Re: Edit NIC Address

[Pocket]

On 1/5/24 05:41, David wrote:

On Fri, 2024-01-05 at 00:43 -0500, Felix Miata wrote:

David composed on 2024-01-04 04:30 (UTC):


With the latest Debian I'm trying to find the file to edit to
change
the IP address of a remote box, can anybody point me in the correct
direction please?



I can SSH into this box, but cannot find the file to edit.


Traditionally it would be in /etc/network/interfaces used by
ifupdown. Mine is in
/etc/systemd/network/eth0.network because I'm using systemd-networkd.
Where
NetworkMangler users keep theirs I have no information. If you can
search files in
the /etc/ tree for string 192.168. or 10.0. or 172.16. likely you'll
find it.

Thank you for the replies.

After doing a grep search for 192.168.205 I was given the
directory /etc/NetworkManager/system-connections/Wired connection
1.nmconnection::address1-192.168.205.42/24

I can go to the directory /etc/NetworkManager/system-connections/

But I cannot find the file to edit.

Can anybody help me please?

David.




The file is in /run/NetworkManager/system-connections if you haven't 
placed a configuration file in /etc/NetworkManager/system-connections


I copy the files from /run/NetworkManager/system-connections to 
/NetworkManager/system-connections after first boot.


the debian wiki has some information and here:

https://www.redhat.com/sysadmin/becoming-friends-networkmanager


--
Hindi madali ang maging ako

Re: NFS: IPV6

[Pocket]

On 1/5/24 04:54, debian-u...@howorth.org.uk wrote:

Marco Moock  wrote:

Am 04.01.2024 um 18:19:57 Uhr schrieb Pocket:


Where can I find information on how to configure NFS to use ipv6
addresses both server and client.


Does IPv6 work basically on your machine, including name resolution?

Does it work if you enter the address directly?

https://ipv6.net/blog/mounting-an-nfs-share-over-ipv6/

How does your fstab look like?


plus FWIW...

https://docs.oracle.com/cd/E23824_01/html/821-1453/ipv6-ref-71.html

"NFS software and Remote Procedure Call (RPC) software support IPv6 in a
seamless manner. Existing commands that are related to NFS services
have not changed. Most RPC applications also run on IPv6 without any
change. Some advanced RPC applications with transport knowledge might
require updates."




According to debian docs NFSServerSetup from the debian wiki

Additionally, rpcbind is not strictly needed by NFSv4 but will be
started as a prerequisite by nfs-server.service. This can be
prevented by masking rpcbind.service and rpcbind.socket.
sudo systemctl mask rpcbind.service
sudo systemctl mask rpcbind.socket

I am going to do that to use NFSv4 only.

I believe that my issue is the in the /etc/exports file but I don't know 
for sure.

I have this in the exports, ipv4 works

/srv/Multimedia 192.168.1.0/24(rw,no_root_squash,subtree_check)
/srv/Other 192.168.1.0/24(rw,no_root_squash,subtree_check)
#/home 2002:474f:e945:0:0:0:0:0/64(rw,no_root_squash,subtree_check)

I am looking for an example

I have commented out the ipv6 for now because I want to use NFSv4 only 
and after I get that working I want to get ipv6 mounts working and 
change the ipv4 mounts to use ipv6.
/srv/Multimedia and /srv/Other are root mounts and there isn't any bind 
mounts



--
Hindi madali ang maging ako

Re: NFS: IPV6

[Pocket]

On 1/5/24 03:35, Marco Moock wrote:

Am 04.01.2024 um 18:19:57 Uhr schrieb Pocket:


Where can I find information on how to configure NFS to use ipv6
addresses both server and client.


Does IPv6 work basically on your machine, including name resolution?


Yes I have bind running and ssh to the host is working



Does it work if you enter the address directly?

https://ipv6.net/blog/mounting-an-nfs-share-over-ipv6/

How does your fstab look like?




I followed some info that I found on the internet and it didn't work.

I am in the process of re-configuring NFS for V4 only.

I should have that done here shortly and I will try again to mount NFS 
mounts shortly




--
Hindi madali ang maging ako

NFS: IPV6

[Pocket]

Where can I find information on how to configure NFS to use ipv6 
addresses both server and client.


I haven't found any good information on how to do that and what I did 
find was extremely sparce.


I have NFS mounts working using ipv4 and want to change that to ipv6


--
Hindi madali ang maging ako

Re: Replace Grub with rEFInd [WAS Possibly broken Grub or initrd after updates on Testing]

[Pocket]

On 1/4/24 02:45, Richard Rosner wrote:

Wow, what a bunch of unhelpful comments.

First, if it wasn't for Eddie recommending boot-repair, "broken beyond 
repair" in fact was the very fitting term.


Second, have you maybe considered that I've already read the home page 
of rEFInd and came to the same conclusion? Besides the fact that the 
page is virtually unreadable - both from a visual and a content point of 
view - I have yet to find anything indicating what it is actually 
capable of and what not. Because as far as I can tell, it should be able 
to do what I want it to do.





Have you looked at this?

https://wiki.archlinux.org/title/REFInd

I don't know if it will help as I do not use REFInd nor have I any 
experience with it.


--
Hindi madali ang maging ako

Re: The current package wpasupplicant doesn't support WPA3-Personal authentication. What alternatives to it exist?

[Pocket]

On 1/3/24 17:57, Bret Busby wrote:

On 4/1/24 05:40, Stella Ashburne wrote:



Sent: Thursday, January 04, 2024 at 5:16 AM
From: "Anssi Saari" 
To: debian-user@lists.debian.org
Subject: Re: The current package wpasupplicant doesn't support 
WPA3-Personal authentication. What alternatives to it exist?



Are you sure? WPA3-Personal is hardly new so Bookworm should have the
support. Even the package description says that.


Could you provide me the URL to the package description please?

Thanks.

Stella
I do not know whether you have heard of the search engine named google, 
but, from doing a search of the World Wide Web, using google, the 
following are some of the first results displayed.


https://wiki.archlinux.org/title/wpa_supplicant
- "wpa_supplicant is a cross-platform supplicant with support for WPA, 
WPA2 and WPA3 (IEEE 802.11i). It is suitable for desktops, laptops and 
embedded systems. It is the IEEE 802.1X/WPA component that is used in 
the client stations. It implements key negotiation with a WPA 
authenticator and it controls the roaming and IEEE 802.11 
authentication/association of the wireless driver."


https://w1.fi/wpa_supplicant/
- "Linux WPA/WPA2/WPA3/IEEE 802.1X Supplicant

wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows 
with support for WPA, WPA2 (IEEE 802.11i / RSN), and WPA3. It is 
suitable for both desktop/laptop computers and embedded systems. 
Supplicant is the IEEE 802.1X/WPA component that is used in the client 
stations. It implements key negotiation with a WPA Authenticator and it 
controls the roaming and IEEE 802.11 authentication/association of the 
wlan driver.


wpa_supplicant is designed to be a "daemon" program that runs in the 
background and acts as the backend component controlling the wireless 
connection. wpa_supplicant supports separate frontend programs and a 
text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with 
wpa_supplicant."


and, of course, ...

https://en.wikipedia.org/wiki/Wpa_supplicant
- "wpa_supplicant is a free software implementation of an IEEE 802.11i 
supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, 
Solaris, OS/2 (including ArcaOS and eComStation)[2] and Haiku.[3] In 
addition to being a WPA3 and WPA2 supplicant, it also implements WPA and 
older wireless LAN security protocols.

Features

Features include:[4]

     WPA-PSK and WPA2-PSK ("WPA-Personal", pre-shared key)
     WPA3[5]
     WPA with EAP ("WPA-Enterprise", for example with RADIUS 
authentication server)

     RSN: PMKSA caching, pre-authentication
     IEEE 802.11r
     IEEE 802.11w
     Wi-Fi Protected Setup (WPS)

Included with the supplicant are a GUI and a command-line utility for 
interacting with the running supplicant. From either of these interfaces 
it is possible to review a list of currently visible networks, select 
one of them, provide any additional security information needed to 
authenticate with the network (for example, a passphrase, or username 
and password) and add it to the preference list to enable automatic 
reconnection in the future."






Are you comparing the same package/version arch to debian?  The debian 
one may not be the latest and the arch is almost always the latest.



--
Hindi madali ang maging ako

Re: No Sound With Bookworm

[Pocket]

On 12/26/23 20:04, Thomas George wrote:
Pulseaudio Volume control shows a strong signal audio output but 
nothing reaches the speakers.


This must be a well known problem but I can't find the answer.

Please help

Tom George

I had the same issue with bookworm also. I am using LXQT and pav was not 
setup to output sound to the proper device.


On my system it had two output devices one to send audio through the 
sound card and another to use HDMI.  My speaker are connected to the 
HDMI so I needed to use that. Also make sure the proper audo device is 
not set as backup.





--
Hindi madali ang maging ako

Re: Help: network abuse

[Pocket]

Sent from my iPhone

> On Dec 23, 2023, at 4:53 PM, Tim Woodall  wrote:
> 
> On Sat, 23 Dec 2023, David Christensen wrote:
>> Sending a RST to a falsified IP address would make the sending host into an 
>> attacker by proxy.  Why do you suggest it?
>> 
> Because the OP wants it to stop. And the OP is running a server on this
> port that is clearly not responding properly or we'd at least see the
> syn+ack. Perhaps it cannot keep up with the connections.
> 
> So the op needs to tell the problem clients to stop retrying.
> 
> If it's malicious traffic then there's nothing the op can do to stop it
> except get a new ip or get their ISP to drop it before it gets to them.
> 
> The op can try icmp port unreachable too. But that tells the client
> there's no server, rather than there's a tcp problem.
> 
> If it's not a bandwidth problem then the op should just ignore it.
> 
> Nobody, but nobody is going to send traffic to some random host with a
> fake source ip in the hopes someone will notice and start sending RST
> some tine later to that address instead of continuing to drop it.
> 

I have a web server on my network. 
I have a firewall on it that only accepts traffic from my internal network.  
Therefore no knows it exists from the outside.  That may not work for the op,  
but his complaint was port 80 traffic to his personal pc.  Which should not 
have a web server running on it.  
You can not do much about scans etc but you can restrict traffic to servers 
only to your internal traffic.   That was my one of my points in stating his 
firewall wasn’t setup properly,  the other is  the firewall blocking icmp and 
conpany.  I use to do that many years ago and it resulting in 1/2 connections.

Re: Synaptic Problem

[Pocket]

On 12/23/23 12:00, Stephen P. Molnar wrote:



On 12/23/2023 10:20 AM, Pocket wrote:

On 12/23/23 09:13, Stephen P. Molnar wrote:

Thanks for your reply. Please see belowl


On 12/23/2023 08:44 AM, Andrew M.A. Cater wrote:

On Sat, Dec 23, 2023 at 08:34:16AM -0500, Stephen P. Molnar wrote:
I installed VMware-Player-Full-17.5.0-22583795.x86_64.bundle 
without any

problems.

Wen I tried to run the app using the run icon I got the error:

Failed to execute./update command "@@BINAR@@".
railed to execute child process "@@BINARY@@" (No sudh file or 
directory)


So, I uninstalled the program:


Did you check the directories afterwards, removing any files you found
related to vmware?


root@AbNormal:/usr/bin# vmware-installer --list-products
Product Name Product Version
 
vmware-player    17.5.0.22583795
root@AbNormal:/usr/bin# vmware-installer -u vmware-player
All configuration information is about to be removed. Do you wish to
keep your configuration files? You can also input 'quit' or 'q' to
cancel uninstallation. [yes]: no

Uninstalling VMware Installer 3.1.0
 Deconfiguring...
[##]
100%
Uninstallation was successful.
root@AbNormal:/usr/bin#


That looks like a success ...


However, I have a bit of a problem, when I attempt:

(base) comp@AbNormal:~$ sudo apt update
[sudo] password for comp:
Hit:1 http://security.debian.org/debian-security bookworm-security 
InRelease

Hit:2 http://debian.uchicago.edu/debian bookworm InRelease
Hit:3 http://debian.uchicago.edu/debian bookworm-updates InRelease
Hit:4 https://repo.skype.com/deb stable InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://repo.skype.com/deb/dists/stable/InRelease: Key is stored in
legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION
section in apt-key(8) for details.
(base) comp@AbNormal:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: The package virtualbox-7.0 needs to be reinstalled, but I can't 
find an

archive for it.
(base) comp@AbNormal:~$


If you were using virtualbox before vmware, could this be left over?
Virtualbox has been removed from Debian stable versions - see
https://wiki.debian.org/VirtualBox but I think you could pick it up 
from

Oracle.

If you've nothing that depends on either particularly, I'd recommend
virt-manager and the kvm/qemu universe.

Andy



Please advise.

Thanks in advance.

--
Stephen P. Molnar, Ph.D.
https://insilicochemistry.net
(614)312-7528 (c)
Skype:  smolnar1

Actually, I am using the QEM/KVM virt-manager programs for Windows 10 
and an very happy with them. However, right now I'm hung up on 
accessing the host and the internet from the Windows guest. I was 
hoping to get som insight from VMWare as to a solution.


My major problem is, because of the problem with VMWare Player, I 
can.t use Synaptic or apt to update and upgrade Bookworm.




This my shed some light on the subject

Try this

dpkg --verify


for example running on my system.
dpkg --verify
??5?? c /etc/skel/.bashrc
??5?? c /etc/initramfs-tools/update-initramfs.conf
??5?? c /etc/plymouth/plymouthd.conf
??5?? c /etc/systemd/logind.conf
??5?? c /etc/NetworkManager/NetworkManager.conf
??5?? c /etc/sudoers.d/010_pi-nopasswd
??5?? c /etc/wayfire/greeter.ini
??5??   /usr/share/firefox/distribution/distribution.ini
missing /usr/share/X11/xorg.conf.d/99-fbturbo.conf
??5?? c /etc/default/useradd
??5?? c /etc/dphys-swapfile
??5?? c /etc/login.defs
??5?? c /etc/lightdm/lightdm.conf

I have spoken



   What can you tell me about this?

comp@AbNormal:~$ dpkg --verify
??5?? c /etc/mime.types
?   /usr/lib/cups/backend/implicitclass
missing /etc/polkit-1/localauthority/10-vendor.d (Permission denied)
missing /etc/polkit-1/localauthority/20-org.d (Permission denied)
missing /etc/polkit-1/localauthority/30-site.d (Permission denied)
missing /etc/polkit-1/localauthority/50-local.d (Permission denied)
missing /etc/polkit-1/localauthority/90-mandatory.d (Permission denied)
missing /usr/share/polkit-1/rules.d/49-polkit-pkla-compat.rules 
(Permission denied)

missing /var/lib/polkit-1/localauthority (Permission denied)
missing /var/lib/polkit-1/localauthority/10-vendor.d (Permission 
denied)

missing /var/lib/polkit-1/localauthority/20-org.d (Permission denied)
missing /var/lib/polkit-1/localauthority/30-site.d (Permission denied)
missing /var/lib/polkit-1/localauthority/50-local.d (Permission denied)
missing /var/lib/polkit-1/localauthority/90-mandatory.d (Permission 
denied)

missing /var/log/apt
missing /usr/share/polkit-1/rules.d/libvirt-dbus.rules (Permission 
denied)

missing /usr/share/icons/hicolor/22x

Re: Synaptic Problem

[Pocket]

On 12/23/23 09:13, Stephen P. Molnar wrote:

Thanks for your reply. Please see belowl


On 12/23/2023 08:44 AM, Andrew M.A. Cater wrote:

On Sat, Dec 23, 2023 at 08:34:16AM -0500, Stephen P. Molnar wrote:

I installed VMware-Player-Full-17.5.0-22583795.x86_64.bundle without any
problems.

Wen I tried to run the app using the run icon I got the error:

Failed to execute./update command "@@BINAR@@".
railed to execute child process "@@BINARY@@" (No sudh file or directory)

So, I uninstalled the program:


Did you check the directories afterwards, removing any files you found
related to vmware?


root@AbNormal:/usr/bin# vmware-installer --list-products
Product Name Product Version
 
vmware-player    17.5.0.22583795
root@AbNormal:/usr/bin# vmware-installer -u vmware-player
All configuration information is about to be removed. Do you wish to
keep your configuration files? You can also input 'quit' or 'q' to
cancel uninstallation. [yes]: no

Uninstalling VMware Installer 3.1.0
 Deconfiguring...
[##]
100%
Uninstallation was successful.
root@AbNormal:/usr/bin#


That looks like a success ...


However, I have a bit of a problem, when I attempt:

(base) comp@AbNormal:~$ sudo apt update
[sudo] password for comp:
Hit:1 http://security.debian.org/debian-security bookworm-security 
InRelease

Hit:2 http://debian.uchicago.edu/debian bookworm InRelease
Hit:3 http://debian.uchicago.edu/debian bookworm-updates InRelease
Hit:4 https://repo.skype.com/deb stable InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://repo.skype.com/deb/dists/stable/InRelease: Key is stored in
legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION
section in apt-key(8) for details.
(base) comp@AbNormal:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: The package virtualbox-7.0 needs to be reinstalled, but I can't 
find an

archive for it.
(base) comp@AbNormal:~$


If you were using virtualbox before vmware, could this be left over?
Virtualbox has been removed from Debian stable versions - see
https://wiki.debian.org/VirtualBox but I think you could pick it up from
Oracle.

If you've nothing that depends on either particularly, I'd recommend
virt-manager and the kvm/qemu universe.

Andy



Please advise.

Thanks in advance.

--
Stephen P. Molnar, Ph.D.
https://insilicochemistry.net
(614)312-7528 (c)
Skype:  smolnar1

Actually, I am using the QEM/KVM virt-manager programs for Windows 10 
and an very happy with them. However, right now I'm hung up on accessing 
the host and the internet from the Windows guest. I was hoping to get 
som insight from VMWare as to a solution.


My major problem is, because of the problem with VMWare Player, I can.t 
use Synaptic or apt to update and upgrade Bookworm.




This my shed some light on the subject

Try this

dpkg --verify


for example running on my system.
dpkg --verify
??5?? c /etc/skel/.bashrc
??5?? c /etc/initramfs-tools/update-initramfs.conf
??5?? c /etc/plymouth/plymouthd.conf
??5?? c /etc/systemd/logind.conf
??5?? c /etc/NetworkManager/NetworkManager.conf
??5?? c /etc/sudoers.d/010_pi-nopasswd
??5?? c /etc/wayfire/greeter.ini
??5??   /usr/share/firefox/distribution/distribution.ini
missing /usr/share/X11/xorg.conf.d/99-fbturbo.conf
??5?? c /etc/default/useradd
??5?? c /etc/dphys-swapfile
??5?? c /etc/login.defs
??5?? c /etc/lightdm/lightdm.conf

I have spoken

Re: systemd and timezone

[Pocket]

On 12/23/23 01:00, David Wright wrote:

On Fri 22 Dec 2023 at 18:52:09 (-0500), Pocket wrote:

On 12/22/23 18:04, David Wright wrote:

On Fri 22 Dec 2023 at 16:16:07 (-0500), Greg Wooledge wrote:

On Fri, Dec 22, 2023 at 08:59:42PM +0100, Sven Joachim wrote:

1. https://bugs.debian.org/803144
2. https://bugs.debian.org/346342

Wow, OK.  Fascinating historical context in there.

I've updated <https://wiki.debian.org/TimeZoneChanges>.  I believe it's
correct now, for both current and historic systems, although I can't
swear to the pre-Etch stuff.

Another bug at:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726256

* copy /etc/localtime instead of symlinking (Closes: #726256)


 From the email I got from Lennart

CHANGES WITH 255:

     Announcements of Future Feature Removals and Incompatible Changes:

     * Support for split-usr (/usr/ mounted separately during late boot,
   instead of being mounted by the initrd before switching to
the rootfs)
   and unmerged-usr (parallel directories /bin/ and /usr/bin/,
/lib/ and
   /usr/lib/, …) has been removed. For more details, see:
https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html


     * Support for System V service scripts is now deprecated and
will be
   removed in a future release. Please make sure to update your
software
   *now* to include a native systemd unit file instead of a legacy
   System V script to retain compatibility with future systemd
releases.

So that bug is m[oot]


It's not the bug, but changes in /etc/localtime that are the concern
of this thread, ± side-effects on the importance of /etc/timezone.
It appears that Debian has switched between /etc/localtime being
a regular file and a symlink several times.

BTW, I think Debian is somewhat behind Lennart, as even bookworm
is AFAIK only up to 252. As for SysV, my bullseye has 39 scripts
in /etc/init.d/, and there are still plenty with bookworm.

Cheers,
David.




My point is that systemd will not support a split /usr.
Also /etc/localtime should be a symlink as per the standard.
The "dangling  symlink" in the bug report shouldn't ot isn't dangling.

It is a failure of debian, /usr/ not being mounted in the initrd.
That is what should/needs be fixed.

It also is quite meaningless that you have sysV scripts, They are going 
to be NOT supported in the future. debian either has to keep systemd at 
an old version or remove the sysv scripts as they will no longer be 
supported.  There is really no choice in the matter.


I have spoken

Re: systemd and timezone

[Pocket]

On 12/22/23 18:04, David Wright wrote:

On Fri 22 Dec 2023 at 16:16:07 (-0500), Greg Wooledge wrote:

On Fri, Dec 22, 2023 at 08:59:42PM +0100, Sven Joachim wrote:

1. https://bugs.debian.org/803144
2. https://bugs.debian.org/346342

Wow, OK.  Fascinating historical context in there.

I've updated .  I believe it's
correct now, for both current and historic systems, although I can't
swear to the pre-Etch stuff.

Another bug at:

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726256

* copy /etc/localtime instead of symlinking (Closes: #726256)

Cheers,
David.


From the email I got from Lennart


CHANGES WITH 255:

    Announcements of Future Feature Removals and Incompatible Changes:

    * Support for split-usr (/usr/ mounted separately during late boot,
  instead of being mounted by the initrd before switching to 
the rootfs)
  and unmerged-usr (parallel directories /bin/ and /usr/bin/, 
/lib/ and

  /usr/lib/, …) has been removed. For more details, see:
https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html


    * Support for System V service scripts is now deprecated and 
will be
  removed in a future release. Please make sure to update your 
software

  *now* to include a native systemd unit file instead of a legacy
  System V script to retain compatibility with future systemd 
releases.



So that bug is mute



--
Hindi madali ang maging ako

Re: systemd and timezone

[Pocket]

On 12/22/23 18:04, David Wright wrote:

On Fri 22 Dec 2023 at 16:16:07 (-0500), Greg Wooledge wrote:

On Fri, Dec 22, 2023 at 08:59:42PM +0100, Sven Joachim wrote:

1. https://bugs.debian.org/803144
2. https://bugs.debian.org/346342

Wow, OK.  Fascinating historical context in there.

I've updated .  I believe it's
correct now, for both current and historic systems, although I can't
swear to the pre-Etch stuff.

Another bug at:

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726256

* copy /etc/localtime instead of symlinking (Closes: #726256)

Cheers,
David.



Systemd no longer supports a split /usr



--
Hindi madali ang maging ako

Re: Test

[Pocket]

On 12/22/23 16:08, Tixy wrote:

On Fri, 2023-12-22 at 12:15 -0500, Pocket wrote:

This is a test of the emergency broadcast system


Please stop spamming the 1000 or so people subscribed to this list.



I am not spamming this list I am trying to determine if my email setup 
is working.

Test

[Pocket]

This is a test of the emergency broadcast system

Re: Help: network abuse

[Pocket]

On 12/21/23 13:04, Alain D D Williams wrote:

On Thu, Dec 21, 2023 at 11:39:40AM -0500, Pocket wrote:

On 12/21/23 10:50, Alain D D Williams wrote:

It is NOT a firewall issue.


If I am correct you don't want any thing from the outside to hit your web
server?

The words "web server" is ambiguous. It can mean my machine, ie can me the
Apache process. The packets are hitting the machine (evidence tcpdump) but not
the process (as the TCP startup does not complete).


If so your firewall is not configured correctly.

You have failed to understand what is happening.



Well yes, I guess so, that is why I don't have the issue you do and I 
don't have any unwanted traffic on my network to any system.





I shall stop after this.


--
Hindi madali ang maging ako

Re: Help: network abuse

[Pocket]

On 12/21/23 10:50, Alain D D Williams wrote:

On Thu, Dec 21, 2023 at 10:31:06AM -0500, Pocket wrote:


All you should be seeing is scans which you can not prevent.

I am looking at incoming packets with tcpdump. This sees packets *before* they
are filtered by iptables.


What are you using for a firewall?

Something hand rolled. Reasonably complicated (over 300 rules) as it deals
with: internet, VPN, DMZ, internal network for virtual machines.

It is NOT a firewall issue.



If I am correct you don't want any thing from the outside to hit your 
web server?


If so your firewall is not configured correctly.





It is my belief that your firewall is NOT setup correctly and that is why
you are seeing the traffic.

My firewall *cannot* deal with packets before they hit my machine. They only
hit my machine after they have arrived over broadband.

The only thing that I might be able to do is to somehow prevent discovery that 
my
machine is listening on port 80 -- that would mean somehow distinguishing
between a genuine visitor and one that is mapping the Internet to later pass
that map somewhere else which generates the unwanted traffic that I see.



Which points to your firewall not being correct.



Amazon AWS system. should not be able to hit your http server, unless you
want it to.

How do I distinguish between wanted & unwanted connections. The only thing that
I can think of is to DROP incoming packets if the source port is 80 or 443 -
which would disrupt the mapping process.

However: if the mapping process uses normal TCP (ie high/random port number)
this would do little.


What mapping process?


--
Hindi madali ang maging ako

Re: Help: network abuse

[Pocket]

On 12/21/23 10:24, Alain D D Williams wrote:

On Thu, Dec 21, 2023 at 10:11:08AM -0500, Pocket wrote:


Use a firewall and set it up correctly.

That I have done.

The issue is broadband usage - ie before it hits the firewall.



All you should be seeing is scans which you can not prevent.

What are you using for a firewall?

Show your firewall setup

It is my belief that your firewall is NOT setup correctly and that is 
why you are seeing the traffic.


Amazon AWS system. should not be able to hit your http server, unless 
you want it to.






Assuming a residential environment.

Firewall the router and server(s) as well as all the client machines.

I have nginx, dovecot and exim4 and other daemons running on my network
servers.

Most, (includes many of the ones here) don't have a firewall properly
configured. Nor do they understand how to properly configure a firewall.

You will still get scanned but there is little you can do about that.

--

Hindi madali ang maging ako


--
Hindi madali ang maging ako

Re: Could we please cease this thread now? [WAS Re: lists]

[Pocket]

On 12/21/23 09:46, Brad Rogers wrote:

On Thu, 21 Dec 2023 09:25:26 -0500
Pocket  wrote:

Hello Pocket,


 Forwarded Message 

Putting a private message on the list, without sender's consent, is very
rude indeed.  Given that it was announced by sender beforehand that they
would reply privately, I'm absolutely certain they did not agree to the
message being forwarded here.

May you live in interesting times. (ancient insult)


Then don't hit and hide.

--
Hindi madali ang maging ako

Re: Help: network abuse

[Pocket]

On 12/21/23 09:58, Alain D D Williams wrote:

On Thu, Dec 21, 2023 at 01:39:53PM +, Andy Smith wrote:


Okay well 30KiB/s is only about 78GiB/month which isn't really a
lot. I think we're both in UK and it's been hard to find a domestic
Internet connection that you'd run a web server on that can't cope
with 78G/mo. So ignoring it seems okay.

I have been with my ISP for 14 years (moved to get IPv6), for various reasons I
cannot change to a tariff that will give me anything like that (their support
has also fallen through the floor) - I need to change (& the landline) and then
I prolly would not care. Andrews & Arnold and Zen seem recommended.


You say these never complete a TCP handshake even though you do run
Apache on port 80? If so, it does make me wonder what they are
trying to do.

They might be trying to hijack an existing TCP connection or, even simpler,
cause my machine problems by having many, many 1/2 set up TCP connections
(which uses memory until they expire).



Use a firewall and set it up correctly.

Assuming a residential environment.

Firewall the router and server(s) as well as all the client machines.

I have nginx, dovecot and exim4 and other daemons running on my network 
servers.


Most, (includes many of the ones here) don't have a firewall properly 
configured. Nor do they understand how to properly configure a firewall.


You will still get scanned but there is little you can do about that.

--

Hindi madali ang maging ako

Fwd: Could we please cease this thread now? [WAS Re: lists]

[Pocket]

 Forwarded Message 
Subject:Re: Could we please cease this thread now? [WAS Re: lists]
Date:   Thu, 21 Dec 2023 14:15:23 +
From:   Andy Smith 
Reply-To:   a...@strugglers.net
To: Pocket 



Hello,

[off-list]

On Thu, Dec 21, 2023 at 08:58:28AM -0500, Pocket wrote:

On 12/21/23 08:49, Andy Smith wrote:
> On Thu, Dec 21, 2023 at 07:35:44AM -0500, Pocket wrote:
> > On 12/21/23 06:32, Andy Smith wrote:
> > > On Thu, Dec 21, 2023 at 05:44:23AM -0500, Pocket wrote:
> > > > Maybe I should not post at all?
> > > Unless you are able to do better at it, that is a solution that I
> > > for one am in favour of.
> > So I see that I am not welcome here.
> You refuse to do better - got it.

I see you didn't answer my question, That is not surprising.


None of them were worth answering. You've made your choice to be an
argumentative troll to people who are trying to help you.


What is your official capacity for debian?


None. Just a user. As are most of the people helping you on
debian-user.


Are you the moderator here?


Nope. There aren't really any. Andy Cater is a Debian Developer and
member of the Community Team and asks people to moderate their
behaviour from time to time. That's about all there is.


Are you the mailing list cops?


No. My request was a personal one, hence the "I for one" bit.

So now you've established that I have no authority to require you to
behave decently, and you've let us all know that you're done with
Debian, we can all go our separate ways yes?

Andy

Did I force you into reading and of the posts here?

You could have skipped them as I have for other threads posted here.

--
https://bitfolk.com/  -- No-nonsense VPS hosting

Re: Could we please cease this thread now? [WAS Re: lists]

[Pocket]

On 12/21/23 09:10, Hanno 'Rince' Wagner wrote:

Hi Pocket,

On Thu, 21 Dec 2023, Pocket wrote:


What is your official capacity for debian?

This is the mailinglist debian-user, where User help User with their
problems. Mainly Desktop-related some server-related. but this is a
user (in the sense of consumer, not developer) list.

so most people writing and reading here are just like you - User of
the Linux-Distribution.



Actually I develop custom GNU/Linux OS on the Raspberry Pi platform. my 
work is on the internet in a github type public repository.


I had a thought that I would move to debian and help debian support the 
Raspberry pi platform better , but it seems I have been grossly mistaken 
in that belief.


I moved my amd64 system to debian and it appears that was a mistake.  I 
will be correcting that miss step after Christmas and 
changing/rebuilding my cross compiler to use Archlinux instead of debian.



--
Hindi madali ang maging ako

Re: Could we please cease this thread now? [WAS Re: lists]

[Pocket]

On 12/21/23 08:49, Andy Smith wrote:

On Thu, Dec 21, 2023 at 07:35:44AM -0500, Pocket wrote:

On 12/21/23 06:32, Andy Smith wrote:

On Thu, Dec 21, 2023 at 05:44:23AM -0500, Pocket wrote:

Maybe I should not post at all?

Unless you are able to do better at it, that is a solution that I
for one am in favour of.

So I see that I am not welcome here.

You refuse to do better - got it.

Andy



I see you didn't answer my question, That is not surprising.



What is your official capacity for debian?


Are you the moderator here?


Are you the mailing list cops?

--
Hindi madali ang maging ako

Re: Could we please cease this thread now? [WAS Re: lists]

[Pocket]

On 12/21/23 06:32, Andy Smith wrote:

On Thu, Dec 21, 2023 at 05:44:23AM -0500, Pocket wrote:

Maybe I should not post at all?

Unless you are able to do better at it, that is a solution that I
for one am in favour of.

Andy



So I see that I am not welcome here.

Ok fine, I will take my leave and move on to another distro, since the 
folks here seem top be quite hostile.


My intention was to meld the raspios to debian to bring debian to be 
able to run better on the raspberry pi platform.


I use just starting to learn how to package software under debian, now 
it seems that I would be foolish to waste time doing that.


I will remove debian from my amd64 system and replace it with ArchLinux 
and return to developing my custom OS for the raspberry pi platform.


I don't want to waste any more time here.


BTW:

What is your official capacity for debian?

--

Hindi madali ang maging ako

Re: Could we please cease this thread now? [WAS Re: lists]

[Pocket]

Sent from my iPad

> On Dec 21, 2023, at 5:37 AM, Andrew M.A. Cater  wrote:
> 
> On Wed, Dec 20, 2023 at 06:57:50PM -0500, Pocket wrote:
>> 
> 
> Could we please stop the thread now? You appear to be talking past each
> other at this point. Various suggestions as to the nature of the problem
> and possible solutions have been put forward - it is absolutely for you
> to choose whatever you wish to do but can we please end the discussion now.
> 
> The aim in this list is to be constructive and helpful - sometimes lengthy
> threads wear that thin.
> 
> Andy
> 

Maybe I should not post at all?

I have spoken

Re: wireless broadband providers exist

[Pocket]

On 12/20/23 20:45, Jeffrey Walton wrote:

On Wed, Dec 20, 2023 at 8:04 PM Pocket  wrote:


On 12/20/23 19:48, The Wanderer wrote:

On 2023-12-20 at 19:39, Felix Miata wrote:

Pocket composed on 2023-12-20 17:55 (UTC-0500):

Actually I can not change as the ISP has exclusive rights to the high
speed internet in the area I reside in.

No other providers are allowed.

That could be a historical concept, depending exactly on where you live. Some of
us mericans who formerly had no access to real broadband except via 
prohibitively
expensive, high latency satellite dish now have broadband provided wirelessly. 
All
the big cablecos have been slowly rolling it out. The areas covered are limited,
with limited overlap among providers. The targets so far have been mostly areas
unserved by traditional cable, but there is overlap. Maybe you should check with
T-Mobile:
https://www.allconnect.com/local/oh/columbus

It is my understanding that there are (or at least have been, and I know
of no reason for this to have changed) some apartment buildings, et
cetera, in which there is a provision of the tenancy agreement (or
whatever else applies) requiring that Internet service be exclusively
through the provider chosen by the management of the apartment building.

(The question of motivations for doing this, on the part of both the
management and the provider, I leave un-discussed for at least the time
being.)

If that is correct, and if Pocket resides in such an environment, then
it is possible that even if wireless "high-speed" Internet access could
in a technical sense work in that area it might be prohibited in a
contractual sense.

You are exactly correct

wireless "high-speed" Internet access is prohibited as stated in the agreement 
(made in the year 1995) between city council and time warner who was bought out by 
charter/spectrum

This does not pass the sniff test (to me). Service providers are
usually not allowed to enter into those types of agreements because it
is anti-competitive for the consumer. I know the FCC forbids it
between landlords and service providers in multi-tenant environments
(MTEs). See 
<https://www.fcc.gov/consumers/guides/consumer-faq-rules-service-providers-multiple-tenant-environments>.


This is the entire city and outside area.

What you posted is about buildings

From your link

Apartments, condominiums, and office buildings are homes and workplaces 
for millions of Americans. To promote competition and consumer choice, 
the FCC regulates access to telecommunications, cable, and broadband 
services in these "multiple tenant environments," or MTEs for short. 
These rules regulate the kinds of agreements service providers may enter 
into with landlords and prohibit certain anti-competitive arrangements. 
Additional rules recently went into effect that place new obligations 
and restrictions on service providers in MTEs.


If you are tenant in an MTE, or own or manage one, check out the FAQ 
below, along with the overview of new FCC rules for MTEs, to gain a 
better understanding of how you may be affected.





I would probably contact the FCC and see what their [the FTC] position
is when a city attempts to grant a monopoly to a service provider.



Well it was 28 years ago




I also fail to see what a mail service provider has to do with your
internet service provider. They are different services, and one should
not affect the other. If you use Spectrum for internet access, then
that's your business. It does not affect your decision to use Yahoo or
Hotmail for your email service.


I didn't say it did

I have spoken

--
Hindi madali ang maging ako

Re: wireless broadband providers exist

[Pocket]

On 12/20/23 20:28, Felix Miata wrote:

Pocket composed on 2023-12-20 19:55 (UTC-0500):


Felix Miata wrote:

Pocket composed on 2023-12-20 17:55 (UTC-0500):

Actually I can not change as the ISP has exclusive rights to the high
speed internet in the area I reside in.

That's how it was where I live now when I moved here, where all utilities except
satellite dishes and TV antennas are underground. It still applies for wired
broadband, but now there's wireless to compete with it.


No other providers are allowed.

That could be a historical concept, depending exactly on where you live. Some of
us mericans who formerly had no access to real broadband except via 
prohibitively
expensive, high latency satellite dish now have broadband provided wirelessly. 
All
the big cablecos have been slowly rolling it out. The areas covered are limited,
with limited overlap among providers. The targets so far have been mostly areas
unserved by traditional cable, but there is overlap. Maybe you should check with
T-Mobile:
https://www.allconnect.com/local/oh/columbus

I already have and the can not provide service
This is the only provider available as per their site

Google some more. That is not the only site that purports to show available
providers by area. If you have a mobile phone, ask that company when it intends 
to
provide broadband where you live, if it doesn't advertise it already.


Spectrum
<https://www.allconnect.com/wp-content/uploads/2021/05/Spectrum_RA.png>Spectrum
Internet

...

Should I go with spectrum?

Here in Florida, @*.rr.com email addresses, as yours appears to be, belong to
Spectrum subscribers. Who is your ISP now?


spectrum

I have spoken

--

Hindi madali ang maging ako

Re: wireless broadband providers exist

[Pocket]

On 12/20/23 19:48, The Wanderer wrote:

On 2023-12-20 at 19:39, Felix Miata wrote:


Pocket composed on 2023-12-20 17:55 (UTC-0500):


Actually I can not change as the ISP has exclusive rights to the high
speed internet in the area I reside in.

No other providers are allowed.

That could be a historical concept, depending exactly on where you live. Some of
us mericans who formerly had no access to real broadband except via 
prohibitively
expensive, high latency satellite dish now have broadband provided wirelessly. 
All
the big cablecos have been slowly rolling it out. The areas covered are limited,
with limited overlap among providers. The targets so far have been mostly areas
unserved by traditional cable, but there is overlap. Maybe you should check with
T-Mobile:
https://www.allconnect.com/local/oh/columbus

It is my understanding that there are (or at least have been, and I know
of no reason for this to have changed) some apartment buildings, et
cetera, in which there is a provision of the tenancy agreement (or
whatever else applies) requiring that Internet service be exclusively
through the provider chosen by the management of the apartment building.

(The question of motivations for doing this, on the part of both the
management and the provider, I leave un-discussed for at least the time
being.)

If that is correct, and if Pocket resides in such an environment, then
it is possible that even if wireless "high-speed" Internet access could
in a technical sense work in that area it might be prohibited in a
contractual sense.


You are exactly correct

wireless "high-speed" Internet access is prohibited as stated in the 
agreement (made in the year 1995)between city council and time warner 
who was bought out by charter/spectrum


This is the way

--
Hindi madali ang maging ako

Re: wireless broadband providers exist

[Pocket]

On 12/20/23 19:39, Felix Miata wrote:

Pocket composed on 2023-12-20 17:55 (UTC-0500):


Actually I can not change as the ISP has exclusive rights to the high
speed internet in the area I reside in.

No other providers are allowed.

That could be a historical concept, depending exactly on where you live. Some of
us mericans who formerly had no access to real broadband except via 
prohibitively
expensive, high latency satellite dish now have broadband provided wirelessly. 
All
the big cablecos have been slowly rolling it out. The areas covered are limited,
with limited overlap among providers. The targets so far have been mostly areas
unserved by traditional cable, but there is overlap. Maybe you should check with
T-Mobile:
https://www.allconnect.com/local/oh/columbus



I already have and the can not provide service


This is the only provider available as per their site

Spectrum 
<https://www.allconnect.com/wp-content/uploads/2021/05/Spectrum_RA.png>Spectrum 
Internet


Available speeds

Contract length

None

Data caps

None

Plans starting at

*$49.99/mo.*

*
*

Should I go with spectrum?

I have spoken


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 18:41, John Hasler wrote:

pocket writes:

I never implied that, only that the ISP services are spectrum only in the
area I live.

No Starlik?  In any case what ISP you use is unrelated to what email
provider you use. I use pobox.com, but there are others.


No starlink

I have spoken

--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 17:59, gene heskett wrote:

On 12/20/23 14:14, Marco Moock wrote:

Am 20.12.2023 um 14:04:41 Uhr schrieb Pocket:


I have emails from other lists and personal email from other with the
same time frame

So in this case it was not because the email box/account was not
available.


Are you really that thick as a brick that you don't understand that
this is specific to the sender IP, in that case the Debian mailinglist
server?


That only leaves the number of sessions that were opened.

How many sessions were opened sending that one email?


Only one can be opened for that.
But multiple connections might exist for multiple mails, maybe also for
different users.

Your ISP blocks those with a hard error and that is the fault.

There is no hard limit in the SMTP RFC.
Your mailbox provider is the fault here.


second question does bendel.debian.org handle all the mail for all
debian lists?


There are other servers too that handle some mailing lists (e.g. for
bug reports), but bendel handles the "normal" Debian mailing lists that
end with @lists.debian.org.



And could that be the reason to multiple sessions were opened from
debian list servers?


No, the reason is that SMTP doesn't specify that only a special
amount of connections can be established, but your provider enforces
that and give back a hard fail (5xx error).
If your mailbox provider handled that properly, it gave a 4xx error, so
bendel tries it again after a certain amount of time.


If that is the case then why no bounces occurred for the other lists


Ask your mailbox provider for the logs to find out, we can't tell you.

I think I need to point out that this email service DOES NOT HAVE TO 
BE LOCAL TO YOUR LOCALE. I am a customer of the Shentel cable system, 
but they farm out the email by a subcontract to a dovecot provider 
called mail2world. I am in north central WV, they are in Seattle Wash. 
Proving that the physical mail server doesn't have to be local. You've 
been drinking the koolaid if you think that server has to be in your 
locality. It doesn't.




I never implied that, only that the ISP services are spectrum only in 
the area I live.


I have spoken


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 17:37, gene heskett wrote:

On 12/20/23 12:05, Pocket wrote:


On 12/20/23 11:51, gene heskett wrote:

On 12/20/23 08:30, Pocket wrote:


On 12/20/23 07:59, Andy Smith wrote:

Hi,

On Wed, Dec 20, 2023 at 07:38:49AM -0500, Pocket wrote:

which poc...@columbus.rr.com

Not sure what you're trying to achieve but these administrative
commands should go to the mailing list software at
, not to debian-user@, which is the list
itself and its thousands of subscribers.

(A pity the list software does not automatically hold mails with
administrative commands in them, like Mailman does.)

Thanks,
Andy



Every 60 days I get kicked from this list which I receive an email 
stating my kick value is 2%.


I then try to see if I am subscribed by the web and sending emails 
to the


majord...@lists.debian.org which fails,

trying to subscribe from the web gets me gateway errors.


.
I get those too, but a little more often, but you may be 
miss-readiing the message. What I get says the kick score is 2%, but 
you've got to hit 80% to get autokicked.



I was kicked at 2%




Have you look at the link to the message? Here its never been a 
legit msg, always spam or phishing that should have been rejected by 
the list server at debian.  So unless some black hat blasts a 
phishing expedition through the server and your ISP rejects that 
crap wholesale, which they should, your kick score will stay at 2% 
which is well below the kick trigger. I've got to the point where I 
look at the kick score and if 2%, delete it.

Cheers, Gene Heskett.



  I made a pdf of the email from the link in the  bounce message, for 
the "record"



If I get one bounce email I am banned, I will never get to even 10% 
as 2% and I am gone.
That may be a side effect that your provider should address, or as 
suggested by others, change providers. I got tired of verizon not 
having the resources to modernize their system of 70 yo buried cable 
and bailed to the local cable co for net and phone about 15 years 
back. This is a small WV county seat town, around 6000 at the last 
census, It has at least 3, including spectrum, who rent facilities 
from the bigger guys, so I went with the cable folks to get a little 
closer to the techs who make it work. In the past 15 years I didn't 
have net or phone for 3 days after a 122 mph direcho came thru in 
2020, destroying the power grid over a 100 yard wide path about 10 
miles long. I also have a 20 kw generac in the back yard, installed 
previously because my now deceased wife had COPD. So I had power and 
had drop cords powering the neighbors fridges. I had phone and net 
about 20 minutes after power was restored and their batteries were 
partially recharged. Locally, mention spectrum and get unflattering 4 
letter descriptions of their service.  Surely you can find another 
vendor of ISP services, being aware that you usually get what you pay 
for. Here, as in most service related fields, the keyword is 
TANSTAAFL.  Sometimes the PUC in your locale can be helpful.

Good luck pocket.  Take care, stay warm and well.





Actually I can not change as the ISP has exclusive rights to the high 
speed internet in the area I reside in.


No other providers are allowed.

I have spoken

--
Hindi madali ang maging ako

Re: lists

[Pocket]

Sent from my iPhone

> On Dec 20, 2023, at 3:29 PM, Marco Moock  wrote:
> 
> Am 20.12.2023 um 15:08:32 Uhr schrieb Pocket:
> 
>> Sent from my iPhone
> 
> Nobody is interested in that, maybe the auto-unsubscribe is a good
> thing for all other list members.
> 

Nobady is interested in you pointing that out


>>>> On Dec 20, 2023, at 2:14 PM, Marco Moock  wrote:
>>> 
>>> Am 20.12.2023 um 14:04:41 Uhr schrieb Pocket:
>>> 
>>>> I have emails from other lists and personal email from other with
>>>> the same time frame
>>>> 
>>>> So in this case it was not because the email box/account was not
>>>> available.  
>>> 
>>> Are you really that thick as a brick that you don't understand that
>>> this is specific to the sender IP, in that case the Debian
>>> mailinglist server?
>>> 
>> 
>> Ignoring your personal attack,  has it occured that if spectrum
>> blocked bendel that i would lose all my subscribed lists .  Which i
>> have not.
> 
> If there is a rate-limit, only those connections are denied that excess
> that limit. Exactly that explains why you received some messages.
> 
>> As others here received the same bounce ails could it also be yrue
>> that the user list rmails look like spam to the ISP?
> 
> Ask your ISP.
> 
>> This issue seems to only be associated with this list only
> 
> Most likely because many messages arrive here - other lists don't have
> that much traffic.
> 

Re: lists

[Pocket]

Sent from my iPhone

> On Dec 20, 2023, at 2:14 PM, Marco Moock  wrote:
> 
> Am 20.12.2023 um 14:04:41 Uhr schrieb Pocket:
> 
>> I have emails from other lists and personal email from other with the 
>> same time frame
>> 
>> So in this case it was not because the email box/account was not
>> available.
> 
> Are you really that thick as a brick that you don't understand that
> this is specific to the sender IP, in that case the Debian mailinglist
> server?
> 

Ignoring your personal attack,  has it occured that if spectrum blocked bendel 
that i would lose all my subscribed lists .  Which i have not.

As others here received the same bounce ails could it also be yrue that the 
user list rmails look like spam to the ISP?

This issue seems to only be associated with this list only

>> That only leaves the number of sessions that were opened.
>> 
>> How many sessions were opened sending that one email?
> 
> Only one can be opened for that.
> But multiple connections might exist for multiple mails, maybe also for
> different users.
> 
> Your ISP blocks those with a hard error and that is the fault.
> 
> There is no hard limit in the SMTP RFC.
> Your mailbox provider is the fault here.
> 
>> second question does bendel.debian.org handle all the mail for all 
>> debian lists?
> 
> There are other servers too that handle some mailing lists (e.g. for
> bug reports), but bendel handles the "normal" Debian mailing lists that
> end with @lists.debian.org.
> 
> 
>> And could that be the reason to multiple sessions were opened from 
>> debian list servers?
> 
> No, the reason is that SMTP doesn't specify that only a special
> amount of connections can be established, but your provider enforces
> that and give back a hard fail (5xx error).
> If your mailbox provider handled that properly, it gave a 4xx error, so
> bendel tries it again after a certain amount of time.
> 
>> If that is the case then why no bounces occurred for the other lists
> 
> Ask your mailbox provider for the logs to find out, we can't tell you.
> 

Re: lists

[Pocket]

On 12/20/23 13:40, Hanno 'Rince' Wagner wrote:

Hi everybody,

On Wed, 20 Dec 2023, Pocket wrote:


What if there were more, that you did *not* see?  Because they didn't
get through.  If mail isn't reaching you, then the mail *telling* you
that mail isn't reaching you may also not reach you.


Because some one from the list admin told me it was one.

I was only sent that one bounce/kick email, so there is that..

we have sent you one _notification_ about the bounces. but if there
were more bounces there was no further notification because the
mailsystem wasn't able to deliver the mail to you. that is what you
were told.


I have emails from other lists and personal email from other with the 
same time frame


So in this case it was not because the email box/account was not available.

That only leaves the number of sessions that were opened.

How many sessions were opened sending that one email?

second question does bendel.debian.org handle all the mail for all 
debian lists?


And could that be the reason to multiple sessions were opened from 
debian list servers?


If that is the case then why no bounces occurred for the other lists




so, the collegues here are correct: there were more bounces since
debian-user is a busy mailinglist and you get unsusbcribed because
your provider chose to reject mails sent to you.






--


Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 13:17, Greg Wooledge wrote:

On Wed, Dec 20, 2023 at 12:05:26PM -0500, Pocket wrote:

I was kicked at 2%

How do you *know*?

What you *know* is that you *saw* *one* email message stating that
emails have been trouble reaching you, and that if this continues,
you will be unsubscribed.

What if there were more, that you did *not* see?  Because they didn't
get through.  If mail isn't reaching you, then the mail *telling* you
that mail isn't reaching you may also not reach you.



Because some one from the list admin told me it was one.

I was only sent that one bounce/kick email, so there is that..




You also claim that you were unsubscribed, which is evidence *for* the
theory that multiple failures occurred.  Even if you didn't see all
of them.



Yes it appears that I was unsubscribed, on just that one incidence.


The better question is why wasn't I unsubscribed from all debian lists?


--

Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:48, to...@tuxteam.de wrote:

On Wed, Dec 20, 2023 at 11:40:38AM -0500, Pocket wrote:

[...]


Still doesn't provide and answer for why I was kicked after one email
bounced.

You have seen just one bounce. Do you know your provider has shown you
all of them? Perhaps they bounced the other missing ones...

Cheers



The kick score was 2% as stated in the bounce email from debian, that 
tells me it was < 10 emails and from reading the bounce email from 
debian it was only one.




--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:51, gene heskett wrote:

On 12/20/23 08:30, Pocket wrote:


On 12/20/23 07:59, Andy Smith wrote:

Hi,

On Wed, Dec 20, 2023 at 07:38:49AM -0500, Pocket wrote:

which poc...@columbus.rr.com

Not sure what you're trying to achieve but these administrative
commands should go to the mailing list software at
, not to debian-user@, which is the list
itself and its thousands of subscribers.

(A pity the list software does not automatically hold mails with
administrative commands in them, like Mailman does.)

Thanks,
Andy



Every 60 days I get kicked from this list which I receive an email 
stating my kick value is 2%.


I then try to see if I am subscribed by the web and sending emails to 
the


majord...@lists.debian.org which fails,

trying to subscribe from the web gets me gateway errors.


.
I get those too, but a little more often, but you may be miss-readiing 
the message. What I get says the kick score is 2%, but you've got to 
hit 80% to get autokicked.



I was kicked at 2%




Have you look at the link to the message? Here its never been a legit 
msg, always spam or phishing that should have been rejected by the 
list server at debian.  So unless some black hat blasts a phishing 
expedition through the server and your ISP rejects that crap 
wholesale, which they should, your kick score will stay at 2% which is 
well below the kick trigger.  I've got to the point where I look at 
the kick score and if 2%, delete it.

Cheers, Gene Heskett.



 I made a pdf of the email from the link in the  bounce message, for 
the "record"



If I get one bounce email I am banned, I will never get to even 10% as 
2% and I am gone.



--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:51, Andy Smith wrote:

Hello,

On Wed, Dec 20, 2023 at 11:44:42AM -0500, Pocket wrote:

Does one email constitute "persistently undeliverable"?

I hope that the Debian listmasters get back to you with more
details, but I interpret Spectrum's reject message to mean that all
mails from Debian's IP from that time forward will be rejected. It
is likely a lot more than one email.



I have only one email that was rejected.

The SMTP server on bendel.debian.org should have resent?  No?




Again, you have evidence that Spectrum is rejecting Debian's email
to you just because there is a lot of it. What do you expect anyone
here or at Debian to do about that?


I have no evidence of that, the error from spectrum only occured that 
one time and bendel.debian.org did not resend or try again as far as I 
can determine.  Then it appears I was booted.


How many emails at that time did bendel.debian.org send?

I have no answer for that as I am not the one that can answer that.

How many connections did bendel.debian.org have?

I have no answer for that as I am not the one that can answer that.

--

Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:42, Andy Smith wrote:

Hello,

On Wed, Dec 20, 2023 at 11:30:24AM -0500, Pocket wrote:

On 12/20/23 11:26,to...@tuxteam.de  wrote:

And yes, yell to your provider. Everyone and her dog coming
up with random policies is what's killing email.

I am sure the will be quaking in their boots if I call them to demand them
to fix this,  ROLLS EYES

Okay, this is my last attempt to ask you to be constructive: if your
email provider rejects Debian's emails to you because there are too
many of them, what do you propose happens to solve that issue?

The most disruptive symptom of that issue for you is that Debian's
mailing list manager automatically unsubscribes you. I don't think
that Debian will spend effort making that not happen, because in
general it is the right thing to do for persistently undeliverable
addresses like yours. But even if they did, it would not fix the
root problem for you as you'd still be missing a lot of Debian email.

Thanks,
Andy


Does one email constitute "persistently undeliverable"?


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:37, Andy Smith wrote:

Hello,

On Wed, Dec 20, 2023 at 11:16:02AM -0500, Pocket wrote:

On 12/20/23 11:12, Marco Moock wrote:

Am 20.12.2023 um 11:07:16 Uhr schrieb Pocket:

Spectrum limits the number of concurrent connections from a sender,
as well as the total number of connections allowed. Limits vary based
on the reputation of the IP address. Reduce your number of
connections and try again later.

You can't fix that until you make your mail provider change those
policies.

Ok I will twist their arms and complain to the cops or maybe I should
comtact the DOJ,

maybe that will get it fixed

We are just trying to help you with the strange policies of your
email provider that make it hard for you to participate in Internet
mailing lists. It's not our fault and if you are going to go from
bombarding us with pointless admin commands to snarky responses then
why should we bother? At least we are getting somewhere now, instead
of just leaving you to howl into the void.


The operator of the sending MTA for the Debian lists can limit the
amount of connections to spectrum, talk to the postmasters there if you
think the might implement that.

Why is the user list the only one that has this issue?

I can see how it will bias against debian-user if debian-user
happens to be the busiest Debian list that you are on. A greater
percentage of debian-user's emails will be rejected by Spectrum.

Thanks,
Andy


Still doesn't provide and answer for why I was kicked after one email 
bounced.


at 2% I had a long way to go before I hit the 76% death ray






--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:31, Andy Smith wrote:

Hello,

On Wed, Dec 20, 2023 at 11:07:16AM -0500, Pocket wrote:

Spectrum limits the number of concurrent connections from a sender, as well
as the total number of connections allowed. Limits vary based on the
reputation of the IP address. Reduce your number of connections and try
again later.

They ask Debian to try again later, but they do it with a
permanent reject code.

I think you need a new email provider.


It's the only one that I have




Thanks,
Andy


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:26, to...@tuxteam.de wrote:

On Wed, Dec 20, 2023 at 11:16:02AM -0500, Pocket wrote:

[...]


Why is the user list the only one that has this issue?

It is the busiest list, thus the bounce probability might
be the highest.

And yes, yell to your provider. Everyone and her dog coming
up with random policies is what's killing email.


I am sure the will be quaking in their boots if I call them to demand 
them to fix this,  ROLLS EYES





Cheers


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 11:12, Marco Moock wrote:

Am 20.12.2023 um 11:07:16 Uhr schrieb Pocket:


Spectrum limits the number of concurrent connections from a sender,
as well as the total number of connections allowed. Limits vary based
on the reputation of the IP address. Reduce your number of
connections and try again later.

You can't fix that until you make your mail provider change those
policies.



Ok I will twist their arms and complain to the cops or maybe I should 
comtact the DOJ,


maybe that will get it fixed




The operator of the sending MTA for the Debian lists can limit the
amount of connections to spectrum, talk to the postmasters there if you
think the might implement that.



Why is the user list the only one that has this issue?


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 10:50, Andy Smith wrote:

Hello,

On Wed, Dec 20, 2023 at 04:11:05PM +0100, Christoph Brinkhaus wrote:

I have heard that there is a countermeasure against spam run be big mail
providers by rejecting the first contact by SMTP and accepting the next
contact. Most spammers seem to try just once.

I think you are talking about the practice of "greylisting". This
involves giving a 4xx SMTP response to "new" correspondents, which
is a temporary failure code that instructs the sending server to try
again later. They usually will within just a few minutes, at which
point it's not considered a "new" interaction and is allowed
through.

The purpose of this is to weed out compromised hosts sending email
directly, rather than through a proper mail server. Such malware
usually won't bother to implement a full mail server with queueing
and retries, so will give up after even a temporary failure.

There was a period of time when large spam runs using compromised
hosts were prevalent, but in recent years spammers do tend to use
rented hosts with proper mail servers on them, so greylisting has
become less effective. Some people say it no longer has any
noticeable benefit.

Greylisting would not cause the symptoms that you and Pocket are
experiencing; any sensible mailing list server including Debian's
will cope with temporary failure.

If we're not talking about greylisting, using a 5xx SMTP hard reject
code on new interactions would not make a lot of sense as a form of
antispam measure. There are some misguided people who use a sort of
allowlist approach where every new correspondent gets an automated
message telling them to visit a URL to prove they are human, before
any mail is allowed through to the real recipient. These use
non-delivery report emails ("bounces", NDRs) as opposed to SMTP
rejects.

If I were you I'd just email  to ask
them about it the next time you receive the notification about some
emails being rejected. The human that will eventually answer your
email will probably be happy to look in the logs to see what message
your mail provider gave.


Please verify the content of the kick rate mail. I am quite sure that it
is not as serious as it sounds on the first impression.

You are right that an occasional bounce probably isn't a lot to
worry about, as the trigger level indeed is way above 2%. One way it
can happen is if a spammy message reaches the list and is not
detected by Debian, but is detected and rejected by your mail
provider. That counts as "you" rejecting email from the list, even
though that was the right thing for your provider to do. That sort
of thing can just be ignored.

In Pocket's case, they say they are actually being automatically
unsubscribed from the list. That indicates a severe and ongoing
problem with their mail delivery. If I were them I'd want to look
into it.

Thanks,
Andy


I am looking into it,

The other debian mail lists I subscrie to are not and never have been an 
issue.


I did find this which points to the debian mail list SMTP server

inal-Recipient: rfc822;poc...@columbus.rr.com
Original-Recipient:rfc822;poc...@columbus.rr.com
Action: failed
Status: 5.1.0
Remote-MTA: dns; pkvw-mx.msg.pkvw.co.charter.net
Diagnostic-Code: smtp; 550 5.1.0
  sender
rejected. Please see
https://www.spectrum.net/support/internet/understanding-email-error-codes
for more information. AUP#In-1310


Error code AUP#In-1310 is the following

Spectrum limits the number of concurrent connections from a sender, as 
well as the total number of connections allowed. Limits vary based on 
the reputation of the IP address. Reduce your number of connections and 
try again later.


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 10:35, Jeffrey Walton wrote:

On Wed, Dec 20, 2023 at 10:28 AM Pocket  wrote:

[...]

I get/have a kick rate of 2% (one bounce in the last 60 days), then I am
kicked and no longer receive anything from the user list.

After many attempts over several days...

I finally get email from majord...@lists.debian.org that tells me this

You are subscribed to the following lists:

ListAddress
   ===
debian-arm poc...@columbus.rr.com
debian-security-announce poc...@columbus.rr.com

I spend several days trying to subscribed to the list, with the web
signup ALWAYS time out with a gateway error.

I than spend hours trying to get majord...@lists.debian.org to reply.

emails to the list maintainer either are not delivered(black hole?) or I
get not response.

For the gateway errors and majordomo delays, you should probably
contact . Also see
<https://www.debian.org/contact>.

Jeff



That goes without any response, I can not tell if the email was 
delivered or ignored.


So that is a negative, as it results in nothing.



--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 10:11, Christoph Brinkhaus wrote:

Am Wed, Dec 20, 2023 at 08:13:12AM -0500 schrieb Pocket:

On 12/20/23 07:59, Andy Smith wrote:

[...]


Every 60 days I get kicked from this list which I receive an email stating
my kick value is 2%.

I receive this mails, too. The first impression is scary, but in the
body there is an explanation. The statement is that there are some
bounces but your account will be deleted if the kick rate exceeds a
limit much higher than 2%. AFAIR the limit is 80% so so.

I have heard that there is a countermeasure against spam run be big mail
providers by rejecting the first contact by SMTP and accepting the next
contact. Most spammers seem to try just once.

I am not sure if this is 100% true or related to your situation.
Please verify the content of the kick rate mail. I am quite sure that it
is not as serious as it sounds on the first impression.

Kind regards,
Christoph


I think you missed my point.

I get/have a kick rate of 2% (one bounce in the last 60 days), then I am 
kicked and no longer receive anything from the user list.


After many attempts over several days...

I finally get email from majord...@lists.debian.org that tells me this

You are subscribed to the following lists:

List                    Address
                   ===
debian-arm                 poc...@columbus.rr.com
debian-security-announce poc...@columbus.rr.com

I spend several days trying to subscribed to the list, with the web 
signup ALWAYS time out with a gateway error.


I than spend hours trying to get majord...@lists.debian.org to reply.

emails to the list maintainer either are not delivered(black hole?) or I 
get not response.


As you see I have now reestablished my subscription to this list, which 
if past practice is any indicator I will get banned again in 30 days for 
email bounces.  Of which I have zero control over.


PS.  pretty hard to debug this when you receive no responses from 
majord...@lists.debian.org or the list maintainer as you have nothing to 
look at or to work with.


--
Hindi madali ang maging ako

Re: lists

[Pocket]

On 12/20/23 07:59, Andy Smith wrote:

Hi,

On Wed, Dec 20, 2023 at 07:38:49AM -0500, Pocket wrote:

which poc...@columbus.rr.com

Not sure what you're trying to achieve but these administrative
commands should go to the mailing list software at
, not to debian-user@, which is the list
itself and its thousands of subscribers.

(A pity the list software does not automatically hold mails with
administrative commands in them, like Mailman does.)

Thanks,
Andy



Every 60 days I get kicked from this list which I receive an email 
stating my kick value is 2%.


I then try to see if I am subscribed by the web and sending emails to the

majord...@lists.debian.org which fails,

trying to subscribe from the web gets me gateway errors.

lists

[Pocket]

which poc...@columbus.rr.com

--
Hindi madali ang maging ako

which poc...@columbus.rr.com

[Pocket]

which poc...@columbus.rr.com

--
Hindi madali ang maging ako

Unidentified subject!

[Pocket]

which poc...@columbus.rr.com

--
Hindi madali ang maging ako

Re: Problem with /var/cache/apt/archives/

[Pocket]

On 12/16/23 08:45, Stephen P. Molnar wrote:
I am running Bookworm on my Debian computer. When I installed the OS I 
selected the option for separate /var etc, and selected the default 
sizes of the partitions.


When I ran sudo apt update this morning I received the error message:

E: You don't have enough free space in /var/cache/apt/archives/

Can I increase the size of the /var partition on the ssd without 
having to reinstall the system?


Thanks in advance.


You can bind mount more space from another partition or create a directory on 
another file system and sylmink it to /var/cache/apt/archives/

Maybe something like this

On a volume that has sufficient space

where  is some where on your filesystem

mkdir /archives

cp -var /var/cache/apt/archives/ /archives/

or

mv -v  /var/cache/apt/archives/ /archives/

then clean up /var/cache/apt/archives
rm -rf /var/cache/apt/archives

ln -vs /archives /var/cache/apt/archives

or
|mount --bind |/archives /var/cache/apt/archives

Add the bind mount to the end of /etc/fstab

/var/cache/apt/archives||/archives|none bind,nofail|


https://www.baeldung.com/linux/bind-mounts


--
Hindi madali ang maging ako

Re: update-ca-certificates

[Pocket]

Sent from my iPad

> On Dec 14, 2023, at 2:23 PM, Linux-Fan  wrote:
> 
> Pocket writes:
> 
>>> On 12/14/23 08:11, Henning Follmann wrote:
>>> On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote:
>>>> On Wed, Dec 13, 2023 at 7:55 PM Pocket  wrote:
>>>>> What formats does certs need to be to work with update-ca-certificates?
>>>>> 
>>>>> PEM or DER?
>>>> PEM
>>> Well lets look at man update-ca-certificates, shall we?
>>> 
>>> "Certificates must have a .crt extension..."
>> 
>> Lets have a look at some of the standards shall we?
>> 
>> https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/
>> 
>> A cert that have a suffix of .crt are in DER format by this convention. 
>> maybe the script should actually look for PEM files?
> 
> The above linked page is not a standard. Additionally, it does not seem to 
> support your claim and e.g. says as follows:
> 
> * “The DER certificate format stands for “distinguished encoding rules. It
>  is a binary form of PEM-formatted certificates containing all types of
>  certificates and private keys. However, they usually use .cer and .der   
> extensions.”
> * “A PEM file contains ASCII encoding data, and the certificate files come
>  in .pem, .crt, .cer, or .key formats.”
> 
> IOW per this source, `.crt` is a perfectly valid file extension for 
> certificates in PEM format.
> 
> I'd be curious for some “standard” definition about these file extensions 
> because from what I have seen, the file extensions for certificates, keys and 
> certificate signing requests are used quite chaotically sometimes to encode 
> either the intention (.pub, .priv, .cer, .csr) or the data format (.pem, 
> .der) and sometimes there seems to be an intention to encode both some way 
> e.g. I've observed .pem for PEM certificates and .cer for DER-formatted 
> certificates which would be in line with the ssl.com link btw.
> 
>> Should the suffix of the file be .pem as the certs that are referenced by 
>> the conf file seem to be in PEM format?
> 
> Stick to what the program expects and use .crt

Ok what format DER, PEM or some form of PKC?

DER and PEM both use crt.

One cert for file or multiple?

Notice the docs do not specify.

How does the carts get processed as different formats require different 
processes.


> 
>> Well yes that would eliminate the confusion and we can not have that can we.
> 
> If there were some agreed-on standard to do this stuff, I would love to know 
> about it. The closest things that I found by a cursory internet search were 
> FRC2585 and RFC5280:
> 
> * https://datatracker.ietf.org/doc/html/rfc2585
> * https://datatracker.ietf.org/doc/html/rfc5280
> 
> AFAIU they specify
> 
> * `.cer` for DER-encoded certificates
> * `.crl` for DER-encoded certificate revocation lists
> * `.p7c` for PKCS#7 encoded certificates

DER, .der and .crt

PEM .pem and .crt

Docs should specify.

> 
> [...]
> 
> YMMV
> Linux-Fan
> 
> öö

Re: Data disaster preparedness and recovery without RAID

[Pocket]

Sent from my iPad

> On Dec 14, 2023, at 1:51 PM, David Christensen  
> wrote:
> 
> On 12/14/23 08:04, Pocket wrote:
>>> On Dec 14, 2023, at 4:09 AM, David Christensen  
>>> wrote:
>>> Another benefit of ZFS snapshots is that they are are atomic.  (Yet another 
>>> is that they are taken quickly.)  So long as your app or service has its 
>>> files in a consistent state (ideally, closed), restoring from the snapshot 
>>> should produce a set of files that work correctly.
>> Radioactive I see
> 
> 
> Do not eat files that glow blue.  ;-)

My files glow Greene so I am safe
> 
> 
>>> On 12/13/23 10:42, Pocket wrote:
>>>> After removing raid, I completely redesigned my network to be more inline 
>>>> with the howtos and other information.
>>> 
>>> Please elaborate regarding "redesigned my network" with respect to not 
>>> needing RAID.
>> Gave me the impetus fix see the errors of my ways
> 
> 
> Please explain your ways and perhaps the readers will identity errors.


Nothing is broke so fixes not needed

> 
> 
>>>> I have a "git" server that has all my setup/custom/building scripts and 
>>>> all my programming and solidworks projects.
>>> 
>>> I assume your git(1) server has a repository and it is on a single disk 
>>> with rsync(1) backups.  If the repository disk crashes, you replace it with 
>>> another disk, and you restore from backup, what happens to clients who 
>>> checked out projects after the backup?  To clients that checked in changed 
>>> projects after the backup?  Is recovery less work that replacing a bad disk 
>>> in RAID?
>> You assume wrong
> 
> 
> Please explain how your git(1) server stores content without RAID, how 
> clients respond to the two scenarios outlined above, and how the recovery 
> effort compares to RAID recovery.
> 
> 
>>>> I have DELPHI build apps going back to about 1995.
>>> 
>>> Do you mean:
>>> 
>>> https://www.embarcadero.com/products/delphi
>> Nope Borland
> 
> 
> https://en.wikipedia.org/wiki/History_of_Delphi_(software)
> 
> On February 8, 2006, Borland announced that it was looking for a buyer for 
> its IDE and database line of products, including Delphi, to concentrate on 
> its ALM line. Instead of selling it, Borland transferred the development 
> tools group to an independent, wholly owned subsidiary company named CodeGear 
> on November 14, 2006.
> ...
> Borland sold CodeGear to Embarcadero Technologies in 2008. Embarcadero 
> retained the CodeGear division created by Borland to identify its tool and 
> database offerings but identified its own database tools under the 
> DatabaseGear name.
> ...
> In October 2015, Embarcadero was purchased by Idera Software. Idera continues 
> to run the developer tools division under the Embarcadero brand.
> 

Nope Borland


> 
>>>> It all backed up to a backup server(master and slave) and also a 4TB 
>>>> offline external hard drive.  I have not "lost" any information since.
>>> 
>>> Please elaborate "master and slave" with respect to not needing RAID.
>> Same as DNS
> 
> 
> Do you mean using a distributed architecture similar to DNS for backups, or 
> something else?  Please explain.

Do you understand DNS?

> 
> 
> David
> 

Re: Data disaster preparedness and recovery without RAID

[Pocket]

Sent from my iPad

> On Dec 14, 2023, at 4:09 AM, David Christensen  
> wrote:
> 
> On 12/13/23 08:51, Pocket wrote:
>> I gave up using raid many years ago and I used the extra drives as backups.
>> Wrote a script to rsync  /home to the backup drives.
> 
> 
> While external HDD enclosures can work, my favorite is mobile racks:
> 
> https://www.startech.com/en-us/hdd/drw150satbk
> 
> https://www.startech.com/en-us/hdd/hsb220sat25b
> 
> https://www.startech.com/en-us/hdd/s25slotr
> 


Those don’t seem to fit my raspberry pi’s


> 
>> On 12/13/23 10:42, Pocket wrote:
>> Many reasons
>> No real benefit (companies excepted), and issues like you have been posting.
> 
> 
> I went many years without failing data HDD's, then several data drives 
> started dying over the course of several months.  The disks were in software 
> RAID.  I told the RAID to drop the failing disk, operated in a degraded 
> condition until I was ready to do the work, shutdown when I wanted, removed 
> the bad disk, installed a replacement disk, booted, told the RAID to add the 
> replacement disk, and watched the disk resilver.  I suffered zero unplanned 
> down time.  I suffered zero data damage or loss.  I was lucky that only one 
> disk failed at a time.  RAID was a huge benefit to me.
> 
> 
> People can have issues with RAID, just like anything else.  With the 
> exception of the failed HDD's above, the root cause of my RAID issues was 
> PEBKAC.  The solution was, and remains to be, learning.  Thankfully, there is 
> Michael W. Lucas:
> 
> https://mwl.io/nonfiction/os
> 
> 
>> If the RAID controller bites the bullet you are usually toast unless you 
>> have another RAID controller (same manufacturer and type) as a spare.
>> I have zero luck replacing one companies raid controller with another
>> and ditto on raid built into the motherboard.
> 
> 
> I agree that hardware RAID solutions require identical hardware spares. That 
> is a price you must pay if you care about the data supervised by that 
> controller.
> 
> 
>> I really don't need any help losing my data/files as I do a good job of that 
>> all by myself ;)
> 
> 
> RAID is not designed to protect against user filesystem manipulation errors.  
> Backups are.
> 
> 
> zfs-auto-snapsnot(8) makes snapshots a no-brainer and recovery self-serve.

I prefer rsync backups

> 
> 
>> I found it is better to just have my data on several backup disks, that way 
>> if one fails I get another disk and copy all the data to
>> the newly purchased disk.
> 
> 
> How many backups do you keep on each of your several backup disks?


Enough that I don’t lose data


> 
> 
> Do you use the rsync(1) option "--link-dest=DIR" to do file-level 
> deduplication?
> 
> 
> ZFS with block-level compression and deduplication is a no-brainer:
> 
> https://lists.debian.org/debian-user/2023/03/msg00116.html

No need for compression

> 
> 
> Another benefit of ZFS snapshots is that they are are atomic.  (Yet another 
> is that they are taken quickly.)  So long as your app or service has its 
> files in a consistent state (ideally, closed), restoring from the snapshot 
> should produce a set of files that work correctly.
> 
> 

Radioactive I see

>> After removing raid, I completely redesigned my network to be more inline 
>> with the howtos and other information.
> 
> 
> Please elaborate regarding "redesigned my network" with respect to not 
> needing RAID.
> 
> 

Gave me the impetus fix see the errors of my ways


>> I have little to nothing on the client system I use daily,
>> everything is on networks systems and they have certain things they
>> do.
> 
> 
> Please elaborate regarding "the certain things they do" with respect to not 
> needing RAID.
> 
> 
>> I have a "git" server that has all my setup/custom/building scripts and all 
>> my programming and solidworks projects.
> 
> 
> I assume your git(1) server has a repository and it is on a single disk with 
> rsync(1) backups.  If the repository disk crashes, you replace it with 
> another disk, and you restore from backup, what happens to clients who 
> checked out projects after the backup?  To clients that checked in changed 
> projects after the backup?  Is recovery less work that replacing a bad disk 
> in RAID?
> 

You assume wrong

> 
>> I have DELPHI build apps going back to about 1995.
> 
> 
> Do you mean:
> 
> https://www.embarcadero.com/products/delphi

Nope Borland 

> 
> 
>> It all backed up to a backup server(master and slave) and also a 4TB offline 
>> external hard drive.  I have not "lost" any information since.
> 
> 
> Please elaborate "master and slave" with respect to not needing RAID.
> 


Same as DNS


> 
>> I also found that DHCP and NetworkManager is your friend.
> 
> 
> Please elaborate "DHCP and Network Manager" with respect to not needing RAID.
> 
> 


That was for Gene, I known he can not live without them

Re: update-ca-certificates

[Pocket]

On 12/14/23 08:11, Henning Follmann wrote:

On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote:

On Wed, Dec 13, 2023 at 7:55 PM Pocket  wrote:

What formats does certs need to be to work with update-ca-certificates?

PEM or DER?

PEM

Well lets look at man update-ca-certificates, shall we?

"Certificates must have a .crt extension..."


Lets have a look at some of the standards shall we?

https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/

A cert that have a suffix of .crt are in DER format by this convention. 
maybe the script should actually look for PEM files?


Should the suffix of the file be .pem as the certs that are referenced 
by the conf file seem to be in PEM format?


Well yes that would eliminate the confusion and we can not have that can we.







I have just finished writing some scripts to generate certs for my email
server and nginx server.

[...]
Will pem format type certs work?

Yes.

You should also place the certificates in
/usr/local/share/ca-certificates . Make the directory if it does not
exist. And then run update-ca-certificates from the directory.


again from the manual:
"It reads the file /etc/ca-certificates.conf. Each line gives a pathname
of a CA certificate under  /usr/share/ca-certificates  that  should  be
trusted.  Lines that begin with "#" are comment lines and thus ignored.
Lines that begin with "!" are deselected, causing the  deactivation  of
the CA certificate in question. Certificates must have a .crt extension
in order to be included by update-ca-certificates."


It is not enough to just put them in that directory. You also have to
update /etc/ca-certificates.conf


-H



Is that in the bash script?

I don't see it can you point it out?

Doesn't it also say /usr/local/share/ca-certificates also is in play?

Notice the man page has noting about the format and if each cert must be 
a single file or can you concat multiple certs into a single file.


The docs are clearly insufficient.

I am currently looking at the bash script, not the docs.


--

It's not easy to be me

Re: update-ca-certificates

[Pocket]

On 12/13/23 21:50, Charles Curley wrote:

On Thu, 14 Dec 2023 09:34:37 +0800
jeremy ardley  wrote:


You don't have to be your own CA. It's very easy to use letsencrypt
to generate valid certificates for hosts even if they are not
directly connected to the internet.

Oooh, is there a writeup somewhere on how to do that? The last time I
looked, I couldn't find one. But that was a while ago.



I am following the one at 
https://jamielinux.com/docs/openssl-certificate-authority


it is from 2015 and I made the scripts from the different stages in the 
chapter.


root, intermediate and client.

I will consolidate them into a single script when I have everything working.

I will then add the revocation, CRL and OCSP at the end of testing.

I intend to the encrypt the directory holding the CA with fscrypt to 
keep the private keys secure.


--

It's not easy to be me

Re: update-ca-certificates

[Pocket]

On 12/13/23 21:47, Jeffrey Walton wrote:

On Wed, Dec 13, 2023 at 7:55 PM Pocket  wrote:

What formats does certs need to be to work with update-ca-certificates?

PEM or DER?

PEM



Ok since I am using an intermediate cert to sign, I am creating a 
combined PEM with the root CA and the intermediate cert like this


cat "$directory"/certs/intermediate.cert.pem 
"$ca_directory"/certs/ca.cert.pem > "$directory"/certs/ca-chain.cert.pem


Will that work or does the cert have to be a single cert?





I have just finished writing some scripts to generate certs for my email
server and nginx server.

[...]
Will pem format type certs work?

Yes.

You should also place the certificates in
/usr/local/share/ca-certificates . Make the directory if it does not
exist. And then run update-ca-certificates from the directory.

Jeff


That sub directory does indeed exist, so I need to run 
update-cert-certificates from


/usr/local/share/ca-certificates or can I just run update-cert-certificates as 
root?

Thanks


--
It's not easy to be me

Re: update-ca-certificates

[Pocket]

On 12/13/23 20:25, Roberto C. Sánchez wrote:

On Wed, Dec 13, 2023 at 07:54:45PM -0500, Pocket wrote:

What formats does certs need to be to work with update-ca-certificates?

PEM or DER?

I have just finished writing some scripts to generate certs for my email
server and nginx server.

The scripts allow me to become my own CA.

The man page states that the cert needs to have a suffix of .crt.

By definition certs ending are in der format.

Will pem format type certs work?


Have you looked at the examples?
/usr/share/doc/ca-certificates/examples/ca-certificates-local/


Yes I have, the issue is the man page does not specify the type of certs it can 
process

--

It's not easy to be me

Re: update-ca-certificates

[Pocket]

On 12/13/23 20:34, jeremy ardley wrote:


On 14/12/23 08:54, Pocket wrote:


I have just finished writing some scripts to generate certs for my 
email server and nginx server.


The scripts allow me to become my own CA. 



You don't have to be your own CA. It's very easy to use letsencrypt to 
generate valid certificates for hosts even if they are not directly 
connected to the internet.



I don't want to use letsencrypt, that is a non-starter




In my case I use letsencrypt for certificates for nginx, dovecot, and 
postfix. They all use the same certificates maintained by 
letsencrypt/certbot by linking to it in their configuration,


letsencrypt/certbot manages all the certificates and necessary 
renewals using cron jobs at regular intervals.



Which is why I don't want to use it.

Don't want to install any more packages or update cron (I have not added 
cron jobs).





The situations where you still need to be your own CA are for 
applications like OpenVPN and certificates for ssh servers and clients


On my network I want to control the certs used.

--
It's not easy to be me

update-ca-certificates

[Pocket]

What formats does certs need to be to work with update-ca-certificates?

PEM or DER?

I have just finished writing some scripts to generate certs for my email 
server and nginx server.


The scripts allow me to become my own CA.

The man page states that the cert needs to have a suffix of .crt.

By definition certs ending are in der format.

Will pem format type certs work?

--
It's not easy to be me

Re: raid10 is killing me, and applications that aren't willing towait for it to respond

[Pocket]

On 12/13/23 13:50, Dan Ritter wrote:

Pocket wrote:

Many reasons

If the RAID controller bites the bullet you are usually toast unless you
have another RAID controller (same manufacturer and type) as a spare.

mdadm, zfs and btrfs all lack this problem.


Not for me as I am not going down that worm hole





I have zero luck replacing one companies raid controller with another and
ditto on raid built into the motherboard.

As above.



As above


  

I really don't need any help losing my data/files as I do a good job of that
all by myself ;)

btrfs and zfs have snapshots which really help avoiding losing
data. On other machines, rsnapshot is often suitable.



I am exploring rdiff-backup



I found it is better to just have my data on several backup disks, that way
if one fails I get another disk and copy all the data to the newly purchased
disk.

RAID isn't a backup solution, it's a way of keeping things going
until you have time to restore. (And also a way of improving
performance and/or manageability.)

If you don't need or want it, you shouldn't use it. Same as any
tool.


I don't need the expense or trouble.

Raspberry pi(s) and USB drives equate to "just works"

--

It's not easy to be me

Re: raid10 is killing me, and applications that aren't willing towait for it to respond

[Pocket]

On 12/13/23 13:47, Nicolas George wrote:

Pocket (12023-12-13):

If the RAID controller

Then use software RAID with a Libre implementation.



Nope been there done that and I ain't doing that





I found it is better to just have my data on several backup disks

Yeah, backups and RAID are not meant to protect against the same issues,
so if you think one replaces the other…


After removing raid, I completely redesigned my network to be more inline
with the howtos and other information.

You know that RAID has nothing to do with the setup of your network,
right?



Not saying it did


--
It's not easy to be me

Re: raid10 is killing me, and applications that aren't willing towait for it to respond

[Pocket]

On 12/13/23 13:20, gene heskett wrote:

On 12/13/23 11:51, Pocket wrote:


On 12/13/23 10:26, gene heskett wrote:

Greetings all;

I thought I was doing things right a year back when I built a raid10 
for my /home partition. but I'm tired of fighting with it for 
access. Anything that wants to open a file on it, is subjected to a 
freeze of at least 30 seconds BEFORE the file requester is drawn on 
screen. Once it has done the screen draw and the path is 
established, read/writes then proceed at multi-gigabyte speeds just 
like it should, but some applications refuse to wait that long, so 
digiKam cannot import from my camera for example one, QIDISlicer is 
another that get plumb upset and declares a segfault, core dumped, 
but it can't write the core dump for the same reason it declared a 
segfault.  Here is a copy/paste of the last attempt to select the 
"device" tab in QIDISlicer:

---
Error creating proxy: Error calling StartServiceByName for 
org.gtk.vfs.GPhoto2VolumeMonitor: Timeout was reached 
(g-io-error-quark, 24)


** (qidi-slicer:389574): CRITICAL **: 04:55:46.975: Cannot register 
URI scheme wxfs more than once


** (qidi-slicer:389574): CRITICAL **: 04:55:46.975: Cannot register 
URI scheme memory more than once


(qidi-slicer:389574): Gtk-CRITICAL **: 04:55:47.084: 
gtk_box_gadget_distribute: assertion 'size >= 0' failed in GtkScrollbar
[2023-12-13 05:10:27.325222] [0x7f77e6ffd6c0] [error] Socket 
created. Multicast: 255.255.255.255. Interface: 192.168.71.3

Unhandled unknown exception; terminating the application.
Segmentation fault (core dumped)
-
This where it was attempting to open the cache buffers if needed to 
remember what moonraker, a web server driver which is part of the 
klipper install on the printer, addressed at 192.168.71.110: with an 
odd, high numbered port above 10,000.


I've been here several times with this problem without any 
constructive responses other than strace, which of course does NOT 
work for network stuff, and would if my past history with it is any 
indication, generate several terabytes of output, but it fails for 
the same reason, no place to put its output because I assume, it 
can't write to the raid10 in a timely manner.


So one more time: Why can't I use my software raid10 on 4 1T SSD's 
?


Cheers, Gene Heskett.



I gave up using raid many years ago and I used the extra drives as 
backups.



So why did you give up? Must have been a reason.


Many reasons

No real benefit (companies excepted), and issues like you have been posting.

If the RAID controller bites the bullet you are usually toast unless you 
have another RAID controller (same manufacturer and type) as a spare.


I have zero luck replacing one companies raid controller with another 
and ditto on raid built into the motherboard.


I really don't need any help losing my data/files as I do a good job of 
that all by myself ;)


I found it is better to just have my data on several backup disks, that 
way if one fails I get another disk and copy all the data to the newly 
purchased disk.


After removing raid, I completely redesigned my network to be more 
inline with the howtos and other information.


I have little to nothing on the client system I use daily, everything is 
on networks systems and they have certain things they do.


I have a "git" server that has all my setup/custom/building scripts and 
all my programming and solidworks projects.


I have DELPHI build apps going back to about 1995.

It all backed up to a backup server(master and slave) and also a 4TB 
offline external hard drive.  I have not "lost" any information since.


I also found that DHCP and NetworkManager is your friend.

Maybe you should review your network setup as you seem to have a lot is 
issues with it?





Wrote a script to rsync  /home to the backup drives.



Cheers, Gene Heskett.


--
It's not easy to be me

Re: raid10 is killing me, and applications that aren't willing to wait for it to respond

[Pocket]

On 12/13/23 10:26, gene heskett wrote:

Greetings all;

I thought I was doing things right a year back when I built a raid10 
for my /home partition. but I'm tired of fighting with it for access. 
Anything that wants to open a file on it, is subjected to a freeze of 
at least 30 seconds BEFORE the file requester is drawn on screen.  
Once it has done the screen draw and the path is established, 
read/writes then proceed at multi-gigabyte speeds just like it should, 
but some applications refuse to wait that long, so digiKam cannot 
import from my camera for example one, QIDISlicer is another that get 
plumb upset and declares a segfault, core dumped, but it can't write 
the core dump for the same reason it declared a segfault.  Here is a 
copy/paste of the last attempt to select the "device" tab in QIDISlicer:

---
Error creating proxy: Error calling StartServiceByName for 
org.gtk.vfs.GPhoto2VolumeMonitor: Timeout was reached 
(g-io-error-quark, 24)


** (qidi-slicer:389574): CRITICAL **: 04:55:46.975: Cannot register 
URI scheme wxfs more than once


** (qidi-slicer:389574): CRITICAL **: 04:55:46.975: Cannot register 
URI scheme memory more than once


(qidi-slicer:389574): Gtk-CRITICAL **: 04:55:47.084: 
gtk_box_gadget_distribute: assertion 'size >= 0' failed in GtkScrollbar
[2023-12-13 05:10:27.325222] [0x7f77e6ffd6c0] [error]   Socket 
created. Multicast: 255.255.255.255. Interface: 192.168.71.3

Unhandled unknown exception; terminating the application.
Segmentation fault (core dumped)
-
This where it was attempting to open the cache buffers if needed to 
remember what moonraker, a web server driver which is part of the 
klipper install on the printer, addressed at 192.168.71.110: with an 
odd, high numbered port above 10,000.


I've been here several times with this problem without any 
constructive responses other than strace, which of course does NOT 
work for network stuff, and would if my past history with it is any 
indication, generate several terabytes of output, but it fails for the 
same reason, no place to put its output because I assume, it can't 
write to the raid10 in a timely manner.


So one more time: Why can't I use my software raid10 on 4 1T SSD's ?

Cheers, Gene Heskett.



I gave up using raid many years ago and I used the extra drives as backups.

Wrote a script to rsync  /home to the backup drives.

--
It's not easy to be me

Re: The bug

[Pocket]

On 12/13/23 10:33, Greg Wooledge wrote:

On Wed, Dec 13, 2023 at 04:13:44PM +0100, to...@tuxteam.de wrote:

On Wed, Dec 13, 2023 at 10:10:37AM -0500, Greg Wooledge wrote:

On Wed, Dec 13, 2023 at 09:56:46AM -0500, Stefan Monnier wrote:

If so, then IIUC the answer is a resounding "YES, it is safe!".
It just may be unusable, so you may have to downgrade to 6.1.0-13 until
the problem is fixed.

That's a very different issue from the ext4 corruption problem in
6.1.0-14 which can eat your data.

Safety is subjective.  A great deal will depend on what kind of system
is being upgraded.  If it's a remote server to which you have limited
or no physical access, booting a kernel that may "just be unusable"
(enough to prevent editing GRUB menus and rebooting) could be a disaster.

...but that one most probably won't be attached via a Broadcom to the 'net.

Who knows, though :)

My superficial understanding, after skimming through the bug report,
is that problems could be triggered just by *loading* one of the
affected wifi driver modules.  This would happen for any machine that
has one of the "right" kinds of wifi hardware, even if that hardware
isn't actively being used.  (Not just Broadcom either; at least one
person reported an issue with Realtek.)

Perhaps I'm reading it incorrectly, but I still feel it's wise to wait
a little while and see if any more problems pop up, if stability is
important to you.  I also salute the courage of those who've tested
these recent changes.  Thank you all.


BAH Humbug

I updated/upgraded my amd64 on bookworms and it has not had any issues.

Chicken little syndrome?

--

It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/11/23 09:52, David Wright wrote:

On Sun 10 Dec 2023 at 15:51:02 (-0500), Pocket wrote:

On Dec 10, 2023, at 3:05 PM, David Wright wrote:
On Fri 08 Dec 2023 at 16:29:12 (-0500), Paul M Foster wrote:

On Fri, Dec 08, 2023 at 11:04:54AM -0600, David Wright wrote:
On Fri 08 Dec 2023 at 11:56:12 (-0500), Paul M Foster wrote:

I'm on Debian bookworm, using neomutt for email. Where there is an image to
view, viewing it in neomutt calls up one of the ImageMagick programs. I've set
the mailcap_path variable in my neomutt config to point to ~/.mailcap,

Similarly, I point it to ~/.config/mutt/mailcap-mutt, which is
a specially crafted subset of /etc/mailcap with a few additions
(like converting webp to a jpeg rather than opening in gimp,
and playing midi files the way I want).


and
set an entry in there for image/jpg to point to /usr/bin/feh. I've even set

  ↑↑↑ try jpeg


the "display" alternative to feh with update-alternatives. Still, mutt is
calling an imagemagick program to display jpgs.

First, if alternatives doesn't point to the imagemagick program, and the
mailcap file doesn't point to it, and there's nothing in the neomutt config
pointing to the imagemagick program, then where the heck is it getting that
as the program to use to display images?

An email would contain headers with the attachment.

↓
  Content-Type: image/jpeg
  Content-Disposition: attachment; filename="don.jpg"
  Content-Transfer-Encoding: base64

By default, mutt searches six directories for a mailcap file. When
found, the line in the mailcap starting with image/jpeg selects the
program to run.

If you see an extension in a mailcap field like   nametemplate=%s.jpg
that's to show that a filename matching that pattern should be given
to a copy of the attachment to satisfy the program that's going to
read it. But it's the attachment /content type/ that selects the
program, not the extension¹.


Second, how do I fix this so that mutt uses feh to display images?

I can't believe that worked. The /etc/mailcap has both (jpg and jpeg), and
the files I was looking at had a "jpg" extension.

But thanks for the tip.

A couple of programs in my /etc/mailcap (gpicview and gm) have
image/jpg lines, duplicating the image/jpeg entries, perhaps
as a "catch-all" for malformed emails containing image/jpg.
I don't know whether image/jpg is an official legacy type/iana-token.

¹ Re the argument raging in this thread about "extension", the
  term is clearly appropriate, as a glance at /etc/mime.types
  demonstrates. The literature is full of the term.

  I wouldn't want to use "suffix" myself, as it's too general:
  anything stuck on the end is a suffix, but not necessarily
  a filename extension. Suffixes are used for other purposes.

Suffix is the correct term.
File names in Linux are a character string of 255 chars.  Again there are not 
file extensions in a Linux file name.

People are conflating the issue.

Read the code, code good.

So you've said five or six times already. The trouble is that it's
difficult to square this with documentation not only of the OS in
the widest sense, but also the linux kernel itself, which uses the
term extension.

It's often stated, and has been in this thread, that the kernel uses
magic numbers at the start of executables rather than filename
extensions, and while this is true, it's not the only method.

Take a look, for example, at this file (choose your version):

   linux-source-5.10/Documentation/admin-guide/binfmt-misc.rst

   Kernel Support for miscellaneous Binary Formats (binfmt_misc)
   =

   This Kernel feature allows you to invoke almost (for restrictions
   see below) every program by simply typing its name in the shell.
   This includes for example compiled Java(TM), Python or Emacs programs.

   To achieve this you must tell binfmt_misc which interpreter has to
   be invoked with which binary. Binfmt_misc recognises the binary-type
   by matching some bytes at the beginning of the file with a magic
   byte sequence (masking out specified bits) you have supplied.
   Binfmt_misc can also recognise a filename extension aka ``.com``
   or ``.exe``.

   [ … ]

   ``magic``
   is the byte sequence binfmt_misc is matching for. The magic string
   may contain hex-encoded characters like ``\x0a`` or ``\xA4``. Note
   that you must escape any NUL bytes; parsing halts at the first one.
   In a shell environment you might have to write ``\\x0a`` to prevent
   the shell from eating your ``\``.
   If you chose filename extension matching, this is the extension to be
   recognised (without the ``.``, the ``\x0a`` specials are not allowed).
   Extension matching is case sensitive, and slashes ``/`` are not allowed!

Cheers,
David.



Where exactly is the variable defined in  the kernel source that a file 
extension is defined


f

Re: Image handling in mutt

[Pocket]

On 12/11/23 09:34, Vincent Lefevre wrote:

On 2023-12-11 15:16:57 +0100, to...@tuxteam.de wrote:

On Mon, Dec 11, 2023 at 02:58:01PM +0100, Vincent Lefevre wrote:

I do not care about the "microsoft world", and I doubt that this is
required there at the low level (what would be the equivalent of the
Linux kernel) [...]

This depends: the FAT file system (which still is the lowest common
denominator) actually reserves 8 chars for the file name and three
for the --ahem-- extension. The dot isn't encoded explicitly on-disk.

This is unrelated to the OS. The FAT file system may be used also
under Linux (e.g. because this is what some memory sticks have),
and there are the same limitations.



So you are implying that you can discard file extensions with MS-DOS 6.22?

That is false, from before Win7 MS operating systems REQUIRED a file 
extension to determine file type.


Linux has no such requirement.

--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/11/23 09:04, Vincent Lefevre wrote:

On 2023-12-11 08:16:30 -0500, Greg Wooledge wrote:

2) When *receiving* email, mutt will use the sender's MIME type label
to decide how to deal with the attachment.

But the notion of filename extension is even used in this context too.
Quoting the Mutt manual:


nametemplate=
   This field specifies the format for the file denoted by %s in
   the command fields. Certain programs will require a certain
   file extension, for instance, to correctly view a file. For
   instance, lynx will only interpret a file as text/html if the
   file ends in .html. So, you would specify lynx as a text/html
   viewer with a line in the mailcap file like:

text/html; lynx %s; nametemplate=%s.html


This is due to


3) Many other programs besides mutt will also use file extensions to
determine how to deal with input files.


/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:struct filename 
{
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:static_assert(offsetof(struct
 filename, iname) % sizeof(long) == 0);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:extern struct 
file *file_open_name(struct filename *, int, umode_t);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:extern struct 
filename *getname_flags(const char __user *, int, int *);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:extern struct 
filename *getname_uflags(const char __user *, int);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:extern struct 
filename *getname(const char __user *);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:extern struct 
filename *getname_kernel(const char *);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs.h:extern void 
putname(struct filename *name);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/fs_context.h:
struct filename *name;

/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_chdir(const char *filename);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_chroot(const char *filename);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_chown(const char *filename, uid_t user, gid_t group, int flags);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_chmod(const char *filename, umode_t mode);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_eaccess(const char *filename);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_stat(const char *filename, struct kstat *stat, int flags);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_mknod(const char *filename, umode_t mode, unsigned int dev);
/usr/src/linux-headers-6.1.0-rpi7-common-rpi/include/linux/init_syscalls.h:int 
__init init_utimes(char *filename, struct timespec64 *ts);


I must be blind as I don't see extension anywhere


--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/11/23 07:12, Vincent Lefevre wrote:

On 2023-12-10 15:51:02 -0500, Pocket wrote:

On Dec 10, 2023, at 3:05 PM, David Wright  wrote:

¹ Re the argument raging in this thread about "extension", the
  term is clearly appropriate, as a glance at /etc/mime.types
  demonstrates. The literature is full of the term.

  I wouldn't want to use "suffix" myself, as it's too general:
  anything stuck on the end is a suffix, but not necessarily
  a filename extension. Suffixes are used for other purposes.

Suffix is the correct term.

A filename extension is a suffix, but a suffix (e.g. as in POSIX)
is not necessarily a filename extension.


Not in the microsoft world, it is REQUIRED and that is what the OS needs 
to tell what kind of file it is dealing with.  Unix/Linux has no 
resrictions.




For instance:

$ basename foobar bar
foo

Here, "bar" is a suffix, but it does not have the form of a
filename extension.


No bar is part of the filespec




So the notion of "filename extension" is more specific


No it is microsoft non sense

https://www.man7.org/linux/man-pages/man4/magic.4.html

https://www.geeksforgeeks.org/working-with-magic-numbers-in-linux/

https://www.darwinsys.com/file/

Re: Image handling in mutt

[Pocket]

On 12/11/23 06:39, Vincent Lefevre wrote:

On 2023-12-08 17:06:15 -0500, Pocket wrote:

On 12/8/23 16:53, David wrote:

Hi, the filename extension is usually irrelevant on Linux, because
Linux tools typically
use the standard 'file' command to inspect the content of the
fileinstead of relying on
the filename to indicate content.

In Unix and Linux there isn't a file extension, that is a microsoft
invention.

More and more applications under Linux, like atril and lynx, care
about the file extension.


It is a suffix not extension.

Re: Image handling in mutt

[Pocket]

Sent from my iPad

> On Dec 10, 2023, at 3:05 PM, David Wright  wrote:
> 
> On Fri 08 Dec 2023 at 16:29:12 (-0500), Paul M Foster wrote:
>>> On Fri, Dec 08, 2023 at 11:04:54AM -0600, David Wright wrote:
>>> On Fri 08 Dec 2023 at 11:56:12 (-0500), Paul M Foster wrote:
 
 I'm on Debian bookworm, using neomutt for email. Where there is an image to
 view, viewing it in neomutt calls up one of the ImageMagick programs. I've 
 set
 the mailcap_path variable in my neomutt config to point to ~/.mailcap,
> 
> Similarly, I point it to ~/.config/mutt/mailcap-mutt, which is
> a specially crafted subset of /etc/mailcap with a few additions
> (like converting webp to a jpeg rather than opening in gimp,
> and playing midi files the way I want).
> 
 and
 set an entry in there for image/jpg to point to /usr/bin/feh. I've even set
>>>  ↑↑↑ try jpeg
>>> 
 the "display" alternative to feh with update-alternatives. Still, mutt is
 calling an imagemagick program to display jpgs.
 
 First, if alternatives doesn't point to the imagemagick program, and the
 mailcap file doesn't point to it, and there's nothing in the neomutt config
 pointing to the imagemagick program, then where the heck is it getting that
 as the program to use to display images?
> 
> An email would contain headers with the attachment.
> 
>↓
>  Content-Type: image/jpeg
>  Content-Disposition: attachment; filename="don.jpg"
>  Content-Transfer-Encoding: base64
> 
> By default, mutt searches six directories for a mailcap file. When
> found, the line in the mailcap starting with image/jpeg selects the
> program to run.
> 
> If you see an extension in a mailcap field like   nametemplate=%s.jpg
> that's to show that a filename matching that pattern should be given
> to a copy of the attachment to satisfy the program that's going to
> read it. But it's the attachment /content type/ that selects the
> program, not the extension¹.
> 
 Second, how do I fix this so that mutt uses feh to display images?
>> 
>> I can't believe that worked. The /etc/mailcap has both (jpg and jpeg), and
>> the files I was looking at had a "jpg" extension.
>> 
>> But thanks for the tip.
> 
> A couple of programs in my /etc/mailcap (gpicview and gm) have
> image/jpg lines, duplicating the image/jpeg entries, perhaps
> as a "catch-all" for malformed emails containing image/jpg.
> I don't know whether image/jpg is an official legacy type/iana-token.
> 
> ¹ Re the argument raging in this thread about "extension", the
>  term is clearly appropriate, as a glance at /etc/mime.types
>  demonstrates. The literature is full of the term.
> 
>  I wouldn't want to use "suffix" myself, as it's too general:
>  anything stuck on the end is a suffix, but not necessarily
>  a filename extension. Suffixes are used for other purposes.

Suffix is the correct term. 
File names in Linux are a character string of 255 chars.  Again there are not 
file extensions in a Linux file name.

People are conflating the issue.

Read the code, code good.

> 
> Cheers,
> David.
> 

Re: debian forgot usr pw

[Pocket]

On 12/9/23 01:29, Timothy M Butterworth wrote:



On Fri, Dec 8, 2023 at 7:56 AM Pocket  wrote:


On 12/8/23 00:05, John Hasler wrote:
> Gene writes:
>> AND (horrors) have written it down.
> That's the right thing to do.

Well you could always use the universal password of password

I use for example i use the following

for the root account the password is root

for my user account of pocket the password is pocket

No one will every guess those password so I am completely protected


Thanks now I have your passwords and your IP address from the SMTP 
header. 2001:41b8:202:deb:216:36ff:fe40:4002 Darn SSH is configured to 
use certificates. Your security is stronger than you let on.


LOL

whois 2001:41b8:202:deb:216:36ff:fe40:4002
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://apps.db.ripe.net/docs/HTML-Terms-And-Conditions

% Note: this output has been filtered.
%   To receive output for a database update, use the "-B" flag.

% Information related to '2001:41b8:202::/48'

% Abuse contact for '2001:41b8:202::/48' is 'ab...@man-da.de'

inet6num:   2001:41b8:202::/48
netname:    DE-MANDA-DEBIAN-V6-01
descr:  Debian Darmstadt Network
country:    DE
admin-c:    DSAT1-RIPE
tech-c: MAND2-RIPE
status: ASSIGNED
mnt-by: MANDA-MNT
created:    2015-07-09T09:24:37Z
last-modified:  2015-07-09T09:24:37Z
source: RIPE # Filtered

role:   Debian System Administrators Team
address:    Software in the Public Interest, Inc
address:    Debian Project
address:    1732 1st Ave #20327
address:    New York, NY 10128-5177
address:    United States
org:    ORG-DA330-RIPE
remarks:    
remarks:    **  in case of emergency find us on IRC   **
remarks:    **  irc://irc.debian.org/#debian-admin    **
remarks:    
remarks:    **
remarks:    
remarks:    **   Direct peering requests to   **
remarks:    ** peer...@debian.org  **
remarks:    

That doesn't belong to me





-- 


It's not easy to be me



--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀


--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/8/23 17:55, Greg Wooledge wrote:

On Fri, Dec 08, 2023 at 04:50:04PM -0600, John Hasler wrote:

Greg writes:

cc(1) and make(1) would like to have a talk with you.

Those are applications and can do whatever they want.  The OS does not
care about extensions.

What do you consider "the OS" to be, then?



https://www.britannica.com/technology/operating-system

https://en.wikipedia.org/wiki/Operating_system

https://www.geeksforgeeks.org/what-is-an-operating-system/





--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/8/23 18:17, Greg Wooledge wrote:

On Fri, Dec 08, 2023 at 05:59:58PM -0500, Pocket wrote:

On 12/8/23 17:54, Greg Wooledge wrote:

cc(1) looks at the file extension to decide what kind of content each
named argument file is expected to contain.

No it looks for a suffix

So Debian files have "suffixes" and Windows files have "extensions",
and they're identical in form and function, but you use different labels
for them?  OK then.


No "extensions" are required in ms operation systems.

A file spec in Unix/Linux is a string of 255 characters

look it up





rename a jpeg to farts, linux still knows it is a jpeg

Why would the *kernel* know any such thing?  Kernels do not care about
graphical file types.


--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/8/23 17:54, Greg Wooledge wrote:

On Fri, Dec 08, 2023 at 05:41:57PM -0500, Pocket wrote:

On 12/8/23 17:31, Greg Wooledge wrote:

On Fri, Dec 08, 2023 at 05:06:15PM -0500, Pocket wrote:

In Unix and Linux there isn't a file extension, that is a microsoft
invention.

cc(1) and make(1) would like to have a talk with you.


Linux/Unix filenaming specs would like to inform you.

file specs/naming i Unix and Linux are 355 characters and nothing more.

I am surprised you don't know that

cc(1) looks at the file extension to decide what kind of content each
named argument file is expected to contain.  A .c file is expected to
contain C language source code; a .o file is expected to contain object
code; a .s file is expected to contain assembly language source code;
and so on.  It invokes the compiler, the assembler, and/or the linker
depending on what kinds of files it has been given.



No it looks for a suffix




make(1) lets you define a rule for converting an input file with extension
E1 to an output file with extension E2.  These rules will be applied in
the absence of specific overrides.  If you define a rule like ".xx.yy:"
then make will use this to turn any *.xx file into a matching *.yy file.
Then you can type, for example, "make frog.yy" and it will look for
frog.xx and frog.yy, compare their timestamps, and if needed, apply your
custom rule to generate the frog.yy file.

While I'm giving examples, there's also Apache, which decides what
Content-type header to generate for a given static file based on its
extension.  I would imagine other web servers do the same thing.



Apache is an application that looks for a file suffix



And hey, I'm using mutt to compose and send this email.  If I were to
attach a file to this message, mutt would look at its extension to
decide what MIME type to give it.


rename a jpeg to farts, linux still knows it is a jpeg




Your notion that "most Unix programs use file(1) output to decide a file's
content" is simply not universal.  I don't even think it's *common*,
especially given how inconsistent file's output is.  Most programs
that need to determine content types dynamically look at extensions.
Even on Unix.


Non sense

--

It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/8/23 17:41, Pocket wrote:


On 12/8/23 17:31, Greg Wooledge wrote:

On Fri, Dec 08, 2023 at 05:06:15PM -0500, Pocket wrote:

In Unix and Linux there isn't a file extension, that is a microsoft
invention.

cc(1) and make(1) would like to have a talk with you.


Linux/Unix filenaming specs would like to inform you.

file specs/naming i Unix and Linux are 355 characters and nothing more.



file specs/naming in Unix and Linux are 255 characters and nothing more.




I am surprised you don't know that



--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/8/23 17:31, Greg Wooledge wrote:

On Fri, Dec 08, 2023 at 05:06:15PM -0500, Pocket wrote:

In Unix and Linux there isn't a file extension, that is a microsoft
invention.

cc(1) and make(1) would like to have a talk with you.


Linux/Unix filenaming specs would like to inform you.

file specs/naming i Unix and Linux are 355 characters and nothing more.

I am surprised you don't know that


--
It's not easy to be me

Re: Image handling in mutt

[Pocket]

On 12/8/23 16:53, David wrote:

On Fri, 8 Dec 2023 at 21:45, Paul M Foster  wrote:

On Fri, Dec 08, 2023 at 11:04:54AM -0600, David Wright wrote:

On Fri 08 Dec 2023 at 11:56:12 (-0500), Paul M Foster wrote:

I'm on Debian bookworm, using neomutt for email. Where there is an image to
view, viewing it in neomutt calls up one of the ImageMagick programs. I've set
the mailcap_path variable in my neomutt config to point to ~/.mailcap, and
set an entry in there for image/jpg to point to /usr/bin/feh. I've even set

   ↑↑↑ try jpeg


the "display" alternative to feh with update-alternatives. Still, mutt is
calling an imagemagick program to display jpgs.

First, if alternatives doesn't point to the imagemagick program, and the
mailcap file doesn't point to it, and there's nothing in the neomutt config
pointing to the imagemagick program, then where the heck is it getting that
as the program to use to display images?

Second, how do I fix this so that mutt uses feh to display images?

I can't believe that worked. The /etc/mailcap has both (jpg and jpeg), and
the files I was looking at had a "jpg" extension.

Hi, the filename extension is usually irrelevant on Linux, because
Linux tools typically
use the standard 'file' command to inspect the content of the
fileinstead of relying on
the filename to indicate content.



In Unix and Linux there isn't a file extension, that is a microsoft 
invention.


Unix and Linux filespecs are just a bunch of characters

https://www.linfo.org/file_name.html

The period in a linux filespec is just a period and nothing more




What is more likely important is that the keywords in the output of
'file '
command are correctly specified in your desired configuration.


--
It's not easy to be me

Re: Hardware TOTP on Linux

[Pocket]

On 12/8/23 13:13, John Hasler wrote:
Too

bad: it does everything I want except make phone calls.



Phones now a days are not expected nor intended to make phone calls



--


It's not easy to be me

Re: debian forgot usr pw

[Pocket]

On 12/8/23 00:05, John Hasler wrote:

Gene writes:

AND (horrors) have written it down.

That's the right thing to do.


Well you could always use the universal password of password

I use for example i use the following

for the root account the password is root

for my user account of pocket the password is pocket

No one will every guess those password so I am completely protected

--

It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/7/23 09:22, John Hasler wrote:

Greg writes:

You'd think that you can determine the length of the test by
subtracting the start time from the end time, right?

That would have worked had the times been stored as UTC (better yet, TAI
or Unix time since UTC can cause a similar problem).  Databases should
never store local time.


Yes that is true.

I use UTC on all my systems as I have some windows machines, one win xp 
dell laptop and two win 7 one laptop and one desktop.


The dell seems to be too old to use bookworm and the others are used for 
apps that only run on windows (3d cad engineering)


I just purchased a new laptop yesterday (the price was too good to pass 
up)  so I guess I will find out the trials and tribulations of 
installing bookworm on a new machine with secure boot and the new boot 
systems.  I have only have experience with BIOS boot loaders.


Maybe there will be another thread for that ;)

--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/7/23 07:16, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 11:46:50PM -0600, David Wright wrote:

On Wed 06 Dec 2023 at 18:16:42 (-0500), Pocket wrote:

Which BTW this whole discussion about timezones is just water over the dam.

The system should be set to UTC, the "timezone" issue is really just a
"human" issue as the UTC clock is always correct

While I'm glad we're not discussing whether or not the RTC is set to
UTC or TAI or local time, I do want my computers to display to /me/ the
correct date and time corresponding to my location. And when I travel,
I expect my phone to switch its display automatically, using some
reasonably up-to-date tables.

I haven't had time to read and follow up on Pocket's list of references,
but I'd like to respond to these points with a real anecdote.

One of our systems at work uses a database with a web front end, where
users input the starting and ending times of medical tests that have
been performed on a patient.  When the tests are finished, and all the
data have been entered, billing charges are generated, and these charges
depend on the length of the test.

You'd think that you can determine the length of the test by subtracting
the start time from the end time, right?  Unfortunately, that fails
two times a year, if you don't do it exactly right.  The naive approach
of simply looking at the time field ("test started at 01:45 and ended
at 03:15 the same day, so it must have lasted 90 minutes") is wrong.
You have to look at the entire date-plus-time as a single timestamp,
and interpret it within the correct time zone.  That test might have been
90 minutes, or it might have been 30 minutes, or it might have been 150
minutes, depending on whether a DST transition happened in that interval,
and which way the clock moved.

I *literally* had to fix that bug (in March).  This isn't hypothetical.



I worked with time keeping systems for a major player in the business 
back in 1995.


That feature of the government reared its ugly head back then as well.

People get more irate when they are not payed properly then they are 
from being over billed,


trust me been there done that.




Of course, the system I'm dealing with only covers tests that have been
performed recently, not tests from a century ago.  So the historical
interpretation of times under previous government DST rules *is*
hypothetical as far as this anecdote goes.  But I hope some of you can
appreciate it nonetheless.


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 19:46, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 07:37:32PM -0500, Pocket wrote:

On 12/6/23 19:26, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 07:23:18PM -0500, Pocket wrote:

On 12/6/23 19:12, Greg Wooledge wrote:

So, basically every reference I can find, and every reference I've *ever*
found, other than Pocket's email, has said that America/New_York is
correct for me.


See my other post

[citation needed]


See my other post

If you mean<https://lists.debian.org/debian-user/2023/12/msg00376.html>
there are zero URLs in your text.  "Someone named Pocket said so" is not a
strong enough assertion for me to reject every other source citation
I've found.


Start Here

The *Standard Time Act* of 1918, also known as the *Calder Act*, was the 
first United States <https://en.wikipedia.org/wiki/United_States> 
federal law implementing Standard time 
<https://en.wikipedia.org/wiki/Standard_time#North_America> and Daylight 
saving time in the United States 
<https://en.wikipedia.org/wiki/Daylight_saving_time_in_the_United_States>.^[2] 
<https://en.wikipedia.org/wiki/Standard_Time_Act#cite_note-2> It defined 
five time zones for the United States and authorized the Interstate 
Commerce Commission 
<https://en.wikipedia.org/wiki/Interstate_Commerce_Commission> to define 
the limits of each time zone.


The section concerning daylight saving time was repealed by the act 
titled /An Act For the repeal of the daylight-saving law/, Pub. L. 
<https://en.wikipedia.org/wiki/Public_Law_(United_States)>Tooltip Public 
Law (United States) 66–40 
<https://uslaw.link/citation/us-law/public/66/40>, 41 Stat. 
<https://en.wikipedia.org/wiki/United_States_Statutes_at_Large> 280 
<https://legislink.org/us/stat-41-280>, enacted August 20, 1919, over 
President Woodrow Wilson 
<https://en.wikipedia.org/wiki/Woodrow_Wilson>'s veto.


Section 264 of the act mistakenly placed most of the state of Idaho 
<https://en.wikipedia.org/wiki/Idaho> (south of the Salmon River 
<https://en.wikipedia.org/wiki/Salmon_River_(Idaho)>) in UTC−06:00 
<https://en.wikipedia.org/wiki/UTC%E2%88%9206:00> CST (Central Standard 
Time <https://en.wikipedia.org/wiki/Central_Standard_Time>), but was 
amended in 2007 by Congress to UTC−07:00 
<https://en.wikipedia.org/wiki/UTC%E2%88%9207:00> MST (Mountain Standard 
Time <https://en.wikipedia.org/wiki/Mountain_Standard_Time>).^[3] 
<https://en.wikipedia.org/wiki/Standard_Time_Act#cite_note-google-3> MST 
was observed prior to the correction.




--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 19:26, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 07:23:18PM -0500, Pocket wrote:

On 12/6/23 19:12, Greg Wooledge wrote:

So, basically every reference I can find, and every reference I've *ever*
found, other than Pocket's email, has said that America/New_York is
correct for me.


See my other post

[citation needed]


See my other post

--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 19:12, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 06:11:16PM -0500, Pocket wrote:

Because DST was not in force/usage except the metro NYC. Every where else
didn't use/have it.

That makes EST5DST correct except for NYC and America/New_York completely
incorrect except of course NYC.

(EST5EDT not EST5DST.)  Now this is interesting.  If the America/New_York
zone definition is *wrong* for me, then I'd like to use one that's less
wrong.  Is there an "Olson format" time zone definition that's actually
correct for cities like... Cleveland, just as a random example?

I found
<https://www.convertit.com/Go/ConvertIt/World_Time/Current_Time.ASP?For=Cleveland+Ohio+United+States>
which says that Cleveland is using America/New_York ... and basically
all the other web sites I've found either show just the current time
(gee thanks, I knew the *current* time), or they only have data back
to 1970, like <https://www.timeanddate.com/time/zone/usa/cleveland>.

Looking at the actual tzdata source, as present in Debian
<https://salsa.debian.org/glibc-team/tzdata/-/blob/sid/northamerica>
I see the following comments:

# US eastern time, represented by New York

# Connecticut, Delaware, District of Columbia, most of Florida,
# Georgia, southeast Indiana (Dearborn and Ohio counties), eastern Kentucky
# (except America/Kentucky/Louisville below), Maine, Maryland, Massachusetts,
# New Hampshire, New Jersey, New York, North Carolina, Ohio,
# Pennsylvania, Rhode Island, South Carolina, eastern Tennessee,
# Vermont, Virginia, West Virginia

So, basically every reference I can find, and every reference I've *ever*
found, other than Pocket's email, has said that America/New_York is
correct for me.


See my other post


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 18:28, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 02:50:50PM -0500, Pocket wrote:

Well since I am not going to set any of my systems to a time in 1920, then I 
believe I am save from the time machines.

It's not just about your system's current time.  It's about timestamps
that you handle in any kind of software.  If you process dates and times
from the past, e.g. in a database application, and intend to display
them to humans, then you'll want to use a historically accurate timezone.

Which America/New_York is incorrect from 1918 to 1966, possibly into the 
1970s/80s depending upon your location in the Eastern Standard Time zone.



--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 15:28, David Wright wrote:

Likely none for times present and future, unless Eric Adams should
pass a timezone bill. (In the 2010s, several U.S. states considered
legislation to move from the Eastern Time Zone to Atlantic Standard
Time, allegedly.)

But I've already posted an example in this thread where these
timezones give different answers:

   https://lists.debian.org/debian-user/2023/12/msg00329.html

Cheers,
David.


Which BTW this whole discussion about timezones is just water over the dam.

The system should be set to UTC, the "timezone" issue is really just a 
"human" issue as the UTC clock is always correct


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 15:41, David Wright wrote:

On Wed 06 Dec 2023 at 13:27:40 (-0500), Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 01:02:45PM -0500, Pocket wrote:

TZ=POSIX;date
Wed Dec  6 18:00:38 POSIX 2023

"POSIX" is not a valid timezone name in Debian 12.  Therefore you're
just seeing UTC here.  Giving an invalid TZ always gives you UTC, but
with whatever crazy-ass name you used echoed back at you, to give you
the illusion that your name was valid.  It's a *huge* pitfall.  I've been
bit by this myself.


TZ=America/New_York;date
Wed Dec  6 13:00:21 EST 2023

TZ=EST5DST;date
Wed Dec  6 13:01:10 EST 2023

What is the problem?

Gods DAMN it.  I didn't want to have to dig through these stupid zone
dumps, but you're FORCING my hand.

unicorn:~$ zdump -v -c 1918,1950 EST5EDT
EST5EDT  -9223372036854775808 = NULL
EST5EDT  -9223372036854689408 = NULL




EST5EDT  Sun Mar 31 06:59:59 1918 UT = Sun Mar 31 01:59:59 1918 EST isdst=0 
gmtoff=-18000
EST5EDT  Sun Mar 31 07:00:00 1918 UT = Sun Mar 31 03:00:00 1918 EDT isdst=1 
gmtoff=-14400
EST5EDT  Sun Oct 27 05:59:59 1918 UT = Sun Oct 27 01:59:59 1918 EDT isdst=1 
gmtoff=-14400
EST5EDT  Sun Oct 27 06:00:00 1918 UT = Sun Oct 27 01:00:00 1918 EST isdst=0 
gmtoff=-18000
EST5EDT  Sun Mar 30 06:59:59 1919 UT = Sun Mar 30 01:59:59 1919 EST isdst=0 
gmtoff=-18000
EST5EDT  Sun Mar 30 07:00:00 1919 UT = Sun Mar 30 03:00:00 1919 EDT isdst=1 
gmtoff=-14400
EST5EDT  Sun Oct 26 05:59:59 1919 UT = Sun Oct 26 01:59:59 1919 EDT isdst=1 
gmtoff=-14400
EST5EDT  Sun Oct 26 06:00:00 1919 UT = Sun Oct 26 01:00:00 1919 EST isdst=0 
gmtoff=-18000




EST5EDT  Mon Feb  9 06:59:59 1942 UT = Mon Feb  9 01:59:59 1942 EST isdst=0 
gmtoff=-18000
EST5EDT  Mon Feb  9 07:00:00 1942 UT = Mon Feb  9 03:00:00 1942 EWT isdst=1 
gmtoff=-14400
EST5EDT  Tue Aug 14 22:59:59 1945 UT = Tue Aug 14 18:59:59 1945 EWT isdst=1 
gmtoff=-14400
EST5EDT  Tue Aug 14 23:00:00 1945 UT = Tue Aug 14 19:00:00 1945 EPT isdst=1 
gmtoff=-14400
EST5EDT  Sun Sep 30 05:59:59 1945 UT = Sun Sep 30 01:59:59 1945 EPT isdst=1 
gmtoff=-14400
EST5EDT  Sun Sep 30 06:00:00 1945 UT = Sun Sep 30 01:00:00 1945 EST isdst=0 
gmtoff=-18000




EST5EDT  9223372036854689407 = NULL
EST5EDT  9223372036854775807 = NULL

OK?  There's dump number one.  Now let's compare to dump number two:

unicorn:~$ zdump -v -c 1918,1950 America/New_York
America/New_York  -9223372036854775808 = NULL
America/New_York  -9223372036854689408 = NULL
America/New_York  Sun Mar 31 06:59:59 1918 UT = Sun Mar 31 01:59:59 1918 EST 
isdst=0 gmtoff=-18000
America/New_York  Sun Mar 31 07:00:00 1918 UT = Sun Mar 31 03:00:00 1918 EDT 
isdst=1 gmtoff=-14400
America/New_York  Sun Oct 27 05:59:59 1918 UT = Sun Oct 27 01:59:59 1918 EDT 
isdst=1 gmtoff=-14400
America/New_York  Sun Oct 27 06:00:00 1918 UT = Sun Oct 27 01:00:00 1918 EST 
isdst=0 gmtoff=-18000
America/New_York  Sun Mar 30 06:59:59 1919 UT = Sun Mar 30 01:59:59 1919 EST 
isdst=0 gmtoff=-18000
America/New_York  Sun Mar 30 07:00:00 1919 UT = Sun Mar 30 03:00:00 1919 EDT 
isdst=1 gmtoff=-14400
America/New_York  Sun Oct 26 05:59:59 1919 UT = Sun Oct 26 01:59:59 1919 EDT 
isdst=1 gmtoff=-14400
America/New_York  Sun Oct 26 06:00:00 1919 UT = Sun Oct 26 01:00:00 1919 EST 
isdst=0 gmtoff=-18000
America/New_York  Sun Mar 28 06:59:59 1920 UT = Sun Mar 28 01:59:59 1920 EST 
isdst=0 gmtoff=-18000
America/New_York  Sun Mar 28 07:00:00 1920 UT = Sun Mar 28 03:00:00 1920 EDT 
isdst=1 gmtoff=-14400
America/New_York  Sun Oct 31 05:59:59 1920 UT = Sun Oct 31 01:59:59 1920 EDT 
isdst=1 gmtoff=-14400
America/New_York  Sun Oct 31 06:00:00 1920 UT = Sun Oct 31 01:00:00 1920 EST 
isdst=0 gmtoff=-18000
[...]

I'm truncating this one because it's much longer.  Apparently this one
shows every year, even if there are no DST rule changes that year.  What
does this mean?  Hell if I know.

Comparing zdump -v America/New_York | cut -b 19- > /tmp/a-ny
with  zdump -v EST5EDT | cut -b 10- > /tmp/e5e

shows that the former starts at 1883 (no changes then until 1918,
 above), and the latter omits the period 1920–1966, except
for War Time and Peace Time (between  and ).


Because DST was not in force/usage except the metro NYC. Every where 
else didn't use/have it.


That makes EST5DST correct except for NYC and America/New_York 
completely incorrect except of course NYC.


Which is why I prefer to use EST5DST


BTW there isn't any timezone called America/New_York, it is or course 
the Eastern Standard Time Zone.


America/New_your should actually be called America/Eastern.  The POSIX 
EST5DST is closer to being correct.





I've expanded my guesses as to why. I had thought that it might be
because the "Unix System V approach from New Jersey (insert
appropriate booing for best effect)" implied that NJ didn't observe
DST over that period, but perhaps it's just that there's no way to
determine single dates for changing the clocks.

  "Having rallied the general public

Re: ntpsec as server questions

[Pocket]


Sent from my iPad

> On Dec 6, 2023, at 1:28 PM, Greg Wooledge  wrote:
> 
> On Wed, Dec 06, 2023 at 01:02:45PM -0500, Pocket wrote:
>> TZ=POSIX;date
>> Wed Dec  6 18:00:38 POSIX 2023
> 
> "POSIX" is not a valid timezone name in Debian 12.  Therefore you're
> just seeing UTC here.  Giving an invalid TZ always gives you UTC, but
> with whatever crazy-ass name you used echoed back at you, to give you
> the illusion that your name was valid.  It's a *huge* pitfall.  I've been
> bit by this myself.
> 
>> TZ=America/New_York;date
>> Wed Dec  6 13:00:21 EST 2023
>> TZ=EST5DST;date
>> Wed Dec  6 13:01:10 EST 2023
>> What is the problem?
> 
> Gods DAMN it.  I didn't want to have to dig through these stupid zone
> dumps, but you're FORCING my hand.
> 
> unicorn:~$ zdump -v -c 1918,1950 EST5EDT
> EST5EDT  -9223372036854775808 = NULL
> EST5EDT  -9223372036854689408 = NULL
> EST5EDT  Sun Mar 31 06:59:59 1918 UT = Sun Mar 31 01:59:59 1918 EST isdst=0 
> gmtoff=-18000
> EST5EDT  Sun Mar 31 07:00:00 1918 UT = Sun Mar 31 03:00:00 1918 EDT isdst=1 
> gmtoff=-14400
> EST5EDT  Sun Oct 27 05:59:59 1918 UT = Sun Oct 27 01:59:59 1918 EDT isdst=1 
> gmtoff=-14400
> EST5EDT  Sun Oct 27 06:00:00 1918 UT = Sun Oct 27 01:00:00 1918 EST isdst=0 
> gmtoff=-18000
> EST5EDT  Sun Mar 30 06:59:59 1919 UT = Sun Mar 30 01:59:59 1919 EST isdst=0 
> gmtoff=-18000
> EST5EDT  Sun Mar 30 07:00:00 1919 UT = Sun Mar 30 03:00:00 1919 EDT isdst=1 
> gmtoff=-14400
> EST5EDT  Sun Oct 26 05:59:59 1919 UT = Sun Oct 26 01:59:59 1919 EDT isdst=1 
> gmtoff=-14400
> EST5EDT  Sun Oct 26 06:00:00 1919 UT = Sun Oct 26 01:00:00 1919 EST isdst=0 
> gmtoff=-18000
> EST5EDT  Mon Feb  9 06:59:59 1942 UT = Mon Feb  9 01:59:59 1942 EST isdst=0 
> gmtoff=-18000
> EST5EDT  Mon Feb  9 07:00:00 1942 UT = Mon Feb  9 03:00:00 1942 EWT isdst=1 
> gmtoff=-14400
> EST5EDT  Tue Aug 14 22:59:59 1945 UT = Tue Aug 14 18:59:59 1945 EWT isdst=1 
> gmtoff=-14400
> EST5EDT  Tue Aug 14 23:00:00 1945 UT = Tue Aug 14 19:00:00 1945 EPT isdst=1 
> gmtoff=-14400
> EST5EDT  Sun Sep 30 05:59:59 1945 UT = Sun Sep 30 01:59:59 1945 EPT isdst=1 
> gmtoff=-14400
> EST5EDT  Sun Sep 30 06:00:00 1945 UT = Sun Sep 30 01:00:00 1945 EST isdst=0 
> gmtoff=-18000
> EST5EDT  9223372036854689407 = NULL
> EST5EDT  9223372036854775807 = NULL
> 
> OK?  There's dump number one.  Now let's compare to dump number two:
> 
> unicorn:~$ zdump -v -c 1918,1950 America/New_York
> America/New_York  -9223372036854775808 = NULL
> America/New_York  -9223372036854689408 = NULL
> America/New_York  Sun Mar 31 06:59:59 1918 UT = Sun Mar 31 01:59:59 1918 EST 
> isdst=0 gmtoff=-18000
> America/New_York  Sun Mar 31 07:00:00 1918 UT = Sun Mar 31 03:00:00 1918 EDT 
> isdst=1 gmtoff=-14400
> America/New_York  Sun Oct 27 05:59:59 1918 UT = Sun Oct 27 01:59:59 1918 EDT 
> isdst=1 gmtoff=-14400
> America/New_York  Sun Oct 27 06:00:00 1918 UT = Sun Oct 27 01:00:00 1918 EST 
> isdst=0 gmtoff=-18000
> America/New_York  Sun Mar 30 06:59:59 1919 UT = Sun Mar 30 01:59:59 1919 EST 
> isdst=0 gmtoff=-18000
> America/New_York  Sun Mar 30 07:00:00 1919 UT = Sun Mar 30 03:00:00 1919 EDT 
> isdst=1 gmtoff=-14400
> America/New_York  Sun Oct 26 05:59:59 1919 UT = Sun Oct 26 01:59:59 1919 EDT 
> isdst=1 gmtoff=-14400
> America/New_York  Sun Oct 26 06:00:00 1919 UT = Sun Oct 26 01:00:00 1919 EST 
> isdst=0 gmtoff=-18000
> America/New_York  Sun Mar 28 06:59:59 1920 UT = Sun Mar 28 01:59:59 1920 EST 
> isdst=0 gmtoff=-18000
> America/New_York  Sun Mar 28 07:00:00 1920 UT = Sun Mar 28 03:00:00 1920 EDT 
> isdst=1 gmtoff=-14400
> America/New_York  Sun Oct 31 05:59:59 1920 UT = Sun Oct 31 01:59:59 1920 EDT 
> isdst=1 gmtoff=-14400
> America/New_York  Sun Oct 31 06:00:00 1920 UT = Sun Oct 31 01:00:00 1920 EST 
> isdst=0 gmtoff=-18000
> [...]
> 
> I'm truncating this one because it's much longer.  Apparently this one
> shows every year, even if there are no DST rule changes that year.  What
> does this mean?  Hell if I know.  Let's pick a date that's in one of
> these dumps but not the other, shall we?
> 
> unicorn:~$ TZ=America/New_York date -d '1920-03-28 +4 hours'
> Sun Mar 28 05:00:00 EDT 1920
> unicorn:~$ TZ=EST5EDT date -d '1920-03-28 +4 hours'
> Sun Mar 28 04:00:00 EST 1920
> 
> There.  There's a timestamp where you get a different result.  I'm
> sure there are more.
> 
> If being wrong about times in 1920 (and probably other years as well)
> is not acceptable to you, then you should switch to America/New_York.
> 
> If the idea that you would ever CARE about the clock reading at various
> times during the 1920s is laughable to you, then do whatever you want,
> but please don't advocate that o

Re: ntpsec as server questions

[Pocket]

On 12/6/23 12:55, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 05:40:00PM -, Curt wrote:

  POSIX format specification

  The POSIX time zone format is the traditionally used format for AIX systems 
and
  provides a slight performance advantage over the Olson time zone format.
  Example of a POSIX format is EST5EDT.

  The advantage of POSIX is that you can easily and explicitly specify the time
  zone and daylight saving time (DST) details manually, however you wish. The
  performance of applications that call time functions will be faster than using
  Olson specification. And whenever a nation's government decides to change its
  DST rules, the POSIX format is simpler because we can simply change the
  variable definition. There is no need to install any new patch to update time
  database files, as Olson requires.

Does this apply to "us?"

https://developer.ibm.com/articles/au-aix-posix/

This does *not* describe how Debian's EST5EDT, and similarly named
zones, work.  Debian's time zones use a database of DST transition
periods -- all of them, even EST5EDT.  It's just a different set of
transitions than America/New_York uses.

Also, you snipped the rest of that section:

   The disadvantage of this approach is that it cannot track the history
   of timezone-related changes and it is not easy to read as it looks
   cryptic. When a government changes the rules and you update your time
   zone (TZ) variable, it is assumed to be the same DST rule for all
   years past and future.

That's a fairly important paragraph.

Applying the same rules to a timestamp in 2023 and a timestamp in 2006
may give incorrect results, as the DST rules in the US changed in 2007.
That's why the method described by this AIX manual is no longer in
common use.


TZ=POSIX;date
Wed Dec  6 18:00:38 POSIX 2023

TZ=America/New_York;date
Wed Dec  6 13:00:21 EST 2023

TZ=EST5DST;date
Wed Dec  6 13:01:10 EST 2023

What is the problem?

--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 12:24, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 12:06:04PM -0500, Pocket wrote:

 From the README

The information in the time zone data files is by no means authoritative;
fixes and enhancements are welcome.  Please see the file CONTRIBUTING
for details

I take that as chaos reins supreme and one zone is no better or worst that
the other(s)

IE there is no "standard"

The standards are determined by government entities.  The question is
how accurately a given time zone reflects the decisions made by the
government entities within a given political space.

If America/New_York more accurately describes the tracking of political
timekeeping within the Eastern part of the United States (with specific
exceptions, e.g. Kentucky) than EST5EDT does, then America/New_York
should be preferred for most purposes.


Well I have used EST5DST for many years, maybe decades and I have yet to have an issue 
with it, so I wouldn't want to "prefer" America/New_York over EST5DST.

I haven't found any thing to bump me into changing the time zone file.
Until I have issues with it I will continue to use it.

If it ain't broke don't fix it.


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 11:42, Max Nikulin wrote:

On 06/12/2023 12:22, David Wright wrote:

On Tue 05 Dec 2023 at 23:37:31 (+0700), Max Nikulin wrote:

I am surprised that POSIX EST5EDT timezone has irregularities at least
as it is implemented in GNU libc. I believed that it specifies just
standard and summer time.


During WWII they had War Time, just as Britain had Double Summer Time,
with Summer Time through the winters.


I was aware of special DST rules during WWII, but I did not expect 
that "EST5EDT" may include any historical data. Certainly it does not 
explicitly specify days when summer time is effective, just 
abbreviations "EST" and "EDT" with time offset of 5 hours behind UTC 
for "EST". Partial time transition history is new for me for these 
kind of time zones.


https://en.wikipedia.org/wiki/Daylight_saving_time_in_the_United_States
is a long enough article.


I don't know who maintains the legacy EST5EDT zone, or for whom;
the quotation below suggests that it may just follow New Jersey.
For a long period after the war, it seems the timezones in the US
were all over the place.


https://data.iana.org/time-zones/theory.html :

Older versions of this package defined legacy names that are
incompatible with the first guideline of location names, but which are
still supported. These legacy names are mostly defined in the file
'etcetera'. Also, the file 'backward' defines the legacy names
'Etc/GMT0', 'Etc/GMT-0', 'Etc/GMT+0', 'GMT0', 'GMT-0' and 'GMT+0', and
the file 'northamerica' defines the legacy names 'EST5EDT', 'CST6CDT',
'MST7MDT', and 'PST8PDT'.

[...]

POSIX does not define the DST transitions for TZ values like "EST5EDT".
Traditionally the current US DST rules were used to interpret such
values, but this meant that the US DST rules were compiled into each
time conversion package, and when US time conversion rules changed (as
in the United States in 1987 and again in 2007), all packages that
interpreted TZ values had to be updated to ensure proper results.


My reading of this document is that EST5EDT file in tzdata is a POSIX 
extension, not "true" POSIX.


A lot of details concerning database contents are given if files like
https://github.com/eggert/tz/blob/main/northamerica

I have not noticed any America/* timezone that strictly follows EST5EDT.



From the README

The information in the time zone data files is by no means authoritative;
fixes and enhancements are welcome.  Please see the file CONTRIBUTING
for details

I take that as chaos reins supreme and one zone is no better or worst 
that the other(s)


IE there is no "standard"


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 11:18, Greg Wooledge wrote:

On Wed, Dec 06, 2023 at 10:44:42AM -0500, Pocket wrote:

Well POSIX has worked for me since the days of Xenix and System V.

Well, most of the goofy time zone changes were all *before* that.  But
there's at least one that happened more recently

unicorn:~$ TZ=EST5EDT date -d '2006-03-12 +4 hours'
Sun Mar 12 04:00:00 EST 2006

unicorn:~$ TZ=EST5EDT date -d '2007-03-11 +4 hours'
Sun Mar 11 05:00:00 EDT 2007

So, OK, I guess the EST5EDT time zone in Debian 12 properly handles
the change to start of DST in the US in 2007 (and more specifically,
handles dates *older* than that using the historic rules instead of
the current rules).

Looking at other periods of interest from Wikipedia:

unicorn:~$ TZ=EST5EDT date -d '1987-04-05 +4 hours'
Sun Apr  5 05:00:00 EDT 1987

unicorn:~$ TZ=EST5EDT date -d '1974-01-06 +4 hours'
Sun Jan  6 05:00:00 EDT 1974

unicorn:~$ TZ=EST5EDT date -d '1967-04-30 +4 hours'
Sun Apr 30 05:00:00 EDT 1967

I guess EST5EDT in Debian 12 is more like a synonym for America/New_York
than a real historical EST5EDT as described by Erik Naggum
<https://naggum.no/lugm-time.html>.

If this is satisfactory, then you can continue using the legacy time
zone without running into problems.  At least on current Debian systems.
I wouldn't know how well-behaved that time zone is on other systems.



I used POSIX time zones on other systems including my custom scratch 
built ones.


The custom built systems was built using a cross compiler for the AMD64, 
aarch64 and armv7a platforms.


Never had an issue.

Don't see what the issue is here?




Honestly, I don't see the appeal of using legacy time zone names.  Is
it just for the sake of contrariness?


diff /usr/share/zoneinfo/EST5EDT /usr/share/zoneinfo/America/New_York
Binary files /usr/share/zoneinfo/EST5EDT and 
/usr/share/zoneinfo/America/New_York differ


Because I can ;}


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 10:07, Max Nikulin wrote:

On 06/12/2023 20:08, Pocket wrote:

On 12/6/23 07:22, Max Nikulin wrote:

On 06/12/2023 00:03, Pocket wrote:

On 12/5/23 11:37, Max Nikulin wrote:

 dpkg-reconfigure tzdata


That does not work. Cannot set EST5EDT.  you have to do that manually.


Do you have reasons to prefer EST5EDT to IANA identifiers like 
America/Detroit, America/New_York, etc. (that have some differences 
from EST5EDT)? Location-based time zones should be more precise for 
most of users.

[...]

I follow POSIX


There are enough oversights in various standards. When accurate time 
zone DB is unavailable, POSIX ones might be used (if risk to get wrong 
results is accepted). Otherwise, from my of view, it is a legacy to 
keep aside and a kind of cargo cult. That is why I asked concerning 
your reasons.



Well POSIX has worked for me since the days of Xenix and System V.





I introduced EST5DST to this by simply posted my configuration.


Maybe due to language barrier I perceived it as a recommendation for 
Gene. The same time zone appeared earlier in a Gene's message. Perhaps 
he still has it as the /etc/localtime link target. Of course, you are 
free to have whatever you want in your configuration. Please, be 
responsible suggesting anything to others.



I post what works for and the information I have found due to my research.

It doesn't mean what I use will work or solve others issues.

If it offends you then so be it.


Many times I will research an issue and NOT use what others posted as it 
doesn't work for me.


I may end up finding my own solution.




Do you really need TZ environment variable especially set to the 
value in system-wide configuration?

[...]
I doesn't hurt anything, What if I install some application that uses 
it and it is not set?


It may cause waste of time when you will need to change time zone. If 
not all occurrences are updated you may see wrong time. For me it is a 
reason to avoid unnecessary settings.



Which is why I use a script to change it





cat /etc/default/locale
LANG=POSIX


Does it set UTF-8 encoding? Sometimes I use C.UTF-8. However there are 
enough subtle differences (sorting, etc.) from any en_* locale.





locale charmap
ANSI_X3.4-1968

--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/6/23 07:22, Max Nikulin wrote:

On 06/12/2023 00:03, Pocket wrote:

On 12/5/23 11:37, Max Nikulin wrote:

On 05/12/2023 05:14, Pocket wrote:



For gene

[...]


 dpkg-reconfigure tzdata


That does not work. Cannot set EST5EDT.  you have to do that manually.


Do you have reasons to prefer EST5EDT to IANA identifiers like 
America/Detroit, America/New_York, etc. (that have some differences 
from EST5EDT)? Location-based time zones should be more precise for 
most of users.


I find it reasonable that "dpkg-reconfigure tzdata" forces users to 
set a timezone that should provide more accurate results for them.



I follow POSIX




I have seen America/New_York in a couple of Gene's messages including
https://lists.debian.org/msgid-search/7ba9b8bc-2929-4a3d-8007-a1b5c7f6f...@shentel.net 

so I assume it is one that he should use. My impression is that 
EST5EDT appeared unintentionally.




I introduced EST5DST to this by simply posted my configuration.



I don't use KDE, I am using LXDE and systems without desktops.

Comment that part out of the shell script.


Do you really need TZ environment variable especially set to the value 
in system-wide configuration? In the Gene's case I mentioned it for 
the case that some piece of software decided to set it, but I have not 
recommended to set it. It is a way to make debugging of a next issue 
harder.




I doesn't hurt anything, What if I install some application that uses it 
and it is not set?



Sorry, I do not have a VM with LXDE to check if TZ is actually set for 
applications. It may depend on display manager configuration and on 
the approach to launch applications: window manager children or 
systemd session.


Anyway I noticed "For gene" and I remember that he uses KDE that has a 
GUI for it. However I am unsure if KDE is installed to this 3d printer 
controller.



Which is why I use it.

/usr/share/zoneinfo/posix/EST5EDT is a symlilnk to 
/usr/share/zoneinfo/EST5EDT


And it is rather confusing since arbitrary abbreviations may be used 
to specify POSIX time zones, e.g. ABC5DEF. From my point of view, it 
is just legacy since the time zone database is available.


It was painful when JavaScript (ECMAScript 5) had fixed DST rules 
based on current regulations. Chrome followed the standard, Firefox 
used accurate history of time transitions. I have not checked POSIX, 
but I see that GNU libc approach is something third in between.


Let's use time zones that allows to get accurate local time.


You use want works for you I will use what works for me.

Anyway I will use the timezone that I wish to use and that is EST5EDT.  
All my systems are set to POSIX standards.


cat /etc/default/locale
LANG=POSIX

Re: ntpsec as server questions

[Pocket]

On 12/5/23 12:21, gene heskett wrote:

On 12/5/23 11:38, Max Nikulin wrote:


On 05/12/2023 05:14, Pocket wrote:
For 
gene..

[...]

zone=EST5EDT
zoneinfo=/usr/share/zoneinfo
localtime=/etc/localtime
timezone=/etc/timezone
profile=/etc/profile.d
if [ -e "$zoneinfo"/"$zone" ];then
     ln -sf "$zoneinfo"/"$zone" "$localtime"
else
     printf "%s\n" "Invalid zone: $zoneinfo/$zone"
     exit 1
fi
printf "%s\n" "$zone" > "$timezone"
printf "%s\n" "TZ=$zone;export TZ" > "$profile"/timezone.sh


To set /etc/localtime and /etc/timezone I would recommend the command 
that has been repeated several times in this thread:


  dpkg-reconfigure tzdata


That was not tried.



And won't work if you want to use a POSIX time zone


And I would recommend against setting the TZ environment variable 
unless it is really necessary. If somebody needs it then it is better 
to do it in /etc/environment.d as well. KDE has its own GUI to set 
user-specific timezone, but I am unsure if selected value will be 
applied in the case of console or ssh login.


I am surprised that POSIX EST5EDT timezone has irregularities at 
least as it is implemented in GNU libc. I believed that it specifies 
just standard and summer time.


Both America/New_York and the ESTSEDT methods are available on this 
elderly buster install. tzselect outputs the America/ version.


In retrospect, I think making /etc/localtime a link to /etc/timezone 
would probably have made this endless thread moot. That would work 
until some update which will never happen now, deletes /etc/timezone.



That should not be done.

/etc/timezone contains the name (filespec) of the time zone not a 
"pointer" to the time zone file





The education of Gene continues... I've learned a lot.  Thank you all.

Cheers, Gene Heskett.


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/5/23 11:37, Max Nikulin wrote:


On 05/12/2023 05:14, Pocket wrote:
For 
gene..

[...]

zone=EST5EDT
zoneinfo=/usr/share/zoneinfo
localtime=/etc/localtime
timezone=/etc/timezone
profile=/etc/profile.d
if [ -e "$zoneinfo"/"$zone" ];then
     ln -sf "$zoneinfo"/"$zone" "$localtime"
else
     printf "%s\n" "Invalid zone: $zoneinfo/$zone"
     exit 1
fi
printf "%s\n" "$zone" > "$timezone"
printf "%s\n" "TZ=$zone;export TZ" > "$profile"/timezone.sh


To set /etc/localtime and /etc/timezone I would recommend the command 
that has been repeated several times in this thread:


 dpkg-reconfigure tzdata



That does not work. Cannot set EST5EDT.  you have to do that manually.

You also can not select any of the POSIX time zones which indecently 
EST5EDT is one of those



And I would recommend against setting the TZ environment variable 
unless it is really necessary. If somebody needs it then it is better 
to do it in /etc/environment.d as well. KDE has its own GUI to set 
user-specific timezone, but I am unsure if selected value will be 
applied in the case of console or ssh login.



I don't use KDE, I am using LXDE and systems without desktops.

Comment that part out of the shell script.


I script all my setups, so I can apply them to all the systems I have.

For example:

openssh-server.sh

bind.sh

nginx.sh

nfs-client.sh

nfs-server.sh

The scripts install the debian packages required and then setup the 
configuration.





I am surprised that POSIX EST5EDT timezone has irregularities at least 
as it is implemented in GNU libc. I believed that it specifies just 
standard and summer time.


LANG=C.UTF-8 TZ=EST5EDT date -d 'TZ="Z" 1940-01-01 00:00'
Sun Dec 31 19:00:00 EST 1939

LANG=C.UTF-8 TZ=EST5EDT date -d 'TZ="Z" 1943-01-01 00:00'
Thu Dec 31 20:00:00 EWT 1942

However since these rules are specific to US, I would prefer IANA 
identifiers like America/New_York.



Which is why I use it.

/usr/share/zoneinfo/posix/EST5EDT is a symlilnk to 
/usr/share/zoneinfo/EST5EDT





https://naggum.no/lugm-time.html
Erik Naggum. A Long, Painful History of Time. 1999

8.2 Timezone Representation

David Olsen of Digital Equipment Corporation has laid down a tremendous
amount of work in collecting the timezones of the world and their
daylight saving time boundaries. Contrary to the Unix System V approach
from New Jersey (insert appropriate booing for best effect), which
codifies a daylight saving time regime only for the current year, and
apply it to all years, David Olsen's approach is to maintain tables of
all the timezone changes.





--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/4/23 15:28, gene heskett wrote:

On 12/4/23 07:17, Greg Wooledge wrote:


ls -hal /etc/localtime
lrwxrwxrwx 1 root root 27 Nov  1 18:21 /etc/localtime ->
/usr/share/zoneinfo/EST5EDT


And using mc to edit that link fixed it, I am now getting the correct 
time from date, thank you a lot.


But maybe a bug against tzselect s/b filed, IMNSHO it should have 
fixed that. It did not.


Cheers, Gene Heskett.



For gene..

#!/usr/bin/dash
#-
#    Title: timezone.sh
#    Date: 2023-12-04
#    Version: 1.0
#    Author: poc...@columbus.rr.com
#-
set -o errexit    # exit if error...insurance ;)
set -o nounset    # exit if variable not initialized
#-
zone=EST5EDT
zoneinfo=/usr/share/zoneinfo
localtime=/etc/localtime
timezone=/etc/timezone
profile=/etc/profile.d
if [ -e "$zoneinfo"/"$zone" ];then
    ln -sf "$zoneinfo"/"$zone" "$localtime"
else
    printf "%s\n" "Invalid zone: $zoneinfo/$zone"
    exit 1
fi
printf "%s\n" "$zone" > "$timezone"
printf "%s\n" "TZ=$zone;export TZ" > "$profile"/timezone.sh
chmod +x "$profile"/timezone.sh
#-

chmod +x timezone.sh

sudo ./timezone.sh


--
It's not easy to be me

Re: ntpsec as server questions

[Pocket]

On 12/4/23 07:17, Greg Wooledge wrote:

On Mon, Dec 04, 2023 at 05:55:25AM -0500, Pocket wrote:

On 12/4/23 03:58, gene heskett wrote:

I have this printer getting its time info from this machine's ntpsec but
the chrony in the printer is ignoring /etc/timezone, stuck in PST or 4
hours behind me when comparing the output of "date".

What does /etc/localtime say?

For example on my raspberrypi 4

ls -hal /etc/localtime
lrwxrwxrwx 1 root root 27 Nov  1 18:21 /etc/localtime ->
/usr/share/zoneinfo/EST5EDT

cat /etc/timezone
America/New_York

According to <https://wiki.debian.org/TimeZoneChanges> the correct
way to set the time zone in Debian is to run "dpkg-reconfigure tzdata"
which will update both /etc/timezone *and* /etc/localtime.  Of course,
since Gene's printer isn't running Debian, we can't accurately tell
him what commands to run.

But at the bare minimum, Gene should check:

 ls -ld /etc/*time*

If it turns out his printer has an /etc/localtime symlink pointing
to the wrong time zone, then re-pointing it should help.


Which is why I posted the above.

Libc uses /etc/localtime so the printer is likely to use that

By doing ls -hal /etc/localtime will point that out

My research has shown that /etc/timezone is a debianism and was slated to be 
depreciated.


dpkg-reconfigure tzdata will not allow me to set the time zone to EST5EDT

--
It's not easy to be me