Re: ICMP router advertisement (ipv4)

[Jeremy Ardley]

On 11/4/23 11:40, Tim Woodall wrote:



My googling suggests that a superhub or hub 5 can be switched to 'modem
only' mode but I've got a hub 6 which doesn't have that option.



  Virgin Media: Virgin Media is the largest cable broadband provider
  in the UK, operating its own network separate from Openreach's
  infrastructure. Virgin Media's network is based on Hybrid
  Fibre-Coaxial (HFC) technology, which delivers high-speed internet
  using a combination of fiber-optic and coaxial cables. Virgin Media
  is not obligated to provide wholesale access to its network, meaning
  customers can only access services directly from Virgin Media.



Looks like you have HFC service. In itself that's good, but Virgin don't 
let anyone else on their HFC network which is bad. Worse is that they 
don't use an industry standard modem such as an Arris unit. Instead they 
use a proprietary NTD and router in the same box.


Your only option seems to be to sign up with some external IPv6 
provider. This service (I've never used it so beware) says it gives you 
ipv6 etc for free. What their business model is I'm not sure 
https://tunnelbroker.net/



Jeremy
(Lists)

Re: how to change default nameserver?

[Richard Hector]

On 11/04/23 15:17, gene heskett wrote:
In a man page from a good 20 years ago. I still have a copy of that 
original redhat 5.0 on a shelf above me, but not a floppy drive to read 
those disks with.


Downloading an iso ... :-)

Richard

Re: questions about cron.daily

[David Wright]

On Mon 10 Apr 2023 at 17:39:57 (+0200), zithro wrote:
> On 10 Apr 2023 03:23, David Wright wrote:
> > On Sun 09 Apr 2023 at 21:48:22 (+0200), zithro wrote:
> > > > IOW, while I run crontab -e on bookworm, inside my emacs session,
> > > > I want a subshell to run crontab -l, but the latter has to run on
> > > > bullseye in order to pick up the old crontab. I'm not sure how
> > > > I would do that.
> > > 
> > > Try running :
> > > ssh user@bullseye crontab -l
> > > 
> > > It will locally list the crontab from remote user "user".
> > > 
> > > Note I've never used emacs, so dunno if ssh is allowed !
> > 
> > In case it's not clear, bullseye and bookworm are Debian distribution
> > codenames, not hostnames.
> 
> In case it's not clear, to distinguish hosts in help messages, it's
> easy to refer to a host using its distro/codename. I have no idea how
> you name your hosts, nor is it useful for the conversation. I thought
> you could do the name translation by yourself.

In case it's not clear, to distinguish root filesystems in help
messages, it's easy to refer to a rootfs using its distro/codename.

For hostnames, I tend to follow RFCs 1178 and 2100. :)

Cheers,
David.

Re: questions about cron.daily

[David Wright]

On Mon 10 Apr 2023 at 08:31:16 (+0200), Michel Verdier wrote:
> Le 10 avril 2023 David Wright a écrit :
> 
> > In case it's not clear, bullseye and bookworm are Debian distribution
> > codenames, not hostnames. I can't edit my crontab on a newly installed
> > bookworm system while simultaneously listing my old crontab on the old
> > bullseye system on the same computer.
> >
> > The machine is set up to dual boot (currently bullseye and buster),
> > but not simultaneously!
> 
> You can boot on one system and mount the other system partition to
> easily compare both.

You're right, though technically that depends on your friendly
sysadmin to mount it. (Of course, typically, that's me.) But
it doesn't address the other advantages of a separate file.

Cheers,
David.

Re: ICMP router advertisement (ipv4)

[Tim Woodall]

On Tue, 11 Apr 2023, Jeremy Ardley wrote:



On 11/4/23 02:19, Tim Woodall wrote:


Unfortunately, I don't seem to have that option any more. My cable modem
appears only to expose a layer 4 connection.

Previous version of my router appear to have a "modem mode" but that
doesn't exist in my version.


Here in Australia we have a national operator called NBN that runs its own 
country-wide network and provides the Network Termination Devices to every 
household and business.


Then we have a large number ISPs who connect to NBN and have a virtual 
circuit established between them and each individual customer. It is up to 
each ISP what services they provide. As a customer you are virtually 
connected to an ISP router and have no exposure to the network inbetween - 
which could be DSL or cable or fibre or even wireless.


What you see is what your ISP wants you to see. Some of them add an extra box 
between you and the NTD to make it harder (allegedly easier for them to 
manage it better, actually to lock you in).


You have the option of changing ISP to one that provides correct IP services. 
That may include chucking out any extra box and connecting direct to the NTD.


Here is something I found about the UK. OpenReach sounds very similar to NBN





Here's an overview of the broadband options and market structure in the UK:



I'm in Dublin, and where I'm living currently my only option is Virgin
cable.

My googling suggests that a superhub or hub 5 can be switched to 'modem
only' mode but I've got a hub 6 which doesn't have that option.



  Virgin Media: Virgin Media is the largest cable broadband provider
  in the UK, operating its own network separate from Openreach's
  infrastructure. Virgin Media's network is based on Hybrid
  Fibre-Coaxial (HFC) technology, which delivers high-speed internet
  using a combination of fiber-optic and coaxial cables. Virgin Media
  is not obligated to provide wholesale access to its network, meaning
  customers can only access services directly from Virgin Media.

Re: https://: vs. https://:.

[David Wright]

On Mon 10 Apr 2023 at 12:13:15 (-0700), pe...@easthope.ca wrote:

> [ … ]

Others have covered your "oddity", likely caused by a certificate
that seems normal.

> As expected, login at https://hornby.islandhosting.com:2096 and at
> https://mail.easthope.ca:2096 appear equivalent.

I notice that 2096 is often a webmail port. Does that mean you've
given up on sending emails by their submission port? Your emails
on this topic suddenly stopped after March 26.

I would point out that there's a small but important difference
between the Debian READMEs on bullseye and bookworm:

  $ diff -ubw README.Debian-bookworm README.Debian-bullseye
  --- README.Debian-bookworm  2023-02-04 06:33:00.0 -0600
  +++ README.Debian-bullseye  2023-04-10 22:32:29.989821250 -0500
  @@ -767,9 +767,7 @@
  REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY
  respectively.
   
  -   To use TLS on connect set "protocol = smtps" on the respective
  -   transport. (For the remote_smtp_smarthost transport the macro
  -   REMOTE_SMTP_SMARTHOST_PROTOCOL can be used.
  +   TLS on connect is not natively supported.
   
   2.2.2. TLS support for Exim as server

So if the method I suggested doesn't work, you could try out the
version of exim4 from bullseye-backports, which also contains
this change.

Cheers,
David.

Re: how to change default nameserver?

[gene heskett]

On 4/10/23 18:04, zithro wrote:

On 10 Apr 2023 22:58, Greg Wooledge wrote:

On Mon, Apr 10, 2023 at 10:53:41PM +0200, zithro wrote:
Why can't you follow others advice, hell, if you don't trust us, even 
the

perfectly correct and up-to-date manpages ?
After reading the posts of others, I'm more and more thinking your 
simply a
troll (or a RedHat fanatic wasting Debian helpers time for no reason) 
...


My take is that he's confused, not trolling.  I've never seen any 
evidence
that he's intentionally making false statements.  He seems to believe 
what

he's saying.


Well, I don't know what's the worst ...
And honestly, when you're genuinely confused, you believe and follow the 
advice of the ones who know ...



The weird and frustrating part is that nothing we do or offer seems to
break through the confusion.



So, I got curious about his claim : "that change to resolv.conf adding 
the search line [search hosts, nameserver] has been required since red 
hat 5.0 in 1998".

(The bracket addition is mine)

I'm not using RHEl-based systems a lot so I may be wrong, and there's 
not a lot of material left from the 1998 web, but the resolv.conf file 
*looks* identical in RHEL-based systems, at least nowadays.
I quickly browsed a few RH help pages about resolv.conf, but couldn't 
find his claim.


I then searched for "search hosts, nameserver" on search engines (-with- 
the quotes, to only get full-match results).
Either I get no results or ... wait for it ... it *ONLY* gives me 
results where Gene posted !


So Gene, can you tell us where you read this ?


In a man page from a good 20 years ago. I still have a copy of that 
original redhat 5.0 on a shelf above me, but not a floppy drive to read 
those disks with.


If you didn't read it somewhere, are you using it because :
- it always has been in your config files, which you created at a time 
you didn't really know what you were doing,

- or you followed advice from someone who claimed he knew,
- or it was in a wrongly pre-configured system and you blindly copied 
the stanza ?


That I can't recall for sure, my wet ram is 88 years old, but I had to 
use it yet for a quint of buster installs when updating my machines to 
buster a month or so after it was released. 4 of them are still in daily 
use here. And I just discovered after this round re-started, that its no 
longer required for armbian's bullseye. So as an experiment, I 
re-installed avahi & cups-browsed on these bullseye machines which I had 
removed. And on reboot, I still had a local network on all bullseye's. 
Blew me away.


Take care & stay well.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: how to change default nameserver?

[gene heskett]

On 4/10/23 16:53, zithro wrote:

On 4/10/23 13:30, Greg Wooledge wrote:
Up to the resolv.conf, that is exactly what I do. But that change to 
resolv.conf adding the search line has been required since red hat 5.0 
in 1998. until bullseye. Just last week I found it is not needed in an 
armbian bullseye install.


What ?! Red Hat ?!
I hope it's a writing mistake, and that you know that the system config 
is not handled the same way in RedHat and Debian ?


Why can't you follow others advice, hell, if you don't trust us, even 
the perfectly correct and up-to-date manpages ?
After reading the posts of others, I'm more and more thinking your 
simply a troll (or a RedHat fanatic wasting Debian helpers time for no 
reason) ...


That is an insult. I bailed out of fedora 15 years ago, tired to being 
an always sick lab rat for redhat. Ubuntu which linuxcnc used for one 
release wasn't a tasty piece of cake, and when linuxcnc jumped to debian 
at about jessie, it was a whole new ball game. And with bookworm, 
linuxcnc is scheduled to join the debian repos. Generally speaking, 
keeping things up to date has become so routine its boring.


Now, if I could figure out why printers, shared om this bullseye 
machine work perfectly when accessed by a buster machine, but cannot 
be seen by any other bullseye machine here, debian or armbian. My logs 
show an auth failure but all are DefaultAthorization Basic. And 
turning on debugging doesn't tell me anything more useful. Like why... 
I've managed to get 1 armbian machine trying to connect, but my logs 
are huge cuz it tries every 11 seconds


Maybe it's a bug in CUPS or w/e soft you're using. Try to find other 
people having this, or report it as a bug.


Not possible. Michael and I have known each other since the '80's when 
he was a starving college student. I'll just let it go at that.


I think you should try avahi/bonjour, also known as *zeroconf*.
Maybe it will better handle your network than yourself ...
Sorry to be so harsh, but no one can help someone who does not want to 
be helped.


That is flat untrue.

Take care & stay well.


.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: update-initramfs

[David Wright]

On Mon 10 Apr 2023 at 20:17:11 (-0400), Marc Auslander wrote:
> I'm on Buster.
> 
> In /boot I keep a copy of the current working linux named by appending
> -knowngood to the four files.  My idea is that if an update fails, I
> have a recent working linux.  This is different from vmlinuz.old which
> is the previous kernel version.  The updates in question are not to
> the kernel but to initrd.image of course.
> 
> Suddenly, update-initramfs insists in trying to first update
> initrd.-knowngood  which of course fails because there are no
> underling file with that name.  This never happened in the past,
> AFAIK. Once it fails it gives up.
> 
> There seems no way to force update-initramfs to update the right kernel.

Perhaps check that "all" hasn't been accidentally inserted:

  $ grep update /etc/initramfs-tools/update-initramfs.conf 
  # Configuration file for update-initramfs(8)
  # update_initramfs [ yes | all | no ]
  # If set to all update-initramfs will update all initramfs
  # If set to no disables any update to initramfs beside kernel upgrade
  update_initramfs=yes
  $ 

A workaround: change the sort order of the backup initrd files
by adding an appropriate prefix, like backup-knowngood-…
so the "real" ones get updated first.

Cheers,
David.

Re: Is perl still the No.1 language for sysadmin?

[Tom Dial]

On 4/8/23 08:19, Emanuel Berg wrote:

Tom Dial wrote:


Look at the use of parentheses in Lisp [...]


I have thought about that - is Lisp possible without them?
But how do you then know priority? I'm sure someone tried
to get rid of them, but how?


Its quite a few years since I had anything to do with Lisp,
and even more since I wrote my Symbolic Logic final using
parenthesis-free Polish notation (i.e., Reversed RPN).


Yes, you mean instead of

   (* 1 2 (+ 1 2 3) 3)

How would that look?

1 2
   1 2 3 +
   3 *

?

Following Lukaciewicz,
  * * * 1 2 + + 1 2 3 3

Evaluation:
  * * * 1 2 + + 1 2 3 3 =>
  * * * 1 2 + 3 3 3 =>
  * * * 1 2 6 3 =>
  * * 2 6 3 =>
  * 123 =>
  36

or

  * * * 1 2 + + 1 2 3 3 =>
  * * 2 + + 1 2 3 3 =>
  * * 2 + 3 3 3 =>
  * * 2 6 3 =>
  * 123 =>
  36

With RPN:
   1 2 1 2 3 + + 3 * * *

Evaluation:
   1 2 1 2 3 + + 3 * * * =>
=> 1 2 1 5 + 3 * * * =>
=> 1 2 6 3 * * * =>
=> 1 218 * * =>
=> 136 * =>
=> 36

'*' and '+' are binary operations. The simplified version '1 2 1 2 3 + 3 *' is 
ambiguous without the sort of stop rules that parentheses provide in Lisp. It is 
less than obvious how to provide for N-ary operations with N > 2. One, maybe 
the simplest, is shown above.

Regards,
Tom

Re: how to limit a CPU temperature?

[Max Nikulin]

On 11/04/2023 07:12, songbird wrote:

   the bios did let me turn down the temperature so we'll see
how that works next time i need to do an upload.


I am curious if it affects
/sys/class/thermal/thermal_zone*

I have never tried to do anything with this interface. I decided to look
into sysfs because in the past, having an issue with screen brightness
controls, I found backlight among cooling devices.

I have not read the following links with enough attention, so I can not
say that they provide enough details to try runtime configuration:

https://www.kernel.org/doc/Documentation/devicetree/bindings/thermal/thermal.txt
Thermal Framework Device Tree descriptor

https://www.kernel.org/doc/html/latest/driver-api/thermal/sysfs-api.html
Generic Thermal Sysfs driver How To
(https://www.kernel.org/doc/html/latest/driver-api/thermal/index.html)

https://wiki.st.com/stm32mpu/wiki/Thermal_overview

update-initramfs

[Marc Auslander]

I'm on Buster.

In /boot I keep a copy of the current working linux named by appending 
-knowngood to the four files.  My idea is that if an update fails, I 
have a recent working linux.  This is different from vmlinuz.old which 
is the previous kernel version.  The updates in question are not to the 
kernel but to initrd.image of course.


Suddenly, update-initramfs insists in trying to first update
initrd.-knowngood  which of course fails because there are no 
underling file with that name.  This never happened in the past, AFAIK. 
Once it fails it gives up.


There seems no way to force update-initramfs to update the right kernel.

Ideas?

Re: how to limit a CPU temperature?

[songbird]

songbird wrote:
> songbird wrote:
> ...
>>   i've been trying to find anything that will let me set this
>> but no luck yet in my searches.
>
>   ...
>
>   of course the moment i send the message it comes to me that
> perhaps the BIOS will let me do this, but i don't want to reboot
> at the moment to check that.  will check later.

  the bios did let me turn down the temperature so we'll see
how that works next time i need to do an upload.


  songbird

Re: ICMP router advertisement (ipv4)

[Jeremy Ardley]

On 11/4/23 02:19, Tim Woodall wrote:


Unfortunately, I don't seem to have that option any more. My cable modem
appears only to expose a layer 4 connection.

Previous version of my router appear to have a "modem mode" but that
doesn't exist in my version.


Here in Australia we have a national operator called NBN that runs its 
own country-wide network and provides the Network Termination Devices to 
every household and business.


Then we have a large number ISPs who connect to NBN and have a virtual 
circuit established between them and each individual customer. It is up 
to each ISP what services they provide. As a customer you are virtually 
connected to an ISP router and have no exposure to the network inbetween 
- which could be DSL or cable or fibre or even wireless.


What you see is what your ISP wants you to see. Some of them add an 
extra box between you and the NTD to make it harder (allegedly easier 
for them to manage it better, actually to lock you in).


You have the option of changing ISP to one that provides correct IP 
services. That may include chucking out any extra box and connecting 
direct to the NTD.


Here is something I found about the UK. OpenReach sounds very similar to NBN

>>

Here's an overview of the broadband options and market structure in the UK:

1.

   Openreach: Openreach, a subsidiary of BT Group, owns and operates
   the majority of the UK's fixed-line infrastructure, including copper
   lines, fiber-to-the-cabinet (FTTC) connections, and
   fiber-to-the-premises (FTTP) connections. Openreach is regulated to
   provide access to its infrastructure on a wholesale basis to other
   ISPs. This means that multiple ISPs can offer services to consumers
   using Openreach's infrastructure, with virtual circuits connecting
   customers to their chosen ISP. Major ISPs, such as BT, TalkTalk,
   Sky, and Plusnet, use this infrastructure.

2.

   Virgin Media: Virgin Media is the largest cable broadband provider
   in the UK, operating its own network separate from Openreach's
   infrastructure. Virgin Media's network is based on Hybrid
   Fibre-Coaxial (HFC) technology, which delivers high-speed internet
   using a combination of fiber-optic and coaxial cables. Virgin Media
   is not obligated to provide wholesale access to its network, meaning
   customers can only access services directly from Virgin Media.

3.

   Smaller ISPs and Alternative Networks: There are also smaller ISPs
   and alternative network providers that offer broadband services,
   including full-fiber networks, fixed wireless access (FWA), and
   satellite broadband. Some of these providers, like CityFibre,
   Hyperoptic, and Gigaclear, have built their own infrastructure in
   certain areas, while others lease capacity from Openreach or other
   network operators.

4.

   Mobile Broadband: Major mobile network operators, such as EE,
   Vodafone, O2, and Three, offer mobile broadband services using 4G
   and 5G technologies. These services can be used as a primary
   broadband connection, especially in rural areas where fixed-line
   broadband speeds may be limited.

In summary, the UK broadband market is a mix of infrastructure providers 
and ISPs, with Openreach's wholesale model playing a significant role in 
ensuring competition among ISPs. Additionally, Virgin Media, smaller 
ISPs, and mobile network operators provide alternatives to the Openreach 
infrastructure.


>>

--
Jeremy
(Lists)

Re: how to change default nameserver?

[Andy Smith]

Hello,

On Tue, Apr 11, 2023 at 12:04:24AM +0200, zithro wrote:
> So, I got curious about his claim

Well you can't say you haven't been warned. This rabbit hole goes
very deep and the bottom will not contain the answers you seek!

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: how to change default nameserver?

[zithro]

On 10 Apr 2023 22:58, Greg Wooledge wrote:

On Mon, Apr 10, 2023 at 10:53:41PM +0200, zithro wrote:

Why can't you follow others advice, hell, if you don't trust us, even the
perfectly correct and up-to-date manpages ?
After reading the posts of others, I'm more and more thinking your simply a
troll (or a RedHat fanatic wasting Debian helpers time for no reason) ...


My take is that he's confused, not trolling.  I've never seen any evidence
that he's intentionally making false statements.  He seems to believe what
he's saying.


Well, I don't know what's the worst ...
And honestly, when you're genuinely confused, you believe and follow the 
advice of the ones who know ...



The weird and frustrating part is that nothing we do or offer seems to
break through the confusion.



So, I got curious about his claim : "that change to resolv.conf adding 
the search line [search hosts, nameserver] has been required since red 
hat 5.0 in 1998".

(The bracket addition is mine)

I'm not using RHEl-based systems a lot so I may be wrong, and there's 
not a lot of material left from the 1998 web, but the resolv.conf file 
*looks* identical in RHEL-based systems, at least nowadays.
I quickly browsed a few RH help pages about resolv.conf, but couldn't 
find his claim.


I then searched for "search hosts, nameserver" on search engines (-with- 
the quotes, to only get full-match results).
Either I get no results or ... wait for it ... it *ONLY* gives me 
results where Gene posted !


So Gene, can you tell us where you read this ?

If you didn't read it somewhere, are you using it because :
- it always has been in your config files, which you created at a time 
you didn't really know what you were doing,

- or you followed advice from someone who claimed he knew,
- or it was in a wrongly pre-configured system and you blindly copied 
the stanza ?

Re: how to change default nameserver?

[Greg Wooledge]

On Mon, Apr 10, 2023 at 10:53:41PM +0200, zithro wrote:
> Why can't you follow others advice, hell, if you don't trust us, even the
> perfectly correct and up-to-date manpages ?
> After reading the posts of others, I'm more and more thinking your simply a
> troll (or a RedHat fanatic wasting Debian helpers time for no reason) ...

My take is that he's confused, not trolling.  I've never seen any evidence
that he's intentionally making false statements.  He seems to believe what
he's saying.

The weird and frustrating part is that nothing we do or offer seems to
break through the confusion.

Re: how to change default nameserver?

[zithro]

On 4/10/23 13:30, Greg Wooledge wrote:
Up to the resolv.conf, that is exactly what I do. But that change to 
resolv.conf adding the search line has been required since red hat 5.0 
in 1998. until bullseye. Just last week I found it is not needed in an 
armbian bullseye install.


What ?! Red Hat ?!
I hope it's a writing mistake, and that you know that the system config 
is not handled the same way in RedHat and Debian ?


Why can't you follow others advice, hell, if you don't trust us, even 
the perfectly correct and up-to-date manpages ?
After reading the posts of others, I'm more and more thinking your 
simply a troll (or a RedHat fanatic wasting Debian helpers time for no 
reason) ...



Now, if I could figure out why printers, shared om this bullseye machine 
work perfectly when accessed by a buster machine, but cannot be seen by 
any other bullseye machine here, debian or armbian. My logs show an auth 
failure but all are DefaultAthorization Basic. And turning on debugging 
doesn't tell me anything more useful. Like why... I've managed to get 1 
armbian machine trying to connect, but my logs are huge cuz it tries 
every 11 seconds


Maybe it's a bug in CUPS or w/e soft you're using. Try to find other 
people having this, or report it as a bug.


I think you should try avahi/bonjour, also known as *zeroconf*.
Maybe it will better handle your network than yourself ...
Sorry to be so harsh, but no one can help someone who does not want to 
be helped.

Re: Re : Re: Un systhème simple pour sauvegarder les partitions d'un os en train de tourner.

[hamster]

Le 10/04/2023 à 17:39, benoit a écrit :

Comme méthode je vois sur le net :

1) Demander la liste au système :

dpkg --get-selections > ma_liste.txt

Puis pour réinstaller :

dpkg --set-selections < ma_liste.txt
apt-get dselect-upgrade



2) Demander la liste au système :

apt-mark showmanual > ma_liste.txt


et aussi :
apt-clone clone `uname -n`
ca fait un fichier .tar.gz la ou on se trouve

On peut ensuite reinstaller cette liste de paquets sur une autre distro 
identique avec :

apt-clone restore 

Ou alors reinstaller cette liste sur une nouvelle version de la distro 
avec :

apt-clone restore-new-distro 

---

et aussi :
La meme avec aptitude
  aptitude -F "%p" search '~i!~M' > paquets.list
ou bien
  aptitude -F "%p" search ~i\!~M > paquets.list
(faut échapper le ! que le shell interprête)

C'est le !~M qui retire les paquets installés automatiquement.

-F '%p' pour avoir seulement le nom du paquet dans la sortie (ni version 
ni état ni description)

~i  pour les paquets installés
~M  paquets installés automatiquement
!~M sauf les paquets auto
~c pour avoir les paquets installés puis retirés mais non purgés

Il y a beaucoup d'autres critères possibles pour le search, cf la doc

pour réinstaller, copier le fichier paquets.list puis
  apt install $(le chevron fermant n'a pas été oublié, il ne doit pas y etre, ca fait 
l'équivalent de $(cat paquets.list)




et aussi :
pour lister les paquets installes manuellement :
comm -23 <(apt-mark showmanual | sort -u) <(gzip -dc 
/var/log/installer/initial-status.gz | sed -n 's/^Package: //p' | sort 
-u) > installes-manuellement.txt


source 
: https://askubuntu.com/questions/2389/generating-list-of-manually-installed-packages-and-querying-individual-packages


-

Mais quand je fais ca, en général je n'ai pas envie de reinstaller tous 
les paquets tel qu'el. J'ai sur mon ordi des trucs que j'ai installés 
juste pour les tester et que je n'ai pas adoptés, alors tant qu'a faire 
autant en profiter pour faire le ménage.


Les méthodes ci dessus donnent toutes des listes de paquets énormes dans 
lesquelles il est terriblement fastidieux d'aller fouiller a la main. 
Notamment les fameux tasksel, comprenant tous les paquets du bureau 
qu'on a choisi et leurs innombrables dépendances, ont été cochés 
manuellement a installer pendant la procédure d'installation et donc 
sortent en tant que paquets installés manuellement avec les méthodes ci 
dessus.


Au final, la méthode que j'utilise c'est d'aller fouiller dans les logs 
de dpkg. Pour sauvegarder ce qu'on a installé, il suffit donc de 
sauvegarder ces logs. Ils sont dans /var/log et ils s'appellent :

dpkg.log
dpkg.log.1
dpkg.log.2.gz
dpkg.log.3.gz
dpkg.log.4.gz
etc…

Ma procédure :

Commencer par copier le tout dans un dossier temporaire (par exemple tmp 
dans le dossier personnel) et décompresser ceux qui finissent par .gz


Fouiller dedans en cherchant le mot clef " install " (avec un espace 
avant et après le mot)

grep -R " install " ~/tmp/
On peut aussi classer le résultat par ordre chronologique et verser le 
tout dans un fichier :

grep -hR " install " ~/tmp/ | sort > ~/tmp/liste-install.txt

Dans ce fichier on trouve facilement tout ce qui a été installé 
automatiquement par l'installation du système (en général c'est tout sur 
le premier jour, parfois a cheval sur les 2 premiers jours) et on peut 
donc le supprimer. Ce qui reste c'est les paquets qu'on a installés 
après que l'installation du système ne soit terminée, et ca c'est 
réaliste de se palucher la liste pour trier. Il reste quand meme plein 
de dépendances dans cette liste, si quelqu'un connait un moyen pour 
virer tout ce qui est dépendance et ne garder que les noms qu'on a tapés 
dans les commandes apt install  ou aptitude, ou coché en 
cliquant a la main dans synaptic ou toute autre méthode d'installation, 
je suis preneur.


Une fois le tri fait, il reste ce qu'on veut reinstaller sur le nouveau 
système. Il faut donc extraire les noms des paquets :
cut -d " " -f 4 ~/tmp/liste-install.txt | cut -d ":" -f 1 | tr '\012' ' 
' > ~/tmp/liste-noms-paquets.txt
On obtiens une jolie liste de noms de paquets a coller dans la commande 
apt install. Tout ce qui n'est pas dans cette liste avait été installé 
automatiquement lors de l'installation du système, donc sera installé 
automatiquement quand on refera l'installation.


Attention : par défaut debian ne garde les logs de dpkg que pendant 12 
mois. C'est court si on veut s'en servir d'historique de tout ce qu'on a 
installé. N'ayant pas trouvé comment lui dire de ne pas supprimer les 
vieux logs, j'ai réglé le délai de conservation des logs dpkg a 120 
mois, comme ca je suis tranquille. Ca se fait en mettant "rotate 120" a 
la place de "rotate 12" dans /etc/logrotate.d/dpkg



Quant aux paquets installés avec les choix cochés à l'installation, sont ils 
bien contenu sous task-desktop, task-french, 

Re: https://: vs. https://:.

[Michel Verdier]

Le 10 avril 2023 peter a écrit :

> "Warning: Potential Security Risk Ahead
>
> Firefox detected a potential security threat and did not continue to
> 158.69.159.172. If you visit this site, attackers could try to steal
> information like your passwords, emails, or credit card details.
>
> What can you do about it?

Website has probably a certificate with its hostname in DN but not its
IP. Its a rather frequent situation. You can inspect certificate to
verify.

Re: https://: vs. https://:.

[Andy Smith]

Hello,

On Mon, Apr 10, 2023 at 12:13:15PM -0700, pe...@easthope.ca wrote:
> As expected, login at https://hornby.islandhosting.com:2096 and at
> https://mail.easthope.ca:2096 appear equivalent.
> 
> But for URL https://158.69.159.172:2096 Firefox warns,

What told you to use the URL with the IP address in it? It's most
likely not the right thing to be doing.

> "Warning: Potential Security Risk Ahead

> What is the risk from an IP address?  Misconfiguration at Island Hosting
> as Firefox suggests?

Firefox is warning you that the server at 158.69.159.172:2096
presented a TLS certificate that did not include the name
"158.69.159.172", so it might be possible that it isn't really the
server you expected it to be.

In reality it's far more likely that no one intended users to ever
connect to it by IP address and it does correctly have the names
hornby.islandhosting.com and mail.easthope.ca in it.

We can verify that hypothesis by seeing what the certificate is
actually for:

$ openssl s_client -connect 158.69.159.172:2096 &1 | openssl x509 
-noout -text | egrep -i '(subject|dns):'
Subject: CN = *.islandhosting.com
DNS:*.islandhosting.com, DNS:islandhosting.com

…so my conclusion is that they would only ever expect you to use
https://hornby.islandhosting.com:2096, and anything else outside of
*.islandhosting.net, including the bare IP address, will result in a
TLS warning.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: https://: vs. https://:.

[Jeffrey Walton]

On Mon, Apr 10, 2023 at 3:30 PM  wrote:
>
> Noticed this oddity when working with the new service.
>
> $ nslookup hornby.islandhosting.com
> Server: 192.168.0.1
> Address:192.168.0.1#53
>
> Non-authoritative answer:
> Name:   hornby.islandhosting.com
> Address: 158.69.159.172
> Name:   hornby.islandhosting.com
> Address: 2607:5300:203:66b5::
>
> $ nslookup mail.easthope.ca
> Server: 192.168.0.1
> Address:192.168.0.1#53
>
> Non-authoritative answer:
> mail.easthope.cacanonical name = easthope.ca.
> Name:   easthope.ca
> Address: 158.69.159.172
>
> As expected, login at https://hornby.islandhosting.com:2096 and at
> https://mail.easthope.ca:2096 appear equivalent.
>
> But for URL https://158.69.159.172:2096 Firefox warns,
>
> "Warning: Potential Security Risk Ahead
>
> Firefox detected a potential security threat and did not continue to
> 158.69.159.172. If you visit this site, attackers could try to steal
> information like your passwords, emails, or credit card details.
>
> What can you do about it?
>
> The issue is most likely with the website, and there is nothing you
> can do to resolve it. You can notify the website’s administrator
> about the problem."
>
> What is the risk from an IP address?  Misconfiguration at Island Hosting
> as Firefox suggests?

The TLS certificate is bound to a domain, not an IP address:

X509v3 Subject Alternative Name:
DNS:*.islandhosting.com, DNS:islandhosting.com

The risks are, it could confuse users and allow them to be tricked. Or
it could be an attack, if the attacker controls the IP address. In
either case, the result will likely be limited to loss of
confidentiality. SO user passwords and user data could be lost to an
attacker.

Users should probably not short-circuit DNS by using an IP address
since so much of the web security model depends on domain names and
DNS.

You could ask your webhost to add an IP address to the SAN. I don't
recall if the CA/B Baseline Requirements allow an IP address in the
SAN, so a public CA may not issue one. I know the Internet's PKIX
allows it, however.

(PKIX and CA/B BR are two competing PKIs one the internet. PKIX is
from the IETF; it is called the "Internet PKI". While CA/B BR is the
CA/Browser Forum Baseline Requirements; CA/B is what browsers follow).

$ openssl s_client -connect hornby.islandhosting.com:2096 -servername
hornby.islandhosting.com | openssl x509 -text -noout
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo
Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = *.islandhosting.com
verify return:1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
85:26:95:89:5b:6b:35:7b:c3:19:5a:ce:61:95:01:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = GB, ST = Greater Manchester, L = Salford, O =
Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
Validity
Not Before: Nov 19 00:00:00 2022 GMT
Not After : Dec 20 23:59:59 2023 GMT
Subject: CN = *.islandhosting.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cd:93:68:87:09:e4:b1:36:7e:ce:45:89:d5:25:
9f:88:47:0f:eb:cd:85:7b:08:d5:3c:0f:04:72:53:
ee:99:e7:42:ef:18:a1:88:0b:5b:f7:9d:1f:5b:ea:
af:52:04:99:a5:a8:9c:3c:c6:5a:bb:e6:39:82:86:
9a:4a:e4:ae:4c:b9:c4:e7:c6:6f:dc:4b:99:7d:7d:
b9:70:c1:c6:9a:c7:90:7d:99:9b:34:16:50:4a:7b:
84:69:6e:a5:43:18:3d:c8:a7:e7:5b:31:66:ad:56:
c5:48:9f:a9:ed:b4:a1:9d:3b:0d:24:67:13:cc:ce:
bb:42:c9:35:f8:bf:39:a9:c4:aa:16:80:71:11:bf:
1c:bc:5e:53:2d:68:0a:36:b4:ed:79:0e:8d:aa:b1:
99:f1:26:75:e8:59:6c:95:d0:be:4a:55:fb:39:9f:
f1:ad:7a:4f:f7:ed:60:ea:52:d9:75:6d:51:6a:3f:
54:61:08:35:ae:a0:94:ff:d3:35:98:7c:38:3e:d2:
f3:57:fe:83:48:7a:cd:77:11:60:74:8f:fc:e5:f3:
12:c8:53:4a:fd:9c:e0:2d:6a:06:24:a9:39:8d:bb:
67:b8:d5:c1:13:44:c6:76:7c:bc:18:01:14:d3:36:
1f:29:87:7d:80:c5:90:c4:f0:ef:60:62:19:cb:b8:
08:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
X509v3 Subject Key Identifier:
DF:C3:D4:F5:31:BF:8F:CA:B9:66:9F:68:74:11:4A:BD:C3:C5:34:18
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: 

Re: https://: vs. https://:.

[Gareth Evans]

> On 10 Apr 2023, at 20:30, pe...@easthope.ca wrote:
> 
> Noticed this oddity when working with the new service.
> 
> $ nslookup hornby.islandhosting.com
> Server: 192.168.0.1
> Address:192.168.0.1#53
> 
> Non-authoritative answer:
> Name:   hornby.islandhosting.com
> Address: 158.69.159.172
> Name:   hornby.islandhosting.com
> Address: 2607:5300:203:66b5::
> 
> $ nslookup mail.easthope.ca
> Server: 192.168.0.1
> Address:192.168.0.1#53
> 
> Non-authoritative answer:
> mail.easthope.cacanonical name = easthope.ca.
> Name:   easthope.ca
> Address: 158.69.159.172
> 
> As expected, login at https://hornby.islandhosting.com:2096 and at
> https://mail.easthope.ca:2096 appear equivalent.
> 
> But for URL https://158.69.159.172:2096 Firefox warns,
> 
> "Warning: Potential Security Risk Ahead
> 
> Firefox detected a potential security threat and did not continue to
> 158.69.159.172. If you visit this site, attackers could try to steal
> information like your passwords, emails, or credit card details.
> 
> What can you do about it?
> 
> The issue is most likely with the website, and there is nothing you
> can do to resolve it. You can notify the website’s administrator
> about the problem."
> 
> What is the risk from an IP address?  Misconfiguration at Island Hosting
> as Firefox suggests?
> 
> Thx, ... P.
> 

What reason is given for the warning?

There's usually an "advanced" or "more info" etc button underneath the message 
you quoted.

Thanks,
Gareth

Re: how to change default nameserver?

[gene heskett]

On 4/10/23 13:30, Greg Wooledge wrote:

On Mon, Apr 10, 2023 at 12:05:06PM -0400, gene heskett wrote:

Thanks for the vote of confidence Greg, but I'd like to point out that the
help offered is only valid for systems with a working dhcpd.
You tell me I'm wrong, but you don't tell how to do it right w/o dragging in
dhcpd.  My way doesn't need that. But you've made it your lifes work to not
understand how my way Just Works.


How To Set Up A Debian Computer With Static IP Addressing And Hosts File:

1) Install Debian.  Select "Standard".  Do not select a Desktop Environment.

2) Find the name of your ethernet interface, either using "ip link" or
by reading /etc/network/interfaces.  For purposes of this document,
let's say it's "en0".

3) Bring your ethernet interface down:  ifdown en0
This will kill the DHCP client daemon.

4) Edit the /etc/network/interfaces file, and change
   iface en0 inet dhcp
to
   iface en0 inet static
and then add the "address" and "gateway" lines underneath that.
While you're in there, make sure you have "auto en0" too.

5) Bring your interface up:  ifup en0

6) Verify that it works, by pinging your gateway, and then pinging an
outside IP address (e.g. ping 8.8.8.8).

7) Edit your /etc/resolv.conf file correctly for your network.
This means adding a "nameserver" line that points to your DNS resolver.
Do not add lines that are not documented in resolv.conf(5).
Specifically, do not add lines that mimic /etc/nsswitch.cong behavior
in this file, because they do not work.

8) Verify that DNS works (e.g. ping www.debian.org).

9) Edit your /etc/hosts file to contain the IP addresses and names of
other hosts on your internal network.

10) Verify that your internet network name resolution works
 (e.g. ping coyote).

There you go.  That's the whole thing.  That's what we've tried to tell
you to do, for the last 5 to 10 years.

I promise you, Gene, "search hosts, nameserver" is NOT a working line in
an /etc/resolv.conf file.  It never has been.  It never will be.

.
Up to the resolv.conf, that is exactly what I do. But that change to 
resolv.conf adding the search line has been required since red hat 5.0 
in 1998. until bullseye. Just last week I found it is not needed in an 
armbian bullseye install.


Now, if I could figure out why printers, shared om this bullseye machine 
work perfectly when accessed by a buster machine, but cannot be seen by 
any other bullseye machine here, debian or armbian. My logs show an auth 
failure but all are DefaultAthorization Basic. And turning on debugging 
doesn't tell me anything more useful. Like why... I've managed to get 1 
armbian machine trying to connect, but my logs are huge cuz it tries 
every 11 seconds


Take care & sty well, Greg

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: https://: vs. https://:.

[Greg Wooledge]

On Mon, Apr 10, 2023 at 12:13:15PM -0700, pe...@easthope.ca wrote:
> Name:   hornby.islandhosting.com
> Address: 158.69.159.172

> As expected, login at https://hornby.islandhosting.com:2096 and at
> https://mail.easthope.ca:2096 appear equivalent.
> 
> But for URL https://158.69.159.172:2096 Firefox warns,
> 
> "Warning: Potential Security Risk Ahead
[...]

> What is the risk from an IP address?  Misconfiguration at Island Hosting
> as Firefox suggests?

You've got three different URLs here, which means you're looking at three
different web sites.

https://hornby.islandhosting.com:2096
https://mail.easthope.ca:2096
https://158.69.159.172:2096

Each of these may give you a different web site, even if they're all hosted
on the same physical computer, or the same virtual machine.

So, it's conceivable that Mozilla has flagged one of these web sites as
a security risk, but not the other two.

It's also conceivable that Mozilla has flagged an entire block of "raw IP
address URLs" as a security risk, based on a pattern of behavior that
they've seen from other web sites within that address range.

You'd have to ask Mozilla for the exact details about why they've flagged
what they've flagged.

https://: vs. https://:.

[peter]

Noticed this oddity when working with the new service.

$ nslookup hornby.islandhosting.com
Server: 192.168.0.1
Address:192.168.0.1#53

Non-authoritative answer:
Name:   hornby.islandhosting.com
Address: 158.69.159.172
Name:   hornby.islandhosting.com
Address: 2607:5300:203:66b5::

$ nslookup mail.easthope.ca
Server: 192.168.0.1
Address:192.168.0.1#53

Non-authoritative answer:
mail.easthope.cacanonical name = easthope.ca.
Name:   easthope.ca
Address: 158.69.159.172

As expected, login at https://hornby.islandhosting.com:2096 and at
https://mail.easthope.ca:2096 appear equivalent.

But for URL https://158.69.159.172:2096 Firefox warns,

"Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to
158.69.159.172. If you visit this site, attackers could try to steal
information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the website, and there is nothing you
can do to resolve it. You can notify the website’s administrator
about the problem."

What is the risk from an IP address?  Misconfiguration at Island Hosting
as Firefox suggests?

Thx, ... P.

Re: how to change default nameserver?

[Andy Smith]

Hello,

On Mon, Apr 10, 2023 at 12:05:06PM -0400, gene heskett wrote:
> My way doesn't need that. But you've made it your lifes work to
> not understand how my way Just Works.

Just for the benefit of any inexperienced people who may read this
in future:

- As pointed out already, Gene's resolv.conf file contains obvious
  syntax errors.

- Gene has been told this many times by many people over the course
  of many years.

- Gene refuses to acknowledge or correct this, nor to stop advising
  other people to copy him.

- How anything Just Works for Gene is a matter of luck, not design.
  Frequently things *don't* Just Work for Gene, and then these
  habits frustrate any attempt to help him. The chances are good
  that in any given situation he will ignore all advice and just
  repost the same problem again in a few weeks, months or years.

- Gene's behaviour does not restrict itself to resolv.conf. A great
  portion of the advice Gene offers on this list is factually
  incorrect.

It would be best to corroborate anything Gene advises you to do with
the documentation and other posters. Sometimes he is correct, but
too many times he is not.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: ICMP router advertisement (ipv4)

[Tim Woodall]

On Mon, 10 Apr 2023, Jeremy Ardley wrote:



On 10/4/23 12:49, Tim Woodall wrote:


And it doesn't forward packets from new ips either, it just silently
drops them.

I don't know how the router learns ips but I suspect it's something to
do with DAD,

I don't know about your router specifically, but here in Australia the 
Network Termination Device (in my case a cable interface) has a gig ethernet 
port that a conventional 'router' connects to (e.g. the typical wifi device 
usually with some ethernet ports). On the NTD side the router sees an 
ethernet style interface that it can broadcast discovery packets onto. The 
NTD then routes the packets to the ISP via some cable protocol.


You can simply plug your computer ethernet direct into the NTD and do all the 
link negotiations you want. No extra hardware required.


In my case I have a dual port armbian device connected to the Network 
Termination Device to act as router to my network.



That's how I used to do it when with Andrews and Arnold in the UK.

Unfortunately, I don't seem to have that option any more. My cable modem
appears only to expose a layer 4 connection.

Previous version of my router appear to have a "modem mode" but that
doesn't exist in my version.

Re: how to change default nameserver?

[Greg Wooledge]

On Mon, Apr 10, 2023 at 12:05:06PM -0400, gene heskett wrote:
> Thanks for the vote of confidence Greg, but I'd like to point out that the
> help offered is only valid for systems with a working dhcpd.
> You tell me I'm wrong, but you don't tell how to do it right w/o dragging in
> dhcpd.  My way doesn't need that. But you've made it your lifes work to not
> understand how my way Just Works.

How To Set Up A Debian Computer With Static IP Addressing And Hosts File:

1) Install Debian.  Select "Standard".  Do not select a Desktop Environment.

2) Find the name of your ethernet interface, either using "ip link" or
   by reading /etc/network/interfaces.  For purposes of this document,
   let's say it's "en0".

3) Bring your ethernet interface down:  ifdown en0
   This will kill the DHCP client daemon.

4) Edit the /etc/network/interfaces file, and change
  iface en0 inet dhcp
   to
  iface en0 inet static
   and then add the "address" and "gateway" lines underneath that.
   While you're in there, make sure you have "auto en0" too.

5) Bring your interface up:  ifup en0

6) Verify that it works, by pinging your gateway, and then pinging an
   outside IP address (e.g. ping 8.8.8.8).

7) Edit your /etc/resolv.conf file correctly for your network.
   This means adding a "nameserver" line that points to your DNS resolver.
   Do not add lines that are not documented in resolv.conf(5).
   Specifically, do not add lines that mimic /etc/nsswitch.cong behavior
   in this file, because they do not work.

8) Verify that DNS works (e.g. ping www.debian.org).

9) Edit your /etc/hosts file to contain the IP addresses and names of
   other hosts on your internal network.

10) Verify that your internet network name resolution works
(e.g. ping coyote).

There you go.  That's the whole thing.  That's what we've tried to tell
you to do, for the last 5 to 10 years.

I promise you, Gene, "search hosts, nameserver" is NOT a working line in
an /etc/resolv.conf file.  It never has been.  It never will be.

Re: apt temporary failure resolving deb.debian.org

[Tim Woodall]

On Mon, 10 Apr 2023, Lee wrote:


Why are you using google as forwarders ?


To eliminate as many variables as possible.

delv talking to google works.

delv talking to bind talking to google fails.

When talking directly, delv is using udp to talk to google
When talking via bind, bind is using tcp.

And while google acks the DNSKEY request from bind, the data is not
received. The seqnence number jumps from 1 on the ACK of the query to
1636 on the FIN where google closes the connection.

Thats 1635 bytes of data gone missing.

The mss on the original SYN packet is 1220, so that ought to be two (or
more) packets gone missing.

Interestingly if I use tcp to google servers it still works:
(hmmm, capture suggest that it's only using TCP for the CNAME request,
not the DNSKEY requests)
delv -t cname deb.debian.org +rtrace +tcp @2001:4860:4860::
;; fetch: deb.debian.org/CNAME
;; fetch: debian.org/DNSKEY
;; fetch: debian.org/DS
;; fetch: org/DNSKEY
;; fetch: org/DS
;; fetch: ./DNSKEY
; fully validated
deb.debian.org. 3112IN  CNAME   debian.map.fastlydns.net.
deb.debian.org. 3112IN  RRSIG   CNAME 8 3 3600 20230512040858 
20230402034640 32728 debian.org. 
rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE 
FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYkskltkGJyk8VNBnbgTM3Szm 
M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge 
VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D 
CrKUmSE9VBhRoclczsBbMENUftKR0XOl

while to my ISPs nameservers it doesn't!
root@bind17:~# delv -t cname deb.debian.org +rtrace +tcp @2001:730:3ec2::10
;; fetch: deb.debian.org/CNAME
;; fetch: debian.org/DNSKEY
;; resolution failed: timed out

and I see exactly the same in the capture, 1635 bytes missing.




bind works just fine for me with no forwarding:
$ delv -t cname deb.debian.org +rtrace
;; fetch: deb.debian.org/CNAME
;; fetch: debian.org/DNSKEY
;; fetch: debian.org/DS
;; fetch: org/DNSKEY
;; fetch: org/DS
;; fetch: ./DNSKEY
; fully validated
deb.debian.org. 3550IN  CNAME   debian.map.fastlydns.net.
deb.debian.org. 3550IN  RRSIG   CNAME 8 3 3600
20230512040858 20230402034640 32728 debian.org.
rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE
FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYksklt8VNBnbgTM3Szm
M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge
VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D
CrKUmSE9VBhRoclczsBbMENUftKR0XOl


Regards,
Lee

Re: how to change default nameserver?

[gene heskett]

On 4/9/23 11:20, Greg Wooledge wrote:

On Sun, Apr 09, 2023 at 04:53:17PM +0200, zithro wrote:

Also, the line "search hosts, nameserver" is wrong. The place to put such
settings is "/etc/nsswitch.conf".
"search" is used to resolve hostnames to FQDN.
So if you put "search example.com", and you try to connect to a machine with
for example "ssh hostname", the DNS client will try to append example.com to
hostname, and try to resolve "hostname.example.com".


Welcome to the Gene Heskett show, starring Gene Heskett.

We've told Gene that his configuration is wrong *so* many times, over
*so* many years.  There are very many, very long, threads dedicated to
trying to help Gene get his network configuration to a sane state.

I recommend not trying again, but it's up to you.  Maybe you'll succeed
where everyone else has failed... I doubt it, but I can't rule it out.

.
Thanks for the vote of confidence Greg, but I'd like to point out that 
the help offered is only valid for systems with a working dhcpd.
You tell me I'm wrong, but you don't tell how to do it right w/o 
dragging in dhcpd.  My way doesn't need that. But you've made it your 
lifes work to not understand how my way Just Works.


Take care & stay well.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Riddling over systemctl, pulseaudio, firefox-esr, and salsa.debian.org

[Thomas Schmitt]

Hi,

i experience a strange behavior of my Debian 11 with firefox-esr and
pulseaudio.
After visiting
  https://salsa.debian.org/groups/optical-media-team/-/activity
the most busy process on my Debian 11 is the one that was started at boot
(or user login) automatically by
  /usr/bin/pulseaudio --daemonize=no --log-target=journal
It uses tenfold more CPU time than the idle firefox-esr (says top(1)).
I cannot tell whether it really tries to make noise, because no
loudspeakers are attached.
Before the visit to salsa.debian.org pulseaudio is not shown by top(1)
among the busiest processes. Afterwards it steadily uses 10 percent of
a 4 GHz Xeon core.
Leaving the web site and even removing the browser tab does not reduce
this activity.

So what is salsa.debian.org doing with firefox-esr to get pulseaudio so
excited ?


Next riddle is how i could keep pulseaudio from being started automatically
for my desktop user. I understand from web and man page of systemctl that
  systemctl --user disable pulseaudio.service pulseaudio.socket
should do the trick.
But on next boot and login (even via ssh) there is again a pulseaudio
instance running with my desktop user id.
The superuser can prevent the starting of pulseaudio for my user and for
user "lightdm" by
  systemctl --global disable pulseaudio.service pulseaudio.socket

So do i get the man page wrong and systemctl has no means to prevent
services for particular users ?


Have a nice day :)

Thomas

Re: questions about cron.daily

[zithro]

On 10 Apr 2023 03:23, David Wright wrote:

On Sun 09 Apr 2023 at 21:48:22 (+0200), zithro wrote:

IOW, while I run crontab -e on bookworm, inside my emacs session,
I want a subshell to run crontab -l, but the latter has to run on
bullseye in order to pick up the old crontab. I'm not sure how
I would do that.


Try running :
ssh user@bullseye crontab -l

It will locally list the crontab from remote user "user".

Note I've never used emacs, so dunno if ssh is allowed !


In case it's not clear, bullseye and bookworm are Debian distribution
codenames, not hostnames.


In case it's not clear, to distinguish hosts in help messages, it's easy 
to refer to a host using its distro/codename. I have no idea how you 
name your hosts, nor is it useful for the conversation. I thought you 
could do the name translation by yourself.



I can't edit my crontab on a newly installed
bookworm system while simultaneously listing my old crontab on the old
bullseye system on the same computer.
The machine is set up to dual boot (currently bullseye and buster),
but not simultaneously!


Missed that information. So it's even easier.
Mount the /var partition of bullseye on bookworm.
Go to /MOUNTPOINT/var/spool/cron/crontabs
Done.

Re : Re: Un systhème simple pour sauvegarder les partitions d'un os en train de tourner.

[benoit]

Le jeudi 6 avril 2023 à 18:46, hamster  a écrit :

 
> Tu oublie de préciser ton usage. Ordi de bureau ? Serveur ? Autre ?
> 

Oui un ordi de bureau


> Par contre, en faisant comme ca je perd les logiciels que j'avais
> installés après la sauvegarde du système. En soi, c'est pas un drame :
> c'est très facile de les re-installer, le plus difficile étant de se
> souvenir lesquels. Il peut donc etre utile de sauvegarder régulièrement
> la liste des logiciels installés. Ca peut très bien se faire a chaud, il
> y a plusieurs méthodes pour ca. Mais je ne vois pas l'interet de
> sauvegarder tout le système.
> 


Comme méthode je vois sur le net :

1) Demander la liste au système :

dpkg --get-selections > ma_liste.txt

Puis pour réinstaller :

dpkg --set-selections < ma_liste.txt
apt-get dselect-upgrade



2) Demander la liste au système :

apt-mark showmanual > ma_liste.txt 

Quant aux paquets installés avec les choix cochés à l'installation, sont ils 
bien contenu sous task-desktop, task-french, task-french-desktop, 
task-lxde-desktop, tasksel de cette liste ?
Parce que je ne trouves pas libreoffice dans les dépendances de ces paquets...

Benoit

Re : Re: Un système simple pour sauvegarder les partitions d'un os en train de tourner.

[benoit]

Le vendredi 7 avril 2023 à 11:54, Michel Verdier  a écrit :


> Le 7 avril 2023 benoit a écrit :
> 
> > En effet, pour les fichiers non système j'utilise lsyncd, c'est vraiment 
> > top.
> 
> 
> Oui c'est un bon outil. Mais attention il fait une synchro et pas une
> sauvegarde. Si ton fichier original est corrompu, ou si tu fais tout
> simplement une modification ou une suppression à tort, l'erreur sera
> synchronisée. C'est justement ce qu'on veut éviter pour une sauvegarde.


Oui j'ai bien conscience de ça.
Après avoir supprimé un fichier par erreur, la pire des erreur serait de lancer 
lsyncd, ce qui aurait pour conséquence de l'effacer aussi sur le miroir créé 
par lsyncd. Dans le cas d'un effacement accidentel, il faut aller récupérer le 
fichier sur le miroir créé par lsyncd.

C'est effectivement une synchro et pas une sauvegarde.

Le cas ou lsyncd est dangereux, c'est quand on se rend compte longtemps après 
qu'on a supprimé un fichier par erreur et qu'on a déjà fait une synchro entre 
temps.

Re: DOSBOX 0.74 en clavier azerty

[Th.A.C]

Bonjour,

https://www.dosbox.com/wiki/KEYB

je dirai:
keyboardlayout=fr

Thierry

Re: Bookworm system randomly not responding (was Re: Bookworm system not responding on high memory usage)

[Xiyue Deng]

Xiyue Deng  writes:

> Xiyue Deng  writes:
>
>> Xiyue Deng  writes:
>>
>>> So after some more tries it looks like this issue is not directly memory
>>> usage related.  I've tried the following:
>>>
>>> * Using older kernel version when I was on Bullseye.
>>> * Have a cronjob to drop memory caches every minutes.
>>> * Using Gnome on Wayland by default or Xorg.
>>>
>>> And this can still happen when I was running a qemu-based Win11 VM using
>>> virtual manager.  So this rules out the possibility of a kernel issue
>>> and OOM killer issue.  All that is certain is that this issue can be
>>> reproduced when running my qemu-based Win11 VM and in a few hours it
>>> will trigger this lockup.
>>>
>>> As this system has been running Bullseye for a few years with zero
>>> problem, I'm hopeful this should work for Bookworm as well.  If you have
>>> anything in mind that may worth a try please feel free to share.  The
>>> more ideas the better.
>>>
>>> Thanks in advance!
>>
>> So, to rule out possible software issues, I've done a clean install of
>> Bookworm and Bullseye, and this issue still happens.  I guess this
>> largely lowers the possibility of a software cause.  I've also done a
>> 10-hour memtest session and it passed so I guess it was proven to be
>> clean as well.
>>
>> For the next step, I'll go with the hardware aspect.  I want to thank
>> for the helps, suggestions, and brainstorming from various people from
>> #debian{,-next} IRC channels!  Will try to get to the bottom of this.
>>
>
> Actually after I decided to contact the customer service of my box[1],
> after a few rounds of suggestions (reset CMOS, reinstall system, etc.),
> they provided an update to the BIOS that supposed to Windows 10/11
> freezing when accessing the fTPM module.  After flashing the new BIOS,
> I've been running the system on high load for 12+ hours without issue.
> Though a much longer testing period is needed to make sure the fix is
> sufficient, I think this is looking very promising!  Will report back
> after a week.
>
> Hope this is useful for anyway having similar issues.

It has been over a week after applying the BIOS update to my Minisforum
Elitemini HX90[1] and except a manual reboot my system has been running
totally fine!  So I'd consider this issue as resolved.  In case you are
using similar system from the same vendor and experiencing similar
system freezing issues, please contact the customer support for a
similar BIOS updates.

I'd like to thank the wonderful people at #debian{,-next} on IRC again
for helping me and the suggestions during the debugging!

>
> [1] https://store.minisforum.com/products/hx90
>
>>>
>>> (Replies to Timothy below inline.)
>>>
>>> Timothy M Butterworth  writes:
>>>
 On Sat, Mar 11, 2023 at 3:30 AM Xiyue Deng  wrote:

  Timothy M Butterworth  writes:

  > On Fri, Mar 10, 2023 at 7:57 PM Xiyue Deng  wrote:
  >
  >  Hi,
  >
  >  I have an AMD64 system[1] that has been running fine on Bullseye for a
  >  few years, and recently following the soft freeze on Bookworm I 
 upgraded
  >  my system to try it out, and the system has been frequently losing
  >  response.  Initially I thought it was because of some issue of my
  >  qemu-based Win11 virtual machine as it happens most frequently when it
  >  was running and filed a bug report[2].  But then it happened again
  >  without it running because some other program had slowly used up most 
 of
  >  the memory again, though not as frequently as the VM was running.
  >
  >  Now in retrospect, when I was using Bullseye the total memory was also
  >  mostly used up most of the time, with a few hundreds of megabytes
  >  reported as free and a few Gigs reported as cache, and it has been
  >  running fine.  I'm not sure what has changed in Bookworm and having to
  >  manually restart the machine is a pretty annoying and unpleasant
  >  experience.
  >
  >  Does anyone seeing a similar problem as well?  What can I do to avoid
  >  this?  Any suggest is welcome.
  >
  >  Thanks in advance.
  >
  > Open the command prompt and run `su` to switch user to root. Then run 
 `sync && echo 1 > /proc/sys/vm/drop_caches`
  as
  > root. This will write RAM caches to the hard drive to free up memory. 
 You have to run this as root as sudo, my
  preferred
  > method, returns a permission disabled error.

  Thanks for the tip!  I'll try it out.
>>>
>>> So unfortunately this doesn't help either, as it happens again with very
>>> low cache usage.
>>>
>>> `free -h`:
>>>
>>>totalusedfree  shared  buff/cache   
>>> available
>>> Mem:30Gi13Gi16Gi   206Mi   1.4Gi
>>> 17Gi
>>> Swap:  979Mi  0B   979Mi
>>>
>>> `top` excerpt:
>>>
>>> top - 14:55:05 up 18 min, 11 users,  load average: 1.77, 1.65, 1.09
>>> Tasks: 504 

Re: DOSBOX 0.74 en clavier azerty

[Bernard Schoenacker]

Bonjour Basile, 


Pour le clavier et sa disposition : 


[dos] 


keyboardlayout=fr 




et au démarrage : 


il faut taper au demarrage "keyb fr". 



Source de l'info : 

18 mai 2008 à 11:14 forum comment ça marche 



merci et bonne journée 


@+ 
Bernard 



- Mail original -

De: "Basile Starynkevitch"  
À: "Debian user french"  
Envoyé: Lundi 10 Avril 2023 12:21:11 
Objet: DOSBOX 0.74 en clavier azerty 


Bonjour la liste, 


Je dois utiliser dosbox (version 0.74-3) sur une machine Debian x86-64 (sous 
Xorg) avec un clavier émulé correspondant au clavier physique, disposition 
AZERTY (pour corriger un TP). 

Moin fichier ~/.dosbox/dosbox-0.74-3.conf contient actuellement 



[dos]
#xms: Enable XMS support.
#ems: Enable EMS support.
#umb: Enable UMB support.
# keyboardlayout: Language code of the keyboard layout (or none).

xms=true
ems=true
umb=true
#Basile keyboardlayout=auto keyboardlayout= AZERTY 




la ligne keyboardlayoutr est incorrecte! 


Que dois-je y mettre? 


Librement 
-- 
Basile Starynkevitch  (only mine opinions / les 
opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/ & refpersys.org 

Re: DOSBOX 0.74 en clavier azerty

[Michel Verdier]

Le 10 avril 2023 Basile Starynkevitch a écrit :

>> keyboardlayout=*AZERTY*
>>
>
> la ligne keyboardlayoutr est incorrecte!
>
>
> Que dois-je y mettre?

keyboardlayout=fr

DOSBOX 0.74 en clavier azerty

[Basile Starynkevitch]

Bonjour la liste,


Je dois utiliser dosbox (version 0.74-3) sur une machine Debian x86-64 
(sous Xorg) avec un clavier émulé correspondant au clavier physique, 
disposition AZERTY (pour corriger un TP).


Moin fichier ~/.dosbox/dosbox-0.74-3.conf contient actuellement


[dos]
#xms: Enable XMS support.
#ems: Enable EMS support.
#umb: Enable UMB support.
# keyboardlayout: Language code of the keyboard layout (or none).

xms=true
ems=true
umb=true
#Basile keyboardlayout=auto
keyboardlayout=*AZERTY*



la ligne keyboardlayoutr est incorrecte!


Que dois-je y mettre?


Librement

--
Basile Starynkevitch
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/ & refpersys.org

Re: questions about cron.daily

[Michel Verdier]

Le 10 avril 2023 David Wright a écrit :

> In case it's not clear, bullseye and bookworm are Debian distribution
> codenames, not hostnames. I can't edit my crontab on a newly installed
> bookworm system while simultaneously listing my old crontab on the old
> bullseye system on the same computer.
>
> The machine is set up to dual boot (currently bullseye and buster),
> but not simultaneously!

You can boot on one system and mount the other system partition to
easily compare both.