Re: Kmail2 stores drafts in wrong folder
On Tuesday 14 March 2017 11:39:12 Hans wrote: > Hi folks, > > I discovered a weired issue in kmail2.When I want to store a draft mail, it > should be stored in the folder draft. But in real it stores in a folder, I > creted new (a personal folder). > > Is there a configuration file, where I can correct these? The draft folder is configured in the account settings. In kmail menu, select Settings / Configure KMail… Select the "Identities" section on the left side of the configuration window. Select your account and click "Modify…". Switch to the "Advanced" tab and change the path to the "Drafts folder". Frederic
Re: Is Me-TV killing mainboards?
On Friday 17 February 2017 08:22:01 Hans wrote: > Hello all, > > there is a weired thing happening. Maybe it is by chance, but maybe it is a > bug. > > As my TV is dead, since 4 weeks I am looking television with my notebook. > The application for dvb-t I am using is me-tv. > > Now it happens, that 14 days ago my first notebook suddenly switched off, > but could be started again after some minutes. This happened during the > last week 3 times, but now the mainboard is dead. > > Now, the same thing happens to my netbook. Watching tv with me-tv, then > suddenly it switches off. this happened now two times. > > Obviously the cpu is getting too hot. However, several years ago I had a > similar problem by a broken cooling fan. The machine went too hot and > switched off. > > But there is a difference: The years ago I could see in the logs (syslog, > kern.log), that the cpu went too hot. Today there are no entries. > > This is strange and I think, me-tv might suppress things. My notebooks were > running on 100 cpu power for hours in the past (for example by building a > kernel) but never switched off. > > Just when running me-tv. IMO me-tv is using full power of cpu and gpu. > But that should not overheat the computer. > > When I force the cpu to powersave, the notebooks never switched off. > > Maybe I see ghosts, but I think it worth to be mentioned. Maybe someone > else, who might using me-tv, and got into the same problem or notices > strange things, can confirm or deny this. > > And maybe there is a bug in me-tv, which kills mainboards, then it might be > dicovered before others are hit by this. Are you watching TV with the computer sitting on your lap or on bed sheets or some other fabric which could obstruct the fan inlet grills? It may be possible that air flow isn't sufficient to cool the processor down when you watch TV but is good when the computer is sitting flat on a table. Some Intel processors are equipped with a built-in sensor that shut the processor down when it overheats. It is a hardware feature. It can't be disabled by software. The Intel N270 is such a processor. It is supposed to reduce its power when it overheats. On the other hand, AMD processors used to fry when they were not properly cooled. I don't know if they are protected now. Modern graphic cards are also expected to have some overheating protection too. So, even though there should be some sort of hardware protection, a overheating component is definitely where I direct my suspicions when someone says a laptop behave erratically when watching TV. Frederic
Re: MTP device mount gnome 3
On Saturday 21 January 2017 07:47:25 Vadim Kolchev wrote: > Hello, > Just noticed an interesting thing > Have an MTP Xiaomi smartphone device, all relevant packages installed. > Also have M-Audio M-track HUB external soundcard with 3 USB ports. > > When connecting MTP device to HUB, have message in dmesg about Xiaomi, but > it does not mount and cannot be accessed. > > When connecting to USB port of the machine directly, it shows in Nautilus. > > I really got used to HUB, is there a way to fix it? My experience with MTP and a Samsung smartphone is that the usb cable gauge is critical. A standard gauge 28 cable is too thin to provide a good power supply to the phone. The device constantly disconnects until Android gives up claiming that it could not find a suitable program on the host computer to communicate with. I tried gauge 24/28 cables. They give a somewhat better result but it is far from perfect. I suspect the cable is not entirely to blame at this point. Your hub or its cable could be unable to provide the required power supply to the smartphone. Is your hub self powered? Have you tried to connect the smartphone with the hub cable? It may be too thin for MTP requirements. Frederic
Re: bpo kernel 4.7 broken? Re: Some function keys not working on a ThinkPad W550s
On Tuesday 29 November 2016 02:22:40 Richard Hector wrote: > On 26/11/16 14:27, Henrique de Moraes Holschuh wrote: > > On Fri, 25 Nov 2016, Celejar wrote: > >> > applications and a few things from backports. I'm currently running > >> > kernel 4.7.0-0.bpo.1-amd64 from backports. > > > > Don't. That kernel is very broken. Switch to the latest 4.8 kernel > > available from either unstable or kernel.org, or compile the latest > > 4.4-longterm kernel from kernel.org. > > Woah. I was just about to install that. Am I ok, and better off, > sticking with the 4.6 bpo kernel? I had no joy with kernel 4.7 from backports on my HP ProBook 650. The Broadcom-sta-dkms package is not available for that kernel version. So, no wireless network. Moreover, the computer would frequently freeze during start up. Frederic
Re: mdadm - two questions
On Tuesday 22 November 2016 18:10:53 Kamil Jońca wrote: > 2. there is md0 (raid1) with two disk in it. It is PV for lvm. > I want to extend space by adding another two disks. Is it possible somehow > extent md0? Or the only way is to create second md device, and assign it > to volume group? I can only answer this question. I did something similar on an old computer several years ago except I had to grow the LV using other partitions instead of adding new disks. The computer had two disks. Each disk had a partition assembled as a raid1 array md0. md0 was the only PV of the VG. When I had to grow the VG, I reclaimed two existing partitions from each disk and assembled them as md1 and md2. Then I added /dev/md1 and /dev/md2 to the VG. It doesn't matter to the VG if it is made of /dev/sda1 and /dev/sdb2 or /dev/md0 and /dev/md1. Then follow the usual procedure to grow the LV and the file system. Frederic
Re: alt F2 in kde does not work
On Thursday 20 October 2016 00:07:25 kamaraju kusumanchi wrote: > When I press alt F2 and enter konsole in the window, nothing happens. > The expected behaviour is to start a konsole window. Does anyone know > which command/package is responsible for the alt+F2 functionality in > KDE? Have you checked the global keyboard shortcuts ? Start the "System Settings". Click on the "Shortcuts and Gestures" icon. Select the "Global Keyboard Shortcut" section on the left. In The "Kde component" drop down list, select "Run Command Interface". On my KDE, the "Run Command" entry is set to Alt+F2. Frederic
Re: Script vs command line behaviour
On Wednesday 12 October 2016 08:40:12 Greg Wooledge wrote: > And stop using -9 (SIGKILL). Forever. Pretend it never existed. That's a bit harsh. The tool exists for a good reason :-) "Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." Doug Gwyn, in Introducing Regular Expressions (2012) by Michael Fitzgerald And for the curious, here is why kill -9 should only be used as a last resort when everything else failed: http://unix.stackexchange.com/questions/8916/when-should-i-not-kill-9-a-process Frederic
Re: odd load patterns
On Tuesday 13 September 2016 20:09:26 Miles Fidelman wrote: > Hi, > > Lately, our server has been showing high loading, but top shows that the > CPU is mostly in wait mode, and iotop shows low disk i/o traffic. How do you know the load is high? Where is the indication coming from? > Usually, the system shows high load when either > > a. Someone is indexing our web server (which shows up as CPU load on > apache). > > b. Our list manager is processing a bunch of traffic (most of the load > comes from spam and virus filtering - which shows up as cpu load on > amavisd, and clamd, as well as a lot of disk i/o). > > The one place I see this effect behavior, if for email clients accessing > IMAP - I've been seeing timeouts, and exceptionally high delays to load > an inbox, or move stuff to the trash. > > This pattern is new - and there's really nothing that I've changed in > terms of configuration or loading that I can see. > > So... any thoughts? Any diagnostic approaches? Could the heat sink or fans be clogged with dust? If heat can't be extracted properly, the CPU will lower its frequency and appears sluggish. The fan will turn at top speed too. I'm interested in more opinions and diagnostic tools too because my laptop suddenly became very slow and unresponsive yesterday until I restarted it. top was showing a mostly idle cpu but kde system activity was displaying a lot of "disk sleep". The computer was fast again if I stopped firefox and libreoffice calc. It went slow again if I started any of them. Restarting the computer solved the problem. Frederic
Re: mount MTP phone
On Tuesday 06 September 2016 09:19:07 Joe Pfeiffer wrote: > Most commonly when I've seen a device fail to enumerate, the problem has > been the cable (I know, you've already said you've tried multiple cables). I second that opinion. MTP only works with a 24/28 gauge USB cable on my daughter's Android phone. That's a cable with thick power wires. With a standard 28/28 gauge USB cable the MTP device is detected but it disconnects within seconds. It continues with a sequence of connect/disconnect until Android complains that it can not find any suitable software on the host computer to communicate with. I suspect the OP might have had multiple issues that had to be fixed in the right order to solve the problem. The cable being only one of them. Frederic
Re: Reuniting disks in a raid1 array
On Tuesday 30 August 2016 11:32:55 Lars Noodén wrote: > On 08/30/2016 08:33 AM, Frédéric Marchal wrote: > >... > > > > Now, it's time for the old computer to retire and sdb to join its partner > > in the new raid1 on the new computer. > > > > How can I do this safely? > > Here is what I did when I restored a drive to a RAID 1 array. I'm not > an expert, so you'll want to verify these steps. > > First I cleared the start of the drive-to-be-added using "dd" reading > from /dev/zero for 1MB (probably unnecessarily large). Then I copied > the partition table from the existing disk in the array to the > disk-to-be-added. I used a different method, but looking around the > correct way might have been to pipe output from "sfdisk -d" on the > existing drive to "sfdisk" on the drive-to-be-added. That put the > partition(s) in the right place(s). I suspect this step won't work because the second hard disk was part of the array in the past. Its partition table is identical to the one on the active disk currently in the array.. If I wipe the partition table from sdb and clone the partition table from sda, sdb will end up with the exact same partition table as before. I suspect the raid superblocks and file systems will be detected as if I hadn't changed anything. The only difference between sda and sdb is that they lived, as degraded raid1, on different computers for a few months. I would like to avoid dd'ing a 1TB disk with /dev/zero. Syncing the two disks will take long enough… Frederic
Reuniting disks in a raid1 array
Hello, I had two disks in a mdadm software raid1 on an old computer. I moved sda to a new computer. It ran there in a degraded raid1 for months. The second disk, sdb, kept running as the lone survivor of the original raid1 on the old computer. Now, it's time for the old computer to retire and sdb to join its partner in the new raid1 on the new computer. How can I do this safely? Do I have to wipe sdb before adding it to the new computer? If so, how do I make sure raid data is gone from every one of the three partitions? Or maybe mdadm will see that sda was used more recently than sdb and will synchronize sda onto sdb? Thanks, Frederic
Re: Iceweasel uses wrong charset
On Wednesday 11 May 2016 11:23:56 err...@free.fr wrote: > Why unicode like utf-8 is not default value in iceweasel ? > > (it's time, we are in 2016 now) Unicode is the default in firefox/iceweasel. See https://developer.mozilla.org/en-US/docs/Web/Guide/Localizations_and_character_encodings The OP may have changed an option in about:config to make windows-1252 the default. Frederic
Re: Iceweasel uses wrong charset
On Wednesday 11 May 2016 10:55:54 Rob van der Putten wrote: > Hi there > > > UTF-8 is my default locale. So obviously text files are UTF-8 as well. > So why does iceweasel insist that these are windows-1252? How do I fix this? In about:config, have you changed any of intl.charset.detector or intl.charset.fallback.override ? They are both empty in my configuration. Frederic
Re: Shell - escapes
On Tuesday 10 May 2016 11:18:06 Die Optimisten wrote: > Hi, > > How can I escape a ' inside '...' > e.g. perl -e 'print '$ and a' '# I don't want to use " This seems to work: perl -e 'print '\''$ and a'\' It must be understood as the concatenation of these strings: * literal string: 'print ' * escaped \' * literal string: '$ and a' * escaped \' Frederic
Re: mplayer: --alang option
On Sunday 08 May 2016 07:57:59 Pierre Frenkiel wrote: > hi, > I tried to rip a DVD with "mplayer --alang=fr", but got > the english audio track. Did anybody used this option, and if yes > with what result? I haven't done this for ages but, if my memory serves me well, when the language name is not defined on the DVD track (as is apparently your case), you must use --aid instead of --alang. --aid expects a number which is the audio channel ID code. The audio ID code identifies the audio channel on the DVD track. It is not related to the actual language (read this as: it doesn't always have the same value for French, not even from one track to the other on the same DVD). It is an ID assigned to an audio "slot" on the track. The actual number can be displayed with lsdvd -a. It usually is 128 or 129 from my experience (it may be bigger if the DVD has many languages and French is not among the two first). I think lsdvd displays it as hexadecimal when mplayer expects it as decimal (or is it the opposite). Frederic
Re: which files took the space
On Friday 04 March 2016 07:18:59 Adam Wilson wrote: > On Fri, 4 Mar 2016 04:03:01 +1100 Andrew McGlashan > > wrote: > > On 4/03/2016 3:07 AM, Adam Wilson wrote: > > > On Fri, 4 Mar 2016 03:03:53 +1100 Andrew McGlashan > > > > > > wrote: > > >> It also may have been files in the file system, but where another > > >> file system mount hides them > > > > > > What does this mean? Mounts overlapping and hiding other mounts? > > > > > > Explain, please. > > > > Yes, this is more likely to happen to the root file system. > > > > Say you have a bunch of files in /boot, but for some reason you have a > > /boot partition that wasn't mounted when those files were created > > then you mount the /normal/ boot partition over it and now the other > > files are now hidden from view, but still taking up space. > > So you're talking about creating files in an unmounted partition, and > then mounting it, but since file addition happened when the FS was > still in an unmounted state, the new files weren't written to the > journal? > > Surely in that case the new files would simply not be registered and > act as free space (as if they had been deleted)? This is not about a caching service. It is about the way the content of a mounted disk is made visible to you. Have you ever wondered how a path name, on your main hard disk, such as /mnt/usb becomes a link to a USB disk known to the system as /dev/sdd1? When you type mount /dev/sdd1 /mnt/usb It tells the system that, from now on, the directory named "/mnt/usb" becomes the entry point to the file system that sit at "/dev/sdd1". Any call such as "ls /mnt/usb" will list the content of the USB disk instead of the usual content of /mnt/usb. When the device is unmounted, the directory that serves as its mount point is restored as a regular directory. Now, imagine /mnt/usb is not mounted. It is a directory just like any other. If you copy files to /mnt/usb, they will be copied to that directory and you have access to them as long as no device is mounted under /mnt/usb. Then, you mount the USB disk to /mnt/usb. Now, the files are still on the hard disk (let's say /dev/sda1) but the path /mnt/usb now lists the content of the USB disk on /dev/sdd1. It can happen with /boot or /home. Mistakenly copying files to an unmounted drive copies the files to the underlying file system, in the directory that usually serves as the mount point for the external file system. Once /boot or /home is mounted, you don't see the files but they are still taking space on the disk. Hope it helps, Frederic
Re: URGENTLY need help on using VPN
On Thursday 10 September 2015 15:05:36 Li Wei wrote: > I have got info of remote IP, account name and password > I have installed debian/linux and openvpn > but how to start VPN?? I have no openvpn any more to test it but if I remember well, it would connect by simply running the following command in a shell openvpn client.conf where client.conf is an openvpn client configuration file. > Thank you very much!!! > > PS: Could you send me content of link below? > http://openvpn.net/howto.html > I'm in China and the site above is blocked. Thanks! I'm sending it off-list directly to you. Frederic
Re: Anyone else having password failures at pop.gmail.com?
On Thursday 27 August 2015 22:14:43 Joel Rees wrote: > I lost track of this thread somehow. Sorry. > > On Thu, Aug 20, 2015 at 11:39 PM, Frédéric Marchal > wrote: > > On Thursday 20 August 2015 07:53:33 Joel Rees wrote: > >> Any chance it's the old problem with Google's chain to a root CA? > > > > Could you elaborate on this problem? > > http://arstechnica.com/information-technology/2015/04/google-let-root-certif > icate-for-gmail-expire-causing-e-mail-hiccups/ > > may or may not be what I was remembering about the CA. Thanks. The link says Google let its certificate expires once. That's not the problem I saw. My message was about the root certificate not being valid for that purpose. With little luck, it was much more benign than a hacker having his way with the LAN. > > Kmail just popped a warning this morning about an invalid google > > certificate. Kmail claims that "the root certificate is not valid for > > that purpose" (whatever that means)… > > > > I would like to know how to make sure whether it is safe to accept the > > certificate or not. > > > > My employer's gateway may be providing a fake certificate to monitor the > > SSL communication but I don't know how to tell if the certificate was > > rewritten by the legitimate gateway or by a rogue third party or if > > google messed up. > Do you know how to manually verify a certificate? Let's see if I did my homework correctly :-) I get the certificate: openssl s_client -connect imap.gmail.com:993 Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority I download GeoTrust CA certificate from their web site: wget https://www.geotrust.com/resources/root_certificates/.pem Then I run this to verify the chain down to the third level: openssl s_client -connect imap.gmail.com:993 -verify 3 -CApath . depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = imap.gmail.com verify return:1 <...snip...> Verify return code: 0 (ok) Is this procedure valid? May I use it next time kmail complains about the root certificate if I'm running it from inside the LAN that might have been compromised? I wonder about the wget step. Thanks, Frederic
Re: Antivirus for Debian
On Friday 21 August 2015 09:25:24 Gene Heskett wrote: > On Friday 21 August 2015 08:53:46 to...@tuxteam.de wrote: > > On Fri, Aug 21, 2015 at 01:55:54PM +0200, Frédéric Marchal wrote: > > > > [...] > > > > > My understanding of ClamAV is that it is not suitable to scan an > > > infected Linux computer from the computer itself. > > > > The best summary so-far. Thanks for it! > > -- t > > I would never make such a statement. I use it to do a daily scan 3 major > areas of this machine that covers both home, and my web pages content. > And it has found suspicious files in the email corpus tree, files that > somehow got past the incoming email scan that procmail also subjects > that email to. I suspect they were zero-day things aimed at winderz > lusers that got by and were caught later after freshclam had updated the > signature database. > > Files that I never attempted to view in the first place by following > common sense rules, like know the sender. I wasn't clear enough. ClamAV cannot fix a Linux box infected by a live virus. A virus tailored for Linux would make sure it fails. A boot CD is required in that case. So, running ClamAV on a daily basis to make sure the system is sane is pointless. In addition, ClamAV cannot protect your computer the way Windows anti-viruses do when the user execute a program containing a virus. My mail had a paragraph about cases where ClamAV is useful. Scanning mails for Windows virii was in the list. But note that it won't do you any good to scan your Linux inbox for Windows virii unless you have a habit of forwarding suspicious mails to Windows users (that could be fun though }:-> ). Frederic
Re: Antivirus for Debian
On Friday 21 August 2015 11:28:43 Diogene Laerce wrote: > Could anyone here, honest, as we all are I know, guarantee at 100% that > the OP won't ever have any virus issue on his Debian system ? > > No. > > Should he fear viruses as much as on a Windows system ? > > Certainly not. > > Security relies first on common sense. Is it common sense to rely on the > hackers laziness to attack Linux because it would maybe eventually be > unattractive ? > > Certainly not. > > Does run a AV from time to time on his computer will harm the OP or his > machine ? > > Unless he does it manually with a hammer and a saw.. I don't think so. > > So should you (the OP) run an AV ? > > Well.. I guess. IMVHO ;) My understanding of ClamAV is that it is not suitable to scan an infected Linux computer from the computer itself. ClamAV is suitable to scan Windows partitions from a Linux boot cd or to scan mails relayed by a Linux server or scan Windows files hosted on a Samba/ftp/http server but that's about it. It doesn't work like Windows AV. As far as I know there are no software for Linux that work like AV on Windows where the virus killer is also responsible for preventing a nasty application from starting in the first place (please provide links if I'm wrong). To protect the integrity of a Linux system, Tripwire, AppArmor or SElinux can be used but they don't protect files in $HOME (if the user is allowed to edit his/her own files, a rogue app running as that user can do it too). If the system is infected, rkcheck or rootkit hunter are the tools to use but then it is already too late for the damaged files. On the good side, an active runtime protection (like Windows does) is not really necessary on Linux as we all install softwares from the official repository or compile them from trusted source code (we all do that, do we :-) ). It is much less common to install games or warez downloaded from the internet. The main threat left comes from web scripts such as javascript, flash or java applets running on visited web sites. Installing an addon such a NoScript on Iceweasel may help a lot here. And keeping the browser up to date is mandatory! Frederic
Re: Anyone else having password failures at pop.gmail.com?
On Thursday 20 August 2015 07:53:33 Joel Rees wrote: > On Thu, Aug 20, 2015 at 7:22 AM, Gene Heskett wrote: > > They apparently did something just before 15:00 local time (GMT-4=EDT > > today, as both mailfilter and fetchmail are now reporting a password > > authorization failure. > > > > Thats two separate config files, neither of which has been into an editor > > to even change the size of the top dot of an i in about 2 years. > > > > So, is it me, or has gmail changed the protocol somehow? > > Any chance it's the old problem with Google's chain to a root CA? Could you elaborate on this problem? Kmail just popped a warning this morning about an invalid google certificate. Kmail claims that "the root certificate is not valid for that purpose" (whatever that means)… I would like to know how to make sure whether it is safe to accept the certificate or not. My employer's gateway may be providing a fake certificate to monitor the SSL communication but I don't know how to tell if the certificate was rewritten by the legitimate gateway or by a rogue third party or if google messed up. Thanks, Frederic
Re: What pulls in the tray of my /dev/sr1 ?
2015-07-28 10:20 GMT+02:00 Thomas Schmitt : > Hi, > > Mike Castle wrote: >> Has the drive displayed this behavior since you turned on the machine, >> or just you just start to notice it after a while? > > I noticed it on the day when i got the machine. > > >> Ok, really maybe it only starts to happen after some specific event, >> which could be any thing you'd done while working on libburn, or some >> internal timer kicked off, or something like that. > > Some delayed action came to my mind too. > But my own experience with the MMC specs and the statement of the > manufacturer make this improbable. > > If there was a command sequence which causes such a delayed > action, then it must be in effect for more than one pull-in. > Normally i would expect that such a delayed action is not > repeated without new commands. > But my drive pulls in without any commands shown by btrace > between two experiments. Could it be closing because the open sensor is defective or not properly aligned or the drawer reaches the mechanical hard stop? Then, maybe the motor detects it as a over-current and closes the drawer the way it does when you push it manually. The delay seems a bit long for such an action though. I would expect the drive to give up much sooner if the drawer doesn't open wide enough to its liking... Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8rzxgoa2u1bvyhnamkdr9+rdcaqotbn_ukbng1twzu...@mail.gmail.com
Re: File check at boot
2015-07-21 18:28 GMT+02:00 Martin Skjöldebrand : > > Quoting Erick Ocrospoma : > > And the only half helpful suggestion from the hosting was running in single > mode from grub, but the disk is mounted at that time. Else to rollback a > snapshot of the server which would mean hours of reconfiguration which I am > hoping to avoid. It may be possible to run fsck in single mode. Remount the root partition in read-only mode: mount -o remount,ro / If it fails due to open files, find the daemons opening files for writing on the root partition and terminate them (or kill -9 if necessary). Lsof may help you find what daemon has open files but last time I tried, it was simpler to run ps aux and kill what obviously was a logger of some sort and it was enough to remount the partition in read only mode. Then run fsck. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8qfuwagpxwuxalvajbj7r0imn3gby7-i8t7auj412m...@mail.gmail.com
Re: Free GNU/Linux intro class for teens advice? Purchase box? Squeak/Smalltalk programming
2015-07-07 6:08 GMT+02:00 Glenn English : > > On Jul 6, 2015, at 6:12 PM, Marc D Ronell wrote: > >> Has anyone tried running a GNU/Linux intro class for teens? Can >> anyone share their experiences, thoughts or suggestions? Feedback >> based on actual experience would be most helpful, I think, but I would >> appreciate any insights. > > Have a look at a problem set from Harvard's CS50 course: > > https://cdn.cs50.net/2015/x/psets/0/pset0/pset0.html > > This is Harvard's take on an intro to CS, and much of it would be over the > heads of a group of teenagers. Most of it, so far, has been fairly hard core > C, but they start out using Scratch: > > https://scratch.mit.edu/ > > Scratch looks to be more aimed at kids, but you might be able to get some > ideas from the CS50 site. Scratch is very good to teach the basis to pre-teens (and possibly as a starter for older kids). To go beyond that, have a look at Alice: http://www.alice.org. Plain C requires a lot of effort before producing any visible result. Instead, you may want to have a look at Qt and its IDE: QtCreator. Its C++. It makes it easy to produce a windowed application with moderate user interaction. I had a look at Smalltalk once. It looked good until I got into introspection of introspection of introspection... That got me lost :-) Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8tgh8wgr2zaj0zzmhvw60wk7lncneisy7f6r_dx-ru...@mail.gmail.com
Re: Jessie and screensaver on lid-close
2015-04-30 3:26 GMT+02:00 Gary Roach : > On 04/29/2015 10:30 AM, Frederic Marchal wrote: >> >> On Wednesday 29 April 2015 09:08:41 Gary Roach wrote: >>> >>> On 04/28/2015 05:27 AM, Francesco Ariis wrote: Hello, >>> This doesn't answer you question exactly but I would like to point out >>> that screen savers are useless with lcd / led screens. They were >>> originally meant to protect CRT's from burn in when the electron beam >>> stayed in the same place too long. I don't use them anymore. So unless >>> you just like the pretty pictures, turn them off. >> >> Not quite right. I have seen LCD screens where the login screen was burned >> in >> the screen leaving a clearly visible and annoying shadow at all time. >> > I bow to your experience but, for the life of me, I can't see how this could > happen with the physics that is involved. I suppose that the liquid crystal > material could deteriorate with time but I thought that the stuff was pretty > indestructible. I saw it on two LCD monitors of the same brand. I can't remember the brand. They were among the first LCD monitors I installed at a customer's production site in 2004. Nobody cared about using a screen saver as LCD monitors were not supposed to need one. The monitors were lit 24/7 with the login screen displayed most of the time. After a few years, the shadow was permanently visible. I'm not sure the liquid crystal was at fault because the burn in was visible even when the monitor was turned off. It looked more like the login screen was printed on the polymer making the front sheet. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAJ7R-8Qb3LHzfFAmxa4vanWrZcZvN-skaL=4nzzgrg70gmu...@mail.gmail.com
Re: Help with TestDisk
2015-04-30 5:02 GMT+02:00 Seeker : > > On 4/29/2015 5:41 AM, German wrote: >> >> Thank you for the effort explaining all that to me. Have a great day. >> > Good luck, if photorec doesn't do it for you either, I have used the Windows > version of R-Studio with some success. "Foremost" can recognize and recover more file types than photorec (http://foremost.sourceforge.net/). There is a Debian package. If the partition table is as damaged as it looks, run foremost on the whole disk: foremost /dev/sdd Note that it can only recover supported file types. It won't recover everything. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAJ7R-8QHS+URdZhSqnT-DOkQkCaqUhiAo_G=ezwgzsgoiv-...@mail.gmail.com
Re: How to bypass login screen in Jessie?
On Tuesday 21 April 2015 16:35:18, German wrote : > hi. I'd like to bypass the login screen and boot straight to LXDE desktop. > How do I accomplish this? I am the only user on this system. Thanks It depends on the Display Manager started during boot. Some of the biggest players support autologin (kdm or gdm). Others don't (xdm). The simplest display manager I know of with autologin is nodm. I never tried to start LXDE but I use it to start OpenBox without login prompt. The user to autologin is defined in /etc/default/nodm (not sure about the exact file name as the system running it is currently powered off). Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201504220932.51623.frederic.marc...@wowtechnology.com
Re: Encrypting an External HDD
On Wednesday 15 April 2015 18:33:56, David Christensen wrote : > On 04/15/2015 08:01 AM, ken wrote: > > What options or features does one get by putting the LUKS container in a > > partition rather than putting it on a raw drive? > > I am not aware of any technical advantages or disadvantages of LUKS on a > raw drive vs. LUKS on a partition. For me, it's more a matter of > personal habit/ psychology in the face of several computers, many > drives, and changing conditions over the years. Having a partition table may prevent other common OSes from assuming the disk is uninitialized if they happen to see the disk and propose to format it or, worst, format it without asking for permission to do so… Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201504161536.39208.frederic.marc...@wowtechnology.com
Re: Can't isntall Debian on UEFI system
On Wednesday 15 April 2015 11:22:49, German wrote : > Hi all, I am trying to install live image from USB stick, but my comp's > BIOS doesn't see the drive. I tried to dd .iso to stick, I tried to copy > it, still, BIOS doesn't see it. I also don't see any efi folders on the > stick when I look at it with a file manager. Any ideas? Thanks I did it no later than yesterday. I downloaded the netinst image of jessie rc2 on this page: https://www.debian.org/devel/debian-installer/ In my case, it was the amd64 image. I copied it to the usb key with this command cp debian-jessie-DI-rc2-amd64-netinst.iso /dev/sdc Then the key booted just fine on an EFI system and it installed on a CF disk booted by EFI (checked it by making sure /sys/firmware/efi exists). Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201504151425.24187.frederic.marc...@wowtechnology.com
Re: Encrypting an External HDD
On Wednesday 15 April 2015 13:53:20, Stephen R Guglielmo wrote : > Hi list, > > I have a USB external HDD that I would like to encrypt with a > passphrase. After looking into filesystems, I decided to go with Ext4. > What's the recommended way of encrypting a drive? Do I partition it > first, then encrypt that partition? > > Internet searches lead me to LUKS & cryptsetup. However, the blog and > forum posts I've read are a bit old. I'm running Jessie. I followed this procedure on Monday and got an encrypted USB disk with LUKS: http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks- cryptsetup-command/ It contains a neat trick to monitor the progress when filling the partition with zeros: pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M It is convenient to monitor the progression as it took more than 4h to fill a 1TB USB3 disk. I understand that filling the encrypted partition (/dev/mapper/backup2) with zeros is equivalent to filling the unencrypted partition (/dev/sdb1) with random data as explained by other procedures. There is one thing I didn't do as described. I initialized the LUKS partition with this command cryptsetup -y --use-urandom -v luksFormat /dev/sdb1 It use /dev/urandom instead of the default /dev/random to generate the master key. The documentation says it is better to use urandom as random may block if the computer entropy is low. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201504151417.48084.frederic.marc...@wowtechnology.com
Re: svn, subversion, repos
On Monday 09 March 2015 19:14:21, pe...@easthope.ca wrote : > http://svnbook.red-bean.com/en/1.7/svn.reposadmin.create.html has > > $ # Create a repository > $ svnadmin create /var/svn/repos > $ > > In wheezy this fails of course. Is /var writeable by users in > any widely used Linux? > > peter@dalton:/var$ svnadmin create svn/repos > svnadmin: Repository creation failed > svnadmin: Could not create top-level directory > svnadmin: Can't create directory 'svn/repos': No such file or directory > > No mention of repos in /usr/share/doc/subversion/README.Debian. > Nothing obvious in wiki.debian.org. > Nothing in https://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html. > > Is there a "common practise" in Debian? Write permission on /var? > repos in /home/user/? I store the repositories in /var/svn/repos to make them available for browsing through websvn. It is very convenient when I need to have a quick look at a code base without checking out the content. Beside, I see no indication that svnserve can serve repositories out of more than one directory. If every user stores his repositories in his own home, the repositories can only be accessed using ssh. I don't know how well tools such as tortoisesvn handle it. Moreover, users need a valid user account on the server and a login shell to administer the repositories. It may prove a challenge to Windows users :-) and a security risk. On my server, the repositories can only be created by root. When someone needs a new repository, I create it myself. It let me review the proposed repository name to filter out meaningless or silly names. I also discuss with the user if it is best to have one repository for several related programs or if several repositories should be created. With my user base (17 users), I create one new repository every month at the most. If you want to let users administer the svn repositories, you may want to have a look at projects such as FusionForge (https://fusionforge.org/), submin (http://supermind.nl/submin/index.html), scm-manager (https://www.scm- manager.org/), User-friendly svn (http://www.usvn.info/). I haven't tried any of them. Frédéric -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503100928.10608.frederic.marc...@wowtechnology.com
Re: Can't get sound to work
On Saturday 17 January 2015 21:41:38, Ric Moore wrote : > On 01/17/2015 07:29 AM, Frédéric Marchal wrote: > > My problem is now solved. I unfortunately can't provide a full scientific > > analysis of what happened. I list every clue that might help anybody else > > facing the same problem. > > All you had to do was to mute the HDMI stuff to make it easier on alsa. How do I mute HDMI to make it easier on alsa? Isn't alsa reporting every sound device found at the hardware level? > More features, more choices. HDMI wasn't even an option until a few > years ago. Welcome to the new Linux! The audio system is still highly unstable according to my experience. KDE complains that the audio hardware changes nearly at every boot. It reminds me that it doesn't complain now that I take care of closing amarok before shutting down the computer. I don't know if it is related. The KDE Audio mixer content changes every couple of month too but I haven't found what is the package whose update is responsible for those changes. At this time, the "Playback devices" tab contains one slider for HDMI and one for Analog stereo. There used to be more sliders for the various sources such as the microphone. The mixer also used to have a menu to select the channels to hide or show. It doesn't any more. As I don't use sound much, a lot usually happen on this computer before I notice a change or a failure with the sound system. And even more time pass before I care enough to investigate thoroughly :-) > I betcha you have only one jack, that is supposed to autoswitch between > audio-out and headphone-out. There is a huge difference. You still > haven't replied to where your headphone is plugged in, what type, etc. I have no headphone nor external speaker so I can't test it. My only sound output is the laptop internal speaker. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501191146.49918.frederic.marc...@wowtechnology.com
Re: Can't get sound to work
On Friday 16 January 2015 21:49:37, Ric Moore wrote : > On 01/16/2015 05:53 AM, Frédéric Marchal wrote: > > On Friday 16 January 2015 10:33:23, Lisi Reisz wrote : > >> On Friday 16 January 2015 08:41:29 Frédéric Marchal wrote: > >>> BTW, I have pulseaudio installed in case it matters. > >> > >> So the advice is to have alsa and pulseaudio? > > > > I haven't investigated that far. I'm just stating a fact. > > > > I don't know what's the purpose of pulseaudio nor what are the benefits > > of having installed it. I don't know if it would break something to > > remove it. > > > > I believe it was installed at some point as part of a routine system > > update and may have been the cause of the sound failure in the first > > place. > > Nope, as you can use alsa directly at any time, as with aplay. I think > your old /etc/asoundrc is a leftover from upgrading from one release to > the next to the next. I'm running on a fresh install of Jessie and have > no /etc/asoundrc or ~/.asoundrc files at all. Maybe it's time or a fresh > install?? To me, the problem of a live upgrade is that all of the old > /home dotfile cruft hangs on forever. :) Ric The initial problem, after installing wheezy, was that no sound was produced. It was due to alsa using the HDMI device by default. I had to create ~/.asoundrc to make alsa use the correct PCH device. That was a fresh install of wheezy on a new HP ProBook 650. There was no asoundrc but I needed one to make alsa use the correct device. I don't remember having seen pulseaudo after installing the system. I only noticed it at some point after the sound stopped working. I didn't install it on purpose. That's the reason I believe pulseaudio was pulled by a dependency during an update and broke my (possibly unusual) sound configuration. My problem is now solved. I unfortunately can't provide a full scientific analysis of what happened. I list every clue that might help anybody else facing the same problem. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501171329.31063.frederic.marc...@wowtechnology.com
Re: Have I been hacked?
On Friday 16 January 2015 14:38:09, Joel Rees wrote : > > I can remember "TwasBrilligAndTheSlithyToves" and associate it with an > > account. > > > > Before signing up I do > > > > echo TwasBrilligAndTheSlithyToves | sha1sum | base64 | cut -c -30 > > > > The output is what I give to a site as a password. > > Now you're talking sense. Maybe I don't need to answer your questions > about IP spoofing and using strategy instead of pure brute force after > all. > > Although, when you don't have access to a command line that gives you > sha1sum, you're back to having to work hard to remember what you gave > that site for a password. > > Frankly, rot13 or rot42 would get pretty close. But I would prefer a > tool of my own making that I can use to exclusive-or the site name > with my chosen pass-phrase before I pass it to the predictable > shuffle. That looks like https://www.passwordmaker.org/passwordmaker.html which is available as a firefox/iceweasel plugin and a chrome plugin (if I'm not mistaken). That tool takes one master password (you only have to remember that one) and use it to derive a site specific password based on that password, the url and possibly the user name used on the site. The generated password can be computed at any time and on any computer with those informations and various other options (such as the hash algorithm, the characters included in the password, the password length and so on). Due to the hash algorithm, it is impossible to find the master password from one or even many generated passwords. Nor is it possible to compute the password for another site from passwords harvested on compromised sites. If one site is compromised and the owner ask you to change your existing password, simply change one option in PasswordMaker to generate a new password. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201501161551.08129.frederic.marc...@wowtechnology.com
Re: Can't get sound to work
On Friday 16 January 2015 10:33:23, Lisi Reisz wrote :
> On Friday 16 January 2015 08:41:29 Frédéric Marchal wrote:
> > But sound started to work fine after I edited $HOME/.asoundrc like this:
> >
> > pcm.!default {
> > type plug
> > slave {
> > pcm "hw:1,0"
> > }
> > }
> > ctl.!default {
> > type hw
> > card 1
> > }
> >
> > The symptoms are not the same as yours. aplay doesn't play sound when I
> > select the PCM device on the command line. But, with audacity, if I
> > explicitly select ALSA as output and device hw:1,0, sound comes out. So,
> > I may have another problem that prevents aplay from running when the PCM
> > device is specified and the above solution may still help you.
> >
> > BTW, I have pulseaudio installed in case it matters.
>
> So the advice is to have alsa and pulseaudio?
I haven't investigated that far. I'm just stating a fact.
I don't know what's the purpose of pulseaudio nor what are the benefits of
having installed it. I don't know if it would break something to remove it.
I believe it was installed at some point as part of a routine system update
and may have been the cause of the sound failure in the first place.
Frederic
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/201501161153.37226.frederic.marc...@wowtechnology.com
Re: Can't get sound to work
On Thursday 15 January 2015 21:28:30, Robert Latest wrote :
> Hi all,
>
> this is my umptieth Debian installation I've done on various PCs over
> the years, but this time the sound setup really has me stumped. I can't
> hear anything unless I use aplay with -D hw:0,0 but setting that in the
> configuration file doesn't help. No other sound-outputting program
> works. Here's a shell excerpt:
>
> bl@dotcom:~$ aplay test.wav # can't hear nothing
> bl@dotcom:~$ aplay -D hw:0,0 test.wav # this plays sound
> bl@dotcom:~$ cat .asoundrc
> cat: .asoundrc: No such file or directory
> bl@dotcom:~$ cat /etc/asound.conf
> pcm.!default {
> type hw
> card 0
> device 0
> }
> bl@dotcom:~$ aplay -l
> List of PLAYBACK Hardware Devices
> card 0: Intel [HDA Intel], device 0: AD1984 Analog [AD1984 Analog]
> Subdevices: 1/1
> Subdevice #0: subdevice #0
> card 0: Intel [HDA Intel], device 2: AD1984 Alt Analog [AD1984 Alt
> Analog]
> Subdevices: 1/1
> Subdevice #0: subdevice #0
> bl@dotcom:~$ cat /proc/asound/cards
> 0 [Intel ]: HDA-Intel - HDA Intel
> HDA Intel at 0xfe9dc000 irq 45
> bl@dotcom:~$
Sound has been missing on my wheezy for some time until your mail prompted me
to investigate it.
Running aplay test.wav produces no sound.
The output of aplay -l is:
List of PLAYBACK Hardware Devices
card 0: HDMI_1 [HDA Intel HDMI], device 3: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: HDMI_1 [HDA Intel HDMI], device 7: HDMI 1 [HDMI 1]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: HDMI_1 [HDA Intel HDMI], device 8: HDMI 2 [HDMI 2]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: PCH [HDA Intel PCH], device 0: 92HD91BXX Analog [92HD91BXX Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
Running aplay -D hw:1,0 test.wav reports an error and produces no sound:
Playing WAVE 'test.wav' : Signed 16 bit Little Endian, Rate 11025 Hz, Mono
aplay: set_params:1087: Channels count non available
But sound started to work fine after I edited $HOME/.asoundrc like this:
pcm.!default {
type plug
slave {
pcm "hw:1,0"
}
}
ctl.!default {
type hw
card 1
}
The symptoms are not the same as yours. aplay doesn't play sound when I select
the PCM device on the command line. But, with audacity, if I explicitly select
ALSA as output and device hw:1,0, sound comes out. So, I may have another
problem that prevents aplay from running when the PCM device is specified and
the above solution may still help you.
BTW, I have pulseaudio installed in case it matters.
Frederic
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/201501160941.29640.frederic.marc...@wowtechnology.com
Re: Have I been hacked?
2015-01-13 18:13 GMT+01:00 Danny : > Am I right in saying that there is actually nothing new when it comes to > networking ... hear me out ... the internet (and most networks out there) > still > works on TCP/IP which is 40 odd years old (70's) ... a car mechanic only needs > to know how an engine works ... you can bolt on many other things onto an > engine > and add a pletora of sensors to it but essentially it remains an engine ... if > you understand the way an engine or an automatic/manual transmission works > you can > confidently service/overhaul any engine/transmission because they all are > made up of the same > stuff and they all work the same ... and this is my point with TCP/IP ... > EVERYTHING is dumped on top of TCP/IP ... yet it remains the same ... a black > hat only needs to know TCP/IP in order to knock on your door ... once he > knocked > on your door it means that he has found you ... he knows you are there ... > all he > has to do is look at the Matrix screen ... am I making sense? ... Being a hacker requires a bit more knowledge than TCP/IP. To build upon your analogy, TCP/IP is more like the path to your house. If offers no security beyond what you gain by mounting watch on your doorstep. Every open port on your server is like a door or a window. The protocol carried by TCP/IP and recognized by the server application listening on the open port is the lock on the door or window. Your login/credential is the key to the door. Hackers are like thieves trying to break into your house. A thief knows about various types of locks, doors and windows. He knows that some windows break if a pressure is applied on the upper corner opposite the hinges. Such a type of lock is easily defeated by drilling just below the barrel. Some kind of door is best attacked by breaking through the lower panel, and so on. A hacker can find your server the same way a thief can find your house. He just walk around and look at what may be a worthwhile target. A hacker knows about the protocols and server applications. He knows their strengths and weaknesses and will attack where it is easier when he sees an opportunity. That is the reason you must update your server on a regular basis. It removes old safety measures the hackers know how to break. And when the house is properly secured, a thief may knock at the door and sweet talk the owner into letting him in. Hackers do that too :-) Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8qrkups3dyb3mz-wng3k8gtzuoth8-ndfcd4wq2-6f...@mail.gmail.com
Re: Have I been hacked?
On Thursday 08 January 2015 21:53:45, Danny wrote : > Hi guys, > > So what I did was do disable all startup scripts/servers/services and then > enable only one at a time ... then I would reboot and wait and keep an eye > on "/boot" (I deleted all randomly generated files, so I could see if a > file was added or not, and it was also the only way I knew for certain > that the culprit was active or not, hence that is how I could time it) ... > > All went well untill I enabled cron ... I checked all cron jobs and they > all "look" normal ... here is an "ls" of my cron directories ... > > ### > /etc/cron.d/ > anacron atop mrtg php5 > > /etc/cron.daily/ > anacron atop mrtg php5 > > /etc/cron.hourly/ > cron.sh sarg > > /etc/cron.monthly > 0anacron sarg > > /etc/cron.weekly > 0anacron apt-xapian-index man-db sarg > ### Have a look at /etc/crontab. The file contains commands to be run by cron. The directory /var/spool/cron/crontabs also contains user's cron jobs. If anacrontab is installed, /etc/anacrontab may contain more jobs. > Since I killed cron at bootup everything seems fine ... network is back to > normal ... I don't get the transition between the above paragraph (network is normal if cron is killed) and the below paragraph (troubles begin when network is up). Do you have any evidence that cron is triggering the attack or am I misreading your mail? > However, as soon as my network was up and running I got attacked ... > here is an excerpt of one of the fail2ban mails ... > > ### > The IP 204.12.241.227 has just been banned by > Fail2Ban after > 3 attempts against ssh. > > Jan 8 04:23:15 fever sshd[17406]: Connection from 204.12.241.227 port > 38090 on 10.0.0.5 port 22 Jan 8 04:23:17 fever sshd[17406]: Invalid user > zhangyan from 204.12.241.227 Jan 8 04:23:17 fever sshd[17406]: > pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh > ruser= rhost=204.12.241.227 Jan 8 04:23:20 fever sshd[17406]: Failed > password for invalid user zhangyan from 204.12.241.227 port 38090 ssh2 Jan > 8 04:23:20 fever sshd[17406]: Received disconnect from 204.12.241.227: > 11: Bye Bye [preauth] Jan 8 04:23:20 fever sshd[17408]: Connection from > 204.12.241.227 port 39800 on 10.0.0.5 port 22 Jan 8 04:23:22 fever > sshd[17408]: Invalid user dff from 204.12.241.227 Jan 8 04:23:23 fever > sshd[17408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 > euid=0 tty=ssh ruser= rhost=204.12.241.227 Jan 8 04:23:24 fever > sshd[17408]: Failed password for invalid user dff from 204.12.241.227 port > 39800 ssh2 > ## The mail is sent because someone is brute force attacking your ssh server. Not starting fail2ban or your mail server would suppress those mails but not the attack. Turning off ssh or the network would stop the attack though :-) If your line of reasoning is to correlate the mail arrival with starting cron, then maybe cron is the last link required to make the fail2ban alert functional. > What is interesting to me is the user in the above excerpt "zhangyan" ... > By using a username that is unfamiliar to the western world tells me that > whatever is on my system had to respond to this username otherwise why > would this guy use a username that only he is familiar with ... Other > usernames that were used: 3D, ssht and ftfl ... Also, attempts were made > from China, Hong Kong, Belgium and Canada ... You cannot tell something is responding to that user name on your system based only on that fail2ban alert. On the contrary, the mail means fail2ban successfully thwarted that particular attempt. Attackers can't know what names are valid login names unless they can find one by hacking into a legitimate user's computer or a user posted its login on the net. What hackers do instead, is to try a long list of possible login names collected on servers they have hacked in the past. That's the reason this particular bot was trying to login with the "zhangyan" user name. There is nothing to worry about unless you receive alerts about a valid login name. > Currently my iptables looks like this ... > > ### > > -A INPUT -p tcp -s 122.0.0.0/8 -j DROP > -A INPUT -p tcp -s 61.0.0.0/8 -j DROP > -A INPUT -p tcp -s 117.0.0.0/8 -j DROP > -A INPUT -p tcp -s 103.0.0.0/8 -j DROP > -A INPUT -p tcp -s 82.0.0.0/8 -j DROP > -A INPUT -p tcp -s 204.0.0.0/8 -j DROP > -A INPUT -p tcp -s 218.0.0.0/8 -j DROP > ### > > As you can see ... I am already DROPping some of these IP's ... I just need > something to block an ENTIRE country ... You can't ban an enti
Re: USB drive mounted Read-only; what to do ?
2014-12-19 11:55 GMT+01:00 Renaud OLGIATI : > On Fri, 19 Dec 2014 11:42:44 +0100 > Stephan Seitz wrote: > >> The output of dmesg may give more information. > > # dmesg > [916394.028162] sd 30:0:0:0: [sdi] Write Protect is on > > The drive does not have a HW write-protection switch. Where does this Write > Protect come from, how can one get rid of it ? A google search reveals it is a common problem that should be fixed with sudo hdparm -r0 /dev/sdi Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8qyecb0k0pogzqfvsvm+zowomu+y+am5jwxdmzqjyy...@mail.gmail.com
Re: USB drive mounted Read-only; what to do ?
2014-12-19 11:28 GMT+01:00 Renaud OLGIATI : > On Fri, 19 Dec 2014 10:15:32 + > Brian wrote: > >> > I plug in a USB pen drive, and launch dd to copy an iso image. >> > # dd bs=4M if=debian-live-7.6.0-amd64-rescue.iso of=/dev/sdi && sync >> > dd: opening `/dev/sdi': Read-only file system > >> It contains am ISO9660 file system which, by design, is read-only. > > No, when I launch dd it contains a FAT32 file system. > >> > Is there a way to force it to mount read-write ? > >> Nothing is mounted during the reading and writing process. > > Then why does dd complain, and refuse to run ? There is nothing to mount here as that dd command is writing to the whole disk (of=/dev/sdi). It bypasses the partition table and the file system. Do you run the command as root? A user can't write to a device (imagine anybody could run dd if=/dev/zero of=/dev/sda where sda is a system disk). Does your USB key have a write protection switch? Has your USB key been write protected by a software running on Windows? Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAJ7R-8THwX-wY7+ALGUSyg2B_QzKw5iE-V=qncfd57+wpnj...@mail.gmail.com
Re: broken apt " -f install" wont fix what to do ?
2014-12-18 17:47 GMT+01:00 laurent debian : > Hi all, > when you have an error of apt-get >> >> Préparation du dépaquetage de .../systemd-sysv_215-8_amd64.deb ... >> Dépaquetage de systemd-sysv (215-8) sur (215-7) ... >> E: Sub-process /usr/bin/dpkg returned an error code (1) > > > which recommends -f install > which could not be fixed using it is there a kind of procedure to repair it > ? > untranslated quote: >> >> Préparation du dépaquetage de .../systemd-sysv_215-8_amd64.deb ... >> Dépaquetage de systemd-sysv (215-8) sur (215-7) ... >> E: Sub-process /usr/bin/dpkg returned an error code (1) You can, usually, get the English output by prefixing the command with LANG="C" such as in LANG="C" apt-get update Having the English messages makes it easier to search the net and post questions to English speaking forums. As Cindy suggested, the solution depends on the error message displayed before the part you posted. Sometimes, it is a configuration error that prevents dpkg-configure from completing its installation. Fixing it may solve the problem. I also saw such error when there was a conflict with another package or with files I installed manually from sources without using Debian installer. If the package is broken, it can be removed to solve the problem but it looks like systemd-sysv may be hard to get out of your system! People, please, this is *not* a hint to start a new round against systemd all over again!!! :-) Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8qmg0trffav839acs6z7wwgbfphnyjc3e9+w5igsv3...@mail.gmail.com
Re: VPN IPSec (Cisco vpnc)
On Thursday 11 December 2014 19:38:52, Hajder Rabiee wrote : > Ok thank you for your reply. > > I'll have a second round with the IT admins. The question remains if the > pre shared key is the same as the group password? If not, how is it > specified in vpnc? My answer was unclear. The group name and group password are not related in any way to the login, password or pre shared key. In other words, you need to ask your admins for some personal credentials (login, password, token or whatever is supported) and, in addition, a group name and a group password. The group name and group password are the same for every user of the group. That's the reason you need your own login/password and they must not be the same as the group name and password which are shared by every user in the group. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412120948.09108.frederic.marc...@wowtechnology.com
Re: VPN IPSec (Cisco vpnc)
2014-12-11 8:04 GMT+01:00 Hajder Rabiee : > Hi > > Trying to connect to VPN at work but keep getting: "vpnc: no response from > target". > > I have created my vpn.conf in /etc/vpnc/myconf.conf and also added Local > Port 1 as I've read some posts that the particular error message might > have to do > with a block in the firewall. Comparing with OSX - where the VPN works, the > only difference is that I have to specify a group name in Linux. I have > talked to the IT admins and gotten the correct group name. I wonder though > is the Group Password the same as the shared key? Otherwise how do I > specify it? I followed this tutorial to connect to Palo Alto GlobalProtect using vpnc protocol: http://blog.webernetz.net/2014/03/31/palo-alto-globalprotect-for-linux-with-vpnc/ The group name and group password are distinct parameters. The IT admin should give you both in addition to your own credentials. In the case of Palo Alto, it was necessary to enable X-Auth. I don't remember the error message I received when it was not enabled. OSX, Android and Windows with the GlobalProtect client don't need the X-Auth protocol. Only Linux's vpnc needs it. You may have some similar settings on your VPN server. I configured the vpn using the Network Manager in KDE so I don't know about /etc/vpnc. Make sure you are not trying to connect to the VPN server from inside the lan. It doesn't work on my network. I can only connect from the wan. I also had to circumvent another problem after the connection was established. The route to the gateway is set to 128.0.0.0/1. Half of the internet address space is routed through the VPN tunnel. I had to configure vpnc to ignore the default route and add my own custom routes (I did all of this in the Network Manager). OSX and Windows receive the correct route though. I have yet to investigate more deeply into that problem. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAJ7R-8R1HLVORcnUhfrhv+xJG7E9wm3mGZUcAf_ofeBWVGbg=w...@mail.gmail.com
Purpose of fsck at boot (was: Skipping fsck during boot with systemd?)
Le Wednesday 10 December 2014 11:10:52, Frédéric Marchal a écrit : > Le Wednesday 10 December 2014 09:49:51, Gian Uberto Lauri a écrit : > > You run fsck on power up because the 'system does not remember' if it > > was shut-off cleanly or not. If the disks are clean and the last check > > is not too old, fsck just report this and does nothing. Else it takes > > care of the safety of your data. > > Are you implying that the only purpose of fsck at boot is to recover from > an unclean shutdown? > > To my understanding, errors creeping into the file system are unavoidable > in the real world, even without serious system crashes. > > On the computer I'm using here (Debian Wheezy), automatic fsck at boot has > been disabled from the beginning. At this time, the root partition has been > mounted 249 times since the last check. Presumably, fsck assumed, from a > casual glance at boot time, that there was nothing to fix. > > Yet, running e2fsck -n -f /dev/disk/by-uuid/whatever reports several errors > such as orphaned inode list, block bitmap differences, wrong free blocks > count, inode bitmap differences, wrong free inodes count. > > Are these errors not supposed to be fixed by a periodic deeper file system > check? Following this post, I restarted the computer in single user mode. I had to ifdown eth0 before I could mount -o remount,ro /dev/sda3 but then I could run e2fsck -f /dev/sda3 on the boot/root partition. And surprise! No error at all! I restarted the computer in normal mode and, for sure, e2fsck -n -f /dev/sda3 reports the same errors as above. Is it an artifact induced by the ext4 journal? Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412101241.14129.frederic.marc...@wowtechnology.com
Re: Skipping fsck during boot with systemd?
Le Wednesday 10 December 2014 09:49:51, Gian Uberto Lauri a écrit : > Frédéric Marchal writes: > > Le Wednesday 10 December 2014 08:05:49, tv.deb...@googlemail.com a écrit : > > > On 10/12/2014 09:30, Frédéric Marchal wrote: > > > > Le Tuesday 09 December 2014 16:36:53, The Wanderer a écrit : > > > >> On 12/09/2014 at 10:09 AM, Chris Bannister wrote: > > > >>> On Tue, Dec 09, 2014 at 09:48:58AM +0100, Frédéric Marchal wrote: > > > >>>> Now, is it possible to run fsck during shutdown? Users have been > > > >>>> asking for this for at least 10 years. Is it now acceptable, > > > >>>> possible, tolerated? > > > > > > > > 2) is it wise to run fsck at that time? I have seen strong > > > > opposition in > > Usually on shutdown you run sync that flushes the cache to the disk, > cleanly preparing the disk for unmounting. The mount command should > 'run' sync automatically when unmounting. > > You run fsck on power up because the 'system does not remember' if it > was shut-off cleanly or not. If the disks are clean and the last check > is not too old, fsck just report this and does nothing. Else it takes > care of the safety of your data. Are you implying that the only purpose of fsck at boot is to recover from an unclean shutdown? To my understanding, errors creeping into the file system are unavoidable in the real world, even without serious system crashes. On the computer I'm using here (Debian Wheezy), automatic fsck at boot has been disabled from the beginning. At this time, the root partition has been mounted 249 times since the last check. Presumably, fsck assumed, from a casual glance at boot time, that there was nothing to fix. Yet, running e2fsck -n -f /dev/disk/by-uuid/whatever reports several errors such as orphaned inode list, block bitmap differences, wrong free blocks count, inode bitmap differences, wrong free inodes count. Are these errors not supposed to be fixed by a periodic deeper file system check? Maybe I don't understand what fsck at boot is meant to fix then… > fsck may take time. Relax, it needs that time. > > "The bearing of a child takes nine months, no matter how many women > are assigned." ["The Mythical Man-Month", Frederick P. Brooks, Jr.] > > "Ghe voe tempo, se speta" ["it takes time, just wait", old Venice > saying] I understand all these. The question here is about controlling when this time is taken and postpone the routine deep check a bit when it is inconvenient to do it during this particular boot sequence. Unless, of course, someone says that the small errors creeping into the file system are not meant to be fixed at boot time. In that case, I'll ask what is the correct procedure to fix them. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412101110.52169.frederic.marc...@wowtechnology.com
Re: Skipping fsck during boot with systemd?
Le Wednesday 10 December 2014 08:05:49, tv.deb...@googlemail.com a écrit : > On 10/12/2014 09:30, Frédéric Marchal wrote: > > Le Tuesday 09 December 2014 16:36:53, The Wanderer a écrit : > >> On 12/09/2014 at 10:09 AM, Chris Bannister wrote: > >>> On Tue, Dec 09, 2014 at 09:48:58AM +0100, Frédéric Marchal wrote: > >>>> Now, is it possible to run fsck during shutdown? Users have been > >>>> asking for this for at least 10 years. Is it now acceptable, > >>>> possible, tolerated? > > > > 2) is it wise to run fsck at that time? I have seen strong opposition in > > the past. Mostly turning around the risk that the user would switch the > > power off or the power supply would fail resulting in a damaged > > partition. As the risk seems as high during the boot sequence, I don't > > understand the opposition. > > In the case of regularly failing power it would probably be more often > inconvenient to run fsck at shutdown. Power failures are as likely to occur during boot, don't they? As suggested in another post, a computer running on battery (whether a laptop or a computer running on UPS) must not run fsck anyway. > In general when we choose to > shutdown it is for good reasons I guess, so a long wait may has more > risk to be a nuisance then than during boot? You are right. I hadn't thought about that. When I shutdown the computer it means I don't need it anymore and, with ACPI power supply, the power supply is turned off without me standing around. I don't have to wait until fsck completes. But I sometimes need the computer to quickly turn off when it is a laptop I must take away. with me. I'd hate to stay late one full hour at the office while fsck is running :-) Maybe unplugging the power cable before shutting down the OS would take care of that. It doesn't look very professional though. No matter what, running fsck without the user's consent looks like a bad idea. > But I don't see why we couldn't get a nagging prompt to run fsck at any > of boot or shutdown time when it's due, with option to cancel it. After > all I think even Windows gives you this control and allow the user to > opt-out of a disk check for a short time before starting it (at least > it's what I remember from the Windows 7 I have used). Instead of a nagging prompt, I prefer to have an entry in the desktop environment shutdown menu. Along with Shutdown, Reboot, Logout, and the like. A standalone software to be executed explicitly to run fsck and then turn the computer off would do too. > In the long run better file-systems and online check may relegate all > this to the museum of horrors, but in the meantime being able to > interrupt fsck seems like the best and only option covering all use cases. Whoa! A file system that never need to be checked! Thanks for sharing your dream :-) Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412100907.52729.frederic.marc...@wowtechnology.com
Re: Skipping fsck during boot with systemd?
Le Tuesday 09 December 2014 16:36:53, The Wanderer a écrit : > On 12/09/2014 at 10:09 AM, Chris Bannister wrote: > > On Tue, Dec 09, 2014 at 09:48:58AM +0100, Frédéric Marchal wrote: > >> Now, is it possible to run fsck during shutdown? Users have been > >> asking for this for at least 10 years. Is it now acceptable, > >> possible, tolerated? > > > > That sounds like a recipe for disaster. Do you mean *before* > > shutdown? > > Obviously, "during shutdown" means "during the shutdown process", i.e., > during the sequence of shutting-down-the-system steps which takes place > in response to a "shutdown" command. > > That sequence already does several things prior to actually shutting > down the system; perhaps most obviously, it tells various "services" to > stop cleanly, kills other processes, and unmounts filesystems. There > seems as if there should be no conceptual reason why it shouldn't be > possible to add an additional "run a fsck" step into that sequence, > probably after the unmount and before the final shutdown itself. > > ...except that fsck of root during the boot process is possible only > because root hasn't been mounted yet, because we're still in the > initramfs and haven't pivoted into the real root yet. So making that > possible during shutdown would probably require setting up another > ramdisk during the shutdown process (which sounds like a bad idea), > pivoting into it, unmounting the original root, and then triggering the > fsck... The partition only need to be remounted read only. if I'm understanding it correctly. That's what /etc/init.d/umountroot does during the shutdown sequence. So everything is in place to run fsck just before /etc/rc0.d/K10halt. Now two questions remain: 1) how to invoke an additional hypothetical /etc/rc0.d/K10fsck on demand? 2) is it wise to run fsck at that time? I have seen strong opposition in the past. Mostly turning around the risk that the user would switch the power off or the power supply would fail resulting in a damaged partition. As the risk seems as high during the boot sequence, I don't understand the opposition. > All in all, while it *might* be possible, I don't think it sounds like > that would be worth the trouble. That's probably right too... Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412100730.53734.frederic.marc...@wowtechnology.com
Re: Skipping fsck during boot with systemd?
Le Monday 08 December 2014 15:40:03, The Wanderer a écrit : > This thread is about complaints about not being able to interrupt / > abort / cancel an already-started boot-time fsck. This thread is about using one's computer quickly after turning it on. An unexpected un-interruptible fsck is seen as an obstacle to this. To summarize the best solution proposed so far, I have to 1) adjust automatic fsck to my taste: tune2fs -c X -i Y /dev/whatever 2) add "fsck.mode=skip" to the default grub entry. 3) add an entry to the grub menu to run fsck as it used to be (that is without the fsck.mode option). Steps 2 and 3 may be automated with some changes to /etc/grub.d. To use my computer on any average day, I let it boot without any check using the default grub entry. New Debian installs don't check ext partitions at all (at least on the computer I'm using right now) so there is no loss of functionality. When I feel the need to check my file system and I have enough time to do so, I boot the computer with the alternate boot option. If the file system was checked recently, it will just boot as quickly as the default grub option. But if it is time to run fsck, it will do so but I don't mind as I knew it was a possibility. That procedure seems perfectly fine to me unless i completely forget about running fsck. To this the mountinfo script (http://nwalsh.com/hacks/mountinfo/) was proposed by Curt. It is a solution but I would prefer a desktop widget for this purpose. If any one is capable of creating one, please let me know. Now, is it possible to run fsck during shutdown? Users have been asking for this for at least 10 years. Is it now acceptable, possible, tolerated? Frederic
Re: Skipping fsck during boot with systemd?
2014-12-08 11:44 GMT+01:00 claude juif : > 2014-12-08 10:28 GMT+01:00 Frédéric Marchal > : >> >> Le Monday 08 December 2014 09:44:07, Curt a écrit : >> > On 2014-12-08, Stefan Monnier wrote: >> > > Actually, it's *always* a surprise. These fsck happen at long enough >> > > intervals, that I can never know if it was "4 months ago" or "7 months >> > > ago", and neither can I remember which laptop/desktop has the delay >> > > set >> > > to 172 days vs 194 days vs 98 days vs ... >> > >> > Can't you write a small script to obviate the limitations of your human >> > memory, like this little hacker here did? >> >> I'm joining in as Gentoo doesn't allow me to cancel fsck and it is a real >> PITA. I much prefer the flexibility offered by Debian. If I'm in a hurry, >> I just >> cancel fsck and restart the computer later to let it run fsck completely. >> >> On my Gentoo box, the ext partition is set to scan the disk every 34 boots >> or >> after 180 days. There is no way I can keep track of the number of boots as >> three other people use that computer and turn it on when I'm not around. A >> script wouldn't help either. What would it have to report to be of any use >> in >> letting me know that the *next* boot will take one hour? Even I can't tell >> when someone will need the computer. > > > Maybe you just have to make partitions. Il your rootfs is 1To it's gonna > take 2 hours to run fsck, but if you have smaller partition like > - /=> 10G > - /usr=> 10G > ... > /data => 1To, it's gonna take 5 mins. > > Just update your fsck to check only / and /usr so you know your system is > clean. And you can run run fsck yourself for /data. /, /var and /tmp already are very small partitions. The 1TB disk is the home partition where all the important data are. I can't split it up and I don't feel comfortable with the idea of running fsck only when and if I remember to do it. The computer is there to serve me, not the other way around! > So you are in control ! That's not being in control. That's doing chores the system is making more difficult to deal with. I would rather spend the time doing something with the computer than for the computer. > You can't ask developer to handle every single case of your life. A feature was lost and I say it was useful to me and, apparently, a bunch of people. The proposals so far imply more bookkeeping and/or maintenance tasks on my part. Maintenance tasks are necessary. But, in the case discussed here, there used to be a simpler solution. I don't want the developers to assume the current non-interruptible fsck solution is satisfactory to everyone. Nor is the no-fsck-at-all solution acceptable to everybody. Now, I would accept a solution simpler than "let fsck run automatically from time to time or press ctrl+c to run it later" but none comes to my mind. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj7r-8tefj9hzmw6dwm5yyh-rqfd464pvdox-elsu82-8uh...@mail.gmail.com
Re: Skipping fsck during boot with systemd?
Le Monday 08 December 2014 09:44:07, Curt a écrit : > On 2014-12-08, Stefan Monnier wrote: > > Actually, it's *always* a surprise. These fsck happen at long enough > > intervals, that I can never know if it was "4 months ago" or "7 months > > ago", and neither can I remember which laptop/desktop has the delay set > > to 172 days vs 194 days vs 98 days vs ... > > Can't you write a small script to obviate the limitations of your human > memory, like this little hacker here did? I'm joining in as Gentoo doesn't allow me to cancel fsck and it is a real PITA. I much prefer the flexibility offered by Debian. If I'm in a hurry, I just cancel fsck and restart the computer later to let it run fsck completely. On my Gentoo box, the ext partition is set to scan the disk every 34 boots or after 180 days. There is no way I can keep track of the number of boots as three other people use that computer and turn it on when I'm not around. A script wouldn't help either. What would it have to report to be of any use in letting me know that the *next* boot will take one hour? Even I can't tell when someone will need the computer. With Debian, fsck starting during boot is the indicator that the next boot is going to take a lot of time unless I can afford to let it run right now. Please keep it that way! Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412081028.47211.frederic.marc...@wowtechnology.com
Re: Fetchmail (long); continually losing authentication with gmx.net
2014-11-25 21:34 GMT+01:00 Ron Leach : > Did the trick. Logs show that fetchmail is > 1. using opportunistic TLS on pop3, but > 2. Sometimes times out after receiving a certificate, and then > 3. Fetchmail declines to use TLS with the *next* user, but > 4. gmx complains about not using ssl, and fails the authorisation. > > That repeats at each poll. I wonder what might be causing the timeout? But > shouldn't fetchmail tolerate communication hiccups, anyway? (Rhetorical > Qs.) > > I'll post the log showing the fail event(s) in case it helps, but I think > I'd like to run either the latest fetchmail (from sourceforge), or the > version from Debian Etch (which doesn't fail). > > Here's a failing fetchmail log (anonymised). Fetchmail tries to collect > mail for 2 users, user1 and user2. TLS fails during user1, and fetchmail > then doesn't try TLS for user2 (and doesn't try TLS ever again for user2, > though not shown here), but gmx complains every time about not using SSL. > > fetchmail: awakened at Tue 25 Nov 2014 18:33:40 GMT > fetchmail: 6.3.21 querying pop.gmx.net (protocol POP3) at Tue 25 Nov 2014 > 18:33:40 GMT: poll started > fetchmail: Trying to connect to 212.227.17.169/110...connected. > fetchmail: POP3< +OK POP server ready H migmx123 0[…] > fetchmail: POP3> CAPA > fetchmail: POP3< +OK Capability list follows > fetchmail: POP3< TOP > fetchmail: POP3< UIDL > fetchmail: POP3< STLS > fetchmail: POP3< USER > fetchmail: POP3< SASL PLAIN > fetchmail: POP3< IMPLEMENTATION trinity > fetchmail: POP3< . > fetchmail: POP3> STLS > fetchmail: POP3< +OK Begin TLS negotiation > fetchmail: Certificate chain, from root to peer, starting at depth 2: > fetchmail: Issuer Organisation: Deutsche Telekom AG > fetchmail: Issuer CommonName: Deutsche Telekom Root CA 2 > fetchmail: Subject CommonName: Deutsche Telekom Root CA 2 > fetchmail: Certificate at depth 1: > fetchmail: Issuer Organisation: Deutsche Telekom AG > fetchmail: Issuer CommonName: Deutsche Telekom Root CA 2 > fetchmail: Subject CommonName: TeleSec ServerPass DE-1 > fetchmail: Server certificate: > fetchmail: Issuer Organisation: T-Systems International GmbH > fetchmail: Issuer CommonName: TeleSec ServerPass DE-1 > fetchmail: Subject CommonName: pop.gmx.net > fetchmail: Subject Alternative Name: pop.gmx.net > fetchmail: Subject Alternative Name: pop.gmx.de > fetchmail: pop.gmx.net key fingerprint: > 8A:B7:78:CF:0D:73:4E:EE:FF:EB:B8:C0:90:7D:46:56 > fetchmail: timeout after 100 seconds. > fetchmail: socket error while fetching from [user1]@gmx@pop.gmx.net > fetchmail: 6.3.21 querying pop.gmx.net (protocol POP3) at Tue 25 Nov 2014 > 18:35:37 GMT: poll completed > fetchmail: Merged UID list from pop.gmx.net: 0[…]= SEEN > fetchmail: Query status=2 (SOCKET) > fetchmail: 6.3.21 querying pop.gmx.net (protocol POP3) at Tue 25 Nov 2014 > 18:35:37 GMT: poll started > fetchmail: Trying to connect to 212.227.17.169/110...connected. > fetchmail: POP3< +OK POP server ready H migmx123 0[…] > fetchmail: POP3> CAPA > fetchmail: POP3< +OK Capability list follows > fetchmail: POP3< TOP > fetchmail: POP3< UIDL > fetchmail: POP3< STLS > fetchmail: POP3< USER > fetchmail: POP3< SASL PLAIN > fetchmail: POP3< IMPLEMENTATION trinity > fetchmail: POP3< . > fetchmail: POP3> STLS > fetchmail: POP3< +OK Begin TLS negotiation > fetchmail: pop.gmx.net: opportunistic upgrade to TLS failed, trying to > continue. > fetchmail: POP3> USER [user2]@gmx.net > fetchmail: Repoll immediately on [user2]@gmx@pop.gmx.net > fetchmail: Trying to connect to 212.227.17.169/110...connected. > fetchmail: POP3< +OK POP server ready H migmx123 0[…] > fetchmail: POP3> USER [user2]@gmx.net > fetchmail: POP3< +OK password required for user "[user2]@gmx.net" > fetchmail: POP3> PASS * > fetchmail: POP3< -ERR Fehler beim Abruf Ihrer GMX E-Mails. Ihre Verbindung > ist nicht verschluesselt. Aktivieren Sie SSL in Ihrem Mailprogramm. > Anleitungen: https://ssl.gmx.net > fetchmail: Fehler beim Abruf Ihrer GMX E-Mails. Ihre Verbindung ist nicht > verschluesselt. Aktivieren Sie SSL in Ihrem Mailprogramm. Anleitungen: > https://ssl.gmx.net > > Translation: Error retrieving your GMX email. Your connection is not > encrypted. Enable SSL in your mail program. Instructions: > https://ssl.gmx.net > > fetchmail: Authorisation failure on [user2]@gmx@pop.gmx.net (previously > authorised) > fetchmail: POP3> QUIT > fetchmail: 6.3.21 querying pop.gmx.net (protocol POP3) at Tue 25 Nov 2014 > 18:36:42 GMT: poll completed > fetchmail: Merged UID list from pop.gmx.net: 0[…]= SEEN > fetchmail: Query status=3 (AUTHFAIL) > fetchmail: Writing fetchids file. > fetchmail: sleeping at Tue 25 Nov 2014 18:36:42 GMT for 150 seconds > > I've also saved a log showing the preceding (working) sequence where > fetchmail successfully checks mailboxes for both users; I didn't post it, to > save length, but can do if anyone wishes to see it. > > I'm not sure what to do. In particular, I'm not sure whether I should try > to debug this a li
Re: Fetchmail; continually losing authentication with gmx.net
Le Monday 24 November 2014 20:27:25, Ron Leach a écrit : > List, good evening, > > I've looked through the man fetchmail pages and I'd like to get some > extra logging but I can't seem to pass the -vv parameter to fetchmail. > Fetchmail starts as a daemon, and I can stop it and start it again, but > > # /etc/init.d/fetchmail start -vv > > doesn't seem to have any effect. > > Is there a way I could restart fetchmail as if it had been invoked as > 'fetchmail -vv'? With the extra logging I am hoping it will say why > the authorisation is failing. You can't pass options to the init script like that. The best thing to do when debugging that kind of problem is to have a look at the content of /etc/init.d/fetchmail, find the actual fetchmail command started by the script and run the command manually from the shell. Don't forget to remove the option to run fetchmail as a daemon (I don't remember its name but it's in the man page). You can add any option you need such as -vv and see the output in the terminal. When you have seen what you wanted to see, abort fetchmail with ctrl+c and restart it with the init script to resume normal operation. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201411242202.18241.frederic.marc...@wowtechnology.com
Re: WD Passport 2T hard drive formating question.
Le Monday 10 November 2014 19:32:39, Juan R. de Silva a écrit : > > $ man mkfs.ext4 > > > > Look for "-m" argument. > > "-m" option default value is 5% (!) = 50 GB space. No minimal reserved > space is specified/recommended in man pages. > > GParted allocated to file system 1.616% = 29.42GB (quite generous against > default 5%). > > For NTFS, on the other hand, only 0.0067% were allocated = 122.66 MB. > > I do understand that some space must be reserved for the super-user to > allow avoiding fragmentation + journal, etc. However the amount of space > reserved seems to me unreasonably high - 29 GB vs. 123 MB. > > Yes, I can tinker the situation to some extent with other mkfs.ext4 > options. But I do not know if the gain is worth of efforts. > > Besides, since the drive will be used for backup, I do not want to > sacrifice the stability of the file system in order to preserve space > either. > > So, the question is, to which extent and with what result can I tinker > with mkfs.ext4 options. You seem to have overlooked Darac Marjal's response. 29GB is not the space reserved for the super user. It is made of blocks set aside for inodes storage and super blocks replication (see option -T in mkfs.ext4 man page). I have been using xfs on external USB HDD because I never succeeded in the right value between too many inodes and not enough. And the space reserved for the super user is really a space that can only be written by root. It is not a space required to operate the disk. It is made of blocks reserved to prevent a user from filling up the disk and prevent anybody (including root) from logging in. As far as I understand, you don't need it on an external storage. You can set -m0 when formatting the disk. Frédéric -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201411102117.54310.frederic.marc...@wowtechnology.com
php5-odbc broken since 5.4.34-0+deb7u1
Hello, Since I upgraded php5 in Wheezy to version 5.4.34-0+deb7u1, I get an error when running odbc_exec() on a sybase ADS odbc driver. I get this error: PHP Fatal error: Out of memory (allocated 524288) (tried to allocate 14615584999105259009 bytes) in SybaseClass.php on line 127 The same script runs fine with php5 5.4.4-14+deb7u14. I believe this is this bug: https://bugs.php.net/bug.php?id=68014 as the ODBC trace log file reports this error: [ODBC][15153][1415173266.747009][SQLColAttributes.c][276] Entry: Statement = 0x21afca0 Column Number = 1 Field Identifier = SQL_DESC_OCTET_LENGTH Character Attr = (nil) Buffer Length = 0 String Length = (nil) Numeric Attribute = 0x7fff9722a258 [ODBC][15153][1415173266.747025][SQLColAttributes.c][593] Exit:[SQL_ERROR] DIAG [S] e:2142 I tried to test the proposed patch myself but I don't know how to rebuild the php5-odbc package alone? Any suggestion as how to proceed? Frédéric -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201411050847.53083.frederic.marc...@wowtechnology.com
