Re: About dash as sh

[Mike Castle]

bash is still 10x larger than dash:
$ ls -l /bin/[bd]ash
-rwxr-xr-x 1 root root 1265648 Apr 23  2023 /bin/bash
-rwxr-xr-x 1 root root  125640 Jan  5  2023 /bin/dash

I would not be surprised if that impacts things like initrd and other
resource constrained environments.


Generally speaking, standards require multiple implementations.  So
having dash and bash leads to more consistency, not less.

Folks have been using different shells for interactive and scripting
usage for years.  Just check in with anyone who uses csh for their
interactive shell.  That does not mean they write scripts in csh.

Bash is known to have deviations from POSIX compliance, even in POSIX
mode (though much fewer than I remember from the last time I bothered
checking).

On the other hand, it appears that POSIX is in the middle of a cycle
introducing new shell features and Bash is actively implementing them.
I have no idea if dash is doing similar.  So it could be that, in a
year or two, Bash is more compliant than dash.

mrc

Re: System time/timezone, was Re: Maximum size .bash_aliases file

[tomas]

On Thu, Jun 20, 2024 at 11:17:42PM -0500, David Wright wrote:
> On Thu 20 Jun 2024 at 22:58:53 (-0400), Greg Wooledge wrote:
> > On Fri, Jun 21, 2024 at 09:32:10 +0700, Max Nikulin wrote:
> > > On 20/06/2024 11:52, to...@tuxteam.de wrote:

[...]

> Well, that's a mouthful. And what am I to call the time that a system
> issues using that system default time zone? If I boot up two computers
> and they display different times, what term is appropriate in your
> opinion to describe the time displayed?

The first step would be to realize that it's not the "computers" doing
the time display, but some processes running on them, and *those* are
the ones with the time zone (either default or explicitly set).

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: System time/timezone, was Re: Maximum size .bash_aliases file

[tomas]

On Fri, Jun 21, 2024 at 09:32:10AM +0700, Max Nikulin wrote:
> On 20/06/2024 11:52, to...@tuxteam.de wrote:
> > "the system's
> > time zone" (of which some, me included, say "there's no such thing",
> > and others disagree 🙂
> 
> What term is appropriate in your opinion do describe the setting stored as
> the /etc/localtime symlink? localtime(5)

The default time zone (i.e. that one which is used when some
process calls for one and hasn't specified one itself).

> On 19/06/2024 11:37, to...@tuxteam.de wrote:
> > Especially that bit with the "system timezone". Reminds me of some
> > remote past, where a system actually had a timezone (and changed its
> > clock twice a year). Back then we used to set all our networked
> > Windows boxen to a time zone without summer time change (ISTR it
> > was Monrovia/Liberia) to avoid having our Makefiles freaking out
> > twice a year.
> 
> I recall a checkbox do disable DST in Windows 95 or Windows 98, so perhaps
> searching for a timezone without DST was not necessary.

It's a log time ago, but we were a shop with a few pretty knowledgeable folks,
so I guess we first tried something like that.

> By the way,
>  describes another style of
> identifiers in the Microsoft TZ DB. At certain point I have realized that
> "time zone" and "timezone" have a bit different meaning in the case of the
> IANA database 

It's a complex matter, yes. Food for nerds :)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: mounting external hard drive from rescue mode shell?

[David Christensen]

On 6/20/24 19:10, Max Nikulin wrote:

On 20/06/2024 12:06, David Christensen wrote:

You can use the fdisk(8) command to list the partitions on a drive.


lsblk --fs

perhaps with "-o +SIZE" may be more convenient to get overview of drives.



The debian-11.9.0-amd64-netinst rescue shell does not include lsblk(8):

~ # lsblk
/bin/sh: lsblk: not found


David

Re: Modifying Desktop Icons

[tomas]

On Thu, Jun 20, 2024 at 09:33:22PM +0100, Brad Rogers wrote:

[...]

> This is (one) reason why using undocumented features is a Bad Thing™.

It doesn't seem to be "undocumented": on the contrary, it's rather
"overdocumented" (two different ways in two different places), but
thanks to some intrepid users in this thread we do know that both
ways work.

In Greg's words, it seems to be something something desktop.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Maximum size .bash_aliases file

[David Wright]

On Thu 20 Jun 2024 at 21:00:38 (+1000), Keith Bainbridge wrote:
> On 17/6/24 18:26, Keith Bainbridge wrote:
> > 
> > It was late afternoon on 16Jun2024 that I wrote this. Possibly
> > 18:13:36 when I pressed send. I'd reckon it would likely have been
> > 08:13:36 UTC   What's wrong with my system clock. I've not really
> > looked at the time on my originals before.  I'll try to remember
> > to enter my local time as I press send
> 
> Thanks for those responses. [ … ]
> 
> I reskon that they seem to indicate that the date/time in my original
> question are fine. the difficulty is more related to how we humans are
> interpreting the information we are reading.
> 
> https://manpages.debian.org/bookworm/manpages-dev/strftime.3.en.html
> 
> is a list of place names for MANY parts of a date layout. I have set
> up the following code in my text substitution app:
> "%a %d%b%Y at %H:%M:%S =UTC %Z"
> 
> Triggering that give me
> Thu 20Jun2024 at 20:51:19 =UTC +10:00
> 
> Seems to me that if the code writers of our various MUA would add the
> +UTC to the line that prints the various dates, we'd understand what
> they mean better.
> 
> Meantime, we have to accept what we have.

You could pronounce your time written above as:

  "It's Thu 20Jun2024 at 20:51:19 here, where clocks are UTC+10:00"

if that's indeed your intention. But what you've done is invent
some notation of your own, which people will likely misunderstand.

I think it best to look up these references and follow them:

  https://en.wikipedia.org/wiki/ISO_8601
  https://www.ietf.org/rfc/rfc3339.txt

IMHO I think that email attributions are best presented in and with
the time zone of the sender, and not oneself.

Cheers,
David.

Re: UEFI secure boot issue

[Bhasker C V]

On Thu, Jun 20, 2024 at 3:57 PM Jeffrey Walton  wrote:
>
> On Thu, Jun 20, 2024 at 9:23 AM Bhasker C V  wrote:
> >
> > I generated a pr/pk pair and the kernel is signed. Placed them in the
> > kernel tree and compiled the kernel.
>
> I don't think you are supposed to check-in/compile-in the private key.
> It is usually supposed to stay private.
>
> > Could someone tell me what am I doing wrong please ?
> >
> > Below is the status (I am using loader.efi from linuxfoundation)
> > When i boot debian stock kernel signed, i see that the secure boot
> > gets enabled (hence bios and everything else seems to be fine with the
> > same UEFI loader).
> > However, when I boot the compiled kernel I get
> >
> > $ dmesg | grep -i secure
> > [0.007085] Secure boot could not be determined
> >
> >
> > $ sbverify --list bootx64.efi
> > warning: data remaining[91472 vs 101160]: gaps between PE/COFF sections?
> > signature 1
> > image signature issuers:
> >  - /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft
> > Corporation UEFI CA 2011
> > image signature certificates:
> >  - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
> > Corporation/OU=MOPR/CN=Microsoft Windows UEFI Driver Publisher
> >issuer:  /C=US/ST=Washington/L=Redmond/O=Microsoft
> > Corporation/CN=Microsoft Corporation UEFI CA 2011
> >  - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
> > Corporation/CN=Microsoft Corporation UEFI CA 2011
> >issuer:  /C=US/ST=Washington/L=Redmond/O=Microsoft
> > Corporation/CN=Microsoft Corporation Third Party Marketplace Root
> > $ sbverify  --list ./loader.efi
> > signature 1
> > image signature issuers:
> >  - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> > image signature certificates:
> >  - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> >issuer:  /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> > $ sbverify  --list ../../linux/k.bcv
> > signature 1
> > image signature issuers:
> >  - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> > image signature certificates:
> >  - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> >issuer:  /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
>
>
> Have a look at , and the use of
> the Machine Owner Key (MOK).

Thanks Jeff. I did follow this.
Like I had mentioned before, the stock kernel still works in
locked-down mode with secure boot whereas the kernel I have compiled
and signed does not.
Is there a way to debug this on why exactly does this not work ?

>
> Jeff

Re: System time/timezone, was Re: Maximum size .bash_aliases file

[David Wright]

On Thu 20 Jun 2024 at 22:58:53 (-0400), Greg Wooledge wrote:
> On Fri, Jun 21, 2024 at 09:32:10 +0700, Max Nikulin wrote:
> > On 20/06/2024 11:52, to...@tuxteam.de wrote:
> > > "the system's
> > > time zone" (of which some, me included, say "there's no such thing",
> > > and others disagree 🙂
> > 
> > What term is appropriate in your opinion do describe the setting stored as
> > the /etc/localtime symlink? localtime(5)
> 
> I've been using "system default time zone", for lack of a better phrase.
> I feel it's important to convey that this is *not* a global setting that
> affects "the system" in some universal way.  Like, for example, changing
> where /etc/localtime points will (probably) *not* change the behavior
> of any programs that are already running.  Nor will it change the behavior
> of any programs that have the TZ environment variable set, or any that
> simply ignore time zones and write everything in UTC or TAI64 or whatever.
> 
> It's just a default that many, but not all, programs may use when they run.

Well, that's a mouthful. And what am I to call the time that a system
issues using that system default time zone? If I boot up two computers
and they display different times, what term is appropriate in your
opinion to describe the time displayed?

Cheers,
David.

Re: How to recover when monitor goes blank.

[Felix Miata]

Ram Ramesh composed on 2024-06-20 22:58 (UTC-0400):

>> Did you try 'e' as I suggested, or read that page? From there:

>> [quote]
>> 'e' will force the display to be enabled, i.e. it will override the detection
>> if a display is connected.
>> [/quote]

> Ok, I will try it, but that is a reboot. I guess if I booted with that 
> switch, it will always be on and I would not reach a point of blank 
> screen. Make sense.

> I just do not like forcing resolution, but better than broken display.

The foibles of life complicated by a KVM switch. :p I hope it does what it 
claims.

If not, I suppose you could connect both Debian PC and laptop to display at the
same time, and use the display's input switch instead of the KVM for video out.
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: How to recover when monitor goes blank.

[Ram Ramesh]

Did you try 'e' as I suggested, or read that page? From there:

[quote]
'e' will force the display to be enabled, i.e. it will override the detection
if a display is connected.
[/quote]


Ok, I will try it, but that is a reboot. I guess if I booted with that 
switch, it will always be on and I would not reach a point of blank 
screen. Make sense.


I just do not like forcing resolution, but better than broken display.

Regards
Ramesh

Re: System time/timezone, was Re: Maximum size .bash_aliases file

[Greg Wooledge]

On Fri, Jun 21, 2024 at 09:32:10 +0700, Max Nikulin wrote:
> On 20/06/2024 11:52, to...@tuxteam.de wrote:
> > "the system's
> > time zone" (of which some, me included, say "there's no such thing",
> > and others disagree 🙂
> 
> What term is appropriate in your opinion do describe the setting stored as
> the /etc/localtime symlink? localtime(5)

I've been using "system default time zone", for lack of a better phrase.
I feel it's important to convey that this is *not* a global setting that
affects "the system" in some universal way.  Like, for example, changing
where /etc/localtime points will (probably) *not* change the behavior
of any programs that are already running.  Nor will it change the behavior
of any programs that have the TZ environment variable set, or any that
simply ignore time zones and write everything in UTC or TAI64 or whatever.

It's just a default that many, but not all, programs may use when they run.

Re: System time/timezone, was Re: Maximum size .bash_aliases file

[Max Nikulin]

On 20/06/2024 11:52, to...@tuxteam.de wrote:

"the system's
time zone" (of which some, me included, say "there's no such thing",
and others disagree 🙂


What term is appropriate in your opinion do describe the setting stored 
as the /etc/localtime symlink? localtime(5)


On 19/06/2024 11:37, to...@tuxteam.de wrote:

Especially that bit with the "system timezone". Reminds me of some
remote past, where a system actually had a timezone (and changed its
clock twice a year). Back then we used to set all our networked
Windows boxen to a time zone without summer time change (ISTR it
was Monrovia/Liberia) to avoid having our Makefiles freaking out
twice a year.


I recall a checkbox do disable DST in Windows 95 or Windows 98, so 
perhaps searching for a timezone without DST was not necessary. By the 
way,  describes another 
style of identifiers in the Microsoft TZ DB. At certain point I have 
realized that "time zone" and "timezone" have a bit different meaning in 
the case of the IANA database 

Re: mounting external hard drive from rescue mode shell?

[Max Nikulin]

On 20/06/2024 12:06, David Christensen wrote:

You can use the fdisk(8) command to list the partitions on a drive.


lsblk --fs

perhaps with "-o +SIZE" may be more convenient to get overview of drives.

Re: Modifying Desktop Icons

[Max Nikulin]

On 21/06/2024 00:26, Pranjal Singh wrote:

What I've done is changing /usr/share/applications/firefox.desktop:

- Exec=firefox %u
+ Exec=firefox -private-window %u

I also created a desktop file in ~/.local/share/applications, but
that too didn't work.


You may file a bug (if it does not exist yet) against the Debian package 
to add alternative actions in the desktop file, see



It would not open private widow by default though, it just would make it 
available from GUI.


Have you checked your files using the desktop-file-validate tool?

Are you sure that your desktop environment uses namely files you have 
edited, not a copy of the original file? Menus may use cache with data 
extracted from desktop files instead of files directly. Try to set 
unique Name and Comment.


Notice that the firefox-esr bookworm package contains 
/usr/share/applications/firefox-esr.desktop, not 
/usr/share/applications/firefox.desktop. I would avoid editing 
/usr/share/applications/firefox-esr.desktop since every package update 
means revert to original version with loosing changes.

Re: Re: Having ten thousands of mount bind causes various processes to go into loops

[Julien Petit]

> This can be solved with ACLs. Instead of creating a bind mount, this process 
> that allows the user to share the directory can set an ACL and create a 
> symlink.

For a few users maybe but not that easy when you have many thousands
users (that on top do not have local accounts). We'd probably hit
another ACL limitation.

Then again, this thread was not about finding new ways of doing what
we do but to know the reason it stopped working. Is it a new
limitation or a bug?

> PS: It would be better if you used a mailer that correctly sets mail headers 
> References and/or In-Reply-To so that your replies are properly threaded.

Sorry about that, i use the link provided on the list for mails i
don't receive in my mailbox directly and gmail doesn't seem to be good
about it...

Re: Having ten thousands of mount bind causes various processes to go into loops

[Julien Petit]

> PS: if you maintain your own software and aren't able to find a way for your 
> user to do shares - especially while systems that most likely have such 
> functionality built-in out of the box surely exist, think Nextcloud etc - 
> that is covered by how Linux is supposed to be used, by definition it's 
> pretty much out of support.

Nextcloud doesn't offer sftp or rsync access to users that i know of.
The specifications are much simpler because they only deal with web
access (the web interface and the webdav server written in PHP).

How Linux is supposed to be used? That's why i'm here. There wasn't
until kernel 4.19 an official limit to the number of mounts in the
documentation. Even though we use mounts a lot, we're still far from
the official limit. Did we get lucky for 15 years and we should change
the way we do things or is it a bug ? I will now take this to the
kernel team and see what they have to say about it.

> Especially if you keep insisting on using a way that was never officially 
> supported, just because you got away with it for 15 years.

That's the very question i guess! How much mount is too much mount ;)

Thanks again for your help.

Re: Having ten thousands of mount bind causes various processes to go into loops

[Julien Petit]

> At this point, I kinda doubt this issue has anything to do with Debian 
> itself, but will most likely be an issue/limitation of the Linux Kernel 
> itself.

>From my latest tests, it seems to point that way. Kernel 5.4 came with
a new mount API and it seems to break since then.
During my search, i also found that since kernel 4.19, there is a
default limit of mount set to 100 000 to avoid DOS.
We're still far from it.

Re: How to recover when monitor goes blank.

[Felix Miata]

Ram Ramesh composed on 2024-06-20 17:43 (UTC-0500):

>> Not to recover, but to perhaps prevent, via kernel cmdline, one can direct 
>> the
>> kernel which framebuffer mode to force-enable with video=, e.g.:

>>  video=2560x1440@60e

>> https://www.kernel.org/doc/Documentation/fb/modedb.txt

> I think kernel thinks that no monitor is attached or KB is present. I 
> want to remote login and tell it to look again and find them.
> It appears like there is no magic incantation exists for that. I was 
> hoping a write to /sys or /proc file will do the trick, but no such 
> thing seem to exists.

Did you try 'e' as I suggested, or read that page? From there:

[quote]
'e' will force the display to be enabled, i.e. it will override the detection
if a display is connected.
[/quote]

The way I read it, if it doesn't work, it's yet another kernel bug, because it
should - prevent - not fix.
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: How to recover when monitor goes blank.

[Ram Ramesh]

Not to recover, but to perhaps prevent, via kernel cmdline, one can direct the
kernel which framebuffer mode to force-enable with video=, e.g.:

video=2560x1440@60e

https://www.kernel.org/doc/Documentation/fb/modedb.txt
--
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata


I think kernel thinks that no monitor is attached or KB is present. I 
want to remote login and tell it to look again and find them.
It appears like there is no magic incantation exists for that. I was 
hoping a write to /sys or /proc file will do the trick, but no such 
thing seem to exists.


Regards
Ramesh

About dash as sh

[Ilya Kazakevich]

Hello,

I've recently come across a bug in dash.

https://lore.kernel.org/dash/CAMQsgbSZnEac=ETYnR6a_ysnAysaHThwY03pnoDxC=p5fqt...@mail.gmail.com/T

This issue is known for 7 years:
https://groups.google.com/g/linux.debian.bugs.dist/c/c6kRE-fhyuM

Fix is 18 months old, but unfortunately not released yet. Hence, we
have this issue even in sid (as I understand).


As this bug doesn't exist in bash I started thinking: why does Debian
use dash at all (not like RH for example, which uses `bash` for `sh)?

It turned out that 27 years ago there were 2 arguments:
1) Speed: bash is much larger and slower, and boot time was affected.
2) Posix compatibility.

The former argument is probably not so important now since Debian uses
`systemd` (no more sh scripts) and, honestly, I can't imagine how bash
could be a bottleneck for anything in 2024 (if you have such
scenarios, please share).

The latter is also a little bit strange as aforenamed bug breaks POSIX
compatibility (yes, stable Debian has a bug that breaks POSIX).

Having two shells (one for scripting and other one for interactive)
might lead to some other inconsistencies (one code-base is usually
more consistent than two).

With all of that I am pretty sure there should be some reason why dash
is still `sh` in Debian, and I must be missing something.

So, what is the reason?

Thank you,

Ilya.

Re: NVIDIA drivers issue: Bug that keeps presenting on kernel 6.1.0-21

[Anssi Saari]

Daniel Rodriguez  writes:

> The solution of the post to this issue is to update the kernel from
> 6.1.0-13 -> 6.1.0.18; however, my kernel is a later version:
> 6.1.0-21-amd64, so I am stuck for solving this issue. Do you have any
> idea about what may be happening and/or how to solve it?

I wondered about this since I have no such issue. Then I remembered, you
need nvidia-driver from bookworm-updates.

$ uname -a
Linux rocket 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) 
x86_64 GNU/Linux
$ apt policy nvidia-driver
nvidia-driver:
  Installed: 525.147.05-7~deb12u1
  Candidate: 525.147.05-7~deb12u1
  Version table:
 *** 525.147.05-7~deb12u1 500
500 https://deb.debian.org/debian bookworm-updates/non-free amd64 
Packages
100 /var/lib/dpkg/status
 525.147.05-4~deb12u1 500
500 https://deb.debian.org/debian bookworm/non-free amd64 Packages

Re: Modifying Desktop Icons

[Brad Rogers]

On Thu, 20 Jun 2024 20:55:12 +0100
debian-u...@howorth.org.uk wrote:

Hello debian-u...@howorth.org.uk,

>or just try it! It works pefectly well with a single hyphen.

Now, yes.  However, at some point, that may no longer be the case.  When 
(perhaps) somebody notices that actually behaviour differs from
documented behaviour.  At which point, all the scripts stop working.

This is (one) reason why using undocumented features is a Bad Thing™.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
Do you want to play?
Play With Me - Extreme


pgp1_yxqZmMy3.pgp
Description: OpenPGP digital signature

Re: Modifying Desktop Icons

[Greg Wooledge]

> > > Assuming that's not a typo, please try:
> > > 
> > > --private-window  
> > 
> > Yep. Asking firefox itself (firefox --help) confirms that the
> > option wants two dashes.
> 
> See https://wiki.mozilla.org/Firefox/CommandLineOptions#-private-window
> 
> or just try it! It works pefectly well with a single hyphen.

It seems to work either way, with firefox-esr 115.12.0esr-1~deb12u1 .
I tested with https://www.debian.org/>
and https://www.debian.org/>.

So... in that case, we don't know why the OP's thing isn't working.
Something something desktop blah blah.  Try to find a log file where
you can see what's wrong.  If it's not a DE, you might be able to
find logs in ~/.xsession-errors but with a Fancy Desktop Environment,
the logs could be *anywhere*.  Or nowhere.

Re: How to recover when monitor goes blank.

[Felix Miata]

Ram Ramesh composed on 2024-06-19 15:45 (UTC-0500):

>    I have my monitor, keyboard and mouse shared through a KVM switch. 
> One host is Linux Debian bookworm 12.5 and another is laptop running 
> Windows 11. When I leave KVM on the laptop side for extended period I 
> have issues switching back to Debian side. When I switch, the screen is 
> blank and KB does not respond as if Debian is running headless. I had to 
> remote login and reboot Debian side with KVM locked on this side to get 
> back the monitor/KB. This happens regardless of whether I am in Xorg or 
> VT.  I do not know how to force Debian/Linux to check for monitor/KB 
> again after extended period of disconnect when it has assumed it is 
> running headless. Any solutions?

Not to recover, but to perhaps prevent, via kernel cmdline, one can direct the
kernel which framebuffer mode to force-enable with video=, e.g.:

video=2560x1440@60e

https://www.kernel.org/doc/Documentation/fb/modedb.txt
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: Modifying Desktop Icons

[debian-user]

 wrote:
> On Tue, Jun 18, 2024 at 01:38:00AM +0100, Gareth Evans wrote:
> >   
> > > On 17 Jun 2024, at 20:45, Pranjal Singh
> > >  wrote:
> > > 
> > > 
> > > Hi,
> > > 
> > > I am trying to modify the Firefox desktop icon so that it opens
> > > an incognito window by default.
> > > 
> > > ...
> > > 
> > > - Exec=firefox %u
> > > + Exec=firefox -private-window %u
> > >   
> > 
> > Assuming that's not a typo, please try:
> > 
> > --private-window  
> 
> Yep. Asking firefox itself (firefox --help) confirms that the
> option wants two dashes.

See https://wiki.mozilla.org/Firefox/CommandLineOptions#-private-window

or just try it! It works pefectly well with a single hyphen.

Re: Modifying Desktop Icons

[debian-user]

Greg Wooledge  wrote:
> On Thu, Jun 20, 2024 at 22:56:33 +0530, Pranjal Singh wrote:
> > It runs regular Firefox after adding the -private-window flag.
> > 
> > To get a MWE, I made these changes later:
> > - Exec=firefox -private-window %u
> > - StartupWMClass=firefox
> > +Exec=gnome-calculator  
> 
> Did you see Gareth's reply at
> ?
> 
> It's supposed to be --private-window with two leading hyphens, not
> one, he said.

He was wrong according to Mozilla's documentation.

Re: How to recover when monitor goes blank.

[Ram Ramesh]

My Debian machines have Xfce. I configure Applications Menu -> 
Settings-> Power Manager -> Display -> Display power management -> Off.

David


This is not a dpms issue. This is the OS thinking that it is not 
attached to a monitor/KB.  I can remote login and remove dpms any time. 
Besides this happens in a VT also where there is no xfce. I just do not 
know how to tell Linux/OS that a monitor and kb is attached and it 
should look for enabling the respective drivers. I thought xrandr is the 
way to go, but that is only when Xorg is running and not when we are at 
a VT login prompt.


Regards
Ramesh

Re: Modifying Desktop Icons

[tomas]

On Thu, Jun 20, 2024 at 02:10:38PM -0400, Jeffrey Walton wrote:
> On Tue, Jun 18, 2024 at 12:23 AM Gareth Evans  wrote:
> >
> > On 17 Jun 2024, at 20:45, Pranjal Singh  wrote:
> >
> > I am trying to modify the Firefox desktop icon so that it opens
> > an incognito window by default.
> > ...
> >
> > - Exec=firefox %u
> > + Exec=firefox -private-window %u
> >
> > Assuming that's not a typo, please try:
> >
> > --private-window
> >
> > (NB two hyphens at the beginning)
> >
> > This works for me on Mate.
> 
> According to Mozilla documentation at
> , it is one
> hyphen, not two.

And according to "firefox --help" it's two, not one. Never trust the
internet, I s'ppose :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Modifying Desktop Icons

[tomas]

On Tue, Jun 18, 2024 at 01:38:00AM +0100, Gareth Evans wrote:
> 
> > On 17 Jun 2024, at 20:45, Pranjal Singh  wrote:
> > 
> > 
> > Hi,
> > 
> > I am trying to modify the Firefox desktop icon so that it opens
> > an incognito window by default.
> > 
> > ...
> > 
> > - Exec=firefox %u
> > + Exec=firefox -private-window %u
> > 
> 
> Assuming that's not a typo, please try:
> 
> --private-window

Yep. Asking firefox itself (firefox --help) confirms that the
option wants two dashes.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: suggestion of upgrade to 12

[Andrew M.A. Cater]

On Thu, Jun 20, 2024 at 11:09:35AM +0800, Jeff Peng wrote:
> Hello,
> 
> I am running a small mailserver with debian 11 for many years. It's quite
> solid.
> Though I have read this article:
> https://www.cherryservers.com/blog/debian-12-bookworm-release
> do you think there is any need for me to upgrade from 11 to 12?
> just for the newer software like postfix, dovecot?
> 
> Thanks.
>

The last upload for Debian 11 as a point release is scheduled for the end of 
June: it then goes to LTS.

I _definitely_ suggest reading the reading notes and updating to Bookworm.

All the very best,

Andy 

Re: Modifying Desktop Icons

[Jeffrey Walton]

On Tue, Jun 18, 2024 at 12:23 AM Gareth Evans  wrote:
>
> On 17 Jun 2024, at 20:45, Pranjal Singh  wrote:
>
> I am trying to modify the Firefox desktop icon so that it opens
> an incognito window by default.
> ...
>
> - Exec=firefox %u
> + Exec=firefox -private-window %u
>
> Assuming that's not a typo, please try:
>
> --private-window
>
> (NB two hyphens at the beginning)
>
> This works for me on Mate.

According to Mozilla documentation at
, it is one
hyphen, not two.

Jeff

Re: Modifying Desktop Icons

[Greg Wooledge]

On Thu, Jun 20, 2024 at 22:56:33 +0530, Pranjal Singh wrote:
> It runs regular Firefox after adding the -private-window flag.
> 
> To get a MWE, I made these changes later:
> - Exec=firefox -private-window %u
> - StartupWMClass=firefox
> +Exec=gnome-calculator

Did you see Gareth's reply at
?

It's supposed to be --private-window with two leading hyphens, not one,
he said.

Re: Modifying Desktop Icons

[Pranjal Singh]

Hi Eben,

Sorry for the late reply.
I realise I could've added more details.

On 18/06/24 01:31, e...@gmx.us wrote:

On 6/17/24 15:29, Pranjal Singh wrote:

Hi,

I am trying to modify the Firefox desktop icon so that it opens
an incognito window by default.


...


What I've done is changing /usr/share/applications/firefox.desktop:

- Exec=firefox %u
+ Exec=firefox -private-window %u

I also created a desktop file in ~/.local/share/applications, but
that too didn't work.


How didn't it work?  Did it run regular Firefox, or not run at all?


It runs regular Firefox after adding the -private-window flag.

To get a MWE, I made these changes later:
- Exec=firefox -private-window %u
- StartupWMClass=firefox
+Exec=gnome-calculator

This too doesn't change anything.
Meanwhile, I also found some seemingly unhelpful documentation at
https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s07.html 
(Exec key - says what I expected)
https://specifications.freedesktop.org/desktop-entry-spec/latest/index.html 
(The entire specification)


Any ideas, anyone?

Grateful,
Pranjal

Re: suggestion of upgrade to 12

[Jeffrey Walton]

On Thu, Jun 20, 2024 at 10:08 AM Richard  wrote:
>
> The question with Linux isn't if there's a need to update to the latest 
> version (of the distro) like on Windows, but rather what's keeping you from 
> updating? If there's no urgent reason to stick to 11, update. 11 is now 
> oldstable and will become oldoldstable mid next year. Thus, it currently 
> becomes fewer updates - no idea how the situation is with security updates 
> compared to stable. 10 reaches end of life in about a month or so. So that's 
> the timetable you'll need to keep in mind. Of course, right now there isn't 
> anything forcing you to update, you merely need to update within the next two 
> years to keep getting updates. But chances are very low with more 
> conservative distros like Debian that upgrading will have more drawbacks than 
> benefits. Of course it can always be a smart choice to wait for the first one 
> or two dot releases, as they will fix issues previously unnoticed or where 
> the fix wasn't ready on time. But that's all.

One additional data point to consider... there are folks who have
exploits written for vulnerabilities that the community does not know
about.

Generally speaking, the older the software, the more exploits are
available. Developers generally don't work on old versions of their
software. Instead, they fix some things, release a new version and
move on. The only chance to fix the vulnerability is move to a newer
version of the software by building it yourself or using the latest
distro release.

Folks who deal in vulnerabilities and exploits adore the old software
because nothing gets fixed, so their exploits continue to work on old
versions of software. As Greg Kroah-Hartman noted: [1]

We have a very bad history of keeping bugs alive for a long time.
Somebody did a check of it, most known bugs live for five years in
systems. These are things that people know and know how to exploit.
They’re not closed. That’s a problem in our infrastructure...

CVE tracking is not the answer because that assumes every exploitable
bug is tagged with a CVE. There are lots of bugs out there that are
not tracked with a CVE, yet are exploitable. See, for example, the
TTY1 layer bug discussed in [1]. It took over 3 years to figure out it
was exploitable and for the patches to be backported.

(I have first hand knowledge of how one firm operates. The firm sells
their exploits to Northrop Grumman Electronic Warfare Division.)

[1] 
https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/

Jeff

> Am Do., 20. Juni 2024 um 09:58 Uhr schrieb Jeff Peng :
>>
>> I am running a small mailserver with debian 11 for many years. It's
>> quite solid.
>> Though I have read this article:
>> https://www.cherryservers.com/blog/debian-12-bookworm-release
>> do you think there is any need for me to upgrade from 11 to 12?
>> just for the newer software like postfix, dovecot?
>>
>> Thanks.

Re: UEFI secure boot issue

[Jeffrey Walton]

On Thu, Jun 20, 2024 at 9:23 AM Bhasker C V  wrote:
>
> I generated a pr/pk pair and the kernel is signed. Placed them in the
> kernel tree and compiled the kernel.

I don't think you are supposed to check-in/compile-in the private key.
It is usually supposed to stay private.

> Could someone tell me what am I doing wrong please ?
>
> Below is the status (I am using loader.efi from linuxfoundation)
> When i boot debian stock kernel signed, i see that the secure boot
> gets enabled (hence bios and everything else seems to be fine with the
> same UEFI loader).
> However, when I boot the compiled kernel I get
>
> $ dmesg | grep -i secure
> [0.007085] Secure boot could not be determined
>
>
> $ sbverify --list bootx64.efi
> warning: data remaining[91472 vs 101160]: gaps between PE/COFF sections?
> signature 1
> image signature issuers:
>  - /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft
> Corporation UEFI CA 2011
> image signature certificates:
>  - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
> Corporation/OU=MOPR/CN=Microsoft Windows UEFI Driver Publisher
>issuer:  /C=US/ST=Washington/L=Redmond/O=Microsoft
> Corporation/CN=Microsoft Corporation UEFI CA 2011
>  - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
> Corporation/CN=Microsoft Corporation UEFI CA 2011
>issuer:  /C=US/ST=Washington/L=Redmond/O=Microsoft
> Corporation/CN=Microsoft Corporation Third Party Marketplace Root
> $ sbverify  --list ./loader.efi
> signature 1
> image signature issuers:
>  - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> image signature certificates:
>  - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
>issuer:  /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> $ sbverify  --list ../../linux/k.bcv
> signature 1
> image signature issuers:
>  - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
> image signature certificates:
>  - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
>issuer:  /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv


Have a look at , and the use of
the Machine Owner Key (MOK).

Jeff

Re: testing, various tmpfs /run directories, df -x tmpfs

[songbird]

David Wright wrote:
> On Tue 18 Jun 2024 at 19:29:31 (-0400), songbird wrote:
>
>> "df -x tmpfs" does the magic and gives me the better view that is
>> more useful.
>
> FWIW I define dfree as:
>
>   df --output=source,ipcent,fstype,size,used,avail,pcent,target -B 100 -x 
> tmpfs -x devtmpfs -x fuse.portal | sed -E 's/([^ ] )/\1 /g'

  :)


> which produces a listing like:
>
>   $ dfree
>   Filesystem  IUse%  Type  1MB-blocksUsed   Avail  Use%  Mounted  on
>   /dev/nvme0n1p223%  ext4   30783   17131   12063   59%  /
>   /dev/nvme0n1p3 3%  ext4   307831922   272727%  /apex-partial
>   /dev/nvme0n1p1  -  vfat 523  21 5025%  /boot/efi
>   /dev/dm-0  2%  ext4  390073  186974  183209   51%  /home
>   $ 
>
> For filesystems, I find a uniform MB works better than "human-readable" sizes.

  i also find the same units better for my pea brain...  :)


  songbird

Re: MoinMoin wikis and Debian 11+

[Eduardo M KALINOWSKI]

On 20/06/2024 08:21, Greg Wooledge wrote:

As we're nearing the end of life for Debian 10, I'm still wondering
what MoinMoin wiki users are supposed to do.  (This includes
 as near as I can see from SystemInfo.)

MoinMoin 1.x requires Python2, and Debian 11 and newer don't have
Python2 any more.  They only have Python3.

Should we install Python 2.x from upstream, build it in /usr/local,
figure out all of the modules that are required for MoinMoin, build
those as well, and then symlink /usr/bin/python to our local Python2?

Or is there some path forward from MoinMoin 1.x to 2.x?  (Is MoinMoin 2.x
even a functional product?)

Or should we burn the entire site down, migrate to some other wiki
engine (please gods don't let it need PHP), and start all over?

Or should we just keep running Debian 10 past end of life?


You could run a Docker container with a Debian 10-based system with only 
what you need for MoinMoin 1.x. At least it is more isolated than 
installing Python 2.x directly in the system.


But it only postpones the problem (an so do other solutions). Eventually 
you'll need to upgrade to a newer version of MoinMoin or switch to a 
similar product. I am not familiar with the options, but perhaps another 
product can import your data.


--
BOFH excuse #129:

The ring needs another token

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: MoinMoin wikis and Debian 11+

[Dan Ritter]

Greg Wooledge wrote: 
> As we're nearing the end of life for Debian 10, I'm still wondering
> what MoinMoin wiki users are supposed to do.  (This includes
>  as near as I can see from SystemInfo.)

...

> Or should we burn the entire site down, migrate to some other wiki
> engine (please gods don't let it need PHP), and start all over?


https://gitlab.com/anarcat/moin2iki/ converts moinmoin to
ikiwiki. ikiwiki ( https://ikiwiki.info/ ) is written
in Perl, not PHP, and is packaged in Debian 12. 

-dsr-

Re: Having ten thousands of mount bind causes various processes to go into loops

[Richard]

PS: if you maintain your own software and aren't able to find a way for
your user to do shares - especially while systems that most likely have
such functionality built-in out of the box surely exist, think Nextcloud
etc - that is covered by how Linux is supposed to be used, by definition
it's pretty much out of support. Especially if you keep insisting on using
a way that was never officially supported, just because you got away with
it for 15 years.

Am Do., 20. Juni 2024 um 00:06 Uhr schrieb Julien Petit :

> We're the maintainers of our software so it's not out of support :)
> I'm here because we'd like to save a few trees reducing that cpu usage
> down :D
> Thanks again for your time!
>

Re: Having ten thousands of mount bind causes various processes to go into loops

[Richard]

Software is only tested to a certain degree. So mounts are tested to a
sensible number, if you move outside it, you have to bet on luck if it's
supported or not. At this point, I kinda doubt this issue has anything to
do with Debian itself, but will most likely be an issue/limitation of the
Linux Kernel itself. So the biggest chance to get this fixed is compile the
Kernel yourself ([1] is a great guide to do so with little to no effort,
enabling and disabling all the same features Debian uses minus any
potential additional patches. If it still occurs, you know it can't be a
Debian problem. Try with both the sources of the Kernel version you use and
the latest stable sources - 6.9.5 as of writing this. One thing though:
replace make deb-pkg from the guide with make bindeb-pkg, and with -j# set
a sensible number of concurrent jobs). If the issue still appears, head
over to [2], see if someone else has reported a similar issue and if not,
create a new bug report. This may be the only place to have the chance of
getting a fix to ever be done, beyond hiring a service firm like Collabora
etc and pay them for this specific thing.

Richard

[1]:
https://www.debian.org/doc//manuals/debian-handbook/sect.kernel-compilation.html
[2]: https://bugzilla.kernel.org/

Am Do., 20. Juni 2024 um 00:06 Uhr schrieb Julien Petit :

> You're thinking of a traditional file server in a business. Our
> solution is a cloud platform. We don't know ahead how our customers
> are going to manage their files and shares. And we don't need to.
> As i said to Eduardo, it doesn't really matter where folders/mounts
> are. Users can share any directory (and subdirectories) in their home
> directory with any other user. The shared folder is mounted in the
> special directory "Shared with me" of the recipient home directory.
> I.e: John/Sales/Invoices is mounted in Alice/Shared with me/Invoices.
> The shares can be read/write or read-only.
>

MoinMoin wikis and Debian 11+

[Greg Wooledge]

As we're nearing the end of life for Debian 10, I'm still wondering
what MoinMoin wiki users are supposed to do.  (This includes
 as near as I can see from SystemInfo.)

MoinMoin 1.x requires Python2, and Debian 11 and newer don't have
Python2 any more.  They only have Python3.

Should we install Python 2.x from upstream, build it in /usr/local,
figure out all of the modules that are required for MoinMoin, build
those as well, and then symlink /usr/bin/python to our local Python2?

Or is there some path forward from MoinMoin 1.x to 2.x?  (Is MoinMoin 2.x
even a functional product?)

Or should we burn the entire site down, migrate to some other wiki
engine (please gods don't let it need PHP), and start all over?

Or should we just keep running Debian 10 past end of life?

Re: Maximum size .bash_aliases file

[The Wanderer]

On 2024-06-20 at 07:10, Greg Wooledge wrote:

> On Thu, Jun 20, 2024 at 21:00:38 +1000, Keith Bainbridge wrote:
>
>> https://manpages.debian.org/bookworm/manpages-dev/strftime.3.en.html
>> 
>> is a list of place names for MANY parts of a date layout. I have set up the
>> following code in my text substitution app:
>> "%a %d%b%Y at %H:%M:%S =UTC %Z"
>> 
>> Triggering that give me
>> Thu 20Jun2024 at 20:51:19 =UTC +10:00
>> 
>> Seems to me that if the code writers of our various MUA would add the +UTC
>> to the line that prints the various dates, we'd understand what they mean
>> better.
> 
> Honestly, I have no idea what the =UTC part of your output is intended
> to mean, since you've got +10:00 (time zone offset specification in hours
> ahead of UTC) overriding it.

I parsed it as meaning "[date and time] is equal to UTC plus ten hours",
or in other words, "the time specified is in the UTC+10 time-zone".
Similarly to how I often seen Eastern Standard Time referenced as UTC-4
(that is, UTC minus four hours).

> Normally, you put either the string UTC to indicate that this date/time
> string is in UTC, or a time zone offset indicator that begins with + or -.
> Not both.

It may be notable that he didn't put a +- offset indicator; he put a
format specifier which *expands to* whichever such indicator would
correspond to the active time zone.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Maximum size .bash_aliases file

[Greg Wooledge]

On Thu, Jun 20, 2024 at 21:00:38 +1000, Keith Bainbridge wrote:
> https://manpages.debian.org/bookworm/manpages-dev/strftime.3.en.html
> 
> is a list of place names for MANY parts of a date layout. I have set up the
> following code in my text substitution app:
> "%a %d%b%Y at %H:%M:%S =UTC %Z"
> 
> Triggering that give me
> Thu 20Jun2024 at 20:51:19 =UTC +10:00
> 
> Seems to me that if the code writers of our various MUA would add the +UTC
> to the line that prints the various dates, we'd understand what they mean
> better.

Honestly, I have no idea what the =UTC part of your output is intended
to mean, since you've got +10:00 (time zone offset specification in hours
ahead of UTC) overriding it.

Normally, you put either the string UTC to indicate that this date/time
string is in UTC, or a time zone offset indicator that begins with + or -.
Not both.

Re: suggestion of upgrade to 12

[Jeff Peng]

that's nice to know. thanks for all your help.


about dovecot:
if you have dovecot installed from the dovecot repository, then be 
aware that dovecot does not (yet) provide a version for bookworm.
if you have dovecot installed from the debian repository, then you 
should be fine.


about debian:
read
- 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html
- 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html

twice! especially chapter 4.5 and 5.

greetings...

Re: Maximum size .bash_aliases file

[Keith Bainbridge]

On 17/6/24 18:26, Keith Bainbridge wrote:


It was late afternoon on 16Jun2024 that I wrote this. Possibly 18:13:36 
when I pressed send. I'd reckon it would likely have been 08:13:36 UTC 
  What's wrong with my system clock. I've not really looked at the time 
on my originals before.  I'll try to remember to enter my local time as 
I press send



Evening folk - not good it seems. I can't find the separate thread that 
some wise person kindly started for this topic.Mm


Thanks for those responses. When I find the thread again, I'll read ALL 
the responses and respond better, if this doesn't reply to your general 
suggestion.


I reskon that they seem to indicate that the date/time in my original 
question are fine. the difficulty is more related to how we humans are 
interpreting the information we are reading.


https://manpages.debian.org/bookworm/manpages-dev/strftime.3.en.html

is a list of place names for MANY parts of a date layout. I have set up 
the following code in my text substitution app:

"%a %d%b%Y at %H:%M:%S =UTC %Z"

Triggering that give me
Thu 20Jun2024 at 20:51:19 =UTC +10:00

Seems to me that if the code writers of our various MUA would add the 
+UTC to the line that prints the various dates, we'd understand what 
they mean better.


Meantime, we have to accept what we have.

Thanks again.
--
All the best

Keith Bainbridge

keithr...@gmail.com
keith.bainbridge.3...@gmail.com
+61 (0)447 667 468

UTC + 10:00

Re: suggestion of upgrade to 12

[Richard]

The question with Linux isn't if there's a need to update to the
latest version (of the distro) like on Windows, but rather what's keeping
you from updating? If there's no urgent reason to stick to 11, update. 11
is now oldstable and will become oldoldstable mid next year. Thus, it
currently becomes fewer updates - no idea how the situation is with
security updates compared to stable. 10 reaches end of life in about a
month or so. So that's the timetable you'll need to keep in mind.
Of course, right now there isn't anything forcing you to update, you merely
need to update within the next two years to keep getting updates. But
chances are very low with more conservative distros like Debian that
upgrading will have more drawbacks than benefits. Of course it can always
be a smart choice to wait for the first one or two dot releases, as they
will fix issues previously unnoticed or where the fix wasn't ready on time.
But that's all.

Am Do., 20. Juni 2024 um 09:58 Uhr schrieb Jeff Peng :

> Hello,
>
> I am running a small mailserver with debian 11 for many years. It's
> quite solid.
> Though I have read this article:
> https://www.cherryservers.com/blog/debian-12-bookworm-release
> do you think there is any need for me to upgrade from 11 to 12?
> just for the newer software like postfix, dovecot?
>
> Thanks.
>
>

UEFI secure boot issue

[Bhasker C V]

Hi,

I generated a pr/pk pair and the kernel is signed. Placed them in the
kernel tree and compiled the kernel.


Could someone tell me what am I doing wrong please ?

Below is the status (I am using loader.efi from linuxfoundation)
When i boot debian stock kernel signed, i see that the secure boot
gets enabled (hence bios and everything else seems to be fine with the
same UEFI loader).
However, when I boot the compiled kernel I get

$ dmesg | grep -i secure
[0.007085] Secure boot could not be determined


$ sbverify --list bootx64.efi
warning: data remaining[91472 vs 101160]: gaps between PE/COFF sections?
signature 1
image signature issuers:
 - /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft
Corporation UEFI CA 2011
image signature certificates:
 - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
Corporation/OU=MOPR/CN=Microsoft Windows UEFI Driver Publisher
   issuer:  /C=US/ST=Washington/L=Redmond/O=Microsoft
Corporation/CN=Microsoft Corporation UEFI CA 2011
 - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft
Corporation/CN=Microsoft Corporation UEFI CA 2011
   issuer:  /C=US/ST=Washington/L=Redmond/O=Microsoft
Corporation/CN=Microsoft Corporation Third Party Marketplace Root
$ sbverify  --list ./loader.efi
signature 1
image signature issuers:
 - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
image signature certificates:
 - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
   issuer:  /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
$ sbverify  --list ../../linux/k.bcv
signature 1
image signature issuers:
 - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
image signature certificates:
 - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
   issuer:  /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv

Re: can't connect to eduroam due to SSL3 unsupported protocol

[Marco Moock]

Am 20.06.2024 um 11:05:10 Uhr schrieb Vincent Lefevre:

> I've got a confirmation that their Radius servers still use SSL3,
> and they said that they could not upgrade them.

Then they have very, very outdated stuff. Talk to the security
department at your site, maybe they make them hurry up.

Re: can't connect to eduroam due to SSL3 unsupported protocol

[Vincent Lefevre]

On 2024-06-17 15:08:54 -0400, Dan Ritter wrote:
> Vincent Lefevre wrote: 
> > On 2024-06-17 08:26:39 -0400, Dan Ritter wrote:
> > > On stable:
> > > $ openssl list -disabled
> > > Disabled algorithms:
> > > IDEA
> > > MD2
> > > MDC2
> > > RC5
> > > SCTP
> > > SSL3
> > > ZLIB
> > > 
> > > So, SSL3 support was removed at least that long ago. I think it
> > > was actually dropped around 2016.
> > 
> > That's strange because when I installed the machine in October,
> > there were no issues.
> 
> Perhaps the change is not in your system but in theirs?

I've got a confirmation that their Radius servers still use SSL3,
and they said that they could not upgrade them.

But perhaps the authentication is done differently when I connect
locally (still using eduroam)?

I could try again locally if need be.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: suggestion of upgrade to 12

[Michael]

On Thursday, June 20, 2024 5:09:35 AM CEST, Jeff Peng wrote:
I am running a small mailserver with debian 11 for many years. 
It's quite solid.

Though I have read this article:
https://www.cherryservers.com/blog/debian-12-bookworm-release
do you think there is any need for me to upgrade from 11 to 12?
just for the newer software like postfix, dovecot?


about dovecot:
if you have dovecot installed from the dovecot repository, then be aware 
that dovecot does not (yet) provide a version for bookworm.
if you have dovecot installed from the debian repository, then you should 
be fine.


about debian:
read
- 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html
- 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html

twice! especially chapter 4.5 and 5.

greetings...