Re: Browser traffic interception/inspection

[Lee]

On Sun, Jun 30, 2024 at 11:30 AM Max Nikulin wrote:
>
> On 30/06/2024 12:56, Jeffrey Walton wrote:
> >>> On Sat, Jun 29, 2024 at 4:13 PM Lee wrote:
>  set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt
>  start C:\"Program Files\Firefox\Firefox.exe"
> [...]
> > Browsers do not support the passive capture/replay that OP wants.

It works for me in Windows.

This looks like the Debian bug report
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842292

> Lee, may you, please, specify Firefox version and release channel you
> are using on Windows where this feature is working?

Firefox 115.12.0esr -- which is the current extended service release software
I'm not sure what you mean by release channel .. ESR?  If I go to
https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/
under "Download Firefox" there's links to
Windows 64-bit and Windows 64-bit MSI

wow!  I've been letting firefox update itself for awhile now.  What I
installed was Firefox Setup 68.3.0esr.msi

Lee

Re: How to use Wine, How to get Gecko to install and work

[George at Clug]

On Monday, 01-07-2024 at 15:48 didier gaumet wrote:
> Le 01/07/2024 à 01:24, George at Clug a écrit :
> [...]
> > I have not found useful documentation that can get me over the "Could not 
> > find Wine Gecko",  "Failed to init Gecko" error messages.
> [...]
> 
> Hello,
> 
> disclaimer: I have not used Wine in ages, so I cannot be of real help
> 
> Note, you could tell what Debian distro you are using (12 Bookworm?) and 

Yes, Debian 12, Bookworm. (current stable)

> if you have enabled multiarch support in it.

yes.

# dpkg --add-architecture i386 &&  apt update

> 
> the Debian wiki page about Wine is here:
> https://wiki.debian.org/Wine
> it states that for whatever reason "Windows software may require Mono 
> for .NET, and Gecko for any HTML rendering. Debian has disabled these by 
> default and do not provide packages.":
> Windows software may require Mono for .NET, and Gecko for any HTML 
> rendering. Debian has disabled these by default and do not provide 
> packages.

I am now wondering what "is intentionally disabled" might actually mean. I am 
hoping that it means that Debian's wine will not automatically install 
Gecko/Mono, and not mean that even if you go ahead and manually install these 
packages they will not be used. But the effect seems to be the later.

> 
> The WineHQ page about Gecko is here:
> https://wiki.winehq.org/Gecko
> 
> Two posts about solving Wine/Gecko problems on Debian Bookworm:
> https://forums.debian.net/viewtopic.php?t=154513
> https://forum.winehq.org/viewtopic.php?t=38245

"...this year, running debian 12.2 "bookworm" on the same laptop and using the 
wine 8.0 delivered with "bookworm" I have been unable to get a working 
iexplore..."

"Consider using a sandboxer such as firejail to sandbox wine, such a 
configuration is outside the scope of this guide. "

"https://packages.debian.org/bookworm/firejail"; - "Firejail is a SUID security 
sandbox program that reduces the risk of security breaches by restricting the 
running environment of untrusted applications using Linux namespaces and 
seccomp-bpf. It allows a process and all its descendants to have their own 
private view of the globally shared kernel resources, such as the network 
stack, process table, mount table. "

Implementing Firejail sounds like a good project for later on.

"You may wish to keep all your games in the same wine prefix, or have each game 
in its separate wine prefix. If you are using a traditional desktop 
environment, Wine will create .desktop files that remember the wineprefix for 
you. "

Interesting links. And the same issue as I am having.  I think I found these 
while searching for solutions. Sadly "$winetricks ie8" left me with a 
non=working iexplore.

As far as I know, I have:

"I created ~/.cache/wine and put the wine-gecko 2.47.3 msi there: "  And added 
mono too.
"apt install fonts-wine ttf-mscorefonts-installer"

At one time I believe I also installed directly from WineHQ repository too, but 
after not much success, relating to 'no idea what I am doing' as far as setting 
up an environment for Windows programs, I reverted back to just using Debian's 
packages.

https://wiki.winehq.org/Debian

Well I might as well keep testing and trying...  if I have any success, I will 
post back. Thanks for your comments, it gives me hope to keep working on this.

George.

> 
> 

Re: how2 format a flash drive

[Jeffrey Walton]

On Sat, Jun 29, 2024 at 4:13 PM Lee  wrote:
>
> On Tue, Jun 25, 2024 at 7:26 PM George wrote:
> > [...]
> > If you have any grips or difficulties, please mention them.
>
> My gripes and difficulties are the same thing. [...]
> something equivalent to notepad++,

You might give Notepadqq a spin. I've used it in the past, and it has
a comparable look and feel to Notepad++.

.

If TAB works kind of funny, then see this bug report and fix:
.
(I don't know if it was merged).

Jeff

Re: How to use Wine, How to get Gecko to install and work

[didier gaumet]

Le 01/07/2024 à 01:24, George at Clug a écrit :
[...]

I have not found useful documentation that can get me over the "Could not find Wine 
Gecko",  "Failed to init Gecko" error messages.

[...]

Hello,

disclaimer: I have not used Wine in ages, so I cannot be of real help

Note, you could tell what Debian distro you are using (12 Bookworm?) and 
if you have enabled multiarch support in it.


the Debian wiki page about Wine is here:
https://wiki.debian.org/Wine
it states that for whatever reason "Windows software may require Mono 
for .NET, and Gecko for any HTML rendering. Debian has disabled these by 
default and do not provide packages.":
Windows software may require Mono for .NET, and Gecko for any HTML 
rendering. Debian has disabled these by default and do not provide 
packages.


The WineHQ page about Gecko is here:
https://wiki.winehq.org/Gecko

Two posts about solving Wine/Gecko problems on Debian Bookworm:
https://forums.debian.net/viewtopic.php?t=154513
https://forum.winehq.org/viewtopic.php?t=38245

Re: how2 format a flash drive

[jeremy ardley]

On 1/7/24 10:32, Lee wrote:

Bluefish looks like a possible replacement for notepad++  but it
doesn't [seem to?] support WYSIWYG editing of html files.



Visual Studio Code allows you to edit HTML and preview it using Live 
Server plugin


https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer

Re: Browser traffic interception/inspection (was: how2 format a flash drive)

[Jeffrey Walton]

On Sun, Jun 30, 2024 at 9:46 PM Jeffrey Walton  wrote:
>
> On Sun, Jun 30, 2024 at 9:35 PM Lee  wrote:
> >[...]
> >   ... which is the downside of free software.  Technically, yes, I'm
> > free to build the software with whatever I want enabled, with whatever
> > changes I want added/deleted.
> > In practice, my ability to build Firefox is .. lacking :(
>
> Yeah, trying to build some of these projects is the pits.

One way out of this may be to make a Request for Packaging,
. Ask for debug builds of Firefox.

Since Debian is now supplying release builds in their release channel,
it might make sense for Debian to provide debug builds for web
developers. Web developers can install firefox-debug as a www-browser
alternative, and do things like debug protocol issues. Regular users
would still get the release version of Firefox, so regular users would
be protected from some of the security problems associated with the
debug build.

And you still might try the nightly build of Firefox, and see if it
provides the features that you are looking for. If the nightly build
has what you need, then you won't have to spend time on the RFP.

Jeff

Re: How to get an email notification every time a package is updated

[tomas]

On Sun, Jun 30, 2024 at 08:34:25PM -0700, B wrote:
> 
> Darn and I liked your wiki. I didn't know you were a toxic.

Please stop that.

He was one trying to offer help. Part of that help was pointing
out that your requirements, as you stated them, are incomplete
and possibly contradictory.

Many of us (me included, I admit) just thought "uh, oh, let's
wait until things become a bit clearer", which is, I admit
again, a bit cowardly.

Maybe Greg was a bit harsh. He is, sometimes. But not toxic,
far from it.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to get an email notification every time a package is updated

[B]

Darn and I liked your wiki. I didn't know you were a toxic.


On 6/30/24 11:43 AM, Greg Wooledge wrote:

Can I ask why?

You can.  I have a funny feeling we won't get an answer.

The fact that B is interested in unstable*primarily*  (it's the first
thing mentioned) tells us an enormous amount.

Re: how2 format a flash drive

[Lee]

Hi,

On Sat, Jun 29, 2024 at 1:12 PM Dan Ritter wrote:
>
> Lee wrote:
> > My gripes and difficulties are the same thing.  No universal image
> > viewer like Ifranview,
>
> `apt search image viewer` suggests:  eog, eom, ephoto, photoqt..
> among dozens of others. But start with one of those.

Thanks, I'll check them out.

> > an html editor would be nice -- something along
> > the lines of the seamonkey html editor but current software and
> > supported
>
> `apt search html editor` offers a bunch of suggestions, but
> really most editors have support for specialized syntax checking
> and previews and such. You might try bluefish.

Bluefish looks like a possible replacement for notepad++  but it
doesn't [seem to?] support WYSIWYG editing of html files.

I'll save recipes that look good and try them later.  But I don't want
all the fluff that goes with most recipes, so I trim them down
drastically;
delete all the , all the comments,
all the kitchenware thry're trying to sell me...  All I want is the
recipe

> > , something equivalent to notepad++
>
> Assuming that you don't want the graphical forms of emacs or

Right.  If I was going to climb the emacs learning curve I'd have done
it 20 years ago :)

> vim,

While I like vim and occasionally do use it for html editing, what
usually happens is running the file thru tidy and then edit with vim.
I'd rather have a WYSIWYG html editor that lets me delete tables, rows
or columns at a time.  Or, since everybody wants to move to CSS,
delete all the goop in a specific 

> >, something equivalent to
> > winmerge (meld is nice, but isn't really a substitute)
>
> You will have to be specific about what makes meld "not a
> substitute". Assume whoever you are talking to doesn't know what
> winmerge is.

Meld is beautiful.  Meld looks **good**  But I find it a distraction
and _much_ harder to figure out what the difference is between two
files or merge updates from  file to  file.
Maybe I've just gotten used to winmerge &  to get to
the next difference and  to copy the missing text
from the left window to the right window.  I can do most everything
from the keyboard.  Maybe because I haven't used it that much but I
was using the mouse a lot in meld.

> > , a cloneSpy equivalent would be nice
>
> duff, perforate, rdfind, dupeguru...

Thank you.  More things to check out :)

> > Exact Audio Copy doesn't work on Linux, but supposedly does run under
> > wine so that's a possibility..
>
> You want to pull stuff off of an optical disk? cdparanoia, or
> one of the things that wraps it like ripit or ripperx.

Yup.  I want to pull music off a CD and make MP3s of it.
2 cars ago I had a CD caddy in the trunk - I could play 6 CD worth of
music without having to change anything.
Now my car has a USB port; that + a 16GB thumb drive is more than 12
hrs worth of drive time enjoyment (as much as droning along at 55MPH
can be called enjoyment)

> > Debian firefox does NOT allow one to do
> > TLS intercept - ie. this does not work:
> > C:\UTIL>cat firefox-tlsdecode.bat
> > set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt
> > start C:\"Program Files\Firefox\Firefox.exe"
> >
> > @rem wireshark:
> > @rem   edit / preferences
> > @rem   protocols / tls  (v2.6: protocols / ssl)
> > @rem paste SSLKEYLOGFILE filename into (Pre)-Master-Secret log
> > filename (was SSL debug file entry)
>
> I have no idea what you are trying to do there, but I'm sure a
> DOS batch file won't run here, especially since it appears to
> mostly be comments.
>
> Describe what you want to do, not how you want it to happen.

I want to be able to use wireshark to look at encrypted web traffic.  eg
https://everything.curl.dev/usingcurl/tls/sslkeylogfile.html

Regards,
Lee

Re: Browser traffic interception/inspection (was: how2 format a flash drive)

[Jeffrey Walton]

On Sun, Jun 30, 2024 at 9:35 PM Lee  wrote:
>
> On Sat, Jun 29, 2024 at 4:45 PM Jeffrey Walton wrote:
> >
> > On Sat, Jun 29, 2024 at 4:13 PM Lee wrote:
> > >
> > > [...] Debian firefox does NOT allow one to do
> > > TLS intercept - ie. this does not work:
> > > C:\UTIL>cat firefox-tlsdecode.bat
> > > set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt
> > > start C:\"Program Files\Firefox\Firefox.exe"
> > >
> > > @rem wireshark:
> > > @rem   edit / preferences
> > > @rem   protocols / tls  (v2.6: protocols / ssl)
> > > @rem paste SSLKEYLOGFILE filename into (Pre)-Master-Secret log
> > > filename (was SSL debug file entry)
> >
> > I'm not sure who your complaint is against -- Debian, Firefox or
> > Linux. I'm also not sure that it is a valid complaint.
>
> It is 100% a valid complaint.  And it's a complaint against Debian
> because they're the ones that turned off that functionality.
> They have , I disagree, I'm free to build Firefox for myself,
> get somebody else to doit for me, or get it somewhere else.

It looks like the change is due to NSS (Network Security Services),
not Firefox:  and
. I think the
3318 bug is most relevant, but I may be mistaken.

If I am parsing the various bug reports properly, it looks like
SSLKEYLOGFILE was disabled by default for release builds. It looks
like you might have to perform your own debug build to gain access
again. Or maybe the nightly builds of Firefox will have it.

>   ... which is the downside of free software.  Technically, yes, I'm
> free to build the software with whatever I want enabled, with whatever
> changes I want added/deleted.
> In practice, my ability to build Firefox is .. lacking :(

Yeah, trying to build some of these projects is the pits.

Jeff

Re: Browser traffic interception/inspection (was: how2 format a flash drive)

[Lee]

Hi,

On Sat, Jun 29, 2024 at 4:45 PM Jeffrey Walton wrote:
>
> On Sat, Jun 29, 2024 at 4:13 PM Lee wrote:
> >
> > [...] Debian firefox does NOT allow one to do
> > TLS intercept - ie. this does not work:
> > C:\UTIL>cat firefox-tlsdecode.bat
> > set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt
> > start C:\"Program Files\Firefox\Firefox.exe"
> >
> > @rem wireshark:
> > @rem   edit / preferences
> > @rem   protocols / tls  (v2.6: protocols / ssl)
> > @rem paste SSLKEYLOGFILE filename into (Pre)-Master-Secret log
> > filename (was SSL debug file entry)
>
> I'm not sure who your complaint is against -- Debian, Firefox or
> Linux. I'm also not sure that it is a valid complaint.

It is 100% a valid complaint.  And it's a complaint against Debian
because they're the ones that turned off that functionality.
They have , I disagree, I'm free to build Firefox for myself,
get somebody else to doit for me, or get it somewhere else.

  ... which is the downside of free software.  Technically, yes, I'm
free to build the software with whatever I want enabled, with whatever
changes I want added/deleted.
In practice, my ability to build Firefox is .. lacking :(

> Firefox uses its own certificate store. If you want to proxy your
> traffic, then the proxy's root cert needs to be in Mozilla's
> certificate store. See
> .

Right.  I have privoxy & occasionally do set it for +https-inspection
when I want it to inspect/modify web traffic.

> Chrome is different.

I've never used Chrome & don't intend to.

> When you are intercepting/inspecting traffic, you typically setup your
> proxy, and then proxy Firefox and Chrome traffic through your proxy.
> The proxy can run on your local machine, like 127.0.0.1. Your proxy's
> root certificate should be in the browser's store (as described
> above).

Or you can tell firefox to write the SSL key info to a file that
wireshark can read & then decrypt the traffic.
For example
  https://everything.curl.dev/usingcurl/tls/sslkeylogfile.html

Best Regards,
Lee

Re: How to use Wine, How to get Gecko to install and work

[George at Clug]

Richard,

Thanks for your reply.

On Sunday, 30-06-2024 at 17:11 Richard wrote:
> Depends on what you are trying to do. 

I am trying to understand how to use Wine so that I can install various Windows 
programs and have them work.

With the knowledge I would like to help others who are even less technical than 
myself, as some people have their favourite Windows program they still want to 
run.

For example, I understand that you can test your Wine installation by using 
iexplore, but this fails to display the page. I see it useful to resolve this 
issue at this point before trying to install two other actual programs which I 
would like to install but also have blank pages where there is supposed to be 
text.

I have not found useful documentation that can get me over the "Could not find 
Wine Gecko",  "Failed to init Gecko" error messages.

$ wine iexplore
Could not find Wine Gecko. HTML rendering will be disabled.
010c:err:mshtml:create_document_object Failed to init Gecko, returning 
CLASS_E_CLASSNOTAVAILABLE

Another issue I would like to resolve, is it possible to get a rpc service 
running?. This service is not showing in Task Manager. I assume it is actually 
possible, but I do know know how and have not succeeded.

err:ole:start_rpcss Failed to open RpcSs service

https://www.coretechnologies.com/blog/windows-services/rpcss/

Maybe some of these OLE messages are related to the RPC service?

074c:err:mscoree:CLRRuntimeInfo_GetRuntimeDirectory error reading registry key 
for installroot
074c:err:ole:apartment_getclassobject DllGetClassObject returned error 
0x80040111 for dll L"C:\\windows\\system32\\msimtf.dll"
074c:err:ole:com_get_class_object no class object 
{c1ee01f2-b3b6-4a6a-9ddd-e988c088ec82} could be created for context 0x401
074c:err:ole:apartment_getclassobject DllGetClassObject returned error 
0x80040111 for dll L"C:\\windows\\system32\\msimtf.dll"
074c:err:ole:com_get_class_object no class object 
{c1ee01f2-b3b6-4a6a-9ddd-e988c088ec82} could be created for context 0x401
0330:err:rpc:I_RpcReceive we got fault packet with status 0xc004f012
0330:err:rpc:I_RpcReceive we got fault packet with status 0xc004f012
0330:err:rpc:I_RpcReceive we got fault packet with status 0xc004f012

> But in my experience, if you don't
> need to do some heavy work to maybe get something to work, 

Now you have a point there. To be honest, there was only one Windows program I 
personally wanted to run, and it is non-essential anyway (and it works in Wine 
without changing the Wine installation). 

PlayOnLinux is running one of the programs I have been testing with, but my 
thoughts is that if PlayOnLinux can, then so should Wine. I just want to know 
how to use Wine.


> take a look at
> Bottles [1]. 

Mostly I only install software that is available in the Debian or Arch 
repositories, and I cannot find Bottles in the Debian Repository. I do not use 
snaps or flatpacks. Maybe I should but I don't.
Hopefully one day, Bottles will mature to the point it can go through the 
Debian packaging system. I appreciate Debian's packaging systems. 


> It's kinda a GUI for Wine and Proton and seems to have some
> tricks up its sleeves. So take a look at it, maybe it can do everything you
> are trying to do.
> 
> Best
> Richard
> 
> [1]: https://usebottles.com/
> 
> On Sun, Jun 30, 2024, 06:33 George at Clug  wrote:
> 
> > Hi,
> >
> > Does anyone know of really simple but comprehensive instructions on how to
> > use and configure Wine, that you can send me links to?
> >
> > [...]
> >
> >
> > George.
> >
> >
> 

Re: sendmail and starttls failing

[Jeffrey Walton]

On Sun, Jun 30, 2024 at 6:13 PM Greg Wooledge  wrote:
>
> On Sun, Jun 30, 2024 at 23:08:01 +0100, Tim Woodall wrote:
> > According to this
> > https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx
> >
> > bare CRs aren't allowed in emails but this has always worked.
> >
> > I'm only likely to have cron generating emails like this.
> >
> > Strange that this would have been changed in a stable release. It
> > doesn't seem to have been a security update.
>
> It looks like it's coming from this change:
>
> https://metadata.ftp-master.debian.org/changelogs//main/s/sendmail/sendmail_8.17.1.9-2+deb12u2_changelog
>
>   * Fix CVE-2023-51765 (Closes: #1059386):
> sendmail allowed SMTP smuggling in certain configurations.
> Remote attackers can use a published exploitation
> technique to inject e-mail messages with a spoofed
> MAIL FROM address, allowing bypass of an SPF protection
> mechanism. This occurs because sendmail supports
> . but some other popular e-mail servers
> do not. This is resolved with 'o' in srv_features.
>
> I don't know the details of how this leads to a security hole.

Take a look at the blog at
.

Jeff

Re: sendmail and starttls failing

[Jeffrey Walton]

On Sun, Jun 30, 2024 at 6:08 PM Tim Woodall  wrote:
>
> On Sun, 30 Jun 2024, Tim Woodall wrote:
>
> > On Sun, 30 Jun 2024, Michael Grant wrote:
> >
> >> After an update today, sendmail is refusing to accept mail.  I'm
> >> seeing this in the logs:
> >>
> >
> > Hmmm, this update seems to have done a lot of odd things.
> >
>
> root@dirac:~# mail root
> Cc:
> Subject: test cr
> this
> is^Ma test
> .
> root@dirac:~# mailq
> MSP Queue status...
>  /var/spool/mqueue-client (1 request)
> -Q-ID- --Size-- -Q-Time- 
> Sender/Recipient---
> 45ULV1xk014043   15 Sun Jun 30 22:31 r...@dirac.home.woodall.me.uk
>   (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
>   root
>  Total requests: 1
> MTA Queue status...
> /var/spool/mqueue is empty
>  Total requests: 0
>
> According to this
> https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx
>
> bare CRs aren't allowed in emails but this has always worked.
>
> I'm only likely to have cron generating emails like this.
>
> Strange that this would have been changed in a stable release. It
> doesn't seem to have been a security update.

New SMTP smuggling attack,
.

The short of it is, non-conforming emails and sloppy parsing have led
to a litany of problems including mail spoofing. It has been going on
for years, but now things are changing.

Jeff

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Michael Grant wrote:


Yeah I'm seeing this too!  Identical in fact.  This is what I did to
fix this:  I added this to my /etc/mail/access file for my local
server that sends this messages to me:

   SRV_Features:127.0.0.1  L U G

Specifically, I added the U and G features, (I already had the L
feature disabled for localhost).  Uppercase letter disables the
feature, lowercase enables it.

I found the U and G mentioned here:

https://forums.oracle.com/ords/apexds/post/solaris-11-4-sendmail-issue-after-sendmail-8-18-1-update-7312

I did not try this suggestion to use U2 and G2 that he mentioned.  If
you do let me know.



Thanks!

I've just added u2 g2 and it seems to work. My quick test had bare LF
removed and bare CR replaced by space which isn't what I expected but is
good enough...

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Greg Wooledge wrote:


On Sun, Jun 30, 2024 at 23:08:01 +0100, Tim Woodall wrote:

According to this
https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx

bare CRs aren't allowed in emails but this has always worked.

I'm only likely to have cron generating emails like this.

Strange that this would have been changed in a stable release. It
doesn't seem to have been a security update.


It looks like it's coming from this change:

https://metadata.ftp-master.debian.org/changelogs//main/s/sendmail/sendmail_8.17.1.9-2+deb12u2_changelog

 * Fix CVE-2023-51765 (Closes: #1059386):
   sendmail allowed SMTP smuggling in certain configurations.
   Remote attackers can use a published exploitation
   technique to inject e-mail messages with a spoofed
   MAIL FROM address, allowing bypass of an SPF protection
   mechanism. This occurs because sendmail supports
   . but some other popular e-mail servers
   do not. This is resolved with 'o' in srv_features.

I don't know the details of how this leads to a security hole.




It might be - but the wording suggested that this is blocking bare 
which isn't my problem - and also I'd assume this is header related.

The thing I'm seeing is  in the body of the email - I had no idea
this was illegal - and I'm surprised that tools like cron don't do
something to avoid sending "illegal" emails. Indeed, even mail will do
so happily.

Re: sendmail and starttls failing

[Greg Wooledge]

On Sun, Jun 30, 2024 at 23:08:01 +0100, Tim Woodall wrote:
> According to this
> https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx
> 
> bare CRs aren't allowed in emails but this has always worked.
> 
> I'm only likely to have cron generating emails like this.
> 
> Strange that this would have been changed in a stable release. It
> doesn't seem to have been a security update.

It looks like it's coming from this change:

https://metadata.ftp-master.debian.org/changelogs//main/s/sendmail/sendmail_8.17.1.9-2+deb12u2_changelog

  * Fix CVE-2023-51765 (Closes: #1059386):
sendmail allowed SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation
technique to inject e-mail messages with a spoofed
MAIL FROM address, allowing bypass of an SPF protection
mechanism. This occurs because sendmail supports
. but some other popular e-mail servers
do not. This is resolved with 'o' in srv_features.

I don't know the details of how this leads to a security hole.

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Tim Woodall wrote:


On Sun, 30 Jun 2024, Michael Grant wrote:


After an update today, sendmail is refusing to accept mail.  I'm
seeing this in the logs:



Hmmm, this update seems to have done a lot of odd things.



root@dirac:~# mail root
Cc: 
Subject: test cr

this
is^Ma test
.
root@dirac:~# mailq
MSP Queue status...
/var/spool/mqueue-client (1 request)
-Q-ID- --Size-- -Q-Time- Sender/Recipient---
45ULV1xk014043   15 Sun Jun 30 22:31 r...@dirac.home.woodall.me.uk
 (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
 root
Total requests: 1
MTA Queue status...
/var/spool/mqueue is empty
Total requests: 0



According to this
https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx

bare CRs aren't allowed in emails but this has always worked.

I'm only likely to have cron generating emails like this.

Strange that this would have been changed in a stable release. It
doesn't seem to have been a security update.

Re: sendmail and starttls failing

[Michael Grant]

On Sun, Jun 30, 2024 at 10:20:24PM +0100, Tim Woodall wrote:
> On Sun, 30 Jun 2024, Michael Grant wrote:
> 
> > After an update today, sendmail is refusing to accept mail.  I'm
> > seeing this in the logs:
> > 
> 
> Hmmm, this update seems to have done a lot of odd things.
> 
> MSP Queue status...
> /var/spool/mqueue-client (2 requests)
> -Q-ID- --Size-- -Q-Time- 
> Sender/Recipient---
> 45U9e1iI01814530770 Sun Jun 30 10:40 MAILER-DAEMON
>  (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
>  root
> 45U5Qnln00888528799 Sun Jun 30 06:26 root
>   7BIT   (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
>  root
> Total requests: 2
> MTA Queue status...
> /var/spool/mqueue is empty
> Total requests: 0
> 
> 
> 
> That's the cron email telling me about the update.
> 
> It's not at all clear to me what it's complaining about.
> root@dirac:/var/spool/mqueue-client# od -t x1 qf45U* | grep 0d
> root@dirac:/var/spool/mqueue-client#
> 
> Unless it's the bare CR in the body of the email - which should be fine!
> 
> Moving the queue files from mqueue-client to mqueue and fixing up the
> owner and perms and they delivered fine.
> 
> 

Yeah I'm seeing this too!  Identical in fact.  This is what I did to
fix this:  I added this to my /etc/mail/access file for my local
server that sends this messages to me:

SRV_Features:127.0.0.1  L U G

Specifically, I added the U and G features, (I already had the L
feature disabled for localhost).  Uppercase letter disables the
feature, lowercase enables it.

I found the U and G mentioned here:

https://forums.oracle.com/ords/apexds/post/solaris-11-4-sendmail-issue-after-sendmail-8-18-1-update-7312

I did not try this suggestion to use U2 and G2 that he mentioned.  If
you do let me know.



signature.asc
Description: PGP signature

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Michael Grant wrote:


After an update today, sendmail is refusing to accept mail.  I'm
seeing this in the logs:



Hmmm, this update seems to have done a lot of odd things.

MSP Queue status...
/var/spool/mqueue-client (2 requests)
-Q-ID- --Size-- -Q-Time- Sender/Recipient---
45U9e1iI01814530770 Sun Jun 30 10:40 MAILER-DAEMON
 (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
 root
45U5Qnln00888528799 Sun Jun 30 06:26 root
  7BIT   (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
 root
Total requests: 2
MTA Queue status...
/var/spool/mqueue is empty
Total requests: 0



That's the cron email telling me about the update.

It's not at all clear to me what it's complaining about.
root@dirac:/var/spool/mqueue-client# od -t x1 qf45U* | grep 0d
root@dirac:/var/spool/mqueue-client#

Unless it's the bare CR in the body of the email - which should be fine!

Moving the queue files from mqueue-client to mqueue and fixing up the
owner and perms and they delivered fine.

Re: Re (3): Backup.

[David Christensen]

On 6/30/24 08:37, Andy Smith wrote:



Thank you for that informative discussion of rsnapshot(1) and related.  :-)


My initial reaction to this thread was to recommend Preston [1].  I 
still think that is decent advice; both for noobs and for experienced 
people who missed it.



David


[1]  Preston, W., 2007, "Backup & Recovery", O'Reilly Media, Inc.
ISBN: 9780596102463, 
https://www.oreilly.com/library/view/backup-recovery/0596102461/

Re: How to get an email notification every time a package is updated

[Greg Wooledge]

On Sun, Jun 30, 2024 at 13:22:15 -0500, David Wright wrote:
> On Sat 29 Jun 2024 at 22:46:00 (-0700), B wrote:
> > It seems crazy that in all the history of Debian, nobody said "There's
> > a package I care about and I want to get immediately when a new
> > version is released."

No, the crazy part is when you add "... on my airgapped Debian system"
to the requirements.

Most people who care about getting upgrades immediately are concerned
because these are *security* updates, and their Debian systems are
accessible over a network (perhaps the Internet); thus, keeping up to
date on security patches is a high priority.

On such systems, one may use unattended-upgrades to download the
packages automatically, and possibly even install them automatically,
depending on one's configuration choices.

If your Debian system is airgapped, the security concerns are greatly
reduced.  Getting patches onto it becomes far less of a race against
time.

If you also want an email when security patches are released,
there is already a solution to that as well: subscribe to the
debian-security-announce mailing list.

https://lists.debian.org/debian-security-announce/

> On Sat 29 Jun 2024 at 19:15:55 (-0700), B wrote:
> > The packages I want to monitor are arbitrary and specific. The
> > distribution and architecture must also be taken into account. For a
> > given package, if I want to know about changes in unstable, then it
> > must not generate notifications against stable, experimental, source,
> > or some other architecture.
> 
> Can I ask why?

You can.  I have a funny feeling we won't get an answer.

The fact that B is interested in unstable *primarily* (it's the first
thing mentioned) tells us an enormous amount.

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Michael Grant wrote:


Jun 30 11:43:00 bottom sm-mta[18852]: AUTH: available mech=DIGEST-MD5 CRAM-MD5 
LOGIN PLAIN, allowed mech=EXTERNAL


Update here, it's not apparently an STARTTLS error, it's an AUTH
error.  Something in the update last night altered my list of
available AUTH mechanisms.

I manually updated sendmail.cf and updated this line:

O AuthMechanisms=EXTERNAL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN

by adding "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" and now it accepts
mail from my desktop.

I don't see where this is configured.  /etc/sasl2/Sendmail.conf which
is a link to /etc/mail/sasl/Sendmail.conf.2, but this file looks good,
I don't know where it's getting the AuthMechanisms from (yet).



I think this is configured in sasl.m4

and I suspect it's something to do with the "sm_version_math" stuff but
exactly what has changed to break this for you I don't know

ifelse(eval(sm_version_math >= 526848), `1', `dnl
ifelse(sm_enable_auth, `yes', `dnl
dnl #
dnl # Set a more reasonable timeout on negotiation
dnl #
define(`confTO_AUTH',  `2m')dnl  #   , def=10m
dnl #
dnl # Do not touch anything above this line...
dnl #
dnl # Available Authentication methods
dnl #
define(`confAUTH_MECHANISMS',dnl
`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl
dnl #
dnl # These, we will trust for relaying
dnl #
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')
dnl #
dnl # for 8.12.0+, add EXTERNAL as an available & trusted mech (w/STARTTLS)
dnl # and allow sharing of /etc/sasldb(2) file, allow group read/write
dnl #
ifelse(eval(sm_version_math >= 527360), `1', `dnl
define(`confAUTH_MECHANISMS',dnl
`EXTERNAL 'defn(`confAUTH_MECHANISMS'))dnl
TRUST_AUTH_MECH(`EXTERNAL')
define(`confDONT_BLAME_SENDMAIL',dnl
defn(`confDONT_BLAME_SENDMAIL')`,GroupReadableSASLDBFile,GroupWritableSASLDBFile')dnl
')dnl

Re: How to get an email notification every time a package is updated

[David Wright]

On Sun 30 Jun 2024 at 02:31:28 (-0700), B wrote:
> Thanks for the suggestion, but unfortunately I already researched that
> and there are problems.

On Sat 29 Jun 2024 at 22:46:00 (-0700), B wrote:
> It seems crazy that in all the history of Debian, nobody said "There's
> a package I care about and I want to get immediately when a new
> version is released."

On Sat 29 Jun 2024 at 19:15:55 (-0700), B wrote:
> The packages I want to monitor are arbitrary and specific. The
> distribution and architecture must also be taken into account. For a
> given package, if I want to know about changes in unstable, then it
> must not generate notifications against stable, experimental, source,
> or some other architecture.

Can I ask why?

Cheers,
David.

Re: Bug processo di installazione debian 32 bit

[Stanislav Vlasov]

вс, 30 июн. 2024 г. в 17:23, Uno Qualsiasi :
>
> Buongiorno vi contatto per segnalare un problema nel processo di 
> installazione di debian 12.5.0 dvd iso 32 bit, ossia che quando arriva al 
> momento di eseguire “grub-install” su disco primario mi fa errore. Su 
> qualsiasi pf 32 bit lo provi è fa lo stesso problema.
> Inviato da Uno qualsiasi

Most of us are not maintainers. This is a user mailing list and
sending bugs here is a very long way.
I think your target is https://www.debian.org/Bugs/Reporting which
describes how to send bugs by email to maintainers.

-- 
Stanislav

Re: sendmail and starttls failing

[Michael Grant]

> Jun 30 11:43:00 bottom sm-mta[18852]: AUTH: available mech=DIGEST-MD5 
> CRAM-MD5 LOGIN PLAIN, allowed mech=EXTERNAL

Update here, it's not apparently an STARTTLS error, it's an AUTH
error.  Something in the update last night altered my list of
available AUTH mechanisms.

I manually updated sendmail.cf and updated this line:

O AuthMechanisms=EXTERNAL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN

by adding "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" and now it accepts
mail from my desktop.

I don't see where this is configured.  /etc/sasl2/Sendmail.conf which
is a link to /etc/mail/sasl/Sendmail.conf.2, but this file looks good,
I don't know where it's getting the AuthMechanisms from (yet).


signature.asc
Description: PGP signature

Re: Backup.

[eben]

On 6/30/24 10:42, pe...@easthope.ca wrote:
>  From: e...@gmx.us
>  Date: Thu, 27 Jun 2024 15:52:44 -0400
>> On one computer I use rsync ...
>
> See reply to Eduardo.

Ah, you mean this one:

On 6/30/24 10:36, pe...@easthope.ca wrote:
>  From: Eduardo M KALINOWSKI 
>  Date: Thu, 27 Jun 2024 16:06:18 -0300
>> rnapshot
>
>>From https://rsnapshot.org/
>> rsnapshot is a filesystem snapshot utility ...
>
> Rather than a snapshot of the extant file system, I want to keep a
> history of the files in the file system.

rsync does do individual files.  Not sure what it's on about.  I can do
cp /backup/2024-06-25_13:55:24/x/y/z .
(assuming I did a backup then).

--
Scientist A: A matterbaby is a very unstable particle.
Scientist B: What's a matterbaby?
Scientist A: I'm doing fine honey, how you doing? -- mrshowrules on Fark

sendmail and starttls failing

[Michael Grant]

After an update today, sendmail is refusing to accept mail.  I'm
seeing this in the logs:

STARTTLS=read, info: fds=9/4, err=2

Here's the full log from when I try to send a message through my
server with authentication:

Jun 30 11:42:59 bottom sm-mta[18852]: NOQUEUE: connect from [1.2.3.4]
Jun 30 11:42:59 bottom sm-mta[18852]: AUTH: available mech=DIGEST-MD5 CRAM-MD5, 
allowed mech=EXTERNAL
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: Milter (clamav): init 
success to negotiate
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: Milter (spamassassin): 
init success to negotiate
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: Milter (opendkim): init 
success to negotiate
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: Milter: connect to filters
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: milter=clamav, 
action=connect, continue
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: milter=spamassassin, 
action=connect, continue
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: milter=opendkim, 
action=connect, continue
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 220 
bottom.networkguild.org ESMTP Sendmail 8.17.1.9/8.17.1.9/Debian-2+deb12u2; Sun, 
30 Jun 2024 11:42:59 -0400; (No UCE/UBE) logging access from: 
[1.2.3.4](FAIL)-[1.2.3.4]
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: <-- EHLO [1.2.3.4]
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: milter=spamassassin, 
action=helo, continue
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 
250-bottom.networkguild.org Hello [1.2.3.4], pleased to meet you
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 
250-ENHANCEDSTATUSCODES
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-PIPELINING
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-EXPN
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-VERB
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-8BITMIME
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-SIZE
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-STARTTLS
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250-DELIVERBY
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 250 HELP
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: <-- STARTTLS
Jun 30 11:42:59 bottom sm-mta[18852]: engine=(null), path=(null), ispre=0, 
pre=0, initialized=0
Jun 30 11:42:59 bottom sm-mta[18852]: tls_srv_features=(null), relay=[1.2.3.4] 
[1.2.3.4]
Jun 30 11:42:59 bottom sm-mta[18852]: tls_srv_features=empty, stat=0, 
relay=[1.2.3.4] [1.2.3.4]
Jun 30 11:42:59 bottom sm-mta[18852]: 45UFgx2h018852: --- 220 2.0.0 Ready to 
start TLS
Jun 30 11:42:59 bottom sm-mta[18852]: STARTTLS=server, info: fds=9/4, err=2
Jun 30 11:43:00 bottom sm-mta[18852]: STARTTLS=server, get_verify: 0 get_peer: 
0x0
Jun 30 11:43:00 bottom sm-mta[18852]: STARTTLS=server, relay=[1.2.3.4], 
version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 30 11:43:00 bottom sm-mta[18852]: STARTTLS=server, cert-subject=, 
cert-issuer=, verifymsg=ok
Jun 30 11:43:00 bottom sm-mta[18852]: AUTH: available mech=DIGEST-MD5 CRAM-MD5 
LOGIN PLAIN, allowed mech=EXTERNAL
Jun 30 11:43:00 bottom sm-mta[18852]: STARTTLS=read, info: fds=9/4, err=2
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2h018852: <-- EHLO [1.2.3.4]
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: milter=spamassassin, 
action=helo, continue
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 
250-bottom.networkguild.org Hello [1.2.3.4], pleased to meet you
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 
250-ENHANCEDSTATUSCODES
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250-PIPELINING
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250-EXPN
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250-VERB
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250-8BITMIME
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250-SIZE
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250-DELIVERBY
Jun 30 11:43:00 bottom sm-mta[18852]: 45UFgx2i018852: --- 250 HELP
Jun 30 11:43:00 bottom sm-mta[18852]: STARTTLS=read, info: fds=9/4, err=2

My cert for bottom.networkguild.org is still valid.  Err=2 is generaly
some sort of file-not-found error, but what file or file descriptor
went bad?



signature.asc
Description: PGP signature

Re: Backup

[Andy Smith]

On Sun, Jun 30, 2024 at 08:19:54AM -0700, pe...@easthope.ca wrote:
> From: Andy Smith 
> Date: Sun, 30 Jun 2024 14:21:45 +
> > What is this person doing?
> 
> Keeping a historical backup by an efficient method. 

While refusing to look into any modern backup system designed by
experienced people for that express goal, and instead writing tomes
of navel gazing to debian-user. It's not my cup of tea, but have
fun; as this and other threads demonstrate you will still find a
large number of willing playmates.

Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Re (3): Backup.

[Andy Smith]

Hi,

On Sun, Jun 30, 2024 at 07:36:58AM -0700, pe...@easthope.ca wrote:
> >From https://rsnapshot.org/
> > rsnapshot is a filesystem snapshot utility ...
> 
> Rather than a snapshot of the extant file system, I want to keep a 
> history of the files in the file system.

You should read more than one line of a page. That is exactly what
it is intended for. Snapshots become history when you keep multiple
of them.

I have used rsnapshot a lot (decades worth of use) and it's good but
it is not perfect (nothing is). It is probably a much better backup
system than anything one can typically come up with by hand at short
order, but here are some of its downsides:

- No built in compression or encryption. You can implement these
  yourself using filesystem features.

- Since it uses hardlinks for deduplication, this brings with it
  some inherent limitations:

  - The filesystem you use must support hardlinks

  - All versions of a file will have the same metadata (mtime,
permissions, ownership, etc) because hardlinks must have the
same metadata. As a consequence, any change of metadata will
result in two separate files being stored (not hardlinked
together) in order to represent that change. Even if the files
have identical content.

  - Changing one byte of a file results in the storage of two
separate full copies of the two versions of the file. With
hardlinks either the file is entirely the same or it needs to
not be a hardlink. This makes rsnapshot and things like it
particularly bad for backing up large append-only files like log
files.

- rsnapshot only compares versions of a file at the same path and
  point in time. So for example /path/to/foo is only ever compared
  against /path/to/foo *from the previous backup run*. Other copies
  of foo anywhere else on the system being backed up, or from other
  systems being backed up, or from a backup run previous to the most
  recent, will not be considered so will not be hardlinked together.

  A typical system has a lot of duplicate files and once you start
  backing up multiple systems there tends to be an explosion of
  duplicate data. rsnapshot will not handle any of this specially
  and will just store it all.

  It is possible to improve this by for example running an external
  deduplication tool over the backups, or using deduplication
  facilities of a filesystem like zfs¹. This must be done carefully
  otherwise the workings of rsnapshot can be disrupted.

- rsnapshot must walk through the entire previous backup to compare
  all the content of the files to the content of the new files. This
  is quite expensive and will involve tons of random seeks which is
  a killer for rotational storage media. Once you get to several
  million inodes in a backup run, you may find a run of rsnapshot
  taking several hours.

On the other hand, rsnapshot's huge plus point is that everything is
stored in a tree of files and hardlinks so it can just be explored
and restored with normal filesystem tools. You don't need any part
of rsnapshot to access and restore your content. That is such a good
feature that many people feel able to overlook the negatives.

More featureful backup systems chunk backup content up and store it
by a has of its content, which tends to bring advantages like:

- Never needing to store the same chunk twice no matter where (or
  when) it came from

- Easy to compress and encrypt

- Locating which data is in which chunk gets done by a database,
  not by random access to a filesystem, so it's much faster. When
  you say "I want /path/to/foo from a week ago, but also show me
  every copy you have going back 3 years", that is a database query,
  not a walk of a filesystem with potentially several million inodes
  in it.

But, by doing that you lose the ability to just cp a file from your
backups.

Thanks,
Andy

¹ Though someone heavily in to an advanced filesystem like zfs may
  be more inclined to take advantage of zfs's proper snapshot
  capabilities (and zfs-send to move them off-site) than use
  rsnapshot on it.

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Backup

[peter]

From: Andy Smith 
Date: Sun, 30 Jun 2024 14:21:45 +
> What is this person doing?

Keeping a historical backup by an efficient method. 
https://lists.debian.org/debian-user/2024/06/msg00780.html

> Just use borgbackup, restic, amanda or even rsnapshot (ancient but
> still functional).
 
Ref. URL above.  I've used xorriso for several years.  If you advise 
against it, please explain why.

Thx, ... P.


-- 
VoIP:   +1 604 670 0140
work: https://en.wikibooks.org/wiki/User:PeterEasthope

Re: Browser traffic interception/inspection

[Max Nikulin]

On 30/06/2024 12:56, Jeffrey Walton wrote:

On Sat, Jun 29, 2024 at 4:13 PM Lee wrote:

set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt
start C:\"Program Files\Firefox\Firefox.exe"

[...]

Browsers do not support the passive capture/replay that OP wants.


Lee, may you, please, specify Firefox version and release channel you 
are using on Windows where this feature is working?

Re: Backup.

[Anssi Saari]

pe...@easthope.ca writes:

> I'm beginning to learn Git.  So I wonder about another approach where 
> files are in a local Git repository.  That would allow  tracing the 
> history of any file.  A backup of the extant repository would still be 
> necessary.  

bup is a backup application using git. I like it because it can add
error correction codes generated by par2 in the backup.

Re: Backup.

[peter]

From: e...@gmx.us
Date: Thu, 27 Jun 2024 15:52:44 -0400
> On one computer I use rsync ...

See reply to Eduardo.

Thx,   ... P.

-- 
VoIP:   +1 604 670 0140
work: https://en.wikibooks.org/wiki/User:PeterEasthope

Re (3): Backup.

[peter]

From: Eduardo M KALINOWSKI 
Date: Thu, 27 Jun 2024 16:06:18 -0300
> rnapshot

>From https://rsnapshot.org/
> rsnapshot is a filesystem snapshot utility ...

Rather than a snapshot of the extant file system, I want to keep a 
history of the files in the file system.

Thanks,... P.

-- 
VoIP:   +1 604 670 0140
work: https://en.wikibooks.org/wiki/User:PeterEasthope

Re: Backup.

[peter]

From: Jerome BENOIT 
Date: Thu, 27 Jun 2024 21:53:44 +0200
> why did you not use something as backup2l ?

Unaware of it.

From: https://github.com/gkiefer/backup2l
> The restore function allows to easily restore the state of the file 
> system or arbitrary directories/files of previous points in time. 
> ...
> An integrated split-and-collect function allows to comfortably 
> transfer all or selected archives to a set of CDs or other removable 
> media.

Appears relevant.  To catch subtleties, will need to work with it. Two 
phases of workflow may be required.

(1) backup2l records filesystem to rewritable medium such as HDD.

(2) Copy to optical medium.  Each copy may require a fresh optical 
disk. Thomas Schmidt's xorriso appends data to a disk.  Medium is used 
more efficiently..

Thanks,   ... P.

-- 
VoIP:   +1 604 670 0140
work: https://en.wikibooks.org/wiki/User:PeterEasthope

Re: Backup.

[tomas]

On Sun, Jun 30, 2024 at 02:21:45PM +, Andy Smith wrote:
> Hello,

[...]

> Git has some properties that are desirable for general backup
> purposes, but also some fairly huge downsides. For example:
> 
> - It's not efficient or performant for storing large binary files.

[...]

Plus, it doesn't record file ownership (for general backup,
this *is* important).

I'm a fan of rsync. If you want to keep more than one generation,
--link-dest or --compare-dest, as has been stated elsewhere in
this thread, are your friends.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Backup.

[Andy Smith]

Hello,

On Sun, Jun 30, 2024 at 06:40:03AM -0700, pe...@easthope.ca wrote:
> I'm beginning to learn Git.  So I wonder about another approach where 
> files are in a local Git repository.  That would allow  tracing the 
> history of any file.  A backup of the extant repository would still be 
> necessary.  
> 
> I don't know the software well enough to compare the two approaches.

Git has some properties that are desirable for general backup
purposes, but also some fairly huge downsides. For example:

- It's not efficient or performant for storing large binary files.
  As a result, several extensions and external programs around git
  exist for getting large binary files into git. Trying to use git
  for general purpose backups will run up against this unless you
  never want to back up large binary files.

- Git stores full (compressed) copies of every version of every
  file. Most backup solutions do better on space.

- Git has no built in way to purge old content. It keeps it all. A
  typical requirement for backup software is to have a bounded limit
  on the oldest versions that will be kept, and quite often there
  are more complex requirements such as "keep daily copies for a
  month, week;y copies for 6 months, monthly copies for 6 years"
  etc. Very hard to do with git.

My first thought when I read the post that started this thread was,

"What is this person doing? If the goal is to have a real world
project to learn some programming techniques and have fun, fair
enough, but if the goal here is to have a decent backup scheme
why are they not using any of the existing excellent solutions
that have thought of and solved so many of the problems in this
space?"

That did not seem like it would be a welcome response at the time so
I held my tongue, but if you are now thinking of looking in to using
git for the purpose, I think it's a wrong step, and in saying so I
might as well say the other as well.

Just use borgbackup, restic, amanda or even rsnapshot (ancient but
still functional).

Unless you are wanting to have a first hand learning experience
about why you should just use borgbackup, restic, amanda or even
rsnapshot.

(Also I think learning about git is best done by using it for what
it was designed for: managing source code in git.)

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Backup.

[Michael Kjörling]

On 30 Jun 2024 06:40 -0700, from pe...@easthope.ca:
>> You could give the backups volume ids which tell the date.
>> 
>>  -volid BOB_"$(date '+%Y_%m_%d_%H%M%S')"
>> 
>> (BOB = Backup Of Backup :))
> 
> I'm beginning to learn Git.  So I wonder about another approach where 
> files are in a local Git repository.  That would allow  tracing the 
> history of any file.  A backup of the extant repository would still be 
> necessary.  

That sounds a lot like etckeeper, except on a larger scale.

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Debian 12.6 - clamav-deamon does not use a socket

[christian]

Hello,
I'm currently struggling with the problem that my clamav daemon creates 
/var/run/clamav/clamd.ctl as a socket, but I can't connect to Rspamd. At 
first I thought that rspamd wasn't sending anything, but clamav isn't 
addressing any socket.


When I check this using sockstat, no active socket is displayed. So 
clamav doesn't seem to be addressing the socket.


I uninstalled everything from clamav again and deleted the directories 
by hand. Then I downloaded everything again from the Debian 12 
repository. Everything is created and a new socket is created, but the 
same thing happens again: the socket doesn't work.


Do I have to tell it beforehand via a setting that it should be active?

Of course, the clamav.conf states:

LocalSocket /var/run/clamav/clamd.ctl
The logs show that the signatures are loaded and the function is checked 
every 3600 seconds. But the socket is not working.


What could be the reason for this?

Christian

clamconf
Checking configuration files in /etc/clamav

Config file: clamd.conf
---
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "104857600"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug = "yes"
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode disabled
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "1"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "12"
MaxScanSize = "52428800"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "1"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "104857600"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "52428800"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled

Config file: freshclam.conf
---
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disable

Re: Backup.

[peter]

From: "Thomas Schmitt" 
Date: Fri, 28 Jun 2024 23:35:31 +0200
> You could give the backups volume ids which tell the date.
> 
>  -volid BOB_"$(date '+%Y_%m_%d_%H%M%S')"
> 
> (BOB = Backup Of Backup :))

I'm beginning to learn Git.  So I wonder about another approach where 
files are in a local Git repository.  That would allow  tracing the 
history of any file.  A backup of the extant repository would still be 
necessary.  

I don't know the software well enough to compare the two approaches.

Thx,  ... P.

-- 
VoIP:   +1 604 670 0140
work: https://en.wikibooks.org/wiki/User:PeterEasthope

Re: Need help with narroely focused use case of Emacs

[mick.crane]

On 2024-06-30 14:21, Greg Wooledge wrote:

On Sun, Jun 30, 2024 at 12:32:15 +0100, mick.crane wrote:

got it thanks.









I don't know what you're trying to do, but ERE [0-7]{1,2} matches one-
or two-digit *octal* numbers (e.g. 5, 07, 72, 77) but not numbers that
contains the digits 8 or 9.

Do you have a book whose verses are enumerated in octal?


Looked at the original question, having first misunderstood it I said 
could be done with search and replace in an editor then realised I 
wasn't sure how to do what was asked.
So now I know you can use regular expressions in Geany and a bit more 
about the format.

Previous post could have been clearer but I was trying to be brief.

Re: Need help with narroely focused use case of Emacs

[Andy Smith]

Hello,

On Sun, Jun 30, 2024 at 09:21:57AM -0400, Greg Wooledge wrote:
> Do you have a book whose verses are enumerated in octal?

No one clarified that this was the *Christian* Bible. 😀

Thanks,
Andy

Re: Backup.

[peter]

From: "Thomas Schmitt" 
Date: Fri, 28 Jun 2024 23:35:31 +0200
> I am working on a solution for your non-unique volume id situation
> by optionally referring to modification timestamps.
> A new command -toc_info_type can switch -toc away from showing volume ids:
> 
>   $ xorriso -indev /dev/sr0  -toc_info_type mtime  -toc
>   xorriso 1.5.7 : RockRidge filesystem manipulator, libburnia project.
>   ...
>   Media current: DVD+RW
>   ...
>   Volume id: 'HOME_Z_2024_06_27_225526'
>   ...
>   TOC layout   : Idx ,  sbsector ,   Size , Modification Time
>   ISO session  :   1 ,32 ,   1240808s , 2024.06.20.232334
>   ISO session  :   2 ,   1240864 , 29797s , 2024.06.21.220651
>   ISO session  :   3 ,   1270688 , 20484s , 2024.06.23.225019
>   ISO session  :   4 ,   1291200 , 28928s , 2024.06.24.224429
>   ISO session  :   5 ,   1320128 , 21352s , 2024.06.25.223943
>   ISO session  :   6 ,   1341504 , 30352s , 2024.06.26.223934
>   ISO session  :   7 ,   1371872 , 29023s , 2024.06.27.225617
>   Media summary: 7 sessions, 1400744 data blocks, 2736m data, 1746m free
> 
> This is a zisofs compressed backup which happens every evening except
> saturdays.
> Note the time difference between 2024_06_27_225526 and 2024.06.27.225617.
> These 51 seconds where spent between program start and begin of writing.
> 
> This program enhancement is already committed to git.
> In a few days there will be a new GNU xorriso 1.5.7 tarball, which is
> easy to build and to test without any danger of frankendebianing.

Thanks Thomas.  Ideally I should find time to follow your suggestions  
but already overcommitted to volunteer activities.  I might have to wait 
until -toc_info_type is in a Debian release.

Thx,  ... P.

-- 
VoIP:   +1 604 670 0140
work: https://en.wikibooks.org/wiki/User:PeterEasthope

Re: Need help with narroely focused use case of Emacs

[Greg Wooledge]

On Sun, Jun 30, 2024 at 12:32:15 +0100, mick.crane wrote:
> got it thanks.
> 
> 
> 
> 
> 
> 
> 

I don't know what you're trying to do, but ERE [0-7]{1,2} matches one-
or two-digit *octal* numbers (e.g. 5, 07, 72, 77) but not numbers that
contains the digits 8 or 9.

Do you have a book whose verses are enumerated in octal?

Re: How to get an email notification every time a package is updated upstream?

[Greg Wooledge]

On Sat, Jun 29, 2024 at 22:46:00 -0700, B wrote:
> On 6/29/24 7:48 PM, Greg Wooledge wrote:
> > My next question: is this a package that's*installed* on your system?
> 
> No. Not even the same arch or release as the installed system. I'll even go
> further and tell you I want these notifications on a Windows system or an
> iPhone. And the Debian systems are air-gapped with no Internet access.

https://mywiki.wooledge.org/BashFAQ/064

 21. If^H^HWhen the newbie's question is ambiguous, the proper
 interpretation will be whichever one makes the problem the hardest
 to solve.

Good to know the universe hasn't changed.

Now, levity aside, let's say you write a PowerShell script and run it
on your Microsoft Windows computer, and it queries the Debian repositories,
and it learns that bash version 5.2.15-2+b7 is the currently available
version for bookworm.

Is this version new?  Is it old?  Do you want to be informed of it?

How does your program determine whether to notify you or not?

Re: How to use Wine, How to get Gecko to install and work

[Mario Marietto]

You can try this tool :

https://github.com/winegui/WineGUI


On Sun, Jun 30, 2024 at 1:58 PM Richard  wrote:

> Depends on what you are trying to do. But in my experience, if you don't
> need to do some heavy work to maybe get something to work, take a look at
> Bottles [1]. It's kinda a GUI for Wine and Proton and seems to have some
> tricks up its sleeves. So take a look at it, maybe it can do everything you
> are trying to do.
>
> Best
> Richard
>
> [1]: https://usebottles.com/
>
> On Sun, Jun 30, 2024, 06:33 George at Clug  wrote:
>
>> Hi,
>>
>> Does anyone know of really simple but comprehensive instructions on how
>> to use and configure Wine, that you can send me links to?
>>
>> [...]
>>
>>
>> George.
>>
>>

-- 
Mario.

Eric Naggum [was: Curt having his fits]

[tomas]

On Sun, Jun 30, 2024 at 11:44:04AM +0200, Geert Stappers wrote:
> On Sat, Jun 29, 2024 at 04:31:43PM -0700, Will Mengarini wrote:
> > Richard [24-06/30=Su 00:57 +0200]:
> > > That's how you warrant your ban, idiot.
> > 
> > Don't get yourself banned, Richard.
> > 
> > Anybody else remember  ..?
> > 
> 
> Assume the person moved on, became a better human.

I do remember that person. And, while he was extremely
opinionated, to the point of being grating, he also was
very smart and did contribute a lot to the Lisp discussion
and to other diverse fields. Much more than most of us
around here.

In retrospect, I think he was treated unfairly. 

And he died far too young.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Need help with narroely focused use case of Emacs

[mick.crane]

On 2024-06-29 20:29, Greg Wooledge wrote:

On Sat, Jun 29, 2024 at 20:18:02 +0100, mick.crane wrote:

Oh, I see what the question was.
There is "use regular expressions", "use multi line matching" in Geany
I'm not very good at regular expressions.
I'd probably do it 3 times
"search for" 
"search for" 
"search for" 


There's more than one regular expression syntax, so the first step is
to figure out which *kind* of regular expression you're writing.

In a Basic Regular Expression (BRE), you can write "one to three
digits" as:

[[:digit:]]\{1,3\}

In an Extended Regular Expression (ERE), you'd remove the backslashes:

[[:digit:]]{1,3}

Some people would use [0-9] instead of [[:digit:]].  [0-9] should work
in any locale I'm aware of, but is theoretically less portable than
[[:digit:]].  If you're actually doing this by typing a regex into an
editor, then [0-9] might be preferred because it's easier to type.  If
you're writing a program, you should probably go with [[:digit:]].


got it thanks.

Re: How to get an email notification every time a package is updated upstream?

[debian-user]

B  wrote:
> It seems crazy that in all the history of Debian, nobody said
> "There's a package I care about and I want to get immediately when a
> new version is released." And if they had, doing an "apt-get update"
> every minute of the day would not have been any part of the desired
> outcome.

I'd expect that normally when somebody is so keen about a particular
package, they'd be more interested to know when a new upstream version
of the package appeared, rather than it appearing in a debian update.
So the answer would depend on a lot of factors and wouldn't have a
general answer.

But in general, if there isn't an event-driven mechanism available(*)
then a polling solution is generally the next step.

* e.g. accepting notifications of all updates and filtering for the
  interesting one.

Re: balenaEtcher

[tv.debian]

Le 30/06/2024 à 04:58, Aleix Piulachs a écrit :


I had problems with parrot4.4_i386.iso and balenaEtcher 1.19.21, but I 
uninstalled version 1.19.21 and installed balena1.18.11 and fixed it and 
it worked



Older versions of BalenaEtcher may very well be vulnerable to several 
exploits linked to the underlying Electron toolkit. Also the program 
connects to the Internet during use, which makes it potentially more 
vulnerable. I do not follow Balena development, but you would be well 
inspired to make sure you are not using a vulnerable older release.


If Balena causes you problem I can offer my personal experience with 
bootable flash drives: since I discovered Ventoy I never had to mess 
around with dd or Balena or any other tools like that. I have one usb 
flash drive with Ventoy installed on it (a GUI is provided), all the ISO 
I want to test or use simply copied on the drive (the usb drive remains 
usable as storage), and at boot time I can pick whichever I want. Tested 
with Parrot, Debian live, Kali, Clonezilla and many others, and even 
Windows installation media.


I am not in any way affiliated with Ventoy, just a grateful user.


https://www.ventoy.net/en/index.html

Re: Curt having his fits

[Geert Stappers]

On Sat, Jun 29, 2024 at 04:31:43PM -0700, Will Mengarini wrote:
> Richard [24-06/30=Su 00:57 +0200]:
> > That's how you warrant your ban, idiot.
> 
> Don't get yourself banned, Richard.
> 
> Anybody else remember  ..?
> 

Assume the person moved on, became a better human.

So no reason to dig up old harm.



Groeten
Geert Stappers
DD
-- 
Silence is hard to parse


signature.asc
Description: PGP signature

Re: How to get an email notification every time a package is updated upstream?

[B]

On 6/30/24 1:55 AM, Michael Kjörling wrote:

I will readily admit that it doesn't immediately meet all of your
criteria, but one possible venue especially if you are only interested
in a few specific packages might be to point e.g. rss2email at the
package events RSS feed available through tracker.debian.org. At that
point you can use typical email filtering to further filter it down to
only those events you are interested in (for example, only those that
mention "into stable").


Thanks for the suggestion, but unfortunately I already researched that 
and there are problems.


The RSS news feed  would not be needed in this case. Tracker can already 
send emails directly to you.


There is the debian-chan...@lists.debian.org and 
debian-devel-chan...@lists.debian.org mailing lists, if you want to get 
notified for everything.


Otherwise, you can select specific packages and keyword/event types 
through the web interface. Register, login, and then add your subscriptions:


https://tracker.debian.org/accounts/subscriptions/

Like I think I said in my original email, Tracker is 
dev/source-oriented, not user/package-oriented. Notifications are sent 
out when new source or other uploads are accepted into the archive. This 
is not the same thing as a new package version becoming available for 
download in the repos. Many packages have completely different source 
and package names (The linux kernel for example), and of course 
architecture is usually not considered at all, unless it's a binary upload.

Re: How to get an email notification every time a package is updated upstream?

[Michael Kjörling]

On 29 Jun 2024 19:15 -0700, from b...@mydomainnameisbiggerthanyours.com (B):
> My objective is to get an email notification when an update is available for
> a specific Debian package.
> 
> It sounds simple. Something like this should already exist, right? The
> requirements are trivial. Yet after doing a lot of research I can't find an
> existing solution that doesn't have problems.
> 
> Does anyone have any suggestions or input?

I will readily admit that it doesn't immediately meet all of your
criteria, but one possible venue especially if you are only interested
in a few specific packages might be to point e.g. rss2email at the
package events RSS feed available through tracker.debian.org. At that
point you can use typical email filtering to further filter it down to
only those events you are interested in (for example, only those that
mention "into stable").

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Bug processo di installazione debian 32 bit

[Michael Kjörling]

On 30 Jun 2024 09:11 +0200, from unoqualsiasi...@icloud.com (Uno Qualsiasi):
> Buongiorno vi contatto per segnalare un problema nel processo di 
> installazione di debian 12.5.0 dvd iso 32 bit, ossia che quando arriva al 
> momento di eseguire “grub-install” su disco primario mi fa errore. Su 
> qualsiasi pf 32 bit lo provi è fa lo stesso problema.
> Inviato da Uno qualsiasi

This is the English-language debian-user mailing list.

You may be interested in debian-italian. 
https://lists.debian.org/debian-italian/

Please note that no Debian users' mailing list is the correct venue to
report bugs. For that, see .

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Bug processo di installazione debian 32 bit

[Uno Qualsiasi]

Buongiorno vi contatto per segnalare un problema nel processo di installazione 
di debian 12.5.0 dvd iso 32 bit, ossia che quando arriva al momento di eseguire 
“grub-install” su disco primario mi fa errore. Su qualsiasi pf 32 bit lo provi 
è fa lo stesso problema.
Inviato da Uno qualsiasi

Re: How to use Wine, How to get Gecko to install and work

[Richard]

Depends on what you are trying to do. But in my experience, if you don't
need to do some heavy work to maybe get something to work, take a look at
Bottles [1]. It's kinda a GUI for Wine and Proton and seems to have some
tricks up its sleeves. So take a look at it, maybe it can do everything you
are trying to do.

Best
Richard

[1]: https://usebottles.com/

On Sun, Jun 30, 2024, 06:33 George at Clug  wrote:

> Hi,
>
> Does anyone know of really simple but comprehensive instructions on how to
> use and configure Wine, that you can send me links to?
>
> [...]
>
>
> George.
>
>