Re: Authenticator apps
On 8/4/24 19:57, to...@tuxteam.de wrote: On Sun, Aug 04, 2024 at 05:44:07PM +0100, Mick Ab wrote: I have a Debian Bullseye desktop PC. I am looking for a 2fa authenticator that works on my desktop, without using a smartphone or tablet. I don't know what an "authenticator app" is. If what you need is TOTP, oathtool (in the same-named Debian package) might be your friend. What I do is, in a terminal: echo "MY-TOTP-SECRET-KEY" | oathtool -b --totp - | xclip -r -selection clipboard I also use oathtool, but with an encrypted key: gpg --decrypt --quiet key.asc | oathtool -b --totp - Xclip (from the same-named package) puts the result in some X selection (here I use the clipboard, because the result is going to the browser, and those are too stupid to handle other X selections gracefully). Copy via double-click and paste via single click works fine here (for Firefox and Chromium) in X via SSH (the browsers run inside an LXC container). Detlef
Re: Debian Sid. General questions.
On 7/23/24 09:45, 타토카 wrote: Does anyone here use Debian Sid for professional work and programming? I do. Are you happy with this? I am. I just want to know your opinions about this experience. I have several old kernels and respective initrds on my machine and I have another machine running Debian testing (and of course a daily backup of my data). So in case an upgrade makes my workstation unusable and I don't have the time right then I can use the other machine. I'm running Debian unstable since more than five years now mainly to help with testing and the occasional bug report. In these five years it happened once or twice that after an upgrade I couldn't use my machine anymore. It took me a couple of hours or so to get it working again. I have ~40 years experience with *nix, ~30 years with Linux and ~20 years with Debian. I've also built my own distributions (using Yocto). So I generally know what to do if something fails. I run a daily apt update/upgrade, but never a dist-upgrade (I have pinned packages). So regularly apt upgrade doesn't upgrade some packages that I think it should, and normally I just wait until the Debian developers have sorted it out. Occasionally it happens that a package isn't upgraded for weeks and I decide to look after it, which takes some time. Sometimes the packages that aren't upgraded accumulate (e.g. during the t64 transition I had 300+ packages not upgraded) and when I have the time I try to sort it out it may take longer than half a day. And as I'm still not an expert with dpkg and apt I sometimes ask questions here and generally get helpful answers. So yes, I'm still happy with running Debian unstable. I hope this helps you to decide if unstable is something for you. Detlef
Re: NetworkManager with dnsmasq caching NXDOMAIN response of router
On 7/8/24 11:50, David Ayers wrote: On 8/7/24 11:42, jeremy ardley wrote: I also forgot to mention my usual warning: NetworkManager is *not* stable and if you do anything complex with it you can expect trouble. Personally I use systemd-networkd as that seems much more stable and predictable and is easier to congigure NetworkManager is the default... I assume that the defaults is what is the most stable. If it is not, there should be a process to exchange the default. I'd really like to avoid straying from what most people use. Only responding to this part. NetworkManager is the "default" (whatever "default" means) as it serves well the need of many users to connect a client machine to the Internet. I doubt that many users use NetworkManager for what you're trying to do. So you probably are "straying from what most people use". Detlef
Re: Debian 11 and IPv4 static IP address
On 7/6/24 06:51, David Christensen wrote: The underlying issue appears to be that my old-school Linux console network administration skills have been rendered obsolete by systemd and NetworkManager. I don't think that these skills are obsolete. I still use /etc/network/interfaces for everything special (and use the NetworkManager applet on my laptop to manage wifi networks. The only thing that's always annoying is that too many programs believe they have to overwrite /etc/resolv.conf... Detlef
Re: Debian 11 and IPv4 static IP address
On 7/6/24 06:37, jeremy ardley wrote: As I said in my earlier post, it's not necessary to disable dhcpd and in fact it is likely undesirable. Note that the warning in the wiki talks about dhcpcd, not about dhcpd. Though as a pointed out before, your machine very likely will have NetworkManager running and it's probably a good idea to disable it. NetworkManager reliably ignores all interfaces that have an entry in /etc/network/interfaces. If I setup my laptop as AP I have an entry for it in /etc/network/interfaces, but let the NetworkManager handle the wired network. I don't know how well systemd-networkd cooperates with /etc/network/interfaces. Detlef
Re: Debian 11 and IPv4 static IP address
On 7/6/24 04:06, Max Nikulin wrote: On 06/07/2024 08:16, David Christensen wrote: The following sentence: "Make sure to disable all DHCP services, e.g. dhcpcd." Was added at revision 97: From my point of view this warning makes sense. Primary it is a troubleshooting step if an attempt to configure static has IP failed. The assumption is that a reader is either aware what network management tools are installed on their machine or is able to review installed packages, active services, running processes. DHCP client activity may appear in logs. I think this warning is very misleading: if an interface specification in /etc/network/interfaces uses the 'static' method, no DHCP client for this interface will be started. On a laptop you may have the wifi with DHCP and wired network with a static address. Or on a workstation you may have the office LAN interface with DHCP and a development LAN with a static IP address. So disabling DHCP may cause additional problems and will solve none. Detlef
Re: This is a testmail!
Isn't this the usual DKIM problem with lists? The From: has @loop.de, but the sender and DKIM signature is from lists.debian.org. That's why most lists these days rewrite the From: header. Detlef On 7/4/24 14:24, Hans wrote: Me again, sorry. Now I got my last mail back with the spam tag! Subject: Re: *SPAM* [SOLVED] Re: This is a testmail! This is the header: X-Spam-Flag: YES X-SPAM-FACTOR: DKIM X-Envelope-From: bounce-debian-user=hans.ullrich=loop...@lists.debian.org DMARC-Filter: OpenDMARC Filter v1.4.1 mail39c50.megamailservers.eu 464C5Iek122979 Authentication-Results: mail39c50.megamailservers.eu; dmarc=none (p=none dis=none) header.from=loop.de Authentication-Results: mail39c50.megamailservers.eu; spf=none smtp.mailfrom=lists.debian.org Authentication-Results: mail39c50.megamailservers.eu; dkim=fail reason="signature verification failed" (1024-bit key) header.d=megamailservers.eu header.i=@megamailservers.eu header.b="QLjumGn/" Return-Path: Received: from bendel.debian.org (bendel.debian.org [82.195.75.100]) by mail39c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 464C5Iek122979 for ; Thu, 4 Jul 2024 12:05:21 + Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org (Postfix) with QMQP id EA3E420682; Thu, 4 Jul 2024 12:05:15 + (UTC) X-Mailbox-Line: From debian-user-requ...@lists.debian.org Thu Jul 4 12:05:15 2024 Old-Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on bendel.debian.org X-Spam-Status: No, score=-10.5 required=4.0 tests=DKIM_INVALID,DKIM_SIGNED, FOURLA,KHOP_HELO_FCRDNS,LDOSUBSCRIBER,LDO_WHITELIST autolearn=unavailable autolearn_force=no version=3.4.6 X-Original-To: lists-debian-u...@bendel.debian.org Delivered-To: lists-debian-u...@bendel.debian.org Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org (Postfix) with ESMTP id C18E42067A for ; Thu, 4 Jul 2024 12:05:07 + (UTC) X-Virus-Scanned: at lists.debian.org with policy bank en-ht X-Amavis-Spam-Status: No, score=-6.301 tagged_above=-1 required=5.3 tests=[BAYES_00=-2, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, FOURLA=0.1, KHOP_HELO_FCRDNS=0.399, LDO_WHITELIST=-5] autolearn=ham autolearn_force=no Received: from bendel.debian.org ([127.0.0.1]) by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id CNGEsE8xgvQ4 for ; Thu, 4 Jul 2024 12:05:03 + (UTC) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 HELO_IP_IN_CL_SUBNET=-1.2 (check from: .loop. - helo: .mail194c50.megamailservers. - helo-domain: .megamailservers.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -4.7 Received: from mail194c50.megamailservers.eu (mail208c50.megamailservers.eu [91.136.10.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by bendel.debian.org (Postfix) with ESMTPS id EC67D20677 for ; Thu, 4 Jul 2024 12:05:02 + (UTC) X-Authenticated-User: 01793666...@o2online.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=megamailservers.eu; s=maildub; t=1720094700; bh=5Um9/MplAQNd+svZJOunmBGElnorPOi9odLzGqxgObQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=QLjumGn/60xFVhN9BUbajEg0uTOZxqi/Uz8jodz7E1EE2Hi7W3VtjJFW4LGmbJGnC Lt7Nym0B3iEmO+1/fxpnDfmt1lRnzu+Q65akTEd8eaEHbj8G7yo5OCpI4oVjRr7q9o pn0upeaUIrxnepbAwXeozeebIuTSx2zuaH0xvL30= Feedback-ID: hans.ullrich@lo Received: from protheus2.localnet (a89-183-193-109.net-htp.de [89.183.193.109]) (authenticated bits=0) by mail194c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 464C4rxR025870 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 4 Jul 2024 12:04:55 + From: Hans To: debian-user@lists.debian.org Subject: *SPAM* [SOLVED] Re: This is a testmail! Date: Thu, 04 Jul 2024 14:04:53 +0200 Message-ID: <2408526.NG923GbCHz@protheus2> In-Reply-To: <46505217.fMDQidcC6G@protheus2> References: <3645068.R56niFO833@protheus2> <66868718.1030...@fastmail.fm> <46505217.fMDQidcC6G@protheus2> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8" X-VADE-SPAMSTATE: clean X-VADE-SPAMSTATE: clean X-VADE-SPAMSCORE: 0 X-VADE-SPAMSCORE: 0 X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrudelgdegiecutefuodetggdotefrodftvfcurfhrohhfihhlvgem ucfjqffuvffqrffktedpgffpggdqveehtdenuceurghilhhouhhtmecufedtudenucenucfjughrpefhvffufffkjgh fggfgtgejudeftdfjphegsehtufertddttdejnecuhfhrohhmpefjrghnshcuoehhrghnshdruhhllhhrihgthhesl hhoohhprdguvgeqnecuggftrfgrthhtvghrnhephfdvudekheefueevieelgefftdfhtedvlefgfefhieevveejud elhffhleethfeknecukfhppeekvddrudelhedrjeehrddutddtpdekledrudekfedrudelfedruddtleenucevlhh ushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeekvddrudelhedrjeehrddutddtpdhhvghlohepsg gvnhguvghlrdguvggsihgrnhdrohhrghdpmhgrihhlfhhrohhmpegsohhunhgtvgdquggvsghirghnqdhus hgvrhephhgrnhhsrdhulhhlrhhitghhpehlohhophdruggvsehlihhsthhsrdguvggsihgrnhdrohhrghdpnhg spg
Re: PDF Editor for Debian
On Mon, 24 Jun 2024 04:26:47 -0400 Timothy M Butterworth wrote: > I use Master PDF Editor. It works great. > https://code-industry.net/free-pdf-editor/ It looks nice. But being a closed source SW from Russia I'd be careful to run it outside of an isolated VM (which is actually true for most closed source SW). Detlef
Re: CD/DVD is obsolete or deprecate at 2025?
On 6/18/24 04:10, jeremy ardley wrote: On 18/6/24 09:00, Stefan Monnier wrote: Is there a chance to change in next versions i.e. Debain 13 or other versions an assembly specifically for a USB flash drive as primary download? Do you think the time has come? When do you think this moment will happen? AFAIK, all the so-called CD/DVD images work just fine when "burned" on a USB flash drive. So I think the question is whether it's time to change the doc to stop suggesting that those images should be burned onto optical media. Stefan The ISO images will be around for a long time. They are the primary mechanism of creating virtual machines by attaching virtual drives to a .iso file and booting. And some of the BIOSes of old PCs are not able to boot from USB... Detlef
Re: moving some packages back to bookworm stable
On 5/27/24 20:02, Stefan Monnier wrote: # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin I can never remember exactly what `-t` really does, but I suspect you'll need things like apt install libc-bin/bookworm To install a single backported (or other release) package, apt-get install packagename/releasename and to install a backported package plus dependencies which are also from that specific release, use apt-get -t releasename packagename But that's not the whole story of what `-t` does since the above does not explain why his attempt to use `-t` to downgrade some packages resulted in `apt` saying " is already the newest version". Sometimes '-t' works for me, and does what I expect, and sometimes it doesn't. So I generelly use now the explicit version: apt install libc-bin=2.36-9+deb12u7 Detlef
Dependency meaning
This is essentially a follow-up on my question about the 64bit time_t transition. I'm trying to upgrade some packages manually. For this, I'm trying to understand the dependencies. 'apt-cache showpkg libssl3t64' gives me this: Dependencies: 3.1.5-1.1 - libc6 (2 2.34) libssl3 (3 3.1.5-1.1) openssh-client (3 1:9.4p1) openssh-server (3 1:9.4p1) python3-m2crypto (3 0.38.0-4) libssl3 (0 (null)) libssl3:i386 (3 3.1.5-1.1) libssl3:i386 (0 (null)) openssh-client:i386 (3 1:9.4p1) openssh-server:i386 (3 1:9.4p1) python3-m2crypto:i386 (3 0.38.0-4) libssl3t64:i386 (35 3.1.5-1.1) libssl3t64:i386 (38 3.1.5-1.1) I'm trying to understand, what the numbers in parentheses mean. The second numbers are obviously version numbers. I guess the first numbers are dependency types, but I have no idea, what they mean. The man page says "For the specific meaning of the remainder of the output it is best to consult the apt source code." I'd like to avoid this. Can anybody point me to a list what these numbers mean? Detlef
Re: How does the 64bits time_t transition work?
Marco Moock wrote: It currently has "871 not upgraded" and it's nearly impossible to install new packages. The libs will have a suffix of t64, so you need to use dist-upgrade to upgrade the packages if they depend on the t64 libs. No, only the package names have the 't64' suffix, the libraries still have the same name as before. Hence my question whether the libraries provide both ABIs. Although, carefully read what it wants to remove. If it wants to remove packages you need, don't hit y. I did this before, and it threatened to remove a number of critical packages (like qemu). But thanks for the tip: I just ran it again and now it's nearly only old libraries that are removed. Unfortunately it will upgrade packages that I don't want to, but now the manual upgrade actually works (it didn't some hours ago, so waiting helps ;-) Thanks, Detlef
How does the 64bits time_t transition work?
Is there a description anywhere how the 64bit time transition works? I'm currently stuck with a hard to maintain Sid system. It currently has "871 not upgraded" and it's nearly impossible to install new packages. I've looked e.g. into gnutls (on amd64), and libgnutls30t64 (3.8.3-1.1) as well as libgnutls30 (3.8.3-1) both install /usr/lib/x86_64-linux-gnu/libgnutls.so.30.37.1. Does the new libgnutls.so.30.37.1 provide both ABIs? Detlef