from:""


Hello together,

I'm member of the maintenance team of Back In Time [1] a rsync-based 
backup software.


We are in the middle of preparing the next release to hit the upcoming 
Ubuntu release in time.
It would be great if you could help that project and offer Dutch 
translations or review them [2] (currently at 69%).


In the project, no one gets payed. No company behind hit. Even the 
maintainers and developers are volunteers.


Please let me know if and how you want to be mentioned in the credits as 
a translator.
It is up to you if you want to use your real name, your email or 
something else.
We do have a file [3] listing translators contribution. That names will 
be used in the about dialog for example.


Thanks in advance and best wishes,
Christian Buhtz

[1] -- 
[2] -- 
[3] --

Re: General questions

2024-07-08 Thread Thomas Schmitt

Hi,

cybertat...@gmail.com wrote:
>     2.2. I have done then: gpg --keyserver keyring.debian.org --verify 
> SHA512SUMS.sign SHA512SUMS
>     2.3. Then I have got next info: Signed was made in 30 june 2024
>    And RSA key: DF9B9C49EAA9298432589D76DA87E80D6294BE9B
> I have compared 2011 's key and mine and they are the same.

The key string looks good, indeed.

> But is it a good idea to do that? Or do I need to download the open key and
> then compare them?

It would suffice for me. If you know more ways to verify that the
signature belongs to Debian, then apply them. Just to be sure.

> And is verification with SHA512SUMS.sign and SHA512SUMS enough? Should I do
> the same actions with SHA216SUMS.sign and SHA216SUMS?

It is general belief that faking a SHA-512 checksum is not feasible,
currently. Faking both, SHA-512 and SHA-256 would be even more difficult.
So check both and raise loud alarm if one matches and the other does not.

Have a nice day :)

Thomas

[Back In Time] Request to update translations before upcoming release


Hello together,

I'm member of the maintenance team of Back In Time [1] a rsync-based 
backup software.


We are in the middle of preparing the next release to hit the upcoming 
Ubuntu release in time.
It would be great if you could help that project and offer Danish 
translations or review them [2] (currently at 57%).


In the project, no one gets payed. No company behind hit. Even the 
maintainers and developers are volunteers.


Please let me know if and how you want to be mentioned in the credits as 
a translator.
It is up to you if you want to use your real name, your email or 
something else.
We do have a file [3] listing translators contribution. That names will 
be used in the about dialog for example.


Thanks in advance and best wishes,
Christian Buhtz

[1] -- 
[2] -- 
[3] --

Re: General questions

2024-07-08 Thread Greg Wooledge

On Tue, Jul 09, 2024 at 00:15:00 +0500, 타토카 wrote:
> Thank you all for your answers.
> 1. But I mean subscriptions like this "debian-user":) But I really like
> your answers about Debian's freedom. I think it is useful information.
> Thanks.

The debian-user mailing list is open to all who wish to contribute to it,
as long as they abide by the list's code of conduct.  There is no fee
involved.  On the other hand, any answers you get here are "use at your
own risk", as they are coming from random people on the Internet.

Re: General questions

2024-07-08 Thread 타토카

Thank you all for your answers.
1. But I mean subscriptions like this "debian-user":) But I really like
your answers about Debian's freedom. I think it is useful information.
Thanks.
2. I just have verified GPG's keys manually: https://keyring.debian.org/
2.1. I have downloaded SHA512 SUMS.sign SHA512SUMS from
https://cdimage.debian.org/debian-cd/current/amd64/bt-cd/
2.2. I have done then: gpg --keyserver keyring.debian.org --verify
SHA512SUMS.sign SHA512SUMS
2.3. Then I have got next info: Signed was made in 30 june 2024
And RSA key: DF9B9C49EAA9298432589D76DA87E80D6294BE9B
I have compared 2011 's key and mine and they are the same.
But is it a good idea to do that? Or do I need to download the open key and
then compare them?
And is verification with SHA512SUMS.sign and SHA512SUMS enough? Should I do
the same actions with SHA216SUMS.sign and SHA216SUMS?

On Mon, Jul 8, 2024 at 11:00 PM Thomas Schmitt  wrote:

> Hi,
>
> cybertat...@gmail.com wrote:
> > 2. How to check Debian Image Authentication?
> > Is checksum verification (sha216sum, sha512sum) enough?
>
> Only if you are trusting the site from where you downloaded the ISO.
> In that case you'd use the checksums in the files SHA256SUMS and
> SHA512SUMS as mere control whether the download delivered what the server
> operators intended.
>
>
> > Should I verify with GPG?
>
> The signatures in the files SHA256SUMS.sign and SHA512SUMS.sign verify that
> the checksums in SHA256SUMS and SHA512SUMS are authorized by the Debian
> developers who are in charge of image production.
>
> Verify them by e.g.
>
>   gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
>
> and look out for the text,
>
>   gpg: Good signature from "Debian CD signing key <
> debian...@lists.debian.org>"
>   ...
>   Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294
> BE9B
>
> First occuruence of this fingerprint in my mailbox is Oct 10 2015.
>
> On
>   https://www.debian.org/CD/verify
> there are two more valid keys published which would yield:
>
>   gpg: Good signature from "Debian CD signing key <
> debian...@lists.debian.org>"
>   Primary key fingerprint:  1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6
> EA7D
>
>   gpg: Good signature from "Debian Testing CDs Automatic Signing Key <
> debian...@lists.debian.org>"
>   Primary key fingerprint: F41D 3034 2F35 4669 5F65  C669 4246 8F40 09EA
> 8AC3
>
> Both have their first occurence in my mailbox at Feb 16 2020.
>
> If you see one of these texts, then you may assume the checksum files to
> be valid (or the fingerprints to be undetected falsifications since years).
> But if you see deviations in the fingerprint lines then this would be very
> suspicious.
>
>
> Have a nice day :)
>
> Thomas
>
>

Re: Kernel panic....

2024-07-08 Thread Van Snyder

On Mon, 2024-07-08 at 17:46 +, Andrew M.A. Cater wrote:
> On Sun, Jul 07, 2024 at 07:07:26PM -0700, Van Snyder wrote:
> > I recently installed Debian 12.5 with kernel 6.5.0.0 on an antique
> > Dell
> > Vostro 1700. Occasionally it crashes with
> > 
> > "Kernel Panic - not syncing: Can not allocate SWIOTLB buffer
> > earlier
> > and can't now provide you with the DMA bounce buffer"
> > 
> 
> Hi,
> 
> As suggested, use the Debian 6.1 kernel.
> 
> This is a laptop from around 2008 if I'm reading the spec. correctly.
> This is a laptop with an older Nvidia card. How did you install it?
> Did you try to install the Nvidia drivers at any point? I can't 
> find out whether this is one of the machines that has dual chipsets
> (one Intel / one Nvidia). If so, have you used the instructions
> for bumblebee/primus or whatever the appropriate magic now is?

I tried unsuccessfully to install the NVidia 340 driver from the NVidia
drivers page. I found a SourceForge/GitHub page by MeowIce that had the
patched driver, but not for kernel 6.1, so I installed 6.5.0.0 from
backports-bookworm and the patched NVidia 340 driver. That also didn't
work, so I reinstalled bog-standard Debian 12.5 with the 6.1 kernel
using the net-install ISO from the Debian site. It doesn't have dual
graphic chipsets. The video driver is nouveau.

> 
> > I saw some remarks about this from 2013 in the context of release
> > 3.5.
> > 
> > Is this a problem in the kernel, or is the computer broken?
> > 
> > Should I revert to an earlier release?
> > 
> > 
> 
> Ideally, if you're running Debian stable, don't revert to prior
> versions.
> 
> Apt-get update to ensure that you're running the latest point
> release.
> 
> All the very best, as ever,
> 
> Andy
> (amaca...@debian.org) 
>

Re: General questions

2024-07-08 Thread Michael Kjörling

On 8 Jul 2024 22:24 +0500, from cybertat...@gmail.com (타토카):
> 1. Are all subscriptions to Debian free?

Others have already pointed out that Debian is free, but I want to
note that this question seems to be based on a misunderstanding.

The fact is that there are no "subscriptions" to Debian, in the
typical sense.

Some people voluntarily _donate_ to the Debian project to help cover
costs, provide hardware, etc., and the Debian project solicits such
donations in various ways. Some are members for example of this
mailing list and give back to the community by answering other
peoples' questions. Some contribute bug reports, code or documentation
changes either to correct errors or to improve clarity. Some introduce
their friends, family and relatives to free software and offer
hands-on help. Some companies provide services at a lower price to
people who are active in the Debian project, or to the Debian project
itself.

But there is absolutely no requirement to do any of this.

Some companies do offer _support contracts_ that cover Debian, and
particularly other companies tend to like this because it gives them
somewhere to call if they have a problem. But you don't need to have
anything like that to use Debian, or contribute in various ways.

You can just download, install and use it. :-)

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

[Back In Time] Update translations before upcoming release


Hello together,

I'm member of the maintenance team of Back In Time [1] a rsync-based 
backup software.


We are in the middle of preparing the next release to hit the upcoming 
Ubuntu release in time.
It would be great if you could help that project and offer Catalan 
translations or review them [2] (currently at 73%).


In the project, no one gets payed. No company behind hit. Even the 
maintainers and developers are volunteers.


Please let me know if and how you want to be mentioned in the credits as 
a translator.
It is up to you if you want to use your real name, your email or 
something else.
We do have a file [3] listing translators contribution. That names will 
be used in the about dialog for example.


Thanks in advance and best wishes,
Christian Buhtz

[1] -- 
[2] -- 
[3] --

Re: usb => serial port converter

2024-07-08 Thread Paul Duncan

Hi Lee,

Its very much "horses for courses".

If all you want to do is talk to network switch console ports, there are
cheap cables from Amazon that will do that.

If you *only* want a general purpose RS-232 StarTech and TrendNet should
just work.

If you want to be able to do other things like RS-422 and RS-485, I would
recommend a Moxa uPort 1150. Be aware that you will have to install the
Moxa driver to use this - its not generally included with the kernel.

Cheers,

Paul.

On Sun, 7 Jul 2024 at 22:02, Lee  wrote:

> What's everybody using for a usb => serial port converter?
>
> I got a new network switch and .. OhNoes!! how to I talk to the darn
> thing???
>
> I went looking thru cabinets and came up with a keyspan usb -> serial
> dongle; a quick search found the site with driver downloads, but they
> all were for Windows or MacOS.  I tried plugging the dongle into my
> debian laptop but it didn't recognize it :(
>
> So... what are people using to talk to serial devices now that PCs
> don't come with serial ports anymore?
>
> And what program are you using to talk to something over the serial
> link?  pterm or something else?
>
> I still have a Windows machine, so install the drivers, configure
> putty to talk to COM4 & I'm good to go.  But I'm trying to get *away*
> from Windows.  How do I talk to my switch over the serial port?
>
> Thanks,
> Lee
>
>

-- 

*Paul Duncan*

Lead Marine Technician, RV Falkor(too)

SCHMIDT OCEAN INSTITUTE

mobile +1 650 387 4151

VOIP +1 954 672 4943

www.schmidtocean.org

Follow us on Twitter, Facebook and Google+

*This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged*

*information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you have received it in*

*error, please advise the sender by reply email and delete the message and
any attachments. Thank you.*

Re: Creating PDF/A from LaTeX source and from existing PDF

On Wed, Jul 03, 2024 at 11:15:51AM GMT, Henning Follmann wrote:
> On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> > A requirement of any solution is that it doesn't rely on non-DFSG-compliant
> > software, including online conversion tools.
>
> Please looks at this thread at StackExchange. I found that to be very
> helpful.
> https://tex.stackexchange.com/questions/130201/pdf-a-with-hyperref-on-tex-live-2013/136653#136653
>
> Please let me know how it works out for you.

Hello.
Thanks for pointing to the thread, but the solution isn't suitable for me. I
need a solution that does not rely on non-DFSG-compliant software, but the
first step requires to use a file from a zip archive [1] with a license that
explicitly forbids to modify and sell it.

[1]: http://www.eci.org/_media/downloads/icc_profiles_from_eci/ecirgbv20.zip

--
Ceppo

signature.asc
Description: PGP signature

Re: General questions

2024-07-08 Thread Thomas Schmitt

Hi,

cybertat...@gmail.com wrote:
> 2. How to check Debian Image Authentication?
> Is checksum verification (sha216sum, sha512sum) enough?

Only if you are trusting the site from where you downloaded the ISO.
In that case you'd use the checksums in the files SHA256SUMS and
SHA512SUMS as mere control whether the download delivered what the server
operators intended.

> Should I verify with GPG?

The signatures in the files SHA256SUMS.sign and SHA512SUMS.sign verify that
the checksums in SHA256SUMS and SHA512SUMS are authorized by the Debian
developers who are in charge of image production.

Verify them by e.g.

  gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS

and look out for the text,

  gpg: Good signature from "Debian CD signing key "
  ...
  Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

First occuruence of this fingerprint in my mailbox is Oct 10 2015.

On
  https://www.debian.org/CD/verify
there are two more valid keys published which would yield:

  gpg: Good signature from "Debian CD signing key "
  Primary key fingerprint:  1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6 EA7D

  gpg: Good signature from "Debian Testing CDs Automatic Signing Key 
"
  Primary key fingerprint: F41D 3034 2F35 4669 5F65  C669 4246 8F40 09EA 8AC3

Both have their first occurence in my mailbox at Feb 16 2020.

If you see one of these texts, then you may assume the checksum files to
be valid (or the fingerprints to be undetected falsifications since years).
But if you see deviations in the fingerprint lines then this would be very
suspicious.

Have a nice day :)

Thomas

Re: General questions

2024-07-08 Thread Dan Ritter

타토카 wrote: 
> Hello, dear Debian Community. I have several questions:
> 1. Are all subscriptions to Debian free?

Yes. There are non-Debian businesses which can sell you support,
if you like, but Debian software is all free.

> 2. How to check Debian Image Authentication? Is checksum verification
> (sha216sum, sha512sum) enough? Should I verify with GPG? If so, how can I
> do that? Or can you give me any additional advice to do right verification?

Verify a downloaded image with the checksum:

https://www.debian.org/CD/verify

After that, package updates from Debian HTTPS sources will be
good.

-dsr-

Re: Kernel panic....

2024-07-08 Thread Andrew M.A. Cater

On Sun, Jul 07, 2024 at 07:07:26PM -0700, Van Snyder wrote:
> I recently installed Debian 12.5 with kernel 6.5.0.0 on an antique Dell
> Vostro 1700. Occasionally it crashes with
> 
> "Kernel Panic - not syncing: Can not allocate SWIOTLB buffer earlier
> and can't now provide you with the DMA bounce buffer"
> 

Hi,

As suggested, use the Debian 6.1 kernel.

This is a laptop from around 2008 if I'm reading the spec. correctly.
This is a laptop with an older Nvidia card. How did you install it?
Did you try to install the Nvidia drivers at any point? I can't 
find out whether this is one of the machines that has dual chipsets
(one Intel / one Nvidia). If so, have you used the instructions
for bumblebee/primus or whatever the appropriate magic now is?

> I saw some remarks about this from 2013 in the context of release 3.5.
> 
> Is this a problem in the kernel, or is the computer broken?
> 
> Should I revert to an earlier release?
> 
>

Ideally, if you're running Debian stable, don't revert to prior versions.

Apt-get update to ensure that you're running the latest point release.

All the very best, as ever,

Andy
(amaca...@debian.org)

Re: General questions

2024-07-08 Thread tomas

On Mon, Jul 08, 2024 at 10:24:13PM +0500, 타토카 wrote:
> Hello, dear Debian Community. I have several questions:
> 1. Are all subscriptions to Debian free?
> 2. How to check Debian Image Authentication? Is checksum verification
> (sha216sum, sha512sum) enough? Should I verify with GPG? If so, how can I
> do that? Or can you give me any additional advice to do right verification?

Most of your questions are addressed here:

  https://www.debian.org/

Yes, Debian is a free operating system, meaning that you are allowed
to use, modify and give the software to others, as long as you limit
yourself to the "free" repository. Other licenses may apply to the
"non-free" section.

Here's how you verify downloaded installation media:

  https://www.debian.org/CD/verify

Packaes are signed, the package manager takes care of verifying their
signatures before install:

https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html

Enjoy
-- 
tomás

signature.asc
Description: PGP signature

Re: General questions

2024-07-08 Thread Greg Wooledge

On Mon, Jul 08, 2024 at 22:24:13 +0500, 타토카 wrote:
> Hello, dear Debian Community. I have several questions:
> 1. Are all subscriptions to Debian free?

Debian is Free Software.  You are allowed to download it, in both binary
and source forms, without requiring a subscription, or a license, other
than the Free Software licenses that apply to each part of Debian.

There are a few different Free Software licenses, and mostly they just
reaffirm your rights to use and to distribute the software.  One of
them, the GNU General Public License, prevents you from placing any
additional restrictions on the software if you distribute it to other
people.  (If you aren't distributing the software to other people, then
none of this matters to you.)

If you want to pay for support, there are some companies who might provide
such a service, but those would be independent of Debian.

> 2. How to check Debian Image Authentication? Is checksum verification
> (sha216sum, sha512sum) enough? Should I verify with GPG? If so, how can I
> do that? Or can you give me any additional advice to do right verification?

https://www.debian.org/CD/verify

General questions

2024-07-08 Thread 타토카

Hello, dear Debian Community. I have several questions:
1. Are all subscriptions to Debian free?
2. How to check Debian Image Authentication? Is checksum verification
(sha216sum, sha512sum) enough? Should I verify with GPG? If so, how can I
do that? Or can you give me any additional advice to do right verification?

Re: Creating PDF/A from LaTeX source and from existing PDF

On Wed, Jul 03, 2024 at 03:36:17PM GMT, to...@tuxteam.de wrote:
> On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> > I wrote a report with LaTeX, and afterwards discovered it must be
> > PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed
> > its instructions, thus obtaining a file that should be PDF/A and pdfinfo
> > identifies as such, but my employer's upload form thinks isn't [...]
>
> Uh-oh. We set the standards, but won't tell you what they are.

Well, in fact they did tell - they just did *after* I produced my report. But
yes, the workflow is very broken...

> Not concrete help, but the Wikipedia [1] makes for an interesting
> read (including refs to bunches of test suites you can throw at your
> publisher's site to find out where their validator is failing).

I read about Isartor Test Suite, but [1] says it checks if the validator
accepts non-compliant files, not if it rejects compliant files.

> And there seems to be a kind of semi-official validaror, according
> to the above ref.

I guess you mean veraPDF?


[1]: https://pdfa.org/resource/isartor-test-suite/


--
Ceppo


signature.asc
Description: PGP signature

Re: usb => serial port converter

2024-07-08 Thread Jeffrey Walton

On Mon, Jul 8, 2024 at 11:56 AM Lee  wrote:
>
> On Sun, Jul 7, 2024 at 8:51 PM Andy Smith wrote:
> >
> > On Sun, Jul 07, 2024 at 06:02:18PM -0400, Lee wrote:
> > > I tried plugging the dongle into my debian laptop but it didn't
> > > recognize it :(
> >
> > In my experience USB serial gadgets on Linux tend to just work or
> > will never work.
>
> It worked this time!
> Other than plugging it into a windows machine that had the proper
> drivers first, I don't know what changed.
>
> > > And what program are you using to talk to something over the serial
> > > link?  pterm or something else?
> >
> > I use either minicom or GNU Screen. You'll need to know the baud
> > rate that the device expects, though you can just try a few common
> > ones and see what works. e.g.
> >
> > # screen /dev/ttyUSB0 115200
>
> Great!  I had to add myself to the dialout group to be able to talk to
> the device, but
> screen /dev/ttyUSB0 38400
> works.

You should also add TIOCEXCL on the file descriptor to ensure
exclusive access to the device. Otherwise, other programs will try to
open the modem and probe it by sending commands to it. It will screw
up your reads on the fd.

/* NetworkManager and ModemManager will try to open our device */
/* on occasion. Set TIOCEXCL to ensure we get exclusive access */
if (ioctl(fd, TIOCEXCL, NULL) == -1) {
log_warn("Failed to set TIOCEXCL on device: %s\n", strerror(errno));
}

Jeff

Re: Creating PDF/A from LaTeX source and from existing PDF

On Wed, Jul 03, 2024 at 06:38:51PM GMT, Richard wrote:
> From LaTeX, this is quite simple, there's a package for that - as for pretty
> much everything in the LaTeX world. Googling for just like 10 sec could have
> given you this great guide: https://webpages.tuni.fi/latex/pdfa-guide.pdf

I did my research and found the document you linked. In fact it's what pointed
me to the pdfx LaTeX package, but I couldn't make it work. I acknowledge I
missed its reference to veraPDF, though.

> gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite
> -dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true
> -sFONTPATH=/usr/share/fonts/ -o  

The output isn't accepted by veraPDF, either. I will try to understand
something more about ghostscript.

--
Ceppo

signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF


On Wed, Jul 03, 2024 at 10:52:06PM GMT, y...@vienna.at wrote:
> Well, that is my way:

Thanks for providing your script. I tried it with one tweak:

> latex  .../Nix.tex  .../Nix.dvi
> dvips -o Nix.ps  Nix.pdf
   ^^^
I guess here you meant Nix.dvi...

> ps2pdf ... Nix.ps ... Nix.pdf
> chmod 755 script
> All works since many many years absolutly perfect, nothing else ever was is
> needed

However, the resulting PDF is not recognized as PDF/A by veraPDF. Have you
tested it with something else?


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

On Wed, Jul 03, 2024 at 10:18:01AM GMT, Sarunas Burdulis wrote:
> pdfinfo probably only reads metadata, but does not do any PDF/A compliance
> validation.
>
> VeraPDF seems to work for validation (https://verapdf.org/software/).

I don't know about pdfinfo, but it looks like veraPDF at least agrees with my
contractor's form. Thanks for pointing me to it, it looks like now I have a
tool to check if my document is compliant.

--
Ceppo

signature.asc
Description: PGP signature

Re: usb => serial port converter

2024-07-08 Thread Lee

On Sun, Jul 7, 2024 at 8:51 PM Andy Smith wrote:
>
> Hi,
>
> On Sun, Jul 07, 2024 at 06:02:18PM -0400, Lee wrote:
> > I tried plugging the dongle into my debian laptop but it didn't
> > recognize it :(
>
> In my experience USB serial gadgets on Linux tend to just work or
> will never work.

It worked this time!
Other than plugging it into a windows machine that had the proper
drivers first, I don't know what changed.

> > And what program are you using to talk to something over the serial
> > link?  pterm or something else?
>
> I use either minicom or GNU Screen. You'll need to know the baud
> rate that the device expects, though you can just try a few common
> ones and see what works. e.g.
>
> # screen /dev/ttyUSB0 115200

Great!  I had to add myself to the dialout group to be able to talk to
the device, but
screen /dev/ttyUSB0 38400
works.

Thanks
Lee

[Back In Time] Update translations before upcoming release


Hello together,

I'm member of the maintenance team of Back In Time [1] a rsync-based 
backup software.


We are in the middle of preparing the next release to hit the upcoming 
Ubuntu release in time.
It would be great if you could help that project and offer French 
translations or review them [2] (currently at 94%).


In the project, no one gets payed. No company behind hit. Even the 
maintainers and developers are volunteers.


Please let me know if and how you want to be mentioned in the credits as 
a translator.
It is up to you if you want to use your real name, your email or 
something else.
We do have a file [3] listing translators contribution. That names will 
be used in the about dialog for example.


Thanks in advance and best wishes,
Christian Buhtz

[1] -- 
[2] -- 
[3] --

Re: GUI-Login on bookworm-VM in a cloud

2024-07-08 Thread George at Clug

Christoph,

I think this statement holds the answer:

https://opennebula.io/blog/announcements/new-maintenance-release-opennebula683/
New Features:
OpenNebula 6.8.3 introduces support for Debian 12 and removes support for 
Debian 10.

Thus my guess is that OpenNebula versions before 6.8.3 do not support Debian 12.

George

See below for further comments.

On Monday, 08-07-2024 at 23:10 Christoph Pleger wrote:
> Hello,
> 
> > > The same result for me after directly installing bookworm with virt-
> > > manager. Obviously, there is a significant difference between a VM in
> > > OpenNebula and a VM with the same software in virt-manager ...
> > 
> > Are you able to try Virt-Manager with your original VM that you are having 
> > issues with? If your VM is a KVM VM, then you should not need to install 
> > anything on the VM.
> > 
> > I might give setting up OpenNebula to see if I can replicate the issue. A 
> > good excuse for me to try an installation.

Thanks to "https://github.com/OpenNebula/minione; I now have a full OpenNebula 
6.8.0 all in one installation running in a KVM VM.

I have been able to download a Debian 11 template from the OpenNebula 
Marketplace, then create a Debian 11 VM, and ssh into it.
https://marketplace.opennebula.io/appliance/8e015603-3dc2-4147-a25e-f58dced23e52

Next I want to learn how to create a Debian 11 VM with KDE installed.

I think I need to learn how to "the cloud administrator must prepare a set of 
Templates and Images to make them available to the cloud users".
https://docs.opennebula.io/6.8/management_and_operations/end-user_web_interfaces/cloud_view.html

Other pages that could help me.
https://docs.opennebula.io/6.8/management_and_operations/vm_management/vm_instances.html

I have much to learn.

> 
> The problem does not occur in virt-manager. I did not import an
> OpenNebula VM, but I can see that the problem occurs in a fresh
> bookworm VM in Opennebula, while it does not on a fresh bookworm VM in
> virt-manager (with the same VM software as in OpenNebula).

Thank you for testing the above. This indicates the issue you are having might 
not be directly a Debian Distribution issue. However more testing is required 
to find what is the issue.

What version of OpenNebula are you using?

My thoughts are that OpenNebula updates various settings in the VM as it 
creates/runs the VM, and since OpenNebula does not support Debian 12 as a OS 
for installing OpenNebula, maybe they have yet to design OpenNebula to 
create/manage Debian 12 instances? 

To backup this theory, it seems that Debian 12 support is introduced in version 
6.8.3.

https://opennebula.io/blog/announcements/new-maintenance-release-opennebula683/
New Features:
OpenNebula 6.8.3 introduces support for Debian 12 and removes support for 
Debian 10. 

Thank you for introducing me to OpenNebula. It looks quite impressive.

> 
> Regards
>   Christoph
>

[Back In Time] Update translations before upcoming release


Hello together,

I'm member of the maintenance team of Back In Time [1] a rsync-based 
backup software.


We are in the middle of preparing the next release to hit the upcoming 
Ubuntu release in time.
It would be great if you could help that project and offer Swedish 
translations or review them [2] (currently at 53%).


In the project, no one gets payed. No company behind hit. Even the 
maintainers and developers are volunteers.


Please let me know if and how you want to be mentioned in the credits as 
a translator.
It is up to you if you want to use your real name, your email or 
something else.
We do have a file [3] listing translators contribution. That names will 
be used in the about dialog for example.


Thanks in advance and best wishes,
Christian Buhtz

[1] -- 
[2] -- 
[3] --

Re: Browser traffic interception/inspection

2024-07-08 Thread Lee

Hi,

On Sun, Jul 7, 2024 at 10:31 PM Max Nikulin wrote:
>
> On 08/07/2024 04:42, Lee wrote:
> > On Mon, Jul 1, 2024 at 11:02 AM Max Nikulin wrote:
> >> On 01/07/2024 13:57, Lee wrote:
> >>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842292
> [...]
> >> Is libnss built with logging support ABI compatible with the variant in
> >> Debian repositories? (Or can it be patched to achieve ABI
> >> compatibility?) Instead of asking for changing compile flags for all
> >> users, from my point of view, it is better to suggest alternative
> >> packages with and without logging enabled.
> >>
> >> Browsers are rather sensitive applications, so I find it reasonable that
> >> dumping of encryption keys are not available by default.
> >
> > Maybe I don't know enough to know what's "reasonable" or not.. but I
> > don't see a problem with me being able to inspect the traffic between
> > me and some website.
>
> Is it OK for you that e.g. GnuPG agent disables tracing by default, so
> attaching a debugger or a tool like strace is not so easy? It makes
> harder to debug some issues.

I didn't realize that GnuPG disables tracing by default, so the idea
of it being OK or not has never come up for me.  But my first question
is does it actually improve security or is it more like security
theater?
I don't know how hard it would be to build your own version of GnuPG
that allows tracing, but if it's relatively easy it seems like
disabling tracing is just a minor stumbling block instead of an actual
security enhancement.

>  From my point of view, by default libnss3 should not allow logging of
> private keys. At the same time I do not mind that some users should be
> able to inspect TLS sessions. My idea is an *alternative* package that
> may be optionally installed instead of regular libnss3. Comments to the
> bug report request to enable debugging for *all* and I agree with the
> maintainers who have not do it. You may ask for providing an additional
> package for TLS debugging.
>
> > Anyone else wants to intercept my traffic and they'll have to set an
> > environment variable - which root can do, but who else?
>
> IAny regular user may start browser with this variable set.

Right, but presumably they intended that the variable be set.
I'm asking about malicious use of that variable.  Root can do pretty
much whatever they want to, but how does a non-root attacker set that
variable?

> Some
> unintentionally executed code in a user session may restart browser with
> enabled logging. I would not argue that it is a great trouble if an
> exploit is executed. However some measures may be taken to increase
> attack complexity and disabling TLS logging is a small step in this
> direction.

Well, debian has taken that small step.  It's no big deal for me to
download firefox from mozilla, so I've got my work-around.
And this is on my laptop, so the minor lack of security is only going
to impact me -- nobody else uses this laptop :)

> >> 
> >
> > but I don't know how to evaluate the security
> > implications of modifying apt-get files.  So I just downloaded the
> > binary from mozilla
>
> So you trust mozilla anyway.

Yes, I trust them enough to run their binary.
I lack the knowledge to evaluate the security implications of
following their instructions to add their repository to .. whatever it
is on my machine (I don't even know what it's called.)

"When in doubt, leave it out."  seems applicable here.

> Notice the "Signed-By" key in repository
> configuration: sources.list(5),
> 
> 
> apt-secure(8), 
>
> > tar -xvf firefox-115.12.0esr.tar.bz2
> > sudo mv firefox /opt/firefox-115.12.0esr/
> > sudo ln -s /opt/firefox-115.12.0esr/firefox /usr/local/bin/firefox
>
> I suspect that a regular user owns /opt/firefox-115.12.0esr/ and may
> modify files.

You're right :)  Everything in /opt/firefox-115.12.0esr/ is owned by me.
But again, this in on a laptop that nobody else is going to use so ...
I dunno.. maybe I'll chown everything to root so it can't be
accidentally updated.

> It should allow autoupdates, but I believe, it is an
> administrator task to update browser.

I agree.  I've got it set up that way on my windows machine.  I should
probably fix it so I have to become root to update firefox.

Regards,
Lee

Re: GUI-Login on bookworm-VM in a cloud

2024-07-08 Thread Christoph Pleger

Hello,

> > The same result for me after directly installing bookworm with virt-
> > manager. Obviously, there is a significant difference between a VM in
> > OpenNebula and a VM with the same software in virt-manager ...
> 
> Are you able to try Virt-Manager with your original VM that you are having 
> issues with? If your VM is a KVM VM, then you should not need to install 
> anything on the VM.
> 
> I might give setting up OpenNebula to see if I can replicate the issue. A 
> good excuse for me to try an installation.

The problem does not occur in virt-manager. I did not import an
OpenNebula VM, but I can see that the problem occurs in a fresh
bookworm VM in Opennebula, while it does not on a fresh bookworm VM in
virt-manager (with the same VM software as in OpenNebula).

Regards
  Christoph


signature.asc
Description: This is a digitally signed message part

Re: Kernel panic....

2024-07-08 Thread Henning Follmann

On Sun, Jul 07, 2024 at 07:07:26PM -0700, Van Snyder wrote:
> I recently installed Debian 12.5 with kernel 6.5.0.0 on an antique Dell
> Vostro 1700. Occasionally it crashes with
>

So you installed this kernel from where?

Stable (Debian 12/ bookworm) uses linux kernal 6.1.XXX

> "Kernel Panic - not syncing: Can not allocate SWIOTLB buffer earlier
> and can't now provide you with the DMA bounce buffer"
> 
> I saw some remarks about this from 2013 in the context of release 3.5.
> 
> Is this a problem in the kernel, or is the computer broken?
> 
> Should I revert to an earlier release?

Maybe try the official kernel?


-H 

-- 
Henning Follmann   | hfollm...@itcfollmann.com

[Back In Time] Update translations before upcoming release


Hello together,

I'm member of the maintenance team of Back In Time [1] a rsync-based 
backup software.


We are in the middle of preparing the next release to hit the upcoming 
Ubuntu release in time.
It would be great if you could help that project and offer French 
translations or review them [2] (currently at 83%).


In the project, no one gets payed. No company behind hit. Even the 
maintainers and developers are volunteers.


Please let me know if and how you want to be mentioned in the credits as 
a translator.
It is up to you if you want to use your real name, your email or 
something else.
We do have a file [3] listing translators contribution. That names will 
be used in the about dialog for example.


Thanks in advance and best wishes,
Christian Buhtz

[1] -- 
[2] -- 
[3] --

Re: Great system

2024-07-08 Thread Jeff Pang


On 2024-07-08 10:05, George at Clug wrote:

On Monday, 08-07-2024 at 11:19 Richard Bostrom wrote:

Debian is such a great system. But now copying and rsync does not work


Richard,

Please elaborate on what you mean by "copying and rsync does not work"?

I often use Thunar, cp, and rsync to copy files, and have not issues so 
far. Is there an issue I have not yet experienced?




or rclone, the best option I like. :)

Re: NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-08 Thread Thomas Schmitt

Hi,

David Ayers wrote:
> PS: it seems I'm not receiving mails via the list subscription so
> please keep my CC:ed if you will.  Thank you!

The "X-Spam-Status:" header of your mail does not show "LDOSUBSCRIBER".
So i assume that ay...@fsfe.org is not known to the list server as a
subscribed e-mail address.

It would be interesting to see what happens if you try to unsubscribe
and after getting e-mail feedback and confirmation subscribe again.
>From your mail's headers:
  List-Subscribe:

  List-Unsubscribe:

Have a nice day :)

Thomas

Re: NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-08 Thread David Ayers


> Note that .home is somewhat of a special snowflake with regards to
> TLDs. It was suggested as the default for HNCP in 2016 (RFC 7788
> section 8 );
> rejected as a gTLD in 2018
>
;
> and then the usage from RFC 7788 was effectively superceded by the
> recommendation and assignment for non-unique use of home.arpa a few
> months later in RFC 8375 .
> 
> This may or may not have anything to do with your issues; but in
> general, making up own TLDs and hoping that they will never conflict
> with public ones is a bad idea these days. Just look at how many
> internal names suddenly started having issues after Google was
> assigned .dev in 2019; to say nothing of that they made it a
> preloaded-HSTS TLD.
> 
> It's better to either use .home.arpa (which is specifically reserved
> for the purpose) or to actually register a domain (even if the name
> server delegations are bogus so it never meaningfully resolves on the
> public Internet).

Thank you for the insight!

I just clicked through the routers DHCP configuration options (note
there are no explicit DNS options).  This is a ZTS ZXHN H268N Router
provided with a custom Firmware A1 WLAN Box 027_42w2_MU from my
provider that claims "The firmware of your device is the latest."...

... and I haven't found a way to configure the domain.

But note, if I do _not_ configure 
/etc/NetworkManager/conf.d/localdns.conf
dns=dnsmasq

but leave the default, then DNS resolves fine.

It's only when I add dnsmasq to handle the .vpn and .virt domains that
the .home domain starts caching the NXDOMAIN responses and causes
issues.  So I'm still crossing my fingers that this can be resolved
with some dnsmasq configuration which I haven't understood yet.

Thanks!
David

PS: forgive me for repeating: it seems I'm not receiving mails via the
list subscription so please keep my CC:ed if you will.  Thank you!

-- 
David Ayers

Supporting:
Free Software Foundation Europe[]   (http://www.fsfe.org)
Become a supporter of the FSFE!  [][][] 
Your donation powers important work!   ||   (http://fsfe.org/donate)



signature.asc
Description: This is a digitally signed message part

Re: NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-08 Thread David Ayers

> On 8/7/24 11:42, jeremy ardley wrote:
> 
> There is also the file /etc/nsswitch.conf. That gives you fine
> grained control over name services and the order they are consulted 
> If you have a very small .home network you can create static entries
> in /etc/hosts and if configured in nsswitch.conf will be used before
> any call to an external dns provider. 
> 
> I also forgot to mention my usual warning:
> 
> NetworkManager is *not* stable and if you do anything complex with it
> you can expect trouble.
> 
> 
> Personally I use systemd-networkd as that seems much more stable and
> predictable and is easier to congigure

Thanks, and yes, /etc/hosts is what I have been juggling until now but
even though the network is "überschaubar" (small) it is volatile. 
After reboots of the router the printer/scanner, nas all get new
IPs/DHCP leases and editing /etc/hosts is becoming cumbersome.

NetworkManager is the default... I assume that the defaults is what is
the most stable.  If it is not, there should be a process to exchange
the default.  I'd really like to avoid straying from what most people
use.  But I don't really believe that this is a NetworkManager issue. 
Do me it seems to be a ZTE router, which I don't control, or hopefully
a dnsmasq configuration issue, which I do control.

Thanks!
David

PS: it seems I'm not receiving mails via the list subscription so
please keep my CC:ed if you will.  Thank you!

-- 
David Ayers

Supporting:
Free Software Foundation Europe[]   (http://www.fsfe.org)
Become a supporter of the FSFE!  [][][] 
Your donation powers important work!   ||   (http://fsfe.org/donate)

signature.asc
Description: This is a digitally signed message part

Re: NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-08 Thread Michael Kjörling

On 8 Jul 2024 01:03 +0200, from ay...@fsfe.org (David Ayers):
> Hello everyone!
> 
> My Debian 12/bookworm laptop uses DHCP with NetworkManager which
> produce an /etc/resolv.conf containing:
> # Generated by NetworkManager
> ```
> search home
> nameserver 192.168.1.254
> ```

Note that .home is somewhat of a special snowflake with regards to
TLDs. It was suggested as the default for HNCP in 2016 (RFC 7788
section 8 );
rejected as a gTLD in 2018
;
and then the usage from RFC 7788 was effectively superceded by the
recommendation and assignment for non-unique use of home.arpa a few
months later in RFC 8375 .

This may or may not have anything to do with your issues; but in
general, making up own TLDs and hoping that they will never conflict
with public ones is a bad idea these days. Just look at how many
internal names suddenly started having issues after Google was
assigned .dev in 2019; to say nothing of that they made it a
preloaded-HSTS TLD.

It's better to either use .home.arpa (which is specifically reserved
for the purpose) or to actually register a domain (even if the name
server delegations are bogus so it never meaningfully resolves on the
public Internet).

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Great system

2024-07-08 Thread Andrew M.A. Cater

On Mon, Jul 08, 2024 at 01:19:14AM +, Richard Bostrom wrote:
> Debian is such a great system. But now copying and rsync does not work and it 
> has to be done from a live-usb. The system is turning un-usable. Please less 
> releases and more stable releases. I am reverting to the version prior of 
> bookworm. Although graphically not as good.
> 
> Yours sincerely
> Richardh Bostrom
> 
> Sent with [Proton Mail](https://proton.me/) secure email.

Morning Richard,

I'd suggest reinstalling with the latest point release of Debian stable.
12.6 was released a couple of weeks ago as was 11.10

Debian 11 will receive only one more release as it transitions to LTS,
probably around August 31st. 

Are there any other signs of what's wrong? Logs? Have you changed anything
recently?

All the very best, as ever,

Andy
(amaca...@debian.org)

Re: usb => serial port converter

2024-07-07 Thread tomas

On Sun, Jul 07, 2024 at 06:02:18PM -0400, Lee wrote:
> What's everybody using for a usb => serial port converter?
> 
> I got a new network switch and .. OhNoes!! how to I talk to the darn thing???

Most of them work with Linux anyway (some of them with some
limitations). Stick it in and look at the logs.

Usually there is a device /dev/ttyUSBxxx. That one is your
friend.

> I went looking thru cabinets and came up with a keyspan usb -> serial
> dongle; a quick search found the site with driver downloads, but they
> all were for Windows or MacOS.

Ah, the privileges of proprietary software :-) You not only get
to pay, but you get to put more dubious software into your box.

> I tried plugging the dongle into my
> debian laptop but it didn't recognize it :(

What does "lsusb" say? What does "dmesg | tail" say shortly after you
inserted your dongle?

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-07 Thread jeremy ardley





On 8/7/24 11:42, jeremy ardley wrote:



On 8/7/24 07:03, David Ayers wrote:

Hello everyone!

My Debian 12/bookworm laptop uses DHCP with NetworkManager which
produce an /etc/resolv.conf containing:
# Generated by NetworkManager
```
search home
nameserver 192.168.1.254
```

I've setup NetworkManager to use its local dnsmasq instance to add
additional name resolution for libvirt and a VPN, according to [1].
My /etc/NetworkManager/conf.d/localdns.conf contains:
```
[main]
dns=dnsmasq
```
and my /etc/NetworkManager/dnsmasq.d/local_dnsmasq.conf contains
```
server=/virt/192.168.122.1
server=/122.168.192.in-addr.arpa/192.168.122.1
server=/vpn/10.70.71.1
server=/71.70.10.in-addr.arpa/10.70.71.1
log-queries
```

The name resolutions (and reverse resolutions) for the the *.vpn and
*.virt work just fine.  But I'm having issues with the *.home domain as
soon as set the dns=dnsmasq in /etc/NetworkManager/conf.d/localdns.conf
independent of any entries in
/etc/NetworkManager/dnsmasq.d/local_dnsmasq.conf

After starting (or restarting) NetworkManager either with
```
sudo systemctl reload NetworkManager.service
```
or with
```
sudo nmcli general reload dns-full
```
the name resolution works twice for anyhost.home in the local domain
but subsequently fails with NXDOMAIN.

Here ist the output of the log-queries output for a successful
```
ping -c 1 nas-server.home
PING nas-server.home (192.168.1.103) 56(84) bytes of data.
64 bytes from nas-server.home (192.168.1.103): icmp_seq=1 ttl=64 
time=7.47 ms

```
with the corresponding
```
sudo tail -f /var/log/syslog
TS HOST systemd[1]: Reloaded NetworkManager.service - Network Manager.
TS HOST dnsmasq[169260]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded nas-server.home to 192.168.1.254
TS HOST dnsmasq[169260]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded nas-server.home to 192.168.1.254
TS HOST dnsmasq[169260]: reply nas-server.home is 192.168.1.103
TS HOST dnsmasq[169260]: reply nas-server.home is NXDOMAIN
TS HOST dnsmasq[169260]: query[PTR] 103.1.168.192.in-addr.arpa from 
127.0.0.1
TS HOST dnsmasq[169260]: forwarded 103.1.168.192.in-addr.arpa to 
192.168.1.254

TS HOST dnsmasq[169260]: reply 192.168.1.103 is nas-server.home
```
Notice the IPv6  query and the two replies with the FQDN.

The first subsequent query succeeds again with:
```
ping -c 1 nas-server.home
ping: nas-server.home: Name or service not known
```
with the corresponding
```
sudo tail -f /var/log/syslog
TS HOST dnsmasq[171213]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[A] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded nas-server to 192.168.1.254
TS HOST dnsmasq[171213]: query[] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded nas-server to 192.168.1.254
TS HOST dnsmasq[171213]: reply nas-server is 192.168.1.103
TS HOST dnsmasq[171213]: reply nas-server is NXDOMAIN
TS HOST dnsmasq[171213]: query[PTR] 103.1.168.192.in-addr.arpa from 
127.0.0.1
TS HOST dnsmasq[171213]: forwarded 103.1.168.192.in-addr.arpa to 
192.168.1.254

TS HOST dnsmasq[171213]: reply 192.168.1.103 is nas-server.home
```
Notice that the FQDN caches with NXDOMAIN are followed up with just the
host name and the same two replies, one with the IP and the other with
NXDOMAIN.

But all subsequent queries will fail with:
```
ping -c 1 nas-server.home
ping: nas-server.home: Name or service not known
```
with the corresponding
```
TS HOST dnsmasq[171213]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[A] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server is NXDOMAIN
```

Once I restart/reload NetworkManager (i.e. clear the cache) I get two
successful name resolutions with subsequent requests failing again.

I do notice that when querying external domains, they seem to return
NODATA-IPv6 instead of NXDOMAIN for what I assume are the  queries.
But I have no control of that my ZTE based ISP suppired router will
reply for the  queries.  I suppose, that the router is returning
the wrong reply for its own local domain for  queries.

So I guess my question is, can I tell dnsmasq somehow not to cache
NXDOMAIN or interpret it as NODATA-IPv6 for queries to the *.home
domain?

Any other suggestions are also welcome!

And in case this isn't it, where is the correct mailing list, to pose
suche a question?

Thanks, anyone!
David

[1]

Re: NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-07 Thread jeremy ardley





On 8/7/24 07:03, David Ayers wrote:

Hello everyone!

My Debian 12/bookworm laptop uses DHCP with NetworkManager which
produce an /etc/resolv.conf containing:
# Generated by NetworkManager
```
search home
nameserver 192.168.1.254
```

I've setup NetworkManager to use its local dnsmasq instance to add
additional name resolution for libvirt and a VPN, according to [1].
My /etc/NetworkManager/conf.d/localdns.conf contains:
```
[main]
dns=dnsmasq
```
and my /etc/NetworkManager/dnsmasq.d/local_dnsmasq.conf contains
```
server=/virt/192.168.122.1
server=/122.168.192.in-addr.arpa/192.168.122.1
server=/vpn/10.70.71.1
server=/71.70.10.in-addr.arpa/10.70.71.1
log-queries
```

The name resolutions (and reverse resolutions) for the the *.vpn and
*.virt work just fine.  But I'm having issues with the *.home domain as
soon as set the dns=dnsmasq in /etc/NetworkManager/conf.d/localdns.conf
independent of any entries in
/etc/NetworkManager/dnsmasq.d/local_dnsmasq.conf

After starting (or restarting) NetworkManager either with
```
sudo systemctl reload NetworkManager.service
```
or with
```
sudo nmcli general reload dns-full
```
the name resolution works twice for anyhost.home in the local domain
but subsequently fails with NXDOMAIN.

Here ist the output of the log-queries output for a successful
```
ping -c 1 nas-server.home
PING nas-server.home (192.168.1.103) 56(84) bytes of data.
64 bytes from nas-server.home (192.168.1.103): icmp_seq=1 ttl=64 time=7.47 ms
```
with the corresponding
```
sudo tail -f /var/log/syslog
TS HOST systemd[1]: Reloaded NetworkManager.service - Network Manager.
TS HOST dnsmasq[169260]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded nas-server.home to 192.168.1.254
TS HOST dnsmasq[169260]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded nas-server.home to 192.168.1.254
TS HOST dnsmasq[169260]: reply nas-server.home is 192.168.1.103
TS HOST dnsmasq[169260]: reply nas-server.home is NXDOMAIN
TS HOST dnsmasq[169260]: query[PTR] 103.1.168.192.in-addr.arpa from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded 103.1.168.192.in-addr.arpa to 192.168.1.254
TS HOST dnsmasq[169260]: reply 192.168.1.103 is nas-server.home
```
Notice the IPv6  query and the two replies with the FQDN.

The first subsequent query succeeds again with:
```
ping -c 1 nas-server.home
ping: nas-server.home: Name or service not known
```
with the corresponding
```
sudo tail -f /var/log/syslog
TS HOST dnsmasq[171213]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[A] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded nas-server to 192.168.1.254
TS HOST dnsmasq[171213]: query[] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded nas-server to 192.168.1.254
TS HOST dnsmasq[171213]: reply nas-server is 192.168.1.103
TS HOST dnsmasq[171213]: reply nas-server is NXDOMAIN
TS HOST dnsmasq[171213]: query[PTR] 103.1.168.192.in-addr.arpa from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded 103.1.168.192.in-addr.arpa to 192.168.1.254
TS HOST dnsmasq[171213]: reply 192.168.1.103 is nas-server.home
```
Notice that the FQDN caches with NXDOMAIN are followed up with just the
host name and the same two replies, one with the IP and the other with
NXDOMAIN.

But all subsequent queries will fail with:
```
ping -c 1 nas-server.home
ping: nas-server.home: Name or service not known
```
with the corresponding
```
TS HOST dnsmasq[171213]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[A] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server is NXDOMAIN
```

Once I restart/reload NetworkManager (i.e. clear the cache) I get two
successful name resolutions with subsequent requests failing again.

I do notice that when querying external domains, they seem to return
NODATA-IPv6 instead of NXDOMAIN for what I assume are the  queries.
But I have no control of that my ZTE based ISP suppired router will
reply for the  queries.  I suppose, that the router is returning
the wrong reply for its own local domain for  queries.

So I guess my question is, can I tell dnsmasq somehow not to cache
NXDOMAIN or interpret it as NODATA-IPv6 for queries to the *.home
domain?

Any other suggestions are also welcome!

And in case this isn't it, where is the correct mailing list, to pose
suche a question?

Thanks, anyone!
David

[1] https://networkmanager.dev/docs/api/latest/NetworkManager.conf.html


There is also the file /etc/nsswitch.conf.

Re: Browser traffic interception/inspection

2024-07-07 Thread Max Nikulin


On 08/07/2024 04:42, Lee wrote:

On Mon, Jul 1, 2024 at 11:02 AM Max Nikulin wrote:

On 01/07/2024 13:57, Lee wrote:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842292

[...]

Is libnss built with logging support ABI compatible with the variant in
Debian repositories? (Or can it be patched to achieve ABI
compatibility?) Instead of asking for changing compile flags for all
users, from my point of view, it is better to suggest alternative
packages with and without logging enabled.

Browsers are rather sensitive applications, so I find it reasonable that
dumping of encryption keys are not available by default.


Maybe I don't know enough to know what's "reasonable" or not.. but I
don't see a problem with me being able to inspect the traffic between
me and some website.


Is it OK for you that e.g. GnuPG agent disables tracing by default, so 
attaching a debugger or a tool like strace is not so easy? It makes 
harder to debug some issues.


From my point of view, by default libnss3 should not allow logging of 
private keys. At the same time I do not mind that some users should be 
able to inspect TLS sessions. My idea is an *alternative* package that 
may be optionally installed instead of regular libnss3. Comments to the 
bug report request to enable debugging for *all* and I agree with the 
maintainers who have not do it. You may ask for providing an additional 
package for TLS debugging.



Anyone else wants to intercept my traffic and they'll have to set an
environment variable - which root can do, but who else?


IAny regular user may start browser with this variable set. Some 
unintentionally executed code in a user session may restart browser with 
enabled logging. I would not argue that it is a great trouble if an 
exploit is executed. However some measures may be taken to increase 
attack complexity and disabling TLS logging is a small step in this 
direction.






but I don't know how to evaluate the security
implications of modifying apt-get files.  So I just downloaded the
binary from mozilla


So you trust mozilla anyway. Notice the "Signed-By" key in repository 
configuration: sources.list(5),



apt-secure(8), 


tar -xvf firefox-115.12.0esr.tar.bz2
sudo mv firefox /opt/firefox-115.12.0esr/
sudo ln -s /opt/firefox-115.12.0esr/firefox /usr/local/bin/firefox


I suspect that a regular user owns /opt/firefox-115.12.0esr/ and may 
modify files. It should allow autoupdates, but I believe, it is an 
administrator task to update browser.

Kernel panic....

2024-07-07 Thread Van Snyder

I recently installed Debian 12.5 with kernel 6.5.0.0 on an antique Dell
Vostro 1700. Occasionally it crashes with

"Kernel Panic - not syncing: Can not allocate SWIOTLB buffer earlier
and can't now provide you with the DMA bounce buffer"

I saw some remarks about this from 2013 in the context of release 3.5.

Is this a problem in the kernel, or is the computer broken?

Should I revert to an earlier release?

Re: Great system

2024-07-07 Thread George at Clug

On Monday, 08-07-2024 at 11:19 Richard Bostrom wrote:
> Debian is such a great system. But now copying and rsync does not work 

Richard,

Please elaborate on what you mean by "copying and rsync does not work"?

I often use Thunar, cp, and rsync to copy files, and have not issues so far. Is 
there an issue I have not yet experienced?

Are you copying as a user account, or as a root account?  Are permissions an 
issue? Are particular files an problem? 

Can you describe a test scenario that I could try to replicate your issue?

Maybe Apparmor is causing you issues?  Do you run SELinux?
https://wiki.debian.org/AppArmor/HowToUse

> and it has to be done from a live-usb. The system is turning un-usable. 
> Please less releases and more stable releases. 

I was NOT pleased when my Debian Stable, Nvidia, PCs had issues after an update 
release that broke the Nvidia drivers. 

So unlike Debian. 

https://www.linux.org/threads/is-debian-12-bookworm-becoming-unstable.48652/

After a few weeks the issue was resolved, but it was painful while waiting.

> I am reverting to the version prior of bookworm. Although graphically not as 
> good.
> 
> Yours sincerely
> Richardh Bostrom
> 
> Sent with [Proton Mail](https://proton.me/) secure email.

Great system

2024-07-07 Thread Richard Bostrom

Debian is such a great system. But now copying and rsync does not work and it 
has to be done from a live-usb. The system is turning un-usable. Please less 
releases and more stable releases. I am reverting to the version prior of 
bookworm. Although graphically not as good.

Yours sincerely
Richardh Bostrom

Sent with [Proton Mail](https://proton.me/) secure email.

NetworkManager with dnsmasq caching NXDOMAIN response of router

2024-07-07 Thread David Ayers

Hello everyone!

My Debian 12/bookworm laptop uses DHCP with NetworkManager which
produce an /etc/resolv.conf containing:
# Generated by NetworkManager
```
search home
nameserver 192.168.1.254
```

I've setup NetworkManager to use its local dnsmasq instance to add
additional name resolution for libvirt and a VPN, according to [1].
My /etc/NetworkManager/conf.d/localdns.conf contains:
```
[main]
dns=dnsmasq
```
and my /etc/NetworkManager/dnsmasq.d/local_dnsmasq.conf contains
```
server=/virt/192.168.122.1
server=/122.168.192.in-addr.arpa/192.168.122.1
server=/vpn/10.70.71.1
server=/71.70.10.in-addr.arpa/10.70.71.1
log-queries
```

The name resolutions (and reverse resolutions) for the the *.vpn and
*.virt work just fine.  But I'm having issues with the *.home domain as
soon as set the dns=dnsmasq in /etc/NetworkManager/conf.d/localdns.conf
independent of any entries in
/etc/NetworkManager/dnsmasq.d/local_dnsmasq.conf

After starting (or restarting) NetworkManager either with 
```
sudo systemctl reload NetworkManager.service
```
or with
```
sudo nmcli general reload dns-full
```
the name resolution works twice for anyhost.home in the local domain
but subsequently fails with NXDOMAIN.

Here ist the output of the log-queries output for a successful 
```
ping -c 1 nas-server.home
PING nas-server.home (192.168.1.103) 56(84) bytes of data.
64 bytes from nas-server.home (192.168.1.103): icmp_seq=1 ttl=64 time=7.47 ms
```
with the corresponding
```
sudo tail -f /var/log/syslog
TS HOST systemd[1]: Reloaded NetworkManager.service - Network Manager.
TS HOST dnsmasq[169260]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded nas-server.home to 192.168.1.254
TS HOST dnsmasq[169260]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded nas-server.home to 192.168.1.254
TS HOST dnsmasq[169260]: reply nas-server.home is 192.168.1.103
TS HOST dnsmasq[169260]: reply nas-server.home is NXDOMAIN
TS HOST dnsmasq[169260]: query[PTR] 103.1.168.192.in-addr.arpa from 127.0.0.1
TS HOST dnsmasq[169260]: forwarded 103.1.168.192.in-addr.arpa to 192.168.1.254
TS HOST dnsmasq[169260]: reply 192.168.1.103 is nas-server.home
```
Notice the IPv6  query and the two replies with the FQDN.

The first subsequent query succeeds again with:
```
ping -c 1 nas-server.home
ping: nas-server.home: Name or service not known
```
with the corresponding
```
sudo tail -f /var/log/syslog
TS HOST dnsmasq[171213]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[A] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded nas-server to 192.168.1.254
TS HOST dnsmasq[171213]: query[] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded nas-server to 192.168.1.254
TS HOST dnsmasq[171213]: reply nas-server is 192.168.1.103
TS HOST dnsmasq[171213]: reply nas-server is NXDOMAIN
TS HOST dnsmasq[171213]: query[PTR] 103.1.168.192.in-addr.arpa from 127.0.0.1
TS HOST dnsmasq[171213]: forwarded 103.1.168.192.in-addr.arpa to 192.168.1.254
TS HOST dnsmasq[171213]: reply 192.168.1.103 is nas-server.home
```
Notice that the FQDN caches with NXDOMAIN are followed up with just the
host name and the same two replies, one with the IP and the other with
NXDOMAIN.

But all subsequent queries will fail with:
```
ping -c 1 nas-server.home
ping: nas-server.home: Name or service not known
```
with the corresponding
```
TS HOST dnsmasq[171213]: query[A] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server.home from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server.home is NXDOMAIN
TS HOST dnsmasq[171213]: query[A] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server is NXDOMAIN
TS HOST dnsmasq[171213]: query[] nas-server from 127.0.0.1
TS HOST dnsmasq[171213]: cached nas-server is NXDOMAIN
```

Once I restart/reload NetworkManager (i.e. clear the cache) I get two
successful name resolutions with subsequent requests failing again.

I do notice that when querying external domains, they seem to return
NODATA-IPv6 instead of NXDOMAIN for what I assume are the  queries.
But I have no control of that my ZTE based ISP suppired router will
reply for the  queries.  I suppose, that the router is returning
the wrong reply for its own local domain for  queries.

So I guess my question is, can I tell dnsmasq somehow not to cache
NXDOMAIN or interpret it as NODATA-IPv6 for queries to the *.home
domain?

Any other suggestions are also welcome!

And in case this isn't it, where is the correct mailing list, to pose
suche a question?

Thanks, anyone!
David

[1] https://networkmanager.dev/docs/api/latest/NetworkManager.conf.html
-- 
David Ayers

Supporting:
Free Software Foundation Europe[]

Re: usb => serial port converter

2024-07-07 Thread Andy Smith

Hi,

On Sun, Jul 07, 2024 at 06:02:18PM -0400, Lee wrote:
> I tried plugging the dongle into my debian laptop but it didn't
> recognize it :(

In my experience USB serial gadgets on Linux tend to just work or
will never work. The default Debian kernels do have USB serial
converter support enabled and all the drivers as modules. You'll
probably find it a better use of your time to just buy one that is
known to work, as they are quite cheap.

> So... what are people using to talk to serial devices now that PCs
> don't come with serial ports anymore?

Here are some notes from FreeBSD, which is a bit pickier than Linux
on this, so should be conservative advice:

https://wiki.freebsd.org/USB/Peripherals/Serial

> And what program are you using to talk to something over the serial
> link?  pterm or something else?

I use either minicom or GNU Screen. You'll need to know the baud
rate that the device expects, though you can just try a few common
ones and see what works. e.g.

# screen /dev/ttyUSB0 115200

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: usb => serial port converter

2024-07-07 Thread fxkl47BF

On Sun, 7 Jul 2024, Lee wrote:

> What's everybody using for a usb => serial port converter?
>
> I got a new network switch and .. OhNoes!! how to I talk to the darn thing???
>
> I went looking thru cabinets and came up with a keyspan usb -> serial
> dongle; a quick search found the site with driver downloads, but they
> all were for Windows or MacOS.  I tried plugging the dongle into my
> debian laptop but it didn't recognize it :(
>
> So... what are people using to talk to serial devices now that PCs
> don't come with serial ports anymore?
>
> And what program are you using to talk to something over the serial
> link?  pterm or something else?
>
> I still have a Windows machine, so install the drivers, configure
> putty to talk to COM4 & I'm good to go.  But I'm trying to get *away*
> from Windows.  How do I talk to my switch over the serial port?
>
> Thanks,
> Lee
>

i've used this for many years

Bus 001 Device 006: ID 0403:6001 Future Technology Devices International, Ltd 
FT232 Serial (UART) IC
Device Descriptor:
   bLength18
   bDescriptorType 1
   bcdUSB   2.00
   bDeviceClass0
   bDeviceSubClass 0
   bDeviceProtocol 0
   bMaxPacketSize0 8
   idVendor   0x0403 Future Technology Devices International, Ltd
   idProduct  0x6001 FT232 Serial (UART) IC
   bcdDevice6.00
   iManufacturer   1 FTDI
   iProduct2 UC232R
   iSerial 3 FTF588Y9

Re: usb => serial port converter

2024-07-07 Thread gene heskett


On 7/7/24 18:02, Lee wrote:

What's everybody using for a usb => serial port converter?

I got a new network switch and .. OhNoes!! how to I talk to the darn thing???

I went looking thru cabinets and came up with a keyspan usb -> serial
dongle; a quick search found the site with driver downloads, but they
all were for Windows or MacOS.  I tried plugging the dongle into my
debian laptop but it didn't recognize it :(

So... what are people using to talk to serial devices now that PCs
don't come with serial ports anymore?

And what program are you using to talk to something over the serial
link?  pterm or something else?

I still have a Windows machine, so install the drivers, configure
putty to talk to COM4 & I'm good to go.  But I'm trying to get *away*
from Windows.  How do I talk to my switch over the serial port?
See if you can find a usb-232 from FDTI. And keep looking if you see a 
Prolific, its not very good.


Thanks,
Lee

.


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

usb => serial port converter

2024-07-07 Thread Lee

What's everybody using for a usb => serial port converter?

I got a new network switch and .. OhNoes!! how to I talk to the darn thing???

I went looking thru cabinets and came up with a keyspan usb -> serial
dongle; a quick search found the site with driver downloads, but they
all were for Windows or MacOS.  I tried plugging the dongle into my
debian laptop but it didn't recognize it :(

So... what are people using to talk to serial devices now that PCs
don't come with serial ports anymore?

And what program are you using to talk to something over the serial
link?  pterm or something else?

I still have a Windows machine, so install the drivers, configure
putty to talk to COM4 & I'm good to go.  But I'm trying to get *away*
from Windows.  How do I talk to my switch over the serial port?

Thanks,
Lee

Re: Browser traffic interception/inspection

2024-07-07 Thread Lee

Hi,

On Mon, Jul 1, 2024 at 11:02 AM Max Nikulin wrote:
>
> On 01/07/2024 13:57, Lee wrote:
> > On Sun, Jun 30, 2024 at 11:30 AM Max Nikulin wrote:
> > On Sat, Jun 29, 2024 at 4:13 PM Lee wrote:
> >> set SSLKEYLOGFILE=C:\Users\Lee\AppData\Local\Temp\FF-SSLkeys.txt
> >> start C:\"Program Files\Firefox\Firefox.exe"
> >
> > This looks like the Debian bug report
> >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842292
> >
> >> Lee, may you, please, specify Firefox version and release channel you
> >> are using on Windows where this feature is working?
> >
> > Firefox 115.12.0esr -- which is the current extended service release 
> > software
> > I'm not sure what you mean by release channel .. ESR?
>
> Thanks. I expected that you may use either developer release, beta, or
> even nightly.

Nope - just regular firefox-esr

> Is libnss built with logging support ABI compatible with the variant in
> Debian repositories? (Or can it be patched to achieve ABI
> compatibility?) Instead of asking for changing compile flags for all
> users, from my point of view, it is better to suggest alternative
> packages with and without logging enabled.
>
> Browsers are rather sensitive applications, so I find it reasonable that
> dumping of encryption keys are not available by default.

Maybe I don't know enough to know what's "reasonable" or not.. but I
don't see a problem with me being able to inspect the traffic between
me and some website.
Anyone else wants to intercept my traffic and they'll have to set an
environment variable - which root can do, but who else?

> However
> debugging should be possible and should require special configuration.
>
> I have not tried .deb packages provided by Mozilla. Since their Windows
> builds allows logging, it might work on Linux as well.
> 

Thanks for the pointer to downloading firefox from mozilla.  But wow!!
plenty too many instructions for to be able to
  Install Firefox .deb package for Debian-based distributions

I suppose it's funny that I have no qualms with
SSLKEYLOGFILE= but balk at following those instructions to
modify apt-get actions, but I don't know how to evaluate the security
implications of modifying apt-get files.  So I just downloaded the
binary from mozilla and went from there:

get the 64 bit linux version of firefox esr from
   https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr

tar -xvf firefox-115.12.0esr.tar.bz2
sudo mv firefox /opt/firefox-115.12.0esr/
sudo ln -s /opt/firefox-115.12.0esr/firefox /usr/local/bin/firefox

lee@laptop:~$ cat ~/bin/firefox-tlsdecode.sh
#!/bin/bash
# set things up so that wireshark can decrypt firefox tls traffic
umask 077
SSLKEYLOGFILE=/tmp/FF-SSLkeys.txt
export SSLKEYLOGFILE
/usr/local/bin/firefox "$@" &

# then in wireshark:
#   edit / preferences
#   protocols / tls  (v2.6: protocols / ssl)
# paste SSLKEYLOGFILE filename into (Pre)-Master-Secret log filename

lee@laptop:~$


So now I've got the debian /usr/bin/firefox that doesn't allow export
tls keys and a /usr/local/bin/firefox that does.

Thanks
Lee

Re: [SOLVED] Re: Acer Aspire 5 A515-45 touchpad suddenly stopped working on debian 12.5

2024-07-07 Thread Jeremy Nicoll

On Sun, 7 Jul 2024, at 01:56, David Wright wrote:

> To answer the question in the rant, "why the f* does this button
> exist"...

A more fundamental issue can be that some machines have an 
option in the BIOS that dictates whether keys (mostly but not 
exclusively the F1-F12 ones) which have alternate "Fn+" actions
will either

- by default issue the F1-F12 action, but need you to press "Fn"
  as well to get the other action

- the opposite

People who are not programmers typically want the brightness,
volume, play, rewind etc actions most of the time and rarely if
ever want F1-F12 codes. 

-- 
Jeremy Nicoll - my opinions are my own.

Re: [SOLVED] Re: Acer Aspire 5 A515-45 touchpad suddenly stopped working on debian 12.5

2024-07-07 Thread Keith Bainbridge

On 6/7/24 16:39, Steinar Bang wrote:

Steinar Bang :

Sometime (a day or so maybe) before <2024-06-26 Wed 19:59> the touchpad
stopped working on my Acer Aspire 5 with a MATE desktop on debian 12.5.

At the time the laptop had gone 50 days since the last reboot so I
figured something had gone wrong during the time and a reboot would fix
it.

So in <2024-06-29 Sat 18:07> I did a reboot as a result of "apt
full-upgrade" to debian 12.5 and the touchpad still wasn't working.

I have been thinking that the cause may be
1. A hardware failure?
2. I accidentially pressed a keyboard combination that disables the
touchpad?
3. I have accidentially made some configuration change that disables
the touchpad?

The cause was number 2 and the key is F7 (without pressing the Fn key).

Pressing F7 gave me the touchpad back.

I decided to give this yet another try this morning and googled
combinations of "acer aspire 5 fn key disable touchpad"

I was told that Fn+F6 and Fn+F7 is supposed to toggle the touchpad on
many Acer laptops. But pressing Fn+F6 or Fn+F7 had no more effect than
anything else I had tried.

But one thing I discovered was that many people have had the
disappearing touchpad problem on Acer laptopns, also on Windows, and
have tried everything around upgrading drivers and even upgrading from
Windows 10 to Windows 11. So this is not a debian or GNU/linux specific
issue.

I am always reluctant to reboot but I decided I had to bite the bullet
and boot into BIOS and see what I could find there.

But I always, before doing anything, I do a quick google to see what I
can find, search string "acer aspire touchpad bios", and there I found
this thread:

https://www.reddit.com/r/AcerOfficial/comments/ug3xks/touchpad_not_working_at_all_for_my_aspire_5_tried/

Specifically this posting:

https://www.reddit.com/r/AcerOfficial/comments/ug3xks/comment/l1iia93/?utm_source=share_medium=web3x_name=web3xcss_term=1_content=share_button

So I tried F6 without Fn and the screen went black. One more press on F6
and I had the desktop back.

Then I tried F7 without Fn... nd touchpad was back.

I fully supports the rants in the posting linked to above.

Couldn't said it better myself.

Have you considered changing the bios so that the Fn keys need the Fn
key to alter the screen and touchpad and for that matter sound settings
etc accidently. It means the Fn keys will also function what was
considered normally for decades.

--
All the best

Keith Bainbridge

keithr...@gmail.com
keith.bainbridge.3...@gmail.com
+61 (0)447 667 468

UTC + 10:00

Re: Re : Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-07 Thread Gilles Mocellin

Bonjour à tous,

Pour info, l'entreprise de stockage en ligne Backblaze publie régulièrement des 
stats 
sur les disques qu'elle utilise, avec les pannes.
https://www.backblaze.com/cloud-storage/resources/hard-drive-test-data[1]
Dernier blog, Q1 2024 :
https://www.backblaze.com/blog/backblaze-drive-stats-for-q1-2024/[2]

Ils calculent leur "annualized failure rates" (AFRs).

Pour parler de Seagate, on voit que d'un modèle à l'autre tout peut changer, 
donc la 
marque seule n'est pas un critère suffisant.

Concernant les SSD, ils ont aussi des stats, moins régulières, et pour 
l'instant, ce ne sont 
pas des disques haute capacité :
https://www.backblaze.com/blog/ssd-edition-2023-mid-year-drive-stats-review/[3]

Leurs durée de vie moyenne semble similaire au HDD (2-3 ans).

C'est marrant, et un peu déprimant, mais plus on regarde, moins il semble 
facile de 
trancher de manière certaines sur les bons choix à faire.

Le dimanche 7 juillet 2024, 03:52:56 CEST k6dedi...@free.fr a écrit :
> Bonjour à tous,
> Petit retour d'expérience.
> J'ai eu plusieurs marques de disques durs lors de mes achats de PC.
> Les disques qui me posent moins de problèmes sont les Seagate.
> Moins d'alertes et moins de pannes données par S.M.A.R.T.
> Chaque fois qu'un disque inclus dans un PC donne des signes de fatigue,
> vérification plus fréquente demandées par le système, secteurs défectueux
> marqués, je le remplace par un Seagate. J'ai encore un Seagate mécanique
> qui a plus de 10 ans et pour lequel, je n'ai qu'une alerte par an. Ce qu'il
> faut aussi regarder dans les caractéristique des disque durs, c'est le
> nombre de démarrage supportés. En effet à chaque redémarrage le secteur de
> démarrage est sollicité et c'est souvent ce secteur qui empêche d'accéder
> aux autres données du disque. Il faut alors le monter en disque secondaire
> pour récupérer les données. Je n'ai que très exceptionnellement réussi à
> réparer efficacement le secteur de démarrage. J'ai donc adopté la politique
> suivante : si après la première tentative il ne redémarre pas, je mets un
> nouveau disque de démarrage et récupère illico les données. Le me sers
> alors de l'ancien disque comme disque sur lequel je fais des travaux
> temporaires et le met au rebut s'il y a trop d’arrêts pour secteurs
> défectueux (2 signalements dans une journée=rebut).
> 
> En espérant que ce retour d'expérience puisse vous être utile.
> Cassis
> 
> 
> 
> - Mail d'origine -
> De: ajh-valmer 
> À: debian-user-french@lists.debian.org
> Envoyé: Sat, 06 Jul 2024 23:49:50 +0200 (CEST)
> Objet: Re: [HS] sauvegarde sur Disque Mécanique ou SSD
> 
> On Saturday 06 July 2024 15:07:18 BERTRAND Joël wrote:
> > ajh-valmer a écrit :
> > > Aujourd'hui, les disques durs SSD semblent fiables.
> > > Je n'ai connu que des défaillances irrémédiables (poubelle)
> > > avec les DD mécaniques, pas avec les SSD.
> > 
> > Moi, avec plusieurs milliers de disques dans la nature (dans des
> > équipements chez des clients), c'est exactement l'inverse. Je n'ai que
> > rarement eu de pertes dues à un disque dur à plateaux (il prévient avant
> > de mourir et si le problème est électronique, ce qui peut arriver, on
> > sait recouvrer les informations). En revanche, je ne compte plus les SSD
> 
> > qui meurent subitement sans crier gare :
> Si certains disent : "connus que des pannes avec les SSD",
> d'autres : connus que des pannes avec les DD mécaniques",
> on ne pourra pas tirer une conclusion claire et nette.
> 
> :-)




[1] https://www.backblaze.com/cloud-storage/resources/hard-drive-test-data
[2] https://www.backblaze.com/blog/backblaze-drive-stats-for-q1-2024/
[3] https://www.backblaze.com/blog/ssd-edition-2023-mid-year-drive-stats-review/

change video driver

2024-07-07 Thread mick.crane


On [cough] Trixie, just how do I change the video driver.
I'm using  driver xserver-xorg-video-nvidia-tesla-470 on older kernel
There must have been a reason, likely the available resolution.
With kernel 6.9.7-amd64 have to "startx" and then the available displays 
in Xfce are low.

"modprobe nvidia" complains cannot find the module.
I revert to 6.7.12 kernel
Do I need to "apt remove" the xserver-xorg-video-nvidia-tesla-470,
Reboot to the 6.9.7-amd64 kernel and reinstall the tesla-470 driver?
Find the /lib/modules/6.7.12 nvidia-tesla-470 module and copy it to
/lib/modules/6.9.7-amd64 ?
What files would I want to find?

mick

Re: small font

2024-07-06 Thread tomas

On Sat, Jul 06, 2024 at 07:17:51PM -0400, Felix Miata wrote:

[...]

> FWIW to any not familiar with how email was 30+ years ago, M$ and Win95 seem 
> to be
> the root blame for the practice of both use of not only HTML for email by 
> default,
> but also of defaulting to imposition of a smaller than default font size in 
> those
> HTML emails, apparently to match what web designers were doing, making email
> mousetype similar to the web page mousetype those eagle-eyed designers were 
> fond
> of imposing on everyone in the days before zoom was invented.

[...]

Don't blame the designers. There has always been a struggle over control
of the end user's computer -- just as a means of reaching the end user's
perception. The companies are winning.

That's what we get when the companies financing the infrastructure are all,
basically, advertising companies (Microsoft? They don't make tech. They sell
tech).

Cheers
-- 
t

signature.asc
Description: PGP signature

Re : Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread k6dedijon

Bonjour à tous,
Petit retour d'expérience.
J'ai eu plusieurs marques de disques durs lors de mes achats de PC.
Les disques qui me posent moins de problèmes sont les Seagate.
Moins d'alertes et moins de pannes données par S.M.A.R.T.
Chaque fois qu'un disque inclus dans un PC donne des signes de fatigue, 
vérification plus fréquente demandées par le système, secteurs défectueux 
marqués, je le remplace par un Seagate.
J'ai encore un Seagate mécanique qui a plus de 10 ans et pour lequel, je n'ai 
qu'une alerte par an.
Ce qu'il faut aussi regarder dans les caractéristique des disque durs, c'est le 
nombre de démarrage supportés.
En effet à chaque redémarrage le secteur de démarrage est sollicité et c'est 
souvent ce secteur qui empêche d'accéder aux autres données du disque. Il faut 
alors le monter en disque secondaire pour récupérer les données.
Je n'ai que très exceptionnellement réussi à réparer efficacement le secteur de 
démarrage.
J'ai donc adopté la politique suivante : si après la première tentative il ne 
redémarre pas, je mets un nouveau disque de démarrage et récupère illico les 
données. Le me sers alors de l'ancien disque comme disque sur lequel je fais 
des travaux temporaires et le met au rebut s'il y a trop d’arrêts pour secteurs 
défectueux (2 signalements dans une journée=rebut).

En espérant que ce retour d'expérience puisse vous être utile.
Cassis

- Mail d'origine -
De: ajh-valmer 
À: debian-user-french@lists.debian.org
Envoyé: Sat, 06 Jul 2024 23:49:50 +0200 (CEST)
Objet: Re: [HS] sauvegarde sur Disque Mécanique ou SSD

On Saturday 06 July 2024 15:07:18 BERTRAND Joël wrote:
> ajh-valmer a écrit :
> > Aujourd'hui, les disques durs SSD semblent fiables.
> > Je n'ai connu que des défaillances irrémédiables (poubelle) 
> > avec les DD mécaniques, pas avec les SSD.

> Moi, avec plusieurs milliers de disques dans la nature (dans des
> équipements chez des clients), c'est exactement l'inverse. Je n'ai que
> rarement eu de pertes dues à un disque dur à plateaux (il prévient avant
> de mourir et si le problème est électronique, ce qui peut arriver, on
> sait recouvrer les informations). En revanche, je ne compte plus les SSD
> qui meurent subitement sans crier gare :

Si certains disent : "connus que des pannes avec les SSD",
d'autres : connus que des pannes avec les DD mécaniques",
on ne pourra pas tirer une conclusion claire et nette.
:-)

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread Roberto C . Sánchez

On Sat, Jul 06, 2024 at 12:17:53PM +0200, Basile Starynkevitch wrote:
> 
>Justement, c'est des statistiques. Elles n'ont pas de signification
>intuitive pour un ordinateur personnel unique ou un disque dur unique.
>Elles peuvent en avoir pour une personne chargée de lancer un appel
>d'offres pour l'achat institutionnel de milliers d'ordinateurs.
> 
Et en plus, dans un environnement institutionnel, les disques sont en
ligne la plupart du temps. Donc, en cas d'un disque faible qui commence
à mourir, on peut le détecter immediatement. En utilisant un disque pour
une sauvegarde personnelle, hors ligne la plupart du temps, c'est
possible qu'à un moment tout est bien est une semaine plus tard le
disque est en panne sans donner aucune indication.

-- 
Roberto C. Sánchez

Re: [SOLVED] Re: Acer Aspire 5 A515-45 touchpad suddenly stopped working on debian 12.5

2024-07-06 Thread David Wright

On Sat 06 Jul 2024 at 08:39:57 (+0200), Steinar Bang wrote:
> > Steinar Bang :
> 
> > Sometime (a day or so maybe) before <2024-06-26 Wed 19:59> the touchpad
> > stopped working on my Acer Aspire 5 with a MATE desktop on debian 12.5.
> 
> > At the time the laptop had gone 50 days since the last reboot so I
> > figured something had gone wrong during the time and a reboot would fix
> > it.
> 
> > So in <2024-06-29 Sat 18:07> I did a reboot as a result of "apt
> > full-upgrade" to debian 12.5 and the touchpad still wasn't working.
> 
> > I have been thinking that the cause may be
> >  1. A hardware failure?
> >  2. I accidentially pressed a keyboard combination that disables the
> > touchpad?
> >  3. I have accidentially made some configuration change that disables
> > the touchpad?
> 
> The cause was number 2 and the key is F7 (without pressing the Fn key).
> 
> Pressing F7 gave me the touchpad back.
> 
> I decided to give this yet another try this morning and googled
> combinations of "acer aspire 5 fn key disable touchpad"
> 
> I was told that Fn+F6 and Fn+F7 is supposed to toggle the touchpad on
> many Acer laptops.  But pressing Fn+F6 or Fn+F7 had no more effect than
> anything else I had tried.
> 
> But one thing I discovered was that many people have had the
> disappearing touchpad problem on Acer laptopns, also on Windows, and
> have tried everything around upgrading drivers and even upgrading from
> Windows 10 to Windows 11.  So this is not a debian or GNU/linux specific
> issue. 
> 
> I am always reluctant to reboot but I decided I had to bite the bullet
> and boot into BIOS and see what I could find there.
> 
> But I always, before doing anything, I do a quick google to see what I
> can find, search string "acer aspire touchpad bios", and there I found
> this thread:
>  
> https://www.reddit.com/r/AcerOfficial/comments/ug3xks/touchpad_not_working_at_all_for_my_aspire_5_tried/
> 
> Specifically this posting:
>  
> https://www.reddit.com/r/AcerOfficial/comments/ug3xks/comment/l1iia93/?utm_source=share_medium=web3x_name=web3xcss_term=1_content=share_button
> 
> So I tried F6 without Fn and the screen went black. One more press on F6
> and I had the desktop back.
> 
> Then I tried F7 without Fn... nd touchpad was back.
> 
> I fully supports the rants in the posting linked to above.
> 
> Couldn't said it better myself.

The advice I follow whever I acquire a "new" computer¹ (all mine are
cast-offs) is to download any manuals (quickstart, user, service etc)
I can find from sites like www.manualslib.com, check them out, and
archive them. (I also keep any reviews I find.)

These particular buttons have been around for years. The attached is
from the service manual for my Acer TravelMate 3201XCi, manufactured
and documented in 2004, but wrested from my partner in 2014 after
being our only working CorelDraw installation for a couple of years.

To answer the question in the rant, "why the f* does this button
exist": for the same reason that some people set a touchpad timeout
each time a key is struck, to prevent the cursor careering around the
screen when typing, thanks to the ball of the thumb rubbing the touchpad.

¹ or any other technology items or components.

Cheers,
David.

Re: small font

2024-07-06 Thread Felix Miata

Van Snyder composed on 2024-07-06 14:13 (UTC-0700):

> I know what to do to read messages with tiny fonts -- if I can see
> enough of it to decide they're interesting.

> So far, only one correspondent, whom I have by-and-large concluded
> doesn't have anything interesting to way.

> What I'm offering to those who send messages that they seriously
> consider to be worth reading: You ought to make them readable. If you
> make it hard for recipients to read them, they'll ignore your wisdom.

FWIW to any not familiar with how email was 30+ years ago, M$ and Win95 seem to 
be
the root blame for the practice of both use of not only HTML for email by 
default,
but also of defaulting to imposition of a smaller than default font size in 
those
HTML emails, apparently to match what web designers were doing, making email
mousetype similar to the web page mousetype those eagle-eyed designers were fond
of imposing on everyone in the days before zoom was invented. Most GUI email
clients, as well as webmail apps, seem to have followed this stupid, rude lead.
It's the sender not changing the rude default, typically not knowing it even
exists, or can be changed (though in some cases default cannot be changed), 
which
is the immediate locus for blame.
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread ajh-valmer

On Saturday 06 July 2024 15:07:18 BERTRAND Joël wrote:
> ajh-valmer a écrit :
> > Aujourd'hui, les disques durs SSD semblent fiables.
> > Je n'ai connu que des défaillances irrémédiables (poubelle) 
> > avec les DD mécaniques, pas avec les SSD.

> Moi, avec plusieurs milliers de disques dans la nature (dans des
> équipements chez des clients), c'est exactement l'inverse. Je n'ai que
> rarement eu de pertes dues à un disque dur à plateaux (il prévient avant
> de mourir et si le problème est électronique, ce qui peut arriver, on
> sait recouvrer les informations). En revanche, je ne compte plus les SSD
> qui meurent subitement sans crier gare :

Si certains disent : "connus que des pannes avec les SSD",
d'autres : connus que des pannes avec les DD mécaniques",
on ne pourra pas tirer une conclusion claire et nette.
:-)

Re: small font

2024-07-06 Thread Van Snyder

On Sat, 2024-07-06 at 15:41 +0100, debian-u...@howorth.org.uk wrote:
> > It's not my responsibility to deal with messages the senders aren't
> > serious about being read.
> 
> It's up to you of course but if that's your opinion then you always
> have the option of simply not reading messages that are sent (against
> list guidelines) with HTML parts that suggest using fonts that are
> too
> small for you.

I know what to do to read messages with tiny fonts -- if I can see
enough of it to decide they're interesting.

So far, only one correspondent, whom I have by-and-large concluded
doesn't have anything interesting to way.

What I'm offering to those who send messages that they seriously
consider to be worth reading: You ought to make them readable. If you
make it hard for recipients to read them, they'll ignore your wisdom.

Re: debian-user-digest Digest V2024 #409

2024-07-06 Thread George Langford


On 2024-05-18 22:25, debian-user-digest-requ...@lists.debian.org wrote:



Please remove geo...@georgesbasement.com from the mailing list.

Re: debian-user-digest Digest V2024 #408

2024-07-06 Thread Andrew M.A. Cater

[Copied directly to George since he may only see this on the list digest]

On Sat, Jul 06, 2024 at 12:56:19PM -0700, George Langford wrote:
> On 2024-05-18 08:56, debian-user-digest-requ...@lists.debian.org wrote:
> > 
> Please remove geo...@georgesbasement.com from the mail list.
>

George,

Sadly, this won't do it. You (and anybody else in this position) need
to follow the procedure described at the foot of each message.

You need to send a mail to debian-user-digest-requ...@lists.debian.org
with a subject of Unsubscribe and something in the message body.

That will generate an automatic response sent to you, asking you to confirm 
the unsubscription request.

A reply to *that* message will act as your unsubscription.

Hope this helps, as ever,

Andy
(amaca...@debian.org)

Re: debian-user-digest Digest V2024 #408

2024-07-06 Thread George Langford


On 2024-05-18 08:56, debian-user-digest-requ...@lists.debian.org wrote:



Please remove geo...@georgesbasement.com from the mail list.

Re: how2 format a flash drive

2024-07-06 Thread Marc SCHAEFER

Hello,

On Tue, Jun 25, 2024 at 09:53:41AM -0400, Lee wrote:
> My question is: how do I reformat the flash drive so it's usable as a
> "normal" flash drive again?

Nowadays, people rarely "format" (*) their "drives".

They create filesystems on raw devices.

For example `mkfs.ext4 /dev/sdX`, where /dev/sdX is the raw device
corresponding to your USB key (see the lsblk command, for example).

> Nothing I tried worked.. I ended up putting the thumb drive in a
> Windows machine and formatting it there; it would be nice to know how
> to restore the thumb drive to working order on Debian.

However, for Microsoft compatibility, in addition, you will need
a partition table. Linux, except for booting (because of BIOS
requirements), does not require partition tables.

So, first create a partition e.g. with fdisk[1]: this will make
/dev/sdX1 available in lsblk.

Then again, for Microsoft compatibility, you need to create
a Microsoft-compatible filesystem. One good alternative is
VFAT.

Thus with `mkfs.vfat /dev/sdX1`.

Please double-check you use the right raw device name, as fdisk and mkfs
commands are destructive.

(*) actually the last time I did format a device using a SCSI
command was in the nineties -- some people differentiate
"low-level formatting" with "high-level formatting", which
is better called "creating a filesystem" -- yes back then
it was sometimes useful to reformat using 256 bytes/sector
for RAID0 applications :)
[1] https://www.digitalocean.com/community/tutorials/create-a-partition-in-linux

Re: Esteemed Gentlemen!

2024-07-06 Thread Nicholas Geovanis

On Sat, Jul 6, 2024, 9:21 AM Greg Wooledge  wrote:

> On Sat, Jul 06, 2024 at 11:01:45 +, Richard Bostrom
>
> > I've removed unattended-upgrades.
>
.

> > Tripwire is useless with automated system updates etc.
>

I don't follow your logic.
First, I don't necessarily recommend automated system updates.
Second, tripwire has nothing to do with them. You turn off tripwire right
before the upgrade. You rescan afterwards because monitored system files
may have changed. That's what tripwire is for. As stated previously:

Though, if your plan is to run "apt update" and "apt upgrade"
> by hand, at a time of your choosing, so that you can update tripwire's
> state afterward, then that's fine.
>
>

Re: Debian 11 and IPv4 static IP address

2024-07-06 Thread Marc SCHAEFER

Hello,

On Sat, Jul 06, 2024 at 12:49:32PM +0200, Detlef Vollmann wrote:
> The only thing that's always annoying is that too many programs
> believe they have to overwrite /etc/resolv.conf...

chattr +i  # immutable
still works :)

Re: Debian 11 and IPv4 static IP address

2024-07-06 Thread Michel Verdier

On 2024-07-06, George at Clug wrote:

>> What I really need is a good book
>> or document that explains the design 
>> and implementation of networking with systemd and Network Manager on
>> modern Debian GNU/Linux systems.  Recommendations?
>
> Sadly I have not found any documentation (or books) for any thing
> Linux. It seems to be a 'piecing together of random statements' from
> comments and howtos on the Internet, and much personal
> experimentation.

Of course uptodate informations are as you say dispatched on
internet. For systemd I would suggest:
https://wiki.archlinux.org/title/Systemd
For Network Manager:
https://wiki.debian.org/NetworkManager

Still some fundamentals could be learned more easily with a book. This
one is rather good:
https://debian-handbook.info/about-the-book/?ref=itsfoss.com

Re: small font

2024-07-06 Thread debian-user

Van Snyder  wrote:

> It's not my responsibility to deal with messages the senders aren't
> serious about being read.

It's up to you of course but if that's your opinion then you always
have the option of simply not reading messages that are sent (against
list guidelines) with HTML parts that suggest using fonts that are too
small for you.

Alternatively:

- you could search for how to adjust font sizes in evolution (hint
  edit/ preferences/ mail preferences/ general tab)

- you could set evolution to display the plain text version of emails

- you could choose another mail reader

Sadly whilst it is your opinion that it's not your responsibility, I
doubt many other people share your opinion, so I think your options are
limited to those within your own control, such as the four above.

Re: Debian12 with nginx and php-fpm

2024-07-06 Thread Michael Kjörling

On 6 Jul 2024 13:58 +, from stetheww...@posteo.net (Stefano Prina):
> [container]$ tail -n 2 /var/log/nginx/error.log
> 2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
> message: PHP Warning:  PHP Request Startup: Failed to open stream:
> Permission denied in Unknown on line 0; Unable to open primary script:
> /var/www/html/info.php (Permission denied)" while reading resp
> onse header from upstream, client: 127.0.0.1, server: _, request: "GET
> /info.php HTTP/1.1", upstream:
> "fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"
> 2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP
> message: PHP Warning:  PHP Request Startup: Failed to open stream:
> Permission denied in Unknown on line 0; Unable to open primary script:
> /var/www/html/info.php (Permission denied)" while reading resp
> onse header from upstream, client: 127.0.0.1, server: _, request: "GET
> /info.php HTTP/1.1", upstream:
> "fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"
> 
> It is strange because I the file /var/www/html/info.php exists and have to
> much open permission 0:)

I am unable to replicate your results against a VM running a fairly
bare-bones Debian 12 installation. I did however have to do an extra
`systemctl restart nginx.service` within the VM guest for the nginx
web server to recognize info.php as a PHP script that should be
executed, instead of a plain file that should be returned as-is to the
client; simply the old-style /etc/init.d "start" that you show in your
post did not suffice.

I do note that you seem to have a mix of TCP ports here; both 80, 8080
(in the requested URL) and 8090 (in the podman invocation). I would
therefore suggest to double-check your podman invocation to make sure
it is correct for the intended results, and then double-check that you
are requesting the correct URL (primarily host and port) given the
conditions from where you are requesting it. For example, you could
make a change to the default page and check that this change is
reflected in the web browser.

-- 
Michael Kjörling  https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Esteemed Gentlemen!

2024-07-06 Thread Greg Wooledge

On Sat, Jul 06, 2024 at 11:01:45 +, Richard Bostrom wrote:
> Esteemed Gentlemen!

Dude.  Seriously?  I was milliseconds away from deleting this message
as obvious spam, until I saw the second paragraph.

This message you've written is a golden example of how NOT to choose
a Subject: header, and how NOT to begin a request for help.

> I've removed unattended-upgrades.
> However I wish to remove the Software store as well as the Software Update 
> feature. Or at least disable any automatic updates.

What is a "Software store"?  What "Software Updates feature" are you
seeing?

Are you sure you're even running Debian?  If you're running something
that's "based on Debian", we may not know anything about it.

If you are running Debian, which version of Debian is it, and which
Desktop Environment, if any, are you using?

If what you're seeing is part of some Desktop Environment, then maybe
someone else on this mailing list will recognize it.  The more details you
can provide about it, the better.  Are you seeing log messages indicating
that someting is installing package updates?  If so, which log file are
they in, and most importantly, *exactly what do these messages say*?

> Tripwire is useless with automated system updates etc.

I have to question whether tripwire is more useful than Debian's security
updates.  Though, if your plan is to run "apt update" and "apt upgrade"
by hand, at a time of your choosing, so that you can update tripwire's
state afterward, then that's fine.

Re: Debian 11 and IPv4 static IP address

2024-07-06 Thread Greg Wooledge

On Fri, Jul 05, 2024 at 21:51:09 -0700, David Christensen wrote:
> What I really need is a good book or document that explains the design and
> implementation of networking with systemd and Network Manager on modern
> Debian GNU/Linux systems.  Recommendations?

The main thing to understand is that there IS NOT a single unified
way of doing network configuration in Debian.  Instead, there are
many choices.

So, the first thing you have to discover on your system is which
choices are in play.  Once you know which things to investigate and
poke, then you can learn how those particular things work, by reading
the documentation that's specific to those things.

So, let's start at the interface level.  Interfaces are named by the
kernel, when you boot.  The kernel performs hardware probes, to discover
the network interfaces, both ethernet and wireless.  The kernel
assigns TEMPORARY NAMES to each interface it finds, in the order in
which its probes happen to find them.  These temporary names look like
"eth0", "eth1" and so on for ethernet interfaces, and "wlan0", "wlan1"
and so on for wireless.

If you've told your kernel NOT to perform the second step, then these
semi-randomly assigned temporary names become the permanent names of
your interfaces.  Otherwise, the kernel performs some gymnastics to
try to assign "predictable" names to each interface.  An onboard
ethernet interface, for example, may be renamed to "eno1", or a PCI
ethernet interface may be renamed to something like "enp2s0" based
on the PCI slot.

Or, if you don't want the kernel to assign names, you may choose your
own names for your interfaces, by configuring systemd.link(5) files.

To learn what your interface names are, you can start with this
command:

ip link

>From the output of that, you can deduce which naming scheme is being
used.  You should be able to figure out which interfaces are ethernet
and which are wireless (hint: look at the first letter), and you might
be able to guess whether the names will remain stable over time, or
whether you should do something to switch naming schemes.

Once you have your interface names, there are three basic ways to
configure them:

 1) /etc/network/interfaces a.k.a. /e/n/i a.k.a. ifupdown

 2) NetworkManager

 3) systemd.network(5)

Option 1 is the way Debian has always supported, for three decades.
See interfaces(5) for documentation of the main configuration file.

Option 2 is often installed by default if you install a Desktop
Environment package.  In Debian, /e/n/i and NM will work together --
if an interface is configured in /e/n/i, NM will leave that interface
alone.  There are three different ways to interact with NM -- a
set of command line tools (nmcli), a terminal-based interface (nmtui),
and a graphical interface (click things provided by your DE). 

Option 3 is obviously part of systemd, and is not used in a default
Debian installation.  However, you're free to use it if you wish.
Or, if someone else installed Debian for you, such as a VPS provider,
it's *possible* that they used this.  Therefore, it's good to be
aware that it exists, and *might* be in play on your system, if you
weren't the one who installed Debian.

Once you figure out which option is being used, you can read the
documentation.  I've provided man page references for the ones that
have them, and I've done my best to supply what little information I
have about NM.

Debian12 with nginx and php-fpm

2024-07-06 Thread Stefano Prina


Hello All,

I am Stefano from Torino, Italy;  I am just new to this  list, nice to 
virtually meet all of you : )


I am writing to you because I need support for a strange issue I' am facing.

I am trying to create a debian container to run some php app for a side 
project, the idea is to use nginx and php-fpm,


the procedure I am using is :

[host] $ podman run -ti -p 8090:80 debian:12-slim

[container]$apt update && apt install vim nginx php-fpm

edit`/etc/nginx/sites-enabled/default` de-commenting the php part

   # pass PHP scripts to FastCGI server
   #
   location ~ \.php$ {
   include snippets/fastcgi-php.conf;

   # With php-fpm (or other unix sockets):
   fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
   # With php-cgi (or other tcp sockets):
   #fastcgi_pass 127.0.0.1:9000;
   }

[container]$/etc/init.d/nginx start
[container]$ /etc/init.d/php8.2-fpm start

edit`/var/www/html/info.php using the content:`

   

connectinghttp://localhost:8080 I get the default nginx page

connectinghttp://localhost:8080/info.php I got Access denied.

and the logs report :

[container]$ tail -n 2 /var/log/nginx/error.log
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP 
message: PHP Warning:  PHP Request Startup: Failed to open stream: 
Permission denied in Unknown on line 0; Unable to open primary script: 
/var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET 
/info.php HTTP/1.1", upstream: 
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"
2024/07/06 13:19:45 [error] 7365#7365: *1 FastCGI sent in stderr: "PHP 
message: PHP Warning:  PHP Request Startup: Failed to open stream: 
Permission denied in Unknown on line 0; Unable to open primary script: 
/var/www/html/info.php (Permission denied)" while reading resp
onse header from upstream, client: 127.0.0.1, server: _, request: "GET 
/info.php HTTP/1.1", upstream: 
"fastcgi://unix:/var/run/php/php8.2-fpm.sock:", host: "localhost:8090"


It is strange because I the file /var/www/html/info.php exists and have 
to much open permission 0:)


[container]$ls -l /var/www/html/info.php
-rwxrwxrwx 1 root root 20 Jul  6 13:03 /var/www/html/info.php

the socket /var/run/php/php8.2-fpm.sock exist and it seems ok:

[container]$ls -l /var/run/php/php8.2-fpm.sock
srw-rw 1 www-data www-data 0 Jul  6 13:14 /var/run/php/php8.2-fpm.sock

all the workers seem running using the right user:

[container]$ps -aux
USER   PID %CPU %MEM    VSZ   RSS TTY  STAT START   TIME COMMAND
root 1  0.0  0.0   4188  3216 pts/0    Ss   12:58   0:00 bash
root  7255  0.0  0.0 201548  8448 ?    Ss   13:14   0:00 
php-fpm: master process (/etc/php/8.2/fpm/php-fpm.conf)
www-data  7256  0.0  0.0 201548 10792 ?    S    13:14   0:00 
php-fpm: pool www
www-data  7257  0.0  0.0 201548 10664 ?    S    13:14   0:00 
php-fpm: pool www
root  7364  0.0  0.0  10336  1512 ?    Ss   13:19   0:00 nginx: 
master process /usr/sbin/nginx
www-data  7365  0.0  0.0  10960  4104 ?    S    13:19   0:00 nginx: 
worker process
www-data  7366  0.0  0.0  10960  4244 ?    S    13:19   0:00 nginx: 
worker process
www-data  7367  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7368  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7369  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7370  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7371  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7372  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7373  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7374  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7375  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process
www-data  7376  0.0  0.0  10688  2684 ?    S    13:19   0:00 nginx: 
worker process

root  7386  0.0  0.0   8060  4248 pts/0    R+   13:51   0:00 ps -aux

So I have the feeling I am missing something stupid... but what ??

Can you help me ?

Thanks in advance

Stefano

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

ajh-valmer a écrit :
> On Saturday 06 July 2024 10:56:54 benoit wrote:
>> Le vendredi 5 juillet 2024 à 22:19, Dethegeek a écrit :
>>> C'est une bonne question. Comment est déterminé le MTBF ? 
>>> Par experimentation sur des exemplaires avant mise en production 
>>> de masse, par simulations ?  
> 
> Aujourd'hui, les disques durs SSD semblent fiables.
> Je n'ai connu que des défaillances irrémédiables (poubelle) 
> avec les DD mécaniques, pas avec les SSD.

Moi, avec plusieurs milliers de disques dans la nature (dans des
équipements chez des clients), c'est exactement l'inverse. Je n'ai que
rarement eu de pertes dues à un disque dur à plateaux (il prévient avant
de mourir et si le problème est électronique, ce qui peut arriver, on
sait recouvrer les informations). En revanche, je ne compte plus les SSD
qui meurent subitement sans crier gare (ça va de la corruption du
firmware à un fonctionnement aléatoire allant jusqu'à la corruption des
données). Par ailleurs, un swap sur SSD crame très vite l'_intégralité_
d'un SSD, pas uniquement la partition de swap. J'ai fait quelques
calculs parce que j'ai dû changer les disques d'un volume raid sur un
serveur (raid6 en 4 * 1 To en 2,5"). Ben... Durée de vie de 4 mois avec
des SSD en raison de la partition de swap pourtant relativement peu
sollicitée. J'ai changé les berceaux 2,5" contre des 3,5" pour y mettre
des disques normaux.

> Inutile de se faire du soucis sur ce sujet,
> d'autant que la vitesse de transmission des données
> d'un SSD est incomparable par rapport à un DD mécanique,
> que je ne pourrais plus utiliser.
> On le voit bien au boot, quelle différence !

Je préfère qu'une machine mette deux minutes à démarrer à un SSD qui
meure subitement. Mais je suis un dinosaure qui se souvient des 45
minutes de boot de sa VaxStation 3100 et je ne redémarre pas très
souvent mes machines. Pour un portable, je veux bien un SSD, mais pas
pour une machine fixe (sauf à avoir des SSD à un bit par cellule, mais
ils sont hors de prix, et même là, on n'atteint pas la fiabilité d'un
disque mécanique de milieu de gamme en terme d'endurance.).

JB

signature.asc
Description: OpenPGP digital signature

Re: Esteemed Gentlemen!

2024-07-06 Thread George at Clug



Richard,

You may know these methods below, but if you do not, then please read on...

If you had not removed unattended-upgrades:
dpkg-reconfigure unattended-upgrades  (select 'no')


Would you be using Gnome? (understand this can be used)

Software
(select menu icon in top right of 'Software' window)
Update Preferences
Automatic Update (set to off)

or
 
https://blogs.gnome.org/kalev/2014/09/24/whats-new-in-gnome-software-3-14/
It’s now possible to disable the background update checks altogether through a 
hidden setting: ‘gsettings set org.gnome.software download-updates false’

$ gsettings set org.gnome.software download-updates false

I hope the above work, I have not used these so as to know if they do or not?

George.




On Saturday, 06-07-2024 at 21:01 Richard Bostrom wrote:
> Esteemed Gentlemen!
> 
> I've removed unattended-upgrades.
> However I wish to remove the Software store as well as the Software Update 
> feature. Or at least disable any automatic updates.
> Tripwire is useless with automated system updates etc.
> 
> Yours sincerely
> Richardh Bostrom

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread ajh-valmer

On Saturday 06 July 2024 10:56:54 benoit wrote:
> Le vendredi 5 juillet 2024 à 22:19, Dethegeek a écrit :
> > C'est une bonne question. Comment est déterminé le MTBF ? 
> > Par experimentation sur des exemplaires avant mise en production 
> > de masse, par simulations ?  

Aujourd'hui, les disques durs SSD semblent fiables.
Je n'ai connu que des défaillances irrémédiables (poubelle) 
avec les DD mécaniques, pas avec les SSD.
Inutile de se faire du soucis sur ce sujet,
d'autant que la vitesse de transmission des données
d'un SSD est incomparable par rapport à un DD mécanique,
que je ne pourrais plus utiliser.
On le voit bien au boot, quelle différence !

Re: Re : [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread hamster


Le 06/07/2024 à 13:25, nicolas.patr...@gmail.com a écrit :

On 06/07/2024 11:08:55, elguero eric wrote:


remarque que c'est pire pour les demi-vies de certains
isotopes. On arrive à estimer des périodes de plusieurs
millions d'années avec juste quelques mois d'observations.


Tu as demandé à un physicien comment il fait ?


Exactement comme pour les disques durs : il en prend plein (une quantité 
connue) et il mesure combien se désintègrent pendant un temps donné. 
Connaissant la loi de décroissance (toujours une exponentielle 
décroissante pour la radioactivité) il est facile de calculer au bout de 
combien de temps la moitié se seront désintégrés.

Re : [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread nicolas . patrois

On 06/07/2024 11:08:55, elguero eric wrote:

> remarque que c'est pire pour les demi-vies de certains
> isotopes. On arrive à estimer des périodes de plusieurs
> millions d'années avec juste quelques mois d'observations.

Tu as demandé à un physicien comment il fait ?

nicolas patrois : pts noir asocial
-- 
RÉALISME

M : Qu'est-ce qu'il nous faudrait pour qu'on nous considère comme des humains ? 
Un cerveau plus gros ?
P : Non... Une carte bleue suffirait...

Esteemed Gentlemen!

2024-07-06 Thread Richard Bostrom

Esteemed Gentlemen!

I've removed unattended-upgrades.
However I wish to remove the Software store as well as the Software Update 
feature. Or at least disable any automatic updates.
Tripwire is useless with automated system updates etc.

Yours sincerely
Richardh Bostrom

Re: Debian 11 and IPv4 static IP address

2024-07-06 Thread Detlef Vollmann


On 7/6/24 06:51, David Christensen wrote:

The underlying issue appears to be that my old-school Linux console 
network administration skills have been rendered obsolete by systemd and 
NetworkManager.


I don't think that these skills are obsolete.
I still use /etc/network/interfaces for everything special
(and use the NetworkManager applet on my laptop to manage
wifi networks.

The only thing that's always annoying is that too many programs
believe they have to overwrite /etc/resolv.conf...

  Detlef

Re: Debian 11 and IPv4 static IP address

2024-07-06 Thread Detlef Vollmann


On 7/6/24 06:37, jeremy ardley wrote:

As I said in my earlier post, it's not necessary to disable dhcpd and in 
fact it is likely undesirable.


Note that the warning in the wiki talks about dhcpcd, not about dhcpd.

Though as a pointed out before, your machine very likely will have 
NetworkManager running and it's probably a good idea to disable it.


NetworkManager reliably ignores all interfaces that have an entry
in /etc/network/interfaces.
If I setup my laptop as AP I have an entry for it in
/etc/network/interfaces, but let the NetworkManager handle the
wired network.

I don't know how well systemd-networkd cooperates with
/etc/network/interfaces.

  Detlef

Re: Debian 11 and IPv4 static IP address

2024-07-06 Thread Detlef Vollmann


On 7/6/24 04:06, Max Nikulin wrote:

On 06/07/2024 08:16, David Christensen wrote:



The following sentence:

"Make sure to disable all DHCP services, e.g. dhcpcd."

Was added at revision 97:


 From my point of view this warning makes sense. Primary it is a 
troubleshooting step if an attempt to configure static has IP failed. 
The assumption is that a reader is either aware what network management 
tools are installed on their machine or is able to review installed 
packages, active services, running processes. DHCP client activity may 
appear in logs.


I think this warning is very misleading: if an interface specification
in /etc/network/interfaces uses the 'static' method, no DHCP client
for this interface will be started.

On a laptop you may have the wifi with DHCP and wired network
with a static address.
Or on a workstation you may have the office LAN interface with DHCP
and a development LAN with a static IP address.
So disabling DHCP may cause additional problems and will solve none.

  Detlef

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread Basile Starynkevitch

On 7/6/24 10:56, benoit wrote:
Le vendredi 5 juillet 2024 à 22:19, Dethegeek a
écrit :

C'est une bonne question. Comment est déterminé le MTBF ? Par
experimentation sur des exemplaires avant mise en production de
masse, par simulations ?

Un MTBF DE 2.5 millions d'heures équivaut à 285 ans. Soit j'ai fait
un erreur de logique pour calculer soit cette valeur est erronée. Ça
me semble ni réalisable ni raisonnable au vu de la vitesse
d'évolution technologique

Non c'est pas une erreur :
MTTF/MTBF 2.5 M hours

« MTTF/MTBF (Mean Time to Failure/Mean Time Between Failures) is not a
guarantee or estimate of product life; it is a statistical value
related to mean failure rates for a large number of products which may
not accurately reflect actual operation. Actual operating life of the
product may be different from the MTTF/MTBF. »

Cf.
https://toshiba.semicon-storage.com/ap-en/storage/product/data-center-enterprise/enterprise-capacity/articles/mg06aca.html

Et en effet, question réalisme, sauf si Toshiba a recruté Madame Irma,
qui a lu dans sa boule de cristal que dans 200 ans les composants
fonctionneront toujours…
Je me demande bien comment on peut évaluer des valeurs statistiques
sur une telle durée…

Justement, *c'est des statistiques*. Elles n'ont pas de signification
intuitive pour un ordinateur personnel unique ou un disque dur unique.
Elles peuvent en avoir pour une personne chargée de lancer un appel
d'offres pour l'achat institutionnel de milliers d'ordinateurs.

Mais les supercalculateurs listés sur https://top500.org ont des
milliers de disques durs qui tournent tous en parallèle. Ces machines
sont sous Linux, et sont utilisées par les industries automobiles, de
l'armement, du pétrole, de l’énergie (nucléaire civil ou éolienne)
etc... et par la recherche scientifique (universités, CNRS, INRIA,
CEA), la santé, la Commission Européenne. Une panne sur un millier de
disques identiques ou similaires est bien plus probable que sur un
disque isolé. Et elle peut impacter pas mal de développeurs ou d'emplois
ou de personnes. ou de logiciels (par exemple https://code-aster.org ou
https://www-cast3m.cea.fr/ ...)

Il en est de même pour les centres de données (datacenters) par exemple
chez OVH https://www.ovhcloud.com/fr/

Pour ma part je continue de chercher un consortium ANR, ITEA ou
HorizonEurope intéressé par

https://github.com/RefPerSys/RefPerSys

Cordialement.

--
Basile STARYNKEVITCH
8 rue de la Faïencerie, 92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/ -gives my mobile number +33 6 8501
See/voir:https://github.com/RefPerSys/RefPerSys

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread benoit

Le mercredi 19 juin 2024 à 18:07, hamster  a écrit :


> Ce que tu a surtout besoin c'est d'espace de stockage volumineux pour y
> mettre tous tes trucs et qu'ensuite ces espaces de stockage dorment dans
> un tiroir en étant re-branchés que de facon très rare.
> 
> Dans ce cas le nombre d'écritures limité des disques SSD n'est pas un
> handicap : de toutes facons tu ne les écrira qu'une fois. Le coté
> aléatoire des pannes mécaniques des disques durs ne sont pas un handicap
> non plus : tu ne les laissera pas branchés en permanence, leur durée de
> vie (en heures de fonctionnement) ne sera donc pas consommée.
> 

Ben justement, je me pose cette question : si un disque a été étudié pour une 
durée de vie donnée, il y a deux usages différents :
- Fonctionnement continu 24h/24 et 7j/7, adapté aux NAS (qui n'est pas 
forcément conçu pour redémarrer un grand nombre de fois)
- PC arrêts redémarrages fréquents (qui n'est pas forcément conçu pour un 
fonctionnement continu)

En utilisant un disque de NAS avec un MTBF de dingue, est-ce que je ne risque 
pas de l'user prématurément, voir plus vite qu'un bête disque d'entrée de gamme 
à 50 €, si je l'utilise pour de la sauvegarde (arrêt -> au repos dans un tiroir 
-> démarrage -> écriture...) alors qu'il a été conçu pour ne démarrer qu'une 
seule fois dans sa vie ?

--
Benoît

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread elguero eric

Le samedi 6 juillet 2024 à 10:57:18 UTC+2, benoit  a 
écrit : 

Et en effet, question réalisme, sauf si Toshiba a recruté Madame Irma, qui a lu 
dans sa boule de cristal que dans 200 ans les composants fonctionneront 
toujours…Je me demande bien comment on peut évaluer des valeurs statistiques 
sur une telle durée…


remarque que c'est pire pour les demi-vies de certains
isotopes. On arrive à estimer des périodes de plusieurs
millions d'années avec juste quelques mois d'observations.

s'il n'y a pas de vieillissement, la durée de vie d'un
équipement suit la loi exponentielle, et pour estimer
la moyenne de cette loi il suffit d'observer un certain
nombre d'équipements. Si par exemple tu fais
tourner 1000 disques et si au bout d'un an 4
sont morts, tu en déduis que la durée de vie
moyenne est d'environ 250 ans.

e.e.

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

2024-07-06 Thread benoit

Le vendredi 5 juillet 2024 à 22:19, Dethegeek  a écrit :

> C'est une bonne question. Comment est déterminé le MTBF ? Par experimentation 
> sur des exemplaires avant mise en production de masse, par simulations ?
>
> Un MTBF DE 2.5 millions d'heures équivaut à 285 ans. Soit j'ai fait un erreur 
> de logique pour calculer soit cette valeur est erronée. Ça me semble ni 
> réalisable ni raisonnable au vu de la vitesse d'évolution technologique

Non c'est pas une erreur :
MTTF/MTBF 2.5 M hours

« MTTF/MTBF (Mean Time to Failure/Mean Time Between Failures) is not a 
guarantee or estimate of product life; it is a statistical value related to 
mean failure rates for a large number of products which may not accurately 
reflect actual operation. Actual operating life of the product may be different 
from the MTTF/MTBF. »

Cf.
https://toshiba.semicon-storage.com/ap-en/storage/product/data-center-enterprise/enterprise-capacity/articles/mg06aca.html

Et en effet, question réalisme, sauf si Toshiba a recruté Madame Irma, qui a lu 
dans sa boule de cristal que dans 200 ans les composants fonctionneront 
toujours…
Je me demande bien comment on peut évaluer des valeurs statistiques sur une 
telle durée…

--
Benoît

>

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

Sébastien Dinot a écrit :
> À l'époque où l'on gravait encore des DVD, je me souviens qu'un
> fabricant proposait des DVD en verre, vendus une fortune, dont la durée
> de conservation annoncée était de 4 000 ans.

1/ On grave toujours des DVD (et d'autres supports optiques).
2/ Le support en verre existe toujours. ;-)

JB



signature.asc
Description: OpenPGP digital signature

Re: [HS] sauvegarde sur Disque Mécanique ou SSD

Dethegeek a écrit :
> C'est une bonne question. Comment est déterminé le MTBF ? Par
> experimentation sur des exemplaires avant mise en production de masse,
> par simulations ?
> 
> Un MTBF DE 2.5 millions d'heures équivaut à 285 ans. Soit j'ai fait un
> erreur de logique pour calculer soit cette valeur est erronée. Ça me
> semble ni réalisable ni raisonnable au vu de la vitesse d'évolution
> technologique

Pour bosser dans l'électronique, ça se calcule en fonction des
différents composants? On connaît la durée de vie d'un composant soumis
à un stress, donc on sait déterminer la durée de vie moyenne d'un
circuit. Pour la mécanique, c'est exactement pareil.

JB



signature.asc
Description: OpenPGP digital signature

Re: [HS] sauvegarde sur Disque Mécanique ou SSD