Potentially OT. Videos lagging & buffering in any browser but Google Chrome.
Hi folks, Debian Bullseye here up to date. Browsers installed: Firefox, Opera, Vivaldi, and Google Chrome. I'm having a weird problem streaming movies from archive.org. The movies are lagging & keep buffering in all browsers but Google Chrome. Google Chrome streams same movies at the same time without any stuttering. So far I've notices it using on archive.org only, so I'm not sure if the problem is on my side or on archive.org. The problem is rather recent but persistent and in last days get really bad. Any suggestions? Thanks.
What's the correct procedure for replacing a DKMS module when it's upstreamed?
Hi, I have a Debian testing system with a Realtek 8852be wireless card. As the kernel in Debian testing does not currently support this hardware, I have to build the kernel driver as an external DKMS module from: https://github.com/lwfinger/rtw89 Specifically that is the rtw_8852be module. That works fine, but it seems that this driver actually is present in upstream kernel versions somewhere in v6.1.x. As far as I understand, as the upstream kernel does have this driver from some point in 6.1.x, then at some point a kernel upgrade on this system is going to end up trying to build and install a DKMS module that already exists in the kernel it has just installed. What is the correct procedure for transitioning between the DKMS module and the one inside the new kernel package, when the time comes? How can I stop DKMS from building the rtw89 driver on a particular new kernel version without removing it all from the kernel I'll be using at the point of install? As the device is a laptop and its only form of networking is by wifi, it would be rather inconvenient if the wifi stopped working in the middle of an upgrade. If that does happen to occur though I can get out of the pickle by using USB tethering to my phone. Still, I'd rather avoid it. Will uninstalling the rtw89-dkms package unload the modules from the currently-running kernel immediately? If not then I suppose the correct way, upon seeing that a new kernel package containing the driver is to be installed, would be to uninstall rtw89-dkms first. That way the hooks from the rtw89-dkms package would not be called when the new kernel package is installed. That might then have the disadvantage that if my next boot is not into the new kernel then there will no longer be an rtw_8852be module and so no networking. I will keep the checkout of the driver locally though, and I already installed it once so can do so again if need be. Thoughts? I do not think there is a kernel package available in any version of Debian right now that has this driver since: $ apt-file search rtw89_8852be returns nothing whereas for example: $ apt-file search rtw89_8852a does have results in the latest kernel packages. Compare also: https://codesearch.debian.net/search?q=rtw89_8852a&literal=1 vs.: https://codesearch.debian.net/search?q=rtw89_8852be&literal=1 I know I could get ahead of the game by building an upstream kernel package but to be honest I'd rather just consume Debian package updates plus a DKMS until it's included. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: exim failure
On Sat 25 Mar 2023 at 19:47:35 (-0700), pe...@easthope.ca wrote: > > That looks fine, and shows that you're going to send through their > > port 465, which will require TLS and authentication. So first you need > > to encode your username and password with: > > > > $ echo -e -n '\0username\0password' | base64 > > ... > > I logged in at https://islandhosting.com/login , dug down a few layers > and lucked onto this. > > "Mail Client Manual Settings > ... > Secure SSL/TLS Settings (Recommended) > Username: pe...@easthope.ca > Password: Use the email account¶s password. > Incoming Server: mail.easthope.ca > > IMAP Port: 993 POP3 Port: 995 > > Outgoing Server: mail.easthope.ca > > SMTP Port: 465 > > IMAP, POP3, and SMTP require authentication." Yes, I got similar but unpersonalised information at: https://islandhosting.com/knowledgebase/21/How-do-I-configure-my-email-client.html > No mention of STARTTLS or TLS on connect. No, just the bit above here: "Secure SSL/TLS Settings (Recommended)" > Tried this > interactive run. > > $ openssl s_client -starttls smtp -crlf -connect mail.easthope.ca:465 In the first instance, just try sending a test message using the commands I gave, except starting off with: $ openssl s_client -crlf -connect mail.easthope.ca:465 After the certificate stuff, you should then see lines like: --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 5093 bytes and written 409 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: EFD2B3AEAA0931063329DA3A26017182365DAA6C5EDC7298FBBB291B8A02752E Session-ID-ctx: Master-Key: +89062342EF919B2EA24ABCBB5C66D643553A888C430BC18E5B764431F31BAC4B949E72DE0910ACB367ADC6B0F9337133 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1679801072 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- 220 hornby.islandhosting.com ESMTP server ready at Sat, 25 Mar 2023 21:33:16 -0700 → EHLO dalton.invalid 250-hornby.islandhosting.com Hello ip12-345-678-90.ks.ks.cox.net [12.345.678.90] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-SMTPUTF8 250 HELP And you carry on from there with: AUTH PLAIN encodedstring and so on. Cheers, David.
Re: exim failure
In-reply-to: References: <9ef536feee6ec3ae2e3032d22e06d...@easthope.ca> From: David Wright Date: Fri, 24 Mar 2023 23:18:47 -0500 That looks fine, and shows that you're going to send through their port 465, which will require TLS and authentication. So first you need to encode your username and password with: $ echo -e -n '\0username\0password' | base64 ... I logged in at https://islandhosting.com/login , dug down a few layers and lucked onto this. "Mail Client Manual Settings ... Secure SSL/TLS Settings (Recommended) Username: pe...@easthope.ca Password: Use the email account¶s password. Incoming Server:mail.easthope.ca IMAP Port: 993 POP3 Port: 995 Outgoing Server:mail.easthope.ca SMTP Port: 465 IMAP, POP3, and SMTP require authentication." No mention of STARTTLS or TLS on connect. Tried this interactive run. $ openssl s_client -starttls smtp -crlf -connect mail.easthope.ca:465 CONNECTED(0003) Didn't find STARTTLS in server response, trying anyway... write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 341 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- $ The server is using TLS on connect rather than STARTTLS? TLS is seriously broken here? Before trying the interactive process, checked a bunch of details including instructions in https://wiki.debian.org/Exim. Generated fresh /etc/exim4/exim.crt and /etc/exim4/exim.key. Requested delivery of the last message in the queue. $ exim -M 1pgCEl-00010a-4l $ tail -n 1 /var/log/exim4/mainlog 2023-03-25 16:59:30 1pgCEl-00010a-4l == pe...@easthope.ca R=smarthost T=remote_s mtp_smarthost defer (-37) H=easthope.ca [158.69.159.172]: TLS session: (certific ate verification failed) == Notes from reviewing additional details. Noticed that dnsmasq was absent. =8~/ Installed it. Also found this. root@imager:/home/root# cat /etc/resolv.conf domain hitronhub.home search hitronhub.home nameserver 192.168.0.1 https://wiki.debian.org/dnsmasq gave a hint to add 127.0.0.1 as first line. So now this. root@imager:/home/root# cat /etc/resolv.conf nameserver 127.0.0.1 domain hitronhub.home search hitronhub.home nameserver 192.168.0.1 I didn't submit "hitronhub.home". https://en.wikipedia.org/wiki/Top-level_domain#Rejected_domains suggests, to me, that hitronhub.home is a contrivance of the Hitron manufacturer. Came to resolv.conf during system installation? From DHCP? Allows the Hitron box to intercept name resolution requests? Necessary? A source of confusion? Isn't "nameserver 192.168.0.1" enough? Checked a few lookups for interest. $ nslookup easthope.ca Server: 192.168.0.1 Address:192.168.0.1#53 Non-authoritative answer: Name: easthope.ca Address: 158.69.159.172 $ nslookup mail.easthope.ca Server: 192.168.0.1 Address:192.168.0.1#53 Non-authoritative answer: mail.easthope.cacanonical name = easthope.ca. Name: easthope.ca Address: 158.69.159.172 $ nslookup islandhosting.com Server: 192.168.0.1 Address:192.168.0.1#53 Non-authoritative answer: Name: islandhosting.com Address: 192.99.111.180 Name: islandhosting.com Address: 2607:5300:60:925e:: $ nslookup hornby.islandhosting.com Server: 192.168.0.1 Address:192.168.0.1#53 Non-authoritative answer: Name: hornby.islandhosting.com Address: 158.69.159.172 Name: hornby.islandhosting.com Address: 2607:5300:203:66b5:: $ whois 192.99.111.180 | grep island $ whois 158.69.159.172 | grep island $ Neither IP gets islandhosting.com? Thx,... P.
Re: should CLI have a nice UI today?
Hi, El vie., 24 mar. 2023 16:57, Tom escribió: > > >> Should CLI (command line interface) have a nice UI library? > > > > There are many. The generic underlying library is usually > > ncurses. > > But it needs to be stressed that there are many. For Python there is > Textualize [1], for Go there is Charm [2], rust has a TUI crate [3] > among other options. > > Also, OP might be interested in this list of "Modern Unix" tools. [4] > > Cheers, > Tom > > [1] https://www.textualize.io > [2] https://github.com/charmbracelet > [3] https://docs.rs/tui/latest/tui/ > [4] https://github.com/ibraheemdev/modern-unix > I would add awesome-shell list: https://github.com/alebcay/awesome-shell Regards
Re: Consultation on license documents
On Saturday, March 18, 2023 03:33:46 AM Jonas Smedegaard wrote: > But if that same project, in addition to those two text files, also > within each code file contains a statement that I, Jonas, am copyright > holder and grants the rights of BSD-3, then those files are licensed as > BSD-3. If nothing else in the project is copyright-protectable, then > the project is dual-licensed as *either* BSD-3 *or* Apache-2.0 (but > still as GPL-3 because that license only *exist* but nothing in the > project has been *granted* those rules that it represents). Should that have said: (but still *not* as GPL-3 because that license only *exist* but nothing in the project has been *granted* those rules that it represents). ?? > If instead, in addition to my copyright claim and Apache-licensing of > the project as a whole, the copyright holder of each and every > copyright-protecable file within the project was someone else, then my > claim had no effect over those files, and in reality the project would > be licensed as BSD-3 (not as Apache-2.0). I guess you're assuming that all of those other copyright holders granted a license as BSD-3 (and not as a whole mishmash of other licenses)? > Standard disclaimer: I am not a lawyer, so only use my input here as > inspiration but seek a lawyer if you want legal certainty. Me, too! -- rhk (sig revised 20230312 -- modified first paragraph, some other irrelevant wordsmithing) | No entity has permission to use this email to train an AI. If you reply: snip, snip, and snip again; leave attributions; avoid HTML; avoid top posting; and keep it "on list". (Oxford comma (and semi-colon) included at no charge.) If you revise the topic, change the Subject: line. If you change the topic, start a new thread. Writing is often meant for others to read and understand (legal documents excepted?) -- make it easier for your reader by various means, including liberal use of whitespace (short paragraphs, separated by whitespace / blank lines) and minimal use of (obscure?) jargon, abbreviations, acronyms, and references. If someone has already responded to a question, decide whether any response you add will be helpful or not ... A picture is worth a thousand words. A video (or "audio"): not so much -- divide by 10 for each minute of video (or audio) or create a transcript and edit it to 10% of the original. A speaker who uses ahhs, ums, or such may have a real physical or mental disability, or may be showing disrespect for his listeners by not properly preparing in advance and thinking before speaking. (That speaker might have been "trained" to do this by being interrupted often if he pauses.) (Remember Cicero who did not have enough time to write a short missive.) A radio (or TV) station which broadcasts speakers with high pitched voices (or very low pitched / gravelly voices) (which older people might not be able to hear properly) disrespects its listeners. Likewise if it broadcasts extraneous or disturbing sounds (like gunfire or crying), or broadcasts speakers using their native language (with or without an overdubbed translation). A person who writes a sig this long probably has issues and disrespects (and offends) a large number of readers. ;-) '
Re: Question for this IP's PTR
f...@dnsbed.com wrote: > Greetings, > > as you see this PTR, > > $ dig -x 1.1.1.1 +short > one.one.one.one. > > so 2.2.2.2 can have the PTR two.two.two.two? and 3.3.3.3 can have > three.three.three.three? A simple counter example is $ dig -x 8.8.8.8 +short dns.google. > Sorry I am not good at the DNS knowledge. Me neither but thanks for the question. It prompted me to visit the one.one.one.one website, which is interesting. I do use 1.1.1.1 for DNS queries in my browser, but this is something much bigger.
Re: [SOLVED] Re: thunderbird can not import gpg-key
On Sat, Mar 25, 2023 at 04:18:28PM +0100, Hans wrote: > I am answering myself. >... > Then I could export the keys using the correct syntax (name of the key, not > some filename). Probably like gpg --export-secret-key 8A7F208C6D9E73291657414D2135D123D8C19BEC > precious > Such I got a new file, which could be imported into thunderbird. > > So, one mistake led to another, however, now its working and I learnt > something. Challenge for next time: Share the actual (and exact) command.
[SOLVED] Re: thunderbird can not import gpg-key
Am Samstag, 25. März 2023, 15:52:03 CET schrieb Hans: I am answering myself. It is now working. Problem was, that I first tried to use the "lkhjpoqwrpoqfjiah.key" files below ".gnupg/private-keys--v1.d/, which did not work. Then, during testings, I changed permissions of .gnupg, which led to a new error. Reverting this, I tried "gpg -K" and then saw the keys with its name. Then I could export the keys using the correct syntax (name of the key, not some filename). Such I got a new file, which could be imported into thunderbird. So, one mistake led to another, however, now its working and I learnt something. Thanks for all the help. Best regards Hans > Hmm, maybe it is because I changed the permissions during my testing > purposes. > > I reset them to original and tried again. > > The error is gone, but nothing is exported. > > Ok, thanks guys, I will try some more. Maybe kleopatra is interfeering with > my keys. > > If I know more, I will let you know. > > Best regards > > Hans > > > Did you read the output of the command? You have unsafe permissions on > > your > > .gnupg directory, therefore nothing was exported. > > > > Not strange at all... > > > > Cheers, > > Tom
Re: thunderbird can not import gpg-key
* 2023-03-25 14:37:10+0100, Hans wrote: > I tried, but ran into the same issue: > > LANG=C gpg --export-secret-key > /home/ullhan63/.gnupg/private-keys-v1.d/123456789.key > testkey Wrong argument. "gpg --export-secret-key" does not want filename argument. It wants key id, key fingerprint or user id argument(s). I suggest that you check your key's fingerprint with "gpg -K" command and then use the fingerprint the select the key for export. gpg --output key.gpg --export-secret-key F514B7B57C2960FA7D6FF4E15BA322F72BEF564B -- /// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/ // OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462 signature.asc Description: PGP signature
Re: thunderbird can not import gpg-key
Hmm, maybe it is because I changed the permissions during my testing purposes. I reset them to original and tried again. The error is gone, but nothing is exported. Ok, thanks guys, I will try some more. Maybe kleopatra is interfeering with my keys. If I know more, I will let you know. Best regards Hans > Did you read the output of the command? You have unsafe permissions on your > .gnupg directory, therefore nothing was exported. > > Not strange at all... > > Cheers, > Tom
Re: thunderbird can not import gpg-key
On Sat, Mar 25, 2023 at 02:37:10PM +0100, Hans wrote: > LANG=C gpg --export-secret-key > /home/ullhan63/.gnupg/private-keys-v1.d/123456789.key > > testkey > gpg: WARNING: unsafe permissions on homedir '/home/myusername/.gnupg' > gpg: WARNING: nothing exported > > Strange. Did you read the output of the command? You have unsafe permissions on your .gnupg directory, therefore nothing was exported. Not strange at all... Cheers, Tom -- I'm a soldier, not a diplomat. I can only tell the truth. -- Kirk, "Errand of Mercy", stardate 3198.9 signature.asc Description: PGP signature
Re: thunderbird can not import gpg-key
Hi Geert, I tried, but ran into the same issue: LANG=C gpg --export-secret-key /home/ullhan63/.gnupg/private-keys-v1.d/123456789.key > testkey gpg: WARNING: unsafe permissions on homedir '/home/myusername/.gnupg' gpg: WARNING: nothing exported Strange. Best regards Hans > If I recall correct, I did something like > > gpg --export-secret-key 0x123456 > sleutel > > > at the command line and then the TB import. > > > Thanks for any hints. > > Thanks for reporting back. > > > Best regards > > Hans > > Groeten > Geert Stappers
Re: thunderbird can not import gpg-key
On Sat, Mar 25, 2023 at 11:21:25AM +0100, Hans wrote: > Hi folks, > > I wanted to import my secret key into thunderbird, but thunderbird > can not read the directory. > > What an I doing wrong? > > I do (my thunderbird is in German, so my English translation might > not be quite accurate): > > - starting thunderbird > - chose in "Open PGP" the option "add key" > - click "add existing key" > - click "files for import" > - now chose in my /home the folder .gnupg/private-keys-v1.d > > and then I get > > Error opening /home/myusername/.gnupg/private-keys-v1.d > Access not granted > > --- > > the settings for these are set: > > drwxr-xr-x 6 myusername myusername 20480 24. Mär 17:51 .gnupg > drwxr-xr-x 6 myusername myusername 20480 24. Mär 17:51 > .gnupg/private-keys-v1.d/ > > The keys themselves are set "rw" and owner is "myusername:myusername" > > The only explanation I have, that thunderbird is calling a plugin with > another owner than me, as thunderbird itself is started with ownership > "myusername". > > However, even if I set the rights to "everybody can read it" (what is > of course only set for testing purposes!) it does not work. > > Anything else, where I should take a look? If I recall correct, I did something like gpg --export-secret-key 0x123456 > sleutel at the command line and then the TB import. > Thanks for any hints. Thanks for reporting back. > Best regards > Hans Groeten Geert Stappers -- Silence is hard to parse
thunderbird can not import gpg-key
Hi folks, I wanted to import my secret key into thunderbird, but thunderbird can not read the directory. What an I doing wrong? I do (my thunderbird is in German, so my English translation might not be quite accurate): - starting thunderbird - chose in "Open PGP" the option "add key" - click "add existing key" - click "files for import" - now chose in my /home the folder .gnupg/private-keys-v1.d and then I get Error opening /home/myusername/.gnupg/private-keys-v1.d Access not granted --- the settings for these are set: drwxr-xr-x 6 myusername myusername 20480 24. Mär 17:51 .gnupg drwxr-xr-x 6 myusername myusername 20480 24. Mär 17:51 .gnupg/private-keys-v1.d/ The keys themselves are set "rw" and owner is "myusername:myusername" The only explanation I have, that thunderbird is calling a plugin with another owner than me, as thunderbird itself is started with ownership "myusername". However, even if I set the rights to "everybody can read it" (what is of course only set for testing purposes!) it does not work. Anything else, where I should take a look? Thanks for any hints. Best regards Hans
Re: should CLI have a nice UI today?
On Sat, Mar 25, 2023 at 09:13:22AM +0100, DdB wrote: > Am 24.03.2023 um 12:32 schrieb cor...@free.fr: > > Hello, > > > > Should CLI (command line interface) have a nice UI library? > > today web dev has so many libraries that make web pages with > > rich/colorful interactive views. [...] > Well, how do you call messages, that provoke troll replies? [...] I think you are being too harsh here. Such a question may come genuinely from someone who hasn't experienced the power of the CLI, which, once you've taken the firs step gently takes you to small one-liners, little loops and bigger and bigger programs. It has this seamless "growth path" which helps and entices its users to get better, something I miss from most GUIs, which rather tend to degrade the user to a click machine. I don't know whether this is inherent to GUIs or just the current "social convention" underlying actual GUIs. One might argue that corporations having promoted the first widespread GUIs (Microsoft, Apple, etc) have some interest in keeping their users dependent. Whatever. But what the OP gets right is: this "first step" to be taken is a steep one (I've seen more than enough smart people fight with that). I wish we had the stamina and creativity to help people over that "first step", and having some kind of low level GUI with a soft transition to CLI could be really a helpful tool there. That wouldn't be totally new. In the late 1970ies and early 1980ies (the times of Scheme, Smalltalk and so on) there was this idea that software had to have a pedagogical component enabling their users to "grow" if they wished so. Smalltalk's GUI was composable in ways very few GUIs are today, showing off characteristics you only find in CLIs these days. What happened to this? Anyway, back to the topic: I think you are being unjust by calling troll on this one. I may be wrong, but I recommend applying Hanlon's razor. Cheers -- t signature.asc Description: PGP signature
Re: Question for this IP's PTR
On Fri, 24 Mar 2023 20:32:31 -0400 Greg Wooledge wrote: > On Sat, Mar 25, 2023 at 08:28:03AM +0800, f...@dnsbed.com wrote: > > Greetings, > > > > as you see this PTR, > > > > $ dig -x 1.1.1.1 +short > > one.one.one.one. > > > > so 2.2.2.2 can have the PTR two.two.two.two? and 3.3.3.3 can have > > three.three.three.three? > > Any IP address can have any PTR value. You just have to petition the > owner of the IP address range to set it. > > I didn't know .one was a valid TLD. It looks like .two is not, so if > someone were to assign "two.two.two.two" as the PTR value of an IP > address, that PTR would not resolve back to any IP address. (An IP > address block owner might reject such a petition.) > In general, at this time, a mail server will look at the IP address of a potential sender, check the PTR, then check for an A record matching the PTR, pointing back to the IP address. The PTR does not (currently) need to be related to an email domain using the address. A competent ISP will have set up its IP addresses with complementary PTR-A record pairs. Unfortunately, many use PTRs in the form x-11-22-33-44 which is perfectly valid, but may be rejected by mail servers as likely spammers (mine does). If you already have a PTR-A pair that doesn't look like this (e.g. is some form of your user name or account reference) you're probably OK. The relevant RFC allows (or did when I last looked) multiple PTR records for one IP address, but I don't think there's much software which can deal with that, or will return more than one. On the other hand, it's quite common for a single mail server to deal with many domains, so it's not reasonable to expect a sender or HELO/EHLO to match the PTR. My email server checks for a complementary PTR-A pair that can both be found in public DNS, and goes no further. I believe that is a typical setting. -- Joe
Re: should CLI have a nice UI today?
Am 24.03.2023 um 12:32 schrieb cor...@free.fr: > Hello, > > Should CLI (command line interface) have a nice UI library? > today web dev has so many libraries that make web pages with > rich/colorful interactive views. > But CLI is still in dull mode. That should be improved in these days. > for example, run "df -h" we got the statistics with plain text. But web > statistics for cloud storage (GCP,AWS etc) are chart like, which give > people more intuitive feeling. > > Thanks > Corey H. Well, how do you call messages, that provoke troll replies? In other words: Just the way, this was written, let me hide away. But since so many people seem to take this seriously, i got to say: FWIW: If i was searching for GUI niceties, i would take a look at Windows. Because it is easier to use for simple tasks, and requires less understanding - at first. For me, it is exactly the other way round: It is exactly because of the many things, i could not do in Windows, that i came to linux and after some years of "playing" with it, i would never want to go back... One of the reasons being the power and flexibility of the command line. Sometimes, doing something at the command prompt for the first time, may be daunting, but then the history is my friend and helps to collect the raw steps and to generate a script for future use, which is empowering even more. And over time, it seems to me as if my thinking changes into searching for the most generic way to do things instead of operating on single entities. Just being able to compose a specific "find ... -print0" command and pipe it into xargs -0 (or parallel) makes so many tasks straight forward and complete in themselves, that i have a clear understanding about the difficulties/impossibility to create a GUI with identical powers. Even if i am assisting some neighbor at using their linux computer, i find myself losing my patience at times and just opening up a terminal window to execute some job faster than pointing and clicking could provide. I LOVE my command line! just my 2 cents DdB
Re: differences between hwclock <-> date due to time zone issues? ...
On 25/03/2023 10:39, Albretch Mueller wrote: You can't physically alter a DVD[+|-]R once it is burned ... Do you customize images to change preferences, e.g. to make OS aware that hardware clock is set to local time? If you do not than OS almost certainly assumes that system time is in UTC, so you may experience bizarre TLS-related errors. If you do than it is better to set actual timezone instead and to get daylight saving time transitions out of the box.
