Re: [semi-HS] Conseil sur l'exploitation d'un serveur DNS

2024-05-04 Thread François TOURDE
Le 19846ième jour après Epoch,
NoSpam écrivait:

> Ouvert aux 4 vents, surement pas. Plein de problèmes si le logiciel
> est mal configuré. Pour réaliser ce que tu veux faire j'utilise BIND
> avec sa vue local
>
> Perso, je connecterai tous les postes en VPN et ne ferait écouter le
> serveur DNS que sur l'IP privée du VPN. Pas ou prou problème de
> sécurité

Sauf que là, l'OP parle de "téléphones IP", donc difficile de faire le
tri. En plus, opérer un VPN "ouvert aux 4 vents", ou un DNS "ouvert
pareil", je choisirais la version DNS plutôt que VPN :)



Re: [semi-HS] Conseil sur l'exploitation d'un serveur DNS

2024-05-04 Thread François TOURDE
Le 19847ième jour après Epoch,
Michel Verdier écrivait:

> Le 3 mai 2024 Olivier a écrit :
>
>> 1. Une VM (sous Debian) louée chez un prestataire vous parait-elle 
>> suffisante ?
>
> Oui sauf si tu attends des milliers de requêtes

Milliers par secondes ? Franchement, un prestataire qui loue des machine
et qui ne peut pas supporter des floppées de requêtes DNS, j'en vois
pas.

>> 3. Quel retour d'expérience sur l'exploitation d'un serveur DNS
>> "ouvert aux 4 vents" ? Quels problèmes de sécurité rencontre-t-on ?
>
> Ouvert pour fournir le dns à des personnes que tu ne connais pas ?
> Au minimum fermer le serveur par un firewall et autres. Et configurer le
> serveur dns en prenant les options les plus sécurisées, là ça dépend du
> serveur retenu. Mais au minimum bloquer les transferts et la
> récursion.

Ok pour les transferts et la récursion, mais l'OP parle de "téléphones
IP", je vois mal comment mettre en place un firewall pour gérer ces
types d'accès.



Firefox : champs déjà mémorisés

2024-05-04 Thread ajh-valmer
Hello,

J'ai 3 comptes bancaires (sans être riche).
Je les contacte depuis Firefox.
À chaque banque je coche "enregistrer les informations".

Banque 1 : les champs n° compte et mot de passe sont remplis, 
je n'ai plus qu'à cliquer sur envoyer,

Banque 2 : seul le champ n° compte est rempli,

Banque 3 : les 2 champs sont vides.

Comment se fait-il, pourquoi le cache ne fonctionne pas ?

Merci.



Re: [semi-HS] Conseil sur l'exploitation d'un serveur DNS

2024-05-04 Thread François TOURDE
Le 19846ième jour après Epoch,
Olivier écrivait:

> Bonjour,
>
> J'envisage de mettre en place un serveur DNS dont le rôle serait de
> résoudre des requêtes sur un de mes domaines.

Il y a des chances que ton registrar te propose son propre DNS. Pourquoi
ne pas l'utiliser ?

> Imaginons que je possède le domaine masociete.com
> Le serveur recevra des requètes d'Internet sur des sous-domaines comme
> client12345.masociete.com en provenance d'appareils (téléphones IP)
> qui peuvent assez rustiques au niveau réseau.
>
> Mes exigences sont :
>
> 1- je puisse "facilement" ajouter-retirer-modifier des sous-domaines

Tout dépends de ce que tu appelles "facilement", mais par exemple le
registrar GANDI propose des API pour gérer tes enregistrements.
>
> 2- personne ne puisse énumérer mes sous-domaines ie savoir que les
> sous-domaines client1.masociete.com et client2.masociete.com
> existent et le les sous-domaine client3.masociete.com n'existe pas
> (encore),

C'est dépendant de ce que tu vas choisir comme outil, mais en général
ils possèdent un paramètre qui va restreindre qui a le droit de faire un
transfert de données.

> 3- le serveur soit protégée-protégeable contre les attaques par Déni
> de Service

Tu peux difficilement te battre contre une armée de 2^32 (ou plus) de
machines zombies, mais des services comme CloudFlare vont pouvoir
répondre à ce besoin. Moyennant finances bien sûr. Mais le déni de
service n'a pas forcément de rapport avec le type de serveur DNS que tu
vas choisir.

> Mes questions :
>
> 1. Une VM (sous Debian) louée chez un prestataire vous parait-elle
> suffisante ?

Carrément. C'est même presque overkill.

> 2. Quel logiciel recommandez-vous ?

Bind9 ? Un gros standard bien stable.

> 3. Quel retour d'expérience sur l'exploitation d'un serveur DNS
> "ouvert aux 4 vents" ? Quels problèmes de sécurité rencontre-t-on ?

J'opère mon DNS depuis bientôt 25 ans (Ouch !) et je n'ai jamais eu de
soucis majeurs avec. La migration bind8 vers bind9 a été un peu
rugueuse, mais j'ai survécu ;)

Je pense que la question majeure est: "Ai-je vraiment besoin d'opérer
moi-même mon DNS?"

Mes 2¢



Kvm Bridge Network Problem

2024-05-04 Thread Stephen P. Molnar
I am running Bookworm on my main platform. After quite a bit of googling 
and many errors and much head scratching I have managed to follow the 
instructions in:


https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/ 
.


I have currently implicated this on a Windows 10 client. However, there 
still remains a problem. After the first restart of the Windows client 
the internet was accessible. However, a problem arose after I 
successfully installed br0 (copy attached). I was able to use the LAN 
printer and the 40" TV , but could not access the Host.


I'm sure that I have missed something, but I don't know what.

Guidance to a solution to the problem would be appreciated.

Thanks in advance,

--
Stephen P. Molnar, Ph.D.
https://insilicochemistry.net
(614)312-7528 (c)
Skype:  smolnar1

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# Specify that the physical interface that should be connected to the bridge
# should be configured manually, to avoid conflicts with NetworkManager
iface enp2s0 inet manual

#Primary network interface with bridge
auto br0
iface br0 inet static
address 162.237.98.238
broadcast 162.237.98.255
netmask 255.255.255.0
gateway 162.237.98.1
bridge_ports enp2s0
bridge_stp off
bridge_waitport 0
bridge fd 0


Re: Zutty fonts - zutty always uses the same font and fontsize

2024-05-04 Thread Max Nikulin

On 02/05/2024 15:17, Richmond wrote:


It understands the font names from xfontsel which is a major improvement
on zutty.


I have nothing against raster fonts for terminal applications, but I am 
surprised that support of X Logical Font Description may be considered 
as an improvement in comparison with an application relying on fontconfig.


I have never tried zutty, but I would expect something like (assuming 
fonts-liberation2 installed)


zutty -font LiberationMono -fontsize 24

However applications are usually more liberal concerning specifying 
vector fonts and use various fallbacks and substitutions.




Re: realpath quoting

2024-05-04 Thread Greg Wooledge
On Sat, May 04, 2024 at 08:22:27AM -0500, Tom Browder wrote:
> $ cat read.raku
> #!/usr/bin/env raku
> my $a = "name with spaces";
> my $b = "name\nwith newline";
> say "file 1: |$a|";
> say "file 2: |$b|";
> 
> And executing it:
> 
> $ ./read.raku
> file 1: |name with spaces|
> file 2: |name
> with newlines|
> 
> With Raku, it's easy to search the directory for the weird file names,
> open them, and use their contents.

You've not really demonstrated anything that can't be done in every other
scripting language.

hobbit:~$ cat foo
#!/bin/bash
a='name with spaces'
b=$'name\nwith newline'
printf 'file 1: |%s|\n' "$a"
printf 'file 1: |%s|\n' "$b"
hobbit:~$ ./foo
file 1: |name with spaces|
file 1: |name
with newline|

hobbit:~$ cat bar
#!/usr/bin/tclsh8.6
set a "name with spaces"
set b "name\nwith newline"
puts "file 1: |$a|"
puts "file 2: |$b|"
hobbit:~$ ./bar
file 1: |name with spaces|
file 2: |name
with newline|

hobbit:~$ cat baz
#!/bin/sh
a='name with spaces'
b='name
with newline'
printf 'file 1: |%s|\n' "$a"
printf 'file 2: |%s|\n' "$b"
hobbit:~$ ./baz
file 1: |name with spaces|
file 2: |name
with newline|


The only part of this that's even *slightly* awkward is loading a literal
newline into a variable in /bin/sh.  And that part drops away and ceases
to be a problem when you read the filename from some kind of input
source (such as a directory).

In real life:

hobbit:~$ mkdir /tmp/x && cd /tmp/x
hobbit:/tmp/x$ touch 'name with spaces' $'name\nwith newline'
hobbit:/tmp/x$ vi foo
hobbit:/tmp/x$ chmod +x foo
hobbit:/tmp/x$ cat foo
#!/bin/sh
for f in *; do
printf 'Next file: |%s|\n' "$f"
done
hobbit:/tmp/x$ ./foo
Next file: |foo|
Next file: |name
with newline|
Next file: |name with spaces|

There's nothing in here that requires an advanced language.  /bin/sh can
do it all perfectly well.  In fact, we haven't even reached the limits
of what /bin/sh can do yet.

hobbit:/tmp/x$ vi foo
hobbit:/tmp/x$ cat foo
#!/bin/sh
printf 'Next file: |%s|\n' *
hobbit:/tmp/x$ ./foo
Next file: |foo|
Next file: |name
with newline|
Next file: |name with spaces|

Is that useful in real life?  Maybe.  Maybe not.  But it's available.

Correct use of quotes and globs solves most of the problems that people
have with sh.

Can it solve "I have to manually paste filenames containing spaces and
punctuation out of a spreadsheet into a shell"?  No, probably not.
But then, what can?  Sometimes, the workflow is what has to change.



Re: realpath quoting

2024-05-04 Thread Tom Browder
On Fri, May 3, 2024 at 21:43 David Christensen
 wrote:
...

> My practice is to start with '#!/bin/sh' and migrate to '#!/usr/bin/env
> perl' as complexity increases.

I agree with David's direction, but ending with Raku instead of Perl.
I don't think golfing is the way to illustrate a practical solution,
so I show a short Raku script:

$ cat read.raku
#!/usr/bin/env raku
my $a = "name with spaces";
my $b = "name\nwith newline";
say "file 1: |$a|";
say "file 2: |$b|";

And executing it:

$ ./read.raku
file 1: |name with spaces|
file 2: |name
with newlines|

With Raku, it's easy to search the directory for the weird file names,
open them, and use their contents. Raku also has many built-in quoting
constructs to suit any situation.

I'll be happy to demo any of that here.

Best regards,

-Tom



Re: Installing testing on Acer Aspire 315

2024-05-04 Thread Max Nikulin

On 03/05/2024 12:16, Paul Scott wrote:
I don't have linux on the machine for which I want the information.  I 
now have the driver name from Windows/Settings.


Booting a live image may help to evaluate if hardware is supported and 
to get lspci output.


Even when windows is booted, it should be possible to find 
VendorID-ProductID pairs in device properties and search on 
https://linux-hardware.org/ and other sources.




Re: Installing testing on Acer Aspire 315

2024-05-04 Thread Max Nikulin

On 04/05/2024 13:52, Paul Scott wrote:

On 5/3/2024 11:25 PM, Max Nikulin wrote:


It may happen that F4 is not F4 unless you press and hold Fn first. It 
is default on some laptops and may be changed in firmware setup.
Inst all docs say Left Alt F4 but no combination of other keys with F4 
worked.


On my laptop F4 worked as increase screen brightness 
(XF86MonBrightnessUp) out of the box. I have not tried it with Alt. That 
is why [Fn+Alt+F4] was necessary to get the action described for [Alt+F4].


Have you tried [Alt+F1] ([Fn+Alt+F1]), F2, and other F-digit keys 
instead of F4?



Obviously vt with log is not available on the stage of grub boot menu.


I don't understand that for this install case,


Due to lack of details, I am unsure at which installation stage you 
faced issues. That is why I decided to rule out the case that you stuck 
when grub boot menu appeared.





Re: HDD long-term data storage with ensured integrity

2024-05-04 Thread Marc SCHAEFER
On Fri, May 03, 2024 at 01:50:52PM -0700, David Christensen wrote:
> Thank you for devising a benchmark and posting some data.  :-)

I did not do the comparison hosted on github.  I just wrote the
script which tests the dm-integrity on dm-raid error detection
and error correction.

> FreeBSD also offers a layered solution.  From the top down:

I prefer this approach, indeed.



Re: realpath quoting

2024-05-04 Thread DdB
Am 03.05.2024 um 21:11 schrieb David Christensen:
> I can obviously add an extra step to the process to convert the new file
> name to something acceptable before processing. However, my question was
> how to avoid that extra step by getting fully quoted filenames to process.

Today, on linux, i am using rename (perl based) to change spaces (in
filenames) into something else, or such...
HTH, DdB



Re: realpath quoting

2024-05-04 Thread DdB
Am 03.05.2024 um 21:11 schrieb David Christensen:
> I can obviously add an extra step to the process to convert the new file
> name to something acceptable before processing. However, my question was
> how to avoid that extra step by getting fully quoted filenames to process.

Not sure, if i get it right ...
Several years back, when i had to import huge amounts of files from an
outdated windows system, i found convmv to be somewhat helpful, as it is
able to adjust character sets in filenames only, without touching their
content.

gl, DdB



Re: Installing testing on Acer Aspire 315

2024-05-04 Thread Paul Scott



On 5/3/2024 11:25 PM, Max Nikulin wrote:

On 03/05/2024 13:27, Paul Scott wrote:
In the mean time, an install seemed to be working but gave an failure 
error which said it would be in the log and visible on virtual 
terminal 4, I didn't know how to get to a virtual in the installer.  
Various combinations with F4 didn't seem to work.


It may happen that F4 is not F4 unless you press and hold Fn first. It 
is default on some laptops and may be changed in firmware setup.
Inst all docs say Left Alt F4 but no combination of other keys with F4 
worked. Fortunately I was given the opportunity to execute a shell which 
showed modules not on the installation media.  I will try different iso's


Obviously vt with log is not available on the stage of grub boot menu.


I don't understand that for this install case,

Thank you,

Paul




Re: Installing testing on Acer Aspire 315

2024-05-04 Thread Max Nikulin

On 03/05/2024 13:27, Paul Scott wrote:
In the mean time, an install seemed to be working but gave an failure 
error which said it would be in the log and visible on virtual terminal 
4, I didn't know how to get to a virtual in the installer.  Various 
combinations with F4 didn't seem to work.


It may happen that F4 is not F4 unless you press and hold Fn first. It 
is default on some laptops and may be changed in firmware setup.


Obviously vt with log is not available on the stage of grub boot menu.