Re: [semi-HS] Conseil sur l'exploitation d'un serveur DNS
Le 19846ième jour après Epoch, NoSpam écrivait: > Ouvert aux 4 vents, surement pas. Plein de problèmes si le logiciel > est mal configuré. Pour réaliser ce que tu veux faire j'utilise BIND > avec sa vue local > > Perso, je connecterai tous les postes en VPN et ne ferait écouter le > serveur DNS que sur l'IP privée du VPN. Pas ou prou problème de > sécurité Sauf que là, l'OP parle de "téléphones IP", donc difficile de faire le tri. En plus, opérer un VPN "ouvert aux 4 vents", ou un DNS "ouvert pareil", je choisirais la version DNS plutôt que VPN :)
Re: [semi-HS] Conseil sur l'exploitation d'un serveur DNS
Le 19847ième jour après Epoch, Michel Verdier écrivait: > Le 3 mai 2024 Olivier a écrit : > >> 1. Une VM (sous Debian) louée chez un prestataire vous parait-elle >> suffisante ? > > Oui sauf si tu attends des milliers de requêtes Milliers par secondes ? Franchement, un prestataire qui loue des machine et qui ne peut pas supporter des floppées de requêtes DNS, j'en vois pas. >> 3. Quel retour d'expérience sur l'exploitation d'un serveur DNS >> "ouvert aux 4 vents" ? Quels problèmes de sécurité rencontre-t-on ? > > Ouvert pour fournir le dns à des personnes que tu ne connais pas ? > Au minimum fermer le serveur par un firewall et autres. Et configurer le > serveur dns en prenant les options les plus sécurisées, là ça dépend du > serveur retenu. Mais au minimum bloquer les transferts et la > récursion. Ok pour les transferts et la récursion, mais l'OP parle de "téléphones IP", je vois mal comment mettre en place un firewall pour gérer ces types d'accès.
Firefox : champs déjà mémorisés
Hello, J'ai 3 comptes bancaires (sans être riche). Je les contacte depuis Firefox. À chaque banque je coche "enregistrer les informations". Banque 1 : les champs n° compte et mot de passe sont remplis, je n'ai plus qu'à cliquer sur envoyer, Banque 2 : seul le champ n° compte est rempli, Banque 3 : les 2 champs sont vides. Comment se fait-il, pourquoi le cache ne fonctionne pas ? Merci.
Re: [semi-HS] Conseil sur l'exploitation d'un serveur DNS
Le 19846ième jour après Epoch, Olivier écrivait: > Bonjour, > > J'envisage de mettre en place un serveur DNS dont le rôle serait de > résoudre des requêtes sur un de mes domaines. Il y a des chances que ton registrar te propose son propre DNS. Pourquoi ne pas l'utiliser ? > Imaginons que je possède le domaine masociete.com > Le serveur recevra des requètes d'Internet sur des sous-domaines comme > client12345.masociete.com en provenance d'appareils (téléphones IP) > qui peuvent assez rustiques au niveau réseau. > > Mes exigences sont : > > 1- je puisse "facilement" ajouter-retirer-modifier des sous-domaines Tout dépends de ce que tu appelles "facilement", mais par exemple le registrar GANDI propose des API pour gérer tes enregistrements. > > 2- personne ne puisse énumérer mes sous-domaines ie savoir que les > sous-domaines client1.masociete.com et client2.masociete.com > existent et le les sous-domaine client3.masociete.com n'existe pas > (encore), C'est dépendant de ce que tu vas choisir comme outil, mais en général ils possèdent un paramètre qui va restreindre qui a le droit de faire un transfert de données. > 3- le serveur soit protégée-protégeable contre les attaques par Déni > de Service Tu peux difficilement te battre contre une armée de 2^32 (ou plus) de machines zombies, mais des services comme CloudFlare vont pouvoir répondre à ce besoin. Moyennant finances bien sûr. Mais le déni de service n'a pas forcément de rapport avec le type de serveur DNS que tu vas choisir. > Mes questions : > > 1. Une VM (sous Debian) louée chez un prestataire vous parait-elle > suffisante ? Carrément. C'est même presque overkill. > 2. Quel logiciel recommandez-vous ? Bind9 ? Un gros standard bien stable. > 3. Quel retour d'expérience sur l'exploitation d'un serveur DNS > "ouvert aux 4 vents" ? Quels problèmes de sécurité rencontre-t-on ? J'opère mon DNS depuis bientôt 25 ans (Ouch !) et je n'ai jamais eu de soucis majeurs avec. La migration bind8 vers bind9 a été un peu rugueuse, mais j'ai survécu ;) Je pense que la question majeure est: "Ai-je vraiment besoin d'opérer moi-même mon DNS?" Mes 2¢
Kvm Bridge Network Problem
I am running Bookworm on my main platform. After quite a bit of googling and many errors and much head scratching I have managed to follow the instructions in: https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/ . I have currently implicated this on a Windows 10 client. However, there still remains a problem. After the first restart of the Windows client the internet was accessible. However, a problem arose after I successfully installed br0 (copy attached). I was able to use the LAN printer and the 40" TV , but could not access the Host. I'm sure that I have missed something, but I don't know what. Guidance to a solution to the problem would be appreciated. Thanks in advance, -- Stephen P. Molnar, Ph.D. https://insilicochemistry.net (614)312-7528 (c) Skype: smolnar1 # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # Specify that the physical interface that should be connected to the bridge # should be configured manually, to avoid conflicts with NetworkManager iface enp2s0 inet manual #Primary network interface with bridge auto br0 iface br0 inet static address 162.237.98.238 broadcast 162.237.98.255 netmask 255.255.255.0 gateway 162.237.98.1 bridge_ports enp2s0 bridge_stp off bridge_waitport 0 bridge fd 0
Re: Zutty fonts - zutty always uses the same font and fontsize
On 02/05/2024 15:17, Richmond wrote: It understands the font names from xfontsel which is a major improvement on zutty. I have nothing against raster fonts for terminal applications, but I am surprised that support of X Logical Font Description may be considered as an improvement in comparison with an application relying on fontconfig. I have never tried zutty, but I would expect something like (assuming fonts-liberation2 installed) zutty -font LiberationMono -fontsize 24 However applications are usually more liberal concerning specifying vector fonts and use various fallbacks and substitutions.
Re: realpath quoting
On Sat, May 04, 2024 at 08:22:27AM -0500, Tom Browder wrote: > $ cat read.raku > #!/usr/bin/env raku > my $a = "name with spaces"; > my $b = "name\nwith newline"; > say "file 1: |$a|"; > say "file 2: |$b|"; > > And executing it: > > $ ./read.raku > file 1: |name with spaces| > file 2: |name > with newlines| > > With Raku, it's easy to search the directory for the weird file names, > open them, and use their contents. You've not really demonstrated anything that can't be done in every other scripting language. hobbit:~$ cat foo #!/bin/bash a='name with spaces' b=$'name\nwith newline' printf 'file 1: |%s|\n' "$a" printf 'file 1: |%s|\n' "$b" hobbit:~$ ./foo file 1: |name with spaces| file 1: |name with newline| hobbit:~$ cat bar #!/usr/bin/tclsh8.6 set a "name with spaces" set b "name\nwith newline" puts "file 1: |$a|" puts "file 2: |$b|" hobbit:~$ ./bar file 1: |name with spaces| file 2: |name with newline| hobbit:~$ cat baz #!/bin/sh a='name with spaces' b='name with newline' printf 'file 1: |%s|\n' "$a" printf 'file 2: |%s|\n' "$b" hobbit:~$ ./baz file 1: |name with spaces| file 2: |name with newline| The only part of this that's even *slightly* awkward is loading a literal newline into a variable in /bin/sh. And that part drops away and ceases to be a problem when you read the filename from some kind of input source (such as a directory). In real life: hobbit:~$ mkdir /tmp/x && cd /tmp/x hobbit:/tmp/x$ touch 'name with spaces' $'name\nwith newline' hobbit:/tmp/x$ vi foo hobbit:/tmp/x$ chmod +x foo hobbit:/tmp/x$ cat foo #!/bin/sh for f in *; do printf 'Next file: |%s|\n' "$f" done hobbit:/tmp/x$ ./foo Next file: |foo| Next file: |name with newline| Next file: |name with spaces| There's nothing in here that requires an advanced language. /bin/sh can do it all perfectly well. In fact, we haven't even reached the limits of what /bin/sh can do yet. hobbit:/tmp/x$ vi foo hobbit:/tmp/x$ cat foo #!/bin/sh printf 'Next file: |%s|\n' * hobbit:/tmp/x$ ./foo Next file: |foo| Next file: |name with newline| Next file: |name with spaces| Is that useful in real life? Maybe. Maybe not. But it's available. Correct use of quotes and globs solves most of the problems that people have with sh. Can it solve "I have to manually paste filenames containing spaces and punctuation out of a spreadsheet into a shell"? No, probably not. But then, what can? Sometimes, the workflow is what has to change.
Re: realpath quoting
On Fri, May 3, 2024 at 21:43 David Christensen wrote: ... > My practice is to start with '#!/bin/sh' and migrate to '#!/usr/bin/env > perl' as complexity increases. I agree with David's direction, but ending with Raku instead of Perl. I don't think golfing is the way to illustrate a practical solution, so I show a short Raku script: $ cat read.raku #!/usr/bin/env raku my $a = "name with spaces"; my $b = "name\nwith newline"; say "file 1: |$a|"; say "file 2: |$b|"; And executing it: $ ./read.raku file 1: |name with spaces| file 2: |name with newlines| With Raku, it's easy to search the directory for the weird file names, open them, and use their contents. Raku also has many built-in quoting constructs to suit any situation. I'll be happy to demo any of that here. Best regards, -Tom
Re: Installing testing on Acer Aspire 315
On 03/05/2024 12:16, Paul Scott wrote: I don't have linux on the machine for which I want the information. I now have the driver name from Windows/Settings. Booting a live image may help to evaluate if hardware is supported and to get lspci output. Even when windows is booted, it should be possible to find VendorID-ProductID pairs in device properties and search on https://linux-hardware.org/ and other sources.
Re: Installing testing on Acer Aspire 315
On 04/05/2024 13:52, Paul Scott wrote: On 5/3/2024 11:25 PM, Max Nikulin wrote: It may happen that F4 is not F4 unless you press and hold Fn first. It is default on some laptops and may be changed in firmware setup. Inst all docs say Left Alt F4 but no combination of other keys with F4 worked. On my laptop F4 worked as increase screen brightness (XF86MonBrightnessUp) out of the box. I have not tried it with Alt. That is why [Fn+Alt+F4] was necessary to get the action described for [Alt+F4]. Have you tried [Alt+F1] ([Fn+Alt+F1]), F2, and other F-digit keys instead of F4? Obviously vt with log is not available on the stage of grub boot menu. I don't understand that for this install case, Due to lack of details, I am unsure at which installation stage you faced issues. That is why I decided to rule out the case that you stuck when grub boot menu appeared.
Re: HDD long-term data storage with ensured integrity
On Fri, May 03, 2024 at 01:50:52PM -0700, David Christensen wrote: > Thank you for devising a benchmark and posting some data. :-) I did not do the comparison hosted on github. I just wrote the script which tests the dm-integrity on dm-raid error detection and error correction. > FreeBSD also offers a layered solution. From the top down: I prefer this approach, indeed.
Re: realpath quoting
Am 03.05.2024 um 21:11 schrieb David Christensen: > I can obviously add an extra step to the process to convert the new file > name to something acceptable before processing. However, my question was > how to avoid that extra step by getting fully quoted filenames to process. Today, on linux, i am using rename (perl based) to change spaces (in filenames) into something else, or such... HTH, DdB
Re: realpath quoting
Am 03.05.2024 um 21:11 schrieb David Christensen: > I can obviously add an extra step to the process to convert the new file > name to something acceptable before processing. However, my question was > how to avoid that extra step by getting fully quoted filenames to process. Not sure, if i get it right ... Several years back, when i had to import huge amounts of files from an outdated windows system, i found convmv to be somewhat helpful, as it is able to adjust character sets in filenames only, without touching their content. gl, DdB
Re: Installing testing on Acer Aspire 315
On 5/3/2024 11:25 PM, Max Nikulin wrote: On 03/05/2024 13:27, Paul Scott wrote: In the mean time, an install seemed to be working but gave an failure error which said it would be in the log and visible on virtual terminal 4, I didn't know how to get to a virtual in the installer. Various combinations with F4 didn't seem to work. It may happen that F4 is not F4 unless you press and hold Fn first. It is default on some laptops and may be changed in firmware setup. Inst all docs say Left Alt F4 but no combination of other keys with F4 worked. Fortunately I was given the opportunity to execute a shell which showed modules not on the installation media. I will try different iso's Obviously vt with log is not available on the stage of grub boot menu. I don't understand that for this install case, Thank you, Paul
Re: Installing testing on Acer Aspire 315
On 03/05/2024 13:27, Paul Scott wrote: In the mean time, an install seemed to be working but gave an failure error which said it would be in the log and visible on virtual terminal 4, I didn't know how to get to a virtual in the installer. Various combinations with F4 didn't seem to work. It may happen that F4 is not F4 unless you press and hold Fn first. It is default on some laptops and may be changed in firmware setup. Obviously vt with log is not available on the stage of grub boot menu.