known attacks against NAT dwindle given the above-mentioned
cornucopia :-)

Don't get me started on things like UPMP's NAT-PMP [2] which are
explicitily designed for clients to punch holes into the firewall.

Cheers

[1] 
https://security.stackexchange.com/questions/8772/how-important-is-nat-as-a-security-layer
[2] https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol
-- 
t


signature.asc
Description: PGP signature

Re: 2FA

[TRS-80]

steef  writes:

> Hi folks, after long time back home. with a question.
> Is 2FA installable on my OS debian11 and, if yes, how do I do that?

Did you mean:

1. Something to do 2FA when loggin in to Debian (if so, Dan's already
answered that).

2. Some software you can install on Debian which is capable of doing
2FA elsewhere (in broswer and programs)?

In the latter case, personally I use KeePassXC, but I am sure there are
others.

Cheers,
TRS-80

Re: Odd reproducible problem - but is it a bug?

[Anders Andersson]

On Mon, May 2, 2022 at 8:19 PM  wrote:
> On Mon, May 02, 2022 at 07:58:12PM +0200, Michael Lange wrote:
> > On Mon, 2 May 2022 10:17:06 -0500
> > Richard Owlett  wrote:
> > > I'm using Debian 10.7 with MATE DE [will be updated later this week]
> > > The machine is a Lenovo T510 and is setup to login as either "richard"
> > > or "root".
> > >
> > > If logged in as "richard" I can execute su {+ password} and receive a
> > > prompt indicating I'm "root".
> > >
> > > However if I then enter "update-grub", the response is
> > >"bash: update-grub: command not found"
> > > as if I were the unprivileged user "richard".
> >
> > you need to do
> >
> >  # su -
> >
> > (instead of just
> >
> >  # su
> > ),
> > otherwise $PATH will be inherited from user "richard" and thus lack the
> > entry "/sbin".
>
> Or just get used to say "/sbin/update-grub" ;-)
>
> (No, I'm not really being serious here. But half-acquiring this
> habit would have helped you to unravel the problem like in "Ah,
> I have the permissions but not the $PATH..."

On this note, I've always found it annoying that debian (and likely
others) don't put /sbin in the normal user's $PATH. A lot of the tools
there have uses other than modifying the system.

Re: Looking for documentation package

[David]

On Tue, 3 May 2022 17:44:16 -0700
David Christensen  wrote:

> On 5/3/22 16:17, Gary L. Roach wrote:
> > I have been looking for a documentation system that would allow me to 
> > write cursive paragraphs with math formulas interspersed and then have 
> > the formulas solved. Some examples that almost do what I want is Sage, 
> > Octave and Cantor (with the proper backend). So far all seem to be 
> > missing the /* text */ capability of the C language and have no 
> > subscript superscript capability. I like Cantor a lot but haven't been 
> > able to get around these two hurdles. Could anyone help.

Install texlive and texmaker or texstudio.
This is the sane option for your requirements.
After that, these are valuable resources:



https://en.m.wikibooks.org/wiki/LaTeX/Introduction

https://en.m.wikibooks.org/wiki/LaTeX/Mathematics

Cheers!

Re: Looking for documentation package

[David Christensen]

On 5/3/22 16:17, Gary L. Roach wrote:
I have been looking for a documentation system that would allow me to 
write cursive paragraphs with math formulas interspersed and then have 
the formulas solved. Some examples that almost do what I want is Sage, 
Octave and Cantor (with the proper backend). So far all seem to be 
missing the /* text */ capability of the C language and have no 
subscript superscript capability. I like Cantor a lot but haven't been 
able to get around these two hurdles. Could anyone help.



I have created technical documents using LibreOffice Writer with 
embedded math formulas, embedded Libre Office Draw and LibreCAD 
drawings, and embedded Libre Office Calc spreadsheets and diagrams.



I haven't used it, but Latex appears to be available via Debian packages.


David

Re: Looking for documentation package

[John Conover]

Gary L. Roach writes:
> I have been looking for a documentation system that would allow me to 
> write cursive paragraphs with math formulas interspersed and then have 
> the formulas solved. Some examples that almost do what I want is Sage, 
> Octave and Cantor (with the proper backend). So far all seem to be 
> missing the /* text */ capability of the C language and have no 
> subscript superscript capability. I like Cantor a lot but haven't been 
> able to get around these two hurdles. Could anyone help.
>

Hi Gary.

Tex/Latex/AmsTex are the obvious best choices for doing exactly
that. They were written to do such things:

1) Write a shell script with the variable names calculated,
   (perhaps from C or Python,) and output in Tex format.

2) Include the file, (or version(s) thereof,) in Tex page(s) that
   does the type setting.

You might be able to do something with the Calc function in emacs,
too, (but it might have limited capability for mathematical type
setting.)

John

-- 

John Conover, cono...@panix.com, http://www.johncon.com/

Re: Networking book recommendation

[David Christensen]

On 5/3/22 12:42, Tom Browder wrote:

I'm about to sign up for a fixed IPv4 address to my home. I know a bit
about setting up simple internal networks, but want to make sure I'm
doing it all correctly and securely. Does anyone have a good book they
recommend for such use?



On 5/3/22 13:35, Tom Browder wrote:
> On Tue, May 3, 2022 at 15:18 john doe  wrote:
>
>> On 5/3/2022 9:42 PM, Tom Browder wrote:
>>> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
>>> about setting up simple internal networks, but want to make sure I'm
>>> doing it all correctly and securely. Does anyone have a good book they
>>> recommend for such use?
>>>
>>
>> What do you mean by "correctly and securly", the networking is never
>> secure.
>
>
> Thanks, I didn't know that.
>
> Depending on what you need, you might want firewall ...
>
>
> I'm considering HaProxy downsteam from the router.
>
> That also brings the question, why do you need a static IPv4 address?
>
>
> I'm moving my webservers inside.


On 5/3/22 14:14, Tom Browder wrote:
> I appreciate all the responses, and I realize, once again, that I should
> have given a little more background for the question:
>
> I have been running 10+ websites using SNI on Apache on two leased remote
> servers for many years. I am now moving the whole operation, 
gradually, to
> operate out of my home on my own Debian server. During those years 
I've had

> several hardware failures that were hard to deal with remotely, hence the
> decision to come home (especially since I now have a bit more space 
for the

> additional equipment).
>
> I have been using a firewall and iptables to minimize inbound 
traffic, but

> the details some have sent are very helpful for my current plan.
>
> In addition to the webserver being accessed externally, I will be sshing
> into my home server while traveling.


On 5/3/22 14:32, Tom Browder wrote:
> The sites are historically low traffic, but I'll watch out for problems.
> Our current ISP is AT and they are laying fiber quickly in my area.


I have stumbled my way through networking over the years, reading 
whatever I could find.  A recent book that I can recommend is 
"Networking for System Administrators" by Lucas:


https://mwl.io/nonfiction/networking#n4sa


Do not conflate running public services on the Internet and remote 
access to your LAN over the Internet.  I strongly recommend a virtual 
private server (VPS) for the former and a virtual private network (VPN) 
for the latter.



For SOHO networking, I now use UniFi hardware products:

https://ui.com/


The UniFi Controller is running on a Debian VPS at Linode.  Creating the 
node is automated via a Linode Stack Script.  In addition to the UniFi 
Controller (which includes VPN capabilities), the node image includes 
fail2ban, LetsEncrypt key management, and other features:


https://www.linode.com/


David

Re: Networking book recommendation

[Tom Browder]

On Tue, May 3, 2022 at 17:27 Bob Weber  wrote:
...

> Have you thought of using a small VM in the cloud?
>
Yes, I have, Bob, and I have a Digital Ocean account and plan to use it for
another use case soon. But I do love having my master source and webserver
where I can touch them and fix hardware problems.

One of my problems is my favorite websites are ones for my college class (
https://usafa-1965.org) and my brother's Marine TBS class (
https://novco1968tbs.com). In addition, I am starting an online directory
for our church. All of them take a fair bit of storage because of heavy
picture use and also require good response during my heavy development use
periods. I have been spoiled by having real bare-iron servers.

BTW, you mention email use. I used to use GNU Mailman 2 but am now
considering Sympa [mainly because it is (1) Perl (i.e., non-Python) and (2)
it is monolithic and hasn't been broken up into pieces like Mailman 3]. So
what do you use?

Thanks.

-Tom

Looking for documentation package

[Gary L. Roach]

I have been looking for a documentation system that would allow me to 
write cursive paragraphs with math formulas interspersed and then have 
the formulas solved. Some examples that almost do what I want is Sage, 
Octave and Cantor (with the proper backend). So far all seem to be 
missing the /* text */ capability of the C language and have no 
subscript superscript capability. I like Cantor a lot but haven't been 
able to get around these two hurdles. Could anyone help.


Gary R

Re: Networking book recommendation

[Bob Weber]

On 5/3/22 17:14, Tom Browder wrote:


I appreciate all the responses, and I realize, once again, that I should have 
given a little more background for the question:


I have been running 10+ websites using SNI on Apache on two leased remote 
servers for many years. I am now moving the whole operation, gradually, to 
operate out of my home on my own Debian server. During those years I've had 
several hardware failures that were hard to deal with remotely, hence the 
decision to come home (especially since I now have a bit more space for the 
additional equipment).


I have been using a firewall and iptables to minimize inbound traffic, but the 
details some have sent are very helpful for my current plan.


In addition to the webserver being accessed externally, I will be sshing into 
my home server while traveling.


Thanks to all.

-Tom


Have you thought of using a small VM in the cloud?  I have been running a 
droplet at Digital Ocean for several years.  For $5 a month I get a fast 1 cpu 
VM, 25G of file space, 1 G of memory and a static ip address.  I have several 
web sites there, email for my family, and at times a VPN.  I run Debian ... its 
just like my other systems so its easier to maintain.  I use the free 
letsencrypt service for the certificates for my web sites. The only other cost 
is for the DNS names for my sites (which you would need if you did this from home).


I access it over ssh on a non standard port to keep the knockers out.  I use ssh 
keys to login with passwords disabled.  If you mess up you can access the site 
over a web based shell access.  I use shorewall for my firewall (iptables based) 
and fail2ban to watch my logs there to block ip(s) that are up to mischief.  I 
also block ip ranges of China and Russia.


Depending on your needs you may need more memory or file space but for $5 a 
month this has been a great way to host my web sites, email and VPN.  You could 
even set up a VPN to connect back to your system at home when you are on the 
road.  So this keeps all the traffic off your home systems and network.


--


*...Bob*

Re: sane-backend for Epson EcoTank ET-2711

[Brian]

On Tue 03 May 2022 at 23:47:44 +0200, Dieter Rohlfing wrote:

> Am Sun, 1 May 2022 12:26:00 +0100
> schrieb Brian :
> 
> >you have a modern device (from about 2018) that does not support AirPrint
> 
> Sorry, that's wrong.

Really?

AirPrint is not mentioned in the device's specifications at

  
https://www.epson.co.uk/products/printers/inkjet/consumer/ecotank-et-2711/p/23003

nor at

  https://openprinting.github.io/printers/
 
> In my previous postings I was regarding a connection via USB cable. For
> that case the sane-backend epsonds does not work, but the epsonscan2
> backend from Epson, although epsonscan2 fails for network scanning.
> 
> The Epson ET2711 can be connected via USB cable and WiFi. In the latter
> case the ET2711 has an IP and therefore can be directly addressed by the
> client, who wants to scan.
> 
> You have to enable the sane net backend and the client automatically
> recognizes the ET2711 via the escl protocol (the package sane-airscan
> must be installed and enabled). Now the ET2711 is listed by 'scanimage
> -L'; 'scanimage -T', simple-scan and xsane work flawlessly.

That's all you did? Enable the net backend? Nothing else?

Please give what you get for

  scanimage -L

  airscan-discover

-- 
Brian.

Re: sane-backend for Epson EcoTank ET-2711

[Dieter Rohlfing]

Am Sun, 1 May 2022 12:26:00 +0100
schrieb Brian :

>you have a modern device (from about 2018) that does not support AirPrint

Sorry, that's wrong.

In my previous postings I was regarding a connection via USB cable. For
that case the sane-backend epsonds does not work, but the epsonscan2
backend from Epson, although epsonscan2 fails for network scanning.

The Epson ET2711 can be connected via USB cable and WiFi. In the latter
case the ET2711 has an IP and therefore can be directly addressed by the
client, who wants to scan.

You have to enable the sane net backend and the client automatically
recognizes the ET2711 via the escl protocol (the package sane-airscan
must be installed and enabled). Now the ET2711 is listed by 'scanimage
-L'; 'scanimage -T', simple-scan and xsane work flawlessly.

So long story short: local scanning via USB works with epsonscan2, but
not with epsonds backend, networking scanning does not work with both
backends. Scanning via WiFi connection works okay.

Dieter

Re: stretch with bullseye kernel?

[IL Ka]

Linux kernel is backward compatible. Linus calls it "we do not break
userspace".
That means _old_  applications should work on new kernel


On Wed, May 4, 2022 at 12:40 AM Richard Hector 
wrote:

> Hi all,
>
> For various reasons, I have some stretch LXC containers, on a buster
> host that I now need to upgrade. That will mean they end up running on
> buster's 5.10 kernel.
>
> Is that likely to be a problem?
>
> If so, I guess I can leave the host on buster's kernel for the time
> being, but that's obviously not ideal.
>
> Hopefully the stretch containers can/will be either upgraded or
> dispensed with soon ...
>
> Cheers,
> Richard
>
>

stretch with bullseye kernel?

[Richard Hector]

Hi all,

For various reasons, I have some stretch LXC containers, on a buster 
host that I now need to upgrade. That will mean they end up running on 
buster's 5.10 kernel.


Is that likely to be a problem?

If so, I guess I can leave the host on buster's kernel for the time 
being, but that's obviously not ideal.


Hopefully the stretch containers can/will be either upgraded or 
dispensed with soon ...


Cheers,
Richard

Re: Networking book recommendation

[Tom Browder]

On Tue, May 3, 2022 at 16:21 Greg Wooledge  wrote:
...

You think your home Internet connection is going to be able to handle
> this traffic?


The sites are historically low traffic, but I'll watch out for problems.
Our current ISP is AT and they are laying fiber quickly in my area.

> In addition to the webserver being accessed externally, I will be sshing
> > into my home server while traveling.
>
> OK.  A minimum setup would entail:

...

>
4) Forward...whatever you're going to use for ssh
>(highly recommended not to use the default port),


Good point!

-Tom

Re: Networking book recommendation

[Greg Wooledge]

On Tue, May 03, 2022 at 04:14:40PM -0500, Tom Browder wrote:
> I have been running 10+ websites using SNI on Apache on two leased remote
> servers for many years.

You think your home Internet connection is going to be able to handle
this traffic?

> In addition to the webserver being accessed externally, I will be sshing
> into my home server while traveling.

OK.  A minimum setup would entail:

1) Buy a consumer-grade router, and set it up to get the static IP address
   from your ISP.

2) Configure the Debian server to get a DHCP address from the router, so
   you can see what subnet range the router is using for the internal
   network.

3) Pick a static address on the router's internal subnet (outside of the
   pool of DHCP addresses) and configure the router to assign this address
   to your Debian system, based on MAC address.

4) Forward ports 80 and 443, and whatever you're going to use for ssh
   (highly recommended not to use the default port), from the router
   to the Debian machine's internal IP address.

Re: Networking book recommendation

[Tom Browder]

On Tue, May 3, 2022 at 14:42 Tom Browder  wrote:

> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
> about setting up simple internal networks, but want to make sure I'm
> doing it all correctly and securely. Does anyone have a good book they
> recommend for such use?


I appreciate all the responses, and I realize, once again, that I should
have given a little more background for the question:

I have been running 10+ websites using SNI on Apache on two leased remote
servers for many years. I am now moving the whole operation, gradually, to
operate out of my home on my own Debian server. During those years I've had
several hardware failures that were hard to deal with remotely, hence the
decision to come home (especially since I now have a bit more space for the
additional equipment).

I have been using a firewall and iptables to minimize inbound traffic, but
the details some have sent are very helpful for my current plan.

In addition to the webserver being accessed externally, I will be sshing
into my home server while traveling.

Thanks to all.

-Tom

Re: Networking book recommendation

[Dan Ritter]

Tom Browder wrote: 
> I'm considering HaProxy downsteam from the router.
> 
> That also brings the question, why do you need a static IPv4 address?

If you want a service inside your network to be available to
people outside your network (i.e. on the Internet), they need to
be able to name it and get packets to it.

The name is registered in the DNS (domain name service) and
handled by DNS servers, either other people's for a fee or
your own.

If you have a static IPv4 address, you can assign many names to
it via DNS CNAME records.

If you have a static IPv6 address, you can assign many names to
it via DNS, but only about half the people in the world will be
able to get to it.

If you don't have a static IPv4 address, but you can accept a
few minutes of unreachability from time to time, you can use a
dynamic DNS service and a daemon running on one of your machines
that will contact it periodically to let the service know what's
changed.

-dsr-

Re: Networking book recommendation

[Dan Ritter]

Tom Browder wrote: 
> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
> about setting up simple internal networks, but want to make sure I'm
> doing it all correctly and securely. Does anyone have a good book they
> recommend for such use?


Almost certainly what you want is 

Concepts (old but useful):
https://www.nftables.org/documentation/HOWTO/packet-filtering-HOWTO.html

What to do:

https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_home_router

How to do it in Debian:

https://www.debian.org/doc/manuals/debian-handbook/sect.firewall-packet-filtering.en.html

Reference:
https://netfilter.org/

And the invaluable:

https://stuffphilwrites.com/2014/09/iptables-processing-flowchart/

-dsr-

Re: Networking book recommendation

[Tixy]

On Tue, 2022-05-03 at 14:30 -0600, Charles Curley wrote:
> [...]
> You will want to parcel out IP addresses and host names on your home
> network, so DNS and DHCP. There are other programs to do those things,
> but bind and dhcpd are classics, and talk to each other.

Or dnsmasq which does both jobs, so just one program and one config
file to deal with.

-- 
Tixy

Re: Networking book recommendation

[Tom Browder]

On Tue, May 3, 2022 at 15:18 john doe  wrote:

> On 5/3/2022 9:42 PM, Tom Browder wrote:
> > I'm about to sign up for a fixed IPv4 address to my home. I know a bit
> > about setting up simple internal networks, but want to make sure I'm
> > doing it all correctly and securely. Does anyone have a good book they
> > recommend for such use?
> >
>
> What do you mean by "correctly and securly", the networking is never
> secure.


Thanks, I didn't know that.

Depending on what you need, you might want firewall ...


I'm considering HaProxy downsteam from the router.

That also brings the question, why do you need a static IPv4 address?


I'm moving my webservers inside.

Thanks.

-Tom

Re: Networking book recommendation

[Charles Curley]

On Tue, 3 May 2022 14:42:16 -0500
Tom Browder  wrote:

> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
> about setting up simple internal networks, but want to make sure I'm
> doing it all correctly and securely. Does anyone have a good book they
> recommend for such use?

You said, "a fixed IPv4 address", which suggests you'll be doing
NATting (or whatever they call it this week) for your home network.

I use Æleen Frisch, Essential System Administration, 2nd ed.
https://www.oreilly.com/library/view/essential-system-administration/0596003439/
I see the current edition is 3rd, dated 2002. So possibly dated, but
the basics will be the same. No systemd, though.

You will want to get up to speed on firewalling, if you aren't already.
Allow your systems to connect to any external server. Don't allow any
external access to anything on your firewall or home network unless
it's for a service you provide to the outside world.

You will want to parcel out IP addresses and host names on your home
network, so DNS and DHCP. There are other programs to do those things,
but bind and dhcpd are classics, and talk to each other.

Wireless is nice, but a security nightmare.

And don't forget to do backups.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Networking book recommendation

[Jeremy Ardley]

On 4/5/22 4:18 am, john doe wrote:


What do you mean by "correctly and securly", the networking is never 
secure.

Depending on what you need, you might want firewall ...

That also brings the question, why do you need a static IPv4 address?


For almost all domestic installations a single static IPv4 address is 
managed by the router and used to NAT internal addresses. NAT in itself 
provides quite good security because internal hosts can't be scanned by 
attackers.


If the router is a normal commercial router it will manage the internal 
network and will itself have very few vulnerabilities


If the static IPv4 address is to be used to provide a public service 
then it's usual to forward inbound connections to an internal host to 
provide that service. That forwarding is usually router specific.



--
Jeremy



OpenPGP_signature
Description: OpenPGP digital signature

Re: Networking book recommendation

[john doe]

On 5/3/2022 9:42 PM, Tom Browder wrote:

I'm about to sign up for a fixed IPv4 address to my home. I know a bit
about setting up simple internal networks, but want to make sure I'm
doing it all correctly and securely. Does anyone have a good book they
recommend for such use?



What do you mean by "correctly and securly", the networking is never secure.
Depending on what you need, you might want firewall ...

That also brings the question, why do you need a static IPv4 address?

--
John Doe

Re: no update possible

[Cindy Sue Causey]

On 5/3/22, Peter Ehlert  wrote:
>
> On 5/3/22 06:29, Schwibinger Michael wrote:
>> Good afternoon
>>
>> Thank You
>>
>> Terminal
>> and root terminal do say
>>
>> command not found.
>
> please post Exactly what the command is that you entered
>
>
> and Exactly what the error message is
>
>
> *copy and paste please


Once in a while.. and this is one of those times.. I think it would be
nice to see a screen capture (screencast) done. Unfortunately, finding
a safe, universally trustworthy place to post it for all to view is
likely a deal breaker for some users relative to their geographical
location.

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *

Re: apt-cacher-ng and CNAMEs

[Celejar]

On Tue, 3 May 2022 21:24:11 +0200
Nito  wrote:

> On Tue, May 03, 2022 at 15:16:47 -0400, Celejar wrote:
> > [...], and I'm consequently somehow getting bitten by
> > this issue:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356
> > 
> > But that (as described by the maintainer) mess was supposedly resolved,
> > and the bug was closed. Am I missing something, or does that bug need
> > to be reopened?
> 
> Are you using stable? The bug has been closed with version 
> 3.7.1-1 of apt-cacher-ng. Stable currently has 3.6.4-1 with
> no indication of a patch being applied for this bug.
> Bullseye-backoprts offers 3.7.4-1~bpo11+1 though, so you could
> likely use this to get a fix for #986356.

I'm using Sid, apt-cacher-ng version 3.7.4-1.

-- 
Celejar

Networking book recommendation

[Tom Browder]

I'm about to sign up for a fixed IPv4 address to my home. I know a bit
about setting up simple internal networks, but want to make sure I'm
doing it all correctly and securely. Does anyone have a good book they
recommend for such use?

Thanks.

-Tom

Re: apt-cacher-ng and CNAMEs

[Nito]

On Tue, May 03, 2022 at 15:16:47 -0400, Celejar wrote:
> [...], and I'm consequently somehow getting bitten by
> this issue:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356
> 
> But that (as described by the maintainer) mess was supposedly resolved,
> and the bug was closed. Am I missing something, or does that bug need
> to be reopened?

Are you using stable? The bug has been closed with version 
3.7.1-1 of apt-cacher-ng. Stable currently has 3.6.4-1 with
no indication of a patch being applied for this bug.
Bullseye-backoprts offers 3.7.4-1~bpo11+1 though, so you could
likely use this to get a fix for #986356.

> -- 
> Celejar
> 

apt-cacher-ng and CNAMEs

[Celejar]

I'm trying to use the Tor upstream repositories:

https://support.torproject.org/apt/tor-deb-repo/

Direct access works correctly, but proxying through apt-cacher-ng
(using SSL passthrough, as per the apt-cacher-ng documentation) does
not:

Err:1 https://deb.torproject.org/torproject.org sid InRelease
  Certificate verification failed: The certificate is NOT trusted. The 
certificate issuer is unknown.  Could not handshake: Error in the certificate 
verification. [IP: xx.xx.xx.xx 3142]

I've been beating my head over this for a while, and I have arrived at
the tentative conclusion that the problem has something to do with the
fact that deb.torproject.org is a CNAME alias for
static.torproject.org., and I'm consequently somehow getting bitten by
this issue:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356

But that (as described by the maintainer) mess was supposedly resolved,
and the bug was closed. Am I missing something, or does that bug need
to be reopened?

-- 
Celejar

Re: Thunderbird importeren

[mj]

Hoi Paul,

Complimenten, en dank voor je (uitgebreide) beschrijving.

MJ

[SOLVED] Re: mutt upgrade in testing broke, downgrade worked

[songbird]

  to work around put the following line in your mutt profile

unset smtp_authenticators


  songbird

Re: Getting a patch applied with an unresponsive maintainer

[Adam Dinwoodie]

On Tue, May 03, 2022 at 10:22:29AM +0100, Jonathan Dowland wrote:
> On Tue, May 03, 2022 at 09:19:36AM +0100, Adam Dinwoodie wrote:
> > So I guess the question now is: what, if anything, can I do to get that
> > code into a build and out the door and onto the Debian package
> > repositories?
> 
> Can you prepare an NMU patch (which incorporates the fix patch, as well
> as a changelog entry indicating it's a non-maintainer upload)? Then post
> that to the bug and explain you are seeking a sponsor to upload it.
> 
> 
> 
> You could ask for a sponsor on the debian-mentors or debian-devel
> mailing lists.

Exactly what I needed, thank you!

I hadn't known about the -mentors list, and I wasn't sure going straight
to -devel was appropriate, but I think that gives me my next steps here
:)

Re: [WORKED AROUND] Re: mariadb does not run

[Greg Wooledge]

On Tue, May 03, 2022 at 04:26:13PM +0200, Lucio Crusca wrote:
> That makes me suspect there's a problem with the official
> mariadb-server-core-10.6 Debian package, but it's very strange no such bug
> has been filed yet (how could that happen only to me?).

For any given bug, *someone* has to be the first to encounter it.  If this
particular bug only happens on new installs of the package, and not on
upgrades from stable, it makes sense that relatively few people running
unstable/testing would encounter it.

(Most people running unstable/testing would have already had mariadb
installed and running from an older version, so this would just be an
upgrade.  Also, relatively few people who run a mariadb server would be
using unstable/testing.  One doesn't typically run a database on an
unstable platform, outside of development situations.)

[WORKED AROUND] Re: mariadb does not run

[Lucio Crusca]

I ended up installing MariaDB 10.8 using the MariaDB unofficial Debian 
repository and it works...


That makes me suspect there's a problem with the official
mariadb-server-core-10.6 Debian package, but it's very strange no such 
bug has been filed yet (how could that happen only to me?).


Unfortunately I cannot afford keeping my dev system unusable for the 
time required to assist maintainers in bisecting the problem. Besides 
I'm on Sid, so such bugs are to be expected from time to time.


Thanks anyway for your assistance.

Re: no update possible

[Peter Ehlert]

On 5/3/22 06:29, Schwibinger Michael wrote:

Good afternoon

Thank You

Terminal
and root terminal do say

command not found.


please post Exactly what the command is that you entered


and Exactly what the error message is


*copy and paste please



What do I do wrong?

Regards
Sophie



*Von:* to...@tuxteam.de
*Gesendet:* Sonntag, 01. Mai 2022 13:33
*Bis:* Schwibinger Michael
*Cc:* debian-user@lists.debian.org
*Betreff:* Re: Firmware III grub

On Sun, May 01, 2022 at 11:49:30AM +, Schwibinger Michael wrote:
>
> Good afternoon
> Thank You
>
> I did start the root terminal.
>
> LXDE has a root terminal.

I see. You can also do it from a normal terminal
by typing "sudo" before the command. You are then
asked for your password, then the command is executed
as root. In your case:

  sudo update-grub
  [asks for password]

But root terminal is fine too.

Cheers
--
t

no update possible

[Schwibinger Michael]

Good afternoon

Thank You

Terminal
and root terminal do say

command not found.

What do I do wrong?

Regards
Sophie



Von: to...@tuxteam.de
Gesendet: Sonntag, 01. Mai 2022 13:33
Bis: Schwibinger Michael
Cc: debian-user@lists.debian.org
Betreff: Re: Firmware III grub

On Sun, May 01, 2022 at 11:49:30AM +, Schwibinger Michael wrote:
>
> Good afternoon
> Thank You
>
> I did start the root terminal.
>
> LXDE has a root terminal.

I see. You can also do it from a normal terminal
by typing "sudo" before the command. You are then
asked for your password, then the command is executed
as root. In your case:

  sudo update-grub
  [asks for password]

But root terminal is fine too.

Cheers
--
t

Re: Thunderbird: cursor probleem

[Richard Lucassen]

On Tue, 3 May 2022 09:44:23 +0200
Paul van der Vlis  wrote:

> Het is een vaag probleem, ik kan het nog niet reproduceren.

Ik roep maar wat hoor, heb er ook geen verstand van, maar heeft niet
een een of andere leukerd de cursor wit gemaakt?

-- 
richard lucassen
https://contact.xaq.nl/

Re: mariadb does not run

[Lucio Crusca]

Il 03/05/22 12:05, to...@tuxteam.de ha scritto:

What does dpkg -l "*mariadb*" say?


# LANG=en dpkg -l "*mariadb*" | grep ^ii
ii  libdbd-mariadb-perl1.22-1   amd64Perl5 database 
interface to the MariaDB/MySQL databases
ii  libmariadb3:amd64  1:10.6.7-3   amd64MariaDB 
database client library
ii  mariadb-client 1:10.6.7-3   all  MariaDB 
database client (metapackage depending on the latest version)
ii  mariadb-client-10.61:10.6.7-3   amd64MariaDB 
database client binaries
ii  mariadb-client-core-10.6   1:10.6.7-3   amd64MariaDB 
database core client binaries
ii  mariadb-common 1:10.6.7-3   all  MariaDB common 
configuration files
ii  mariadb-server 1:10.6.7-3   all  MariaDB 
database server (metapackage depending on the latest version)
ii  mariadb-server-10.61:10.6.7-3   amd64MariaDB 
database server binaries
ii  mariadb-server-core-10.6   1:10.6.7-3   amd64MariaDB 
database core server files




Il 03/05/22 11:58, Stephan Seitz ha scritto:
> Make sure that /var/lib/mysql is empty as well after the purge.

Already checked: it's more than empty, it does not exist anymore and it 
gets created again upon reinstall.

Re: Dual booting Debian on an Windows machine.

[Anssi Saari]

Richard Owlett  writes:

> I will be setting up a Windows laptop to dual boot Debian.
> If the machine has legacy BIOS, no problem as I've done that before.
>
> If it is a UEFI machine (possibly with secure boot, what should I be
> reading.

I did this last fall, I may still have notes with links somewhere. I
think I did resize the EFI and recovery and the main Windows partitions
to have enough space for Linux system and boot files on the respective
partitions. I had no issues with the Debian installation even though it
was my first UEFI machine.

My desktop upgrade this winter was second UEFI experience and there
things were more complicated since I converted it from BIOS boot to UEFI
boot and it has Windows 10 and Debian and Arch. Windows didn't actually
survive the changes in HW, no problems with the actual conversion
though.

As for secure boot, I tried it with the laptop and it worked fine,
except Linux (or at least Debian 11) doesn't yet support hibernation
with secure boot so I turned secure boot off.

Re: Thunderbird importeren

[Paul van der Vlis]

Op 30-04-2022 om 21:34 schreef Paul van der Vlis:
Alle e-mail is terug. Ik ga met Han bespreken wat er aan de hand was en 
wat ik eraan heb gedaan etc. Het was best lastig!


In overleg met Han mag ik wel wat schrijven over mijn bevindingen.

Na opstarten bleek er een nieuw profiel te worden aangemaakt omdat er 
een lockfile stond in het default profiel.  Dat is een bestand met de 
naam "lock", een symlink naar iets als "127.0.1.1:+1930". Dit bestand 
verwijderen hielp al veel.


Ook de rare melding in rood waarover Han het had, iets als:
http://www.w3.org/1999/xhtml;
heb ik gezien, maar wat ik daar precies aan heb gedaan weet ik jammer 
genoeg niet meer. De melding was op een gegeven moment weg, misschien 
had het met het lockfile te maken.


Na terugzetten backup en verwijderen lockfile startte Thunderbird in het 
juiste profiel en zag ik alle accounts.


Echter de e-mail in verschillende accounts was verdwenen... Vooral de 
INBOXen van Gmail accounts.  Deze e-mail bleek echter nog wel aanwezig 
in de accounts, maar wel aangemerkt als verwijderd en daarom niet meer 
zichtbaar in Thunderbird.


Misschien dat dit te maken heeft met Google. Han gebruikte POP-mail met 
"leave on server" aangevinkt. Dat schijnt Google niet meer te 
ondersteunen hoorde ik van hem. In elk geval was de mail verwijderd maar 
onder water nog wel aanwezig, omdat de mappen niet waren gecomprimeerd. 
Als je comprimeert, dan worden verwijderde mails pas echt verwijderd.


Daartoe wordt in elk mailbericht een hexadecimaal getal veranderd in de 
X-Mozilla-Status header: er wordt 8 bij opgeteld. Een gelezen bericht 
heeft dan vaak een waarde "0009", als je dat veranderd in een "0001" dan 
is het weer in orde. Een ongelezen bericht heeft in verwijderde toestand 
vaak een waarde 0008, als je dat wijzigt in  dan is het weer in 
orde. Maar er zijn meer waardes, zoals "2019" of "201a", afhankelijk of 
een bericht beantwoord is, of een kleurtje heeft.


Wat ik heb gedaan is een (nogal matig) script geschreven wat die waardes 
in al die e-mails veranderd. Want Thunderbird kan dat zelf niet. Toen 
was de e-mail weer terug ;-)


Groeten,
Paul



--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/

Re: mariadb does not run

[Stephan Seitz]

Am Di, Mai 03, 2022 at 11:39:12 +0200 schrieb Lucio Crusca:

Il 03/05/22 11:28, to...@tuxteam.de  scritto:

Try `sudo apt purge mariadb-server', watch out for error messages,
then re-install. Perhaps that helps.
I didn't mention that in my first post, but I've already tried purging 
and reinstalling several times. The one I reported is only the last one, 


The package mariadb-server is a meta package. It depends on the current 
version of the server package, e.g. mariadb-server-10.5.


e.g. the more comprehensive one that included manual removal of 
/etc/mysql and reboot before reinstalling. I always got the same 
results.


Make sure that /var/lib/mysql is empty as well after the purge.

Stephan

--
|If your life was a horse, you'd have to shoot it.|

Re: mariadb does not run

[tomas]

On Tue, May 03, 2022 at 11:39:12AM +0200, Lucio Crusca wrote:
> Il 03/05/22 11:28, to...@tuxteam.de  scritto:
> > Try `sudo apt purge mariadb-server', watch out for error messages,
> > then re-install. Perhaps that helps.
> 
> I didn't mention that in my first post, but I've already tried purging and
> reinstalling several times. The one I reported is only the last one, e.g.
> the more comprehensive one that included manual removal of /etc/mysql and
> reboot before reinstalling. I always got the same results.

This is strange. What does dpkg -l "*mariadb*" say?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: mutt upgrade in testing broke, downgrade worked

[Jonathan Dowland]

On Mon, May 02, 2022 at 05:58:31PM -0400, songbird wrote:

Greg Wooledge wrote:

Also, bugs should be reported to bugs.debian.org, not here.


 an FYI to fellow users can be helpful.


That may be true, but even in that case you should describe the issue
you've hit.

--
Please do not CC me for listmail.

  Jonathan Dowland
✎j...@debian.org
   https://jmtd.net

Re: mariadb does not run

[Lucio Crusca]

Il 03/05/22 11:28, to...@tuxteam.de  scritto:

Try `sudo apt purge mariadb-server', watch out for error messages,
then re-install. Perhaps that helps.


I didn't mention that in my first post, but I've already tried purging 
and reinstalling several times. The one I reported is only the last one, 
e.g. the more comprehensive one that included manual removal of 
/etc/mysql and reboot before reinstalling. I always got the same results.

Re: mariadb does not run

[tomas]

On Tue, May 03, 2022 at 10:14:55AM +0200, Lucio Crusca wrote:
> Il 03/05/22 09:47, to...@tuxteam.de ha scritto:
> > Any chance you could try to run a command line as above and see
> > whether the daemon likes to start?
> 
>  # /usr/sbin/mariadbd --basedir=/usr --datadir=/var/lib/mysql
> --plugin-dir=/usr/lib/mysql/plugin --user=mysql --skip-log-error
> --pid-file=/run/mysqld/mysqld.pid --socket=/run/mysqld/mysqld.sock

[...]

> 2022-05-03 10:12:21 0 [ERROR] Could not open mysql.plugin table: "Table
> 'mysql.plugin' doesn't exist". Some plugins may be not loaded

[...]

> 2022-05-03 10:12:21 0 [ERROR] Can't open and lock privilege tables: Table
> 'mysql.servers' doesn't exist

[...]

> 2022-05-03 10:12:21 0 [ERROR] Fatal error: Can't open and lock privilege
> tables: Table 'mysql.db' doesn't exist

> I'm afraid it does not, at least it does not give me anything, since it
> shows the same error messages as before.

...but at least those seem clearer now to my slow brain :)

The way I interpret this is that mysql isn't finding some tables
it expects at start (possibly parts of the metaschema). I'd expect
those to come along with a new installation. Perhaps something went
astray during your last attempt.

Perhaps uninstalling your mariadb server and re-installing it
seems the best way forward (I think to remember you said you had
no valuable data).

Try `sudo apt purge mariadb-server', watch out for error messages,
then re-install. Perhaps that helps.

Cheers
-- 
tomás


signature.asc
Description: PGP signature

Re: Getting a patch applied with an unresponsive maintainer

[Jonathan Dowland]

On Tue, May 03, 2022 at 09:19:36AM +0100, Adam Dinwoodie wrote:

So I guess the question now is: what, if anything, can I do to get that
code into a build and out the door and onto the Debian package
repositories?


Can you prepare an NMU patch (which incorporates the fix patch, as well
as a changelog entry indicating it's a non-maintainer upload)? Then post
that to the bug and explain you are seeking a sponsor to upload it.



You could ask for a sponsor on the debian-mentors or debian-devel
mailing lists.


--
Please do not CC me for listmail.

  Jonathan Dowland
✎j...@debian.org
   https://jmtd.net

Re: Getting a patch applied with an unresponsive maintainer

[Adam Dinwoodie]

On Mon, May 02, 2022 at 11:03:01AM -0400, songbird wrote:
> 
> Adam Dinwoodie wrote:
> 
> i've sent a private reply since i'm not sure gmane sent the
> Cc: i requested.

It didn't :(

> ...
> > Can anyone give any advice about what my next steps might be if I want
> > to get this patch made more widely available?
> 
>   in looking at the following i see there is a request for
> help and that not much else has happened.
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006264
> 
> also look at:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964947

Right.  That's ... not very promising.

>   do you have access to the repository on salsa?

With that hint, I've just found the repository[0].  It looks like the
maintainer created a patch to achieve effectively the same result as my
patch back in July 2019[1].  However, while it's in a branch labelled
"debian/sid", it doesn't appear to actually be available in Sid.

[0]: https://salsa.debian.org/smlx-guest/dhcpcd5
[1]: 
https://salsa.debian.org/smlx-guest/dhcpcd5/-/commit/62162b20e2fb14336f6d884ec6603ebf1d3ac463

So I guess the question now is: what, if anything, can I do to get that
code into a build and out the door and onto the Debian package
repositories?

> > I'm not a Debian developer, and as best I can tell I'd need to have
> > developer privileges already to be able to kick off a non-maintainer
> > upload.  And I don't think I currently have the spare bandwidth to do
> > justice to becoming a developer (I'm already the maintainer of a few
> > Cygwin packages, plus all of the other obligations of life...).  I am,
> > however, very happy to engage with discussions about patches and
> > approaches.
> >
> > Please keep me on the To/Cc list for any replies; I'm not currently
> > subscribed to this list.
> 
>   i've tried to do that via a Cc but i'm not sure gmane honors
> those.  we'll see...  :)

I'll try to remember to keep an eye on the mailing list archives in case
any other replies fall into the same hole...

Re: mariadb does not run

[Lucio Crusca]

Il 03/05/22 09:47, to...@tuxteam.de ha scritto:

Any chance you could try to run a command line as above and see
whether the daemon likes to start?


 # /usr/sbin/mariadbd --basedir=/usr --datadir=/var/lib/mysql 
--plugin-dir=/usr/lib/mysql/plugin --user=mysql --skip-log-error 
--pid-file=/run/mysqld/mysqld.pid --socket=/run/mysqld/mysqld.sock
2022-05-03 10:12:21 0 [Note] /usr/sbin/mariadbd (server 
10.6.7-MariaDB-3) starting as process 47102 ...

2022-05-03 10:12:21 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-05-03 10:12:21 0 [Note] InnoDB: Number of pools: 1
2022-05-03 10:12:21 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2022-05-03 10:12:21 0 [Note] InnoDB: Using liburing
2022-05-03 10:12:21 0 [Note] InnoDB: Initializing buffer pool, total 
size = 134217728, chunk size = 134217728

2022-05-03 10:12:21 0 [Note] InnoDB: Completed initialization of buffer pool
2022-05-03 10:12:21 0 [Note] InnoDB: 128 rollback segments are active.
2022-05-03 10:12:21 0 [Note] InnoDB: Creating shared tablespace for 
temporary tables
2022-05-03 10:12:21 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 
MB. Physically writing the file full; Please wait ...

2022-05-03 10:12:21 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2022-05-03 10:12:21 0 [Note] InnoDB: 10.6.7 started; log sequence number 
33110; transaction id 4
2022-05-03 10:12:21 0 [Note] InnoDB: Loading buffer pool(s) from 
/var/lib/mysql/ib_buffer_pool

2022-05-03 10:12:21 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-05-03 10:12:21 0 [ERROR] Could not open mysql.plugin table: "Table 
'mysql.plugin' doesn't exist". Some plugins may be not loaded
2022-05-03 10:12:21 0 [Note] InnoDB: Buffer pool(s) load completed at 
220503 10:12:21
2022-05-03 10:12:21 0 [ERROR] Can't open and lock privilege tables: 
Table 'mysql.servers' doesn't exist

2022-05-03 10:12:21 0 [Note] Server socket created on IP: '0.0.0.0'.
2022-05-03 10:12:21 0 [Note] Server socket created on IP: '::'.
2022-05-03 10:12:21 0 [ERROR] Fatal error: Can't open and lock privilege 
tables: Table 'mysql.db' doesn't exist

2022-05-03 10:12:21 0 [ERROR] Aborting
Warning: Memory not freed: 280


This would give us something to bisect the problem.


I'm afraid it does not, at least it does not give me anything, since it 
shows the same error messages as before.

Re: mariadb does not run

[tomas]

On Tue, May 03, 2022 at 08:39:12AM +0200, Lucio Crusca wrote:
> Il 03/05/22 07:04, to...@tuxteam.de ha scritto:
> > According to this huge mess, the log file is somewhere in
> > /var/lib/mysql/t470.err (the number '470' is the process
> > ID, aka PID, so it will change at every start).
> > 
> 
> Actually t470 is my hostname so it stays the same.

Ah, got it, thanks.

> I had already looked at that logfile and I had already written here that the
> error messages in that logfile are the same of those shown by `systemctl
> status mariadb`:
> 
> https://lists.debian.org/debian-user/2022/05/msg00041.html
> 
> which are reported in my first post:
> 
> https://lists.debian.org/debian-user/2022/05/msg00027.html
> 
> but english is not my native language, maybe I did not express myself
> clearly enough. I hope it's now clear.

Sorry I missed that. It's most probably my bad attention spam,
not your English. That one is no worse than mine :-)

Looking at the mariadb entry in my process list (Debian Bullseye),
I see (breaking up the long line at spaces):

  mysql 2473  0.0  0.6 1608036 98724 ?   Sl   06:15   0:03
/usr/sbin/mariadbd --basedir=/usr --datadir=/var/lib/mysql
  --plugin-dir=/usr/lib/mysql/plugin --user=mysql
  --skip-log-error --pid-file=/run/mysqld/mysqld.pid
  --socket=/run/mysqld/mysqld.sock

If I've read the output of your "-x" run correctly, it's trying
to start with "--basedir=/" instead of /usr. This, at least, looks
fishy to me.

Any chance you could try to run a command line as above and see
whether the daemon likes to start?

This would give us something to bisect the problem.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Thunderbird: cursor probleem

[Paul van der Vlis]

Hoi Martijn, en anderen,

Op 03-05-2022 om 06:44 schreef Martijn van de Streek:

Paul van der Vlis schreef op ma 02-05-2022 om 16:02 [+0200]:

Een klant van me heeft een raar probleem, als hij e-mail beantwoord
in  Thunderbird dan is er vaak geen knipperende cursor. Hij kan wel
wat typen, maar het is dus wat onduidelijk waar dat terecht komt.

Bij mailtjes van mij krijgt hij wel een cursor, maar ik stuur
platte-tekst mail. Misschien dat dat het verschil maakt.

Heeft iemand een idee wat dit zou kunnen zijn?


Heeft Thunderbird (net als browsers) een "caret mode"? (in browsers zet
je dit aan/uit met F7)

Dat is een feature voor toegankelijkheid, die als hij per ongeluk
aangezet wordt kan leiden tot onverwacht cursor-gedrag.


Nee, zo te zien heeft Thunderbird dat niet. Er gebeurd niets als je op 
F7 drukt in een venster om e-mail op te stellen.


Overigens heb ik deze man een HTML-mail gestuurd, en als hij die 
beantwoord dan krijgt hij toch wel een cursor.


Het is een vaag probleem, ik kan het nog niet reproduceren.

Groet,
Paul


--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/

Re: Dual boot - first time using UEFI

[Felix Miata]

Hans composed on 2022-05-02 12:44 (UTC+0200):
...
> When I got it running, I tried to install grub again onto the MBR, which was 
> successfull. But now appeared a blue screen, with choices: "Wait 10 seconds - 
> go on - Restart - Do not ask any more" (similar, is from my remembers).
...
> Can ssomebody explain, what technically the grub installer did do? At one 
> point it said "I have dicovered another EFI partition, shall I use it?" (or 
> similar, it is from my remembers)

Grub's job starts differently with GPT and UEFI. The UEFI firmware holds the key
to booting, not the MBR. The firmware loads the designated Grub loader, whether
that designated and stored in NVRAM, or selected from using the BBS menu, from 
the
ESP, instead of loading MBR code. Installing Grub to MBR should equate to a 
no-op
on a disk used for UEFI booting.

The Debian installer may have created a separate ESP rather than using the one
that Windows created. It's hard to explain what happened exactly without output
from parted -l or fdisk -l or equivalent, both before and after the Debian
installation process.

Managing which OS controls boot is simpler with UEFI. From Debian boot, it is 
done
with efibootmgr command, but it can be done directly in UEFI setup as well.
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: "Disabling IRQ #9" - how to check for impact

[Christian Britz]

Problem seems to be gone with latest Debian stable kernel update! I
don't see the message anymore with 5.10.113.

On 2022-04-28 10:34 UTC+0200, Christian Britz wrote:
> Hello Ilya,
> 
> thank you for sharing so many interesting details!
> 
> On 2022-04-28 02:53 UTC+0200, IL Ka wrote:
> 
>> This is a known kernel
>> bug: https://bugzilla.kernel.org/show_bug.cgi?id=207749
>>  
> 
> I was almost sure the messages first appeared after the firmware update,
> but the kernel bug is much older. I will definitely follow this thread.
> 
>> As we see from stacktrace, this handler is "acpi_irq" (you can also
>> check it by reading /proc/interrupts):
> 
> There is a high number on CPU1:
> 
>9:  0  819113116  0  0  0  0
>  0  0  IR-IO-APIC9-fasteoi   acpi
> 
> Should I be worried about that?
> 
>> Many hardware things in laptops use ACPI: Brightness buttons, FN
>> buttons, volume buttons, lid etc.
> 
> They seem to work.
>> If everything works as expected (you see no problem with lid, buttons
>> etc) simply ignore it.
> 
> It seems so.
> 
>> If no, try to install the latest kernel and file a bug to Debian (I
> 
> Latest kernel from backports did not help.
> 
>> You can also add "irqpoll" kernel param which will ask the kernel to
> 
> I think I have read somewhere that this can make the machine very slow.
> 
> So far I notice no impact of the bug, luckily. I guess I will live with
> it and hope for a fix in a kernel of a later Debian release.
> 
> Best Regards,
> Christian
> 

-- 
http://www.cb-fraggle.de

Re: mariadb does not run

[Lucio Crusca]

Il 03/05/22 07:04, to...@tuxteam.de ha scritto:

According to this huge mess, the log file is somewhere in
/var/lib/mysql/t470.err (the number '470' is the process
ID, aka PID, so it will change at every start).



Actually t470 is my hostname so it stays the same.

I had already looked at that logfile and I had already written here that 
the error messages in that logfile are the same of those shown by 
`systemctl status mariadb`:


https://lists.debian.org/debian-user/2022/05/msg00041.html

which are reported in my first post:

https://lists.debian.org/debian-user/2022/05/msg00027.html

but english is not my native language, maybe I did not express myself 
clearly enough. I hope it's now clear.