Re: Purge Empathy messes up apt
Hello cortman, cortman c0rt...@gmail.com wrote: So I ran apt-get purge empathy from the command line, which uninstalled it just fine- but now when I run apt-get for any other reason it returns a long list of packages that were automatically installed and are no longer required. Below is a complete list. 0 15:36 0 claudius@ares: /media/nffs/std $ apt-cache rdepends empathy empathy Reverse Depends: gnome-core [...] gnome-desktop-environment Hence, probably gnome-core and/or gnome-desktop-enviroment were also removed when you removed empathy. These are meta-packages which in turn pull in all the other packages. You will hence have to mark these other packages you want to keep as automatically installed. Probably the best way to do this is to choose the relevant main packages (for example, rhythmbox) and do # apt-get install rhythmbox which should mark rhythmbox as manually installed (and therefore won’t propose the removal of, for example, rhythmbox-data). Of course, you can also just mark all packages as manually installed. And no, this is not a bug but a feature :) Best regards, Claudius -- A board is the planck unit of boredom. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: is it rational to close the 139 port
Hello lina, this is a rather strange name :) lina lina.lastn...@gmail.com wrote: BTW, why need allow ping? from outside? 59 # Allow ping 60 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT It doesn’t help to block ICMP echo requests: - if you block them by dropping them, the other party knows that you are (most likely) there, since otherwise the last-but-one hop would return ‘No route to host’. - if you block them by rejecting them, the other party knows that you are there. - if you accept them, the other party knows that you are there and is able to link no replies to network problems (see first point). While it is technically possible to block these requests for IPv4, you should never block ICMPv6, since it is necessary to do SLAAC. Best regards, Claudius -- A board is the planck unit of boredom. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Preventing APT from upgrading to wheezy/sid?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello nyuszika7h, nice name, btw. nyuszika7h litemininyusz...@gmail.com wrote: This unfortunately does not work though. How could I prevent APT from upgrading to wheezy/sid? Try something like APT::Default-Release squeeze; in /etc/apt/apt.conf. Best regards, Claudius - -- A board is the planck unit of boredom. http://chubig.net telnet nightfall.org 4242 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQApagAAoJEMCBEuXXLNukqikP/iMiWZyWxmNNIS6szjbSISaZ a953kQ9JOUnR3xpwm8swissF0oRRrbxXZ5vA0f8Gdno4g666E6CB8dYohX9B0IX4 9EDEOujelRf/nSUq60VG6vbdixoz8rOhQgNL/ip1iETaiokgSKCKUdLc6nLy2u4L t0bNeD+hiFG9IdGBg212hYiznSzo4XHdgEinOI5T25hEBZXgI46/ja/GpJA/k3kH 5J/pNFQ2MpfhaUdYk5MCF560SVbhnC6JYv6sJz6fzGPSbBV3nHrR4kxmik05GGpE g23Jx1JzZJCH8McjVeOlLDqusOMKeUcbem6qyqz5hg3moSw6I/THRSqET6kqdQMm gZtV4hYLDG7hdHzQabxMO6BdggWkhAUTa6uwCshdDDaSRE5jwXGxULa7Hwun3tvw jfFwPsRV969rR8AwHU97V0wcxGZiB1wPrhneXRv5J3Twtrui+1gYJ+jqmPmE7or1 YbvVkBDKlnavqBTHcfMwV/LeZjVZ2P6QF8zLy3TEiG3PU6h2rKJ0LRI6uTUK8IkA fa4Cr3nc2nMPYhz/F1g8Di9UODYHsDsMx+YoHm7PkqUf2h/pnNyfhBJliDYsuWuj 1t+wdPxPPDEUtn+kg1GbYwoVTmLNG85pE9qQMVdfrLXBZdECG1Ul0Kf6iVRSeyQR 1vpqqfyxiip2P+93kcVa =H9vW -END PGP SIGNATURE-
Re: How can I install an amd64 to my new bought Laptop/
Hello Benimaur,
Benimaur Gao benim...@gmail.com wrote:
OK.
1. I dd the netinst iso to a flash disk boot the machine with it.
2. I try to rsync the whole system to my new machine
by rsync -av /* --exclude={/home/user/*,/sys/*,/dev/*,/proc/*,/mnt/*}
If you simply want to copy your old system onto the new machine, why
do you need the netinstall images? It might lack some proper hardware
detection and is meant for other uses (though it can usually also
work as you intend it to do).
I’d suggest using either some of the many live CDs with good hardware
detection or the i386 netinstall which appears to work fine to you.
It should be able to chroot into your system just as well (assuming
it’s an i386 system).
If you, for some reason, decide to stick with the amd64 netinstall
CD, I suggest you try the various boot parameters to disable specific
options/enable hardware quirks.
Best regards,
Claudius
--
A board is the planck unit of boredom.
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
Re: (Some advances...) Re: Shutting down error
Hello Camaleón, Camaleón noela...@gmail.com wrote: init-+-exe |-rc---startpar---sendsigs---pstree |-rpcbind Could you, on a running system, check whether an ‘exe’ process is running and to whom it belongs? rpcbind belongs to NFS, IIRC (also a possible service to disable), and the other line is pstree itself. Best regards, Claudius -- A board is the planck unit of boredom. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: apt-get update, apt-get upgrade, and now system fails to boot
Hello David, David Christensen dpchr...@holgerdanske.com wrote: The warning target sda2_crypt uses a key file, skipped doesn't make sense -- /dev/sda2 does not use a key file: 2012-07-10 17:18:38 root@i72600s ~ # cat /etc/crypttab sda2_crypt UUID=c020df80-6439-4e9e-a70e-0ff303d61180 none,discard luks s1f042hh_crypt UUID=d63e063d-c4f6-4a8f-8270-872a4cf51a3d /root/.luks-keyfile luks Reboot -- same problem. So the problem is apparently in the building of the initrd and its detection of ‘necessary’ modules…could you try without the discard option in crypttab? none luks works quite fine over here. If that fixes the problem, we’d at least have a clue where to start. Best regards, Claudius -- Classical music is the kind we keep thinking will turn into a tune. -- Kin Hubbard, Abe Martin's Sayings http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: apt-get update, apt-get upgrade, and now system fails to boot
Hello David, David Christensen dpchr...@holgerdanske.com wrote: Loading Linux 3.2.0-0.bpo.2-amd64 ... Loading initial ramdisk ... Loading, please wait... Gave up waiting for root device. Common problems: - Boot args (cat /proc/cmdline) - Check rootdelay= (did the system wait long enough?) - Check root= (did the system wait for the right device?) - Missing modules (cat /proc/modules; ls /dev) ALERT! /dev/mapper/sda2_crypt does not exist. Dropping to a shell! Any suggestions? a) Check whether your initrd is, in general, capable of mounting the root device. Check whether the ‘cryptsetup’ command is available. If it is available, try the following: # cryptsetups luksOpen /dev/sda2 sda2_crypt It should ask for the encryption passphrase. If that works, check if /dev/mapper/sda2_crypt exists and if so, try to log out of the busybox shell. It should then continue booting. b) If that doesn’t work - either because cryptsetup is not available or because a module is missing from the initrd, boot into your old kernel. Then try to rebuild the initrd (update-initramfs, IIRC) with the verbose flag and check if it adds the cryptsetup binary and associated kernel modules. If it did, try to reboot. c) If the modules are not added to the initrd or if the cryptsetup binary is not added to the initrd, check if you can add the associated modules to /etc/initramfs-tools/modules. Additionally, you might want to change MODULES=dep to MODULES=most in initramfs.conf and test if that works. You might also want to check whether the packages mentioned at the link provided by Camaleón (lvm2, cryptsetup) are installed, but they _should_ be installed. Best regards, Claudius -- Do not drink and drive. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Reason to use a partition
Hello Ramon, Ramon Hofer ramonho...@bluewin.ch wrote: /dev/sdi1 jfs1.9T 1.9T 3.9G 100% /mnt/recordings /dev/sdk xfs1.9T 1.9T 3.3G 100% /mnt/recordings_temp Is there a reason why one should use a partition spanning the whole disk instead of creating the filesystem directly on the disk? If you use a partition, it is possible to move the partition a little bit (a few kilo-/megabytes is usually enough) to align it with the blocks of the HDD. I don’t know if this is possible when using disks directly. In any case, it will be impossible to boot from such a disk, since there’s no room for the MBR (or, if there is room for the MBR, the filesystem will be unaligned with the disk blocks). I therefore would always prefer to use a single-partition layout rather than the raw disk. Best regards, Claudius -- It is better to travel hopefully than to fly Continental. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Reason to use a partition
Hello Stan, Stan Hoeppner s...@hardwarefreak.com wrote: As I replied on XFS, there's ZERO reason for putting one partition on a dedicated mythTV recording drive. And since this is an Advanced Format drive, you instantly misaligned XFS by creating that partition. None of the Squeeze partitioning tools understand ADF drives and will all therefore create a sector misaligned partition, causing serious performance degradation due to RMW cycles within the drive. I can remember creating a correctly aligned partition about one year ago on a 2 TB drive. I suspect this was with the tools from Squeeze and I know that the logical block size of the drive differed from the physical block size. However, I had to feed this information manually to the partitioning program. Best regards, Claudius -- Most people can't understand how others can blow their noses differently than they do. -- Turgenev http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: startup script
Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: Hi, I have a script (non gui) which I want to run each time I log in. Which is the correct way to do this? Log in on a TTY/console or into a desktop environment? KDE, Xfce and GNOME all have autostart settings, other non-DE graphical interfaces usually use .xinitrc to start things automatically. If you are on a bare shell, try .bashrc or .profile. Best regards, Claudius -- The best thing about being bald is, that, when unexpected company arrives, all you have to do is straighten your tie. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: startup script
Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: On 01/07/12 13:01, Claudius Hubig wrote: Thanks, Claudius. This is primarily for KDE, but I would expect it to work for a console login as well. Does KDE try to run ~/.bashrc or ~/.profile? I doubt that it runs .bashrc, but it may well run .profile. It’s probably best to try that out yourself by creating a small file containing the time of execution and maybe the PPID, logging in and then checking what the file contains :) The reason I asked here is because I previously tried doing exactly what you suggest by putting a link in ~/.kde/Autostart to the script, but it doesn't appear to work. Did you try to use the ‘official’ tool? http://docs.kde.org/stable/en/kde-workspace/kcontrol/autostart/index.html appears to describe this thing, but I don’t use KDE and hence don’t know whether it would work for you. I don't appear to have ~/.bashrc nor ~/.profile. Both files should be created from /etc/skel upon creation of your user profile. Best regards, Claudius -- Tact in audacity is knowing how far you can go without going too far. -- Jean Cocteau http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Filezilla a security risk
Hello Camaleón, Camaleón noela...@gmail.com wrote: On Sat, 30 Jun 2012 12:45:08 +0200, Denis Witt wrote: I like how MacOS handle this, nearly every application designed for MacOS is using the built in Keychain. Of course, if the keychain tool isn't secure this is a big problem. That's similar to what GNOME keyring does and you can also use an unsecure keyring by removing the passsord and exposing the stored credentials as plain text but of course, that's up to the user and how he/ she wants to manage the login information. And if FileZilla wanted to make use of this possibility, they had to (let me check the list of supported platforms): - Support the Gnome keyring - Support KWallet (KDE) - Support this MacOS thingy - Think about something for Windows and someone would still decide that their favourite environment™ is missing and complain about FileZilla being a security problem. Sure, all that can be done, but it is certainly not the job of an application to secure user data, that’s the job of the OS. Best regards, Claudius -- You should go home. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Filezilla a security risk
Hello francis, francis picabia fpica...@gmail.com wrote: On Wed, Jun 27, 2012 at 4:46 PM, Andrei POPESCU andreimpope...@gmail.com wrote: On Mi, 27 iun 12, 16:26:48, francis picabia wrote: I've just learned Filezilla is a security risk. It stores saved passwords and the last used password in a plain text file. As do many other programs. Huh. None that I run. Perhaps your standards are, uh, different. Pidgin OpenSSH if used without passphrases, just to name two examples. Claws-Mail applies some weird obfuscation that doesn't really help, except for that I have to store my passwords somewhere else in plaintext, too. the hacker. In this case we advise users to uninstall Filezilla and use something else. Not all Windows users of FTP tools are IT savvy. ^^^ They need warnings and guidance frequently. I passed this on so others can reduce their threat potential. Your users, your _Windows_ users, are certainly your problem and not one that should be discussed on the debian-user ML. However, if you find it a problem that programmes tend to leave unencrypted, sensible data in /home rather than employing some more-or-less fake encryption/obfuscation, feel free to suggest better ways to reach the following target: - It is not necessary to enter all passwords of every account upon start of the programme. - There is some sort of authentication, i.e. not every single computer on this planet can log in. - It works even if there is nobody around to enter passphrases/master passwords (e.g., rsync over SSH to remote hosts). Best regards, Claudius -- Adding sound to movies would be like putting lipstick on the Venus de Milo. -- actress Mary Pickford, 1925 http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: What is the status of multiarch?
Hello Camaleón, Camaleón noela...@gmail.com wrote: On Tue, 26 Jun 2012 23:20:05 +0200, Claudius Hubig wrote: It works quite nicely over here on a testing/sid system with the ^^^ In the Spanish mailing list, a user reported a few days ago that he completely messed up his full wheezy system when he tried to install Wine ^^ in his 64-bits installation. I would assume that it is currently rather difficult to have a pure wheezy system with Multi-Arch, since some packages may still be trapped in unstable. For example, the multiarchified version of wine-bin only migrated to testing on 21 June. To be sincere, I'm a bit reluctant about the multiarch system. I would prefer playing with it on virtual/testing machines and not yet over production systems. Neither wheezy nor sid systems are supposed to be production system and may break at any time. Best regards, Claudius -- No bird soars too high if he soars with his own wings. -- William Blake http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Changing pass-phrase on dm-crypt'ed disks
Hello Nick, Nick Boyce n...@glimmer.adsl24.co.uk wrote: You can check with # cryptsetup luksDump device Hmm .. well thanks for that command (I'm a novice) ... which confirms what you say - my single encrypted raw disk partition (containing the LVM mapped system volumes) does indeed have a LUKS header, with 8 keyslots; slot 0 is marked ENABLED, while the other 7 are DISABLED. I think I'll proceed by doing a 'luksHeaderBackup', and then trying a pass- phrase change. The subject will be 350Gb of data which has taken two months to set up, so I'll be holding my breath :-/ If you do luksAddKey, you’ll have to enter one of the old passphrases. After that, you can try unlocking the volume with the new passphrase. If that succeeds, you can use luksKillSlot to remove the first slot. For that, you’ll have to enter one of the remaining passphrases (i. e. the one you just added). I did this several times without problems, although I would suggest unmounting the filesystem and closing the device. Best regards, Claudius -- The life which is unexamined is not worth living. -- Plato http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Changing pass-phrase on dm-crypt'ed disks
Hello Nick, Nick Boyce n...@glimmer.adsl24.co.uk wrote: On Tuesday 26 Jun 2012 10:47:50 Claudius Hubig wrote: If you do luksAddKey, you’ll have to enter one of the old passphrases. After that, you can try unlocking the volume with the new passphrase. If that succeeds, you can use luksKillSlot to remove the first slot. luksDelKey or luksKillSlot ? I don't yet understand the relationship between them, nor when it is necessary to kill a key slot. Neither do I and the manpage doesn’t make that very clear either. Um ... I'd have to be in single-user mode then I guess ... assuming there's even enough software in /boot (and/or the initramfs) to fiddle with unmounted encrypted root filesystems. Then first add the new key, reboot, check if the new key works, and then delete the old one. That should work. I don’t think the cryptsetup contained in the initramfs can do all that. Best regards, Claudius -- I say we take off; nuke the site from orbit. It's the only way to be sure. -- Corporal Hicks, in Aliens http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: What is the status of multiarch?
Hello Hans-J.,
Hans-J. Ullrich hans.ullr...@loop.de wrote:
On my 64-bit system I am using only very few applications, which are still 32-
bit. For example wine, skype, x-plane and a few others.
So, as my old configuration is still working fine, but I am always intending
to
improve my system, what is the best (debian)-way for my needs?
It works quite nicely over here on a testing/sid system with the
following packages:
0 23:18 0 claudius@ares: ~ $ dpkg-query -W
-f='${Package}\t${Version}\t${Architecture}\n' '*:i386' | column -t
adobereader-enu 9.5.1 i386
gcc-4.7-base 4.7.0-8i386
libasound21.0.25-3 i386
libatk1.0-0 2.4.0-2i386
libaudio2 1.9.3-5i386
libavahi-client3 0.6.31-1 i386
libavahi-common-data 0.6.31-1 i386
libavahi-common3 0.6.31-1 i386
libc6 2.13-33i386
libcairo2 1.12.2-1 i386
libcomerr21.42.2-2 i386
libcups2 1.5.3-1i386
libdatrie10.2.5-3i386
libdbus-1-3 1.5.12-1 i386
libexpat1 2.1.0-1i386
libffi5 3.0.10-3 i386
libfontconfig12.9.0-6i386
libfreetype6 2.4.9-1i386
libgcc1 1:4.7.0-8 i386
libgcrypt11 1.5.0-3i386
libgdk-pixbuf2.0-02.26.1-1 i386
libglib2.0-0 2.32.3-1 i386
libgnutls26 2.12.19-1 i386
libgpg-error0 1.10-3 i386
libgssapi-krb5-2 1.10.1+dfsg-1 i386
libgtk2.0-0 2.24.10-1 i386
libice6 2:1.0.8-2 i386
libjasper11.900.1-13 i386
libjbig0 2.0-2 i386
libjpeg8 8d-1 i386
libk5crypto3 1.10.1+dfsg-1 i386
libkeyutils1 1.5.5-2i386
libkrb5-3 1.10.1+dfsg-1 i386
libkrb5support0 1.10.1+dfsg-1 i386
liblcms1 1.19.dfsg-1.1 i386
liblzma5 5.1.1alpha+20110809-3 i386
libmng1 1.0.10-3 i386
libmpg123-0 1.14.2+svn20120622-1 i386
libncurses5 5.9-9 i386
libp11-kit0 0.12-3 i386
libpango1.0-0 1.30.0-1 i386
libpcre3 1:8.30-5 i386
libpixman-1-0 0.24.4-1 i386
libpng12-01.2.49-1 i386
libqt4-dbus 4:4.8.2-1 i386
libqt4-network4:4.8.2-1 i386
libqt4-xml4:4.8.2-1 i386
libqtcore44:4.8.2-1 i386
libqtgui4 4:4.8.2-1 i386
libselinux1 2.1.9-2i386
libsm62:1.2.1-2 i386
libssl1.0.0 1.0.1c-3 i386
libstdc++64.7.0-8i386
libtasn1-32.12-1 i386
libthai0 0.1.17-1 i386
libtiff4 3.9.6-5i386
libtinfo5 5.9-9 i386
libuuid1 2.20.1-5 i386
libwine 1.4.1-1i386
libwine-bin 1.4.1-1i386
libwine-cms 1.4.1-1i386
libx11-6 2:1.4.99.901-2 i386
libxau6 1:1.0.7-1 i386
libxcb-render01.8.1-1i386
libxcb-shm0 1.8.1-1i386
libxcb1 1.8.1-1i386
libxcomposite11:0.4.3-2 i386
libxcursor1 1:1.1.13-1 i386
libxdamage1 1:1.1.3-2 i386
libxdmcp6 1:1.1.1-1 i386
libxext6 2:1.3.1-2 i386
libxfixes31:5.0-4i386
libxft2 2.2.0-3i386
libxi62:1.6.1-1 i386
libxinerama1 2:1.1.2-1 i386
libxml2 2.8.0+dfsg1-3 i386
libxrandr22:1.3.2-2 i386
libxrender1 1:0.9.7-1 i386
libxss1 1:1.2.2-1 i386
libxt61:1.1.3-1 i386
libxv12:1.0.7-1 i386
skype 4.0.0.7-1 i386
wine-bin 1.4.1-1i386
zlib1g1:1.2.7.dfsg-11i386
Best regards,
Claudius
--
I'm EMOTIONAL now because I have MERCHANDISING CLOUT!!
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
Re: Changing pass-phrase on dm-crypt'ed disks
Hello Nick, Nick Boyce n...@glimmer.adsl24.co.uk wrote: The installer uses 'dm-crypt' to encrypt the drive, rather than the full LUKS system - and 'dm-crypt' generates the encryption key directly from the pass- phrase, rather than storing the encryption key in an on-volume header protected by the pass-phrase. Are you sure about that? I’ve set up quite a few systems and it always used LUKS. You can check with # cryptsetup luksDump device Best regards, Claudius -- Marry in haste and everyone starts counting the months. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Slowness problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Merciadri, that looks all quite good. You are using direct rendering, no errors show up in the log file and although the screen is quite large, that shouldn’t be the problem. But maybe you could try to install a newer nVidia-Driver, if available? Best regards, Claudius - -- In the war of wits, he's unarmed. http://chubig.net telnet nightfall.org 4242 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJP6Cj7AAoJEMCBEuXXLNukEckP/j1K6Yw9tNQDgZ5T5CI7XRXT xPoqEeP5PuMyjyVrLF35p/hObWYouQRsdTwZgEiJ2Y19ec8zc5waBdeuB/RTqUuc xLUQi8Xat0cp7B7Zi8saD6JaDfCtf7ynyU68os4WFCLxhe/gO3xvn9ESyWdxAaFk sDO5wr6a7cio8awc1iXIomU/LQ66NnCEkED6+L8/7bIgG9RvnIqGQccMcBzwyI1L AmvHp0yT+P7FdCQi5j5H48+0ln331/kqoXfMBP7Sgs6cV7pURSXsMHL4oQ/mjbYM T3Ep5NX69fDLuWEAjSEzCGKC0FO/WN9Dg6nviGHKEcxVTEnEwMUyaL6WnDvmvQDa conhdXa4Hx6CzPyLr80o0mJWvyBfBhwctzMuOZ+Ll7Vn/kl3Bgd0RfTPM4y6Aj1M KXOmVsAh5WsWIY2LoFq3CmY4O8RjXfpM3JAZULQVVsW+wwaOREb/VsmbcjgIO7Zj BG0zNNfWkK97FHj1hjvQ3STv8TDdduUCYBXEUfdpSBAMlzVoD35K0SSC2gTpERL+ X/EnctlO6gZfqS+sg7GDqz+PHBag2wtP41sI39itX/a4aOKC1l1fWoRqisTUNH+O MymJDV1ZabuPdwiqs+FSMoYSmy5YyLEt8cm1nv7jQu5hf2zgTBpYJjaqmDDdqEm5 3o8tItR03W5IKBuqfyqS =jHT8 -END PGP SIGNATURE-
Re: Slowness problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Merciadri, Merciadri Luca luca.mercia...@student.ulg.ac.be wrote: 1) scrolling a little bit in the page, 2) waiting 2 or 3 (!) seconds, then scrolling the rest. That is, scrolling is slow and freezes for 2-3 s after having scrolled a little bit. Then, it scrolls until where it had to stop. How much memory and swap do you have (free -m)? Which desktop environment do you run? Are there other processes (check with (h)top, maybe ps). Best regards, Claudius - -- They're unfriendly, which is fortunate, really. They'd be difficult to like. -- Avon http://chubig.net telnet nightfall.org 4242 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJP5zOKAAoJEMCBEuXXLNukGwUQAMfRnbiiJ2pAlZVUTMMH+/AB Zb5PN2+mjh4uYZdlgJjG7AivrkocVc7E2lh9vnCu32Yal2g4BRWitbn2Pfn8piEQ WSJ8IW4T2xe+Wce4zAsaED+rzfSS7SHBCt8oG9tmjBb39gXLfW7yLes8mC6PBr4F wgvthEuV0BqsMMJ7wwik1GDVMv6duhQwbNvIbjZIDFWXuaBBzLZVXsVZI+Sv6AJT Tx708hs2PRiMddmAE4tdriqdV8xea5eMbHr0GxUvc4/MXQQ8LHC3vqRKOo0KmnLh kngRyeSEg9RkfKzN2DvxM6pjwXI6UPwxkf8wb7QTpqaYQaLVV5x01HdYBzcY06S5 KfHcxxWLCVR9/1BVPgoiQCFBFFYgwWrnT4cGs3QERsFVrDjVJZZS5OIQEc+Pz/ub D/MyqawIn7VJldw4wqDJEnwXQEUux/ExTIwmwh0cgkxbEIcTOzWqv4Wj5DKtsNwy 6g9n0sb6X27C9rBkxJrXh2SJ9sa+icLUiwghm3OPjjbkjWsDZM+CnJJnFGWmWJ0U +8yBSqIG5lo76ILJpNHjMiMRbXin933yYM8b0WTZyZ/8gO0cKviLOa7dRPUh+O49 iR+7ygS2sRm+bgu4ANTDv1Ny+DZeGu37JPYgT1u7EIcqQpmvjdQRcySeoFjCFK6B 8pkFf/gV90yVDDhKtNYN =AlZ2 -END PGP SIGNATURE-
Re: Slowness problem
Hello Merciadri, Merciadri Luca luca.mercia...@student.ulg.ac.be wrote: $ free -m total used free sharedbuffers cached Mem: 4053 2002 2050 0340832 - -/+ buffers/cache:829 3223 Swap: 5938 0 5938 Looks good. 3751 root 20 0 79832 45m 12m R 94 1.1 48:38.35 Xorg 15799 merciadr 20 0 313m 84m 27m S 19 2.1 1:33.43 firefox-bin X really shouldn’t take that much CPU time. What’s the output of $ glxinfo $ xrandr and which graphics card do you use? (Ideally, attach /var/log/Xorg.0.log) :) Best regards, Claudius -- The heart is not a logical organ. -- Dr. Janet Wallace, The Deadly Years, stardate 3479.4 http://chubig.net telnet nightfall.org 4242 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120625001548.30958...@ares.home.chubig.net
Re: /etc/bash.bashrc instead ~/.bashrc
Hello José, José Luis Segura Lucas josel.seg...@gmx.es wrote: In one (and only one) of then, when I open a terminal or connect by SSH, my bash load the default system configuration from /etc/bash.bashrc, instead of reading, as usual, ~/.bashrc. I can think that I don't really have a ~/.bashrc (or have a mispelling on the file name), but if I run bash from the terminal, my configuration file in ~/.bashrc is loaded. From man bash: When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and executes commands from the first one that exists and is readable. The --noprofile option may be used when the shell is started to inhibit this behavior. When a login shell exits, bash reads and executes commands from the file ~/.bash_logout, if it exists. When an interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc and ~/.bashrc, if these files exist. This may be inhibited by using the --norc option. The --rcfile file option will force bash to read and execute commands from file instead of /etc/bash.bashrc and ~/.bashrc. I guess that the SSH connect is a login shell, while the terminal is not a login shell (especially if you run it manually). Hence, if you connect with SSH, Bash will run /etc/profile and ~/.profile. My ~/.profile has a section like the following: # if running bash if [ -n $BASH_VERSION ]; then # include .bashrc if it exists if [ -f $HOME/.bashrc ]; then . $HOME/.bashrc fi fi which is also in the .profile in /etc/skel/, I therefore assume that this is currently shipped with Debian. I suggest you check whether these files (/etc/profile, ~/.profile, ~/.bash_profile) exist and whether they load ~/.bashrc. Best regards, Claudius -- Cat, n.: Lapwarmer with built-in buzzer. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: /etc/bash.bashrc instead ~/.bashrc
Hello José, José Luis Segura Lucas josel.seg...@gmx.es wrote: I don't remember to write or generate by hand this ~/.profile. Is it created automatically? It should be created automatically from the files in /etc/skel/ if you are using useradd or adduser (the former with the --create-home option). Best regards, Claudius -- Monday is an awful way to spend one seventh of your life. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: What to do when testing come to stable on a Debian wheezy/sid?
Hello Gary, Gary Dale garyd...@rogers.com wrote: It doesn't help testing since the point of packages in sid is to get them to work with the current testing environment, not the current unstable environment. This is more or less obviously absolute bullshit. Running sid, testing applications and reporting bugs against those packages does help testing, especially since reporting these bugs early might even stop the package from migrating to testing, keeping it release critical bug free. Best regards, Claudius -- filibuster, n.: Throwing your wait around. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: What to do when testing come to stable on a Debian wheezy/sid?
Hello Gary, Gary Dale garyd...@rogers.com wrote: Again, the art of testing is to change one thing at a time. You can't do that when all the packages are in flux. Pulling particular packages from sid and testing them in the relative calm of testing is a much more easier way to isolate bugs. But in order to isolate them, you first have to find them. And routinely running a sid system is by far the best way to find as many bugs as possible, which can then be reported and, if necessary, block the transition to testing. Best regards, Claudius -- May cause drowsiness. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: dependency tree on installed packages
Hello Artifex, Artifex Maximus artife...@gmail.com wrote: On Wed, Jun 20, 2012 at 1:21 PM, Keith McKenzie km3...@gmail.com wrote: Those will get 2 separate lists of installed software names versions. # dpkg --list | wc -l 2481 Why don’t you use the output of dpkg -l? Also check man 1 dpkg-query. Best regards, Claudius -- A diplomatic husband said to his wife, How do you expect me to remember your birthday when you never look any older? http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: dependency tree on installed packages
Hello Artifex, Artifex Maximus artife...@gmail.com wrote: Thank you. dpkg -l writes out all installed packages but not the relations between them. I did similar comparison between systems but seeing the differences in a tree makes this process easier because I can cut leafs if I know there is related or not to my later installation. If I compare packages line-by-line without any relation I do not know that any extra or missing packages is related to other packages or might standalone packages. I was implying to feed this output into higher level tools to generate dependency graphs for you. I think the continuous upgrade process from the early stage of Wheezy left some unneeded packages. This is normal as I started early just want to clean out my system. Maybe I am wrong on base idea but would like to check and look for some utility to make it easier. I there is no such utility I will compare line-by-line as last resort. If you simply want to clean out your system, have a look at deborphan. Best regards, Claudius -- I am NOT a kludge! I am a computer! -- tts http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Looking for wine-bin_1.4.1-1_amd64.deb.
Hello Sthu, Sthu Deus sthu.d...@gmail.com wrote: Claudius worte: You are, of course, right. I have to admit I didn’t check the content of the wine64-bin package and was unsure whether Multi-Arch wine was already in a working state :) So, am to wait? - Am I to move to 386 arch? You can now install i386 and am64 ‘in parallel’, that is, you can install i386 packages on an amd64 system. This was already possible before using ia32-libs and dpkg’s --force-architecture, but Multi-Arch makes this whole process much nicer, especially since ia32-libs is no longer necessary. - Simply follow these guidelines directly from the win64-bin package mentioned above: This is the wine64-bin helper package, which does not provide wine itself, but instead exists solely to provide the following information about enabling multiarch on your system in order to be able to install and run the 32-bit wine packages. The following commands should be issued as root or via sudo in order to enable multiarch (the last command installs 32-bit wine): # dpkg --add-architecture i386 # sed -i 's/deb\ /deb\ [arch=amd64,i386]\ /g' /etc/apt/sources.list # apt-get update # apt-get install wine-bin:i386 Be very careful as spaces matter above. For kfreebsd systems, replace i386 and amd64 with kfreebsd-i386 and kfreebsd-amd64. Note that this package (wine64-bin) will be removed in the process. For more information on the multiarch conversion, see: http://wiki.debian.org/Multiarch/HOWTO - Best regards, Claudius -- Civilization, as we know it, will end sometime this evening. See SYSNOTE tomorrow for more information. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: AppArmor or SELinux?
Hello ~Stack~, ~Stack~ i.am.st...@gmail.com wrote: We are using it for specific services but I don't see why it would be any different setting up pidgin or opera. I have only deployed SELinux to a single Debian system and that was under Lenny. I don't recall it being problematic or anything. We set it up and ( just like most of my Debian systems ) let the server run its course without much effort outside of basic updates/maintenance. Thank you very much for your informative reply! I am still a bit wary, since SELinux profiles look more complicated than AppArmor profiles, but given enough time, they’re probably as easy to understand. I shall look into SELinux some more, though, due to limited time, not right now :) Thanks again best regards, Claudius -- Q: How many IBM 370's does it take to execute a job? A: Four, three to hold it down, and one to rip its head off. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Looking for wine-bin_1.4.1-1_amd64.deb.
Hello Sthu, Sthu Deus sthu.d...@gmail.com wrote: I have read the discussion on the matter at the link that was provided here, though understood not much... could You please answer me in short, Will it be the near future for 64-bit arch - to install those i386 packages w/ its gazillion lib.s - because of that multi-arch disaster? Actually, the disaster is ia32-libs, a amd64 package that previously bundled these ‘gazillion libs’ into one ugly package that needed to be updated every time one of the libs in there was updated. Multi-Arch is the solution to that disaster and it is definitely here to stay :) Best regards, Claudius -- Life being what it is, one dreams of revenge. -- Paul Gauguin http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
AppArmor or SELinux?
Hello, I am running Testing/Sid amd64 with Multi-Arch enabled (i. e. Acrobat Reader and Skype from i386) on a single-user machine and here’s what I want to achieve: - Programs that process data ‘from the internet’ are only allowed to access the files they strictly need to access, plus a $HOME/Desktop (to share files with other such processes etc.) - The same restrictions apply to childs of these processes - All other processes are allowed to do whatever their standard Unix permissions allow them to do. In the past, I achieved this via AppArmor and custom profiles for Pidgin, Opera, Iceweasel and Skype[1,2]. However, I just noticed that there don’t appear AppArmor profiles to be around for Kernel 3.3 or 3.4, and, aside from that, only Ubuntu appears to use it, while SELinux is much more common. A bit more reading in the Debian Handbook then illustrated that SELinux is apparently more powerful but also more complex than AppArmor. My question is: Would it make sense to deploy SELinux on my system to achieve the tasks mentioned above? I know that security cannot be absolute, but I would feel much more comfortable if an exploit in the MSN handler of Pidgin or a plugin gone wild in Opera wouldn’t make my private SSH keys accessible to the world :-) Best regards many thanks, Claudius [1] Not Claws Mail because it needs to read my mail anyways and there’s little that needs more protection on my computer than my mail. [2] Writing these profiles was relatively straight-forward, especially since I didn’t care about stuff outside of /home and /tmp. -- Never trust a child farther than you can throw it. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Looking for wine-bin_1.4.1-1_amd64.deb.
Hello Sthu, Sthu Deus sthu.d...@gmail.com wrote: What should I install - for amd64 arch then? http://packages.debian.org/sid/wine lists a package for amd64, and so does apt-cache show wine. Having a look at this package then gives you: Depends: wine-bin (= 1.4.1-1) | wine64-bin (= 1.4.1-1) and: # rmadison wine64-bin wine64-bin | 1.4.1-1 | sid | amd64, kfreebsd-amd64 # rmadison wine-bin wine-bin | 1.0.1-1 | lenny | amd64, i386 wine-bin | 1.0.1-3.1 | squeeze | amd64, i386 wine-bin | 1.2.3-0.3 | wheezy | amd64, i386, kfreebsd-i386 wine-bin | 1.4.1-1 | sid | i386, kfreebsd-i386, powerpc So just install wine64-bin (which should be installed automatically if you were installing wine). Best regards, Claudius -- Q: What is printed on the bottom of beer bottles in Minnesota? A: Open other end. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: AppArmor or SELinux?
Hello Camaleón, Camaleón noela...@gmail.com wrote: On Sun, 17 Jun 2012 13:14:03 +0200, Claudius Hubig wrote: And I share the same feeling for SELinux, I mean, a tool that can be very helpful when it is properly configured and you know well about its possibilities but its setting up is not what we would consider a child game. Administrating a computer is not a child game, and, yes, it took me some time to tweak my custom AppArmor profiles to do what I want. However, I just noticed that there don’t appear AppArmor profiles to be This should read ‘patches’. IOW, the kernel patches distributed with AppArmor currently don’t apply cleanly to Kernel 3.4 sources. Debian used to include some support for SELinux but I dunno about the status for AppArmor. There's more information here: http://wiki.apparmor.net/index.php/Distro_debian Unfortunately, that information is rather out of date, as you can see from the Kernel version numbers, for example. That said, AppArmor currently runs fine on Linux 3.2 - and I just found what appears to be kernel 3.4 patches[1]. Nevertheless, my concerns still stand, as the development model of AppArmor still appears rather chaotic, with some outdated wiki pages etc. My question is: Would it make sense to deploy SELinux on my system to achieve the tasks mentioned above? Mmm... I'd say no. Thanks. Please allow me to rephrase the question: Given the temporary unavailability of kernel patches for AppArmor for kernel 3.4, the fact that it appears not to be fully merged into the main kernel, the rather chaotic wiki page which lets one hunt for the required patches and the lack of official support by major distributions other than Ubuntu, would it make sense to switch from a running AppArmor system to a SELinux system? I find it a valid concern but for a mere user point of view, I would prefer having to deal with not that complex utilities to harden the system applications, for example, something like the sandbox or virtual machine concept, i.e., easy to deploy (some brosers already include a sandbox from where they run the dangerous plugins), easy to understand (a separate zone that cannot interefere with the host system) and easy to use (run go, or install, run go) :-) Security can never be reached by a run go concept, simply because individual requirements differ far too much to cater for all different needs with default configurations. And while sandboxing is a sensible approach _within_ the browser, it only handles plugins in an assumed-as-safe application, not the application itself. The kernel should do that, and that’s what SELinux, AppArmor etc. are for, in my opinion: separate processes, users and files as much as possible. Complete virtual machines for each of the applications (Opera, Iceweasel, Pidgin, Skype) would a) probably break my machine’s RAM requirements b) be rather unusable c) make it much more difficult to, for example, download a file with Iceweasel and then send it to someone using Pidgin. Best regards, Claudius [1] http://wiki.apparmor.net/index.php/Gittutorial -- A wife lasts only for the length of the marriage, but an ex-wife is there *for the rest of your life*. -- Jim Samuels http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: AppArmor or SELinux?
Hello Ralf, Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Sorry, who exactly plans a conspiracy? Err, what? Regarding to the answer AppArmor might be helpful, if not, it just spam shutdown messages with crap, as it does for my self-build kernels. It works quite nicely over here. :) Joe and Sam (most wanted spammers on this list) never ever will have impact to your Linux ;). So what? I don’t plan to use AppArmor/SELinux as a spam filter, I don’t think you read my original email. Forget AppArmor! Read about ConsoleKit and other security helpers, we already run much to much threads, when running Linux. a) ConsoleKit allows non-root users to access various files/devices to which they otherwise wouldn’t have access. To say the least, it does the exact opposite of MAC system. b) I don’t know what other security helpers you’re referring to. Would you mind to expand on that? c) I shall think about your advice to forget AppArmor and then, logically and in line with my original question, deploy SELinux. d) AppArmor doesn’t add a single thread to a running Linux system. Best regards, Claudius -- ... an experienced, industrious, ambitious, and often quite often picturesque liar. -- Mark Twain http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Looking for wine-bin_1.4.1-1_amd64.deb.
Hello Sven, Sven Joachim svenj...@gmx.de wrote: The wine64-bin package is rather useless by itself, it only contains instructions how to enable multiarch and install the i386 wine-bin package. You are, of course, right. I have to admit I didn’t check the content of the wine64-bin package and was unsure whether Multi-Arch wine was already in a working state :) Best regards thank you, Claudius -- You will be surprised by a loud noise. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: AppArmor or SELinux?
Hello Ralf, Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Sun, 2012-06-17 at 18:45 +0200, Claudius Hubig wrote: AppArmor doesn’t add a single thread to a running Linux system. So it's a voodoo-ghost and doesn't need resources? It runs directly in the kernel, where any access control obviously should take place. I still don’t understand your problem, though. Best regards, Claudius -- I find you lack of faith in the forth dithturbing. -- Darse (Darth) Vader http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: what causes these apt-get/aptitude errors?
Hello Neal, Neal Murphy neal.p.mur...@alum.wpi.edu wrote: Installed the https transport package to try https: in sources.list. But now I see a few Failed to connect to 2001:500:61:28::70: Network is unreachable (or address 2607:ea00:101:3c0b:207:e9ff:fe00:e595). Why are any IPV6 addrs being used? Why not? The server probably has a record and one of your interfaces has a globally routable IPv6 address, which lets your glibc (or whatever does resolving on your system) assume that you have a working IPv6 address. If you don’t like that, there is a switch somewhere in sysctl to disable IPv6 completely, though I don’t see the point in that. My guess is still that you have more-or-less local networking problems, for whatever reason. Best regards, Claudius -- Your true value depends entirely on what you are compared with. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: what causes these apt-get/aptitude errors?
Hello Neal, Neal Murphy neal.p.mur...@alum.wpi.edu wrote: Aptitude also reports W: GPG error on security.debian.org squeeze/updates Release: the following signatures were invalid: NODATA 2 So I give up. Next time I'm down there, I'm going to reinstall. Or maybe just install wheezy to keep both sites the same (the other site's hardware is too new for squeeze). Uhm, did you try using a different mirror? The GPG error is probably because APT feed GPG a non-existing/empty file (due to the networking errors). Best regards, Claudius -- Incumbent, n.: Person of liveliest interest to the outcumbents. -- Ambrose Bierce, The Devil's Dictionary http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: what causes these apt-get/aptitude errors?
Hello Neal, Neal Murphy neal.p.mur...@alum.wpi.edu wrote: W: Failed to fetch http://security.debian.org/dists/squeeze/updates/non- free/i18n/Translation-en_US.gz Error reading from server - read (104: Connection reset by peer) [IP: 128.31.0.36 80] Looks like a connection problem. Is your internet connection alive and otherwise healthy? It could also be a (hopefully temporary) problem with the network at the MIT :) If your network connection is fine, try another mirror. Best regards, Claudius -- knowledge, n.: Things you believe. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: the ghost of UEFI and Micr0$0ft
Hello Miles, Miles Bader mi...@gnu.org wrote: Or is entering a new key a manual process (type in the 50 hex digit key)? Something like that, yes. Either via an already-signed update at runtime or manually at something like the current BIOS interfaces. Can there be multiple keys (I vaguely recall the article saying there could only be one key [at MS's insistence]...but not sure if I really understood what it was saying)? At the moment, only one key can be used to _sign_ software/drivers. There can be more than one key on your computer to verify these signatures. That is, a driver A can be only be signed by one entity (1) and driver B can only be signed by 2, but if you have both the public keys of 1 and 2 in your UEFI keystore, you can load driver A and driver B. Of course, it is also possible to distribute variants A' and A'' signed by 2 and 3. Best regards, Claudius -- I tried the clone syscall on me, but it didn't work. -- Mike Neuffer trying to fix a serious time problem http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: the ghost of UEFI and Micr0$0ft
Hello Doug, Doug dmcgarr...@optonline.net wrote: I think you understand this INcorrectly! He does not. If _I_ understand it, You don’t. the machine will not boot anything that is not signed with the key, You can add any keys you want to that. UEFI is simply a framework, and because most computers will want to run Windows, the key used by Microsoft will be included in most computers. You might want to read the link in the OP’s post (http://mjg59.dreamwidth.org/12368.html) to understand this better. unless you go to the bios and disable the UEFI--which may be made difficult on purpose, I would guess. It is probably not more difficult than changing the default boot device. Note that this will make bootable CDs and useful things like partition managers impossible. Not impossible. Thank Microsoft! Thanks indeed to Microsoft and all others, because now, we can make sure that the kernel we want to boot is actually the kernel we installed and not something introduced by a third party/attacker. Best regards, Claudius -- stab_val(stab)-str_nok = 1;/* what a wonderful hack! */ -- Larry Wall in stab.c from the perl source code http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: [OT] Re: the ghost of UEFI and Micr0$0ft
Hello Camaleón, Camaleón noela...@gmail.com wrote: IMO, Fedora did *the wrong thing* Why? They get their release to boot on most/all computers. That’s a good thing, isn’t it? (since when blindly following what Microsoft -or any other company- does is the correct way to achieve a milestone?) Given the aforementioned blog post, I doubt that this happened ‘blindly’. in *the wrong way* (by not counting with the whole open source community support, or at least the other linux distributions, before taking such a decision). The alternative to getting MS to sign their boot loader would have been to set up another agency that signs boot loaders and get the key of said agency included with hardware. Said blog post explains why this was not exactly the best thing to do right now. Of course, they're not committed to give explanations on what they do nor how they do, but neither makes a favor to the FLOSS community :-/ Read the blog post. Best regards, Claudius -- A diplomat is a man who can convince his wife she'd look stout in a fur coat. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Apache, mod_rewrite and directory context
Hello Jimmy,
Jimmy Thrasibule thrasibule.ji...@gmail.com wrote:
VirtualHost *:80
Directory /var/www/test
IfModule mod_rewrite.c
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^/(.*)$ index.php?q=$1 [L,QSA]
/IfModule
/Directory
/VirtualHost
http://httpd.apache.org/docs/current/mod/mod_rewrite.html mentions
different formats for ‘per-server’ specifications and ‘per-directory’
specifications. Maybe using the Directory statement turns this into
a per-directory statement?
(3) [perdir /var/www/example/] strip per-dir
prefix: /var/www/example/test - test
This appears to support the above assumption.
(3) [perdir /var/www/example/] applying pattern '^/(.*)$' to uri 'test'
^ ^
And here, the pattern clearly does not match the URI. Maybe you could
try without the ‘/’?
Best regards,
Claudius
--
When I left you, I was but the pupil. Now, I am the master.
-- Darth Vader
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
Re: [OT] Re: the ghost of UEFI and Micr0$0ft
Hello Camaleón, Camaleón noela...@gmail.com wrote: For years, we've (the FLOSS community) been avoinding to be always Windows dependant and now it seems we are going back to the darkest ages. Repeat with me: we-don't-need-Windows-anymore. This does not depend on Windows but on something else: A position that is trusted by users and hardware manufacturers to only sign ‘safe’ code. Given that this makes it necessary to audit the code, watch out if it gets exploited, set up a system to revoke certificates etc., $99 really is cheap. I doubt that someone else could do the same job cheaper, if they don’t have another source of income. I'm a bit tired of being so condescending with Microsoft or Apple or Oracle... or other companies policies. How about our needings? Found your own company or buy them and I’ll guarantee that they’ll do just as you like. (since when blindly following what Microsoft -or any other company- does is the correct way to achieve a milestone?) Given the aforementioned blog post, I doubt that this happened ‘blindly’. Blindly here means there's no technical reason that supports the path they want to take for UEFI, but a marketing strategy. UEFI has many benefits over the traditional BIOS, secure boot being one of them. Why do you think there is no technical reason to support secure boot? And what other mechanism would you suggest to use to get a chain of trust from the BIOS(-replacement) to the desktop? Best regards, Claudius -- Specifications subject to change without notice. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: the ghost of UEFI and Micr0$0ft
Hello Doug, Doug dmcgarr...@optonline.net wrote: I read the referenced post. It looks to me like Fedora will boot without hassle, because they paid off Microsoft, and obtained a key, but everything else, not having a key, will not. Yes. More precisely, they want to get a small piece of software signed by Microsoft, so that the computer will boot this small piece of software. It will then continue to load a Fedora-signed Grub, which loads a Fedora-signed kernel, which only loads Fedora-signed modules. If I don't understand it, then please explain in plain words how one could boot anything else without modifying the BIOS. ‘Modifying the BIOS’ only includes changing settings within the BIOS, not flashing/upgrading the BIOS. It is comparable to changing the boot device or something like that. If you can boot anything without a key, then what is different than what we have now? You will have to disable secure boot or add the key used to sign the bootloader to your computer. (I don't care about modifying the BIOS, and so far I have not heard of a virus that attacks Linux, but I'm aware that it is possible--just not worth anyone's trouble to write, for such a small installed base.) The problem here is that ‘we’ want a chain of trust from the BIOS to the desktop, so that malware cannot infect the kernel before it loads[1]. This means that the BIOS/UEFI must only load stuff that is deemed ‘safe’, which in turn - obviously - should only load other stuff that is also safe [2]. Hence, a Linux distribution that wants to boot by default from such devices must get signed by a key that is contained within the UEFI by default - for example, Microsoft’s [3]. In any case, the key point to remember is: a) You can turn off secure boot completely. b) Secure boot allows you to control more closely what software runs on your computer [4]. c) By reducing the possibilities to attack Windows [5], you also help to reduce spam, DDoS attacks etc. Best regards, Claudius [1] This happens with Windows at the moment and is also a possibility with Linux - maybe not on the botnet-scale, but imagine someone changing the installed kernel on your computer’s unencrypted boot device to a malicious kernel that tries to send the passphrase for the encrypted hard drive to the attacker. [2] This will be: Grub, the Linux kernel and Linux kernel modules. These are all signed by Fedora (in their release), but they want to make it easy for you to build your own secure-boot kernels and grubs: Lower stages will accept any key contained within the UEFI key store (such as those you add yourself). [3] The alternative would have been to either get manufacturers to include a Red Hat key (easy, but not fair for other distributions) or set up an independent foundation. However, auditing and signing code, handling of revocations etc. is probably more expensive than $99. [4] You can/should be able to remove all keys from the UEFI key store and then add only your own: This way, only software signed by _you_ will boot off your computer. [5] Windows cannot defend itself against software that was loaded before Windows took over (neither can Linux). -- No amount of careful planning will ever replace dumb luck. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: [OT] Re: the ghost of UEFI and Micr0$0ft
Hello Camaleón, Camaleón noela...@gmail.com wrote: Microsoft (I can't tell for the rest of the hardware manufacturers because their position is not mentioned in detail in the blog post) is forcing a needing for something I (and I guess others) _don't need_, like TPM modules, using a password in GRUB2, using encryption nor signing for safe code. If you don’t need that, you can disable secure boot and be happy. However, I welcome the fact that attacks on Windows will be made more difficult, since that also means smaller botnets, fewer vulnerable computers etc. Best regards, Claudius -- If it ain't broke, don't fix it. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: [OT] Re: the ghost of UEFI and Micr0$0ft
Hello Roger, Roger Leigh rle...@codelibre.net wrote: This depends upon the hardware. You might not be able to disable it. In fact, Microsoft *require* that it can't be disabled on ARM hardware carrying a certified for Windows 8 (or whatever) badge. This hardware will only be capable of booting signed code. No way of disabling it or changing the key. I doubt that Microsoft has any effect on the ARM market at the moment, since it appears to be dominated by Android and iOS? One could argue that it's only ARM hardware, who cares, but ARM is quite likely to displace intel as the common denominator in hardware. I for one am looking forward to 64-bit ARM hardware, and it'll be replacing my noisy and power hungry PC PDQ! Of course, we don’t know what the future brings, but I think it will take a few more years until ARM has replaced x86/amd64, if that ever happens. This *is* a problem-- Microsoft have de-facto complete control over the hardware by requiring signed code. Even on the PC, where it's optional, you are entirely at the mercy of the motherboard vendor regarding the ability to disable or replace keys. We shall see how this works out with regard to anti-trust laws. However, I welcome the fact that attacks on Windows will be made more difficult, since that also means smaller botnets, fewer vulnerable computers etc. It will have zero effect. Not only was the certificate effectively compromised by allowing arbitrary code to be signed apparently by Microsoft (see recent news) Of course, this incident is not nice at all - but then again, it only became public now and I imagine Microsoft to having reacted quickly. Additionally, I doubt that any other major institution signing such software will only sign non-malware/bug-free software. Given that Microsoft has been in the field for a few years, their count is not too bad. how effective is the security when you have the ability to chainload GRUB? Once you can do that, you can load any arbitrary code of your choice. Any malware worth its salt will just co-opt the Linux bootloader and continue on its way. Effective security gained: none. Isn’t that the reason the small boot loader signed by MS for Fedora (according to their plans) will only load a signed Grub which will only load signed kernels etc.? I agree that there are problems with secure boot, mainly because mainboard manufacturers might block users from managing the keys on their computers. However, I think that – provided that users are free to change these keys or disable secure boot – this will help computer security. Best regards, Claudius -- Real programmers can write assembly code in any language. :-) -- Larry Wall in 8...@jpl-devvax.jpl.nasa.gov http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Finding files
Hello Fred, Fred Zinsli fred.zin...@shooter.co.nz wrote: I am attempting to create a script (#!/bin/sh) that searches for files created on the first day of the week, then on the first day of the month, then the first day of the year. as seperate events. All the files are in one directory so easy to find, though the files could have any name. And I already know how to take the action I want once found. I just can't seem to work out how to find the files in question. Did you try find’s -ctime option together with date? For example: find . -ctime $(($(date +%w)-1)) (translating to find . -ctime 1 at the moment) will find files last changed 1 day ago. Similar options for months and years exist. However, there is some rounding involved that might make things more difficult. You should also take into account that this way will only find files based on their ctime, which is updated on every write (I think, please check before relying on this). Best regards, Claudius -- Mistrust first impulses; they are always right. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Programs for direct friend-to-friend file transfer?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Aubrey, Aubrey Raech aubreyra...@gmail.com wrote: 1. Not a proper server (http, ftp) 2. No usernames? (scp, rsync) 3. Preferably does not require a chat protocol (XMPP, IRC's DCC) - From what I can find it seems like XMPP would probably be the best bet for this... is there no program you can run with something like a - --listen to listen for a connection on one end, and then run the program with the destination IP from the other? Something along those lines? Any and all advice/recommendations are appreciated! Do you have a have public IP address (either IPv4 or IPv6)? If that is not the case, you will need a third party in order to establish the connection. Could you explain why you don’t like http/ftp? They can also be used by ‘non-proper’ or very small servers. Personally, I keep around a small lighttpd installation for that use case. However, you might also want to have a look at ‘servefile’ [1] which basically acts like nc from rjc’s mail, but uses the HTTP protocol. Best regards, Claudius 1] Currently only available in unstable, but it appears to be easy to backport it to stable, as it mostly requires python 2.6. Apparently, IPv6 is not supported? - -- Remember, there's a big difference between kneeling down and bending over. -- Frank Zappa http://chubig.net telnet nightfall.org 4242 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPye3SAAoJEMCBEuXXLNukjnoP+gPGzHryyCzE5il4gbjQx7dN YVkkSH2aAVP/YhK3gl0QtAJL/HQuCCUAGwSLhIHFRz2Ij5dkKTFH8Lhcfi+yVi7l XRrdP7i+vzpL/lVFuhSdMc7m9pZa4cErW2AciLM5PF4tk/h64x8RbU03mObnqZyt +2/Ju2gqbYl/vLrbcu0sOItOCmbHONNbKjgKqIpS0foRexbNsCBram6PRD4mCaPX 409iIi7ZDzPfzhUIKhiGc1nVqOGdfxdMvLz7JtGxo/Vk4+czxbdViW+FPTrpUA1y +7PnG1fZNrb+BA6airgYvGA4TMpDtY7n+e8dhD/RU0JuylxJhavD0Gh/l3Lk3I2G +jyazsN5YVvESfR+7dSc6iVZQTq/HJab81KcZl2plTtICgvvFjsD50/xO3VqdB0W q9H31hbbcu2siRR2OsqF5VBvV80HCvUEr741T5LkzjFYId0ccEJjZN0vGGqRMuD3 1rNqprs3h6I1tR/0IttydPYLTTHEeovhUO93h6NyUPo192ZdI9RJ+3pdyDW0/118 ArkaEelHk3cDfYEmnLWQctKx3gR4iMa1xm4UuaM1ZSDFw3N4C2Hl+8SsaYyoBRrM /GdEC+QvTAmIK9vcHB+qINdimntciwYfL5cUoPRYkuwD4/Pg7fcWmhhpiEhJ4lo5 6emtYTfGEXvYmiaanZsM =dUmV -END PGP SIGNATURE-
Re: Programs for direct friend-to-friend file transfer?
Hello Brian, Brian a...@cityscape.co.uk wrote: On Sat 02 Jun 2012 at 12:41:22 +0200, Claudius Hubig wrote: Do you have a have public IP address (either IPv4 or IPv6)? If that is not the case, you will need a third party in order to establish the connection. A third party is not required. For the occasional transfer of files the address (if it changes) may be obtained from the router and emailed to the friend. No. I was not referring to a static but to a public IP address. If the user has a public, i. e. internet-routable IP address, everything is fine, even if it is not static. However, if the user sits behind a NAT or something similar that blocks incoming connections, a third party certainly is required (such as a file transfer proxy for XMPP). Lacking more information from the OP, speculation is all I can do, though. Best regards, Claudius -- One is often kept in the right road by a rut. -- Gustave Droz http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Flashpalyer poroblems on Lenny.
Hello Lisi, Lisi lisi.re...@gmail.com wrote: file/folder/application libklashpart.so anywhere, so cannot delete it. Did you try something along the lines of # find /usr -name libklashpart.so # find /home -name libklashpart.so (the latter mostly because some browsers keep plugins in the user’s home directory). Best regards, Claudius -- People who go to conferences are the ones who shouldn't. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: GPG Error: KEYEXPIRED 1338072862
Hello Frank, Frank Lanitz fr...@frank.uvena.de wrote: Am 30.05.2012 14:17, schrieb Csanyi Pal: Fetched 570 kB in 10mp (56,8 kB/s) W: GPG hiba: http://code.bitlbee.org ./ Release: Az alábbi aláírások érvénytelenek voltak: KEYEXPIRED 1338072862 Somewhere at bitlbee.org as it appers you are trying to fetch packages from there. It might also help to do # LC_MESSAGES=C apt-get update next time so that the message appears in plain English. This is also helpful if you want to google the exact error message. It has no permanent effect on your system. Best regards, Claudius -- Herth's Law: He who turns the other cheek too far gets it in the neck. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: wheezy: ext4 or ext3
Hello Hans-J., Hans-J. Ullrich hans.ullr...@loop.de wrote: On my new drive I chose ext4 (with luks encryption) for as far as I read, most people are using ext4 instead of ext3 on ssd drives. Is this really recommended? ext4 provides shorter recovery/file system check times, which I really like. Apart from that, I don’t think there are many differences between the two visible to the normal user. And if yes, should I change the filesystem from ext3 to ext4 on my old spin drive? I think, this can be done with tune2fs (when I remember correctly), without any loss of data. If I am wrong, please point me to the correct tool. I think so, too, but have never tried that. Most important thing for me is speed and security, and, of course, lifetime of the ssd is also important. I added noatime and discard to /etc/fstab, hope this is correct. If you have a reasonably modern SSD, lifetime normally should not be a problem. Of course, noatime helps nevertheless (if only by speeding up things and giving you fewer reasons to throw the laptop around impatiently :)). Just a last question: During installation, I forgot, how I formatted the / partition (ext3 or ext4?). Is there a way, to find out, how it is formatted? Strangely, the option discard in /etc/fstab seem not to work on this particular partition. The output of ‘mount’ should contain the file system, for example: /dev/sda1 on /boot type ext3 (rw,noatime,errors=continue,commit=5,barrier=1,data=writeback) /dev/mapper/ares0-root on / type ext4 (rw,noatime,errors=remount-ro,user_xattr,acl,barrier=1,data=ordered) Best regards, Claudius -- woot Put *that* in you .sig and smoke it, Knghtbrd. Culus You know he will read this : woot heheheheh. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Dual head Intel i7-2600S and DQ67SWB3
Hello David, I am a bit confused about your actual aim: Do you want both screens in clone mode all the time, or in clone mode during boot and span mode within Gnome? Frankly, I wouldn’t care about grub or early boot and then use David Christensen dpchr...@holgerdanske.com wrote: # cat /home/dpchrist/xrandr.out Screen 0: minimum 320 x 200, current 2624 x 1200, maximum 8192 x 8192 VGA1 connected 1600x1200+0+0 (normal left inverted right x axis y axis) 0mm x 0mm 1600x1200_87.00 86.9* 1024x768 60.0 800x60060.3 56.2 848x48060.0 640x48059.9 HDMI1 disconnected (normal left inverted right x axis y axis) DP1 disconnected (normal left inverted right x axis y axis) HDMI2 disconnected (normal left inverted right x axis y axis) HDMI3 disconnected (normal left inverted right x axis y axis) DP2 connected 1024x768+1600+432 (normal left inverted right x axis y axis) 0mm x 0mm 1024x768 60.0* 800x60060.3 56.2 848x48060.0 640x48059.9 DP3 disconnected (normal left inverted right x axis y axis) xrandr, which appears to work fine, within Gnome on startup (don’t ask me how, I don’t use Gnome) to set the screens to the preferred layout. If your preferred mode of operation is not available here, you can try to add it using xrandr --newmode before then switching to it. The manual page on xrandr is quite good, I think. [ 457.588] (II) LoadModule: intel The intel graphics driver should support that :) I don’t think you need the xorg.conf file. Best regards, Claudius -- * bma wonders if this will make the Knghtbrd .sig http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Dual head Intel i7-2600S and DQ67SWB3
Hello David, David Christensen dpchr...@holgerdanske.com wrote: My goal is at least one monitor displaying during POST, GRUB, boot, and login, I think you already achieved that? and then span mode 2 x 1600x1200 on the desktop. The Nokia 445Xi can do 75 Hz and the 445XiPlus can do 87 Hz at that resolution, but I would settle for 75 Hz on both monitors. That’s two calls to add the corresponding modes and two calls to set these modes for each of the monitors, in total four lines in an autostart script in your Gnome session. STFW I've posts about xrandr, but I'd prefer to get this working via CMOS settings, motherboard/ monitor connections, xorg.conf, and gnome-display-properties. I'll play with xrandr in any case. gnome-display-properties is mostly a front end to xrandr from what I can tell, but it also allows you to add new modes (though you obviously should make sure that your monitors support them). I think CMOS settings mostly apply to the BIOS, GRUB and maybe boot, but I have to admit I never really understood how the Linux kernel decides where to show its virtual terminals. Anyway, I fear I can’t really help you with CMOS and boot, and there are certainly people who are more knowledgeable about xorg.conf on this list. :) Best regards, Claudius -- Forgive and forget. -- Cervantes http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Calibre No Longer Loads, Segfault
Hello Thomas, Thomas H. George li...@tomgeorge.info wrote: Ran a dist-upgrade, Wheezy, and now starting Calibre fails with a segmentation fault. Probably http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668314, try to install the version from unstable. Best regards, Claudius -- The absurd is the essential concept and the first truth. -- A. Camus http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Verifying integrity of .deb file
Hello Uttam, Uttam amit.ut...@gmail.com wrote: Hello, I am currently generating a custom deb file and distributing it over http. What are the options to verify the integrity of .deb files on the machine where I have installed the .deb? Do you want to verify the downloaded .deb or do you want to verify the content on your machine? The latter can be done with debsums, as you mentioned. If setting up a repository is not a good idea for you (for whatever reasons), you might want to try dpkg-sig which lets you sign and verify package signatures outside of repositories. Best regards, Claudius -- QOTD: The forest may be quiet, but that doesn't mean the snakes have gone away. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Dependency based boot sequencing and Canon printer
Hello Rob, Rob Hurle rob1...@gmail.com wrote: Further experiments on printing on the Canon printer through CUPS: The printer has stopped working! I'm suspicious of the dependency-based sequencing since that was the only upgrade which mentioned the printer, but another one of the upgrades may well have disturbed the printing system. Before I start the tedious debugging Manually stopping both daemons and then starting cupsd before the Canon daemon ccpd brought everything back together again. Now to learn how to use dependency-based boot sequencing to have this done automatically :-) Anyone played with this already? You can have a look at the LSB headers in the ccpd package and add CUPS to the list of requirements. If you have done that already, I am out of luck :) – Nevertheless, posting your LSB headers here might not hurt. Best regards, Claudius PS: The Reply-To: header of your email was set to your email address, so I’ll assume you’d like to have a personal copy? -- The only problem with seeing too much is that it makes you insane. -- Phaedrus http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Sound on Lenny
Hello Lisi, Lisi lisi.re...@gmail.com wrote: Yes, I know. I shouldn't be using Lenny, and had in fact already tried to change to Squeeze, but had trouble with my mail, and reverted. But I am soon going to be installing on a new box, so am waiting until then. That's the excuses out of the way. ;-) Sound has disappeared. I imagine that it has got muted somewhere, but can't find where. My utter ignorance of audio systems doesn't help. Has anyone got any suggestions? Each and every one will be valued. Do you run PulseAudio or plain ALSA? (Try ps auxw | grep pulse to find out). If the latter, you can view all mixers and mute buttons via $ alsamixer or another GUI mixer application. In alsamixer, you can move between the mixers using the arrow keys. m mutes (small MM at the bottom) or unmutes (green 00 at the bottom) the mixer. Those labeled Master and PCM should be unmuted. You might also have a hardware switch – they’re especially popular with notebooks, but external speakers often also have them. If you have external speakers, you might want to check that they’re plugged in properly :) Best regards, Claudius -- Argue for your limitations, and sure enough, they're yours. -- Messiah's Handbook : Reminders for the Advanced Soul http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Instalation and kernel headers
Hello Pedro, Pedro Alexi Perez ppe...@lets.es wrote: $ uname -a Linux linuxpc 2.6.32-5-amd64 #1 SMP Sat May 5 03:03:41 UTC 2012 x86_64 GNU/Linux deb cdrom:[Debian GNU/Linux 6.0.4 _Squeeze_ - Official i386 DVD Binary-1 20120128-12:53]/ squeeze contrib main You can have a 64 bit kernel and a 32 bit userland. What is the output of # dpkg --print-architecture ? I suspect that only 64 bit VirtualBox runs on 64 bit kernels, but I am not sure about that. In any case, you should easily be able to install a 32 bit kernel (though you might not be able to trivially use all your memory if you do so). You should also give the exact and complete output of the command used to install VirtualBox, probably # aptitude -t squeeze-backports install virtualbox Best regards, Claudius -- You will be advanced socially, without any special effort on your part. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: OT: More about GPG signing
Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: What is the benefit of such a signature? Those who know him now can verify the signature. In addition, if at any later stage someone else claims to have posted this message, the OP can prove that it was indeed him who posted it. Everybody else interested in either the OP or the message can also verify the signature (though that might require some work to, for example, meet the OP personally). However, you are absolutely free to ignore the signature if it is of no value to you and most clients will even hide it by default (or show a small button). There is, however, no way to avoid excessive quoting, which can easily exceed the size of a signature. Best regards, Claudius -- Patageometry, n.: The study of those mathematical properties that are invariant under brain transplants. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: fail2ban doesn't block (ssh)
Hello Denis, Denis Witt denis.w...@concepts-and-training.de wrote: [fail2ban not banning] Is there any information in the fail2ban logfile, for example a line like: 2012-05-08 00:46:23,587 fail2ban.actions: WARNING [sasl] Ban 134.255.242.165 (though with ssh instead of sasl)? Is there any difference in the SSH configuration of the two hosts? (Maybe running on another port and fail2ban only blocks the default port?) As mentioned above, the fail2ban logfile and maybe even the auth.log file (minus unnecessary entries from Cron etc.) might be helpful. Best regards, Claudius -- Most general statements are false, including this one. -- Alexander Dumas http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Safe-upgrade, My Worst Nightmare has Occurred.
Hello Martin,
Martin McCormick mar...@x.it.okstate.edu wrote:
Is there any way to make safe-upgrade at least attempt
to go to the next task or at least report why it is stuck?
Your error description is a bit obscure, so I’ll have to ask for more
information:
Currently running jobs:
- What is the output of ps auxw?
- Specifically, are there any commands listed as D?
- If so, what files does this process try to access at the moment
(lsof -p pid)?
- Are there any commands listed in top/htop as pulling 100%
Logs:
- Is there anything in the output of dmesg that might point at the
problem?
- Is there anything in /var/log/{messages,syslog}?
Human error:
- Are you sure that safe-upgrade is stuck rather than simply waiting
for some input?
Best regards,
Claudius
--
Yow! I'm imagining a surfer van filled with soy sauce!
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
Re: Safe-upgrade, My Worst Nightmare has Occurred.
Hello Martin, It is usually appreciated not to format copied content at all (i. e. the output of dpkg etc.), since most people can do that themselves when necessary and forcibly formatting it might lead to even uglier things than lines longer than 80 characters :) Martin McCormick mar...@x.it.okstate.edu wrote: PID TTY STAT TIME COMMAND aptitude -q9 safe-upgrade 5243 pts/2Ss+0:00 /usr/bin/dpkg --status-fd 18 [...] libcpufreq0 cpufrequtils cu The above is dpkg. 25838 ?Ss 0:00 /usr/sbin/cron Some random cronjob. 25900 ?Ss0:00 udevd --daemon udev 25919 pts/2S+ 0:01 /usr/bin/perl -w /usr/share/debconf/frontend /var/lib/dpkg/info/linux-base.postinst configure 25925 pts/2S+ 0:00 /usr/bin/perl /var/lib/dpkg/info/linux-base.postinst configure 25951 pts/2S+ 0:00 whiptail --backtitle Package configuration --title Configuring linux-base --output-fd 11 --nocancel --msgbox These devices will be assigned UUIDs or labels:??/dev/hda5:UUID=f148e250-746d-4c8e-a840-228ae3caa1bf??These configuration files will be updated:??/etc/fstab, /boot/grub/menu.lst, ?/etc/udev/rules.d/70-persistent-cd.rules, ?/etc/initramfs-tools/conf.d/resume??The device IDs will be changed as follows:??/dev/sda1: UUID=f39d1d00-89fc-41f2-a445-51ece1c53213?/dev/hda1: UUID=defdfcfb-ade5-4045-82a5-d2708a21acd2?/dev/sdb1: UUID=edc8ce83e323-4912-8ddd-9897493cbb18?/dev/hda5: UUID=f148e250-746d-4c8e-a840-228ae3caa1bf?/dev/hdb1: UUID=75873040-6936-40ec-aad1-1e5748446c54?/dev/hdd: /devcdrom?+PATH=pci-:00:07.1-scsi-1:0:1:0?+ PATH=pci-:00:07.1-scsi-1:0:0:0 --scrolltext 21 57 This appears to be the debconf query dialog. 25953 ?Ss 0:00 sshd: martin [priv] 25955 ?S 0:00 sshd: martin@pts/1 25956 pts/1Ss+ 0:00 -bash 25974 ?S 0:00 udevd --daemon 25976 ?S 0:00 udevd --daemon SSH and udev again. That's where it stands now. May 4 06:21:29 wb5agz kernel: [410550.564743] udev[25900]: starting version 164 May 4 06:57:00 wb5agz kernel: [412680.899917] usb 1-3: USB disconnect, address 2 May 4 07:35:05 wb5agz rsyslogd: [origin software=rsyslogd swVersion=3.18.6 x-pid=2475 x-info=http://www.rsyslog.com;] restart May 4 06:21:29 wb5agz kernel: [410550.564743] udev[25900]: starting version 164 May 4 06:57:00 wb5agz kernel: [412680.899917] usb 1-3: USB disconnect, address 2 May 4 07:35:05 wb5agz rsyslogd: [origin software=rsyslogd swVersion=3.18.6 x-pid=2475 x-info=http://www.rsyslog.com;] restart Looks good. Human error: - Are you sure that safe-upgrade is stuck rather than simply waiting for some input? I am not 100% sure of anything right now except that syslog tried to restart and shows the following error: May 4 07:35:05 wb5agz rsyslogd: [origin software=rsyslogd swVersion=3.18.6 x-pid=2475 x-info=http://www.rsyslog.com;] restart May 4 07:35:05 wb5agz rsyslogd: could not load module '/usr/lib/rsyslog/imuxsock.so', rsyslog error -3003 May 4 07:35:05 wb5agz rsyslogd: the last error occured in /etc/rsyslog.conf, line 11 May 4 07:35:05 wb5agz rsyslogd: could not load module '/usr/lib/rsyslog/imklog.so', dlopen: /usr/lib/rsyslog/imklog.so: undefined symbol: MsgSetRcvFromIP May 4 07:35:05 wb5agz rsyslogd: the last error occured in /etc/rsyslog.conf, line 12 This may well be due to the pending upgrade. The problem indeed appears to be whiptail waiting for input. As whiptail is called with the nocancel option, it is unlikely that its return value is checked, which then means that simply killing it should continue the upgrade. Best regards, Claudius -- NOTICE: Anyone seen smoking will be assumed to be on fire and will be summarily put out. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Swap space not used
Hello Stephen, Stephen Powell zlinux...@wowway.com wrote: It is my understanding that, assuming suspend/resume is supported, your swap partition should be AT LEAST as large as TWICE the amount of RAM. Suspend/resume will consume a RAM's worth right out of the starting gate. The rest is then available for regular swap file activity. This is - more or less - wrong. Suspend/Resume will consume at most swap space corresponding to the used RAM (i. e. with compression and dropping of buffers/caches, it can be far less). However, this swap space is not used during runtime but only on suspend, so if there is no need to suspend under heavy load (used swap usually indicates heavy load on a desktop and I fail to imagine a reason why you’d like to suspend a server…), swap the size of RAM is definitely enough. Best regards, Claudius -- I marvel at the strength of human weakness. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Swap space not used
Hello Darac, Darac Marjal mailingl...@darac.org.uk wrote: If the swap space is available during normal usage, then it's entirely possible to have no space to suspend to. Yes. However, this is rather unlikely when the computer is used as a desktop/laptop, don’t you think? The only times when I actually used my swap space was when some program went rampant and decided to require more memory than available. During normal operation, my swap space is seldomly used. It'd be perfectly reasonable practice to have a separate swap file/partition for hibernating to and swapon that before hibernating. Certainly, but, for example on a SSD, space is still ‘scarce’ and it makes therefore sense to think whether one has to be able to suspend at all costs. If this is still necessary, one could also think about using only one swap space and swapon it before suspend (and swapoff afterwards). Best regards, Claudius -- Life is too important to take seriously. -- Corky Siegel http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Swap space not used
Hello Lisi, Lisi lisi.re...@gmail.com wrote: On Wednesday 02 May 2012 12:12:31 Sian Mountbatten wrote: As a rule, your swap partition should be the same size as your RAM. We used to be taught it should be twice as big as your RAM - but even that wouldn't get you to 40GB!! And, of course, that was in the days when RAM was tiny by today's standards. That indeed was a rule of thumb when swap space was actually important. However, with today’s RAM, the main usage of swap space is hibernate (suspend to disk), for which at most the size of your RAM in swap space is required. Best regards, Claudius -- Remember, UNIX spelled backwards is XINU. -- Mt. http://chubig.nettelnet nightfall.org 4242 signature.asc Description: PGP signature
Re: *URGENT* plz need help system not booting after lvresize command
Hello Muhammad,
Muhammad Yousuf Khan sir...@gmail.com wrote:
ata3.01 : status: { DRDY ERR }
ata3.01 : error : { UNC }
ata3.01 : exception emask 0x0 SAct 0x0 SErr 0x0 action 0x0
ata3.01 : BMDMA stat 0x64
ata3.01 : failed command : read DMA
This looks as if either the hard drive or the connection thereto is
faulty. Try to connect the HDD to another SATA port. I don’t think it
has anything to do with your resizing.
Best regards good luck,
Claudius
--
Like I always say -- nothing can beat the BRATWURST here in DUSSELDORF!!
http://chubig.nettelnet nightfall.org 4242
signature.asc
Description: PGP signature
Re: *URGENT* plz need help system not booting after lvresize command
Hello Muhammad, Muhammad Yousuf Khan sir...@gmail.com wrote: at least there should be a way to reach the command prompt. is there any way to ignore this error and reach the command prompt so i can just copy the necessary data. Probably not, because this error means that accessing whatever is attached to the third SATA port is somehow broken. You did not answer my previous questions: 1) Do other HDD work at this SATA port? 2) How does this HDD behave at another SATA port, preferably in another computer? You could also try to get an external enclosure and connect the HDD during runtime. However, I highly doubt that you can ‘just copy’ the necessary data of this drive. Best regards, Claudius PS: Please do not CC me. -- There cannot be a crisis next week. My schedule is already full. -- Henry Kissinger http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: Which partition is which
Hello Jens, Jens Tobiska jtobi...@gmail.com wrote: C: 139.80 GB NTFS, logical, boot D: 139.65 GB NTFS, primary, system In debian installer they appear as: #2 primary 149.9 GB ntfs B #5 logical 150.1 GB ntfs I would guess that #2=D and #5=C based on relative size and logical/primary. Yes. However, I am a bit confused by the B (which I assume means boot), shouldn't that be on the logical/C partition? Yes. But your Windows claims that D: is the system partition, hence I would be a little bit wary regarding the question if it is really empty/unused. Best regards, Claudius -- ... an experienced, industrious, ambitious, and often quite often picturesque liar. -- Mark Twain http://chubig.nettelnet nightfall.org 4242 signature.asc Description: PGP signature
Re: netinst CD image - too big, vaguely specified?
Hello Richard, Richard Owlett rowl...@pcnetinc.com wrote: I've browsed through debian-6.0.4-i386-netinst.list. It appears to contains files of unlikely interest to me (C compiler and header files, firewire, traceroute, etc). The business card CD images contain even fewer packages, but you should consider that compilers and headers are often important parts of a system (for example, if you want to compile non-free drivers). Additionally, many people require them for their daily work, thus they are included even in this nearly-minimal image, as it is clearly a compromise to be made. I also did not find any description of how fine the user control of packages to be downloaded is. You cannot control the packages contained in the CD image, but if you choose the appropriate mode of installation (‘expert’) you can specify to download no further packages, leaving you with the possibility to install everything you need by hand. Best regards, Claudius -- Be braver -- you can't cross a chasm in two small jumps. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: netinst CD image - too big, vaguely specified?
Hello Richard, Richard Owlett rowl...@pcnetinc.com wrote: That led me to assume that the business card image would just go ahead and download the rest of the netinst image. I think it downloads less, but I cannot guarantee that. How much control does user have over what it downloads? You can abort the installation at any time… BUT, how much carnal knowledge would I need to use the expert mode. If program XYZ requires X11, will X11 and its dependencies be pulled in? Probably. But you might also want a display manager such as lightdm/slim/gdm and maybe a desktop environment such as KDE or the like. Installing the kde metapackage will do that, but it will also pull in a lot of other stuff you probably don’t want. Knowing how to use apt-get etc. on the command line might also be a good idea. Best regards, Claudius -- Androphobia: Fear of men. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: netinst CD image - too big, vaguely specified?
Hello Jon, Jon Dowland j...@debian.org wrote: You don't have to install every package that is in the netinst image. Indeed if you do a basic install (including the 'standard system' task, which defaults to selected) you don't get GCC, for example, despite it being on the CD. Of course not, but Richard’s question appeared to have to do with the downloading rather than the installation. And GCC is certainly downloaded as part of the netinstall image. Best regards, Claudius -- A company is known by the men it keeps. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: bash: halt: command not found
Hello J., J. Bakshi baksh...@gmail.com wrote: I checked and the is no more /sbin/shutdown :-( Did you remove sysvinit? This happens, for example, when you install upstart, as it conflicts sysvinit. To reinstall sysvinit, try # apt-get install --reinstall sysvinit This will also fix it if your local installation is somehow broken. However, if this is the case, you should check your filesystems/hardware ASAP. Best regards, Claudius -- This life is yours. Some of it was given to you; the rest, you made yourself. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: bash: halt: command not found
Hello Brian, Brian a...@cityscape.co.uk wrote: On Sun 08 Apr 2012 at 15:34:10 +0200, Claudius Hubig wrote: J. Bakshi baksh...@gmail.com wrote: I checked and the is no more /sbin/shutdown :-( Did you remove sysvinit? This happens, for example, when you install upstart, as it conflicts sysvinit. Acccording to http://packages.debian.org/wheezy/i386/upstart/filelist the package has /sbin/shutdown. Trying to install upstart but failing to unpack the package might still result in a missing /sbin/shutdown, as sysvinit probably has to be removed first. This could, for example, happen because of a power outage. However, my mentioning of upstart was merely acting as an example of why sysvinit could have been removed – of course, other reasons why /sbin/shutdown are missing might still apply and be more probable, too. Best regards, Claudius -- Not everything worth doing is worth doing well. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: Aptitude update - http://dl.google.com?
Hello Csanyi, Csanyi Pal csanyi...@gmail.com wrote: Get: 35 http://dl.google.com stable Release.gpg [198 B] Get: 36 http://dl.google.com stable Release [1347 B] Get: 37 http://dl.google.com stable/main amd64 Packages [765 B] In my sources.list I have lines: Must I worry about of those lines: 'dl.google.com'? Is there something in /etc/apt/sources.list.d/? Best regards, Claudius -- Let no guilty man escape. -- U. S. Grant Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: Aptitude update - http://dl.google.com?
Hello Csanyi, Csanyi Pal csanyi...@gmail.com wrote: Indeed, I find there a file: 'google-talkplugin.list'. APT also checks this directory. You will probably find dl.google.com listed in this file. If you don’t like that behaviour, remove the file :-) The functionality is meant to provide third-term vendors such as Google or Opera with a reliable way of integrating their packages into APT, allowing APT to update them like all others. Best regards, Claudius -- backups: always in season, never out of style. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: how to increase space for tmpfs /tmp
Hello Vincent, Vincent Lefevre vinc...@vinc17.net wrote: On 2012-03-28 18:32:25 +0100, Roger Leigh wrote: FYI, Firefox/Iceweasel uses /tmp for that. For instance, click on a link to a PDF file to view it with a PDF viewer; the file is stored in /tmp. It isn't even removed after the application is closed (quitting Iceweasel has the effect to remove it, but the browser can run for several days/weeks). And they happily obey TMPDIR if set, so that each user on a machine (you brought that problem up in your other post) can redirect it whereever he wants. Best regards, Claudius -- Linux - Where do you want to fly today? -- Unknown source Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: [OT] Posting styles
Hello Mika, Mika Suomalainen mika.henrik.mai...@hotmail.com wrote: On 31.03.2012 12:04, Mihamina Rakotomandimby wrote: Especially when inline responding (bottom) and your loosy style is mixed? I already changed to bottom posting in Iceweasel and K9 mail. Thanks. Though one should also take the time to trim the previous mail to the parts one actually responds to. But isn't posting HTML also forbidden? Yes, although it is less of a problem for (most!) people, as their clients either display the text-only or the HTML version, so adding an HTML version ‘only’ increases the size of the email (by about 150%). Bad quoting styles, however, are always visible. Did I mention that asking for a return receipt for a mailing list post is kind of…strange? That is, do you really want all 30k subscribed users to acknowledge the receipt of your post? Best regards, Claudius -- I came to MIT to get an education for myself and a diploma for my mother. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120331120221.72996...@ares.home.chubig.net
Re: [OT] Posting styles -- Top vs Bottom
Hello Peter, PMA peterarmstr...@aya.yale.edu wrote: Take a vote, That vote already happened many years ago. asking, Which is more important: seeing the current message immediately (Top), or keeping the flow in one-direction (Bottom)? Neither. Interleaved style is the way to go. Best regards, Claudius -- Most burning issues generate far more heat than light. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120331173244.5db50...@ares.home.chubig.net
Re: [OT] Posting styles
Hello Mika, Mika Suomalainen mika.henrik.mai...@hotmail.com wrote: Thank you for providing explaining to bottom post. I have now configured Icedove and K9 Mail to do bottom posting instead of top posting. Just to do some more nitpicking: You should also remove everything you are not referring to. -END PGP SIGNATURE- And is there a specific reason you prefer PGP/Inline over PGP/Mime? The latter avoids these ugly chunks of code at the end of the displayed message. And once messages are trimmed like this, they’re even readable on mobile phones :-) Best regards, Claudius -- Logic is the chastity belt of the mind! Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120330202113.7655f...@ares.home.chubig.net
Re: [OT] Posting styles
Hello Mika, Mika Suomalainen mika.henrik.mai...@hotmail.com wrote: 1. K9 Maill can only verify inline signatures. Hrm. Report a bug? :) 2. Inline signature is easier to verify when reading mailing list archives. Most archives have an option to download the ‘plain’ mail including all MIME parts. I have to agree, though, that it is easier to have the signature inline in this case. 3. Inline spams people who do not use gpg compatible email client :P The signatures are also shown with Claws Mails. Additionally, you do not want to spam people, you want them to read questions most easily so they can answer quickly. Best regards, Claudius -- Consultant, n.: An ordinary man a long way from home. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120330205225.6a6ee...@ares.home.chubig.net
Re: upgrade to Wheezy fails with aptitude
Hello Pierre, Pierre Frenkiel pierre.frenk...@gmail.com wrote: I wanted to upgrade from Squeeze to Wheezy, and as I saw in several places that aptitude should be preferred to apt-get, I first tried with it. My question: is it better to also revert to apt-get for package management, or is the problem specific to the upgrade to a new release? The release notes for Squeeze already refer to apt-get rather than aptitude. From my point of view, during a specific timeframe around 2008, aptitude was technically superior, but since apt-get has caught up, it appears to be the preferred choice. Best regards, Claudius -- Colorless green ideas sleep furiously. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: dir is not ls
Hello Jochen, Jochen Spieker m...@well-adjusted.de wrote: apt-get install sl alias dir=sl Doesn't work for root because /usr/games/ is usually not in its path. Nothing stops you from providing the full path :-) Try $ which sl to get it. Best regards, Claudius -- Q: Why do WASPs play golf ? A: So they can dress like pimps. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: Advice for a bug report
Hello Baruch, please respond to the list rather than me personally. Please also don’t top-post (cf. http://www.netmeister.org/news/learn2quote2.html ). I took the liberty to quote the relevant part of your answer in case someone else finds this thread: Baruch whatmeurg...@yahoo.com wrote: # aptitude why iceweasel i sun-java6-plugin Depends firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | mid browser | moblin-web-browser | xulrunner | xulrunne r-1.9 | konqueror | chromium-browser | midori | goo gle-chrome I really don’t understand why someone thought this dependency would be a good idea, because the list containing all supported browsers can hardly be complete (for example, Opera is missing). Best regards, Claudius -- Kites rise highest against the wind -- not with it. -- Winston Churchill Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
CC-ing gmane (was: Re: QuickCam Orbit AF Pan/Tilt Broken in Sid)
Hello Camaleón, Camaleón noela...@gmail.com wrote: On Wed, 14 Mar 2012 14:08:00 -0700, Mike Alborn wrote: Please CC me as I'm not subscribed to the list. I can't CC, sorry :-( At least Claws-Mail supports an additional To: Header when posting via Gmane. Best regards, Claudius -- Confidence is the feeling you have before you understand the situation. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: Advice for a bug report
Hello Baruch, Baruch whatmeurg...@yahoo.com wrote: My guess is that this is a bug somewhere in the 'alternatives' system, and that it is (against my wishes) trying to force me to have a graphical browser installed. Probably not. Against what package should I file the bug? (FWIW - debian wheezy) Probably against none. iceweasel (and epiphany-browser) both provide two virtual packages, www-browser and gnome-www-browser. Try $ aptitude why www-browser $ aptitude why gnome-www-browser $ aptitude why iceweasel to find out why these package need to be provided on your system at the moment. Best regards, Claudius PS: Does somebody know something similiar for apt-get? rdepends is not exactly the same thing as why. -- A shortcut is the longest distance between two points. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net telnet://nightfall.org:4242 signature.asc Description: PGP signature
Re: Expect script does not work on crontab
Hello Bilal, Bilal mk bilalh...@gmail.com wrote: The following script is working fine executing from shell. But does not work running on crontab. How to fix this crontab issue? Check the output of $ env when run in the crontab and in the shell. Best regards, Claudius -- BOFH excuse #353: Second-system effect. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org signature.asc Description: PGP signature
Re: Encrypted LVM and failed message
Hello Daniele, Daniele Guerrieri d.guerri...@gmail.com wrote: Every time I START the system, just before the prompt for passphrase, there are some complaints about the / filesystem: something like Cannot find harpsiRoot volume and also mobprobe: unix module not found. So it The ‘modprobe: unix module not found’ message is a different problem introduced by a recent upgrade of initramfs-tools and the kernel, I think. It is no problem either, modprobe here tries to load the ‘unix’ module which is already compiled into the kernel and thus not available. complains about missing root volume, but is wrapped by the encrypted volume so it should be normal not to have / mounted before inserting the passphrase.. or not? Exactly. That’s why it first complains and then decides to ask you for a passphrase :) I see the exact same behaviour and my system is working fine. However, after inserting the passphrase, everything goes ok and the rest works perfectly. :) Otherside, every time i STOP the system, there is a fail: stopping early crypto disks failed. / is still mounted, trying to stop the encrypted device therefore fails. That is not a problem either, in my experience. Are this two issues related? Are my data safe in this double wrapped container (encrypted-lvm-logical volume-data)? Yes. Best regards, Claudius -- I'd love to go out with you, but it's my parakeet's bowling night. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org signature.asc Description: PGP signature
Re: Timing a process
Hello Sian, Sian Mountbatten poenik...@fastmail.co.uk wrote: Hello All, AFAIK, there is a command which says how long a process takes to complete. Its invoked with the command to be timed as an argument. Does anybody know what it is? time for example # time dd if=/dev/urandom of=/dev/null bs=1M count=1 See also man time(1) Best regards, Claudius -- I'll be Grateful when they're Dead. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org signature.asc Description: PGP signature
Re: Latest update borks
Hello Frank, Frank McCormick debianl...@videotron.ca wrote: sid:/home/frank# aptitude full-upgrade The following packages will be upgraded: gir1.2-javascriptcoregtk-3.0 gir1.2-webkit-3.0 libjavascriptcoregtk-1.0-0 libjavascriptcoregtk-3.0-0 libwebkitgtk-1.0-0 libwebkitgtk-1.0-common libwebkitgtk-3.0-0 libwebkitgtk-3.0-common linux-libc-dev linux-tools-3.2 ntfs-3g xserver-common xserver-xephyr xserver-xorg-core The only thing remotely related to this is linux-tools-3.2. Maybe this package then tries to build the initrd for the 2.6.38 kernel and fails for some reason? On the other hand, this appears rather unlikely, as it claims to only contain a ‘perf’ tool for performance analysis… Processing triggers for initramfs-tools ... update-initramfs: Generating /boot/initrd.img-2.6.38-2-686 FATAL: Module xhci not found. FATAL: Module ext4dev not found. FATAL: Module af_packet not found. FATAL: Module atkbd not found. FATAL: Module zfcp not found. FATAL: Module dasd_diag_mod not found. FATAL: Module dasd_eckd_mod not found. FATAL: Module dasd_fba_mod not found. FATAL: Module unix not found. WARNING: could not open /var/tmp/mkinitramfs_bOtJbL/lib/modules/2.6.38-2-686/modules.builtin: No such file or directory Processing triggers for hal ... Regenerating hal fdi cache ... I have no idea where to go next ? It looks a little bit as if there was not enough space on /var/tmp, but I am not sure… What do # df -hP and # df -hPi say? Additionally, are there any messages in the changelog and README files in /usr/share/doc/linux-tools-3.2 that could explain this? Does the initrd get generated at all? (# ls -la /boot) Best regards, Claudius -- BOFH excuse #166: /pub/lunch Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org signature.asc Description: PGP signature
Re: Font intensity on desktop
Hello Gary, Gary Roach gary719_li...@verizon.net wrote: Hi I have two systems running Debian Squeeze and have essentially the same setup. I am running an ATI Radeon HD 5450 on my main system which has good readable print on both the desktop icons and on the bottom panel. My other system (older) is running an ATI Radeon RV250 and has lousy readability for everything on the desktop. I have gone through the system setup and made sure that both systems are identical. I'm running 1280x1024 at 60Hz refresh rate on both systems. I use the KDE desktop. The newer system is running an Intel board with an i5-750 4 processor CPU. The older system is running an Pentium III (Coppermine). Strangely enough the print on the monitor (Bash) is good on both systems but the window surround is nearly unreadable on the old system. I assume (make an ass out of you and me…) that this has something to do with anti aliasing enabled on one system and disabled on the other. Maybe you can have a look at the font properties of KDE and compare these between the two desktops? For XFCE 4.8, this would be achieved via the ‘Fonts’ tab in xfce4-appearance-settings, a similar program exists for Gnome (at least 2.x, gnome-appearance-settings iirc) and I am sure something like this also exists for KDE. Especially have a look at the ‘advanced’ settings controlling subpixel rendering etc. What do you mean by ‘print on the monitor’? The virtual terminals reachable via Ctrl-Alt-Fx or, for example, konsole? Best regards, Claudius -- BOFH excuse #373: Suspicious pointer corrupted virtual machine Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org signature.asc Description: PGP signature
Re: Can't purge wxdesigneru installed partially.
Hello Csanyi, Csanyi Pal csanyi...@gmail.com wrote: Hi, I downloaded wxdesigneru from here: http://www.wxdesigner-software.de/wxdesigneru_2.20-2_amd64.deb and tried to install it but failed. Now I'm trying to purge this debian package with command: sudo dpkg -P wxdesigneru (Reading database ... 367548 files and directories currently installed.) Removing wxdesigneru ... xdg-desktop-menu: No writable system menu directory found. dpkg: error processing wxdesigneru (--purge): subprocess installed pre-removal script returned error exit status 3 xdg-desktop-menu: No writable system menu directory found. dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 3 Errors were encountered while processing: wxdesigneru The problem is the prerm script of this package, which does some apparently strange stuff with a xdg provided by the package([1]). You might want to try removing the file /var/lib/dpkg/wxdesigneru.prerm but I don’t know for sure if this will work. Afterwards, try again with dpkg -P. You might have to manually clean up some .desktop files or icons afterwards, try: find /usr /etc /home /var -name '*wxDesigner*' Best regards, Claudius [1] Contents of debian/prerm: #!/bin/bash RPM_INSTALL_PREFIX= export RPM_INSTALL_PREFIX /opt/wxDesigner/xdg-icon-resource uninstall --novendor --size 24 /opt/wxDesigner/wxDesigner.png application-wxDesigner /opt/wxDesigner/xdg-mime uninstall --novendor /opt/wxDesigner/wxDesigner_xdg.xml /opt/wxDesigner/xdg-desktop-menu uninstall --novendor /opt/wxDesigner/wxDesigner.desktop -- The best way to keep your friends is not to give them away. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org signature.asc Description: PGP signature
Re: Changing processor
rcb r...@beco.cc wrote: Simple stated, my question is: will my first machine that is runing Debian installed from scratch work smoothly after I simple change its processor from a DualCore to a Core2 Quad? If you are still using the default kernel, i. e. did not recompile your own and threw out ‘unneeded’ options/modules, everything will be fine. (or will I need to reinstall things? Both processors are intel 64 bits, btw). If you have not installed amd64 but rather i386 initially, it might still be a good idea to reinstall using amd64, hence making use of the enlarged address space and some possible other optimisations. Of course, you will have to make sure that the hardware is compatible, i. e. the Core2 Quad fits into your Socket 775, but I assume you already checked that :) Best regards, Claudius -- Stone's Law: One man's simple is another man's huh? Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120303151821.13fed...@ares.home.chubig.net
Re: Restrict a user to a set of binaries?
Bob Proulx b...@proulx.com wrote:
Abou Al Montacir wrote:
Maybe create a new groups trusted and do the following
cd /bin
chown root.trusted *
chmod 750 *
for ff in $ {TRUSTED_BIN_LIST} ; do chmod o=rx $ff ; done
With this users can still create files and copy the programs they want
to run onto the system and run their own copy of them.
At least theoretically, it would be possible to restrict the areas
where this specific user can write to file systems mounted noexec.
But then one would probably have to get rid off the 777 on /tmp.
It might also be an idea to have a look at the restricted shells
(bash --restricted). Additionally, if there is any MAC system such as
AppArmor or SELinux, those might be of use, too.
Of course, the biggest/main problem is the OP not being very clear
with what he wants to achieve.
Best regards,
Claudius
--
Welcome to the Zoo!
Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4
http://chubig.net/ http://nightfall.org
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120303015846.11bb0...@ares.home.chubig.net
Re: not in X. man command does not respect set bell-style visible
Mitchell Laks ml...@post.harvard.edu wrote: however putting PAGER=less -q alone seemed to set the variable (ie echo $PAGER responded less -q) but it did not change the behavior of say man pdl That’s because you only set this variable to your shell and did not export it. Observe: - $ D=123 $ echo $D # Echo is a shell builtin, additionally, this $D gets expanded by the calling shell 123 $ /bin/bash -c echo $D # Let's call a subshell and send it echo $D. $D again gets expanded by the calling (our) shell 123 $ /bin/bash -c 'echo $D' # Single quotes stop our shell from expanding variables $ export D # Export the variable D, making it available to called programs, too $ /bin/bash -c 'echo $D' # Single quotes stop our shell from expanding variables 123 - You might also want to play with the ‘env’ command, which prints out all currently-exported variables. /usr/pager does not exist on my systems Good, it shouldn’t. how would one add any alternative to the alternatives system after creating the /bin/lessq file (containing the line something line less -q $1 i guess) Just to clean that up: /bin/lessq (I would actually suggest using /usr/local/bin/lessq) would then contain something like: - #!/bin/sh /bin/less -q $* - To then install this (after making it executable) as an alternative for pager, one would have to: # update-alternatives --install /usr/bin/pager pager /usr/local/bin/lessq 100 which should automagically select /u/l/b/lessq as the default pager. If you want to change that, try # update-alternatives --config pager or, to get more information: # update-alternatives --query pager Of course, $ man update-alternatives is always a good starting point for such things. Best regards, Claudius -- Taxes are not levied for the benefit of the taxed. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120301180240.23b7b...@ares.home.chubig.net
Re: not in X. man command does not respect set bell-style visible
Andrei POPESCU andreimpope...@gmail.com wrote: On Jo, 01 mar 12, 18:02:40, Claudius Hubig wrote: - #!/bin/sh /bin/less -q $* I've read somewhere that $@ (including the quotes) is safer in such situations. That’s also what keeps lingering in the back of my head. However, I cannot recall the reasons why $* would be unsafe. Unfortunately, googling for either $* or $@ is not exactly…helpful. Maybe you have a link or a hint to a man page regarding this topic? bash(1) does not appear to mention $@. Best regards thank you very much, Claudius -- As President I have to go vacuum my coin collection! Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120301214012.2a60f...@ares.home.chubig.net
Re: not in X. man command does not respect set bell-style visible
Dom to...@rpdom.net wrote: On 01/03/12 20:40, Claudius Hubig wrote: Andrei POPESCUandreimpope...@gmail.com wrote: On Jo, 01 mar 12, 18:02:40, Claudius Hubig wrote: - #!/bin/sh /bin/less -q $* I've read somewhere that $@ (including the quotes) is safer in such situations. Note the 4 5 on the second set of args Thank you very much! And contrary to my intuition, this is also ‘problematic’ when one just wants to pass ‘everything’ to another script. To avoid further potential problems with Bash, I wrote a very tiny Python script that will print out the command line arguments: $ cat t.py #!/usr/bin/python import sys print sys.argv This is then called from a bash script: $ cat t.sh #!/bin/bash printf 'Using $*:\n' ~/t.py $* printf 'Using $@:\n' ~/t.py $@ The result was rather surprising to me but is in agreement with your earlier findings: $ ./t.sh 1 2 3 4 '5 6' 7 '8 ' 9 Using $*: ['/home/claudius/t.py', '1', '2', '3', '4', '5', '6', '7', '8, ', '9'] Using $@: ['/home/claudius/t.py', '1', '2', '3 4', '5 6', 7 '8 ' 9] Best regards, and, again, thank you very much, Claudius -- He who has imagination without learning has wings but no feet. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120302023524.5fc54...@ares.home.chubig.net
Re: [OT] GUI handler for executeable scripts.
peasth...@shaw.ca wrote: An executeable script /home/peter/Desktop/script.sh appears as an icon in the LXDE desktop. A double-click on it, starts it executing. In a Fedora system I use, a double -click on such an icon produces a dialogue offering choices: [Run in Terminal] [Display] [Cancel] [Run]. I'd guess that this handler is available in Debian also. Will someone tell me its name please. Nautilus, most probably. -- Be careful! UGLY strikes 9 out of 10! Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2012012723.4fd55...@ares.home.chubig.net
Re: quick and dirty backup
Hey, Bonno Bloksma b.blok...@tio.nl wrote: tar -zcf /mnt/backup/linXXX-lenny.tar.gz / --exclude /mnt --exclude /proc --exclude /sys Is there anything else I need to exclude? Using Lenny with kernel 2.6.26-2-686 it seems my backup is running forever I would suggest also excluding /dev, /tmp, /var/tmp and maybe /media, depending upon your needs. Best regards, Claudius -- Your step will soil many countries. Please use GPG: ECB0C2C7 4A4C4046 446ADF86 C08112E5 D72CDBA4 http://chubig.net/ http://nightfall.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120220154807.59042...@ares.home.chubig.net
