Re: Suspicious "invoice" email?

[Alain D D Williams]

On Fri, May 17, 2024 at 03:28:35PM -0400, PMA wrote:

> I received the following today from (Jerry Henley at) Ella White
> .
> 
> I suspect fraud here, so have not opened the invoice he/she attached.
> 
> Can you possibly tell me whether the message is legitimate?

I did not spend much time on it. Some, ill informed or naive people would have
just paid it, or it could have been an attempt to infect a (MS Windows) PC, or
it could have been an attempt to get bank a/c details.

Anyway: things like that I forward to the address below and they are looked at
by people in GCHQ or similar -- you can help them to combat these reprobates by
forwarding suspicious emails:

rep...@phishing.gov.uk

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Dovecot correct ownership for logs

[Alain D D Williams]

On Tue, May 14, 2024 at 03:11:16PM +0200, Richard wrote:
>"Top posting" (writing the answer above the text that's being replied
>to) is literally industry standard behavior.

Many do top post, but many do not.

Places where it is often frowned on are technical mail lists such as this one.
This is because only quoting to the parts of the mail that you reply to and
putting you comment underneath can greatly help understanding.

Read the Netiquette Guidelines (1995):

https://www.ietf.org/rfc/rfc1855.txt

Other discussions here:

https://idallen.com/topposting.html

https://www.caliburn.nl/topposting.html

PS: check the dictionary definition of "literally".

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Test

[D]

Hi debian users

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[Alain D D Williams]

On Fri, Mar 15, 2024 at 01:42:25AM +0100, Emanuel Berg wrote:
> Mike Castle wrote:
> 
> >> It is "fixing" an issue for today's English speakers.
> >> Should we scour our systems looking for similar issues in
> >> other languages? Then in, say, 20 years time when different
> >> words will then be considered offensive, by some, do this
> >> all again?
> >
> > Yes.
> 
> Remember, there are A LOT of words and expressions we don't
> use anymore, and that's good, as they are offensive and
> disrespectful. But once they were perfectly normal. Still, one
> by one, they have disappeared from active use.

That is the big difference. Not use words *currently* deemed offensive in *new*
publications (books, newspaper articles, ...) - this is not hard to do. What we
are faced with is something very different: a call to locate and modify use in
programs that might have been written a long time ago. The effort needed to do
this is large and will doubtless cause failures in systems that have been
working well for years.

It is not just a matter of modifying Debian (+ RedHat + ...) sources but the
sources on private systems.

We seem to be told that this must be done by those who will not be doing the
work.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Postel's Law (Was Re: Inclusive terminology (instead of master/slave) for network bonding/LACP)

[Alain D D Williams]

On Sat, Feb 24, 2024 at 07:44:44PM -0500, Jeffrey Walton wrote:
> On Sat, Feb 24, 2024 at 7:37 PM Andy Smith  wrote:
> >
> > [...]
> > Turning back more to protocol design, we have spent decades walking
> > back Postel's Law as we find more and more ways that being liberal
> > in what our software accepts is untenable in the face of a hostile
> > Internet.
> 
> ++. Postel's Law is a disaster nowadays. It was fine back in the
> 1980's, but it is dangerous in the toxic environments of today.
> 
> Here's what we teach our developers: Look for any reason you can to
> reject the data. If you can't find a reason, then begrudgingly perform
> the processing or transformation.

There is a difference between not doing validation (eg a field being numeric)
and flexibility (eg a line length being 100 bytes which is more than the
specified 80 bytes). This is what Postel is talking about.

Otherwise I completely agree: validate, validate, validate - if I accept your
bad data then it becomes my problem, if I reject it then you have to fix it.
Unfortunately people will complain if you do this "everyone accepts the data",
to which I reply "please tell me exactly what it means" - which should shut
them up.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[Alain D D Williams]

On Sat, Feb 24, 2024 at 09:03:45AM -0500, The Wanderer wrote:

> > It was a BLM thing, not sure if it matters the etymology of such
> > words.
> 
> The etymology certainly *should* matter, insofar as that is the origin
> of the *meaning* of the word(s).

+1

However that is not the way that the world works, or prolly more accurately how
some people think. They see a word/phrase that they have decided that they
"own" or somehow relates to them and so view it entirely from their
perspective; they make no attempt to understand how the speaker/writer viewed
the word/phrase as they *know* what the only meaning can be - everything else
is a wrong interpretation. There is little point in trying to argue against
someone who has decided to think this way, arguing will just confirm, to them,
that you are racist/xxxist and are against them.

I sometimes think that something similar to Postel's Law but applied to human
interactions would be useful. However that is wishful thinking

https://devopedia.org/postel-s-law

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[Alain D D Williams]

On Fri, Feb 23, 2024 at 10:33:08AM +0100, Mariusz Gronczewski wrote:
> On 22.02.2024 11:19, Ralph Aichinger wrote:
> > Hello!
> > 
> > I know this is a loaded topic. I really don't want to discuss the
> > political aspects of the "why", but just want to know the facts, i.e.
> > how far this has been progressed in Debian.
> 
> There is no good reason *why*. It's entirely US political feel-good activism
> that doesn't change anything but wastes people's time. Do you actually think
> pressing on brake pedal oppresses anybody ? Because it also has master and 
> slave
> cylinder.
> 
> All it does is wastes tens of thousands of people's time once the have to fix
> every script, tool and doc piece related to  it, for absolutely no benefit
> aside from making some twitter activist happy "they did something".
> It would *literally* break every single script that checks the status
> of bonding config in system, as it is all just plain text.

+1

It is "fixing" an issue for today's English speakers. Should we scour our
systems looking for similar issues in other languages ? Then in, say, 20 years
time when different words will then be considered offensive, by some, do this
all again ?

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Thunderbird inbox malfunction

[D. R. Evans]

Paul D Schmitt wrote on 2/14/24 10:49:

After an upgrade of Debian 11 yesterday, Thunderbird 115.7.0 now has an
inbox issue where the listings move making it difficult to save or
delete them!  I had this exact issue with Debian based Antix 22 after a
recent upgrade.  That problem was resolved by a subsequent upgrade from
Thunderbird.



I haven't seen any response to this, so I just thought I'd confirm to you for 
your peace of mind that there is indeed a problem (or several problems) of 
some sort, and it's not just you who is experiencing it/them.


Following the last update of TB here, it's been awful to try to work with the 
view of messages. I don't know how they could have released it in such a 
horrible state, but am assuming that the next update will fix the problem(s).


  Doc

--
Web:  http://enginehousebooks.com/drevans

Thunderbird inbox malfunction

[Paul D Schmitt]

After an upgrade of Debian 11 yesterday, Thunderbird 115.7.0 now has an 
inbox issue where the listings move making it difficult to save or 
delete them!  I had this exact issue with Debian based Antix 22 after a 
recent upgrade.  That problem was resolved by a subsequent upgrade from 
Thunderbird.

Re: hexchat being discontinued?

[Alain D D Williams]

On Sun, Feb 11, 2024 at 07:42:24PM +, Richmond wrote:

> You could try Pidgin. It's in the Debian repo. It has various protocols
> of which irc is just one. It's a bit confusing because you have to go to
> the 'buddy' menu to join an irc channel.

Yes: Pidgin UI is dreadful. Lots that is non intuitive.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: running a snap package on bookworm?

[D. R. Evans]

Greg Wooledge wrote on 1/24/24 12:24:

On Wed, Jan 24, 2024 at 12:16:21PM -0700, D. R. Evans wrote:

4. But now how do I actually run the program? I tried just running:
   $ acrordrdc


Have you looked at the man page for snap?  It's very long, so I took
a guess and looked for "run".


Thank you; right at the beginning of the man page it says:

 > The snap command lets you install, configure, refresh and remove snaps

so I didn't think it would be relevant to running a package that was already 
installed.




run
Run the given snap command



I read that and think: "but I don't want to run a snap command; I want to run 
an installed snap package".



The run command executes the given snap command with the right confinement
and environment.

Usage: snap [OPTIONS] run [run-OPTIONS] . 
[...]



When I try the run command:

$ snap run acrordrdc
unknown command: run
$

I was amazed that I simply couldn't find anything about actually running 
installed packages (plenty of sites tell me how to install a package, but none 
that I looked at then told me how to run the package once it's installed). It 
can't be hard, but obviously I'm misunderstanding something fundamental about 
snap.


   Doc

--
Web:  http://enginehousebooks.com/drevans

running a snap package on bookworm?

[D. R. Evans]

1. I've never used a snap package before.

2. I want to run the acrordrdc program, which is available as a snap package.

3. Following instructions found following a search for help with snap, I ran:
  sudo apt install snapd
  sudo snap install core
  sudo snap install acrordrdc
There were no obvious errors.

4. But now how do I actually run the program? I tried just running:
  $ acrordrdc
but that produced:
  /user.slice/user-1000.slice/session-14.scope is not a snap cgroup
which I suppose is useful to someone, but tells me nothing other than that 
there seems to be some sort of snap-related problem somewhere.


5. As far as I can see, no new entry was added to the start menu, so it would 
seem that I'm supposed to run the program -- which I assume has the same name 
as the package; i.e., "acrordrdc" -- from the command line; but how?


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Resizing LVM partitions

[Alain D D Williams]

On Mon, Jan 22, 2024 at 10:29:55AM -0500, Stefan Monnier wrote:
> > lvextend --size +1G --resizefs /dev/mapper/localhost-home
> >
> > Ie get lvextend to do the maths & work it out for me.
> >
> > Those who are cleverer than me might be able to tell you how to get it right
> > first time!
> 
> lvreduce --size -50G --resizefs /dev/mapper/localhost-home

Oh, even better. It is a long time since I looked at than man page.

Does this still need to be done with the file system unmounted or can it be
done with an active file system these days ?

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Resizing LVM partitions

[Alain D D Williams]

On Mon, Jan 22, 2024 at 03:32:30PM +0100, sko...@uns.ac.rs wrote:
> I am getting the following message at any boot:
> 
> "The volume "Filesystem root" has only 221.1 MB disk space remaining."
> 
>  df -h says:
> 
> Filesystem  Size  Used Avail Use% Mounted on
> udev1.5G 0  1.5G   0% /dev
> tmpfs   297M  9.0M  288M   4% /run
> /dev/mapper/localhost-root  5.2G  4.7G  211M  96% /
> /dev/mapper/localhost-usr14G   12G  948M  93% /usr
> tmpfs   1.5G 0  1.5G   0% /dev/shm
> tmpfs   5.0M  4.0K  5.0M   1% /run/lock
> tmpfs   1.5G 0  1.5G   0% /sys/fs/cgroup
> /dev/sda1   228M  133M   84M  62% /boot
> /dev/mapper/localhost-tmp   2.3G   57K  2.2G   1% /tmp
> /dev/mapper/localhost-var   2.7G  2.5G   55M  98% /var
> /dev/mapper/localhost-home  257G   73G  172G  30% /home
> tmpfs   297M   40K  297M   1% /run/user/1000
> 
> As my system has encrypted LVM, I suppose that I shall reduce some space
> used for /home, and then use it to extend /, /usr, and /var logical
> partitions. I think I did (or tried to do) something similar several years
> ago, but forgot the proper procedure. Any link for a good tutorial is
> welcomed. Thanks.

The shrinking of /home is the hard part. You MUST first unmount /home, then
resize the file system, then resize the logical volume.

umount /home

Find out how big it is:
resize2fs /dev/mapper/localhost-home

Change the filesystem size:
resize2fs /dev/mapper/localhost-home NEW-SIZE

Change the partition size:
lvextend --size 200G /dev/mapper/localhost-home

The hard bit is working out what NEW-SIZE should be and having it such
that you use all of the partition but without making the file system size
greater than the partition size - ie getting the last few megabytes right.

What I do is make NEW-SIZE 2GB smaller than I want (assuming that it still 
fits),
the size I give to lvextend 1GB smaller - so it all works, but there is wasted
space & it is not quite big enough. I then do:

lvextend --size +1G --resizefs /dev/mapper/localhost-home

Ie get lvextend to do the maths & work it out for me.

Those who are cleverer than me might be able to tell you how to get it right
first time!

mount /home

Extending the others is easy and can be done when the system is running &
active, something like:

lvextend --size +1G --resizefs /dev/mapper/localhost-var

Finally: ensure that you have a good backup of /home before you start.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Help: network abuse

[Alain D D Williams]

On Thu, Dec 21, 2023 at 11:39:40AM -0500, Pocket wrote:
> 
> On 12/21/23 10:50, Alain D D Williams wrote:
> > It is NOT a firewall issue.
> 
> 
> If I am correct you don't want any thing from the outside to hit your web
> server?

The words "web server" is ambiguous. It can mean my machine, ie can me the
Apache process. The packets are hitting the machine (evidence tcpdump) but not
the process (as the TCP startup does not complete).

> If so your firewall is not configured correctly.

You have failed to understand what is happening.

I shall stop after this.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Help: network abuse

[Alain D D Williams]

On Thu, Dec 21, 2023 at 10:31:06AM -0500, Pocket wrote:

> All you should be seeing is scans which you can not prevent.

I am looking at incoming packets with tcpdump. This sees packets *before* they
are filtered by iptables.

> What are you using for a firewall?

Something hand rolled. Reasonably complicated (over 300 rules) as it deals
with: internet, VPN, DMZ, internal network for virtual machines.

It is NOT a firewall issue.

> It is my belief that your firewall is NOT setup correctly and that is why
> you are seeing the traffic.

My firewall *cannot* deal with packets before they hit my machine. They only
hit my machine after they have arrived over broadband.

The only thing that I might be able to do is to somehow prevent discovery that 
my
machine is listening on port 80 -- that would mean somehow distinguishing
between a genuine visitor and one that is mapping the Internet to later pass
that map somewhere else which generates the unwanted traffic that I see.

> Amazon AWS system. should not be able to hit your http server, unless you
> want it to.

How do I distinguish between wanted & unwanted connections. The only thing that
I can think of is to DROP incoming packets if the source port is 80 or 443 -
which would disrupt the mapping process.

However: if the mapping process uses normal TCP (ie high/random port number)
this would do little.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Help: network abuse

[Alain D D Williams]

On Thu, Dec 21, 2023 at 10:11:08AM -0500, Pocket wrote:

> Use a firewall and set it up correctly.

That I have done.

The issue is broadband usage - ie before it hits the firewall.

> Assuming a residential environment.
> 
> Firewall the router and server(s) as well as all the client machines.
> 
> I have nginx, dovecot and exim4 and other daemons running on my network
> servers.
> 
> Most, (includes many of the ones here) don't have a firewall properly
> configured. Nor do they understand how to properly configure a firewall.
> 
> You will still get scanned but there is little you can do about that.
> 
> -- 
> 
> Hindi madali ang maging ako
> 

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Help: network abuse

[Alain D D Williams]

On Thu, Dec 21, 2023 at 01:39:53PM +, Andy Smith wrote:

> Okay well 30KiB/s is only about 78GiB/month which isn't really a
> lot. I think we're both in UK and it's been hard to find a domestic
> Internet connection that you'd run a web server on that can't cope
> with 78G/mo. So ignoring it seems okay.

I have been with my ISP for 14 years (moved to get IPv6), for various reasons I
cannot change to a tariff that will give me anything like that (their support
has also fallen through the floor) - I need to change (& the landline) and then
I prolly would not care. Andrews & Arnold and Zen seem recommended.

> You say these never complete a TCP handshake even though you do run
> Apache on port 80? If so, it does make me wonder what they are
> trying to do.

They might be trying to hijack an existing TCP connection or, even simpler,
cause my machine problems by having many, many 1/2 set up TCP connections
(which uses memory until they expire).

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Help: network abuse

[Alain D D Williams]

On Thu, Dec 21, 2023 at 07:50:42AM -0500, Greg Wooledge wrote:

> If your home Internet service has an "allowance", you probably shouldn't
> run a web server on it.

Yes: I do run a web server at home, but there is only a little/personal stuff,
it does not receive much real traffic, I do not want it to. Most of my web
presence is hosted elsewhere.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Help: network abuse

[Alain D D Williams]

My home PC is receiving, for hours at a time, 12-30 kB/s input traffic. This is
unsolicited. I do not know what it is trying to achieve but suspect no good. It
is also eating my broadband allowance.

This does not show up in the Apache log files - the TCP connection does not 
succeed.

Sometimes my machine does send a packet in reply, there are 2 examples at the
foot of this email.

Questions:

• What is going on ?

• What can I do about it ?
  I do manually add some of the IPs to the f2b chain which will stop replies
  but that is about it.

My ISP refuses to do anything about it - I admit that I cannot see what they
could do, maybe filter packets with a source port of 80 or 443.

I also get attempts to break into ssh (port 22) - I am not worried about that.

I append a few lines of output of "tcpdump -n -i enp3s0" done today.
192.168.108.2 is the address of my desktop PC.

The connecting IPs below all belong to Amazon but this changes with time, China
is another common source of similar packets.

11:08:56.354303 IP 34.217.144.104.80 > 192.168.108.2.80: Flags [S], seq 
19070976, win 51894, options [mss 1401,sackOK,TS val 1182532729 ecr 
0,nop,wscale 7], length 0
11:08:56.354700 IP 34.217.144.104.80 > 192.168.108.2.80: Flags [S], seq 
3665362944, win 51894, options [mss 1402,sackOK,TS val 4179952761 ecr 
0,nop,wscale 7], length 0
11:08:56.360527 IP 52.195.179.12.80 > 192.168.108.2.80: Flags [S], seq 
479395840, win 51894, options [mss 1412,sackOK,TS val 3391683448 ecr 
0,nop,wscale 7], length 0
11:08:56.360696 IP 52.195.179.12.80 > 192.168.108.2.80: Flags [S], seq 
1622147072, win 51894, options [mss 1410,sackOK,TS val 2887711608 ecr 
0,nop,wscale 7], length 0
11:08:56.360950 IP 54.184.78.87.80 > 192.168.108.2.80: Flags [S], seq 
3168796672, win 51894, options [mss 1404,sackOK,TS val 535364985 ecr 
0,nop,wscale 7], length 0
11:08:56.364565 IP 52.195.179.12.80 > 192.168.108.2.80: Flags [S], seq 
132317184, win 51894, options [mss 1407,sackOK,TS val 2350122105 ecr 
0,nop,wscale 7], length 0
11:08:56.364708 IP 34.217.144.104.80 > 192.168.108.2.80: Flags [S], seq 
1098776576, win 51894, options [mss 1405,sackOK,TS val 3426157689 ecr 
0,nop,wscale 7], length 0
11:08:56.367975 IP 13.231.232.88.80 > 192.168.108.2.80: Flags [S], seq 
3272540160, win 51894, options [mss 1413,sackOK,TS val 979961209 ecr 
0,nop,wscale 7], length 0

2 days ago a similar capture. Note that the source port is 443 not 80:

09:47:31.416452 IP 5.45.73.147.443 > 192.168.108.2.80: Flags [S], seq 
2724200448, win 51894, options [mss 1401,sackOK,TS val 862439534 ecr 
0,nop,wscale 7], length 0
09:47:31.417861 IP 27.124.10.200.443 > 192.168.108.2.80: Flags [S], seq 
925237248, win 51894, options [mss 1407,sackOK,TS val 756418658 ecr 
0,nop,wscale 7], length 0
09:47:31.440892 IP 27.124.10.197.443 > 192.168.108.2.80: Flags [S], seq 
3474063360, win 51894, options [mss 1404,sackOK,TS val 3970828642 ecr 
0,nop,wscale 7], length 0
09:47:31.449393 IP 27.124.10.200.443 > 192.168.108.2.80: Flags [S], seq 
2844721152, win 51894, options [mss 1407,sackOK,TS val 1831471202 ecr 
0,nop,wscale 7], length 0
09:47:31.451430 IP 154.39.104.67.443 > 192.168.108.2.80: Flags [S], seq 
2336358400, win 51894, options [mss 1415,sackOK,TS val 395513698 ecr 
0,nop,wscale 7], length 0
09:47:31.451610 IP 27.124.10.225.443 > 192.168.108.2.80: Flags [S], seq 
808976384, win 51894, options [mss 1414,sackOK,TS val 1960250978 ecr 
0,nop,wscale 7], length 0
09:47:31.453372 IP 143.92.60.30.443 > 192.168.108.2.80: Flags [S], seq 
3177512960, win 51894, options [mss 1408,sackOK,TS val 4033677410 ecr 
0,nop,wscale 7], length 0
09:47:31.456937 IP 27.124.10.225.443 > 192.168.108.2.80: Flags [S], seq 
1042087936, win 51894, options [mss 1415,sackOK,TS val 2011106914 ecr 
0,nop,wscale 7], length 0
09:47:31.461961 IP 27.124.10.226.443 > 192.168.108.2.80: Flags [S], seq 
3200516096, win 51894, options [mss 1403,sackOK,TS val 2314013026 ecr 
0,nop,wscale 7], length 0

Examples where my machine sends a reply:

09:47:31.658790 IP 27.124.10.225.443 > 192.168.108.2.80: Flags [S], seq 
612564992, win 51894, options [mss 1415,sackOK,TS val 2011106914 ecr 
0,nop,wscale 7], length 0
09:47:31.659442 IP 192.168.108.2.80 > 154.39.104.67.443: Flags [S.], seq 
3770299450, ack 1858732033, win 65160, options [mss 1460,sackOK,TS val 
164888251 ecr 395513698,nop,wscale 7], length 0

09:47:31.756220 IP 5.45.73.147.443 > 192.168.108.2.80: Flags [S], seq 
2992898048, win 51894, options [mss 1401,sackOK,TS val 862439534 ecr 
0,nop,wscale 7], length 0
09:47:31.756272 IP 192.168.108.2.80 > 5.45.73.147.443: Flags [.], ack 
1226309633, win 509, options [nop,nop,TS val 2085784149 ecr 994101358], length 0


-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Print flakes off mailing labels, use a fixative?

[D MacDougall]

On 12/4/23 16:52, Tom Browder wrote:


HP printer and toner, Office Depot labels.

I bought so hair spray and will try that.

-Tom


I just looked at Office Depot website and the only labels I see that are 
for both laser and inkjet are an off brand.  I see why you went for the 
off brand, they are a whole lot cheaper than the Avery labels the same 
size, but maybe this is why.  100 sheets for $13. Twice as many labels 
for 1/3 the price.  I might have tried them too.


I really don't see how hairspray or any other liquid spray could do any 
good.  If you think it will seep under the toner and glue it down that 
seems problematic to me and it might make the labels peel off. 
Cellophane tape might work better.


I think you said that you took the label to the UPS store and their 
printer had the same problem so the problem is definitely the labels and 
best just swallow hard and buy the Avery labels.  (Or just write the 
address with a ball point pen.)


-Don

Re: X: how to *really* switch from nouveau to modesetting?

[D. R. Evans]

Felix Miata wrote on 9/12/23 11:51:



You really should eliminate that xorg.conf file, and if the problem continues,
don't assume it's the kernel driver at fault. Just report a bug if so inclined.
Where would depend on behavior after removing xorg.conf. If it fixes the 
problem,
there is almost assuredly no bug anywhere at all affecting you. If with
modesetting it's gone, but with xserver-xorg-video-nouveau installed and in use 
it
remains, then it would be good to report a nouveau DDX bug, though the problem
could be DRI or Mesa. Unreported bugs can go a very long time before a fix 
occurs,
if ever. What you are now experiencing is not acceptable behavior. 13 years of 
age
is too young to accept FOSS performance degradation or need GPU upgrade.


I have removed /etc/X11/xorg.conf, and the problem remains.

So in this case, where should I report the issue?

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: X: how to *really* switch from nouveau to modesetting?

[D. R. Evans]

Felix Miata wrote on 9/11/23 19:57:

You did it. You made the switch. But see below.

(There are multiple components to GPU support in Linux.)
(There is no "the" nouveau "driver". Graphics support is in the hands of 
multiple
software components, several of which incorporate the string "nouveau" in 
naming.)



I'm glad that you understand this stuff. It certainly seems non-obvious. And 
the days of good O'Reilly books that walk one through details like this seem 
to be long gone :-(


From the rest of your post, it sounds like everything is as it should be, 
except that I should probably remove the /etc/X11/xorg.conf file. And I could 
also re-install the xserver-xorg-video-nouveau without effecting any change; 
but for now I think I'll just keep things as they are and just note these as 
possible changes to try sometime, with the expectation that they won't make 
any practical difference, but might make the system a bit cleaner to administer.


And, from what you say here:

> D. R. Evans composed on 2023-09-11 11:47 (UTC-0600):
>
>> Graphics:
>> Device-1: NVIDIA GF108 [GeForce GT 430] vendor: Gigabyte driver: nouveau
>
> Above shows your kernel DEVICE driver is nouveau. It ships specifically for 
each

> kernel with each kernel. For NVidia GPUs there is no other FOSS device driver
> option for normal use with KMS enabled, which maximum possible FOSS 
performance
> unconditionally requires. With KMS disabled, there is a crude generic 
option with

> limited resolutions available that no one ever would use purposely unless too
> naive to understand the opportunity loss. It's for fallback and 
troubleshooting
> when normal is unavailable.

it sounds like the issue must be in the nouveau kernel device driver, and 
there's nothing I can really do to change that.


So I guess I will just wait and hope that some future update removes the 
problem.

⁂

Just for the record, to provide some context for anyone finding this thread as 
a result of a search:


1. The issue is that black-on-white text has a "tail" extending some distance 
on the right of the text (I don't know how to describe it any better than that).


2. It began with a normal bullseye update. Before that, there was no problem 
at all.


3. Every update and upgrade since then has exhibited the problem.

4. The monitor is KVM-switchable to another bookworm installation, which does 
not (and never has) exhibited the problem.


  Doc

--
Web:  http://enginehousebooks.com/drevans

X: how to *really* switch from nouveau to modesetting?

[D. R. Evans]

This is a follow-on to the thread that started with:
  https://lists.debian.org/debian-user/2023/05/msg00657.html

Following the upgrade to bookworm that I recently performed, I was hoping that 
the problem described in the first post in that thread would magically go 
away. It didn't :-(


Felix suggested removing the nouveau driver and using "modesetting" as the 
driver. I have removed the nouveau driver -- or at least I thought I did -- by 
executing:

  apt-get remove xserver-xorg-video-nouveau
which moved the packages:
  xserver-xorg-video-nouveau
  xserver-xorg-video-all

Upon rebooting into bookworm, though, I still see the original problem, as 
described in the original post.


If I look to see what driver is being used:



[ZB:~] inxi -SGaz
System:
  Kernel: 6.1.0-12-amd64 arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
parameters: BOOT_IMAGE=/BOOT/debian@/vmlinuz-6.1.0-12-amd64
root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian
  Desktop: Trinity info: kicker wm: Twin vt: 7 dm: LightDM v: 1.26.0
Distro: Debian GNU/Linux 12 (bookworm)
Graphics:
  Device-1: NVIDIA GF108 [GeForce GT 430] vendor: Gigabyte driver: nouveau
v: kernel non-free: series: 390.xx+ status: legacy-active (EOL~late 2022)
arch: Fermi code: GF1xx process: 40/28nm built: 2010-16 pcie: gen: 1
speed: 2.5 GT/s lanes: 16 ports: active: HDMI-A-1 empty: DVI-I-1,VGA-1
bus-ID: 04:00.0 chip-ID: 10de:0de1 class-ID: 0300
  Display: x11 server: X.Org v: 1.21.1.7 with: Xwayland v: 22.1.9 driver: X:
loaded: modesetting dri: nouveau gpu: nouveau display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x317mm (20.00x12.48")
s-diag: 599mm (23.57")
  Monitor-1: HDMI-A-1 mapped: HDMI-1 model: VGA TO HDMI built: 2013
res: 1920x1080 hz: 60 dpi: 96 gamma: 1.2 size: 509x286mm (20.04x11.26")
diag: 584mm (23") ratio: 16:9 modes: max: 1920x1080 min: 640x480
  API: OpenGL v: 4.3 Mesa 22.3.6 renderer: NVC1 direct-render: Yes
[ZB:~]



So the nouveau driver still seems to be available and in use, despite being 
removed.


My xorg.conf file currently looks like this:



[ZB:~] cat /etc/X11/xorg.conf
Section "ServerLayout"
Identifier "X.org Configured"
Screen  0  "Screen0" 0 0
Screen  1  "Screen1" RightOf "Screen0"
InputDevice"Mouse0" "CorePointer"
InputDevice"Keyboard0" "CoreKeyboard"
EndSection

Section "Files"
ModulePath   "/usr/lib/xorg/modules"
FontPath "/usr/share/fonts/X11/misc"
FontPath "/usr/share/fonts/X11/cyrillic"
FontPath "/usr/share/fonts/X11/100dpi/:unscaled"
FontPath "/usr/share/fonts/X11/75dpi/:unscaled"
FontPath "/usr/share/fonts/X11/Type1"
FontPath "/usr/share/fonts/X11/100dpi"
FontPath "/usr/share/fonts/X11/75dpi"
FontPath "built-ins"
EndSection

Section "Module"
Load  "glx" 


EndSection

Section "InputDevice"
Identifier  "Keyboard0"
Driver  "kbd"
EndSection

Section "InputDevice"
Identifier  "Mouse0"
Driver  "mouse"
Option  "Protocol" "auto"
Option  "Device" "/dev/input/mice"
Option  "ZAxisMapping" "4 5 6 7"
EndSection

Section "Monitor"
Identifier   "Monitor0"
VendorName   "Monitor Vendor"
ModelName"Monitor Model"
EndSection

Section "Monitor"
Identifier   "Monitor1"
VendorName   "Monitor Vendor"
ModelName"Monitor Model"
EndSection




 [54/136]
Section "Device"
### Available Driver options are:-
### Values: : integer, : float, : "True"/"False",
### : "String", : " Hz/kHz/MHz",
### : "%"
### [arg]: arg optional
#Option "SWcursor"  # []
#Option "HWcursor"  # []
#Option "NoAccel"   # []
#Option "ShadowFB"  # []
#Option "VideoKey"  # 
#Option "WrappedFB" # []
#Option "GLXVBlank" # []
#Option "ZaphodHeads"   # 
#Option "PageFlip"  # []
#Option "SwapLimit" # 
#Option "AsyncUTSDFS"   # []
#Option "AccelMethod"   # 
#Option "DRI"   # 
Identifier  "Card0"
#   Driver  "nouveau"
Driver  "modesetting"
BusID   "PCI:4:0:0"
EndSection

Section "Device"
### Available Driver options are:-
### Values: : integer, : float, : "True"/"False",
### : "String", : " Hz/kHz/MHz",
### : "%"
### [arg]: arg optional
#Option "SWcursor"  # []
#Option "kmsdev"# 
#Option "ShadowFB"  # []
#Option "AccelMethod"   # 
  

Re: bookworm and network connections

[D. R. Evans]

Brian wrote on 9/2/23 04:51:


Installation over ethernet, no DE - ifupdown provided.
Installation over ethernet or wireless with a DE - network-manager provided.


Yep, that one's exactly what I experienced.

Although the machine is used more like a server than a desktop, it has DE 
(KDE) to make it easier on the occasions I do need to do some work on the machine.



Installation over wireless without a DE - nothing provided, that is, no 
networking.



  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: WORKAROUND (longish): was bookworm and network connections

[D. R. Evans]

Brian wrote on 9/2/23 13:01:


Send a mail to

   cont...@bugs.debian.org

Ib the mail body put

   ressign 1051086 installation-report
   thanks


Sorry. That's "reassign".



Done. Thank you.

I pondered where to assign in, and couldn't see anywhere that the report 
really fit. (I interpreted "installation" to mean "initial installation", not 
"upgrade", so didn't realise that that was the right place.)


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: bookworm and network connections

[D. R. Evans]

Michael Kjörling wrote on 9/2/23 03:23:



You might want to poke around a little among the files in
/etc/NetworkManager, particularly /e/NM/system-connections. That's
what NetworkManager _should_ be using to set up the interfaces. See if
there's something there to explain the two seemingly being intertwined.

You might already have done this, of course, and if so, I apologize
for pointing out something you've already tried.



I hadn't before but I went and looked carefully this morning. Since I am 
running ZFS, I can go back and look at those files before the upgrade and see 
what, if anything has changed.


The only change was that there is now an "ntpsec" file in /e/NM/dispatcher.d. 
Nothing changed anywhere else in or under /e/NM.


But see a long posting that I'm about to make about all this, with a subject 
line containing the word "WORKAROUND".


  Doc

--
Web:  http://enginehousebooks.com/drevans

WORKAROUND (longish): was bookworm and network connections

[D. R. Evans]

Starting a new thread so that this doesn't get lost in the postings in the 
original thread.


The original thread was started at:
  https://lists.debian.org/debian-user/2023/09/msg00024.html

That post contains a description of the problem.

I now have a workaround (although not an explanation) for the problem.

As I noted in the above thread, once the system was up, I could get the 
networking to function correctly by manually entering the commands:


  sudo nmcli connection down "Wired connection enp11s0(eth0)"
  sudo nmcli connection up "Wired connection enp11s0(eth0)"

However, if I put those same nmcli commands in rc.local, the problem was not 
resolved.


After floundering for a while, and being suspicious that manual commands once 
the system was up were not being treated the same as the same commands in 
rc.local, I tried putting these lines in rc.local (whose output I log, so I 
can see what's happening):



nmcli connection down "Wired connection enp11s0(eth0)"
nmcli

sleep 10

nmcli connection up "Wired connection enp11s0(eth0)"
nmcli


These showed that after the first command, everything looked as it should, but 
after the second, everything had reverted to the broken state.


But it was still true that if I entered the same commands manually after the 
system had completed booting, the networking worked.


But I'm a slow typist, and I wondered if that 10-second pause might be too 
short. So I changed it to 20 seconds.


And lo! and behold! That worked.

I tried booting numerous times with a 10-second delay, and also with a 
20-second delay. The results were consistent. With a 10-second delay, the 
network comes up in an unusable state. With a 20-second delay, it comes up in 
a working state. (Which to me suggests a race condition somewhere, but I'll 
let the developers deal with the exact cause and finding a proper fix.)


Of course, this is all just a workaround for what appears to be a problem 
during network initialisation in the boot process. But it does seem to work.


I will file a bug report.

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: bookworm and network connections

[D. R. Evans]

David Wright wrote on 9/1/23 19:40:


I don't see that the OP is doing anything complicated that requires
rc.local to run at all. They just need to distinguish between the two


Correct. I was simply trying to workaround the problem by putting commands 
into rc.local that are known to work when I type them manually.


I wish I had never mentioned rc.local. It seems to have taken over the thread, 
whereas it's not the problem that I'm trying to fix at all :-(


Regarding the whole "Network Manager versus old-style" thing, I would gladly 
have done it all old style, except that when I first installed debian on the 
system, it went the Network Manager route. And because that all worked until 
today's upgrade (which was, I think, the third upgrade upgrade of debian 
stable on the machine; so it worked correctly for a lustrum or so), I didn't 
pay much attention to it apart from being mildly annoyed that it looked a lot 
more complicated than old-style network management.


The real problem remains, per the original post, that Network Manager isn't 
configuring the interfaces properly and seems to be sort-of setting one 
interface to be the same as the other, with the result that neither of them 
work. I'm going to try switching to old-style when I feel confident that I 
have enough high-quality time to make the switch, and I expect that to work.


It would be nice to really fix the Network Manager misconfiguration; but it 
seems that the expertise here is all with old-style. Which is fine. I'm happy 
to go back to old-style.


I probably need to file some sort of bug report against the upgrade, but I'd 
like to get a better feel for how the misconfiguration is happening before I 
do that.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: bookworm and network connections

[D. R. Evans]

Michel Verdier wrote on 9/1/23 15:06:



If you want old names put in /etc/default/grub

GRUB_CMDLINE_LINUX="net.ifnames=0"



Nice to know, but I'll stay with the new names, I think.


network manager is good for changing networks. For a server the network
must not change normally. So you could put configuration in
/etc/network/interfaces.d/ with something like :

auto enp11s0
iface enp11s0 inet static
mtu 1500
metric 101
address 209.97.232.18/24
netmask 255.255.255.0
gateway 209.97.232.1

auto enp12s0
iface enp12s0 inet static
mtu 1500
metric 100
address 192.168.0.1/24
netmask 255.255.0.0



When I'm feeling less tired and prone to making a mistake, I'll do this.

The old method seems so much simpler, so I'd be happy to go back to it. It 
seems that enough people are using it that it doesn't seem likely that it'll 
go away anytime soon.


When I installed debian on this computer -- quite a few years ago -- I'm 
pretty sure it just went off and installed all the Network Manager stuff 
without asking. And, to be honest, it's worked fine for the last several 
years. I can't imagine why its so messed up now. I (obviously) didn't change 
anything related to Network Manager myself; the upgrade is entirely 
responsible for its now-non-functioning state.



I you want IPv6 add :

iface enp11s0 inet6 auto
iface enp12s0 inet6 auto



I would love IPv6, but my ISP doesn't support it, and has no plans to do so, 
so for now I'm stuck in IPv4 land.



Once it works you can then remove network manager



That sounds like something to celebrate. I'll try to get time to work on all 
this over the weekend, and let everyone know how it turns out.


Thanks to everyone for their suggestions.

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: bookworm and network connections

[D. R. Evans]

Andy Smith wrote on 9/1/23 16:32:


Your situation appears to have been triggered by the renaming of
your network interfaces (which was warned about in the release


These weird names like "Wired connection enp11s0(eth0)" were names that the 
debian installer came up with several OS versions ago (stretch, perhaps?).


Anyway, they haven't changed since bullseye, when everything worked (i.e., 
early this morning, before I ran the upgrade :-( ).




Both of these are worth reading:

 https://wiki.debian.org/NetworkConfiguration
 https://wiki.debian.org/NetworkInterfaceNames


I'll take a look at those.

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: bookworm and network connections

[D. R. Evans]

Greg Wooledge wrote on 9/1/23 15:38:


In particular, when using /etc/network/interfaces, only interfaces that
are marked as "auto" need to be up, to satisfy this criterion.  An


I don't think that debian has used used /etc/network/interfaces for a while, 
at least not by default. Certainly there's nothing useful there on the machine 
that I just upgraded and whose networking is failing to configure itself 
correctly.


Network Manager -- I think -- uses some completely different mechanism for 
managing networking (although I have no idea what that mechanism is.)


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: bookworm and network connections

[D. R. Evans]

Thank you for your thoughts...

As people are addressing the rc.local issue (I now realise that I shouldn't 
have mentioned it :-) )... I just checked, and:


1. rc.local is being executed;
2. it is executing the nmcli commands;
3. the commands are successful.

But it remains true that when the boot is fully complete, the networking is 
still hosed in the way that I described. So, apparently, putting commands in 
rc.local doesn't provide the workaround that I expected. I think that we 
should concentrate on the underlying networking issue so that it comes up 
properly rather than being derailed by trying to fix the networking after the 
fact.


[[ I speculate wildly that systemd or something doesn't complete configuring 
the network until after rc.local has finished processing (I know that rc.local 
executes late in the boot process, but I don't think that that means that 
everything else has *finished* executing when rc.local runs). I may easily be 
wrong, but really I don't think I care. ]]


I just want to get the networking to come up properly :-)

I don't understand modern systemd-controlled networking initiation well enough 
to know where to look for something that the upgrade might have clobbered, nor 
how I might go about fixing it.


  Doc

--
Web:  http://enginehousebooks.com/drevans

bookworm and network connections

[D. R. Evans]

I just upgraded my main server to bookworm, having successfully, over the 
course of the past couple of months, methodically upgraded my other machines 
with only minor issues.


Unfortunately, the upgrade of the server, the most important of my machines, 
has not been smooth at all, even though no important errors appeared during 
the upgrade process.


So right now the thing I want to fix is networking (which of course worked 
fine in the last few releases of debian, until now).


The machine has two ethernet ports, which used to be eth0 and eth1 in the old 
days, but are now magically called "Wired connection enp11s0(eth0)" and "Wired 
connection enp12s0(eth1)".


When I booted the machine after the upgrade, no networking was working at all, 
on either interface, even though:




zserver# nmcli networking connectivity
full
zserver#



which was definitely a lie, as nothing was successfully going in or out of the 
machine.


Looking in more detail:



[Z:~] nmcli
enp12s0: connected to Wired connection enp11s0(eth0)
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:03, hw, mtu 1500
ip4 default
inet4 209.97.232.18/24
route4 209.97.232.0/24 metric 100
route4 default via 209.97.232.1 metric 100
inet6 fe80::e0c1:20a:c535:873c/64
route6 fe80::/64 metric 1024

lo: connected (externally) to lo
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
inet4 127.0.0.1/8
inet6 ::1/128

enp11s0: disconnected
"Intel I210"
1 connection available
ethernet (igb), D8:50:E6:C2:76:02, hw, mtu 1500

enp13s0: unavailable
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:04, hw, mtu 1500

enp14s0: unavailable
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:05, hw, mtu 1500

DNS configuration:
servers: 127.0.0.1 209.97.224.2 209.97.224.3
interface: enp12s0



Somehow, it had got into a state where enp12s0 was connected to enp11s0 
(whatever that means), with the result that nothing worked.


So, after a bit of messing around with an increasing sense of desperation, I 
discovered that:




[Z:~] sudo nmcli connection down "Wired connection enp11s0(eth0)"
Connection 'Wired connection enp11s0(eth0)' successfully deactivated (D-Bus 
active path: /org/freedesktop/NetworkManager/ActiveConnection/2)


[Z:~] sudo nmcli connection up "Wired connection enp11s0(eth0)"
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/4)




resulted in:



[Z:~] nmcli
enp11s0: connected to Wired connection enp11s0(eth0)
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:02, hw, mtu 1500
ip4 default
inet4 209.97.232.18/24
route4 209.97.232.0/24 metric 101
route4 default via 209.97.232.1 metric 101
inet6 fe80::1ae1:dfcf:be36:f72f/64
route6 fe80::/64 metric 1024

enp12s0: connected to Wired connection enp12s0(eth1)
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:03, hw, mtu 1500
inet4 192.168.0.1/24
route4 192.168.0.0/24 metric 100
inet6 fe80::d30e:86f6:ca86:8986/64
route6 fe80::/64 metric 1024

lo: connected (externally) to lo
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
inet4 127.0.0.1/8
inet6 ::1/128

enp13s0: unavailable
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:04, hw, mtu 1500

enp14s0: unavailable
"Intel I210"
ethernet (igb), D8:50:E6:C2:76:05, hw, mtu 1500

DNS configuration:
servers: 127.0.0.1 209.97.224.2 209.97.224.3
interface: enp11s0



and indeed, everything was now working. Which was good, because I was running 
out of ideas, and had no way to reach the Internet to look for more help.


Well, great, sort-of, except that every time I reboot I have to manually issue 
the two above nmcli commands to take down and bring back up enp11s.


I tried putting them in my rc.local file, but that had no effect (for reasons 
that I don't understand; I was sure that that would paper over the problem).


So how do I fix this so that the networking is configured to work correctly 
during the boot sequence, as it has always done before?


(I suppose it has to be said explicitly: I did not change any configuration 
files ... indeed, these days I don't even know where the files are that 
control the network devices.)


All the other machines that I have upgraded to bookworm have only a single 
ethernet port, which may be why I have not seen this issue after any other 
upgrade.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Trojan

[Alain D D Williams]

On Sun, Aug 27, 2023 at 10:23:06AM +0100, Brad Rogers wrote:
> On Sun, 27 Aug 2023 09:36:02 +0100
> Alain D D Williams  wrote:
> 
> Hello Alain,
> 
> >They will look at it and do something - or so they claim,
> 
> Most likely that 'something' will be to compile statistics about
> phishing attacks.  Maybe produce a leaflet, or update the advice given
> on a web page somewhere.

Sorry if I came across as overly cynical.

It would be nice if they also went after the perps/crims behind phishing 
emails‡‡
- which I think they have done a bit of, but could do much more to protect the
gullible.

Still: it is worth reporting to them, which I do several times/week.

‡‡ and similar 'phone calls.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Trojan

[Alain D D Williams]

On Sun, Aug 27, 2023 at 10:31:55AM +0200, to...@tuxteam.de wrote:

> If you feel like you'd like to learn a bit, study the mail
> headers. Ponder about which ones the sender could have faked
> and which ones not. Things like that.

If you live in the UK you can forward it to here: rep...@phishing.gov.uk

They will look at it and do something - or so they claim, this is part of 
government!

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Using the bash shell: determine if the root user used 'sudo -i'

[Alain D D Williams]

On Sat, Aug 26, 2023 at 09:25:10AM -0500, Tom Browder wrote:
> In a previous thread it was shown how to detect a SUDO_USER in a bash shell.
> 
> Is there a way to distinguish whether 'sudo -i' was used or not?

I have not tested this but if bash was interactive you will find a
.bash_history file in their $HOME.

That assumes that they have not logged in - ie only ever sudo.

> Thanks.
> 
> -Tom

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

bash $MAIL bug in Bookworm

[Alain D D Williams]

I have recently upgraded to Bookworm.

I have set:

MAIL=/var/spool/mail/addw
MAILCHECK=60

I find that when doing filename expansion, by pressing TAB, that the 'You have
mail' message appears when it should not. In the example below I pressed TAB
after the letter 'T' (which gave me expansion 'TODO'). I am running bash.

$ me TYou have mail in /var/spool/mail/addw
ODO

Should I report this elsewhere ?

Regards

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Transport endpoint is not connected

[D. R. Evans]

Greg Wooledge wrote on 7/5/23 08:59:


I'm still waiting for setup details to be provided.  Is "sh" the user's


I was merely trying to inform the OP that he wasn't alone in seeing this 
"Transport endpoint is not connected" message coming from bookworm when prior 
versions of debian stable were silent when performing the same activity.


I wasn't actually seeking help -- if I had've been, I would have made some 
attempt to get to the bottom of the problem first, and then provided complete 
details here if I were unable to fix it myself. None of that seemed worthwhile 
just for a message that doesn't seem to be indicating a real problem.


So you were going beyond my expectations when you attempted to help, and I'm 
sorry for the miscommunication.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Transport endpoint is not connected

[D. R. Evans]

to...@tuxteam.de wrote on 7/4/23 22:23:



FWIW, since upgrading to bookworm, I see:
   sh: 0: getcwd() failed: Transport endpoint is not connected
when I ssh into the upgraded box.


This seems to be coming from getcwd() (aka get current working
directory, see man page). Asking the intertubes, it seems to
happen often when it or its ancestors are mounted over FUSE.



This is a plain ol' ssh login, so I don't think that FUSE is involved.


I have no idea why. (And, just to be clear, this has never happened before,
through many releases of debian stable.)

I'm assuming, for now, that:
  1. I can use the box as usual despite the message;
  2. the problem will be fixed at some point soon.

I haven't seen any other obvious problems if I proceed to use the ssh
session as normal.


Are you able to access all the directories you expect to? How
is, e.g. the user's $HOME mounted? Its parent?


Yep... can't see any unusual behaviour at all. So far, anyway.

If I get some time, I'll try to figure out exactly where and why it's 
happening; but at this point, since it never happened before in 15 years of 
sshing into the box and there seems to be no obvious consequences other than 
the appearance of the message at login, I'm assuming there's nothing really 
wrong and it's some bug -- probably a race condition, perhaps involving 
systemd, since that seems to have a history of them -- introduced in bookworm 
that will get fixed fairly quickly.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Transport endpoint is not connected

[D. R. Evans]

hlyg wrote on 6/28/23 21:32:


notification message: Transport endpoint is not connected



FWIW, since upgrading to bookworm, I see:
  sh: 0: getcwd() failed: Transport endpoint is not connected
when I ssh into the upgraded box.

I have no idea why. (And, just to be clear, this has never happened before, 
through many releases of debian stable.)


I'm assuming, for now, that:
 1. I can use the box as usual despite the message;
 2. the problem will be fixed at some point soon.

I haven't seen any other obvious problems if I proceed to use the ssh session 
as normal.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: How do I remotely access the computer in the next room?

[Alain D D Williams]

On Sun, Jul 02, 2023 at 06:49:07PM -0400, hobie of RMN wrote:
> Hi, All -
> 
> I need the best way currently available to operate my brother's computer
> in the next room through my computer.  I think we're both running Debian
> 11, the stable version for me, the testing version for him.  I've tried
> ssh -X.  It does work but only for a short time, then the connection
> crumbles - his computer has often locked up on him and we have no idea
> why, so the 'short time' aspect of the -X approach may relate to that.
> 
> The point is, he's been away from home for awhile now and we're not sure
> when he'll return. Chiefly I'm looking for the most convenient way to keep
> an eye on his incoming e-mail for him.  Mostly I use Mutt; he uses
> claws-mail exclusively, so I'll need to remotely launch claws-mail and
> have it retrieve latest e-mails.

Claws-mail stores mail in the MH mailbox format. Mutt can handle MH mailboxes.
Why not use mutt via ssh on his machine, for most messages you do not need to
use X (ie graphics), this might mean that the connection is more robust.

You would only use graphics for displaying some attachments, eg images.

> Thanks in advance for any help on this.
> 
> --hobie
> 

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Qemu Numeric Lock problem

[Alain D D Williams]

On Wed, Jun 21, 2023 at 05:42:30PM +0100, Alain Williams wrote:
> I have an issue with virtual machines under qemu.

Caps Lock is also affected the same way.

> Sequence as follows:
> 
> I press Numeric Lock (or Num Lock) so that the keyboard indicator lights up.
> 
> I then switch to the workspace that contains a running virtual machine. The
> virtualised OS does not seem to be important, this happens with Debian and
> Rocky Linux.
> 
> When I press keys on the numeric keypad I do not get numbers. What gets sent
> are the sequences that do Home, Page Up, ...
> 
> I press Num Lock so that the keyboard indicator goes out.
> 
> I press keys on the numeric keypad and get numbers.
> 
> So: it seems that the state of the Num Lock key is not picked up by qemu.
> 
> 
> Is this is qemu bug or can I tweak the configuration ?
> 
> Thanks in advance.
> 
> 
> I am running Debian 10 - Buster. I use the Mate desktop.
> 
> -- 
> Alain Williams
> Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
> Lecturer.
> +44 (0) 787 668 0256  https://www.phcomp.co.uk/
> Parliament Hill Computers. Registration Information: 
> https://www.phcomp.co.uk/Contact.html
> #include 
> 

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Qemu Numeric Lock problem

[Alain D D Williams]

I have an issue with virtual machines under qemu.

Sequence as follows:

I press Numeric Lock (or Num Lock) so that the keyboard indicator lights up.

I then switch to the workspace that contains a running virtual machine. The
virtualised OS does not seem to be important, this happens with Debian and
Rocky Linux.

When I press keys on the numeric keypad I do not get numbers. What gets sent
are the sequences that do Home, Page Up, ...

I press Num Lock so that the keyboard indicator goes out.

I press keys on the numeric keypad and get numbers.

So: it seems that the state of the Num Lock key is not picked up by qemu.


Is this is qemu bug or can I tweak the configuration ?

Thanks in advance.


I am running Debian 10 - Buster. I use the Mate desktop.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: video issue following latest bullseye update

[D. R. Evans]

I'm sorry I'm so slow to respond... it's all a matter of trying to put aside 
quality uninterruptible time to work on this.


Since the problem is not so bad that I can't perform work with this computer, 
a lot of other work-related things unfortunately have to take priority.


Felix Miata wrote on 5/23/23 13:26:




I currently get:



[ZB:~] sudo inxi -GSaz
System:Kernel: 5.10.0-23-amd64 x86_64 bits: 64 compiler: gcc v: 10.2.1
 parameters: BOOT_IMAGE=/BOOT/debian@/vmlinuz-5.10.0-23-amd64
root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian
 Desktop: Trinity R14.1.1~[DEVELOPMENT] tk: Qt 3.5.0 info: kicker
wm: Twin 3.0 dm: LightDM 1.26.0


The line wrapping suggests you never succeeded to do "inxi -U". As seen below,


The officially supported version of inxi on bullseye [inxi 3.3.01-00 
(2021-02-08), according to "inxi --version"] seems to have "-U" disabled. 
Which I guess makes sense.




Are all users of ZFS supposed to include two root= parameters on their linu 
lines?


What an excellent question. I don't know for sure, but I suspect that it's 
related to the fact that I am running root-on-ZFS (i.e., the / filesystem is 
on a ZFS disk). It's been like that for many years on this machine, and I 
believe that when I first installed root-on-ZFS, the instructions told me to 
do that. FWIW, I have another root-on-ZFS system, and it also has two "root=" 
parameters.





But I am still seeing the original problem I reported.


Could it be that your PC doesn't like LightDM? Try switching to TDM. All my


TDM has never worked properly on this machine; TDM doesn't correctly figure 
out which video card to use (at least, it didn't last time I tried it), so it 
presents me with a black screen, leaving me having to ssh into the machine and 
reconfigure it to use LightDM.



Debians use it only. I also use TDM to run Plasma on Leap and Tumbleweed.

I switched from the modesetting DIX driver to the nouveau DDX driver via:

# cat /etc/X11/xorg.conf.d/15-ddxdrv.conf
#Section "OutputClass"
Section "Device"
   Identifier "DDX"
#   MatchDriver "amdgpu"
#   Driver "amdgpu"
#   MatchDriver "intel"
#   Driver "intel"
#   MatchDriver "modesetting"
#   Driver "modesetting"
#   MatchDriver "nouveau"
 Driver "nouveau"
#   MatchDriver "radeon"
#   Driver "radeon"
EndSection

I was unable to detect any kind of video corruption in the TDE 14.1.x relnotes
window, or doing what follows in TDE's Konsole:


I don't think it can be a TDE issue, as the same problem exists on this 
machine if I run the official KDE that is currently in bullseye.




I suppose your issue could involve a timing coincidence, and your problem may be
failing gfxcard RAM.


I suppose anything is possible. But since this began as soon as I applied a 
bullseye update, it seems much more likely that it's a nouveau issue that 
landed on this machine when I performed the update.




The modesetting DIX is newer technology than the reverse-engineered,
"experimental" nouveau DDX. Whatever happened when you attempted switching to 
the
DIX should not have happened. Do you have /etc/X11/xorg.conf or any content in
/etc/X11/xorg.conf.d/ directed to gfx (device, monitor, screen, driver) other 
than
the file I suggested?


Here is xorg.conf (which I believe was auto-created at some point; I have no 
notes that say that I created it):


[ZB:X11] cat xorg.conf | pastebinit
https://paste.debian.net/1281598/
[ZB:X11]

And /etc/X11/xorg.conf.d/ just contains the file you suggested (currently set 
to nouveau):




[ZB:xorg.conf.d] ls -al
total 11
drwxr-xr-x  2 root root  3 May 22 14:46 .
drwxr-xr-x 14 root root 25 Nov  9  2021 ..
-rw-r--r--  1 root root 88 May 22 14:46 50-device.conf
[ZB:xorg.conf.d] cat *
Section "Device"
  Identifier "DDX"
#   Driver "modesetting"
Driver "nouveau"
EndSection
[ZB:xorg.conf.d]



  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: video issue following latest bullseye update

[D. R. Evans]

Felix Miata wrote on 5/19/23 11:23:



How much time did you allow the login screen to show up? I've lately seen on


Somewhere between three and five minutes, I'd say. Certainly long after the 
disk light stopped flickering and the system seemed to have reached a stable 
state.




systemctl restart 


OK; so that would be:
  systemctl restart lightdm
Useful to know; thank you.




I reinstalled xserver-xorg-video-nouveau from the console, and (fortunately)
when I rebooted LDM came up as usual and I was able to log in as I normally
do. Obviously, the original issue still exists, but at least I got a graphical
display back.


If by that you mean back to 640x480 or 800x600 instead of your display's native


No; I didn't mean that. Sorry I wasn't clear. I meant that after reinstalling 
xserver-xorg-video-nouveau and rebooting, everything looked the way it did 
before I removed xserver-xorg-video-nouveau, so I was back exactly to what I 
was seeing when I first started this thread.




[1] Instead of driver removal/reinstallation, create file, or add following
content to existing file:

/etc/X11/xorg.conf.d/50-device.conf

Section "Device"
   Identifier "DDX"
Driver "modesetting"
#   Driver "nouveau"
EndSection



I have created that file, with those contents:



[ZB:~] cat /etc/X11/xorg.conf.d/50-device.conf
Section "Device"
  Identifier "DDX"
Driver "modesetting"
#   Driver "nouveau"
EndSection
[ZB:~]



Do you really mean "DDX", not "DIX"? <

I made the edit according to your instructions (i.e., "DDX") but I'm not 
certain that your e-mail didn't contain a typo.



By simply moving the # to the other driver line, you can easily switch between
using the two display drivers by restarting your DM or rebooting.
Right now, the 50-device.conf file looks exactly as it does above but, and I 
have restarted lightdm by issuing:

  systemctl restart lightdm
from the console.

I currently get:



[ZB:~] sudo inxi -GSaz
System:Kernel: 5.10.0-23-amd64 x86_64 bits: 64 compiler: gcc v: 10.2.1
   parameters: BOOT_IMAGE=/BOOT/debian@/vmlinuz-5.10.0-23-amd64 
root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian
   Desktop: Trinity R14.1.1~[DEVELOPMENT] tk: Qt 3.5.0 info: kicker 
wm: Twin 3.0 dm: LightDM 1.26.0

   Distro: Debian GNU/Linux 11 (bullseye)
Graphics:  Device-1: NVIDIA GF108 [GeForce GT 430] vendor: Gigabyte driver: 
nouveau v: kernel bus ID: 04:00.0

   chip ID: 10de:0de1 class ID: 0300
   Display: server: X.Org 1.20.11 driver: loaded: nouveau unloaded: 
modesetting display ID: :0 screens: 1
   Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm 
(20.0x11.2") s-diag: 582mm (22.9")
   Monitor-1: HDMI-1 res: 1920x1080 hz: 60 dpi: 96 size: 509x286mm 
(20.0x11.3") diag: 584mm (23")

   OpenGL: renderer: NVC1 v: 4.3 Mesa 20.3.5 direct render: Yes



But I am still seeing the original problem I reported.

[I also did a test, just to prove to myself that what I'm seeing isn't due to 
some weird monitor problem (it's a pretty new monitor, and I wanted to be sure 
that somehow I hadn't just missed seeing the problem before I performed the 
update -- even though the issue is so obvious that I can't really believe that 
I wouldn't have noticed it before). I took a screenshot of a screen display 
that exhibited the problem (a konqueror file listing), and copied the file to 
another system that is attached to the same KVM switch.


When I display the screenshot image in this, my normal desktop system, I see 
the problem; when I look at the same image file on my other system -- which 
has NOT had the recent update applied -- the problem is absent, even though 
I'm viewing it on the very same monitor. So I am as sure as I can be that, as 
I believed, the recent bullseye update led to the issue.]


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: video issue following latest bullseye update

[D. R. Evans]

Felix Miata wrote on 5/15/23 13:25:


Try using the (default) modesetting DIX display driver instead of Nouveau. 
Remove
package

xserver-xorg-video-nouveau

and reboot to see if it makes a difference.


I did this, and when I rebooted I was in the Linux console instead of Light DM 
(which is my display manager). Hitting ctrl-alt-F7 to go to the X screen did 
not show me the LDM login screen, or any other X screen, but instead another 
non-graphical screen.


I reinstalled xserver-xorg-video-nouveau from the console, and (fortunately) 
when I rebooted LDM came up as usual and I was able to log in as I normally 
do. Obviously, the original issue still exists, but at least I got a graphical 
display back.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: video issue following latest bullseye update

[D. R. Evans]

Felix Miata wrote on 5/15/23 13:25:



Try using the (default) modesetting DIX display driver instead of Nouveau. 
Remove
package

xserver-xorg-video-nouveau



Synaptic is telling me that this will also remove:
  xserver-xorg-video-all

Is it OK that that will also be removed?

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: video issue following latest bullseye update

[D. R. Evans]

Felix Miata wrote on 5/15/23 11:16:

D. R. Evans composed on 2023-05-15 09:49 (UTC-0600):


I'm wondering if someone can walk me through how to figure out what video
driver I am using, and what other drivers might be available to try?


Not without knowing anything about your GPU:


Yes, I figured that that would be the first step; I didn't know how to do that 
either, so thanks for taking my "walk me through" request seriously.




  sudo sed -i 'a/^B_ALLOW_UPDATE/#B_ALLOW_UPDATE/g' /etc/inxi.conf # just doit
  inxi -SGaz # paste into your reply




[ZB:tmp] inxi -SGaz
System:Kernel: 5.10.0-23-amd64 x86_64 bits: 64 compiler: gcc v: 10.2.1
   parameters: BOOT_IMAGE=/BOOT/debian@/vmlinuz-5.10.0-23-amd64 
root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian
   Desktop: Trinity info: kicker wm: Twin dm: LightDM 1.26.0 Distro: 
Debian GNU/Linux 11 (bullseye)
Graphics:  Device-1: NVIDIA GF108 [GeForce GT 430] vendor: Gigabyte driver: 
nouveau v: kernel bus ID: 04:00.0

   chip ID: 10de:0de1 class ID: 0300
   Display: x11 server: X.Org 1.20.11 driver: loaded: nouveau 
unloaded: modesetting display ID: :0 screens: 1
   Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm 
(20.0x11.2") s-diag: 582mm (22.9")
   Monitor-1: HDMI-1 res: 1920x1080 hz: 60 dpi: 96 size: 509x286mm 
(20.0x11.3") diag: 584mm (23")

   OpenGL: renderer: NVC1 v: 4.3 Mesa 20.3.5 direct render: Yes
[ZB:tmp]



FYI, the actual physical size of the monitor is quite a lot larger than the 
23" reported in the output above. I don't suppose that that matters, but I 
noticed that the numbers are wrong, so I thought I'd better mention it. The 
actual diagonal size of the monitor is ~32".



  cat /var/log/Xorg.0.log | pastebinit # provide resulting URL in reply


https://paste.debian.net/1280303/

Thank you.

  Doc

--
Web:  http://enginehousebooks.com/drevans

video issue following latest bullseye update

[D. R. Evans]

Following an update this morning to one of my bullseye systems, an irritating 
video problem has surfaced. The best way I can think of to describe the 
problem is that if one has a line of black text on what is supposed to be a 
white background, to the right of the text a clear, short tail of even whiter 
background is visible (the tail is maybe an inch or so long).


The update was to:
  Linux 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux

I suspect that this is due to a driver issue related to the update. (I have 
tried a couple of different desktops, KDE and TDE, but they both exhibit the 
problem, so I don't think it can be caused by the desktop software. The 
problem did not exist prior to this morning's update.)


So I'm wondering if someone can walk me through how to figure out what video 
driver I am using, and what other drivers might be available to try?


  Doc

--
Web:  http://enginehousebooks.com/drevans

Thunderbird and font size used to display plain text e-mails?

[D. R. Evans]

I have looked everywhere I can think of, and have been unable to find an 
answer -- among the ridiculous number of ways that fonts appear to be 
controlled in Thunderbird -- that works for this issue :-(


I recently changed to a larger monitor, and, after lots of twiddling, have 
more-or-less got most programs looking reasonably sensible. But Thunderbird is 
being recalcitrant.


I am using TB 102.10.0, which is the current version in the debian stable 
repositories, on 64-bit debian stable.


Here is the issue:

When I open TB, I see three panes: one runs the full height of the TB window, 
and is on the left of the screen. It contains a list of the TB e-mail folders. 
The remaining space is divided into two panes, one vertically above the other. 
The second pane, the top one of these two, shows the subjects of received 
e-mails in whatever folder is selected in the first pane. The third pane, 
below the second one, is where the contents of e-mails are displayed.


I have TB configured so as to display incoming e-mail as plain text. They 
display correctly, BUT the font used to display the contents in the third pane 
is too large on the new monitor. How *exactly* do I control the size of the 
font used to display the contents of received plain text e-mails?


That is:

--
|  | |
|  | |
|  | |
|  |-|
|  | | <- how to control font size
|  | | <- in this pane??
--

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Apt sources.list

[Alain D D Williams]

On Sat, Apr 15, 2023 at 11:00:52AM -0400, pa...@quillandmouse.com wrote:

> Okay. Let's open this can of worms. The ONLY reason https is used on
> most sites is because Google *mandated* it years ago. ("Mandate" means
> we'll downgrade your search ranking if you don't use https.) There is
> otherwise no earthly reason to have an encrypted connection to a web
> server unless there is some exchange of private information between you
> and the server.

Where I live (England) I do not care if "the authorities" see what I have
installed on my machine. If I lived in a totalitarian state†† there are some
packages that might raise my profile on some "radar".

†† There are several - I will not mention names as I wish to keep politics out
of this list.

> Reading through all of Google's explanations, I've never seen a
> satisfactory explanation for this change. With that in mind, I believe
> the Debian gods did the right thing in leaving their web connections
> "insecure". Though, in truth, the integrity of Debian server contents
> wouldn't be changed in the slightest whether the connection was
> encrypted or not.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Apt sources.list

[Alain D D Williams]

On Sat, Apr 15, 2023 at 03:48:31PM +0200, to...@tuxteam.de wrote:
> On Sat, Apr 15, 2023 at 02:01:27PM +0100, Alain D D Williams wrote:
> 
> [...]
> 
> > While we are talking about this, is there any reason why all the http: 
> > should
> > not be https: ?
> 
> It's just unnecessary CPU on the server, that's all.

That used to be the case many years ago. Modern CPUs have instructions that
make it much quicker.

"On our production frontend machines, SSL/TLS accounts for less than 1% of the
CPU load, less than 10 KB of memory per connection and less than 2% of network
overhead."

https://istlsfastyet.com/

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Apt sources.list

[Alain D D Williams]

On Sat, Apr 15, 2023 at 08:52:06AM -0400, Greg Wooledge wrote:
> On Sat, Apr 15, 2023 at 01:23:05PM +0100, Brian wrote:
> > On Sat 15 Apr 2023 at 08:11:17 -0400, pa...@quillandmouse.com wrote:
> > > ---
> > > 
> > > deb http://debian.uchicago.edu/debian/ bookworm main contrib non-free
> > > deb-src http://debian.uchicago.edu/debian/ bookworm main contrib non-free
> > > 
> > > deb http://security.debian.org/debian-security bookworm-security main
> > > contrib non-free deb-src http://security.debian.org/debian-security 
> > > bookworm-security main contrib non-free
> > > 
> > > ---

While we are talking about this, is there any reason why all the http: should
not be https: ?

I have done this on my own machine without ill effect.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: No /

[Alain D D Williams]

On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote:
> Is it possible to reinstall the system and still retain the settings,
> logins, etc.? 

This is what backups are for. I assume that you have something.

> Michael Lee

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Libembree, but static

[Julien D Arques]

Hi,
We currently have libembree in .so shared library. Is it possible for the
maintainers to provide the static .a?
I use the latest available in testing 3.13.5
Thanks

Re: GPG problems

[Alain D D Williams]

On Sun, Dec 04, 2022 at 04:28:00PM +0200, Teemu Likonen wrote:
> * 2022-12-04 12:05:56+, Alain D. D. Williams wrote:
> 
> > Part of the problem is the hopeless message "Server indicated a
> > failure" which says little. Any idea how I could get something more
> > informative ?
> 
> You can change debug logging level. Edit ~/.gnupg/dirmngr.conf file and
> write something like this:
> 
> debug-level expert  #or: guru
> log-file /tmp/dirmngr-log.txt
> 
> Then kill dirmngr
> 
> $ gpgconf --kill dirmngr
> 
> and try key servers again. See the log file mentioned above.

Thanks ... it does not really help (I attach it).
The message is:

command 'KS_PUT' failed: Server indicated a failure 

I ran it with debugging on the Debian 11 machine where it works.

I put the PIv4 address for keys.openpgp.org into /etc/hosts - the Debian 10
machine has IPv6 that works, the Debian 11 machine is IPv4 only. No change.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 
2022-12-04 17:44:27 dirmngr[18851.0] permanently loaded certificates: 138
2022-12-04 17:44:27 dirmngr[18851.0] runtime cached certificates: 0
2022-12-04 17:44:27 dirmngr[18851.0]trusted certificates: 138 
(137,0,0,1)
2022-12-04 17:44:27 dirmngr[18851.6] handler for fd 6 started
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> # Home: /home/addw/.gnupg
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> # Config: 
/home/addw/.gnupg/dirmngr.conf
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your 
service
2022-12-04 17:44:27 dirmngr[18851.6] connection from process 18850 (1000:1000)
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- GETINFO version
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> D 2.2.27
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- KEYSERVER
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> S KEYSERVER 
hkps://keys.openpgp.org
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- KS_PUT
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> INQUIRE KEYBLOCK
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- [ 44 20 98 33 04 60 ec 50 
1f 16 09 2b 06 01 04 01 ...(626 byte(s) skipped) ]
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- END
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> INQUIRE KEYBLOCK_INFO
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- D 
pub::256:22:BA366B977C06BAF7:1626099743:::%0Afpr:4D48D5BAF3736D50214AFC3FBA366B977C06BAF7:%0Auid:1626099743Alain
 D D Williams :::%0Auid:1670002234Alain D D 
Williams 
:::%0Asub::256:18:0315E84A964E21C9:1626099743:::%0Afpr:75F7570849B82972171A762C0315E84A964E21C9:%0A
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- END
2022-12-04 17:44:27 dirmngr[18851.6] command 'KS_PUT' failed: Server indicated 
a failure 
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> ERR 219 Server indicated a 
failure 
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- BYE
2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK closing connection
2022-12-04 17:44:27 dirmngr[18851.6] handler for fd 6 terminated
2022-12-04 17:55:27 dirmngr[18851.0] running scheduled tasks
2022-12-04 18:05:28 dirmngr[18851.0] running scheduled tasks
2022-12-04 18:15:28 dirmngr[18851.0] running scheduled tasks
2022-12-04 18:25:29 dirmngr[18851.0] running scheduled tasks
2022-12-04 18:33:58 dirmngr[18851.6] handler for fd 6 started
2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> # Home: /home/addw/.gnupg
2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> # Config: 
/home/addw/.gnupg/dirmngr.conf
2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your 
service
2022-12-04 18:33:58 dirmngr[18851.6] connection from process 22347 (1000:1000)
2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 <- KILLDIRMNGR
2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> OK closing connection
2022-12-04 18:36:18 dirmngr[22361.0] permanently loaded certificates: 138
2022-12-04 18:36:18 dirmngr[22361.0] runtime cached certificates: 0
2022-12-04 18:36:18 dirmngr[22361.0]trusted certificates: 138 
(137,0,0,1)
2022-12-04 18:36:18 dirmngr[22361.6] handler for fd 6 started
2022-12-04 18:36:18 dirmngr[22361.6] DBG: chan_6 -> # Home: /home/addw/.gnupg
2022-12-04 18:36:18 dirmngr[22361.6] DBG: chan_6 -> # Config: 
/home/addw/.gnupg/dirmngr.conf
2022-12-04 18:36:18 dirmngr[22361.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your 
service
2022-12-04 18:36:18 dirmngr[22361.6] connection from process 22360 (1000:1000)
2022-12-04 18

Re: GPG problems

[Alain D D Williams]

On Sat, Dec 03, 2022 at 02:59:41PM -0500, Jeffrey Walton wrote:

> keys.openpgp.org should be operational. It responds to ping.
> 
> Also have a look at
> https://lists.gnupg.org/pipermail/gnupg-users/2021-June/065261.html .

No, that is not the issue. It works on Debian 11 but not Debian 10, both
attempts within a few minutes of each other, both connect to 
hkps://keys.openpgp.org

Both run the same version of gpg (GnuPG) 2.2.27
(I installed from backports on Debian 10)

gpg reports the version of libgcrypt On Debian 10 it is 1.8.4 on Debian 11 it
is 1.8.8 Could that be an issue ? I am reluctant to speculatively upgrade for
fear of breaking something else.

Part of the problem is the hopeless message "Server indicated a failure" which
says little. Any idea how I could get something more informative ?

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

GPG problems

[Alain D D Williams]

I am running Debian 10 (buster). I generated a new key that I wanted to upload,
but it fails:

$ gpg --send-keys  0xBA366B977C06BAF7
gpg: sending key 0xBA366B977C06BAF7 to hkps://keys.openpgp.org
gpg: keyserver send failed: Server indicated a failure
gpg: keyserver send failed: Server indicated a failure

I copied my ~/.gnupg to a Debian 11 (bullesys) machine, it works:

$ gpg --send-keys  0xBA366B977C06BAF7
gpg: sending key 0xBA366B977C06BAF7 to hkps://keys.openpgp.org
$ 

Back on buster I grabbed the latest version:
/etc/apt/sources.list:
deb http://deb.debian.org/debian/ buster-backports main contrib non-free
# apt -V -t=buster-backports install gpg

I killed the dirmngr daemon:

# killall dirmngr

I tried the send-keys again and got the same result, ie failure.

Please: what should I do to fix this.

Thanks in advance

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: just saying

[Alain D D Williams]

On Thu, Nov 24, 2022 at 10:43:19PM +, Peter von Kaehne wrote:
> 
> > 
> > Even if you have it can be very hard to find carefully constructed back 
> > doors.
> 
> Shrug.. as opposed to installing closed source programmes where you know you 
> are spied upon ? Which may of course have back doors but thanks tk being 
> closed you I’ll not even learn about? 

OK - I agree with you. FLOSS is much better from that point of view; my point
was that FLOSS is not a guarantee. The OP was talking about spooks, these guys
are well funded and capable of producing hard to detect back doors.

FLOSS is also more resistant to a government bribing or strong arming a closed
source company to include a spook produced back door.

"much better" != "perfect" - ie vigilance is still needed.

> > Some code has been carefully looked at but most has not.
> > 
> >>> On Thu, Nov 24, 2022 at 4:03 PM mick.crane  wrote:
> >>> 
> >>> I love open source, more than you might think, but I have a niggling
> >>> feeling it's been infiltrated to make user control difficult.
> >>> If I was a spook it's what I'd do.
> >>> Please prove me wrong.
> >>> mick

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: just saying

[Alain D D Williams]

On Thu, Nov 24, 2022 at 04:05:31PM -0500, Jeremy Hendricks wrote:
> I have no idea what you mean. It’s open source and you can analyze the code
> line by line.

Very true ... but how much code have you analyzed line by line ?

Even if you have it can be very hard to find carefully constructed back doors.

Some code has been carefully looked at but most has not.

> On Thu, Nov 24, 2022 at 4:03 PM mick.crane  wrote:
> 
> > I love open source, more than you might think, but I have a niggling
> > feeling it's been infiltrated to make user control difficult.
> > If I was a spook it's what I'd do.
> > Please prove me wrong.
> > mick
> >
> >

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: deduplicating file systems: VDO with Debian?

[d-u]

On Wed, 09 Nov 2022 13:28:46 +0100
hw  wrote:

> On Tue, 2022-11-08 at 09:52 +0100, DdB wrote:
> > Am 08.11.2022 um 05:31 schrieb hw:  
> > > > That's only one point.  
> > > What are the others?
> > >   
> > > >  And it's not really some valid one, I think, as 
> > > > you do typically not run into space problems with one single
> > > > action (YMMV). Running multiple sessions and out-of-band
> > > > deduplication between them works for me.  
> > > That still requires you to have enough disk space for at least
> > > two full backups.
> > > I can see it working for three backups because you can
> > > deduplicate the first two, but not for two.  And why would I
> > > deduplicate when I have sufficient disk
> > > space.
> > >   
> > Your wording likely confuses 2 different concepts:  
> 
> N, I'm not confusing that :)  Everyone says so and I don't know
> why ...
> 
> > Deduplication avoids storing identical data more than once.
> > whereas
> > Redundancy stores information on more than one place on purpose to
> > avoid loos of data in case of havoc.
> > ZFS can do both, as it combines the features of a volume manager
> > with those of a filesystem and a software RAID.( I am using
> > zfsonlinux since its early days, for over 10 years now, but without
> > dedup. )
> > 
> > In the past, i used shifting/rotating external backup media for that
> > purpose, because, as the saying goes: RAID is NOT a backup! Today, i
> > have a second server only for the backups, using zfs as well, which
> > allows for easy incremental backups, minimizing traffic and disk
> > usage.
> > 
> > but you should be clear as to what you want: redundancy or
> > deduplication?  
> 
> The question is rather if it makes sense to have two full backups on
> the same machine for redundancy and to be able to go back in time, or
> if it's better to give up on redundancy and to have only one copy and
> use snapshots or whatever to be able to go back in time.

And the answer is no. The redundancy you gain from this is almost,
though not quite, meaningless, because of the large set of common
data-loss scenarios against which it offers no protection. You've made
it clear that the cost of storage media is a problem in your situation.
Doubling your backup server's requirement for scarce and expensive disk
space in order to gain a tiny fraction of the resiliency that's
normally implied by "redundancy" doesn't make sense. And being able to
go "back in time" can be achieved much more efficiently by using a
solution (be it off-the-shelf or roll-your-own) that starts with a full
backup and then just stores deltas of changes over time (aka incremental
backups). None of this, for the record, is "deduplication", and I
haven't seen any indication in this thread so far that actual
deduplication is relevant to your use case.

> Of course it would better to have more than one machine, but I don't
> have that.

Fine, just be realistic about the fact that this means you cannot in
any meaningful sense have "two full backups" or "redundancy". If and
when you can some day devote an RPi tethered to some disks to the job,
then you can set it up to hold a second, completely independent,
store of "full backup plus deltas". And *then* you would have
meaningful redundancy that offers some real resilience. Even better if
the second one is physically offsite. 

In the meantime, storing multiple full copies of your data on one
backup server is just a way to rapidly run out of disk space on your
backup server for essentially no reason.


Cheers!
 -Chris

Re: ZFS performance (was: Re: deduplicating file systems: VDO with Debian?)

[D. R. Evans]

hw wrote on 11/9/22 04:41:


configure the controller cards, so that won't really work.  And ZFS with Linux
isn't so great because it keeps fuse in between.



That isn't true. I've been using ZFS with Debian for years without FUSE, 
through the ZFSonLinux project.


The only slightly discomforting issue is that it's not officially supported on 
Debian because of a perceived license conflict.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Ubuntu

[Alexandre D]

Bonjour Nadir,

Je rejoint complètement les propos de Didier et je le remercie pour sa 
clarté entre Ubuntu et Debian.


En tant que membre de la communauté de Debian Facile 
<https://debian-facile.org/>, je suis le trésorier de cette association 
depuis 2018, je ne peux que t'encourager à t'y rendre.


Si tu souhaites découvrir Debian, je ne peux que t'encourager à 
installer Debian et non pas Ubuntu, tu trouveras de l'aide avec cette 
communauté via la liste mail Debian ou celle de Debian Facile 
<https://debian-facile.org/> à travers son forum 
<https://debian-facile.org/forum.php>, ses cahiers du débutant 
<https://debian-facile.org/projets/lescahiersdudebutant/> ou son iso 
d'installation <https://debian-facile.org/projets:iso-debian-facile>.


Bonne découverte !

Alex (SuShY sur Debian Facile)


⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Le 04/11/2022 à 09:40, didier gaumet a écrit :

Le 04/11/2022 à 08:48, Nadir a écrit :

Bonjour,

Je viens d'installer Ubuntu qui est un produit Debian.
Est-il utile pour moi d’accéder au forum Debian facile ?

Est-il possible de réinstaller mon logiciel via Debian facile ?

Merci d’avance pour votre réponse,

Nadir Bengana



Bonjour,

- alors non, Ubuntu n'est pas un produit Debian. Debian est une 
association qui ne vend aucun produit et qui publie la distribution 
Linux Debian.
 Canonical est une société commerciale qui publie la distribution 
Linux Ubuntu qui est largement basée sur Debian.
Mais Ubuntu n'est pas Debian, bien que certaines connaissances et 
compétences acquises sur Debian (ou n'importe quelle distribution 
Linux en générale) puissent être utiles sur Ubuntu: les différences 
entre Ubuntu et Debian peuvent être difficiles à gérer (plus pour lui 
que pour celui qui offre son aide) lorsqu'on cherche à dépanner un 
débutant sur Ubuntu.


- Debian Facile est un site d'aide à l'installation, l'administration 
et l'utilisation de Debian. Oui il est possible de consulter Debian 
Facile pour gérer son Ubuntu, mais ce n'est probablement pas la 
meilleure méthode


- Ubuntu propose pas mal de documentation, wiki et forums, tant en 
anglais, qu'ici en français: https://doc.ubuntu-fr.org/.

Si je me mettais à Ubuntu c'est probablement par là que je commencerais<

Le but de ce message n'est pas de se débarrasser de toi sur cette 
liste Debian, c'est plutôt de faciliter ton parcours avec Ubuntu.


Bon courage et bonne exploration :-)

Re: Éteindre ou redémarrer sa machine à partir de son user

[Alexandre D]

Bonjour,

Problème résolu avec un "apt install polkitd" qui s'était désinstaller 
par erreur.


A++


⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Le 02/11/2022 à 13:57, Alexandre D a écrit :


Bonjour à tous,

Ma machine tourne sur une Debian SID depuis 2018, voici la 
configuration à ce jour :


  * OS :Debian GNU/Linux bookworm/sid x86_64
  * Kernel : 6.0.0-2-amd64
  * Shell : bash 5.2.2


Depuis une mise à jour installée hier, je ne peux plus reteindre ou 
redémarrer ma machine depuis mon compte utilisateur, voici le retour 
des commandes :


  * systemctl poweroff --> Call to PowerOff failed: Access denied
  * systemctl reboot --> Call to Reboot failed: Access denied

Avez-vous une idée pour résoudre le problème ?
Par avance, merci.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Éteindre ou redémarrer sa machine à partir de son user

[Alexandre D]

Bonjour à tous,

Ma machine tourne sur une Debian SID depuis 2018, voici la configuration 
à ce jour :


 * OS :Debian GNU/Linux bookworm/sid x86_64
 * Kernel : 6.0.0-2-amd64
 * Shell : bash 5.2.2


Depuis une mise à jour installée hier, je ne peux plus reteindre ou 
redémarrer ma machine depuis mon compte utilisateur, voici le retour des 
commandes :


 * systemctl poweroff --> Call to PowerOff failed: Access denied
 * systemctl reboot --> Call to Reboot failed: Access denied

Avez-vous une idée pour résoudre le problème ?
Par avance, merci.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

How to use hw vendor EFI diagnostics ?

[Alain D D Williams]

I just got myself a new laptop - the old one broke.
It is an HP stream, I wiped MS Windows and installed Linux Mint 21.

The machine came with some nice hardware diagnostics, written by/for HP. These
could be run without booting MS Windows. I would like to have the ability to
run these as they know more about the laptop's hardware than what is installed
from Mint -- just some generic memory test.

I did copy the EFI before it was overwritten by the Linux installation.

How do I integrate the HP diagnostics into the current EFI ?

Thanks in advance.

This is what there is now:
/boot/efi/
/boot/efi/EFI
/boot/efi/EFI/ubuntu
/boot/efi/EFI/ubuntu/grubx64.efi
/boot/efi/EFI/ubuntu/shimx64.efi
/boot/efi/EFI/ubuntu/mmx64.efi
/boot/efi/EFI/ubuntu/BOOTX64.CSV
/boot/efi/EFI/ubuntu/grub.cfg
/boot/efi/EFI/BOOT
/boot/efi/EFI/BOOT/BOOTX64.EFI
/boot/efi/EFI/BOOT/fbx64.efi
/boot/efi/EFI/BOOT/mmx64.efi

This is what I have preserved from before Linux install:

System Volume Information
EFI
EFI/HP
EFI/HP/BIOS
EFI/HP/BIOS/Current
EFI/HP/BIOS/Current/085B5.bin
EFI/HP/BIOS/Current/085B5.s12
EFI/HP/BIOS/Current/085B5.sig
EFI/HP/BIOS/Previous
EFI/HP/BIOS/New
EFI/HP/HP Support Framework
EFI/HP/HP Support Framework/Logs
EFI/HP/HP Support Framework/Logs/1275192963.xml
EFI/HP/dip.zip
EFI/HP/SystemDiags
EFI/HP/SystemDiags/EADB.json
EFI/HP/SystemDiags/SystemDiags.ini
EFI/HP/SystemDiags/HpHwDiagsSnapshot.cee
EFI/HP/SystemDiags/LICENCE.txt
EFI/HP/SystemDiags/CryptRSA.efi
EFI/HP/SystemDiags/SysDiags.s09
EFI/HP/SystemDiags/SystemDiags-5CD2301RGW.html
EFI/HP/SystemDiags/SysDiags.efi
EFI/HP/SystemDiags/TestCoverage.json
EFI/HP/SystemDiags/SysDiags.s14
EFI/HP/SystemDiags/DI.efi
EFI/HP/SystemDiags/SysDiags.s12
EFI/HP/SystemDiags/SystemDiags.log
EFI/HP/SystemDiags/SystemDiagsCeeHistory.log
EFI/HP/DI.efi
EFI/HP/BIOSUpdate
EFI/HP/BIOSUpdate/BiosMgmt.s12
EFI/HP/BIOSUpdate/CryptRSA.efi
EFI/HP/BIOSUpdate/BiosMgmt.s14
EFI/HP/BIOSUpdate/BiosMgmt.efi
EFI/HP/BIOSUpdate/BiosMgmt.s09

EFI/Boot
EFI/Boot/bootx64.efi

There is also some MS stuff (I'm just listing top level directories, 185 in 
total):
EFI/Microsoft
EFI/Microsoft/Recovery
EFI/Microsoft/Boot

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Nouveau - Renseignements

[Alexandre D]

Bonsoir et bienvenue à toi dans le monde du libre.

Personnellement, je te conseil une distribution Debian, et la communauté 
Debian Facile <https://debian-facile.org/> pour son entraide et sa 
richesse dans son forum.


Voici quelques pistes :

 * Les cahiers du débutant sur Debian GNU/Linux Bullseye
   <https://debian-facile.org/projets/lescahiersdudebutant/>
 * Documentation de Debian-Facile <https://debian-facile.org/wiki>

Bonne lecture et belle aventure.


⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Le 06/08/2022 à 19:38, DA SILVA a écrit :

Bonjour,

Depuis quelque temps, j'utilise un système d'exploitation qui est 
Windows 10, je l'utilise pour des besoins personnels, professionnels 
et pour un usage gaming.


Malheureusement, leur politique de confidentialité (traqueur, ciblage, 
force installation, créer un compte Microsoft obligatoirement...) ne 
me convient pas du tout.


J'ai réfléchi et je souhaite passer sur un autre système 
d'exploitation qui est Linux, je souhaite un système d'exploitation 
simple d'utilisation, sécuriser, puissant, compatible avec mes 
composants et enfin respectueux de la vie privée.


Est-ce que ses critères ci-dessus sont dans votre politique de votre 
système d'exploitation ?


Étant un nouveau et débutant, je souhaite avoir un guide complet pour 
savoir l'installer, le configurer (mise à jour, pilotes, création de 
l'utilisateur...)


Je vous souhaite une excellente journée.

Cordialement,

Re: issue with purging an old kernel

[D. R. Evans]

DdB wrote on 6/20/22 10:07:

Since i am running dozens of VM's, i can say:
Me2 am running into this regularly, when i am trying to purge old
kernels. I am seeing this so frequently, that i even wrote a script
(meant to be run inside the VM's) to clean up the mess, some apt-scripts
happen to leave behind.


It's comforting to know that this seems to be a relatively common occurrence 
(although this is the first time I've run into it, and I've been running 
debian for maybe seven or eight years at this point). As far as I know I have 
only official debian stable packages on the system, so it has the flavour of a 
minor packaging bug somewhere. Anyway, I'm not going to worry about it, given 
that you see it so often. I have cleared out the offending directory and moved on.


Thanks to you and the other posters for responding.

  Doc

--
Web:  http://enginehousebooks.com/drevans

acceso full a una ip

[Luis D. Alvarez Navarro]

buenas a todos

Necesito que me aclaren esto soy nuevo e esto de iptables.
Necesito a una ip de mi lan por ej la 192.168.200.3 darle acceso ainternet
full y que no tenga nada que ver con el proxy, es para que baje
actualizaciones y todo para servidores etc.

puede ser así

Ahh la ip real par el proxy por ej 200.55.55.3

iptables -A INPUT -s 192.168.200.3 -j ACCEPT

?? Acepto toda ayuda

issue with purging an old kernel

[D. R. Evans]

Normally to remove an old kernel from my debian stable systems, I issue the 
following command:




apt purge linux-headers--amd64 
linux-headers--common linux-image--amd64




Following this recipe, which has always worked in the past, I issued:



apt purge linux-headers-5.10.0-11-amd64 linux-headers-5.10.0-11-common 
linux-image-5.10.0-11-amd64




But it failed, with the error message:



Purging configuration files for linux-image-5.10.0-11-amd64 (5.10.92-2) ...
rmdir: failed to remove '/lib/modules/5.10.0-11-amd64': Directory not empty
dpkg: warning: while removing linux-image-5.10.0-11-amd64, directory 
'/lib/modules/5.10.0-11-amd64' not empty so not removed




If I look in the named directory, I see:



root@zbrew:~# ls -al /lib/modules/5.10.0-11-amd64
total 35
drwxr-xr-x 3 root root 3 Jun 20 08:49 .
drwxr-xr-x 7 root root 7 Jun 17 07:08 ..
drwxr-xr-x 2 root root 2 Apr 25 07:53 misc



and the directory /lib/modules/5.10.0-11-amd64/misc turns out to be empty.

So it seems reasonable to remove /lib/modules/5.10.0-11-amd64/misc/ manually 
and re-execute the purge command.


But before I try that, I'm puzzled as to how this situation could have arisen. 
Has anyone else seen this happen, and does anyone have a reasonable suggestion 
as to how it could have occurred?


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: google account say it will no longer deliver email

[Alain D D Williams]

On Sat, Jun 04, 2022 at 10:02:05PM +0200, sp...@caiway.net wrote:
> Hi,
> 
> My first mail provider (in Oslo) promised free mailadress for life.
> 
> Then it was sold to a kapitalist and they started to ask money.
> 
> I do not like that.
> 
> I know it is possible to run a free host.
> 
> By volunteers running the server for example.

Oh - great ... please do us all a favour and set up a free host and give us
free addresses for life.

Thanks!

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

[SOLVED] Re: postfix + gmail

[D. R. Evans]

And, of course, half an hour after giving up and asking for help, I discovered 
what I needed to change.


I did a "journalctl | grep smtp" and noticed that, when my machine was 
connecting to gmail, it seemed to be doing so on port 25. Aha!


So I changed my transport file explicitly to use port 587 when connecting to 
smtp.googlemail.com, reloaded everything and now it works.


(Slightly in my defence, I had briefly pondered the question of port number 
earlier this morning, but, since I hadn't seem any mention of it in my reading 
of solutions to this problem, I figured that the fact that I had enabled auth 
in the main.cf file must mean that postfix was automagically going to use port 
587 instead of port 25. Now I know better.)


  Doc

--
Web:  http://enginehousebooks.com/drevans

postfix + gmail

[D. R. Evans]

I am trying to configure postfix correctly to send e-mail to a gmail.com 
account, using my gmail credentials.


1. It all works fine if I use Thunderbird, with the following configuration:
  server name: smtp.googlemail.com
  port:587
  Connection security: STARTTLS
  Authentication method: normal password
  username: doc.ev...@gmail.com
and the password set to my gmail password.

That, in fact, is the method that I am using to post this e-mail to the 
reflector.

2. But when I try to duplicate that with postfix, I receive the following error:


: host smtp.googlemail.com[142.250.138.16] said: 530-5.7.0
Authentication Required. Learn more at 530 5.7.0
https://support.google.com/mail/?p=WantAuthError
e12-20020a9d490c00b0060b6facd5e4sm4170514otf.29 - gsmtp (in reply to
MAIL FROM command)


I have spent most of the morning following various Internet threads related to 
this error, and making many variations to my postfix configuration, but 
without success.


FWIW, here are the relevant parts of my current postfix configuration, and it 
generates the error message quoted above (I am running debian stable):


in main.cf:

  smtp_sasl_auth_enable = yes
  smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
  smtp_sasl_security_options =
  smtp_sasl_type = cyrus
  smtp_use_tls = yes
  smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

in sasl_passwd:

  [smtp.googlemail.com]:587 doc.ev...@gmail.com:

I did check that the password matches exactly the password in Thunderbird.

So if some postfix guru could enlighten me as to what I need to change, I'd be 
very grateful.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Choix d'un gestionnaire de mots de passe

[Alexandre D]

Bonsoir,

Même ressenti et même usage pour moi avec Vaultwarden en auto-hébergé. 
Multi plateforme et accessible de partout.


A++


⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Le 26/05/2022 à 20:56, nou...@ti-nuage.fr a écrit :

Bonjour,

J'apprécie particulièrement Vaultwarden en auto-hébergé. Multi 
plateforme et accéssible de partout.


Autrement pour ce qui est en ligne de commande, korben à récemment 
publié un article à propos de Spectre : 
https://korben.info/spectre-calculateur-mots-passe.html




On 26/05/2022 20:43, hamster  wrote:

Le 26/05/2022 à 19:05, kaliderus a écrit :
> Bonjour la liste,
>
> Quel est votre gestionnaire de mot de passe préféré et pourquoi ?

KeepassXC, parce que c'est le seul qui a été certifié par l'ANSSI 
(pour ce que j'en sais).


Je prend la version XC parce que c'est nettement mieux intégré dans 
linux.


Sur le sujet des mots de passe, je pense que vous connaissez déjà 
cette conférence :

https://www.videos-libr.es/w/cf58e9a4-bce3-471a-bb40-5e5c3fcb71f1

> Je suis en train de tester keepass qui semble pas mal foutu,
> néanmoins, une interface uniquement en ligne de commande ne serait pas
> pour me déplaire.

Heu, attend, tu veux en faire quoi de ton gestionnaire de mot de passe ?

> J'ai aussi envisagé de chiffrer tout simplement un fichier
> texte...

Ca dépend de ton usage.

Quand je me logue sur un nouveau site web, je rentre a la main mon 
identifiant et mot de passe, et keepass me demande si je veux les 
enregistrer.


Ensuite, quand je retourne sur le meme site web, keepass me propose 
de taper l'identifiant et le mot de passe a ma place.


De meme, quand j'ouvre mon mail avec thunderbird, keepass tape le mot 
de passe a ma place.


Bien sur, j'ai du installer une extension dans firefox et une autre 
dans thunderbird pour que keepass puisse interagir de la sorte avec 
ces 2 logiciels.


Je sais pas comment faire un tel fonctionnement avec un simple 
fichier texte chiffré. Tu risque fort de trouver rapidement que faire 
des copier/coller depuis un fichier texte c'est relou, et d'ailleurs 
le fait que ton mot de passe reste dans le presse papier a chaque 
fois que tu fait un copier/coller est une faille de sécurité.


> l'idéal serait un outil en ligne de commande

Donc les logiciels dans lesquels tu utilise tes mots de passe sont 
aussi en ligne de commande ? Je veux dire : tu surfe sur le web avec 
ELinks ou equivalent ???


Keepass a une interface graphique, qui me sert a… taper mon mot de 
passe maitre pour déverouiller la base de données. Ensuite je n'ai 
plus a cliquer dans keepass. Tout se passe directement dans les 
logiciels qui ont besoin des mots de passe.

Re: When will Debian book Authors be publishing Debian 11 Bullseye System Administrator's Handbook?

[Tom D.]

Respected IL Ka,

Thank you very much for your reply. I will right away buy Debian 10 System
Administration Handbook.

Regards
Adrian

On Fri, Apr 29, 2022 at 11:50 AM IL Ka  wrote:

> Debian 10 handbook (https://debian-handbook.info/) still can be used to
> study Debian because lots of things are the same.
> After this book you can read Debian 11 release notes:
> https://www.debian.org/releases/stable/amd64/release-notes/index.en.html
>
>>

Does this video on YouTube tutorial complacent with Debian 11 Bullseye System Administration?

[Tom D.]

Respected Everyone,

I have installed Debian 11 Bullseye on my Laptop and found the following
video tutorial.

https://youtu.be/wsh64rjnRas

Does this video tutorial coalign with Debian 11 Bullseye System
Administration?

I really need the latest tutorial.

Thank you. Regards
Adrian

When will Debian book Authors be publishing Debian 11 Bullseye System Administrator's Handbook?

[Tom D.]

Respected Debian Book Authors,

When will you be going to publish Debian 11 Bullseye System Administrator's
Handbook? I cannot wait to buy it from Amazon. I really need it.

Please publish it as soon as possible.

Is there any website or video site from where I can learn to be a Complete
Debian 11 Bullseye Administrator? Can you point me in the right direction?

Please let me know.

Cheers
Adrian

Re: Start ZFS partition on boot.

[D. R. Evans]

James Allsopp wrote on 3/18/22 15:20:


I'm having lots of trouble starting my zfs /var partition as part of boot,


I urge you to post the question on the zfs-discuss reflector.

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: jupyter-notebook and bullseye

[D. R. Evans]

Reco wrote on 12/31/21 1:47 PM:



That was certainly a help (although I wonder why it was necessary for me to do 
that manually),


It's official Debian policy now, believe it or not.
python 2.x is /usr/bin/python2.
python 3.x is /usr/bin/python3.

If the user really wants /usr/bin/python the user should install
python-is-python2 or python-is-python3. And these two packages conflict
with each other.



Once upon a time, not really that long ago, Debian seemed to make very 
sensible decisions to keep everything stable and working across upgrades. In 
the past few years, however, I find myself shaking my head and wondering "what 
were they thinking?" It's not that some of the things they've done are 
necessarily *wrong* per se, but they have certainly been a lot more 
experimental than one wants in an environment that one expects to keep working 
properly across upgrades; it seems that somehow the importance of keeping the 
users' systems functioning as one hopes they will is now a much lower priority 
than it used to be.



but ultimately I am still unable to do anything.


I'm not familiar with jupyter and I'm not using it.



Pretty wise; I think. I was sucked in a bit about the hype that surrounds it 
and put in quite a bit of effort to build some useful notebooks a few years 
ago. But now I find that it's pretty much like the majority of experiments 
I've tried over the years: it looks nifty, and doubtless some people find it 
useful, but for me it's too fragile and ultimately the cost in time isn't 
worth the possible benefit.


But it certainly would be nice to at least be able to use my old jupyter 
notebooks, even if it's unlikely that I'll create any new ones.




Judging from [1], you're required to reinstall all these "jupyter
kernels", because what you have was installed for python2, but what you
need is to install them for python3.

But then again, I could be wrong. Sorry, cannot help you further.


That's probably a good bet. I don't remember how any of those kernels got 
installed [I thought that all except the sos kernel were from debian 
repositories, but my memory might be faulty], so I'll have to search around 
and see what I can dig up. The evidence to hand does seem to suggest that they 
don't auto-upgrade and therefore need to be upgraded manually somehow.


Thank you for taking the time to share your thoughts, especially as you don't 
use jupyter yourself.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: jupyter-notebook and bullseye

[D. R. Evans]

Reco wrote on 12/17/21 6:10 AM:

Hi.

On Thu, Dec 16, 2021 at 12:43:51PM -0700, D. R. Evans wrote:

FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python'

...

Can someone suggest how I might get back to the fully-working set of kernels 
that I had in buster?


Try this:

apt install python-is-python3



Thank you very much.

That was certainly a help (although I wonder why it was necessary for me to do 
that manually), but ultimately I am still unable to do anything.


"jupyter kernelspec list" now looks better:



[ZB:jupyter] jupyter kernelspec list
Available kernels:
  ir  /home/n7dr/.local/share/jupyter/kernels/ir
  markdown/home/n7dr/.local/share/jupyter/kernels/markdown
  bash/usr/local/share/jupyter/kernels/bash
  gnuplot /usr/local/share/jupyter/kernels/gnuplot
  sos /usr/local/share/jupyter/kernels/sos
  python3 /usr/share/jupyter/kernels/python3
[ZB:jupyter]



But if I actually run jupyter-notebook on a known-good .ipynb file I get the 
following:




[ZB:jupyter] jn CQ*
[I 13:22:37.809 NotebookApp] Loading IPython parallel extension
[I 13:22:37.824 NotebookApp] Serving notebooks from local directory: 
/home/n7dr/notebooks/jupyter

[I 13:22:37.824 NotebookApp] Jupyter Notebook 6.2.0 is running at:
[I 13:22:37.824 NotebookApp] 
http://localhost:/?token=5e06127359465bc598e53eb5b48ef202592e96e3a1fe4ba7
[I 13:22:37.824 NotebookApp]  or 
http://127.0.0.1:/?token=5e06127359465bc598e53eb5b48ef202592e96e3a1fe4ba7
[I 13:22:37.825 NotebookApp] Use Control-C to stop this server and shut down 
all kernels (twice to skip confirmation).

[C 13:22:42.319 NotebookApp]

To access the notebook, open this file in a browser:

file:///home/n7dr/.local/share/jupyter/runtime/nbserver-2497406-open.html
Or copy and paste one of these URLs:

http://localhost:/?token=5e06127359465bc598e53eb5b48ef202592e96e3a1fe4ba7
 or 
http://127.0.0.1:/?token=5e06127359465bc598e53eb5b48ef202592e96e3a1fe4ba7
[W 13:22:50.477 NotebookApp] 404 GET 
/nbextensions/widgets/notebook/js/extension.js?v=20211231132234 (127.0.0.1) 
96.38ms referer=http://localhost:/notebooks/CQ%20WW.ipynb
[I 13:22:51.078 NotebookApp] 302 GET /notebooks/activity-160.png (127.0.0.1) 
0.67ms
[I 13:22:51.171 NotebookApp] 302 GET /notebooks/2017-ALL.png (127.0.0.1) 
0.61ms
[I 13:22:51.394 NotebookApp] 302 GET /notebooks/cq-ww-qso-nlogs-a-u.png 
(127.0.0.1) 0.62ms
[I 13:22:51.456 NotebookApp] 302 GET /notebooks/cq-ww-qso-percentiles.png 
(127.0.0.1) 0.64ms
[I 13:22:51.576 NotebookApp] Kernel started: 
9636f23d-6e5c-4ce6-931a-f0844f8876e5, name: bash

/usr/bin/python: No module named bash_kernel
[I 13:22:54.576 NotebookApp] KernelRestarter: restarting kernel (1/5), new 
random ports

/usr/bin/python: No module named bash_kernel
[I 13:22:57.590 NotebookApp] KernelRestarter: restarting kernel (2/5), new 
random ports

/usr/bin/python: No module named bash_kernel
[I 13:23:00.598 NotebookApp] KernelRestarter: restarting kernel (3/5), new 
random ports

/usr/bin/python: No module named bash_kernel
[I 13:23:03.605 NotebookApp] KernelRestarter: restarting kernel (4/5), new 
random ports

/usr/bin/python: No module named bash_kernel
[W 13:23:06.621 NotebookApp] KernelRestarter: restart failed
[W 13:23:06.621 NotebookApp] Kernel 9636f23d-6e5c-4ce6-931a-f0844f8876e5 died, 
removing from map.
[W 13:23:12.691 NotebookApp] Replacing stale connection: 
9636f23d-6e5c-4ce6-931a-f0844f8876e5:1820effccd3749579998b085be46704b
[W 13:23:34.746 NotebookApp] Replacing stale connection: 
9636f23d-6e5c-4ce6-931a-f0844f8876e5:1820effccd3749579998b085be46704b
[W 13:23:51.683 NotebookApp] Timeout waiting for kernel_info reply from 
9636f23d-6e5c-4ce6-931a-f0844f8876e5
[E 13:23:51.686 NotebookApp] Error opening stream: HTTP 404: Not Found (Kernel 
does not exist: 9636f23d-6e5c-4ce6-931a-f0844f8876e5)
[W 13:23:51.689 NotebookApp] 404 GET 
/api/kernels/9636f23d-6e5c-4ce6-931a-f0844f8876e5/channels?session_id=1820effccd3749579998b085be46704b 
(127.0.0.1): Kernel does not exist: 9636f23d-6e5c-4ce6-931a-f0844f8876e5
[W 13:23:51.690 NotebookApp] 404 GET 
/api/kernels/9636f23d-6e5c-4ce6-931a-f0844f8876e5/channels?session_id=1820effccd3749579998b085be46704b 
(127.0.0.1) 39005.31ms referer=None
[W 13:23:51.690 NotebookApp] 404 GET 
/api/kernels/9636f23d-6e5c-4ce6-931a-f0844f8876e5/channels?session_id=1820effccd3749579998b085be46704b 
(127.0.0.1): Kernel does not exist: 9636f23d-6e5c-4ce6-931a-f0844f8876e5
[W 13:23:51.691 NotebookApp] 404 GET 
/api/kernels/9636f23d-6e5c-4ce6-931a-f0844f8876e5/channels?session_id=1820effccd3749579998b085be46704b 
(127.0.0.1) 16950.43ms referer=None
[W 13:23:55.701 NotebookApp] Replacing stale connection: 
9636f23d-6e5c-4ce6-931a-f0844f8876e5:1820effccd3749579998b085be46704b
[W 13:24:23.733 NotebookApp] Replacing stale connection: 
9636f23d-6e5c-4ce6-931a-f0844f8876e5:1820effccd3749579998b085be46704b




And in the brow

jupyter-notebook and bullseye

[D. R. Evans]

I don't use jupyter-notebook often, so I only just discovered that I am 
encountering a problem with it following my upgrade from buster to bullseye a 
couple of months ago. It worked fine on buster, and I have changed nothing 
related to jupyter since the upgrade.


When jupyter-notebook starts the browser, I see a big red "kernel error" 
button, and when I press it, the following pops up:




Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/tornado/web.py", line 1704, in _execute
 result = await result
   File "/usr/lib/python3/dist-packages/tornado/gen.py", line 769, in run
 yielded = self.gen.throw(*exc_info)  # type: ignore
   File 
"/usr/lib/python3/dist-packages/notebook/services/sessions/handlers.py", line 
69, in post

 model = yield maybe_future(
   File "/usr/lib/python3/dist-packages/tornado/gen.py", line 762, in run
 value = future.result()
   File "/usr/lib/python3/dist-packages/tornado/gen.py", line 769, in run
 yielded = self.gen.throw(*exc_info)  # type: ignore
   File 
"/usr/lib/python3/dist-packages/notebook/services/sessions/sessionmanager.py", 
line 88, in create_session
 kernel_id = yield self.start_kernel_for_session(session_id, path, name, 
type, kernel_name)

   File "/usr/lib/python3/dist-packages/tornado/gen.py", line 762, in run
 value = future.result()
   File "/usr/lib/python3/dist-packages/tornado/gen.py", line 769, in run
 yielded = self.gen.throw(*exc_info)  # type: ignore
   File 
"/usr/lib/python3/dist-packages/notebook/services/sessions/sessionmanager.py", 
line 100, in start_kernel_for_session

 kernel_id = yield maybe_future(
   File "/usr/lib/python3/dist-packages/tornado/gen.py", line 762, in run
 value = future.result()
   File 
"/usr/lib/python3/dist-packages/notebook/services/kernels/kernelmanager.py", 
line 176, in start_kernel
 kernel_id = await maybe_future(self.pinned_superclass.start_kernel(self, 
**kwargs))
   File 
"/usr/lib/python3/dist-packages/jupyter_client/multikernelmanager.py", line 
185, in start_kernel

 km.start_kernel(**kwargs)
   File "/usr/lib/python3/dist-packages/jupyter_client/manager.py", line 313, 
in start_kernel

 self.kernel = self._launch_kernel(kernel_cmd, **kw)
   File "/usr/lib/python3/dist-packages/jupyter_client/manager.py", line 222, 
in _launch_kernel

 return launch_kernel(kernel_cmd, **kw)
   File "/usr/lib/python3/dist-packages/jupyter_client/launcher.py", line 
134, in launch_kernel

 proc = Popen(cmd, **kwargs)
   File "/usr/lib/python3.9/subprocess.py", line 951, in __init__
 self._execute_child(args, executable, preexec_fn, close_fds,
   File "/usr/lib/python3.9/subprocess.py", line 1823, in _execute_child
 raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python'

-

It is certainly true that that file does not exist, but something is obviously 
telling jupyter to look for it. So something about the jupyter configuration 
seems to have been hosed by the upgrade.


The command "jupyter kernelspec list" produces:



[ZB:~] jupyter kernelspec list
-bash: /home/n7dr/.local/bin/jupyter: /usr/bin/python: bad interpreter: No 
such file or directory

[ZB:~]



In buster I had perhaps half a dozen kernels available (and they all worked).

Can someone suggest how I might get back to the fully-working set of kernels 
that I had in buster?


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: Problème carte son USB

[Alexandre D]

Bonjour,

Non, les microcoupures sont aussi en local avec des musiques en .flac, 
.mp3 ou .wav.


J'ai déjà testé avec Librazic, les problèmes sont les mêmes.

Ayant exposé tout ça chez Linuxmao, ils penchent pour un problème de 
pilote, j'ai fait changé la carte USB par mon revendeur pour éliminer le 
problème matériel. Aucun problème à signaler sur Mac ou Windows.


Même avec les autres périphériques de débranché, le problème se reproduit.

Alex.


⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Le 22/11/2021 à 13:47, Haricophile a écrit :

Le Mon, 22 Nov 2021 12:42:04 +0100,
Haricophile  a écrit :

  

Bonjour,

J'ai solliciter les équipes de linuxmao qui me conseille justement de
venir ici car pour eux il s'agirait d'un problème de pilote pour la
carte son.

Merci pour ton message.

Ah possible.

Mais si les microcoupures ne sont que en réseau, je me
poserait quand même la question de savoir s'il ne faut pas gratter par
là.

Dans les questions, il y a quel est le chipset de ta carte, comment tu
diffuse en réseau, pulseaudio sous SID...

Sous SID, il peut aussi y avoir une question du kernel Linux, je
commencerais par tester avec une autre version de kernel, voire avec
une version stable comme Librazic en "live USB".

Ah, et comme c'est de l'USB, a tout zazard débranche les autres
appareils branchés sur le même contrôleur.

Problème carte son USB

[Alexandre D]

Bonjour,

J'ai fait l'acquisition d'une carte son USB (Berhinger UMC202HD) reconnu 
par Debian au démarrage est presque opérationnelle.


Je rencontre un problème de micro coupure lors de la lecture musicale en 
réseau, sur le web ou en local.


J'ai désinstallé puis réinstallé pulseaudio et alsa mais cela ne résout 
pas le problème.


Je suis sous Debian GNU/Linux bookworm/sid x86_64 avec un noyau 
5.15.0-1-amd64.


Merci par avance pour votre aide.

Librement

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋
⠈⠳⣄ ⠀⠀  
Alexandre D.
https://alexbook.fr
alexan...@alexbook.fr

- - - - - - -
System : Debian SID
- - - - - - - -

Re: bullseye and running graphics over ssh

[D. R. Evans]

Greg Wooledge wrote on 10/7/21 2:21 PM:

On Thu, Oct 07, 2021 at 02:15:45PM -0600, D. R. Evans wrote:

For years (decades, actually) I have routinely executed graphical programs
over ssh (i.e., I sit at computer A, ssh into computer B, then run a
graphical program on computer B whose windows, mouse events, etc., all occur
on computer A).

In bullseye, at least out-of-the-box bullseye, this suddenly no longer works.


You should have been using "ssh -X B" all along to get this functionality.
Your previous system A must have had ssh_config (or your personal
.ssh/config) set up to turn on X11 forwarding by default, which is
not recommended.



That's interesting...

ssh_config was overwritten. Normally when a config file I've altered is 
overwritten during an upgrade, I expect to be told and to be given a chance to 
do something sensible -- and that didn't happen in the case of the global ssh 
configuration file. But indeed, comparing the bullseye ssh_config to the one I 
had in buster, I see that ForwardX11 has changed back to "no" whereas I had 
forced it to "yes" in buster.


You're right that making that change in the global config file was bad 
practice, so this time I've left the global ssh_config unchanged from the 
default and added an explicit

  ForwardX11 yes
to the entry for the destination host in ~/.ssh/config.

So nothing to do with Wayland. Thanks for putting me straight and saving me a 
lot of frustration.


  Doc

--
Web:  http://enginehousebooks.com/drevans

bullseye and running graphics over ssh

[D. R. Evans]

For years (decades, actually) I have routinely executed graphical programs 
over ssh (i.e., I sit at computer A, ssh into computer B, then run a graphical 
program on computer B whose windows, mouse events, etc., all occur on computer A).


In bullseye, at least out-of-the-box bullseye, this suddenly no longer works.

I have bullseye running on both computers. The first indication of a problem 
is immediately when I log in via ssh. I now see:

  xrdb: Can't open display ''
as part of the login process.

The cause seems to be the line:
   xrdb -load ~/.Xresources
in .bashrc.

For some reason that no longer works as it has in the past. And this seems to 
be because the DISPLAY variable hasn't been set.


I really don't understand what's going on, because this has worked forever.

And naturally, since DISPLAY isn't set, nothing else works.

Can someone point me to some instructions as to how to fix all this? I suspect 
it's all to do with Wayland suddenly becoming the default.


But I can't find any way to STOP bullseye using Wayland and forcing it to 
revert to the X that I've known since the 1990s. There must be some way either 
to get X working over Wayland or to remove Wayland until it properly supports 
X sessions unobtrusively; but I can't find it.


   Doc

--
Web:  http://enginehousebooks.com/drevans

Re: failed upgrade buster -> bullseye

[D. R. Evans]

D. R. Evans wrote on 10/4/21 4:36 PM:

D. R. Evans wrote on 10/4/21 4:12 PM:

I just tried to upgrade my main desktop machine (this machine) from buster to
bullseye.



I am suspicious that the problem is related to having root on ZFS on this
machine. So I have posted a request for help on the zfsonlinux reflector, and
probably it would be best if no one here spent much (or any) time thinking
about the problem unless/until I am satisfied that the issue is unrelated to 
ZFS.



Indeed, the problem seems to have been caused by using root on ZFS. Running 
bullseye here now.


  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: failed upgrade buster -> bullseye

[D. R. Evans]

D. R. Evans wrote on 10/4/21 4:12 PM:

I just tried to upgrade my main desktop machine (this machine) from buster to
bullseye.



I am suspicious that the problem is related to having root on ZFS on this 
machine. So I have posted a request for help on the zfsonlinux reflector, and 
probably it would be best if no one here spent much (or any) time thinking 
about the problem unless/until I am satisfied that the issue is unrelated to ZFS.


  Doc

--
Web:  http://enginehousebooks.com/drevans

failed upgrade buster -> bullseye

[D. R. Evans]

I just tried to upgrade my main desktop machine (this machine) from buster to 
bullseye.


The upgrade halted with:



...
Setting up libgnustep-base1.27 (1.27.0-3) ...
Processing triggers for shared-mime-info (2.0-1) ...
Setting up gnustep-base-runtime (1.27.0-3) ...
Setting up unar (1.10.1-2+b6) ...
Errors were encountered while processing:
 linux-image-5.10.0-8-amd64
 linux-image-amd64

Sub-process /usr/bin/dpkg returned an error code (1)



I have no idea what to do (other than to refrain from rebooting and hope that 
I don't lose power for so long that the UPS dies).


How do I start to find and fix the problem???

I do have a script record of the entire upgrade. It's about 6MB in length.

  Doc

--
Web:  http://enginehousebooks.com/drevans

Re: problem with sound for bullseye upgrade on amd64: must be root for sound to work on my machine

[James D Freels]

I finally got my sound working.  I followed some advice from here:

https://www.linuxquestions.org/questions/slackware-14/alsa-1-2-5-upgrade-errors-4175695921/page3.html

which was a similar problem to mine, and not sure what did it, but I got 
a flash pop up on my screen about alsa, and tested all things working now.


Man, what a frustration.  Otherwise, the bullseye upgrade has been 
flawless for me so far.


On 8/25/21 2:30 PM, James D Freels wrote:

Thanks for responding Georgi,

I had already tried "alsactl init" earlier based on other advise found 
on the WWW.  However, I did not pay close enough attention because of 
error messages I get as shown below:


alsa-lib main.c:1014:(snd_use_case_mgr_open) error: failed to import 
hw:0 use case configuration -2

Found hardware: "CMI8786" "CMI8786" "CS4245 CMI8786" "0x1043" "0x8467"
Hardware is initialized using a generic method
alsa-lib main.c:1014:(snd_use_case_mgr_open) error: failed to import 
hw:1 use case configuration -2

Found hardware: "USB-Audio" "USB Mixer" "USB046d:082c" "" ""
Hardware is initialized using a generic method
alsa-lib parser.c:260:(error_node) UCM is not supported for this HDA 
model (HDA NVidia at 0xfe9fc000 irq 49)
alsa-lib main.c:1014:(snd_use_case_mgr_open) error: failed to import 
hw:2 use case configuration -6
Found hardware: "HDA-Intel" "Nvidia GPU 51 HDMI/DP" 
"HDA:10de0051,38422724,00100100" "0x3842" "0x2724"

Hardware is initialized using a generic method

I cannot find much about this message, nor how to correct it.

The alsamixer seems to work fine as expected and indicates I have the 
sound card active and should hear sound.


But, it only provides actual sound if I am root.

On 8/25/21 1:28 PM, Georgi Naplatanov wrote:

Hi James,

try to run:

# alsactl init

as root, reboot and adjust all channels with alsamixer or similar with
your (non-root) user.

Kind regards
Georgi

On 8/25/21 20:02, James D Freels wrote:

I have not received a response yet, but I am hoping.

What I know:

-sound works as root, not as user

-snd_oxygen module (required driver for my card) is loaded, but I can't
verify what is loading it.  no messages in dmesg show it being loaded

-since snd_oxygen is loaded, it makes sense that aplay works as root

-pulse does not show the sound card, but does show the hdmi audio on my
nvidia card, and the microphone on my web cam.  Both are muted in
pavucontrol

-big question:  why doesn't sound card get loaded by pulseaudio ?  How
can I force that

-I am now going over every occurrence of a pulseaudio configuration 
file

on my system for a clue

Any help appreciated.  Is there a good troubleshoot procedure for
debian/11/bullseye sound problems ?


On 8/24/21 3:05 PM, James D Freels wrote:

Hello,

I am a long-time debian user, and just recently upgraded my buster
amd64 machine to bullseye.  Essentially everything works as expected
so far.  However, one very nagging problem I currently have is that my
sound does not work unless I am rooted.  For example, if I issue the
command

aplay bark.au

where bark.au is a snippet sound file of a dog barking, it fails.
However, if I issue the command

sudo aplay bark.au

it works fine.  Similar sound playing occurs with any sound-playing
app.  For example mpg123, vlc, etc., all require a sudo or be logged
in as root to work.

I have looked all around the WWW to try to find a solution to this
problem.  The most common solution is to make sure that user ids are
in the audio group in the /etc/group configuration file. Of course, I
have that, and have confirmed it.  This is not a brand new
installation after all, but an upgrade.

Other common remedies I have tried are to fiddle with the pavucontrol
and alsamixer settings.   My sound card does not show up in the
pavucontrol (pulse doesn't find my sound card), but DOES show up in
the alsamixer.

I have also looked at the debian sound wiki, and other sources to try
to fix this problem.

Then, I remembered that I often used this form to learn about debian
way back in the days when I first started using debian about 1994 or
so.  Perhaps I can get some expert help.  Maybe a source I can go down
a list of troubleshoot to nail this one down.  It is obviously a
permissions issue (I also looked at device permissions, etc.).

Just a bit puzzled and frustrated.

P.S.

BTW, my sound card is a C-Media, Xonor DG with chip set CMI8788 and
uses the oxygen HD audio driver.

lspci -v output corresponding:

05:02.0 Multimedia audio controller: C-Media Electronics Inc CMI8788
[Oxygen HD Audio]
 Subsystem: ASUSTeK Computer Inc. CMI8786 (Xonar DG)
 Flags: bus master, medium devsel, latency 64, IRQ 22, NUMA 
node 0

 I/O ports at e800 [size=256]
 Capabilities: [c0] Power Management version 2
 Kernel driver in use: snd_oxygen
 Kernel modules:

Re: problem with sound for bullseye upgrade on amd64: must be root for sound to work on my machine

[James D Freels]

Thanks for responding Georgi,

I had already tried "alsactl init" earlier based on other advise found 
on the WWW.  However, I did not pay close enough attention because of 
error messages I get as shown below:


alsa-lib main.c:1014:(snd_use_case_mgr_open) error: failed to import 
hw:0 use case configuration -2

Found hardware: "CMI8786" "CMI8786" "CS4245 CMI8786" "0x1043" "0x8467"
Hardware is initialized using a generic method
alsa-lib main.c:1014:(snd_use_case_mgr_open) error: failed to import 
hw:1 use case configuration -2

Found hardware: "USB-Audio" "USB Mixer" "USB046d:082c" "" ""
Hardware is initialized using a generic method
alsa-lib parser.c:260:(error_node) UCM is not supported for this HDA 
model (HDA NVidia at 0xfe9fc000 irq 49)
alsa-lib main.c:1014:(snd_use_case_mgr_open) error: failed to import 
hw:2 use case configuration -6
Found hardware: "HDA-Intel" "Nvidia GPU 51 HDMI/DP" 
"HDA:10de0051,38422724,00100100" "0x3842" "0x2724"

Hardware is initialized using a generic method

I cannot find much about this message, nor how to correct it.

The alsamixer seems to work fine as expected and indicates I have the 
sound card active and should hear sound.


But, it only provides actual sound if I am root.

On 8/25/21 1:28 PM, Georgi Naplatanov wrote:

Hi James,

try to run:

# alsactl init

as root, reboot and adjust all channels with alsamixer or similar with
your (non-root) user.

Kind regards
Georgi

On 8/25/21 20:02, James D Freels wrote:

I have not received a response yet, but I am hoping.

What I know:

-sound works as root, not as user

-snd_oxygen module (required driver for my card) is loaded, but I can't
verify what is loading it.  no messages in dmesg show it being loaded

-since snd_oxygen is loaded, it makes sense that aplay works as root

-pulse does not show the sound card, but does show the hdmi audio on my
nvidia card, and the microphone on my web cam.  Both are muted in
pavucontrol

-big question:  why doesn't sound card get loaded by pulseaudio ?  How
can I force that

-I am now going over every occurrence of a pulseaudio configuration file
on my system for a clue

Any help appreciated.  Is there a good troubleshoot procedure for
debian/11/bullseye sound problems ?


On 8/24/21 3:05 PM, James D Freels wrote:

Hello,

I am a long-time debian user, and just recently upgraded my buster
amd64 machine to bullseye.  Essentially everything works as expected
so far.  However, one very nagging problem I currently have is that my
sound does not work unless I am rooted.  For example, if I issue the
command

aplay bark.au

where bark.au is a snippet sound file of a dog barking, it fails.
However, if I issue the command

sudo aplay bark.au

it works fine.  Similar sound playing occurs with any sound-playing
app.  For example mpg123, vlc, etc., all require a sudo or be logged
in as root to work.

I have looked all around the WWW to try to find a solution to this
problem.  The most common solution is to make sure that user ids are
in the audio group in the /etc/group configuration file. Of course, I
have that, and have confirmed it.  This is not a brand new
installation after all, but an upgrade.

Other common remedies I have tried are to fiddle with the pavucontrol
and alsamixer settings.   My sound card does not show up in the
pavucontrol (pulse doesn't find my sound card), but DOES show up in
the alsamixer.

I have also looked at the debian sound wiki, and other sources to try
to fix this problem.

Then, I remembered that I often used this form to learn about debian
way back in the days when I first started using debian about 1994 or
so.  Perhaps I can get some expert help.  Maybe a source I can go down
a list of troubleshoot to nail this one down.  It is obviously a
permissions issue (I also looked at device permissions, etc.).

Just a bit puzzled and frustrated.

P.S.

BTW, my sound card is a C-Media, Xonor DG with chip set CMI8788 and
uses the oxygen HD audio driver.

lspci -v output corresponding:

05:02.0 Multimedia audio controller: C-Media Electronics Inc CMI8788
[Oxygen HD Audio]
     Subsystem: ASUSTeK Computer Inc. CMI8786 (Xonar DG)
     Flags: bus master, medium devsel, latency 64, IRQ 22, NUMA node 0
     I/O ports at e800 [size=256]
     Capabilities: [c0] Power Management version 2
     Kernel driver in use: snd_oxygen
     Kernel modules: snd_oxygen

Nothing has changed with the hardware, and I know the setup works.
This seems to be a permissions/software issue.




--
Father, if you are willing, please take this cup of suffering away
from me. Yet I want your will to be done, not mine.

Luke 22:42 NLT

James D. Freels, Ph.D., P.E.
freel...@gmail.com
865-457-6742 (landline)
865-919-0320 (cell)

Re: problem with sound for bullseye upgrade on amd64: must be root for sound to work on my machine

[James D Freels]

I have not received a response yet, but I am hoping.

What I know:

-sound works as root, not as user

-snd_oxygen module (required driver for my card) is loaded, but I can't 
verify what is loading it.  no messages in dmesg show it being loaded


-since snd_oxygen is loaded, it makes sense that aplay works as root

-pulse does not show the sound card, but does show the hdmi audio on my 
nvidia card, and the microphone on my web cam.  Both are muted in 
pavucontrol


-big question:  why doesn't sound card get loaded by pulseaudio ?  How 
can I force that


-I am now going over every occurrence of a pulseaudio configuration file 
on my system for a clue


Any help appreciated.  Is there a good troubleshoot procedure for 
debian/11/bullseye sound problems ?



On 8/24/21 3:05 PM, James D Freels wrote:

Hello,

I am a long-time debian user, and just recently upgraded my buster 
amd64 machine to bullseye.  Essentially everything works as expected 
so far.  However, one very nagging problem I currently have is that my 
sound does not work unless I am rooted.  For example, if I issue the 
command


aplay bark.au

where bark.au is a snippet sound file of a dog barking, it fails. 
However, if I issue the command


sudo aplay bark.au

it works fine.  Similar sound playing occurs with any sound-playing 
app.  For example mpg123, vlc, etc., all require a sudo or be logged 
in as root to work.


I have looked all around the WWW to try to find a solution to this 
problem.  The most common solution is to make sure that user ids are 
in the audio group in the /etc/group configuration file. Of course, I 
have that, and have confirmed it.  This is not a brand new 
installation after all, but an upgrade.


Other common remedies I have tried are to fiddle with the pavucontrol 
and alsamixer settings.   My sound card does not show up in the 
pavucontrol (pulse doesn't find my sound card), but DOES show up in 
the alsamixer.


I have also looked at the debian sound wiki, and other sources to try 
to fix this problem.


Then, I remembered that I often used this form to learn about debian 
way back in the days when I first started using debian about 1994 or 
so.  Perhaps I can get some expert help.  Maybe a source I can go down 
a list of troubleshoot to nail this one down.  It is obviously a 
permissions issue (I also looked at device permissions, etc.).


Just a bit puzzled and frustrated.

P.S.

BTW, my sound card is a C-Media, Xonor DG with chip set CMI8788 and 
uses the oxygen HD audio driver.


lspci -v output corresponding:

05:02.0 Multimedia audio controller: C-Media Electronics Inc CMI8788 
[Oxygen HD Audio]

    Subsystem: ASUSTeK Computer Inc. CMI8786 (Xonar DG)
    Flags: bus master, medium devsel, latency 64, IRQ 22, NUMA node 0
    I/O ports at e800 [size=256]
    Capabilities: [c0] Power Management version 2
    Kernel driver in use: snd_oxygen
    Kernel modules: snd_oxygen

Nothing has changed with the hardware, and I know the setup works.  
This seems to be a permissions/software issue.





--
Father, if you are willing, please take this cup of suffering away
from me. Yet I want your will to be done, not mine.

Luke 22:42 NLT

James D. Freels, Ph.D., P.E.
freel...@gmail.com
865-457-6742 (landline)
865-919-0320 (cell)

problem with sound for bullseye upgrade on amd64: must be root for sound to work on my machine

[James D Freels]

Hello,

I am a long-time debian user, and just recently upgraded my buster amd64 
machine to bullseye.  Essentially everything works as expected so far.  
However, one very nagging problem I currently have is that my sound does 
not work unless I am rooted.  For example, if I issue the command


aplay bark.au

where bark.au is a snippet sound file of a dog barking, it fails.  
However, if I issue the command


sudo aplay bark.au

it works fine.  Similar sound playing occurs with any sound-playing 
app.  For example mpg123, vlc, etc., all require a sudo or be logged in 
as root to work.


I have looked all around the WWW to try to find a solution to this 
problem.  The most common solution is to make sure that user ids are in 
the audio group in the /etc/group configuration file. Of course, I have 
that, and have confirmed it.  This is not a brand new installation after 
all, but an upgrade.


Other common remedies I have tried are to fiddle with the pavucontrol 
and alsamixer settings.   My sound card does not show up in the 
pavucontrol (pulse doesn't find my sound card), but DOES show up in the 
alsamixer.


I have also looked at the debian sound wiki, and other sources to try to 
fix this problem.


Then, I remembered that I often used this form to learn about debian way 
back in the days when I first started using debian about 1994 or so.  
Perhaps I can get some expert help.  Maybe a source I can go down a list 
of troubleshoot to nail this one down.  It is obviously a permissions 
issue (I also looked at device permissions, etc.).


Just a bit puzzled and frustrated.

P.S.

BTW, my sound card is a C-Media, Xonor DG with chip set CMI8788 and uses 
the oxygen HD audio driver.


lspci -v output corresponding:

05:02.0 Multimedia audio controller: C-Media Electronics Inc CMI8788 
[Oxygen HD Audio]

    Subsystem: ASUSTeK Computer Inc. CMI8786 (Xonar DG)
    Flags: bus master, medium devsel, latency 64, IRQ 22, NUMA node 0
    I/O ports at e800 [size=256]
    Capabilities: [c0] Power Management version 2
    Kernel driver in use: snd_oxygen
    Kernel modules: snd_oxygen

Nothing has changed with the hardware, and I know the setup works.  This 
seems to be a permissions/software issue.




--

James D. Freels, Ph.D., P.E.
freel...@gmail.com
865-457-6742 (landline)
865-919-0320 (cell)

Re: Firewall POSTROUTING problem

[Alain D D Williams]

On Thu, Aug 12, 2021 at 01:28:57AM +0300, IL Ka wrote:
> >
> >
> >
> > > > iptables -A FORWARD -j ACCEPT
> >
> 
> Are you sure your packets are forwarded via netfilter?
> Try to disable forwarding (with sysctl) or change rulte to -j DROP and
> check traffic with sniffer (no packet should be forwarded from virt machine
> to the Internet)

It now works all of a sudden  I am scratching my head to see what I have
changed. The only thing is rebooting the virtual machine that I was testing
from. I cannot see that that should have made a difference. I was changing the
firewall ...

Anyway: thanks for now, I am sorry if I have wasted anyone's time :-(

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Firewall POSTROUTING problem

[Alain D D Williams]

On Wed, Aug 11, 2021 at 11:50:30PM +0200, deloptes wrote:
> Alain D D Williams wrote:
> 
> > iptables -A FORWARD -j ACCEPT
> > 
> 
> and the OUTPUT?

OUTOUT is also ACCEPT, however this is not, I think, important as the packets
come from 10.239.239.23 (via br0) and go to the Internet - thus FORWARD is what
is important. Anyway: I see (on the modem) the packets with source 10.239.239.23

> > and this is not a problem ... evidence is outgoing packets with source
> > address 10.239.239.23
> 
> ah, ok, I misinterpreted it.

The important stuff from ifconfig is:

br0: flags=4163  mtu 1500
inet 10.239.239.254  netmask 255.255.255.0  broadcast 10.239.239.255
inet6 fe80::7ca1:36ff:fe12:7402  prefixlen 64  scopeid 0x20
ether ee:3c:27:eb:c0:4f  txqueuelen 1000  (Ethernet)
RX packets 31632  bytes 2596968 (2.4 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2065  bytes 374487 (365.7 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163  mtu 1500
inet 192.168.108.2  netmask 255.255.255.0  broadcast 192.168.108.255
inet6 2001:4d48:ad51:2f00::2:2  prefixlen 112  scopeid 0x0
inet6 fe80::922b:34ff:fe12:6470  prefixlen 64  scopeid 0x20
ether 90:2b:34:12:64:70  txqueuelen 1000  (Ethernet)
RX packets 922014  bytes 240006341 (228.8 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 562616  bytes 80027668 (76.3 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Firewall POSTROUTING problem

[Alain D D Williams]

On Wed, Aug 11, 2021 at 11:32:51PM +0200, deloptes wrote:

> I remember it was not only the POSTROUTING. May be I am wrong, but I think
> FORWARD and OUTPUT is important.
> I also wonder why you are mixing up the -s and --to-source. You should be
> using the local address for -s and --to-source the translation (the
> outgoing addresses 10.239.239.23)

This says that anything with a source address 10.239.239.0/24 (ie virtual
machine) will have the source address changed to 192.168.108.2; this is so that
the BB modem does another NAT setting the source address to my external IP
address.

While I am debugging this, to avoid complication, I have set:

iptables -A FORWARD -j ACCEPT

and this is not a problem ... evidence is outgoing packets with source address
10.239.239.23

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Firewall POSTROUTING problem

[Alain D D Williams]

Hi,

I have problems getting POSTROUTING to work on a Debian 10 box.

Setup:

INTERNET ... Broadband modem 192.168.108.1

Network internal to the Debian box for virtual machines 10.239.239.0/24 

Debian has address 192.168.108.2 (interface enp3s0) and 10.239.239.254 
(interface br0)

Processes on Debian 10 can talk to the Internet

Processes on virtual machines (eg 10.239.239.23) can talk to the Debian machine
(ie 192.168.108.2) on which they are hosted.

If on 10.239.239.23 I ping the BBC (212.58.249.145) and look with a packet
sniffer on the BB modem I see outgoing addresses 10.239.239.23

This should not happen. I am running an iptables firewall that should fix this
with the rule below:

iptables -t nat -A POSTROUTING -s 10.239.239.0/24 -j SNAT --to-source 
192.168.108.2

I have tried variations like:
iptables -t nat -A POSTROUTING -o enp3s0 -j SNAT --to-source 192.168.108.2


It is as if the POSTROUTING rule is being ignored.

This seems to be confirmed by the output below which shows that 0 packets have
been through POSTROUTING.

Can anyone shed any light on this ?

Thanks in advance



# iptables -L -n -t nat -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 


Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 

0 0 SNAT   all  --  *  *   10.239.239.0/24  0.0.0.0/0   
 to:192.168.108.2

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 
 


-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: Memory allocation failed during fsck of large EXT4 filesystem

[Thomas D. Dean]

On 7/5/21 1:54 PM, Michael Stone wrote:

On Mon, Jul 05, 2021 at 12:53:39PM +0300, IL Ka wrote:

7TB seems like too much for one partition imho.
Consider splitting it into the parts


That's silly. It's 2021; 7TB isn't particularly large and there's no 
value in breaking things into multiple partitions for no reason.




Maybe to have the ability to restore or reinstall the system without 
bothering /home?

Re: Debian stable - updates

[D. R. Evans]

Christian wrote on 6/25/21 6:19 AM:



Is Debian stable safe to use - I mean in the sense that it gets security
updates for the installed packages?



Yes, it does get security updates. It also gets non-security updates for some 
of the most popular packages.


For years I have run debian stable on my main desktop machine (the one I am 
using to type this e-mail). It has had fewer major issues than any other 
distribution I have tried.


  Doc Evans

--
Web:  http://enginehousebooks.com/drevans

Re: How do I permanently disable unattended downloads of software/security updates?

[Thomas D. Dean]

On 6/3/21 11:15 PM, Stella Ashburne wrote:

Hi Thomas

Thank you for your help and time. I really appreciate it.


Sent: Friday, June 04, 2021 at 10:23 AM
From: "Thomas D. Dean" 
To: debian-user@lists.debian.org
Subject: Re: How do I permanently disable unattended downloads of 
software/security updates?

I have the same problem.


OK, but do you use Ubuntu or Debian or both?


I saw this in: https://askubuntu.com/questions/1038923

sudo systemctl disable apt-daily.service
sudo systemctl disable apt-daily.timer

sudo systemctl disable apt-daily-upgrade.timer
sudo systemctl disable apt-daily-upgrade.service


A poster named l0f...@tuta.io replied to me via this mailing list yesterday and 
below is what he wrote (verbatim):

"Cannot remember if you have Gnome installed but you should have a look at 
https://unix.stackexchange.com/a/594287, especially ALL the associated comments (click on 
"Show 7 more comments")."

When I did a *fresh* minimal install of Debian about two years ago, I didn't 
install the whole Gnome DE. Instead, I installed the following packages: xorg 
gnome-core gnome-tweak-tool synaptic file-roller gedit

A few days ago, after reading replies from some posters, I purged the package 
called unattended-upgrades. I don't know how and when it was installed in the 
first place. You see, about two years I chose the option Expert Install 
(without GUI) and during the installation process, I chose the option to not 
install updates automatically.

After reading what was written in the page 
(https://unix.stackexchange.com/a/594287), I disabled the package called 
PackageKit today. Only time will tell if said step works.

By the way, does Ubuntu use the full or stripped-down version of Gnome Desktop 
Environment?

*fresh* = not upgraded from Debian Stretch



I use Ubuntu.  I removed the ubuntu desktop and installed vanilla gnome. 
Google:

'Converting Ubuntu 20.04 LTS to Vanilla Gnome3'

After I disabled timers, I rebooted.  apt-update && apt-upgrade.  After 
that I had one popup  that said I had upgrades pending.  The apt timer 
was set to expire in 3 hours...