Re: The mess of package names

[Mario Castelán Castro]

On 19/09/17 13:57, Gary Roach wrote:
> What I need is a cross reference between Mumps, MPI, OpenMP and FETI4I
> and the library names in the Debian and Ubuntu repositories.

OpenMP is not a library. It is an extension of C to allow convenient
parallel programming. It is enabled in GCC with “-fopenmp” IIRC.

I can not be of help with the rest.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Request of recommendations for public Mercurial repository hosting

[Mario Castelán Castro]

On 17/09/17 12:04, Mario Castelán Castro wrote:
> My only candidate so far is Bitbucket. I want to know if there are other
> options. I have already discarded SourceForge because it has Google JS.
> All other providers that I know either are paid or do not offer
> Mercurial. Unfortunately, most only offer Git.

I discovered that Bitbucket registration does not work with Google
JavaScript blocked, so it is no longer an option.

On the other hand, I found other options. Here is a list in case it it
useful to somebody else:

* Alioth <https://alioth.debian.org/>.
* GNU Savannah <https://savannah.gnu.org/>.
* OSDN <https://osdn.net/>.
* Ourproject <https://ourproject.org/>.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Request of recommendations for public Mercurial repository hosting

[Mario Castelán Castro]

On 17/09/17 13:52, Phil Dobbin wrote:
> GitHub meets all your requirements plus you can host a web site there
> with their GitHub Pages option.
> 
> All free to use in your case :-)

Please note that I am asking for *Mercurial* hosting.

Also, I watch disapprovingly as “source code hosting” increasingly
becomes a synonymous of “GitHub hosting” in the herd's mind. GitHub will
become (or maybe it is already) a single point of failure. It has a lot
of user data and the capability to introduce backdoors into a lot of
software, so it already a juicy target for government agencies. I
wouldn't host any own project on it even if I used Git for them.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Request of recommendations for public Mercurial repository hosting

[Mario Castelán Castro]

(Note: cross posted to Mercurial mailing list and debian-user mailing list)

Hello. I am looking for a place to host a small free software (as in
freedom) project. I write to ask for your recommendations.

There are a few requirements:

(1) A public Mercurial repository is required. Features like bug
trackers, private repositories and pull requests are irrelevant for my
use case[1].

(2) Hosting static web pages for the project would be good, but it is
not required.

(3) I highly mistrust and oppose Google (it is the big eye in the
Internet) so a necessary requirement is that there is no Google JavaScript.

(4) Users that block JavaScript must be able to at least see the
repository URI. Requiring JavaScript for the developers (me) is
acceptable, as long as it is not Google's.

My only candidate so far is Bitbucket. I want to know if there are other
options. I have already discarded SourceForge because it has Google JS.
All other providers that I know either are paid or do not offer
Mercurial. Unfortunately, most only offer Git.

Footnotes:

[1]: This is a one-man project and it is formally verified, so the
probability of bugs is nearly zero. In the event that anybody wants to
send a patch, it would be handled through e-mail (with “hg bundle”). I
never understood what is good about pull requests.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Macbook Air - Stretch - getting rather hot

[Mario Castelán Castro]

On 05/09/17 20:24, James Montgomery wrote:
> On Tue, Aug 8, 2017 at 7:42 AM, kelsang sherab  wrote:
>> The last few days my machine seems to be getting hot more than usual -
>> any suggestion of what can i do?
> 
> I didn't see any replies to this message. Are you still having this
> issue? I have had similar issues with my Macbook Air mid-2011 (Ivy
> Bridge). It seemed to have gone away after I set 'powertop' and
> cpufreq settings to conserve power. Still, I never hear the fans kick
> on an the bottom aluminium is always rather warm.

Another thing that may help is to configure a CPU usage indicator widget
in a task bar so as to detect if any program is using an excessive
amount of computing power.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Security updates (Was: (solved) how to roll back to jessie)

[Mario Castelán Castro]

On 04/09/17 02:58, Long Wind wrote:
> i do not install security update
> and it not cause trouble for me
Hello. I am wondering: Why do you choose to not to install security
updates? There seems to be nothing to gain and much to lose with that
choice.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: UI inconsistency: unlocking LUKS-encrypted drives

[Mario Castelán Castro]

On 03/09/17 21:15, Sam Kuper wrote:
> On 03/09/2017, Sam Kuper  wrote:
>> 1. is this inconsistency intended, and if so, why?
> 
> The cause of the inconsistency seems to have been that the
> "HintSystem" property[1] was set differently between the various
> devices concerned.

Thanks for reporting what you found.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Laptop recommendation

[Mario Castelán Castro]

On 03/09/17 08:38, Jonas Hedman wrote:
> Basically I'm on the hunt for a newish laptop on which I naturally want
> to run Debian. [...]
> 
> Any suggestions?

Yes. Think Penguin  sells computers
compatible with GNU/Linux that do not need proprietary drivers. They
claim to donate part of the profit to the development of free software
(I can neither confirm nor deny this claim).

Use H-node  to check for hardware compatibility and
contribute an entry for your hardware if you can.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Recommended editor for novice programmers?

[Mario Castelán Castro]

On 02/09/17 17:46, david...@freevolt.org wrote:
> I somehow doubt that you yourself find Emacs or Vim "difficult to
> use", or believe their design is "arcane". (Of course, I might well be
> mistaken. I'm only guessing.)

I use GNU Emacs. I am being honest when I say that it is difficult to
use and arcane (obviously according to my perception). I use it because
of the configurability and because I use some extensions that are
specific for Emacs (mainly SLIME and HOL mode).

The reason I find Emacs difficult is that for any non-trivial action you
want to perform, you have to read the documentation and *memorize* the
key bindings or command names. Nearly all modern editors make obvious
how to use them through the GUI icons. Emacs does this to a very limited
extent.

Also Emacs requires significant customization. Certainly it *works* “out
of the box” but it is not comfortable to use in that condition. For
example: If I had not read the Emacs wiki I would still be switching
buffers and finding files the old way (C-x b and then type the name of
the buffer), which is extremely tedious. If I had not read the manual, I
would hardly have figured the command “delete-trailing-whitespace”,
which I use often.

> When, many years later, I developed a greater interest in computers, I
> was happy to discover that
> 
>   1. I hadn't been taught only how to ride a tricycle, but had been
>   riding a full-fledged bicycle all along, and
> 
>   2. I would never need to learn to use another text-editor again, if
>   I didn't want to do so.

Assuming that people in the OP's library is representative of the
general population, then most people in that library will never “develop
a greater interest in computers” like you and me. Run-of-the-mill users
do not care if software is very powerful, configurable, reliable, or
other technical merits. They want something that is so simple to use
that they will never need to even glance at the manual. Microsoft and
Apple deliver that and that is why they have had so much commercial success.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Recommended editor for novice programmers?

[Mario Castelán Castro]

On 02/09/17 15:37, rhkra...@gmail.com wrote:
> On Saturday, September 02, 2017 03:03:23 PM Mario Castelán Castro wrote:
> This is OT to the subject of this thread,but at first I was going to comment 
> and say that there is also, for example, KDE/Linux, as, indeed, I rarely 
> touch 
> anything graphical that is GNU.  But, then I remembered that a lot of the--
> hmm, what should I call them--I'll say boilerplate even though it is not what 
> I really mean--command line programs are GNU.
> 
> Without being entirely sure, I guess that includes things like ls, bash, ...

By your logic, if you think components you “don't touch” are not worth
mentioning, then you have to omit Linux.

Anyway, whatever name you prefer for the operating system (Debian
prefers GNU/Linux in official places; e.g.: the release names), the fact
is that Linux is not an operating system but only a kernel.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Recommended editor for novice programmers?

[Mario Castelán Castro]

> My Linux user group is setting up one desktop computer and one laptop
> computer for lending to our local library as an educational resource for
> folks who want to explore what Linux is all about.  We are using Debian 9
> for now.

The first think is to realize that Linux is a kernel, not an operating
system. A more appropriate name for the OS is GNU/Linux. Moreover, that
is the name Debian uses for its GNU/Linux versions (it also has other
kernels available).

>I am open to any suggestions for standard packages we should add. I have
already installed gcc and friends as well as Scilab, R, Perl 6, and some
other stuff, including emacs.

Useful suggestions can not be given in this regard because it dpeneds on
what the users are going to do with the computer.

Just leaving a computer with GNU/Linux is not a good idea to teach
people about GNU/Linux. You should have a person there to show them the
system and talk about free software.

On 02/09/17 13:34, Dejan Jocic wrote:
> You can set up both Vim and Emacs as powerful programming editors.

These are the *worst* possible suggestions. Both of these editors
require a lot of learning to even use them at all. If the OP follows
your advice, his users will have the impression that all software in
GNU/Linux is as arcane and difficult to use as GNU Emacs and Vim are.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Install on hp-pavilion-g6-2100 stops at 98%

[Mario Castelán Castro]

On 02/09/17 12:23, Luis Speciale wrote:
> Installing GRUB boot loader
> 
> 66%
> Running "update grub"…
> 
> I'm going to wait a little and see if it ends the install

When I installed Debian 9, the installer wanted to install grub on a
wrong path. I had to specify the path manually.

Try to specify the path manually to /dev/sdX (where X is one of “a”,
“b”, ... as corresponds to your disk).

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 01/09/17 22:33, Zenaan Harkness wrote:
> On Fri, Sep 01, 2017 at 09:38:14PM -0500, Mario Castelán Castro wrote:
>> No. Entropy is the appropriate word. Please recall that “entropy” is
>> just a different scale
> 
> Use of the word "scale" is one example of things that lead people to
> use loose terms like "stretching of entropy", which, though useful in
> certain contexts, not only readily give rise to imprecise
> comprehension in the mind of someone who has no robust definition of
> the term, but is mathematically bogus on the face of it, unless one
> gets really really precise in each and every definition of every term
> in ones "turtles on turtles" stack of term.

When I mean entropy, I say “entropy”. I mean what I say. It is not my
guilt that other people misuse this word.

The entropy of the random distributions in the relevant cases here are
perfectly defined. From the fact that *YOU* do not understand the
definition does not follow that it is “mathematically bogus”.

> Now let's go to that first links second sentence:
> "The measure of information entropy [...]"
> 
> I am not mathematically literate enough to even properly parse that
> sentence!

Here (and through the rest of your message) you are admitting that you
do not understand the meaning of entropy in probability theory. Yet you
are making statements about entropy. This is intellectually dishonest,
to say the least.

>> According to my understanding, the output of /dev/urandom when reading
>> with my command will be truncate(ChaCha20(X)) where (X) is the aforesaid
>> 512-bit state and “truncate” is the function that returns the first 128
>> bits of its input. The processing with ChaCha20 and truncation skew the
>> distribution a bit, but this is negligible.
> 
> Interesting - I thought ChaCha was being used because it was such a
> good (non-skewing, suitably crypto-random mixing, reasonably
> performant) algorithm.

Indeed, when properly used, ChaCha20 is good as far as I can tell.

Roughly speaking, we are computing hash(X) to derive the 128 bits read
by my one-liner. Even though we assume that “X” is uniformly distributed
among a 384 bit space, we assume that “hash” will give a random result
for each input, independent of the value it gives for the rest of the
inputs. Thus with near certainty, some values will be more probable than
other values, but (by “the law of the large numbers”) only by a tiny
difference from what an uniform/unbiased distribution would require.

This is a phenomenon applicable to hash-like functions in general. It is
not a flaw of ChaCha20.

> Even theoretical attacks will undoubtedly focus on this skewing, if
> indeed ChaCha20, or the implementation of it in the kernel, is
> actually skewing.

This is an unjustified statement.

>> As a side note, I noticed that Linux uses weird constants in the
>> ChaCha20 input for the aforesaid CSPRNG: the ASCII text “expand 32-byte
>> k”. This looks like a bad choice, but I doubt that it has any security
>> impact in practice.
> 
> I assume the opposite - almost always, such constants will and do
> effect security of the algorithm, AIUI.

This is yet another unjustified assumption.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 01/09/17 18:43, Zenaan Harkness wrote:
> (Probably obvious, but as long as you're reading from urandom,
> "entropy" is the wrong word, in this context, better to say "128 bits
> of crytographically secure numbers" as that which has been said e.g.
> by the Linux kernel urandom developers as being "crypographically
> secure" has changed a few times, and may change again in the future -
> it it truly were entropy (as /dev/random suggests it provides), the
> ongoing changes for "security" would not be necessary.)

No. Entropy is the appropriate word. Please recall that “entropy” is
just a different scale for probability and quantities comparable to
probability (like expected probability). Nothing more, nothing less.

Also note that all the theoretical (and very unrealistic) attacks on
/dev/urandom apply only when the attacker knows part of the *past*
output of /dev/urandom, and he uses this to predict the *current* and
*future* output of /dev/urandom. This is not applicable in our scenario.

In short: Given that the state of the CSPRNG is larger than the amount
of bits read[1], the bits can be assumed to be distributed at random.

Longer answer:

According to my reading of
,
/dev/urandom uses a variation of ChaCha20 which is periodically
re-seeded from the “entropy pool”.

In a reasonable scenario for password generation, the attacker does not
know the state of the 512-bit CRNG state, and so the best he can do in
practice is to model it with uniform probability distribution.

According to my understanding, the output of /dev/urandom when reading
with my command will be truncate(ChaCha20(X)) where (X) is the aforesaid
512-bit state and “truncate” is the function that returns the first 128
bits of its input. The processing with ChaCha20 and truncation skew the
distribution a bit, but this is negligible.

As a side note, I noticed that Linux uses weird constants in the
ChaCha20 input for the aforesaid CSPRNG: the ASCII text “expand 32-byte
k”. This looks like a bad choice, but I doubt that it has any security
impact in practice. Anyway, they should have used the constants
recommended by D, J. Bernstein (the designer of ChaCha20).

[1]: 384 bits according to my understanding, since 128 of the 512 bits
feed to ChaCha seem to be fixed to the ASCII “expand 32-byte k”.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 10:04, Mario Castelán Castro wrote:
> I have the following line in my Bash init file:
> 
> “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> 
> This generates a password with just above 128 bits of entropy. You may
> find it useful.

A slight simplification:

alias gen-password="head -c 16 /dev/urandom | base64 | cut -c -22"

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Configure_GnuPG 2

[Mario Castelán Castro]

On 31/08/17 16:40, miz...@elude.in wrote:
> unregistered user
> 
> hello,
> 
> i configured s2k but i would like use 25519 , i would like harden .conf
>   do i need add some special options ?

s2k means “string to key” (the 2 is a play on words for “to” since it
sounds similar). It refers to the procedure used to turn the
user-entered password into a key for *symmetric* encryption. Curve25519
is a elliptic curve and a function defined over it. There is no relation
between both things!

> * gnupg mailing-list is for registered user only and it does not suit me.

What is the problem with gnupg-users? I replied to your message there:
.

Most mailing list accept messages from people not subscribed, but *you
have to mention that you are not subscribed*, so that people will
include your e-mail address in replies. If you do not do that, you can
still read the replies in the mailing list archive (almost all public
mailing lists keep an archive of messages; look at the link above for
example)

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: lilypond workaround against lilypond-removal

[Mario Castelán Castro]

When a package is not in Debian there is also the option of compiling
from source. Sometimes this is not practical, though (because it has too
many dependencies which are in turn hard to build).

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to install extra TeX fonts without crud?

[Mario Castelán Castro]

On 31/08/17 02:48, Curt wrote:
> One way is to download the deb file and install it via 'dpkg -i 
> texlive-fonts-extra_2016.20170123-5_all.deb'.

Thanks you for your reply.

Won't dpkg refuse to install because of missing “dependencies”?

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Selecting text

[Mario Castelán Castro]

On 30/08/17 22:12, Hugo Vanwoerkom wrote:
> I now have a strange situation that on one system running Stretch + Sid
> the piece of text does not turn color when selecting it.

Mixing releases is one quick way to break your system.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Atril configuration saving

[Mario Castelán Castro]

On 30/08/17 06:27, Haines Brown wrote:
> I find the atril pdf viewer to be the most satisfactory choice for my
> needs. However, a problem is that it does not save my configuration.

Hello.

What do you find good about Atril as compared to Evince (if you have
used the later)?

It is not a rhetorical question. I am genuinely interested.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

How to install extra TeX fonts without crud?

[Mario Castelán Castro]

Hello.

I want to install some fonts to use in LaTeX that seem to be available
only in the “texive-fonts-extra” package. The problem, is that
“texive-fonts-extra” depends on a lot of fonts packages that I do not
want. Is there a way to install only the TeX fonts contained in
“texive-fonts-extra” without the other packages?

Thanks.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: On another (but related) note: Zip files

[Mario Castelán Castro]

On 30/08/17 05:14, Darac Marjal wrote:
> So, because gzip has such a market share in the Linux world, it makes
> sense for it to be included in the debian base install (in fact, apt and
> various utilities rely on it, so it needs to be there). Zip files,
> though, are much less common in the Linux world. There is nothing in the
> base install of debian that requires zip files, so therefore the zip
> program is not installed.

*GNU/Linux world*

Also it is worth noting that tar + gzip will do solid compression (it
compresses the archive as a whole), while zip compresses each file
independently. The zip approach gives worse compression, but extracting
a single file is faster, since only that file has to be uncompressed.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Unable to change mouse acceleration and threshold in Stretch

[Mario Castelán Castro]

On 29/08/17 09:36, Илья Валеев wrote:
> 28.08.2017 01:29, Mario Castelán Castro wrote:
>> Apparently, libinput uses its own parameters and ignores the parameters
>> that “xset” alters.
> 
> The main issue is that I cannot change mouse acceleration and threshold
> through GUI.

Understood. I was not aware of what the issue was exactly. That is
probably a bug of the graphical program. I suggest to file a bug report.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Future of linux-image-grsec-* packages

[Mario Castelán Castro]

On 29/08/17 02:22, Adrien CLERC wrote:
> Hi,
> 
> Since the announce of grsecurity to go to a complete non-free (as in
> beer) model (see https://grsecurity.net/passing_the_baton.php), I was
> wondering if there is any future for those packages.
I suggest you write to the maintainer of that Debian package.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: USB external hard drive -- mounting

[Mario Castelán Castro]

On 28/08/17 18:07, Ben Caradoc-Davies wrote:
> The above lines give me fixed mount points based on filesystem labels
> (LABEL), but UUID will also work. Device names are no good as they are
> by default dynamically assigned for USB storage devices.

To complement the information given by Ben Caradoc-Davies: One can
obtain the uuid with “ls -l /dev/disk/by-uuid/”.

I can not be of more help.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Resign me from your lists

[Mario Castelán Castro]

On 28/08/17 09:18, Fungi4All wrote:
> Are  you suggesting someone should read 4856 pages of manuals
> before they install Debian, let alone ask a "dumb question"?

No, you can learn as you need it. I know that manuals are long and
tedious. I do not expect you to read it all before asking, but I expect
you to check the table of contents and index for your question before
asking.

> How about I pop that barrel of depleted uranium open and dump it to
> the pond?

By the way, uranium is minimally radioactive. The main risk of nuclear
energy is that the fission products in spent fuel leak.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 18:15, Ben Finney wrote:
> Mario Castelán Castro <marioxcc...@yandex.com> writes:
> 
>> I assumed originally that this was a person who subscribed then
>> realized he did not want to be subscribed and decided to complain to
>> the list about that.
> 
> Even on that assumption, there is no call to insult the person. No-one
> is born knowing how to operate a mailing list subscription, please allow
> people to learn without implying they are inferior.

The problem is not ignorant people per se, but people who is ignorant of
what they ought to know (given the knowledge requirements of the
activities they choose to do).

If a lay man in the street does not know what radioactive decay heat is,
I would not see a problem, but if a manager of a nuclear power plant
does not know, then I would call him incompetent and the word “stupid”
is more than deserved. I think you will agree with this.

Likewise, somebody either writing or criticizing cryptography
recommendations should be competent in the relevant theory.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Resign me from your lists

[Mario Castelán Castro]

On 28/08/17 01:09, Reco wrote:
> Mario Castelán Castro <marioxcc...@yandex.com> wrote:
>> I have to admit that I do not know what specific header you are talking
>> about.
>>
>> I was not aware that this mailing list was used in “From:” spoofing.
> 
> X-Spam-Status contains LDOSUBSCRIBER for you, me, and everyone that's
> on the list. Like this: [...]

I see. Thanks for the information.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Unable to change mouse acceleration and threshold in Stretch

[Mario Castelán Castro]

On 27/08/17 13:57, Илья Валеев wrote:
> 21.08.2017 01:00, Mario Castelán Castro wrote:
>> I use LXDE and I can adjust the acceleration and speed through the program
>> accessible in LXDE menu. It is called “mouse and keyboard preferences“ or
>> something like that. However, even setting the speed at minimum, it is
>> still too high. What I have done is to use this command:
>>
>> “xinput --set-prop
>> "Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.28 0 0 0
>> 0.28 0 0 0 1”
>>
>> Replace 0.28 by your preferred multiplier (1 = no change; 1.123 = 12.3%
>> increase, et cetera) This ought to work regardless of desktop environment.
>> In lightdm, you can put this in “$HOME/.xsessionrc“ to run it
>> automatically at each log-in.
>>
> 
> Seems like bug is unique for me, but your method works.
> Solved.

It does not seem to be a bug. As mentioned in a previous message
<https://lists.debian.org/debian-user/2017/08/msg00404.html> what
happens is that in Debian 9, mouse acceleration parameters are handled
by libinput by default (I think that one can disable libinput by
replacing the package “xserver-xorg-input-libinput” with
“xserver-xorg-input-evdev”, but I beware that I have *NOT* tried it)

Apparently, libinput uses its own parameters and ignores the parameters
that “xset” alters.

> Thanks!

Пожалуйста.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 14:03, Reco wrote:
> On Sun, 27 Aug 2017 11:17:09 -0500
> Mario Castelán Castro <marioxcc...@yandex.com> wrote:
>> Then why did you subscribe to this mailing list in the first place?
> 
> He did not (e-mail headers show that clearly). He's probably yet another
> victim of this month spam attack which fakes From header to be
> 'debian-user@lists.debian.org'.

I have to admit that I do not know what specific header you are talking
about.

I was not aware that this mailing list was used in “From:” spoofing.

>> Are you stupid?
> 
> To paraphrase your signature, do not insult technically illiterate,
> respect them as you respect people.

Fair enough.

I assumed originally that this was a person who subscribed then realized
he did not want to be subscribed and decided to complain to the list
about that.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 10:56, Paul Farou wrote:
> I am receiving unwanted mail from you please get me off these lists!

Then why did you subscribe to this mailing list in the first place? Are
you stupid?

To unsubscribe, send an e-mail to debian-user-requ...@lists.debian.org
with subject “unsubscribe”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to Keep Track of Changes to the System

[Mario Castelán Castro]

On 25/08/17 22:14, ray wrote:
> I would like to find a way to keep track of changes I make to my system.  It 
> seem that I may learn from others on how they keep track of changes they make 
> to their systems.

I have a plain-text file of notes, which I keep under Mercurial version
control. I make a note here whenever I make any big change.

For manually installed packages, I install them under a directory in
“~/local/stow”. For example “~/local/stow/emacs”. Since there is a
one-to-one correspondence between packages and directories under the
“stow” directory, obtaining a list of what packages I have installed is
as easy as “ls ~/local/stow”.

The search path for executables is “~/local/bin”. I use GNU Stow to
automatically make symbolic links from here to the corresponding
directory under “~/local/stow”.

I can recommend GNU Stow to have better control over *manually*
installed packages. A common problem is that ones does “make install”
and then when one wants to delete the package, one does not know what
files one should delete, and ones does not realize if something is being
overwritten. GNU Stow solves that.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[Mario Castelán Castro]

On 26/08/17 13:06, david...@freevolt.org wrote:
> On Sat, 26 Aug 2017, Mario Castelán Castro wrote:
>> Whatever you find in Tails, is there because of a Tails developer
>> put it there.
> 
> I am perpelexed by this last statement, since the uri in the error
> message reported by the Tails user[1]

..which a Tails developer has there, like I said.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to Keep Track of Changes to the System

[Mario Castelán Castro]

On 26/08/17 16:10, Joe wrote:
>> Thank you for the list of solutions.  It is interesting that SVN can
>> be used with etckeeper.  It looks like I should learn git.  I have
>> used SVN for other things, but I am easily pulled from my comfort
>> zone for value.  
> 
> Git is very widely used, and on important projects, so it is being
> vigorously maintained. It's probably the right choice for new projects.
New project should use Mercurial. Existing project should switch to
Mercurial.

Although Git can do anything that can be needed (and so can Mercurial),
the difference is that Git has an horrendously designed interface and
the concepts it is based on are many times irrational.

For example, consider the “git reset” command. This one deserves an
award for the most irrationally designed command in all of GNU/Linux.

If you want to change what commit the current branch points to, you must
use “git reset”, and you must memorize the meanings of “--soft”,
“--mixed”, “--hard” and “--keep”. If you do it wrong (e.g.: “keep”
instead of “--mixed”, you lose data).

But surprisingly, git reset does not always change what commit the
current branch points to. Sometimes it just moves files from a commit to
the index (“staging area”). (“git reset  -- .”).

So “git reset” does 4 things with little relation: Sometimes it moves
what commit the current branch points to and *maybe* changes the working
directory and staging area. Sometimes it just de-stages your staged
changes (“git reset”). Sometimes it cancels a failed merge. Sometimes it
copies files from an older commit to the staging area. These tasks are
group into a single command for no logical reason.

Now, this is no problem *after* you have learned how to use Git. You may
even think that well, it ought to be difficult to learn how to use it,
but that is incorrect. It is difficult only because the interface and
the concepts behind it are irrationally designed.

By contrast, Mercurial interface is very clean. Every command always
does one simple thing. This does not mean that it is less powerful.
Although in a previous time (years ago) when one could not do powerful
history modification as in Git, that era is now history.

Imagine how many man-hours are wasted learning how to use Git, which
would otherwise be used to do actual programming.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 27/08/17 08:55, Brian wrote:
> Thank you for the detailed explanation. I had already come to some of
> the conclusions in your account but it is good to have them firmly and
> succinctly laid out.

You are welcome.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Debian v9 it's a stretch

[Mario Castelán Castro]

On 26/08/17 20:36, Liam O'Toole wrote:
> On 2017-08-25, Borden Rhodes  wrote:
>> I encourage everyone to check out "How to Irritate People salesmen" on
>> your favourite community video streaming site. That's how I've found
>> FOSS support: "Best software in the world. No problems at all. But if
>> you find a problem, file a bug and we'll fix it." "Well I have filed a
>> bug, and you haven't fixed it." "Nope, no problems with this software
>> at all..."
> 
> And you have never encountered that attitude with proprietary software
> vendors? Ever?
> 
> The difference with FLOSS is that you can fix any problems yourself. Or
> persuade or pay someone else to do it for you. The choice is yours.

There are plenty of sites where asking stupid question about free
software programs is the norm, and you are not allowed to admonish users
for not knowing what they must already know (very often it has a section
in the manual about it). The most popular one is probably stackexchange.

For example, I mean questions like: “I am the manager of a nuclear power
plant. The engineers are telling me that we are having a loss of coolant
and core meltdown, what does that mean? Is it dangerous?”

If you want to go spoonfeed, then go to one of those sites.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 26/08/17 13:25, Brian wrote:
> How does this
> 
>  echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1
> 
> compare with your recommendation?

I do not see the point in this post-processing.

It seems that you have a very wrong impression of what makes a password
generation scheme be a good password generation scheme.

For any probability distribution fixed in advanced, the *expected* (in
the sense used in probability theory) entropy of a password generated
with my scheme is well defined and at least 132 bits (I wanted 128 bits,
but using Base64 the choice is between 132 bits and 126 bits because 132
is not a multiple of 6). In other words, if you take a probability
distribution and keep if fixed while generating a big amount of
passwords with my scheme, the average entropy under that probability
distribution will be at least (within sampling error) 132 bits.

This property is achieved *because* there is a source of randomness
(that we can assume, has uniform distribution and thus maximal entropy
per byte) in my generation scheme, not because of Base64. Base64 is
there just to turn the random bytes into a *short* human-readable
string. One could turn the random bytes instead into a list of words (as
long as the mapping is one-to-one) and the same property about expected
entropy would hold, but then the password would be *much* longer.

Length is the *only* reason to use Base64 here instead of using the
random bytes to choose words at random.

By contrast, your “scheme” has no systematic source of randomness. It
requires that one has already decided for a “randompassword”, and then
post-process it. If the attacker knows the post-processing, guessing
this password is at least as easy than guessing the input to the
post-processing step (plus computing the hash and encoding, but this is
negligible). Moreover, your post-processing stage loses information, as
another user has already noted. If the attacker knows your
post-processing method, he can speed the search by avoid trying the
passwords that could not be possibly generated with your method because
of this loss of information.

For example, your method will never generate a string of '...'
because the input to Base64 are hex digits in ASCII, which never have
the byte value 0 (0 is unprintable).

If the attacker does not know the post-processing stage, then maybe he
will eventually begin to guess that your password is an human-generated
password ran through a post-processing stage. Then very possibly your
post-processing adds security (because the attacker has to guess the
post-processing method too), but how much? *It is not well defined*. We
already talked about non-well-defined probabilities, so I will not
repeat that fragment.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Mario Castelán Castro]

On 25/08/17 10:03, Tom Browder wrote:
> Thanks, Sven, very helpful.  Can you recommend a good modern book on 
> networking?

I learned the fundamentals of networking (which is very different from
learning how to use the networking tools in GNU/Linux) from this book:

http://libgen.io/book/index.php?md5=46C141A599089425669194E107EEFB4E

This is edition 6, but I learned from edition 5 (6 was not released back
then).

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[Mario Castelán Castro]

On 25/08/17 23:39, david...@freevolt.org wrote:
> On Fri, 25 Aug 2017, Mario Castelán Castro wrote to debian-user[1]:
>> Ask the tails people. This is the DEBIAN-user mailing list.
> 
> If this was intended to discourage such questions here, I think it is
> not a fair objection.

An isosceles triangle is a triangle, but Tails is not Debian.

Your comparison fails because Tails is a distribution of its own not
part of Debian in any way, just as Ubuntu or many or the other
derivatives of Debian.

Whatever you find in Tails, is there because of a Tails developer put it
there.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to change date and time format for quoting in Thunderbird?

[Mario Castelán Castro]

On 25/08/17 15:41, Byung-Hee HWANG (황병희, 黃炳熙) wrote:
> "lambda.alex.chromebook" is my chromebook's system-name. The others is
> https://raw.githubusercontent.com/soyeomul/Gnus/MaGnus/thanks-mid.rb.message-id

I do not understand.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Codecs and such? Like ubuntu restricted extras package?

[Mario Castelán Castro]

On 25/08/17 19:20, Anonymous wrote:
> Does something like this exist in Debian? A package which
> brings in restricted extras? A repository for all these
> extras? (without trusting some vague "unofficial" maintainer)

For that matter, bear in mind that officially any package outside the
“main” section is not part of Debian. Only packages that are free
software (compliant with the DFSG) can be part of Debian. The packages
in “non-free” which is a rough equivalent of Cannonical's “restricted”
are not official part of Debian.

I discourage using proprietary codecs because you give up part of your
computing freedom. A betters solution is to request data in a format
readable with free software.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 13:44, Thomas Schmitt wrote:
>> I will justify my claim of incompetence.
> 
> So that it does not look like an intentional insult ?

This is plain and simply my reason is to avoid further discussion about
cryptography with you.

I did not write this with the purpose of making an insult, but if you
find my impression about you offensive, the only think I can say is: try
to give a better impression next time to the next person.

>> Because this is only a mathematical result.
> 
> This leaves me speechless. I resort to classic literature:
> 
> [garbage removed]

Obviously, I mean “_only_ a mathematical result (with no computational
consequences)” as opposed to a “a mathematical result (having
computational consequences”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 12:15, Thomas Schmitt wrote:
>> Also, the theoretical vulnerability described in that man page is far
>> fetched.
> It is a mathematical fact. If you take a few theoretically unpredictable
> bits and inflate them to 128 bits, then the added size is no entropy,
> although it might be hard to distinguish this redundancy from the initial
> information.

This saves me from having to write a whole reply, since I know your
incompetence in cryptography is such that you are incapable of realizing
how incompetent you are.

I will justify my claim of incompetence.

You say that pseudo-random number generators can not add entropy and
this is a mathematical fact. This is true, and irrelevant.

It is also a mathematical fact that cryptographic algorithms you use
daily like DSA and Diffie-Hellman work over a cyclic group, including
their elliptic curve variants.

In the case of conventionall (not elliptic curve), the group in question
is the group of integers modulo “n”, where the group operatin is
*multiplication*.

DSA and Diffie-Hellman are broken if one can compute “discrete
logarithms”, that is, if one can compute “x”, given “b” and “(b^x) mod “n”.

Any cyclic group of order “n” is mathematically equivalent (isomorph) to
the group of integeres modulo “n”, where the group operation is *addition*.

In this group, computing “x” (or proving that it does not exists) such
that “ax=c” for any given “a“ and “c” is trivial (using the extended
euclidean algorithm). And this is mathematically (but not
computationally) equivalent to solving the discrete logarithm.

Why aren't these algorithms broken? Because this is only a mathematical
result. The isomorphisms can not be computed efficiently in practice, so
they are irrelevant for cracking. The same is the case with your
“mathematical fact”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 12:11, Brian wrote:
>> Unless you have a good reason to think otherwise (e.g. *you* manage the
>> web site and you know you are doing a good job), you should assume that
>> the data-base with hashes passwords will leak without the system
>> administrators noticing, and then an attack can be carried offline.
> 
> The problem with assumptions is that they often do not reflect the truth
> of a situation and predispose us to making recommendations which are not
> in the best interests of other people.

This *sounds* very reasonable, but the truth is that you are simply
dodging that your recommendation leads to weak passwords.

In security, one should not take things for granted. One should plan for
the worst plausible case. Leaking hashed passwords has happened many
times, so it is very plausible.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 11:51, Brian wrote:
> However, users use passwords to log into accounts *online* and those
> passwords are devised to withstand an *online* attack (of 100 tests per
> second maximimum(?)). This is the only aspect a user can completely
> control and many make a good job of it. Passwords which are long and
> have some complexity but are not a burden on the user or impossible to
> memorise would withstand such an attack. (This leaves aside the defences
> the site itself has in place).
> 
> A user has no control over what happens at the other end. Knowledge
> about how data are stored and safeguarded will be sparse, so the user
> will have to make a risk assessment about that; only time will tell
> whether it is correct. What doesn't seem quite right (morally and
> technically) is for it to be implied that the user should take some
> responsibilty for the site's (unknown) shortcomings.

Unless you have a good reason to think otherwise (e.g. *you* manage the
web site and you know you are doing a good job), you should assume that
the data-base with hashes passwords will leak without the system
administrators noticing, and then an attack can be carried offline.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 09:46, Thomas Schmitt wrote:
> Mario Castelán Castro wrote:
>> In principle, yes, but in practice, not at all. File compressors [...]
> 
> I wrote "estimate", "approximation", and "best possible compression".
> Of course gzip is not a very good approximation even if one subtracts the
> header bytes. 

I know what you wrote. My point is that there is no way to make a
reasonable approximation to the Kolmogorov complexity of a password.

Also, again, file compressors are bad for small files, especially as
small as passwords (less than 100 bytes). It makes little difference
whether you discount the header and trailer, they are still bad.

All contemporary practical compressorors (some research compressors do a
little more than this, see e.g.: the ones in the Hutter prize
compettion) are based on *verbatim* repetition and the biased
distribution of bytes in the data. They are bad for your use case
because there is little *verbatim* repetition in a password. They can
not interpret the *meaning* of the information in any meaningful way,
unlike an human.

For example, for an human, a byte string “one, two, three...” (that goes
to 10,000) is very simple to describe as “the numbers from 1 to 10,000
written in English and separated by “, ””. A compressor does not
understand that these are consecutive numbers spelled in English and
thus can not take advantage of this. The size of that data, compressed
for example, with XZ, will be much longer than the phrase above that I
used to describe it.

To recap: Real-life file compressors can not be used to estimate the
strength of passwords because they do not understand *meaning* as humans
perceive it.

> Better approximations are presented in the article.

*What* article? Nobody has mentioned a scientific article in this thread.

> Given the time spans
> and computing powers which were mentioned, i'd say they performed less
> than 2 exp 50 tries to crack the majority of good passwords.
> I.e. the compression which is established by their enumeration can squeeze
> those good passwords to less than 50 bits of size. Of course, as any lossles
> compression, it has to inflate other better passwords by at least one bit.
> 
> 
>>> The second password class and my knowledge about it gives me not more
>>> than a reduction of text bit number by 25 percent (6 bit text -> 8 bit
>>> binary) and a couple of bits which are harder to harvest.
> 
>> This is a somewhat oversimplified analysis.
> 
> Wasn't it you who said in
>   https://lists.debian.org/debian-user/2017/08/msg01260.html
>   “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> 
> After exploiting the "base64" part to get my 25 percent,i'd go for
> /dev/urandom. man 4 urandom says:
>   "[...] if  there  is  not  sufficient  entropy  in  the
>entropy  pool, the  returned  values are theoretically vulnerable to a
>cryptographic attack on the algorithms used by the  driver."

I already explained why my method is not a 25% reduction in entropy, but
you ignored the argument.

Also, the theoretical vulnerability described in that man page is far
fetched. It would require a *practical* attack comparable to pre-image
of SHA1. And one must note that not even the deprecated MD5 has a
practical pre-image attack, to the best of my knowledge.

Moreover, such a theoretical attack applies only when the attacker
*already knows* some of the output of your /dev/urandom, you output some
more bytes, and the attacker has to guess these additional bytes based
on the previous ouptput. In the use being discussed here, which is
password generation, the attacker does not know anything else about the
output of the PRNG.

In Linux (the kernel) the same algorithm used for /dev/urandom is used
to mix /dev/random. So there is likewise a theoretical possibility of a
vulnerability if you use /dev/random instead of /dev/urandom. Read
“/drivers/char/random.c” if you are interested in possible
vulnerabilities of the random virtual devices.

-
Also, you mentioned 64 bits, but I *never* suggested this (in)security
level.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 25/08/17 04:21, Thomas Schmitt wrote:
> One can estimate entropy by an approximation of the best possible
> compression in the context of the knowledge of the reader.
> The compression result will generally be longer if the compressor has
> fewer knowledge about the message.

In principle, yes, but in practice, not at all. File compressors are
designed assuming that the common case will be compression of data much
longer than passwords (at least 1 MB). The behavior for message less
than 100 B long will be highly anomalous.

Moreover, the meta-data (like magic number, container, et cetera) add
overhead to the compressed file. If we interpret compressed length as
entropy this will inflate your estimate of entropy by tens of bytes,
which is enough to make it useless.

The problem trying to estimate entropy of a message M' given a prior
message M (the _context_ in your wording) can be formulated
mathematically in terms of Kolmogorov complexity. Unfortunately,
determining “the” Kolmogorov complexity of a message (given an universal
encoding scheme, for example, programs in untyped λ-calculus) is
algorithmically undecidable. Worse yet, Chaitin proved a theorem (now
called Chaitin incompleteness theorem) that for any consistent formal
system there exist a bound N such that the formal system can not prove
that “the” Kolmogorov complexity of any specific string is higher than N.

> The second password class and my knowledge about it gives me not more
> than a reduction of text bit number by 25 percent (6 bit text -> 8 bit
> binary) and a couple of bits which are harder to harvest.
> E.g. i know that a dictionary attack is of few use.  That's one bit,
> because it's the first decision i can make. Any further insight might add
> only a fraction of a bit. (It's probabilistic. So we can grind bits to dust.)

This is a somewhat oversimplified analysis. You know beforehand that a
password is almost surely a sequence of printable characters among the
allocated code points in Unicode. If you know the program in which the
password has been input, then you can know the character encoding as
well. Assuming it is UTF-8, you can discard a large fraction of all
possible 8-bit strings (not all 8-bit strings are valid UTF-8). Thus the
prior distribution has less than 8 bits of entropy per bit.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to change date and time format for quoting in Thunderbird?

[Mario Castelán Castro]

On 25/08/17 07:36, Byung-Hee HWANG (황병희, 黃炳熙) wrote:
> In Article <3af44f03-ebc9-473c-2d77-36961f66d...@yandex.com>,
>> When replying to a message in Thunderbird as packaged in Debian 9, the
>> date and time is automatically placed before the quote, like this: “On
>> 22/08/17 17:31, $NAME wrote:”. How can I change the format used for the
>> date and time? In addition, I want to change the format of $NAME to
>> include his e-mail address a well.
> 
> Sorry, i don't know Thunderbird. By the way, recently i did change them
> on Gnus (News/Email client of Emacs).

Thanks you.

I see you are using the “Message-id” field. This is not at all useful
for humans.

I do not use Gnus currently, because I do not have time to read tens of
pages of manual to configure it properly. I use GNU Emacs. Maybe in the
future I will configure an e-mail client in GNU Emacs.

However, right now Thunderbird is what I use.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

[Mario Castelán Castro]

On 24/08/17 20:51, Anonymous wrote:
> I'm seeing this in Tails [...]

Ask the tails people. This is the DEBIAN-user mailing list.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

How to change date and time format for quoting in Thunderbird?

[Mario Castelán Castro]

When replying to a message in Thunderbird as packaged in Debian 9, the
date and time is automatically placed before the quote, like this: “On
22/08/17 17:31, $NAME wrote:”. How can I change the format used for the
date and time? In addition, I want to change the format of $NAME to
include his e-mail address a well.

Thanks.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

[Mario Castelán Castro]

On 24/08/17 10:21, Dan Norton wrote:
> Oops - forgot to try GNU Stow. Another time maybe.

In this case, you used the package manager, so there is no need for
stow. GNU Stow is useful when installing manually, for example, when one
compiles from source.

> Thank you, Mario, for your help. Great discussion.

No problem Dan. Glad to be of help.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

[Mario Castelán Castro]

On 23/08/17 20:52, Dan Norton wrote:
> Debian 8 is what I use. You must have snipped off that part of my post.

Right. You mentioned it in your very first post in this thread, but I
skipped over it. My bad.

> $ sudo gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint '6D5B 
> EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393'
> [sudo] password for dan:
> gpg: /root/.gnupg/trustdb.gpg: trustdb created
> gpg: error reading key: public key not found 

Ah, sorry. The correct command is “gpg --keyserver
'hkp://pool.sks-keyservers.net' --recv-keys 'FINGERPRINT'” (that is,
replace “--fingerprint” with “--recv-keys”).

> where have I seen that before? :-)
> 
> Since borg is a self-contained binary, perhaps it does not need to be
> formally declared as a package in Debian 8.

There is no relation between “is self-contained binary” and whether it
is in Debian. Again, borgbackup is available in Debian 8, but you have
to enable backports.

Moreover, Debian package borgbackups is not a self-contained binary. It
uses the package manager to install the dependencies, just as any other
package. It makes more sense this way when it is installed through the
package manager.

> The problem is "how can one
> verify the download before moving it into /user/local/bin" as
> recommended by the author?

By the way, I recommend to use GNU Stow
 when installing packages manually.
It makes administration much easier when several packages are installed,
and more so when upgrading or deleting packages.

The point is to keep each “package” (roughly, any program distributed
and installed as a whole; this is unrelated to packages as in apt-get)
in a directory exclusively of its own use under /usr/local/stow, or any
other directory. Then GNU Stow makes symbolic links from the directories
where the system expect the package to be (e.g.: /usr/local/bin) to the
place where the package is actually installed. This way you do not have
to remember which files belong to which package when uninstalling a
manually installed package. GNU Stow will also display a warning if you
try to install (using GNU Stow) packages that have colliding files,
instead of having them override eachother as would happen when doing
“make install”.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

[Mario Castelán Castro]

On 23/08/17 19:34, Dan Norton wrote:
> I'm all for that, but unfortunately...
> $ apt-cache show borgbackup | grep ^Homepage
> E: No packages found
> 
> Before posting I searched for borg and because nothing turned up I tried
> to install it another way. It's supposed to be a self-contained binary;
> the simplicity is appealing, but it's gotta be the real thing (not
> spoofed).

“borgbackup” is in Debian 9. In Debian 8, borgbackup is available in
backports.

If you are using Debian 9 or higher, then you have a configuration
problem because the package *is* there.

>> After you have followed this procedure to obtain a fingerprint of the
>> borg developer that signs the release, fetch the key with the following
>> command (substitute FINGERPRINT with the actual fingerprint. You need
>> not delete the spaces in the fingerprint, but do not delete the single
>> quotation marks in the command):
>>
>> gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key
>> 'FINGERPRINT'
> How do we know about 'hkps://hkps.pool.sks-keyservers.net'? I tried the
> command...

pool.sks-keyservers.net is a pool of servers of OpenPGP keys (OpenPGP is
the format of keys and so on. GNU PG is the name of the program). Refer
to  for more information.

Note that unlike fingerprints, the key server is not a security-critical
component. All it does is to serve the *requested* key to GNU PG. If it
served a key that was not the one requested, GNU PG would detect it.
Though maybe denial of service attacks are possible by a malicious
server, this is not something that should worry you too much.

Always specify the full fingerprint when fetching keys. If you specify
one of the shorter IDs (like “3003BEC50642D919” or “0642D919”) , the
server could in principle generate a different key with the same ID and
give that to you instead.

> $ gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key ' key>'
> gpg: requesting key FAF7B393 from hkps server hkps.pool.sks-keyservers.net
> gpgkeys: HTTP fetch error 1: unsupported protocol
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0

I am not sure, but I think you are using a very old version of GNU PG
that does not have support for HTTPS (HKPS is a protocol over HTTPS).
The default version in Debian 9 (2.1.18) supports HKPS.

But well, you can use plain HKP too:

gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint 'FINGERPRINT'

Make sure to use the whole fingerprint. It is a string of 40 hexadecimal
digits, optionally interleaved with spaces, like this:

E053 A25B CC30 2BBB 2DAD  EC03 3003 BEC5 0642 D919

-
When you reply in mailing list, please delete the parts of the quote
that is no longer relevant. Otherwise most of your message is quotation
and the conversation becomes hard to read.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

[Mario Castelán Castro]

On 23/08/17 15:11, Dan Norton wrote:
> #1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26)
> is on my desktop. In the process of installing borg from:
> 
> https://github.com/borgbackup/borg/releases

You can install it easily in Debian. The package is called “borgbackup”.
However, in Debian 9 it is an older version. If you want the latest
version in Debian 9 you will have to install from the sources.

> sudo apt-key add borg-linux64.gpg

There is no reason to do this. You should not change the apt-get keys
lightly. To install from source, there is no reason to add more trusted
keys to apt-get.

> If nothing is amiss so far (a big if), the problem now is:
> 
> $ gpg --verify borg-linux64.asc borg-linux64
> gpg: Signature made Sun 23 Jul 2017 07:23:38 PM EDT using RSA key ID
> 51F78E01
> gpg: Can't check signature: public key not found
> 
> How to get the public key?

See
.

A key may claim to belong to X person, but you should not take the key's
word for granted. You must verify that X person indeed owns that key.
The best way to do this is that the person gives you face to face his
gpg key. Second best is using the OpenPGP web of trust.

In your case, probably neither option is possible, at least not
immediately (joining the web of trust usually requires physically
traveling to key signing parties, or something similar). The best you
can do is to trust the key given by the official borg page.

How do you know what is the official borg page? You should not trust a
search engine for this, nor what the page itself claim, but you can
trust the Debian developers (not because they are special, but because
you are trusting them by using Debian).

To see the home-page of a package in Debian, do as follows:

$ apt-cache show borgbackup | grep ^Homepage
Homepage: https://borgbackup.github.io/borgbackup/

After some clicks, starting in this page, you will end in the page I
mentioned (which is
).

After you have followed this procedure to obtain a fingerprint of the
borg developer that signs the release, fetch the key with the following
command (substitute FINGERPRINT with the actual fingerprint. You need
not delete the spaces in the fingerprint, but do not delete the single
quotation marks in the command):

gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key
'FINGERPRINT'

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 23/08/17 14:11, Brian wrote:
>> As for the scenario where the password is compromised and that leads to
>> somebody posting slander in one behalf, that can happen without any need
>> for password cracking. Anybody can create a profile in a social network
>> pretending to be you with the intention to taint your reputation.
>>
>> Hence that only your reputation as perceived by stupid people would
>> suffer from such an attack.
> 
> A slander coming from your own (compromised) account is somewhat
> different from one posted from a created account. It is a lot harder
> to deny one but not the other.

The problem here is that only *you* know which account is legitimate and
which is the impersonator. The rest of people read that account A claims
that account B is impersonating it, but they can not know that is true,
or whether it is actually the other way, or whether account B is
actually the same person as account A but posing as a impersonator of
himself (like the so called “self-robbery”).

If you have access to an account, you can prove this easily to anybody
through a challenge-response protocol. However, in general you can not
prove that you do *NOT* have access to an account. It can be done only
in *some cases*. For example, if you were unconscious in the hospital,
the hospital personnel can attest to this. Of course, this works only if
people is willing to trust the hospital personnel.

>>> "Probably" is probably good enough. The probability of either of the two
>>> previous passwords being deduced from pure guessing is close to zero.
>>
>> It is not human guessing, but brute force attacks with specialized
>> hardware what you should try to protect against.
> 
> It is all "human guessing". Think about it. Machines do not guess by
> themselves. Not yet anyway!
> 
> Two passwords:
> 
>   IhaveaMemorablePasswordwhichIwillnotforget!
> 
>   MyDogHasNoNose.HowDoesItSmell?Terrible!
> 
> Please would you give your opinion of how long it would take to brute
> force these over the network.
> 
> (I do not understand "specialized hardware" when it is network attacks.)

An answer can not be given for “how long it would take” because this
question depends on too many factors. It is an open-ended question.

Anyway, you have to take into account that sometimes a data base of
hashed passwords of the users can be  obtained through normal cracking.
Then the attacker can perform a brute force search without any further
need for network access.

If your ~/.gnupg directory leaks, then your OpenPGP key is protected
only by your password. No network access is required after the initial leak.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 23/08/17 11:57, Brian wrote:
>> If you do not care about security, you could generate a single 4
>> character bit block with my method and save typing.
> 
> One online password checker (not that I understand how it works or even
> trust it) gives
> 
>  IhaveaMemorablePasswordwhichIwillnotforget!
> 
> 211.6 bits of entropy and rates it as "very strong" and "overkill". I'd
> place any discomfort with having to type a long password low down on my
> list password formation difficulties. Long, with some complexity and
> memorable goes a long way to securing accounts on a computer or on the
> web.

Entropy is just another way of expressing probability. More
specifically, entropy in bits is the logarithm in base 1/2 of the
probability.

It only makes sense to speak of probability (or equivalently, entropy)
when there is a clearly defined probability distribution.

The kind of passwords that you suggest are generated combining fragments
of your knowledge in an ad-hoc way. Thus although we could *speak* of
the probability distribution of your method, as applied by you, the
actual probabilities are unknowable.

The relevant probability distribution for password strength is the one
that the attacker will assume. The online password checker has no way to
know this, therefore the figures it gives are utter bullshit. Not only
you should not trust it, you should ignore it completely.

With my method, the probability distribution is well defined: Each
character is chosen independently and uniformly distributed from a set
of 64, thus it has 6 bits of entropy.

>> No, I am not digressing. Not every password is equally important. How
>> important is the password you use to post in a forum that you will not
>> visit again? Is it as important as the password of your GNU PG private key?
> 
> Developing good practice with password management is what is important.
> If that weak password leads to a compromise of the account then it could
> end up with a ruined reputation for someone, depending on what happens.
> An ingrained habit of always creating a good password is a respectable
> life skill.

It is very ironic that you are now talking about the importance of
strong passwords, while at the same time you advocate a non-well-defined
method for password generation that probably gives weak passwords.

As for the scenario where the password is compromised and that leads to
somebody posting slander in one behalf, that can happen without any need
for password cracking. Anybody can create a profile in a social network
pretending to be you with the intention to taint your reputation.

Hence that only your reputation as perceived by stupid people would
suffer from such an attack.

> I actually like your method; its making the outcome of it memorable
> which I have difficulty with. I have no hesitation in saying the chances
> of my memorising
> 
>  u19rX2JjTM5salGIYfrO1w
> 
> is nil. I suppose I could put more effort into forming a mnemonic, but
> I'd likely forget that too. On the other hand I could write it in my
> notebook. That's probably the way to go. Then I leave my notebook at
> home.

I acknowledge that devising a mnemonic for the whole password in a
single run is nor practical. Hence that my suggestion (which I already
described in a previous message) is that if you need to memorize it
instead of storing it in a password manager then you generate and
memorize it by chunks of 4 characters.

> "Probably" is probably good enough. The probability of either of the two
> previous passwords being deduced from pure guessing is close to zero.

It is not human guessing, but brute force attacks with specialized
hardware what you should try to protect against.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 17:31, Brian wrote:
> You will now explain why the first one will be broken in the next
> 100 years. I'm past caring after that.

If you do not care about security, you could generate a single 4
character bit block with my method and save typing.

>> If the password is not important (for example, account of web forums)
>> then you can use store it in a plain text file or a password manager.
>> Firefox has a built-in password manager which works fine. Here
>> memorability does not matter at all, as you just have to copy and paste,
>> or let the password manager fill it automatically. Anyway, one could not
>> memorize enough passwords for all the things that require one (esp. web
>> sites).
> 
> You are digressing. Every password is important. Basing a password on
> the perceived imortance of an account is unwise. What Firefox has is of
> no great consequence when it comes to memorability.

No, I am not digressing. Not every password is equally important. How
important is the password you use to post in a forum that you will not
visit again? Is it as important as the password of your GNU PG private key?

> Fine. But where is the improvement over
> 
>  Willhas5fingerson_each_Jand
> 
> as a password? A bit longer to type, perhaps, but not spectacularly so.

This is just for a block of 24 bits, thus this is a rough equivalent of
4 characters under my method, which is *much* shorter to type.

Assuming your mnemonic function is one-to-one (which it is not) you
would need 4 such to achieve the 96 bits of entropy that I recommend.
Then the difference in length is very significant.

Moreover, since you are suggesting using the mnemonic itself, and the
mnemonic function is not well defined, the entropy is not well defined
either.

-
Anyway, I posted this suggestion for those who want a provably (not
“probably”) secure password (up to a certain entropy). I know not
everybody will like my method, and that is fine for me.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 15:11, Jape Person wrote:
> You have been *very* helpful. You educated / reminded me on why even
> testing for exploits isn't necessarily useful when the firmware is not
> Open Source, and you told me about the existence of magnetic quick
> release USB cables. Time to shop!
> 
> And thank you very much again.

I am glad that you found my commentary useful.

By the way, I prefer the free software philosophy and term instead of
open source, although of course, almost all open source software is free
software and vice-versa.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 15:14, Mario Castelán Castro wrote:
> Generate a 3-bit long password, for example:
> 
> mario@svetlana [0] [/home/mario]
> $ head -c 3 /dev/urandom | base64
> w5eJ

Apologies. This is of course, a 3 BYTE long password (24 bits), not 3
BIT long!!

I also want to point that by default, if the input to base64 is not an
input of 3 bytes then the last digit does not have full entropy. The
one-liner that I gave in my *original* message is processed to have full
entropy in *all* digits (hence the double use of “head” command), for a
total of 132 bits. The line quoted here does not need this processing
because the input gives exactly enough entropy to generate 4 characters
with full entropy.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 15:14, Mario Castelán Castro wrote:
> Generate a 3-bit long password, for example:
> 
> mario@svetlana [0] [/home/mario]
> $ head -c 3 /dev/urandom | base64
> w5eJ

Apologies. This is of course, a 3 BYTE long password (24 bits), not 3
BIT long. Hehe.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 14:46, Brian wrote:
> Wow! Can you suggest something which gives one teensy-weensy bit of
> memorability?

I do not recommend “memorable passwords” at all. The reasons are as
explained next.

If the password is not important (for example, account of web forums)
then you can use store it in a plain text file or a password manager.
Firefox has a built-in password manager which works fine. Here
memorability does not matter at all, as you just have to copy and paste,
or let the password manager fill it automatically. Anyway, one could not
memorize enough passwords for all the things that require one (esp. web
sites).

If the password is important, then for a reasonable amount of entropy, a
memorable password will be too long and VERY slow to input. I suggest
the following approach:

Generate a 3-bit long password, for example:

mario@svetlana [0] [/home/mario]
$ head -c 3 /dev/urandom | base64
w5eJ

Write it in a paper or leave it in the terminal. Invent a mnemonic for
it or just memorize as is. In this case, I can think of “_W_ill has _5_
fingers in _each_ _J_and (hand spelled wrong)”.

Several times through the day, try to remember the password and *then*
look at the paper or terminal to check. Allow yourself 1 day to memorize
it, then if you used a paper, either *eat it* or chew it until it is an
homogeneous blob and then spit it. Repeat this for several days. Your
password at the end is the *concatenation* of all these 4-character
chunks in the order generated.

If at some point you get a chunk that is hard to memorize, you can
discard it and try again. Discarding removes some entropy but I do not
think it is significant (as a *rule of thumb*: You can choose the “best”
of 4 tries for any block and lose only 2 bits of entropy; if you do this
each block, then you still have 88 bits of entropy). To assure that each
chunk gives the maximum amount of entropy (24 bits) you must commit
yourself to use whatever is generated, that is, without discarding.

Each chunk gives 24 bits of entropy. I recommend to use a 4-chunck long
password, for 96 bits of entropy. In my opinion, there is no point in a
longer password; the attacker would simply kidnap you and give you
amobarbital instead of trying brute force. 5 chunks give 120 bits, which
is IMO is enough for *any* password that can be trusted to a single
person. For stronger security requirements, one should instead require N
of M good passwords to unlock the ICBM and then distribute the
individual passwords as appropriate.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 13:01, Jape Person wrote:
> There's no fix for my wife and the presence of cables. In this case, the
> cables for keyboard and mouse run from the Intel NUC computer nestled in
> a table beside her recliner to the keyboard on her lap and the mouse on
> her arm rest. She has yanked the cables free of the computer, pulled the
> computer out of its shelf, dropped the keyboard and then tripped over it
> when she tried to retrieve it, and actually toppled the table while
> "arguing" with the keyboard and mouse cables. Wireless devices were a
> ploy to reduce the likelihood of her causing damage to the various
> devices because of her interaction with things that were tied together
> physically.

I see. You may be also interested in “magnetic quick release USB
cables”. They are held together at one part by a magnet. A strong pull
(accidental or otherwise) will disconnect it, and thus it is supposed to
be less dangerous for the user and the equipment. I have never seen any
such in my life, but I know they exist.

> Her clumsiness doesn't reduce her charm a bit. But you do have to be
> careful not to stand next to her in the kitchen. She gestures a lot with
> her hands -- even when holding knives. Ever seen a Fellini movie?

Well, at least as she does not injuries herself or you it's alright. :)

-
There is nothing else to add from my part to this conversation, so good
luck!

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 12:38, Nicolas George wrote:
> Wrong, "pay a loan" and "pay a loan" are the same problem. "Pay a loan"
> and "escape the police after robbing a bank" are two different problems,
> for example.

Wrong. Your ambiguous choice of words has hidden the difference.

First it is “pay THE loan X” first, and then it is “pay THE loan Y”,
where X≠Y. Therefore, they are different problems.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 12:33, Nicolas George wrote:
> Le quintidi 5 fructidor, an CCXXV, Mario Castelán Castro a écrit :
>> Wireless things do not solve the problem of having to cope with wires.
>> They just replace this with the bigger problem of unauduitable firmware
>> directly exposed to the attacker (via radio or sometimes infrared
>> communication).
> 
> Well, that is not the SAME problem, so the original problem is solved.

Just as the problem of having to pay a loan is “solved” by requesting a
new loan to pay the old loan.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Wireless devices and cryptography in practice (Was: USB wireless keyboard in stretch)

[Mario Castelán Castro]

On 22/08/17 10:22, Jape Person wrote:
> Hence, why I suspect that they are vulnerable. I bought these things
> because my wife trips over her cables 3 or 4 times a day, and wireless
> ones are just easier to deal with from a workstation logistics standpoint.

Wireless things do not solve the problem of having to cope with wires.
They just replace this with the bigger problem of unauduitable firmware
directly exposed to the attacker (via radio or sometimes infrared
communication).

My suggestion is to instead address cabling directly. If your wife trips
because cables are in the floor, then use some wire to coil the excess
length so that it does not hang. If your cables have to go through a
walkway, then pass them through the bottom of the ceiling, so that the
floor will be clear and thus avoid the “tripping hazard”. Use a cable
extension if required. You may need to go to a hardware store to buy a
cable tray or a wall-mountable cable clamp.

> I'll look into getting the test suite from Bastille to see if I can
> figure out how to do some testing on these things to see if they look
> vulnerable. Do you really think that this is unauditable? Bastille
> claims to have produced Open Source tools for doing just that.

If the device firmware is secret, then it is unauduitable. Of course,
this applies to wired keyboards too. The problem is that wireless
keyboards are exposed to possible attackers, while wired keyboards are not.

I have not heard about Bastille. Apparently they sell a vulnerability
scanner for wireless devices. I can easily be wrong here because I just
took a quick glance at “https://www.bastille.net/product/introduction/”.

By doing vulnerability scanner, one can only test the device for a
limited set of *known* vulnerabilities (the test suite must know what to
look for). I would not trust any wireless device just because a
vulnerability scanning found nothing on it. Without seeing the firmware
source code, one can not tell if it has vulnerabilities previously unknown.

> Maybe I'll just use the wireless keyboards and mice to control TVs.

Ugh? I did not know that TVs that have any use for keyboard and mice
input existed. I guess it's just yet another class of devices with
“walled-garden type” proprietary software providing an incountable
number of fancy but completely useless bells and whistles.

What is next? A toaster that makes a Twitter post when the toasts are ready?

>> That is why opaque cryptographic systems can not be trusted. This is
>> covered in any practical cryptography book.
> 
> Practical cryptography -- isn't that an oxymoron, for most users at
> least? [...]
I was referring to *books* that address the issues related to
*deploying* cryptographic systems as opposed to theoretical issues or
cryptanalysis (for example, the mathematics of elliptic curve
cryptography, hash constructions “probably secure” based on the random
oracle model, and other details that are not relevant to the end users).
The question of whether cryptography can be practical is a very
different matter.

I believe that cryptography is already practical. For example,
encrypting e-mail with Enigmail and Thunderbird is very easy. Many
distributions have graphical installers (lay users are allergic to
ncurses-type interfaces) with which an encrypted volume can be set up
easily. Many web sites use TLS transparently to the user, et cetera.

> In a day when people post their most personal experiences and thoughts
> on Facebook or Twitter for everyone to read [...]

But about the huge amorphous mass of typical Facebook users, those are a
lost case. The fact that they couldn't be made to properly secure their
information –even if their despicable lives depended on it– is not a
fault of the cryptography systems. It is a fault of their indolence and
incompetence. Related:
.

Personally I do not care about “privacy” in the normal sense, because I
do not care about the opinion of people about myself (However, I do care
about *arguments* that I am doing something wrong). However, I care abut
encryption because I do not want to leave through the Internet personal
information that maybe can be used *against* me.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Mario Castelán Castro]

On 22/08/17 10:09, Greg Wooledge wrote:
> https://packages.debian.org/stretch/pwgen
> https://packages.debian.org/stretch/makepasswd
> https://packages.debian.org/stretch/apg
> https://packages.debian.org/stretch/otp
> https://packages.debian.org/stretch/gpw
> ...

There is no point in installing a package if it can be do as simply as this.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

One-line password generator

[Mario Castelán Castro]

I have the following line in my Bash init file:

“alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”

This generates a password with just above 128 bits of entropy. You may
find it useful.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Relocated Header Directories

[Mario Castelán Castro]

On 22/08/17 09:57, Christian Seiler wrote:
> Not programs, but packages, yes. Not all library packages in Debian
> have been updated to use the Multi-Arch scheme yet (in some cases
> other aspects of the package may make this difficult, even if it
> is easy to put the .so file into the new location), though the
> number of packages that are still in /usr/lib directly has decreased
> with every Debian release since Wheezy (the first with Multi-Arch).

Thanks for the information.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Relocated Header Directories

[Mario Castelán Castro]

Thanks everybody for the explanation (note that I did not make the
original question). I had been wondering about why some of my “.so” were
in “/usr/lib/x86_64-linux-gnu” instead of just “/usr/lib”.

What about the ELF shared objects that *are* under “/usr/lib”? Are these
programs that do not have support for multi-arch?

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Remove contents

[Mario Castelán Castro]

On 22/08/17 07:44, Sherwin Kamperveen wrote:
> Is it possible to remove the following contents. It is content that is
very old.

No. All information sent to these mailing lists is made public by the
author. It is NOT possible to remove, and the Debian project will ignore
any such request. See the Debian mailing list FAQ.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: USB wireless keyboard in stretch

[Mario Castelán Castro]

On 22/08/17 04:11, Darac Marjal wrote:
> Don't forget your TEMPEST-approved faraday cage (I mean, what's the wire
> between the keyboard and the computer if not a nice aerial?)

No. USB uses twisted pair, which is designed specifically to be a bad
antenna. Also, the relatively low frequency of USB 1.0 and 2.0 does not
lend itself well to RF emission by small radiators.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: USB wireless keyboard in stretch

[Mario Castelán Castro]

On 21/08/17 23:02, Jape Person wrote:
> The keyboard communications are encrypted, and both mouse and keyboard
> are rechargeable. But I at least have to check with Cherry support to
> learn whether or not my new toys are vulnerable. I suspect that they are.

The problem is that even if the manufacturer assures you that the
wireless link is secured cryptographically, all you have is their word
for it. The implementation is very probably unauduitable (and even if
would not audit it yourself, somebody among the community of users
probably would do so and report if he found any vulnerability), as
almost all firmware is.

That is why opaque cryptographic systems can not be trusted. This is
covered in any practical cryptography book.



signature.asc
Description: OpenPGP digital signature

Re: USB wireless keyboard in stretch

[Mario Castelán Castro]

On 21/08/17 17:09, Alle Meije Wink wrote:
> Does anyone understand the cause of this problem
*The USB wireless keyboard IS itself a problem*. You are unnecessarily
contaminating the environment consuming Voltaic cells where none is
needed (obviously wired keyboards feed through the cable) and
broadcasting what you write over the air, including your passwords.

>& how to fix it? Thanks!

Very simple: Use a wired keyboard.



signature.asc
Description: OpenPGP digital signature

Re: Debian v9 it's a stretch

[Mario Castelán Castro]

On 2017-08-21 09:08 -0700 tony mollica  wrote:
>I don't usually complain about free stuff but, for me, stretch has 
>become a distant back-runner to previous releases.  Jessie was fast and 
>everything worked.  Stretch has become a day to day challenge for even 
>minor issues.  Going back or changing dists.
>
>I'd like to know if others have the same issue or is it my particular 
>installation, which was a new, clean install to a new disk.

I made a fresh install too and I have not had any major problem.

Something that stopped working (apparently because of the change
to libinput) is changing "Device Accel Constant Deceleration" with xinput
to make the cursor slower. But now I use “Coordinate Transformation
Matrix“ for the same effect.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgptQ9_XgHQM7.pgp
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

On 2017-08-19 23:07 -0400 Celejar  wrote:
>There's Borg, which apparently has good deduplication. I've just
>started using it, but it's a very sophisticated and quite popular piece
>of software, judging by chatter in various internet threads.

This seems like an excellent tool for my use case. It has an interface
very much like control version systems (which I am familiar with), makes
efficient use of space and is no more complex to use than required (I'm
referencing the saying “make things as simple as possible but not more
simple”).

I have been testing it with toy cases to have at least some experience
with it before using it for my real backups.

Using a Git checkout of the latest release I get this warning: “Using a
pure-python msgpack! This will result in lower performance.”. Yet I have
the Debian package “python3-msgpack“. Do you know what the problem is?

Thanks.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgpYYN3Er6W6E.pgp
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

On 2017-08-20 19:37 + Glenn English  wrote:
>For me, the big drawback to Amanda was the initial configuration. It's
>huge and complex (at least it was a couple decades ago). But after
>it's all done, a cron job will run your backup(s) every night, while
>you sleep, with no problems. If you ask it to, it'll even verify the
>backup for you (an unverified backup isn't a backup, as they say).

I have taken a glance at AMANDA, and it seems indeed to be very complex.
It is great that it works for your use case, but it does not seem to be an
appropriate tool for my case. I do not need any highly sophisticated
tools. As I noted in the first message, I only want to backup a personal
computer to an USB drive.

Since I must manually connect the USB drive to make the backups, there is
no point in automatizing it with cron. Network backups are irrelevant
in my current case.

Regards and thanks.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgpTbUTJ8j8c9.pgp
Description: OpenPGP digital signature

Re: Debian live installer problems

[Mario Castelán Castro]

On 2017-08-20 14:58 -0600 Arjun Krishnan  wrote:
>On Sun, Aug 20, 2017 at 2:13 PM, Pascal Hambourg 
>wrote:
>> Also, IIRC, the ISO file must be on a FAT filesystem, because at that
>> stage the installer can only mount FAT or ISO9660.  
>
>Oh! This does make a difference, because all my linux isos were on an ext4
>filesystem. But so are the kernel and the initrd.
>
>[...]
>
>The use case in the debian installation manual
> does appear
>to cover my use case. But perhaps it doesn't work because it can only load
>a FAT filesystem?

This is incorrect. The initrd.gz and vmlinuz of “hd-image” *CAN* load from
an ext4 filesystem. That is is how I installed the system I am using right
now, as I write this message! However, I installed from the original
Stretch release (not the 9.1 release). Of course, there is a small chance
that a bug has been introduced in the latest release that prevents loading
from an ext4 file-system, but I judge the probability as very small.

>Do you know why the debian installer fails to support this, but the debian
>live cd and other ubuntu installers all manage to boot off the iso? To
>elaborate, why does loading the iso as a loop device, and then loading the
>kernel and initrd off of that work for the debian live cd, but not for the
>debian installer?

My guess is that you are not following the instructions in the Debian
installation guide complemented by my commentary. You seem to have your own
idea of how to do things, which to me appears to be your own wild guess.

For example, you say that you load the ISO with the loop option in GRUB.
Why are you doing this? GRUB does NOT need the ISO, only the vmlinuz and
initrd.gz from “hd-media”, which are (AFAIK) not found anywhere within the
ISO. The ISO contains a different initrd.gz and vmlinuz.

Let us recall the steps to install Debian 9 from a USB drive or hard
disk:

(1): Downloaded and verify “debian-9.1.0-amd64-DVD-1.iso” (from here:

or another mirror) and placed it WITHOUT renaming (I do not know if
renaming is allowed, but let us assume that it is not) in the root
directory of your ext4 partition in the USB drive.

(2): Download and verify

and
.
I described how to verify them in a previous message so I am not going to
repeat it.

(3): Copy these files to the directory within the USB drive where the GRUB
configuration files are. Probably this
is “$PATH_TO_ROOT_OF_DRIVE/boot/grub”. Set up your “grub.cfg” to load
*THESE* initrd and vmlinuz (*NOT* the ones from the ISO image).

(4): Reboot and install.

If this procedure fails, please describe the error message, or whatever
is at the screen at the moment of failure.

Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgpI1F9319Gfr.pgp
Description: OpenPGP digital signature

Re: Unable to change mouse acceleration and threshold in Stretch

[Mario Castelán Castro]

On 2017-08-21 00:26 +0500 Илья Валеев  wrote:
>It seems to work, thank you!
>
>Is there any way to configure it via GUI or another way without restart?
>The way described in Arch Wiki does not do anything.
>If not, will it be added in future Debian (or DE?) releases?

Hello.

I do not know what is the context of this message, so apologies if my
reply is out of place.

I use LXDE and I can adjust the acceleration and speed through the program
accessible in LXDE menu. It is called “mouse and keyboard preferences“ or
something like that. However, even setting the speed at minimum, it is
still too high. What I have done is to use this command:

“xinput --set-prop
"Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.28 0 0 0
0.28 0 0 0 1”

Replace 0.28 by your preferred multiplier (1 = no change; 1.123 = 12.3%
increase, et cetera) This ought to work regardless of desktop environment.
In lightdm, you can put this in “$HOME/.xsessionrc“ to run it
automatically at each log-in.
-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgpSfa7NhnDWf.pgp
Description: OpenPGP digital signature

Re: DVD won't eject after playing DVD

[Mario Castelán Castro]

On 2017-08-20 19:30 +0200 "Thomas Schmitt"  wrote:
>It is futile to start research as long as intellectual dumplings like
>  http://marc.info/?l=linux-scsi=135705061804384=2
>or
>  http://marc.info/?l=linux-scsi=14592729714=2
>are ignored.

 appears to be down.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgpkZlgfReDdG.pgp
Description: OpenPGP digital signature

Re: Debian live installer problems

[Mario Castelán Castro]

On 2017-08-20 13:36 -0400 Arjun Krishnan  wrote:
>Now grub.cfg has entries that look like this, where debian-squeeze.iso is
>on the root directory of the usb drive.

Also (again I forgot in the previous message): I was assuming that you
were trying to install Debian 9 “stretch”, not Debian 6 “Squeeze”.

In any case, I recommend to keep the file name of the ISO image as-is, in
case the initrd search for this specific file name.


pgpjLZoP0jboQ.pgp
Description: OpenPGP digital signature

Re: Debian live installer problems

[Mario Castelán Castro]

On 2017-08-20 13:36 -0400 Arjun Krishnan  wrote:
>So thinking I had the wrong initrd like you suggested, I copied the initrd
>and vmlinuz to the root partition of the usb

*Which* “initrd”? There are many of them. The ones *inside* the ISO image
does not work for loading the ISO image from an existing partition.

If you want to load the ISO image from an existing partition, you must use
the hd-media ones, which I have described already.

It is not clear to me what the current problem is. In your previous
message you mentioned what you did, but you did not mention whether it
worked or not. If it did not work, then provide details.

>> If you want to do a net install, you do not need any ISO. As the Debian
>> installation manual (which you should have at least glanced over)
>> says:
>
>I did read over it, but it doesn't seem to cover my specific situation, or
>at least Ive not been able to figure it out.

The quote in my previous message is from
“https://www.debian.org/releases/stable/amd64/ch04s04.html.en”. Doesn't
this cover your use case?

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan


pgpj7KpUCbXVN.pgp
Description: OpenPGP digital signature

Re: Debian live installer problems

[Mario Castelán Castro]

On 2017-08-20 09:59 -0600 Arjun Krishnan  wrote:
>> The installer needs to find its own ISO image. The non-live installer
>> will only search by default in the root directories of your
>> file-systems, but not in the subdirectories. Maybe this is the case
>> with the live installer as well. Try putting the ISO image in the root
>> directory (“/”). 
>It doesn't seem to be finding the iso even after moving to the root
>directory in the usb drive.
>Which iso did you use? I used the netinst iso, and the hd-media kernel and
>initrd, both of which didnt
>work.

I used the ISO of the first non-live DVD. Make sure you use an ISO of the
same release than the initrd.gz and vmlinuz.


If you want to do a net install, you do not need any ISO. As the Debian
installation manual (which you should have at least glanced over) says:

“If you intend to use the hard drive only for booting and then download
everything over the network, you should download the
netboot/debian-installer/amd64/initrd.gz file and its corresponding kernel
netboot/debian-installer/amd64/linux. This will allow you to repartition
the hard disk from which you boot the installer, although you should do so
with care.”

To download and verify the initrd.gz and vmlinuz, use my already given
instructions (I have *not* verified this variation), except that in step
(1) substitute the URIs with

and

and in step (3), substitute the command given with:

“sed -nE
'/netboot\/gtk\/debian-installer\/amd64\/(initrd.gz|linux)$/{s/^([[:xdigit:]]*).*\/([^/]*)$/\1
\2/;p}' SHA256SUMS | sha256 --strict -c”.

-
Another way, IIRC, is that you can instead extract the initrd.gz and
vmlinuz from the netinstall ISO (these also do not need the ISO image,
not even the netboot one, again IIRC). I think I did this with Debian 8,
but I do not remember the details.


pgp8hygOFNgr5.pgp
Description: OpenPGP digital signature

Re: Debian live installer problems

[Mario Castelán Castro]

On 2017-08-19 21:49 -0600 Arjun Krishnan  wrote:
>Once I get to the boot screen and try to run the graphical installer, it
>fails after loading the kernel. But the live cd does boot. However, the
>live cd that I booted above (cinnamon+nonfree) does not have a way to run
>the debian installer after it has booted.

The installer needs to find its own ISO image. The non-live installer will
only search by default in the root directories of your file-systems, but
not in the subdirectories. Maybe this is the case with the live installer
as well. Try putting the ISO image in the root directory (“/”).

I always do a new install rather than an in-place upgrade, to get rid of
the garbage, especially packages that I install and configuration files
that I write which I forget about and no longer need.

I have installed the latest 3 Debian releases (or maybe more) using the
“hd-image”

vmlinuz and initrd.gz whose purpose is to look for the ISO image in an
existing file-system and load it. Note that these are non-live installers.

The only obstacle I have found is that the procedure to verify the vmlinuz
and initrd.gz is *not* documented, so I will describe it below. You
*should* verify your initrd.gz and vmlinuz if you follow this procedure. It
is done in several steps. Change the URIs to the mirror of your choice. I
assume that you download all files to the same working directory.

Verify that the hash of 

(1): Download 
and . Install
the package “debian-archive-keyring” in your current system. Verify the
signature with “gpg --no-default-keyring
--keyring /usr/share/keyrings/debian-archive-keyring.gpg --verify
Release.gpg”.

(2): Download
.
Verify with “grep "^ $(sha256sum SHA256SUMS | cut -b
1-66).*main/installer-amd64/20170615+deb9u1/images/SHA256SUMS$" Release”.
The verification is successful if it displays a line of text from the file
“Release” and the exit status is 0.

(3): Download

and
.
Verify with “sed -nE
'/hd-media\/gtk\/(initrd.gz|vmlinuz)$/{s/^([[:xdigit:]]*).*\/([^/]*)$/\1
\2/;p}' SHA256SUMS | sha256sum --strict -c”. The verification is
successful if sha256sum exits with 0 status and prints output reporting
that the hash matches for these 2 files. This is for the graphical
installer. Remove the “/gtk” part in the URL and the sed script if you
want the text installer.

Also, I DISCOURAGE USING NON-FREE SOFTWARE BECAUSE YOU GIVE UP MUCH OF
YOUR COMPUTING AUTONOMY AND ENCOURAGE THE UNETHICAL PRACTICE OF WRITING
PROPRIETARY SOFTWARE.

Regards.


pgpI1dtqXGBNv.pgp
Description: OpenPGP digital signature

Re: i386 executables on amd64?

[Mario Castelán Castro]

On 2017-08-19 18:01 -0700 cono...@rahul.net (John Conover) wrote:
>Astonishingly, most of the Wheezy i386 executables run on the Jessie
>amd64 machine, (which came with the project.)
>
>Is this to be expected?

x86-64 CPU can run IA32 programs, even when using a OS (having explicit
support for this, of course, and GNU/Linux does), so it's not unexpected
at this point.

What surprised me is that you did not report dependency problems
with libraries running such an old software. I would have expected that
your old program would require library versions no longer available in
Debian.

Regards.



pgp8ElL8qRxi9.pgp
Description: OpenPGP digital signature

Re: Virtualbox for stretch and buster not in repos

[Mario Castelán Castro]

On 2017-08-19 20:47 +0200 Gilles Mocellin 
wrote:
>Unless you really don't wnt libvirt, you should look at virt-manager.

Thanks for the suggestion. I will take a look into libvirt in the
unlikely case that my current approach becomes insufficient in the future.
So far it works fine.

Regards.


pgpMnu7TdyUCb.pgp
Description: OpenPGP digital signature

Re: Virtualbox for stretch and buster not in repos

[Mario Castelán Castro]

On 2017-08-19 17:02 +1000 Zenaan Harkness  wrote:
>Which TUI/GUI do you use?

I do not know what is TUI. I don't use any GUI. I write Bash scripts
that call QEMU with the required options and I use “qemu-img” from the
command line when needed.

>I've been struggling to create a Host-only network. In VirtualBox
>(and VMWare from version 1 or very early) I could basically just
>tick a check box for "Host only network", and name one or more shared
>folders.

The easiest way to do this in QEMU is to use the “-net
user,restrict=on,hostfwd=...” option. The hostfwd part is optional, but you
will require if you want host–guest network connectivity.

This way, networking is handled in user space. A more efficient approach
is to use kernel-managed networking. It is my understanding that for this,
one may use the TUN and TAP virtual Linux devices, but I have never done
it.

>I realise I probably have to mount the SAMBA horse again. And for
>libre software, I'm willing to do all this.

Why do you want to use SAMBA? Install a SSH server in the guest and access
it from the host using scp, sftp or rsync. Rsync is the most efficient.


pgpv6LL_EwTJn.pgp
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

On 2017-08-18 23:53 +0100 Liam O'Toole  wrote:
>I use duplicity for exactly this scenario. See the wiki page[1] to get
>started.
>
>1: https://wiki.debian.org/Duplicity

Judging from a quick glance at that project's homepage in GNU Savannah,
this seem indeed to be the right tool for the job, but I have yet to try
it.

Thanks you very much.


pgpN7SLbQgXNO.pgp
Description: OpenPGP digital signature

Re: Virtualbox for stretch and buster not in repos

[Mario Castelán Castro]

On 2017-08-18 17:56 -0700 Patrick Bartek  wrote:
>There's always VMWare or XEN neither of which I have any real experience
>with, just read the manuals.  Never cared much for QEMU or kvm, but
>that was years ago.  Maybe, they're easier to set up and use now..

QEMU has been well documented for as long as I have cared to read
its documentation, which is at least 5 years. Of course, anything but the
most basic software is hard to “set up and use” if you do not read he
manual.


pgp4YIOLmwnFu.pgp
Description: OpenPGP digital signature

Re: Virtualbox for stretch and buster not in repos

[Mario Castelán Castro]

On 2017-08-18 18:19 -0400 RavenLX  wrote:
>On 08/18/2017 10:44 AM, Patrick Bartek wrote:
>> Virtualbox has shared folders (directory) as well as shared Clipboard.
>> You just need to install Guest Additions in the Guest OS to enable it.
>> I use both all the time.
>
>[elided]
>
>What other VM systems have these same features (which I really need)?

I have never used it, so I do not know how it works with practice,
I think that connecting to QEMU using SPICE (instead of SSH or VNC)
gives a shared clipboard among many other convenience features. Refer to
the QEMU manual for details.

Regards.


pgpU1WVGlefH1.pgp
Description: OpenPGP digital signature

Re: Virtualbox for stretch and buster not in repos

[Mario Castelán Castro]

On 2017-08-18 09:31 -0500 Mario Castelán Castro <marioxcc...@yandex.com>
wrote:
>I recommend QEMU. I must note that it features hardware acceleration (KVM
>used to be a fork of QEMU to implement this feature but it was merged
>back). Moreover, you can use SPICE <https://www.spice-space.org/> to
>display the guest windows as individual windows in the host.
>
>Regards.

I forgot something: As for sharing directories between guest and host,
this can be accomplished using the same means that one would use to share
a directory or files between machines in he same local network. I use
sftp.

I think that QEMU has a feature to make available content from the guest
to the host as a SMB directory, but I have never used it.


pgpj6JyN_pWAU.pgp
Description: OpenPGP digital signature

Re: Virtualbox for stretch and buster not in repos

[Mario Castelán Castro]

On 2017-08-18 16:25 +0200 Dejan Jocic  wrote:
>On 18-08-17, RavenLX wrote:
>> On 08/18/2017 09:14 AM, Sven Hartge wrote:  
>> I wonder if there's a replacement for VirtualBox? I need something that
>> will allow me to share a directory between host and virtual machine,
>> and to be able to go between both quickly (I don't have a dual-screen
>> system - no room where I live for that). If I could find something that
>> would work I'd switch, I think. As for my friend, he would need far
>> more features I guess (I don't know what though).
>
>qemu-kvm does not serve your needs? You can use it with GUI friendly
>virt-manager, or from command line. And switching between host and guest
>is switching between windows. As for shared directory, NFS?

I recommend QEMU. I must note that it features hardware acceleration (KVM
used to be a fork of QEMU to implement this feature but it was merged
back). Moreover, you can use SPICE  to
display the guest windows as individual windows in the host.

Regards.


pgpeAcYoJBwVt.pgp
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

On 17/08/17 15:51, to...@tuxteam.de wrote:
> On Thu, Aug 17, 2017 at 03:24:35PM -0500, Mario Castelán Castro wrote:
> [...]
> 
> But in general, folks here tend to be tolerant. And yes, there's a
> wiki entry encouraging "in-line" quoting [1].

Ah, I see. I rarely check the Debian Wiki because it is almost
abandoned. I have never found something useful there. For an example of
its state of abandonment see this fragment from that page:

“You really should see _Where is the foo package?_ above, but Debian
ships with Iceweasel, a rebranded Firefox.”

But a non-rebranded Firefox package is available in both Debian 8 and
Debian 9 (at least in the later, this is the default browse installed).

>> Bottom posting requires scrolling past text that may be not needed. Top
>> posting puts the messages in reverse chronological order, which is not
>> something bad by itself.
> 
> That's why you shoulnd't include the whole message, but snip the
> relevant parts you are answering to. Believe me, for long threads,
> this tends to work best.

Yes, except when nobody deletes the nested quotations (I do when it is
appropriate). Eventually most of the text in the messages becomes quotes.

Also, it is a problem that one loses track of who do the nested (except
the topmost) quotations belong to. Do you have any recommendation about
that?

> Yes, exactly. If someone needs the unabridged original post, it's either
> in her mailbox or in the archives.

Right, but here is a note about your wording: The great majority of
people in debian-user are male (judging by the personal names), and
moreover “he” is established as the pronoun in English when the sex is
undetermined. The use of the female pronoun “she” is situations like
this is unjustified.

> See [1] (there are also other hints on that page). Also [2] is a good
> reference.

I had read [2] in the past, but I did not find anything about posting
styles.

-

I already try to use the inline style when appropriate. I will avoid
quoting the previous message at all in the cases where formerly I would
have used top posting. This seems to be the only change necessary to
comply with your suggestions.

Regards.



signature.asc
Description: OpenPGP digital signature

Re: debian-user is only for English text

[Mario Castelán Castro]

On 17/08/17 12:58, Brad Rogers wrote:
> It's frustrating, I know, seeing all that stuff.  The regex I use to
> delete it is getting ever larger.   :-(

Maybe you can use a learning e-mail spam filter (e.g.: bogofilter,
sylfilter, or the one built into your MUA – if any). I do not know how
effective the “learning” part is, but maybe it is worth a try.

Regards



signature.asc
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

On 17/08/17 13:31, Nicolas George wrote:
> [[elided]]
> 
> No, it is the other way around: we rsync the data to a directory stored
> on a btrfs filesystem, and then we make a snapshot of that directory.
> With btrfs's CoW, only the parts of the files that have changed use
> space.

Thanks for the clarification.

> Please remember not to top-post.

Both bottom posting and top posting each have their own disadvantages.
Bottom posting requires scrolling past text that may be not needed. Top
posting puts the messages in reverse chronological order, which is not
something bad by itself.

When I explicitly want a quote to reply to a specific parts of a
message, I post after the parts, as in this message; I don't know if
that would still be considered bottom posting. When I am including the
previous message *only* for reference, I use top posting because the
previous message is also archived in the inbox of the other users, so
the quotation included for reference is of secondary importance, and
therefore IMO should go after the *important* (new) information, that
is, at the bottom.

Is there a rule, guideline or de-facto standard mandating either style
in debian-user?



signature.asc
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

Thanks for your answer.

Let me know if I understood your approach correctly. You have a
directory in a btrfs filesystem that is the target of your backups. When
you make a backup, you take a brtfs snapshot of this directory and
*then* use rsync. Is this correct?

Regards.

On 17/08/17 12:50, Nicolas George wrote:
> [[elided]]
> 
> We used a similar setup on a server, using the rsnapshot script. But we
> have users with huge mbox files that were copied entirely each time. We
> changed for a setup with normal rsync (no --link-dest) and btrfs
> snapshots, it increased the efficiency (storage and disk bandwidth)
> dramatically.
> 
> Regards,



signature.asc
Description: OpenPGP digital signature

Re: debian-user is only for English text

[Mario Castelán Castro]

On 17/08/17 12:25, Brad Rogers wrote:
> [[elided]]
> 
> The people you're addressing don't even read this list.  They're
> spammers or, even worse, (stupidly) responding to spam.

Thanks for your reply. Given that I do not understand that language, I
assumed it was an actual user.



signature.asc
Description: OpenPGP digital signature

Re: What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

On 17/08/17 12:10, Fungi4All wrote:
> [[elided]]
> Stay with rsync

Why? Isn't there a more efficient alternative?



signature.asc
Description: OpenPGP digital signature

Re: kvm/qemu virtual machine can't find hard drives

[Mario Castelán Castro]

Have you passed the appropriate options to QEMU? You *must* use “-drive
file=...”. For example “-drive file=/dev/sda”. Read the QEMU manual for
details. QEMU does not gives the the guest is access to host devices by
default; that would be a very high security risk.

On 17/08/17 12:06, Gary Roach wrote:
> Hi all,
> 
> Debian 9 (Stretch) system
> KDE Desktop
> MSI970A-G43 motherboard
> AMD FX 4350 processor - not overclocked
> 
> Ive been trying to get a virtual machine set up and have run into
> problems with both virtualbox and kvm/qemu packages. I have a very messy
> project (Elmer fem) and want things completely walled off from my
> regular system. So I opted for a virtual machine.
> 
> The kvm/qemu package seems to install properly (no errors). But when I
> try to install Debian 9 into it, the installer can't find my two hard
> drives sda and sdb. It then ask me to pick from a long list of drivers.
> I haven't been able to determine what the drivers should be for my
> system.  Sda is boot drive, 500 Gb WD160 and the there is a WD10 1 Tb,
> ext4 blank drive. Both drives show up on Dolphin so they must be mounted.
> 
> Am I missing some library or something? Any help will be greatly
> appreciated.
> 
> Gary R.
> 



signature.asc
Description: OpenPGP digital signature

debian-user is only for English text

[Mario Castelán Castro]

Please write *only English* in this mailing list. You can find
counterparts to “debian-user” in other languages in
.



signature.asc
Description: OpenPGP digital signature

What tool can I use to make efficient incremental backups?

[Mario Castelán Castro]

Hello.

Currently I use rsync to make the backups of my personal data, including
some manually selected important files of system configuration. I keep
old backups to be more safe from the scenario where I have deleted
something important, I make a backup, and I only notice the deletion
afterwards.

Each backup snapshot is stored in its own directory. There is much
redundancy between subsequent backups. I use the option "--link-dest" to
make hard links and thus save space for files that are *identical* to an
already-existing file in the backup repository. but this is still
inefficient. Any change to a file, even to its metadata (permission,
modification time, etc.), will result in the file being saved at whole,
instead of a delta.

Can you suggest a more efficient alternative?

I know about bup  but I have not used it
because it warns that “This is a very early version. Therefore it will
most probably not work for you, but we don't know why. It is also
missing some probably-critical features.”.

I also know about obnam. Unfortunately, the main author it has been
announced that it will be unmaintained because it has become a piece of
engineering, with all the ugly consequences of that, and real
engineering is “not fun” for him.

Thanks.



signature.asc
Description: OpenPGP digital signature