Re: regarding firewall discussion

[mick crane]

On 2022-05-31 12:21, IL Ka wrote:


What's to stop some spurious instructions being sent in response to
genuine request?



Packets do not contain instructions, only data. If your TCP/IP
implementation doesn't have vulnerabilities any packet shouldn't be a
problem.
Firewall prevents technically legal packets from reaching software that
shouldn't  be accessible from the Internet.

In most cases a hacker finds an opened port (port listened to by some
daemon) and connects to it.
Firewall prevents hacker from doing it.


I have wondered since ages ago, likely on windows, I wanted to know 
about something, I forget what, and there was one result in Alta Vista 
or something.

Go to website there is a message "GO AWAY".
I go away but then curious go back and my computer crashes.

mick

--
Key ID4BFEBB31

Re: problems while using debian's keyring ...

[Albretch Mueller]

$ gpg --verbose --recv-key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: data source: https://keys.openpgp.org:443
gpg: armor header: Comment: 5AA3 BC33 4FD7 E336 9E7C  77B2 91C5 59DB E4C9 123B
gpg: pub  dsa1024/91C559DBE4C9123B 2008-06-02  Adrián Pérez de Castro
(personal) 
gpg: key 91C559DBE4C9123B/76D146E5CE5D1038: removed multiple subkey binding
gpg: /home/lbrtchx/.gnupg/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: key 91C559DBE4C9123B: public key "Adrián Pérez de Castro
" imported
gpg: Total number processed: 1
gpg:   imported: 1

$ gpg --verify webkit2gtk_2.34.6.orig.tar.xz.asc
webkit2gtk_2.34.6-1~deb11u1.debian.tar.xz
gpg: Signature made Thu 17 Feb 2022 07:12:45 AM CST
gpg:using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: BAD signature from "Adrián Pérez de Castro " [unknown]
$

Re: Discovering DHCP hostname during original system installation

[Richard Owlett]

On 05/31/2022 11:20 PM, David Wright wrote:

On Tue 31 May 2022 at 14:00:51 (-0500), Richard Owlett wrote:

On 05/31/2022 11:13 AM, David Wright wrote:

On Tue 31 May 2022 at 08:13:57 (-0500), Richard Owlett wrote:

I'm using firmware-11.3.0-amd64-netinst.iso to install Debian onto a
Lenovo T510 [Thinkpad].


✓


I know the netinstaller works on this laptop as I have done a
successful install when within range of of local library's wifi and
the installer is successfully detecting multiple local wifi sources.


Which netinstaller?


The one *STATED* in the first sentence!


Demonstrative pronouns help.


Yep. I realized that as soon as I read your reply ;{
My writing skills have been a problem since school days back in 50's.




In the next paragraph, you use the term "standard
netinstaller". Does this mean one without firmware?


Of course!


Ok, usually called official here. /My/ standard installer is a firmware
one, as the official ones are a waste of download bandwidth for me.
They only work for a couple of my machines.


I am doing a fresh install from home using an Alcatel Linkzone to
connect to my T-mobile account. I have had no problems doing this with
standard netinstallers.


? That seems to be a new interpretation of the thread:
https://lists.debian.org/debian-user/2021/10/msg00571.html


 From reading
https://lists.debian.org/debian-user/2021/10/msg00603.html in that
thread, I don't think so.


The key sentence in that post is:
 "I just discovered that one of my problems [selecting a Grub menu
  entry resulting in an infinite loop until Linkzone unplugged]
  had been solved at Debian 10.7 or earlier."


That thread referred to a standard [i.e.

free] netinst iso. This case is using the non-free firmware. I will
have to carefully read the entire thread to see if it has point(s) in
common.


Well, if you have successfully installed at /home/ using the /Alcatel/
and with an /official installer/, then the same success is expected
with the firmware installer, whose difference is just extra packages
in the pool.


I had assumed so [but *not* known]. That's why I quoted the significant 
sentence from the sub-thread above. Sometime circa Squeeze or later 
there appears to have been a subtle change in how/when[?] a fully 
installed Debian initializes a connected intelligent USB device [i.e. 
the Alcatel]. I don't have enough background to say more.



What's unsaid here is /how/ you use your Alcatel Linkzone to connect.


As I use it daily - it effectively reacts as a traditional modem [the
wifi aspect disabled].


Well, disabling wifi (not revealed in your OP) was what gave problems
that caused you to post here in the past.


*NO*!
You are assuming commonality of hardware/software/goals/other over the 
last decade that simply does not exist. There is also an unwarranted 
assumption that I resemble a "normal" Debian user. Though of late I've 
tended to use a particular machine - I have a half dozen available.


The the _current_ install process is on a machine explicitly dedicated 
to learning by experimentation. It has had at least a dozen full 
installs from scratch - no more than 3 coexisting at a time.


I religiously avoid any networking of my personal machines.
Up to this current experiment I have avoided any intentional use of 
WiFi. This has been made easier by the majority of my machines requiring 
non-free drivers.



The third paragraph in this
thread's OP implies that these problems have been overcome, and that
the current thread might be something about official vs firmware
rather than, say wifi vs ethernet in the normal scenario, or wifi vs
some sort of ?USB link in your case.


No ;/
I tried to succinctly  state MY topic in the Subject line.
When The DHCP auto-detection during install fails,
  "How do I manually discover DHCP hostname(s)?"



Is that fair, and am I correct in pointing out that you still haven't
stated how the laptop is connected to the internet,


The Alcatel [with WiFi disabled] is physically plugged into a USB port.
To the unsophisticated user there is no way to distinguish it from a 
modem which has auto-dialed a specific server.



but that it's not
with a cat5 cable.


After an install over library wifi the system had no problem
connecting to the internet via the Linkzone.

/
So what's your question? And if it's meant to be the Subject line,
I don't see any relationship with the rest of the post.


My entire problem is in the context of running the installer.


Yes, I know you have a problem. And "install" is in the Subject line,
and peppered throughout the OP. Saying you have an installation
problem is not a question. It's the old "What did you expect/observe"
and "Why did they differ".


My question is why are you trying to install it again?



As stated in this post the particular machine is dedicated to 
EXPERIMENTATION. The goal of the experimentation is to be able to 
describe how the Debian installation process could simultaneously be 
simpler and 

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Mon, May 30, 2022 at 19:46 Edwin Zimmerman  wrote:

> On 5/30/22 09:41, Greg Wooledge wrote:
> > On Mon, May 30, 2022 at 07:13:54AM -0500, Tom Browder wrote:
> >> No worries. All those responses about the subject IP now are the norm
> for a
> >> bare-iron server ready for use by a customer, yours truly. It is the
> same
> >> server I messed up the firewall with and locked myself out of. The OS
> has
> >> been reinstalled and is ready for me to use again.


On that note, for my next try with the server, I will definitely use UFW
with the legacy uptables that was suggested.

But a question: it is clear that it must be enabled to go into effect, but
when does it actually start operating? Does it do so then, or does it take
a reboot?

-Tom

Re: Discovering DHCP hostname during original system installation

[Richard Owlett]

On 05/31/2022 02:00 PM, Richard Owlett wrote:

*SNIP*





I am doing a fresh install from home using an Alcatel Linkzone to
connect to my T-mobile account. I have had no problems doing this with
standard netinstallers.


? That seems to be a new interpretation of the thread:
https://lists.debian.org/debian-user/2021/10/msg00571.html


 From reading https://lists.debian.org/debian-user/2021/10/msg00603.html 
in that thread, I don't think so. That thread referred ti a standard 
[i.e. free] netinst iso. This case is using the non-free firmware. I 
will have to carefully read the entire thread to see if it has point(s) 
in common.


I've a dozen more posts to (re)read in the thread.
I'm beginning to suspect appreciation of comments about "CDC Ethernet" 
will be key. [Especially posts by Tixy]

I've at least a dozen web references marked for "CDC Ethernet".
I have information overload. Suspect meaningful comprehension will take 
a couple of days ;/

More later.

Re: problems while using debian's keyring ...

[Jonathan Dowland]

On Wed, Jun 01, 2022 at 01:40:14AM -0500, Albretch Mueller wrote:

I think I am following the steps as I should.
This is what I got before and after I thought I have verified the
webkit2gtk source packages:

$ gpg --verify webkit2gtk_2.34.6.orig.tar.xz.asc
webkit2gtk_2.34.6-1~deb11u1.debian.tar.xz
gpg: Signature made Thu 17 Feb 2022 07:12:45 AM CST
gpg:using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: Can't check signature: No public key
$

# apt-get install debian-keyring debian-archive-keyring


The key to verify those files is probably in the first of those two 
packages, but, by default those keyrings will not be checked by gpg(1) 
on the command line. You will want to use the "--keyring" option e.g.

something like

   $ gpg --keyring /usr/share/keyrings/debian-keyring.gpg --verify 
webkit2gtk_2.34.6.orig.tar.xz.asc

Re: perl listgarden module

[Andy Smith]

Hi Russell,

On Mon, May 30, 2022 at 02:39:21AM +, Russell L. Harris wrote:
> I am attempting to run the ListGarden RSS generator on Debian 11.
> Perl 5 (version 32) needs the ListGarden module.

There is no such published module that I can find, so it seems
likely that this is part of ListGarden itself and you just haven't
installed it properly. I've no experience with ListGarden so can't
help there. I suggest seeking help from the authors or the
ListGarden user community.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: declarative (config file) way idea of handling the OS by way of the old system

[Andy Smith]

Hello,

On Mon, May 30, 2022 at 08:05:28AM -0400, Dan Ritter wrote:
> For a single user's machine, it's unlikely to be rewarding
> except intellectually.

It is however a great way to document a system for those that don't
get around to making free text notes. The language of the
configuration management tool both does the setup and documents what
needs to be done.

This is useful even for a single human, but if you have multiple
people working on things then there is some value in all of them
learning how to read the domain-specific language of the chosen
config management tool (e.g. Ansible, Puppet, etc.) vs. everyone
making their own notes in their own style.

That covers the "what"; generally more documentation is needed for
the "why", but even if it never comes the things in the config
management are better than nothing.

There have honestly been times in my life where I've had to look at
something set up by someone who's no longer around (or by me, a
decade previous!) and with only the things in config management I've
been able to work out which pieces the service is composed of, and
just that's been a God send and a bigger win than the automated
nature of the setup which is the thing people usually praise config
management for!

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Debian license issue

[Lidiya Pecherskaya]

Hello,
Is it possible to get information on the type of license under which the
Debian software is available?
Thanks in advance.

Re: Debian license issue

[Greg Wooledge]

On Wed, Jun 01, 2022 at 04:14:49PM +0300, Lidiya Pecherskaya wrote:
> Is it possible to get information on the type of license under which the
> Debian software is available?

Each package has one or more licenses, under which it's distributed.
The license(s) for a given package are contained in the "copyright"
file, in the package's /usr/share/doc/PKGNAME/ directory.

If you want to see the license(s) for a package that isn't installed
locally, you can check .  Go to
the desired version, then click the link that says "Copyright File"
on the right hand side.

For example, the Copyright File for the bullseye version of bash is at
.
This is linked from .

Re: Debian license issue

[Andy Smith]

Hi Lidiya,

On Wed, Jun 01, 2022 at 04:14:49PM +0300, Lidiya Pecherskaya wrote:
> Is it possible to get information on the type of license under which the
> Debian software is available?

Each package installs a file /usr/share/doc//copyright
with its exact license.

In general all packages that are included with Debian (basically as
long as they don't come from the non-free repository) are compatible
with the Debian Free Software Guidelines (DFSG):
https://en.wikipedia.org/wiki/Debian_Free_Software_Guidelines

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Monthly FAQ for the debian-user mailing list

[Andrew M.A. Cater]

Debian-user is a mailing list provided for support for Debian users,
and to facilitate discussion on relevant topics. 

Some guidelines which may help explain how the list works:

* The language on this mailing list is English. There may be other mailing 
  lists that are language-specific for example debian-user-french 

* It is common for users to be redirected here from other lists - for example,
  from debian-project. It is also common for people to be posting here when 
  English is not their primary language. Please be considerate.

* The list is a Debian communication forum. As such, it is subject to both 
  the Debian mailing list Code of Conduct and the main Debian Code of Conduct

 https://www.debian.org/MailingLists/#codeofconduct
 https://www.debian.org/code_of_conduct

* This is a fairly busy mailing list and you may have to wait for an
  answer - please be patient. Please post answers back to the list so
  others can benefit; private conversations don't benefit people who
  may be following along on the list or reading the archives later.

* Help and advice on this list is provided by volunteers in their own time.
  It is common for there to be different opinions or answers provided.

 * Please try to stay on topic. Arguments for the sake of it are not
   welcome here. Partisan political / religious / cultural arguments
   do not belong here either. Debian's community is world wide; don't
   assume others will agree with your views or need to read them on a
   Debian list.

* There is an FAQ on the Debian wiki derived from some questions asked on 
  this list at https://wiki.debian.org/FAQsFromDebianUser

* One question that comes up on almost all Debian lists from time to time is 
  of the form: 
  
  "I have done something wrong / included personal details in an email.
   Could you please delete my name / details / remove the mail"
  
Practically, this is impossible: the mailing lists are archived, potentially 
cached by Google and so on. Unfortunately, there is nothing much we can do to 
ensure that all copies anywhere on the Internet are deleted. Asking to do this
may only serve to draw further attention - the so-called "Streisand effect" 
https://en.wikipedia.org/wiki/Streisand_effect

Problems?
=

Complaints about inappropriate behaviour should be referred to the
Debian Community Team .

Inappropriate behaviour on the list may lead to warnings; repeated bad
behaviour may lead to temporary or permanent bans for offenders.

Re: problems while using debian's keyring ...

[Albretch Mueller]

 thank you. that was it:

$ ls -l webkit2gtk_2.34.6*.*
-rw-r--r-- 1 lbrtchx lbrtchx74172 Feb 19 07:34
webkit2gtk_2.34.6-1~deb11u1.debian.tar.xz
-rw-r--r-- 1 lbrtchx lbrtchx 4278 Feb 19 07:34
webkit2gtk_2.34.6-1~deb11u1.dsc
-rw-r--r-- 1 lbrtchx lbrtchx 24393340 Feb 17 13:08 webkit2gtk_2.34.6.orig.tar.xz
-rw-r--r-- 1 lbrtchx lbrtchx  195 Feb 17 13:08
webkit2gtk_2.34.6.orig.tar.xz.asc
$

$ file webkit2gtk_2.34.6-1~deb11u1.dsc
webkit2gtk_2.34.6-1~deb11u1.dsc: PGP signed message
$

$ gpg --verbose --keyring ./webkit2gtk_2.34.6-1~deb11u1.dsc --verify
webkit2gtk_2.34.6.orig.tar.xz.asc webkit2gtk_2.34.6.orig.tar.xz
gpg: Signature made Thu 17 Feb 2022 07:12:45 AM CST
gpg:using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: using pgp trust model
gpg: Good signature from "Adrián Pérez de Castro " [unknown]
gpg: aka "Adrián Pérez de Castro (personal)
" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5AA3 BC33 4FD7 E336 9E7C  77B2 91C5 59DB E4C9 123B
gpg: binary signature, digest algorithm SHA1, key algorithm dsa1024
$

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[john doe]

On 6/1/2022 1:45 PM, Tom Browder wrote:

On Mon, May 30, 2022 at 19:46 Edwin Zimmerman  wrote:


On 5/30/22 09:41, Greg Wooledge wrote:

On Mon, May 30, 2022 at 07:13:54AM -0500, Tom Browder wrote:

No worries. All those responses about the subject IP now are the norm

for a

bare-iron server ready for use by a customer, yours truly. It is the

same

server I messed up the firewall with and locked myself out of. The OS

has

been reinstalled and is ready for me to use again.



On that note, for my next try with the server, I will definitely use UFW
with the legacy uptables that was suggested.

But a question: it is clear that it must be enabled to go into effect, but
when does it actually start operating? Does it do so then, or does it take
a reboot?



Apparently, if you 'enable' 'ufw', it will start and be enabled at boot.

According to (1), ufw should work with nftables, I did not follow the
reasoning on why to use iptables but only if you have issues use legacy
iptables.

1)  https://wiki.archlinux.org/title/Uncomplicated_Firewall

--
John Doe

Re: perl listgarden module

[Russell L. Harris]

On Wed, Jun 01, 2022 at 01:08:50PM +, Andy Smith wrote:

Hi Russell,

On Mon, May 30, 2022 at 02:39:21AM +, Russell L. Harris wrote:

I am attempting to run the ListGarden RSS generator on Debian 11.
Perl 5 (version 32) needs the ListGarden module.


There is no such published module that I can find, so it seems
likely that this is part of ListGarden itself and you just haven't
installed it properly. I've no experience with ListGarden so can't
help there. I suggest seeking help from the authors or the
ListGarden user community.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting


Thanks, Andy, you are right.  Listgarden is now running on my machine,
and I am quite happy with the features and ease of use.   By the way,
Listgarden is the product of Dan Bricklin, co-developer of Visi-Calc,
the first spreadsheet.

RLH

Re: google account say it will no longer deliver email

[Brian]

On Thu 12 May 2022 at 10:08:01 -, Virgo Pärna wrote:

> On Wed, 11 May 2022 20:09:14 +0200, Fero Dali  wrote:
> > Sorry for misunderstanding: it seems that my account will continue to work 
> > but
> > ability to download mail with POP3 without OAUTH2 will be unavailable.
> >
> 
>   Actually, even without OAUTH2 it should be still possible. With
> two factor authentication enabled it is possible to generate app
> password for use with standard authentication.

It's June 1st and my ability to collect mail via POP3 from gmail is
unimpaired. No  OAUTH2 or 2FA at this site. Whatever Google intended
the situation to be after May 30th, it appears the interpretation by
some users of their mail was off the mark.

-- 
Brian.

Re: Firewall blocking my new Debian 11 server ports 80 and 443

[Tom Browder]

On Wed, Jun 1, 2022 at 11:21 john doe  wrote:

> when does it actually start operating? Does it do so then, or does it take
>
> a reboot?
>

Apparently, if you 'enable' 'ufw', it will start and be enabled at boot.


Good, thanks.

According to (1), ufw should work with nftables, I did not follow the
> reasoning on why to use iptables but only if you have issues use legacy
> iptables.
>

Well, the guidance I got was varying. In my mind, Il Ka seemed to be the
most well-informed and understanding of my specific needs, and I went with
his recommendations. He was upfront about why he stayed with iptables, and
I also favor that view. Based on my experience upgrading Debian since
version 4, I know I don't like to jump on new stuff right away, but expect
to have to eventually.

-Tom

Re: regarding firewall discussion

[Joe]

On Tue, 31 May 2022 03:17:52 +0100
mick crane  wrote:

> regarding firewall discussion I'm uncertain how firewalls are
> supposed to work.
> I think the idea is that nothing is accepted unless it is in response
> to a request.
> What's to stop some spurious instructions being sent in response to 
> genuine request?
> 

Nothing really, but the reply can only come from the site you made the
request to.

Don't connect to untrustworthy sites.

It is of course possible for a legitimate site to get hacked and some
malware embedded in its pages or linked from them, but that will
normally require JavaScript to run, and many people run browsers with JS
disabled. It's quite rare for a professionally-run site to get defaced,
as the terminology has it, but there's no way I would run a
public-facing website, as I don't know enough to secure it (and I know
that I don't know enough).

There are other defences: use a proxy server which blocks anything
suspicious, and so on. We're into application-level firewalls here,
that actually parse the returned packets, beyond the scope of iptables
and the like. 

Browsers usually have a number of configurations concerning third-party
content, as well as plugins such as No-Script for Firefox. But a
blanket ban on JS will result in many (most?) websites today not
working. I despair of the 'web designers' who cannot display a single
character on a user's browser without using JS.

-- 
Joe

Re: google account say it will no longer deliver email

[Patrick Bartek]

On Wed, 1 Jun 2022 18:04:02 +0100
Brian  wrote:

> On Thu 12 May 2022 at 10:08:01 -, Virgo Pärna wrote:
> 
> > On Wed, 11 May 2022 20:09:14 +0200, Fero Dali 
> > wrote:  
> > > Sorry for misunderstanding: it seems that my account will
> > > continue to work but ability to download mail with POP3 without
> > > OAUTH2 will be unavailable. 
> > 
> > Actually, even without OAUTH2 it should be still possible.
> > With two factor authentication enabled it is possible to generate
> > app password for use with standard authentication.  
> 
> It's June 1st and my ability to collect mail via POP3 from gmail is
> unimpaired. No  OAUTH2 or 2FA at this site. Whatever Google intended
> the situation to be after May 30th, it appears the interpretation by
> some users of their mail was off the mark.
> 

Still works here, too. Claws-mail 3.17.3 IMAP.  No OAuth2 or 2FA.
Neither of which this version of Claws supports, IIRC. Of course,
notification email did say "may not" not won't.

FWIW: Yahoo mail ceased working with Claws several years ago due to
security changes.  Though still accessible via web browser with only a
password.

B

Re: google account say it will no longer deliver email

[Brian]

On Wed 01 Jun 2022 at 10:44:17 -0700, Patrick Bartek wrote:

> On Wed, 1 Jun 2022 18:04:02 +0100
> Brian  wrote:
> 
> > On Thu 12 May 2022 at 10:08:01 -, Virgo Pärna wrote:
> > 
> > > On Wed, 11 May 2022 20:09:14 +0200, Fero Dali 
> > > wrote:  
> > > > Sorry for misunderstanding: it seems that my account will
> > > > continue to work but ability to download mail with POP3 without
> > > > OAUTH2 will be unavailable. 
> > > 
> > >   Actually, even without OAUTH2 it should be still possible.
> > > With two factor authentication enabled it is possible to generate
> > > app password for use with standard authentication.  
> > 
> > It's June 1st and my ability to collect mail via POP3 from gmail is
> > unimpaired. No  OAUTH2 or 2FA at this site. Whatever Google intended
> > the situation to be after May 30th, it appears the interpretation by
> > some users of their mail was off the mark.
> > 
> 
> Still works here, too. Claws-mail 3.17.3 IMAP.  No OAuth2 or 2FA.
> Neither of which this version of Claws supports, IIRC. Of course,
> notification email did say "may not" not won't.

Indeed, the mail did say that. However, many vociferous users went
into Chicken Licken mode and forecast distaster.

-- 
Brian.

Re: regarding firewall discussion

[rhkramer]

> mick crane  wrote:
> > regarding firewall discussion I'm uncertain how firewalls are
> > supposed to work.
> > I think the idea is that nothing is accepted unless it is in response
> > to a request.
> > What's to stop some spurious instructions being sent in response to
> > genuine request?

Just for the record, what you described (nothing is accepted unless it is in 
response to a request) is more like the way that NAT worked (at least in its 
original incarnations).  (I say it that way because I haven't kept up with 
NAT, so don't know how it may have changed).

Re: Discovering DHCP hostname during original system installation

[Brian]

On Wed 01 Jun 2022 at 06:32:07 -0500, Richard Owlett wrote:

[...]

> As stated in this post the particular machine is dedicated to
> EXPERIMENTATION. The goal of the experimentation is to be able to describe
> how the Debian installation process could simultaneously be simpler and more
> versatile. [Decades in engineering support (hardware not software) informs
> me that is not easy ;]

Perhaps it is not too easy, but that could be because d-i is already
versatile enough to accomodate changes. Making it simpler? Have you
any suggestions after carrying out your recent experimental regime?

-- 
Brian

Re: regarding firewall discussion

[Joe]

On Wed, 1 Jun 2022 15:02:10 -0400
rhkra...@gmail.com wrote:

> > mick crane  wrote:  
> > > regarding firewall discussion I'm uncertain how firewalls are
> > > supposed to work.
> > > I think the idea is that nothing is accepted unless it is in
> > > response to a request.
> > > What's to stop some spurious instructions being sent in response
> > > to genuine request?  
> 
> Just for the record, what you described (nothing is accepted unless
> it is in response to a request) is more like the way that NAT worked
> (at least in its original incarnations).  (I say it that way because
> I haven't kept up with NAT, so don't know how it may have changed).
> 

It still should, with exceptions for certain special cases that use a
second (usually data) channel that has to be associated with the
request. FTP and many older VPNs are of this kind.

An iptables-based firewall does the same (it can also do NAT) if a
RELATED rule exists. If there is no such rule, only packets explicitly
listed in the firewall code will be allowed in. This is necessary with
unsolicited packets i.e. the protocols allowed to bypass the firewall
e.g. ssh.

But the OP asked about malicious reply data, and neither iptables nor
NAT are equipped to detect this. Either a filtering proxy server (e.g.
http://e2guardian.org/cms/index.php) or the original requesting
application must deal with this.

-- 
Joe

Re: regarding firewall discussion

[mick crane]

On 2022-06-01 18:26, Joe wrote:

On Tue, 31 May 2022 03:17:52 +0100
mick crane  wrote:


regarding firewall discussion I'm uncertain how firewalls are
supposed to work.
I think the idea is that nothing is accepted unless it is in response
to a request.
What's to stop some spurious instructions being sent in response to
genuine request?



Nothing really, but the reply can only come from the site you made the
request to.

Don't connect to untrustworthy sites.

It is of course possible for a legitimate site to get hacked and some
malware embedded in its pages or linked from them, but that will
normally require JavaScript to run, and many people run browsers with 
JS

disabled. It's quite rare for a professionally-run site to get defaced,
as the terminology has it, but there's no way I would run a
public-facing website, as I don't know enough to secure it (and I know
that I don't know enough).

There are other defences: use a proxy server which blocks anything
suspicious, and so on. We're into application-level firewalls here,
that actually parse the returned packets, beyond the scope of iptables
and the like.

Browsers usually have a number of configurations concerning third-party
content, as well as plugins such as No-Script for Firefox. But a
blanket ban on JS will result in many (most?) websites today not
working. I despair of the 'web designers' who cannot display a single
character on a user's browser without using JS.


I have pfsense between me and the big bad world and I got some OINK code 
which I think is community based Snort list of undesirable addresses.
It is described as "Legacy" so I don't know if there is something newer 
I should be doing.


mick
--
Key ID4BFEBB31

Re: google account say it will no longer deliver email

[mick crane]

On 2022-06-01 18:04, Brian wrote:

On Thu 12 May 2022 at 10:08:01 -, Virgo Pärna wrote:

On Wed, 11 May 2022 20:09:14 +0200, Fero Dali  
wrote:

> Sorry for misunderstanding: it seems that my account will continue to work but
> ability to download mail with POP3 without OAUTH2 will be unavailable.
>

Actually, even without OAUTH2 it should be still possible. With
two factor authentication enabled it is possible to generate app
password for use with standard authentication.


It's June 1st and my ability to collect mail via POP3 from gmail is
unimpaired. No  OAUTH2 or 2FA at this site. Whatever Google intended
the situation to be after May 30th, it appears the interpretation by
some users of their mail was off the mark.


I'd just allowed non secure apps a year or so ago and seems to be still 
working.


mick

--
Key ID4BFEBB31

Re: Discovering DHCP hostname during original system installation

[David Wright]

On Wed 01 Jun 2022 at 06:32:07 (-0500), Richard Owlett wrote:
> On 05/31/2022 11:20 PM, David Wright wrote:
> > On Tue 31 May 2022 at 14:00:51 (-0500), Richard Owlett wrote:
> > > On 05/31/2022 11:13 AM, David Wright wrote:
> > > > On Tue 31 May 2022 at 08:13:57 (-0500), Richard Owlett wrote:

> [ … ] There is also an unwarranted
> assumption that I resemble a "normal" Debian user.

If I'm the one who's meant to be assuming, nothing could be further
from the truth.

> Though of late I've
> tended to use a particular machine - I have a half dozen available.
> 
> The the _current_ install process is on a machine explicitly dedicated
> to learning by experimentation. It has had at least a dozen full
> installs from scratch - no more than 3 coexisting at a time.

Yes, that's why I presumed that any firmware requirement could be
supplied by yourself, from one of your installations at the very least.

> I religiously avoid any networking of my personal machines.
> Up to this current experiment I have avoided any intentional use of
> WiFi. This has been made easier by the majority of my machines
> requiring non-free drivers.

Again, the OP never made any mention of this.

> I tried to succinctly  state MY topic in the Subject line.
> When The DHCP auto-detection during install fails,
>   "How do I manually discover DHCP [server] hostname(s)?"

Ah, now, I recognise /that/ as a question.

> > Is that fair, and am I correct in pointing out that you still haven't
> > stated how the laptop is connected to the internet,
> 
> The Alcatel [with WiFi disabled] is physically plugged into a USB port.
> To the unsophisticated user there is no way to distinguish it from a
> modem which has auto-dialed a specific server.
> 
> > but that it's not
> > with a cat5 cable.

> As stated in this post the particular machine is dedicated to
> EXPERIMENTATION. The goal of the experimentation is to be able to
> describe how the Debian installation process could simultaneously be
> simpler and more versatile. [Decades in engineering support (hardware
> not software) informs me that is not easy ;]

Yes, but all too often, we are given a tiny glimpse of your
experiment, and then expected to supply fixes and reading lists
precisely relevant to whatever your experiment is meant to be doing.

> Did I succeed at all?

This time. Well, the way I would tackle this problem is
to run dhcp_probe on the interface name given by   ip a,
from which I'd get a dotted quad, like 192.168.1.1.

Then I'd run   host 192.168.1.1   and would get a result like
1.1.168.192.in-addr.arpa domain name pointer www.routerlogin.com.
I think in your case you'd probably get mobile.hotspot—perhaps.

I'm not sure what use that is to you. You can get that domain
out of the instruction manual. IIRC my router answers to the
example I gave, but I always use the hostname that I set up
in my /etc/hosts, because I have two routers from the same
manufacturer, so www.routerlogin.com would be ambiguous. Or
I can use the dotted quads themselves, ….1 and ….2.

But that's all in aid of logging in and configuring them,
not for when I'm asking them (one, actually) for DHCP service.

AFAIK, the hostname of a DHCP server is not particularly useful
to you, in that the negotiations are commenced by the client
broadcasting over the link, to which the server should respond.
(I take it you're not trying to run a DHCP server yourself on
one of your machines.) In all the joints in all the towns in
all the world, I don't recall ever finding out what the
hostnames of their DHCP servers were.

But I know nothing about how these negotiations take place on
your USB connection. Do you see them progressing, or failing,
in your daemon.log, as I do?

(ToD Host) dhclient[531]: DHCPDISCOVER on enp3s0 to 255.255.255.255 port 67 
interval 12
(ToD Host) sh[531]: DHCPDISCOVER on enp3s0 to 255.255.255.255 port 67 interval 
12
(ToD Host) dhclient[531]: DHCPOFFER of 192.168.1.14 from 192.168.1.1
(ToD Host) sh[531]: DHCPOFFER of 192.168.1.14 from 192.168.1.1
(ToD Host) sh[531]: DHCPREQUEST for 192.168.1.14 on enp3s0 to 255.255.255.255 
port 67
(ToD Host) dhclient[531]: DHCPREQUEST for 192.168.1.14 on enp3s0 to 
255.255.255.255 port 67
(ToD Host) dhclient[531]: DHCPACK of 192.168.1.14 from 192.168.1.1
(ToD Host) sh[531]: DHCPACK of 192.168.1.14 from 192.168.1.1
(ToD Host) avahi-daemon[568]: Joining mDNS multicast group on interface 
enp3s0.IPv4 with address 192.168.1.14.
(ToD Host) avahi-daemon[568]: New relevant interface enp3s0.IPv4 for mDNS.
(ToD Host) avahi-daemon[568]: Registering new address record for 192.168.1.14 
on enp3s0.IPv4.

Cheers,
David.

Re: had another crash, reboot usb failed, powerdown reboot usb failed

[David Wright]

On Wed 01 Jun 2022 at 01:23:08 (-0400), gene heskett wrote:
> On Wednesday, 1 June 2022 00:58:32 EDT David Wright wrote:
> > On Wed 01 Jun 2022 at 00:26:27 (-0400), gene heskett wrote:
> > > On Tuesday, 31 May 2022 16:25:01 EDT Andrew M.A. Cater wrote:
> > > > On Tue, May 31, 2022 at 03:25:59AM -0400, gene heskett wrote:
> > > I now know where the seriel convertors are so I can unplug them so I
> > > could reinstall for about the 25th time if someone could tell me how
> > > to skip formatting my raid10 /home partition, othewise I am stuck
> > > building a working system to do my daily stuff from nothing.
> > > 
> > > The installer blindly goes ahead and formats it every time, losing 6
> > > months of work in OpenSCAD and thats pure bs IMNSHO. I'm halfway thru
> > > building another raid10 I can hide from the installer, needing two
> > > more terabyte samsung ssd's and a slot for aother controller which I
> > > can free up by temporarily pulling my firewire card that runs my
> > > movie camera with kino.
> > 
> > I don't understand. You have /home on a separate partition(s), yes?
> > Then why do you tell the installer anything about it/them?
> > Just make sure that if you select it/them, they look like this:
> > 
> > [ … ]
> > 
> > 
> > You don't need a /home *partition* to install Debian. Just let it
> > create a /home/gene on the root filesystem, populated with the
> > contents of /etc/skel/, as per usual. When it's done, then as root,
> > set up your real home directory (or "assemble" it, or whatever you
> > do) and use the /home directory that the installer created as mount
> > point.
> > 
> I've tried to do that David, several times. But the net installer just 
> keeps looping back to that until I use it, which formats it.

Because that statement is /so/ vague, I'll have to read /something/
into it. By "until I use it", do you mean that you have to use the
Partitioner Disks step, as seen here, before you can Install the
Base System?

│  Detect disks   │
│  Partition disks│
│  Install the base system│

Cheers,
David.

System freeze until REISUB

[riveravaldez]

Hi, I have just updated a Debian Stable system and had an apparent
full-freeze (GUI frozen, IceWM non-respondent and Ctrl+Alt+FN did
nothing, keyboard lights also were fixed).
Using REISUB system rebooted and everything seems normal right now.
Only thing I remember changing was the addition of qlipper to the
IceWM startup file, nothing else. But after the update I didn't
rebooted, just logged-out of session and re-logged-in, through
lightdm.
System has some pendent hardware issues, so, just mentioning the
freeze in case someone sees something more or less obvious in the
near-hang section of journalctl:

$ sudo journalctl -exp3
(...)
jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2
Currently unreadable (pending) sectors
jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
uncorrectable sectors
jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1
Currently unreadable (pending) sectors
jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1 Offline
uncorrectable sectors
jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2
Currently unreadable (pending) sectors
jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
uncorrectable sectors
jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
of  FAULT at 00b010
jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
of  FAULT at 00b020
jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
of 00540001 FAULT at 00b000
jun 01 17:04:21 debian pulseaudio[611714]: Unable to contact D-Bus
session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
autolaunch a dbus-daemon wi>
jun 01 17:04:21 debian pulseaudio[611714]: Failed to load module
"module-jackdbus-detect" (argument: "channels=2"): initialization
failed.
jun 01 17:06:29 debian lightdm[612173]: gkr-pam: unable to locate
daemon control file
jun 01 17:06:37 debian pulseaudio[612301]: Unable to contact D-Bus
session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
autolaunch a dbus-daemon wi>
jun 01 17:06:37 debian pulseaudio[612301]: Failed to load module
"module-jackdbus-detect" (argument: "channels=2"): initialization
failed.
jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
"libpipewire-module-protocol-native" was found
jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
"libpipewire-module-client-node" was found
jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
"libpipewire-module-client-device" was found
jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
"libpipewire-module-adapter" was found
jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
"libpipewire-module-metadata" was found
jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
"libpipewire-module-session-manager" was found
jun 01 17:06:48 debian xdg-desktop-portal[612425]: core
0x557fa9e5fe10: can't find protocol 'PipeWire:Protocol:Native': La
operación no está soportada
jun 01 17:06:52 debian kernel: nouveau :00:0d.0: bus: MMIO write
of 0121 FAULT at 00b010
jun 01 17:06:53 debian kernel: nouveau :00:0d.0: bus: MMIO write
of 015a0001 FAULT at 00b020
jun 01 17:07:38 debian kernel: nouveau :00:0d.0:
deltachat-deskt[612429]: failed to idle channel 2
[deltachat-deskt[612429]]
jun 01 17:07:53 debian kernel: nouveau :00:0d.0:
deltachat-deskt[612429]: failed to idle channel 2
[deltachat-deskt[612429]]
-- Boot 9783f0d6715b495bba92f4ecdd28177d --
jun 01 17:10:21 debian kernel: k10temp :00:18.3: unreliable CPU
thermal sensor; monitoring disabled
jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1
Currently unreadable (pending) sectors
jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1 Offline
uncorrectable sectors
jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2
Currently unreadable (pending) sectors
jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2 Offline
uncorrectable sectors

Thanks a lot in advance, kind regards!

Re: had another crash, reboot usb failed, powerdown reboot usb failed

[gene heskett]

On Wednesday, 1 June 2022 16:34:01 EDT David Wright wrote:
> On Wed 01 Jun 2022 at 01:23:08 (-0400), gene heskett wrote:
> > On Wednesday, 1 June 2022 00:58:32 EDT David Wright wrote:
> > > On Wed 01 Jun 2022 at 00:26:27 (-0400), gene heskett wrote:
> > > > On Tuesday, 31 May 2022 16:25:01 EDT Andrew M.A. Cater wrote:
> > > > > On Tue, May 31, 2022 at 03:25:59AM -0400, gene heskett wrote:
> > > > I now know where the seriel convertors are so I can unplug them
> > > > so I
> > > > could reinstall for about the 25th time if someone could tell me
> > > > how
> > > > to skip formatting my raid10 /home partition, othewise I am stuck
> > > > building a working system to do my daily stuff from nothing.
> > > > 
> > > > The installer blindly goes ahead and formats it every time,
> > > > losing 6
> > > > months of work in OpenSCAD and thats pure bs IMNSHO. I'm halfway
> > > > thru
> > > > building another raid10 I can hide from the installer, needing
> > > > two
> > > > more terabyte samsung ssd's and a slot for aother controller
> > > > which I
> > > > can free up by temporarily pulling my firewire card that runs my
> > > > movie camera with kino.
> > > 
> > > I don't understand. You have /home on a separate partition(s), yes?
> > > Then why do you tell the installer anything about it/them?
> > > Just make sure that if you select it/them, they look like this:
> > > 
> > > [ … ]
> > > 
> > > 
> > > You don't need a /home *partition* to install Debian. Just let it
> > > create a /home/gene on the root filesystem, populated with the
> > > contents of /etc/skel/, as per usual. When it's done, then as root,
> > > set up your real home directory (or "assemble" it, or whatever you
> > > do) and use the /home directory that the installer created as mount
> > > point.
> > 
> > I've tried to do that David, several times. But the net installer
> > just
> > keeps looping back to that until I use it, which formats it.
> 
> Because that statement is /so/ vague, I'll have to read /something/
> into it. By "until I use it", do you mean that you have to use the
> Partitioner Disks step, as seen here, before you can Install the
> Base System?
> 
yes, it will not proceed w/o it.

> │  Detect disks   │
> │  Partition disks│
> │  Install the base system│
> 
> Cheers,
> David.
> 
> .


Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: System freeze until REISUB

[Nicholas Geovanis]

On Wed, Jun 1, 2022, 3:40 PM riveravaldez 
wrote:

> Hi, I have just updated a Debian Stable system and had an apparent
> full-freeze (GUI frozen, IceWM non-respondent and Ctrl+Alt+FN did
> nothing, keyboard lights also were fixed).
> Using REISUB system rebooted and everything seems normal right now.
> Only thing I remember changing was the addition of qlipper to the
> IceWM startup file, nothing else. But after the update I didn't
> rebooted, just logged-out of session and re-logged-in, through
> lightdm.
> System has some pendent hardware issues, so, just mentioning the
> freeze in case someone sees something more or less obvious in the
> near-hang section of journalctl:
>

Fingers pointing at the Nouveau graphics driver. I think other problems
have been reported with it recently but I don't know the real story.

$ sudo journalctl -exp3
> (...)
> jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2
> Currently unreadable (pending) sectors
> jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
> uncorrectable sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1
> Currently unreadable (pending) sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1 Offline
> uncorrectable sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2
> Currently unreadable (pending) sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
> uncorrectable sectors
> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of  FAULT at 00b010
> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of  FAULT at 00b020
> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of 00540001 FAULT at 00b000
> jun 01 17:04:21 debian pulseaudio[611714]: Unable to contact D-Bus
> session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
> autolaunch a dbus-daemon wi>
> jun 01 17:04:21 debian pulseaudio[611714]: Failed to load module
> "module-jackdbus-detect" (argument: "channels=2"): initialization
> failed.
> jun 01 17:06:29 debian lightdm[612173]: gkr-pam: unable to locate
> daemon control file
> jun 01 17:06:37 debian pulseaudio[612301]: Unable to contact D-Bus
> session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
> autolaunch a dbus-daemon wi>
> jun 01 17:06:37 debian pulseaudio[612301]: Failed to load module
> "module-jackdbus-detect" (argument: "channels=2"): initialization
> failed.
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-protocol-native" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-client-node" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-client-device" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-adapter" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-metadata" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-session-manager" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: core
> 0x557fa9e5fe10: can't find protocol 'PipeWire:Protocol:Native': La
> operación no está soportada
> jun 01 17:06:52 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of 0121 FAULT at 00b010
> jun 01 17:06:53 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of 015a0001 FAULT at 00b020
> jun 01 17:07:38 debian kernel: nouveau :00:0d.0:
> deltachat-deskt[612429]: failed to idle channel 2
> [deltachat-deskt[612429]]
> jun 01 17:07:53 debian kernel: nouveau :00:0d.0:
> deltachat-deskt[612429]: failed to idle channel 2
> [deltachat-deskt[612429]]
> -- Boot 9783f0d6715b495bba92f4ecdd28177d --
> jun 01 17:10:21 debian kernel: k10temp :00:18.3: unreliable CPU
> thermal sensor; monitoring disabled
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1
> Currently unreadable (pending) sectors
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1 Offline
> uncorrectable sectors
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2
> Currently unreadable (pending) sectors
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2 Offline
> uncorrectable sectors
>
> Thanks a lot in advance, kind regards!
>
>

Re: declarative (config file) way idea of handling the OS by way of the old system

[Emanuel Berg]

Dan Ritter wrote:

> That's just knowing what packages you want to install.
 
 What do you mean, what else are you supposed to know?
>>>
>>> Examples [...]
>> 
>> Okay, right, no here we're only concerned with the state of
>> the OS in terms of packages that are installed so that they
>> can be used immediately by the user, I know that all
>> software can be and is by some including me configured with
>> no end in sight but I see no reason to bring _that_ into
>> _this_, since that is already done with config files and
>> that's the best way there is to do it IMO, and now it's
>> here as well - well, not really, that's what I'm asking for
>> - but when it is for me as well, that'd be the end of it
>> for me and I see no reason to mix it all together, plus
>> there are other ways to automate bringing a bunch of files
>> together on a disk if it comes to that.
>
> So, that is the difference between package installation and
> a configuration management system. As long as all you want
> is package installation, you have a dozen ways to do it and
> you clearly know four or five of them.
>
> Chef, Puppet, ansible, and so forth are configuration
> management systems.

OK, thanks, that's a good definition ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: declarative (config file) way idea of handling the OS by way of the old system

[Emanuel Berg]

Andy Smith wrote:

>> For a single user's machine, it's unlikely to be rewarding
>> except intellectually.
>
> It is however a great way to document a system for those
> that don't get around to making free text notes.
> The language of the configuration management tool both does
> the setup and documents what needs to be done.
>
> This is useful even for a single human, but if you have
> multiple people working on things then there is some value
> in all of them learning how to read the domain-specific
> language of the chosen config management tool (e.g. Ansible,
> Puppet, etc.) vs. everyone making their own notes in their
> own style.
>
> That covers the "what"; generally more documentation is
> needed for the "why", but even if it never comes the things
> in the config management are better than nothing.
>
> There have honestly been times in my life where I've had to
> look at something set up by someone who's no longer around
> (or by me, a decade previous!) and with only the things in
> config management I've been able to work out which pieces
> the service is composed of, and just that's been a God send
> and a bigger win than the automated nature of the setup
> which is the thing people usually praise config
> management for!

What? :)

Except for people aging and dying I didn't understand any of
this post ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Debian license issue

[Emanuel Berg]

Stefan Monnier wrote:

>> Is it possible to get information on the type of license
>> under which the Debian software is available?
>
> Yes, of course.
> Have you tried a search for, say, "debian license", maybe?
> Just a wild idea,

Here are a bunch of tools that can help the OP,

  https://wiki.debian.org/CopyrightReviewTools

-- 
underground experts united
https://dataswamp.org/~incal

Re: Debian license issue

[Emanuel Berg]

Stefan Monnier wrote:

>> Is it possible to get information on the type of license
>> under which the Debian software is available?
>
> Yes, of course.
> Have you tried a search for, say, "debian license", maybe?
> Just a wild idea

I don't know what Debian is under to be honest, GPL2? If so
this seems to do it

$ emacs /usr/share/common-licenses/GPL-2

:)

No, I don't know, maybe it says so in /etc/issue originally?

I have a version command [1] but it don't say the license and
my /etc/issue is empty, don't know if I erased whatever
information was there tho ...

But I actually agree with the OP this should be outputable
from and with the OS itself with no Googling required ...

#! /bin/zsh

version () {
uname -a
echo

lsb_release -a
echo

grep Revision /proc/cpuinfo
echo

local os_file=/etc/os-release
[[ -f $os_file ]] && cat $os_file

echo $XDG_CURRENT_DESKTOP
}
alias ver=version

[1] https://dataswamp.org/~incal/conf/.zsh/distro

-- 
underground experts united
https://dataswamp.org/~incal

Re: had another crash, reboot usb failed, powerdown reboot usb failed

[gene heskett]

On Wednesday, 1 June 2022 16:34:01 EDT David Wright wrote:
> On Wed 01 Jun 2022 at 01:23:08 (-0400), gene heskett wrote:
> > On Wednesday, 1 June 2022 00:58:32 EDT David Wright wrote:
> > > On Wed 01 Jun 2022 at 00:26:27 (-0400), gene heskett wrote:
> > > > On Tuesday, 31 May 2022 16:25:01 EDT Andrew M.A. Cater wrote:
> > > > > On Tue, May 31, 2022 at 03:25:59AM -0400, gene heskett wrote:
> > > > I now know where the seriel convertors are so I can unplug them
> > > > so I
> > > > could reinstall for about the 25th time if someone could tell me
> > > > how
> > > > to skip formatting my raid10 /home partition, othewise I am stuck
> > > > building a working system to do my daily stuff from nothing.
> > > > 
> > > > The installer blindly goes ahead and formats it every time,
> > > > losing 6
> > > > months of work in OpenSCAD and thats pure bs IMNSHO. I'm halfway
> > > > thru
> > > > building another raid10 I can hide from the installer, needing
> > > > two
> > > > more terabyte samsung ssd's and a slot for aother controller
> > > > which I
> > > > can free up by temporarily pulling my firewire card that runs my
> > > > movie camera with kino.
> > > 
> > > I don't understand. You have /home on a separate partition(s), yes?
> > > Then why do you tell the installer anything about it/them?
> > > Just make sure that if you select it/them, they look like this:
> > > 
> > > [ … ]
> > > 
> > > 
> > > You don't need a /home *partition* to install Debian. Just let it
> > > create a /home/gene on the root filesystem, populated with the
> > > contents of /etc/skel/, as per usual. When it's done, then as root,
> > > set up your real home directory (or "assemble" it, or whatever you
> > > do) and use the /home directory that the installer created as mount
> > > point.
> > 
> > I've tried to do that David, several times. But the net installer
> > just
> > keeps looping back to that until I use it, which formats it.
> 
> Because that statement is /so/ vague, I'll have to read /something/
> into it. By "until I use it", do you mean that you have to use the
> Partitioner Disks step, as seen here, before you can Install the
> Base System?
> 
> │  Detect disks   │
> │  Partition disks│
> │  Install the base system│
> 
> Cheers,
> David.
> 
> .
Tell me how long this will work:

I reset the perms on /dev/ttyUSB* to 777
retarted heyu, got some config errors that made sense, fixed those and 
its working.
Then I started nut-server and client, getting more errors that made 
sense, fixed those and its working.

Do I have to reset those perms everytime I'm forced to reboot, which is 
usually in 5 to 10 days. Or is there someplace in /lib/udev/rules.d where 
I can fix this until the next udev update?

Thanks David. Take care & stay well.

Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: Debian license issue

[Greg Wooledge]

On Thu, Jun 02, 2022 at 04:14:22AM +0200, Emanuel Berg wrote:
> I don't know what Debian is under to be honest, GPL2?

"Debian" is not "under" anything.

Each INDIVIDUAL PACKAGE within Debian has one or more licenses which
apply to it.  See previous messages in this thread.

Re: Debian license issue

[Emanuel Berg]

Greg Wooledge wrote:

>> I don't know what Debian is under to be honest, GPL2?
>
> "Debian" is not "under" anything.
>
> Each INDIVIDUAL PACKAGE within Debian has one or more
> licenses which apply to it. See previous messages in
> this thread.

OKAY SO THE "DISTRIBUTION" DON'T HAVE A "LICENSE"?

-- 
underground experts united
https://dataswamp.org/~incal

Re: System freeze until REISUB

[Timothy M Butterworth]

On Wed, Jun 1, 2022 at 8:23 PM Nicholas Geovanis 
wrote:

> On Wed, Jun 1, 2022, 3:40 PM riveravaldez 
> wrote:
>
>> Hi, I have just updated a Debian Stable system and had an apparent
>> full-freeze (GUI frozen, IceWM non-respondent and Ctrl+Alt+FN did
>> nothing, keyboard lights also were fixed).
>> Using REISUB system rebooted and everything seems normal right now.
>> Only thing I remember changing was the addition of qlipper to the
>> IceWM startup file, nothing else. But after the update I didn't
>> rebooted, just logged-out of session and re-logged-in, through
>> lightdm.
>> System has some pendent hardware issues, so, just mentioning the
>> freeze in case someone sees something more or less obvious in the
>> near-hang section of journalctl:
>>
>
> Fingers pointing at the Nouveau graphics driver. I think other problems
> have been reported with it recently but I don't know the real story.
>
> $ sudo journalctl -exp3
>> (...)
>> jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2
>> Currently unreadable (pending) sectors
>> jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
>> uncorrectable sectors
>> jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1
>> Currently unreadable (pending) sectors
>> jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1 Offline
>> uncorrectable sectors
>> jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2
>> Currently unreadable (pending) sectors
>> jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
>> uncorrectable sectors
>> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
>> of  FAULT at 00b010
>> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
>> of  FAULT at 00b020
>> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
>> of 00540001 FAULT at 00b000
>> jun 01 17:04:21 debian pulseaudio[611714]: Unable to contact D-Bus
>> session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
>> autolaunch a dbus-daemon wi>
>> jun 01 17:04:21 debian pulseaudio[611714]: Failed to load module
>> "module-jackdbus-detect" (argument: "channels=2"): initialization
>> failed.
>> jun 01 17:06:29 debian lightdm[612173]: gkr-pam: unable to locate
>> daemon control file
>> jun 01 17:06:37 debian pulseaudio[612301]: Unable to contact D-Bus
>> session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
>> autolaunch a dbus-daemon wi>
>> jun 01 17:06:37 debian pulseaudio[612301]: Failed to load module
>> "module-jackdbus-detect" (argument: "channels=2"): initialization
>> failed.
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
>> "libpipewire-module-protocol-native" was found
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
>> "libpipewire-module-client-node" was found
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
>> "libpipewire-module-client-device" was found
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
>> "libpipewire-module-adapter" was found
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
>> "libpipewire-module-metadata" was found
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
>> "libpipewire-module-session-manager" was found
>> jun 01 17:06:48 debian xdg-desktop-portal[612425]: core
>> 0x557fa9e5fe10: can't find protocol 'PipeWire:Protocol:Native': La
>> operación no está soportada
>> jun 01 17:06:52 debian kernel: nouveau :00:0d.0: bus: MMIO write
>> of 0121 FAULT at 00b010
>> jun 01 17:06:53 debian kernel: nouveau :00:0d.0: bus: MMIO write
>> of 015a0001 FAULT at 00b020
>> jun 01 17:07:38 debian kernel: nouveau :00:0d.0:
>> deltachat-deskt[612429]: failed to idle channel 2
>> [deltachat-deskt[612429]]
>> jun 01 17:07:53 debian kernel: nouveau :00:0d.0:
>> deltachat-deskt[612429]: failed to idle channel 2
>> [deltachat-deskt[612429]]
>> -- Boot 9783f0d6715b495bba92f4ecdd28177d --
>> jun 01 17:10:21 debian kernel: k10temp :00:18.3: unreliable CPU
>> thermal sensor; monitoring disabled
>> jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1
>> Currently unreadable (pending) sectors
>> jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1 Offline
>> uncorrectable sectors
>> jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2
>> Currently unreadable (pending) sectors
>> jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2 Offline
>> uncorrectable sectors
>>
>> Thanks a lot in advance, kind regards!
>>
>
jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1 Offline
uncorrectable sectors
jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2
Currently unreadable (pending) sectors
jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2 Offline
uncorrectable sectors

I would check to see what else smartd has to say about your hard drive.

Re: Debian license issue

[tomas]

On Thu, Jun 02, 2022 at 05:21:17AM +0200, Emanuel Berg wrote:

{...}

> OKAY SO THE "DISTRIBUTION" DON'T HAVE A "LICENSE"?

THEY HAVE MANY!

;-)

-- 
t


signature.asc
Description: PGP signature

Re: Debian license issue

[Gary Dale]

On 2022-06-01 09:14, Lidiya Pecherskaya wrote:

Hello,
Is it possible to get information on the type of license under which 
the Debian software is available?

Thanks in advance.


Most of the packages are distributed under a free license - usually GPL 
or MIT but sometimes others. Packages under the "non-free" section 
usually aren't - which is often because the source is not available.