Re: How to can make a partition in my hard disk ?
> As you have only 8GB RAM (which, I believe, is not enough RAM, nowadays, FWIW, Apple seems to think it's still perfectly sufficient since their laptops, iMac, and Mac mini all come with 8GB by default (and many can't go further up than 16GB). Stefan "who finds his T60 and its 3GB of RAM still quite usable"
Re: I have achieved PARTIAL SUCCESS in installing Godaddy SSL Certificate in UniFi Cloud Key Gen 2 Plus
> I always contact the manufacturer of the screws used in the products > I buy rather than the company who assembled the product using > said screws. Indeed, Ubiquity uses Debian as part of their devices a bit like other companies use screws. Except AFAIK they don't use Debian as-is, so getting good help directly from Debian is yet a bit harder. Stefan
Re: memtest86+ v6.0 Released
piorunz [2022-10-25 20:08:48] wrote: > Memtest86+ v6.0 has been released for this open-source system memory Alleluia! Stefan
Re: Request for Debian Subsystem for Windows like
> latest ones. Therefore, I wanted to know why isn't Debian putting efforts > to build something like Windows Subsystem for Linux or Windows Subsystem I think the usual answer is to run Windows in KVM for that. It's a well understood a technically well defined solution to the problem. I understand it may not provide you with quite the behavior you're looking for, but in that case I suggest you ask for that behavior to be added/supported rather than to try and develop a completely different solution (which will inevitably come with different shortcomings, especially since Microsoft is unlikely to be very cooperative, contrary to the support that Microsoft gets from GNU/linux distributions in WSL). Stefan
Re: How to can make a partition in my hard disk ?
>> I have been careful not to buy SMR drives, but AIUI they are cost >> effective for large sequential write workloads -- e.g. music/ photo/ >> video/ ISO files, backup/ archive tarballs, images/ clones, etc.. AFAIK SMR drives are just as good as PMR drives when it comes to reading, so it should work fine for a read-only OS partition. I wouldn't recommend it for a swap partition, OTOH :-) Stefan
Re: support for ancient peripherals
Kleene, Steven (kleenesj) [2022-11-05 23:21:38] wrote: > My concern is about support for three ancient peripherals that I like better > than the modern equivalents: > 1. A Northgate Omnikey 101 keyboard (from 2006) with a 5-pin DIN cable, > currently going via an adapter to a PS/2 port in the desktop; AFAIK any old PS2 to USB adapter should do the trick. They used to work very reliably, so I can't think of any reason why they wouldn't work any more. > 2. A Logitech M-MD15L three-button roller-ball serial mouse (from 2006); and You can find serial to USB adapters, but it will require some manual configuration, tho I suspect you already had to do that in Buster, so it should keep working pretty much the same (except the serial device will have a different name in `/dev/). > 3. An HP LaserJet 5MP printer from 1995 with a parallel-port connector. No idea about this one. I know there are USB<->centronics adapters out there, but I have no idea how well they will work with something like a CUPS driver. Stefan
Re: support for ancient peripherals
> Here's a more remedial question. I haven't bought a desktop in 16 years. To > have a custom desktop built with some of the options I've seen recommended > here, where would you go? Would you patronize a local shop, or is there an > online store that is good at discussing and implementing customizations? I > am not an expert when it comes to hardware. The options recommended here basically boil down to either a PCIe card (which you can likely fit into any desktop save for the tiny ones (like my Librem mini)), or USB<->foo adapters which should work with any desktop/laptop (in the worst case it may require extra USB-C <-> USB-A adapters or a USB hub). IOW, I don't see anything requiring a "custom desktop". This said, I personally would not buy a whole pre-made machine since these will typically come with the dreaded Windows thingy on it. I'm personally in favor of supporting your local shop (I'm always very happy that those still exist when I need an emergency replacement of something, but if I only buy from them in case of emergencies, they won't survive). But in my experience those can't afford to provide good support for oddballs who run GNU/Linux and count their hardware's lifetime in decades: it takes extra time and provides unusually low profits :-( I usually first check online to get an idea of "what's out there", then go to the local store to see what they have to offer, then go back online to better evaluate what it is they have offered me (e.g. check for availability of drivers in the kernel), then go back again to the store to buy the parts. For parts that I replace every 10 years or more, it's worth the trouble. Stefan
Re: deduplicating file systems: VDO with Debian?
> I had to look up the word deduplicate (I was going to say, "That isn't even a > word!"), which reveals my extensive knowledge of the matter. It was originally called to "duplicate duplicate", but then self-application came in and the rest is history. Stefan
Re: definiing deduplication
>> Or are you referring to the data being altered while a backup is in >> progress? > Yes. Data of different files or at different places in the same file > may have relations which may become inconsistent during change operations > until the overall change is complete. Arguably this can be considered as a bug in the application (because a failure in the middle could thus result in an inconsistent state). > If you are unlucky you can even catch a plain text file that is only half > stored. Indeed, many such files are written an a non-atomic way. > The risk for this is not 0 with filesystem snapshots, but it grows further > if there is a time interval during which changes may or may not be copied > into the backup, depending on filesystem internals and bad luck. With snapshots, such problems can be considered application bugs, but if you don't use snapshots, then your backup will not see "the state at time T" but instead will see the state of different files at different times, and in the case you can very easily see an inconsistent state even without any bug in an application: the bug is in the backup process itself. If some part of your filesystem is frequently/constantly being modified, then such inconsistent backups can be very common. Stefan
Re: definiing deduplication
>> Arguably this can be considered as a bug in the application (because >> a failure in the middle could thus result in an inconsistent state). > A backup programmer or operator does not necessarily have influence on > such applications. Indeed it remains a real problem, that can be solved only with bug reports and patches. >> if you don't use snapshots, [...] the bug is in the backup >> process itself. > The backuper is not to blame if the backupee filesystem cannot make > snapshots, and anyways snapshots don't completely solve the consistency > problem of backups. Presumably the "backuper" is the sysadmin, i.e. the same (group of) person who chose the filesystem, so I'd say yes the "backuper" is to blame. BTW, I can't think of any filesystem that can't do snapshots. E.g. I use snapshots with ext4: just ask your block layer to do the snapshot rather than your filesystem (in my case I use LVM snapshots). > Having multiple backups of the same backupee reduces the risk to have > no consistent copy when the backup needs to be restored. Agreed. Stefan
Re: ZFS performance
Michael Stone [2022-11-11 14:59:46] wrote: > On Fri, Nov 11, 2022 at 02:05:33PM -0500, Dan Ritter wrote: >>300TB/year. That's a little bizarre: it's 9.51 MB/s. Modern >>high end spinners also claim 200MB/s or more when feeding them >>continuous writes. Apparently WD thinks that can't be sustained >>more than 5% of the time. > Which makes sense for most workloads. Very rarely do people write > continuously to disks *and never keep the data there to read it > later*. And on top of it, only write sequentially (since any head movement brings that bandwidth down very quickly). Stefan
Re: definiing deduplication
> It took me a while to find out how the block layer can ensure that a > snapshot is consistent on the filesystem level. The answer is Linux VFS > method super_operations.freeze_fs(). > https://www.kernel.org/doc/html/latest/filesystems/vfs.html > Without it a snapshot on block level would be similar to a filesystem > which was not properly unmounted before power-off. But as I mentioned, higher-layers (the filesystem layer, and the applications running on top of that) *should* try and make sure that a hard failure (kernel crash, power failure, ... these and up taking a snapshot of your block device) can never result in an inconsistent state. That's the core of the ext3 improvement over ext2, for example. > So there might still filesystems in the Linux kernel which do not support > LVM snapshots in a safe way. Of course, just like there are still many applications which write files non-atomically. Stefan
Re: MTBF interpretations (Re: ZFS performance)
>> > Claimed MTBF: 1 million hours. Believe it or not, this is par >> > for the course for high-end disks. >> > >> > 24 hours a day, 365 days a year: 8760 hours per year. >> > 100/8760 = 114 years. >> > >> > So, no: MTBF numbers must be presumed to be malicious lies. >> >> With your interpretation every single drive would not be allowed to fail >> before its MTBF value. That's wrong. MTBF is a mean value for all drives >> of this type, not a guaranteed minimum value for a single drive. > > No, my interpretation is that the average (mean) lifetime > between failures should be the listed value. At 114 years, half > of the population of drives should still be working. Sadly, that's a misinterpretation. What you describe would be called something like life expectancy. The main problem with MTBF is that it's very often misunderstood. The other problem is that life expectancy is almost never provided as a data point, contrary to MTBF, whereas for the vast majority of buyers (who only buy a single item) life expectancy would be the more meaningful measure. Stefan
Re: /boot size and kernel updates
Hi Mike, > I've had the problem with /boot being too small on 2 systems. I tried > reinstalling one of them so that I could get a larger /boot. And the > installer did make /boot larger, but not as much as I wanted. IIRC, it > went from 250M to 500M, whereas I wanted to give it at least 1 GB. I > tried adjusting the sizes with the installer's partition manager, but I > got stuck. Unfortunately, I don't have adequate notes about how I got > stuck. I'm suspecting it had something to do with the fact that I had > asked for a LUKS-encrypted disk. I use `MODULES=dep` and my kernel+initrd uses less than 20MB still so my 250MB /boot partition is currently 21% full with 2 kernels installed. This said, my newer installs just don't bother with a separate /boot partition. Stefan PS: FWIW, my first HDD had a capacity of 50MB. I didn't consider it "large" but it was quite sufficient for the system I used back then (MiNT). The 500MB disk in the Alpha workstations in my university's lab seemed quite large (all the home directories were on an NFS server, so most of the 500MB lay unused since the OS itself used a lot less than that, even that included a full X11 environment, Emacs, etc...). I suspect your experience is not very different, right?
Re: /boot size and kernel updates
> I used the MODULES=dep setting and got a reduction from 70mb to 20mb > for each initramfs. Wow, that's still about twice as large as what I get on my amd64/armhf/686 systems (I typically get about 40MB for MODULES=most and 10-12MB for MODULES=dep). The compression algorithm in use makes some difference, but definitely not a factor 2 unless maybe you're not using any compression at all? Stefan
Re: Backing up whole Debian installation from laptop to laptop via ssh?
> For some unknown reason, network configuration (wireless networks > etc.) in NetworkManager includes the MAC address of the local NIC > too, so you may need to fix those up after transfer. This sucks, indeed. I can't understand why they do that (maybe as an option, I could see occasional uses, but as default?). Stefan
Re: just saying
> I personally would expect every serious compiler in the world to have > been corrupted by one government or another. FWIW, there are ways to circumvent/mitigate Ken's trusting-trust problem, e.g. https://dwheeler.com/trusting-trust/ who haven't found GCC to be victim of a trusting trust attack. I suspect it's easier to get trojans in the BIOS of every PC out there. Stefan
Re: Logout at apt upgrade
>> The one application I do avoid upgrading while it's running is >> Firefox, but that's mainly because it occasionally gives a new >> startup screen after an upgrade, and I want to read what it says. > > I take the risk and watch the thing going down in flames. I > admit that it gives me a strange feeling of satisfaction (I > might be a bit perverse, dunno). Last time this happened to me, Firefox insisted on restarting in the middle of a sequence of questions where I had already spent a fair bit of time filling things, so I was *really* annoyed but against all odds Firefox managed to restore the *full* state, including the content of the not-yet-submitted text boxes. Stefan
Re: sleep on a low-usage NAS ?
> I need advice on what else I can do to keep the device with disks unspun for > most of the day, yet still be available almost immediately when other > clients on the LAN need some NAS services. IIUC your disk spins down mostly as you want it, but it needlessly spins up every once in a while and you'd like to avoid that? If so, the way I do it usually is via /proc/sys/vm/block_dump. If you set it to 1, then every disk access will be logged via syslog, so you get to see why the disk spins up. Of course, you'll want to make sure syslog doesn't go to disk first :-) [ I used to use `busybox-syslogd` for that but AFAIK systemd's journal can also be configured to stay in RAM. ] Stefan
Re: use of awk instead of complex multielement commands (was Re: 'grep -o -m' (was Re: Can't mount CD image of Win95 game))
> Not that that is always important. But I just commented today > because so often 'awk' is ignored as if its only capability is 'print $1' > when in fact it is actually very powerful but neglected. FWIW, `sed` can also do that job. Tho the subtraction part would take a lot more work (`sed` doesn't know how to subtract, so you'd have to write a chunk of `sed` code which implements subtraction by hand. A fun exercise for the masochists out there who like to write code for Turing machines). Stefan
Re: stopping mass surveillance
> Releasing anything of requested documents is not desired yet. The idea is > not patented yet and will make the developers a high value target for a lot > of agencies worldwide. Reminds me a bit of the trisectors (http://web.mst.edu/~lmhall/WhatToDoWhenTrisectorComes.pdf) I really hope those developers are really that smart. But in any case, this is offtopic here, please pose this elsewhere. Stefan
Re: latest testing update broke my laptop
> I can recommend the laptop as a reasonable candidate for Linux. Apart from > the need for proprietary drivers, which is something I blame nVidia for, it > seems to work perfectly. IME, getting the nVidia driver to work is easy, but keeping the nVidia driver working over time across upgrades is a real PITA, and to the extent that most other machines should also be fully supported, I read what you wrote as "better choose something else" :-) Stefan
Re: latest testing update broke my laptop
>>> I can recommend the laptop as a reasonable candidate for Linux. Apart from >>> the need for proprietary drivers, which is something I blame nVidia for, it >>> seems to work perfectly. >> IME, getting the nVidia driver to work is easy, but keeping the nVidia >> driver working over time across upgrades is a real PITA, and to the >> extent that most other machines should also be fully supported, I read >> what you wrote as "better choose something else" :-) > I have been using nVIDIA Optimus based systems for several years, with > Ubuntu Linux and now with Linux Mint, without any problems, since, when This is a Debian mailing list, tho. So your experience with other distributions is not directly relevant. > only Ubuntu (12.04) had the drivers for NVIDIA Optimus, [...] > The problem is NOT with nVIDIA. AFAIK it is, because they insist on doing things their way (and keeping their code proprietary), thus imposing more work on the rest of the infrastructure, which causes things like "only Ubuntu (12.04) had the drivers for NVIDIA Optimus" because only Ubuntu had the motivation&manpower to handle it quickly enough. > And, I am now running different computers, with different nVIDIA > configurations - some with Optimus, some without Optimus, with no problems > relating to nVIDIA. What would it take for a problem to be attributed to nVidia? Stefan
Re: latest testing update broke my laptop
>>> I can recommend the laptop as a reasonable candidate for Linux. Apart from >>> the need for proprietary drivers, which is something I blame nVidia for, it >>> seems to work perfectly. >> IME, getting the nVidia driver to work is easy, but keeping the nVidia >> driver working over time across upgrades is a real PITA... > In what sense? What problems have you had? Incompatibilities with the different packages. > These days, nvidia-kernel has been updated in Debian Stable so I could I use Debian Testing (and occasionally move/clone my system disks between machines), so that might be a good part of the difference of experience. As I said, the initial setup usually works fine (as long as the hardware is not too new to be supported), so if you mostly reinstall from scratch when an upgrade comes along you'd likely be fine. Stefan
Re: Maximum time for offline updates?
> I am using testing with KDE (but I suppose the desktop environnent does not > matter). I had a LOT of updates to apply today, so I used KDE Discover > (Gnome Software equivalent for KDE) to apply those in offline mode, ie > updates are dowloaded and then computer reboots in a special mode just to > update packages, and reboot normally when finished. Why? > Also, do you think I should report this issue? Yes. > Against which package? The package you used to do this "offline update" (hadn't heard of such a thing until now for Debian). I find the idea of offline update rather odd: not only it's inconvenient since the machine is unusable during this time, but on top of it, in case of trouble, it can make it harder to fix the problem because you may not be able to boot into a conveniently-usable system. Stefan
Re: Maximum time for offline updates?
>>> I find the idea of offline update rather odd: not only it's inconvenient >>> since the machine is unusable during this time, but on top of it, in >>> case of trouble, it can make it harder to fix the problem because you >>> may not be able to boot into a conveniently-usable system. >> That was my feeling, too. Only very involved scenarios came to mind, >> like "you have connectivity now, but are running on battery, and later >> you'll have AC power but no connectivity" or something. That scenario is already (arguably better) served by the distinction between downloading the update(s) and installing them, which APT supports already. No need to reboot into a special mode to perform the install. > Offline update has disadvantages, but it makes sure that every programs are > restarted, thus avoiding strange issues or crashes due to conflicts in > libraries versions ([1] is a KDE article that very briefly explaining > this). In an another article I could not find anymore, someone from KDE > explains that they receive many bug reports where issues comes from system > update without reboot (I would also be interested to know what is "many" > here). Rebooting after the updates is different from the offline update you describe. > Indeed, in a perfect setup, system should make a snapshot before updates are > applied (see 6. in systemd.offline-updates manpage, note that I have not > heard it is done yet by any distribution by default), and revert the changes > if the update fails. [ Agreed. Ideally the updates should be performed in a "clone" of the current system, and only after it's done and sanity-checked should we switch to the new system. We've known how to do that for many years (thanks to IBM's main frames, for example). ] > Anyway, being able to fix a system that has been broken by *online* > updates is only relevant if the user has technical skills to do so. But that is no different than for offline updates, is it? > Windows, targeting both technical and non technical users, does exactly > this. I did not use an Apple system for years, but I think it was quite > similar for system updates. Please don't byte me ;-) Indeed. But they have different trade-offs. They want to have as much control as possible over the process so as to get as close as possible to the "just works!" black box. Basically they want their system partition to be a binary blob that the end users can't even look at, so updates merely require replacing one known binary blob with another, and to minimize external factors they kick the users out before performing the updates since for them users are fundamentally an annoyance (a source of unpredictability). And if something goes wrong along the way, their answer is "reinstall". Debian's updates are hence quite different due to the basic philosophical premise that user are here to help and that there isn't just one "Debian version 10.1" but instead every Debian system is different from the others. So the upgrade scripts have to be a lot more careful to handle a much wilder variety of situations, and they go through extra efforts to interact correctly with a fully running system. Indeed, for major upgrades, rebooting *some time* after the upgrade is often a good idea, but that's different from the offline update you describe. Stefan "sorry for having hijacked your thread"
Re: Wear levelling on micro-sd cards
> To test, say with a 16 GB SD, fill the SD to all except the last 1 KB, > and with a looping script, write 1KB of 1's to the remainder of the > SD, erase the "bits," then 1KB of 0's, erase the "bits", and so on; I'm surprised. I would have expected uSD cards, just like SSDs to rely mostly on a (small) amount of extra storage, i.e. the actual amount of NAND storage is higher than that reported as being available. This way the uSD card knows for sure which blocks are in use and which ones aren't (without having to rely on things like TRIM). Stefan
Re: What layout should I use to emulate a German keyboard but also be able to type other European characters?
> I do program. `-SPACE, ~-SPACE and so on are deep in my muscle > memory. Interesting. Wouldn't `` and ~~ be easier to type? Stefan
Re: latest testing update broke my laptop
Anssi Saari [2022-12-23 10:37:55] wrote: > Stefan Monnier writes: >> I use Debian Testing > Different story then. Breakage is expected in Testing. I haven't experienced particular breakage/problems around drivers for AMD/Intel graphics cards, whereas that's been rather frequent for nVidia. So, yes "breakage is expected in Testing" *if* you use nVidia hardware :-) >> so if you mostly reinstall from scratch when an upgrade comes along >> you'd likely be fine. > I've reinstalled Debian only once when it was time to switch to 64-bit > sometime in the decade before last. Nice. Same story on my side, except with "testing", by and large. Stefan
Re: Debian release criteria.
>> From: "Andrew M.A. Cater" >> Date: Wed, 4 Jan 2023 16:32:37 + >> > All software is buggy: it is a matter of luck whether bugs hit you. >> =8~/ A hacker might be satisfied with luck. An engineer should not >> be. If I claim to be a package maintainer, I test as broadly as >> feasible. A 32 bit machine is easily found. > Sorry, I respectfully disagree. A 32 bit AMD/Intel machine has barely > been manufactured for >10 years now. If you happen to have a pure 32 > bit machine sitting around, you're probably living on borrowed time. Indeed. I'm still happily using Debian on my trusty Thinkpad X30, which is my last 32bit-only i386 machine. But regarding the larger meaning of "32bit", such machines are still manufactured (in the armhf family, for example). > If you mean running 32 bit on a 64 bit capable machine - why is that > better than running 64 bit code anyway? I upgraded my Thinkpad T60 with a Core 2 Duo (i.e. 64bit capable), but with 3GB of RAM, I prefer to stay with a 32bit userland. It's definitely older than 10 years, admittedly. > Debian is possibly the last major Linux distribution to support 32 bit > on x86 - the others have all given up now. Yes, I'm preparing psychologically for the time when my X30 will not be able to run Debian testing any more. This said, it'll turn 20 this summer, which I think is quite remarkable: I never imagined back then that the end of Dennard's scaling would keep this machine (marginally) usable for 20 years. Stefan
Re: Debian release criteria.
>> What, you expect someone to obtain an i386 machine just to replicate >> that it's slow? And make it crash in some unspecified manner? > Definitely not for the problems with Firefox. BTW, regarding the problem with Firefox, a cause of crashes of Firefox for me is running out of memory. So there may be very little Debian can do about that other than hope that Firefox gets a bit more memory-efficient, which often depends more on web sites than on Firefox itself (after all, nowadays web browsers are just VMs running Javascript applications downloaded from hundreds of servers around the world). Stefan
Re: Debian release criteria.
> That said, my way to cope with it: my main browsing profile > is one where I have excised javascript capabilities by "tuning" > (read: fat-fingering) about:config. Some pages won't work, but > for those I get to think twice whether I'm interested or not. > Most of the time I am not. I use uMatrix, which I find strikes a fairly good balance between keeping sites working and letting me control how much crap is loaded. Stefan
Re: PowerBook G4 OS
> No, there is no release for this architecture. The architecture's state is > "unofficial" and the only branch is unstable/sid. This branch may or may not > work. If you want to use Debian unstable/sid just replace "jessie" with > "sid" in /etc/apt/sources.list and do: While Sven is right to point out that upgrading directly from Debian 8 to Sid is rather risky, and while it's important to clarify that Sid can indeed be broken, I believe this ends up sounding much more discouraging than it should: since there is still a `powerpc` ports being updated, you should expect that it *does* work. I think in your place, I would start by trying to boot your current installation with Sid's kernel. If that works, then I'd make a fresh install using `debootstrap` into a new partition (you can then try out the new install using `chroot` as well as using dual-boot). Or maybe I'd start by cloning your current root partition, and then try my luck at a plain `apt full-upgrade`: in case of problem you can simply boot back into your original root partition. Stefan
Re: fstrim(8) Recommendation
> I would appreciate suggestions for the most reliable way to do > fstrim(8). Reliability is more important than speed, and the machine > will require a swap partition. I think the answer depends on why you (think you) need fstrim. AFAIK in most cases the answer is: just don't bother. Stefan
Re: dell latitude 3510 - bios settings to boot debian netinst
> In SecureBoot, the only thing that is attested are the disk images. > There's no guarantees about the program once it is in-memory and > executing. What's being executed in-memory is the important thing. Indeed, it's important to remember tht SecureBoot's name comes from the fact that it's designed to securely boot (Microsoft) competitors off the market. Stefan
Re: dell latitude 3510 - bios settings to boot debian netinst
> There is no such thing as an Intel Core* CPU that is 32bit.
Actually, the first "Core" branded CPUs ("Core Solo" and "Core Duo")
were still 32bit, back in 2006 (that was the time-window during which
AMD had already switched to 64bit CPUs and Intel still hoped it could
move people over to IA64 instead).
The Core 2 line that followed soon after (around 2006-2007) introduced
the amd64 architecture to the "Core" brand.
Stefan
Re: laptop frozen when opening apps, debian testing with gnome
> completely frozen, need to shut down and restart. I'd check to see "how" frozen it is: e.g. try to log into it via SSH (or better yet, keep an `ssh` or `mosh` connection to it with an `atop` or `top` running inside of it, and/or `journalctl -f` so when it freezes you can immediately see if the remote connection is also frozen and what it is/was doing). Stefan
Re: dell latitude 3510 - bios settings to boot debian netinst
> My Dell Inspiron E1505 shipped in 2007 with a 32-bit Core Duo > T2250 processor. In 2016, I STFW and saw that certain 64-bit Core 2 Duo > processors sometimes worked in this laptop (depending upon motherboard > hardware revision?). I bought and installed a T7400, and it works! Same here: I upgraded to Core 2 Duo a mac mini and a Thinkpad T60, both of which came with a Core Duo. There's a noticeable performance increase and a slight improvement in power consumption as well. I recently decommissioned the mac mini, but I still use my T60 as backup laptop for when my T61 breaks down (such as right now, since one of the hinges died again). The 3GB limit on the RAM is becoming problematic, tho. Stefan
Re: switch from IDE to AHCI causes not finding root FS
Felix Miata [2023-01-28 03:15:11] wrote: > Anyone here know how I can determine what to add? Assuming I can't get help like you did from a forum, I'd do: - switch back to IDE - set MODULES=most - regenerate the initrd - switch back to AHCI - set MODULES=dep - regenerate the initrd This is a kind of general recipe for what to do when "it doesn't boot any more with my old initrd that was generated with MODULES=dep". Stefan
Re: OT: Charities (a rant)
> I use Amazon Smile with SPI so my shopping benefits open source. Of course, it benefits Amazon first and foremost :-) Stefan
Re: initrd sizes mushroomed several months ago
> I'm guessing his machine has no microcode installed, since that's what > my first archive contains. Whether that's because his machine is so > old that it doesn't *need* any, or because he just lives dangerously, > I cannot say. :-) None of my ARM machines have a microcode update in their initrd. Are they really "so old" or am I living dangerously (or both)? Stefan
Re: OT: repair/replace cell in Li-ion battery?
> Does anybody knows trusted manufacturers / brands I could find on the > Internet? I am really disappointed by this battery (brand "vhbw") partially > broken after only two years… I can't vouch for any specific company, sadly. I think it's largely a crapshoot (except when you can still get an official battery from the original manufacturer, but that's becoming rare). Stefan
Re: How to use bridge-utils to enable connection sharing?
> In order to achieve that, i installed on the host (debian, buster for > the time being) > > apt install bridge-utils > > and looked up the interfaces in question (enp0s3 and enp0s8) > > brctl addbr br0 > brctl addif br0 enp0s3 enp0s8 > > but, even after rebooting, the bridge does not work The above brctl just tell the OS to create a "virtual switch" composed of the two ethernet interfaces `enp0s3` and `enp0s8`. > 2: enp0s3: mtu 1500 qdisc noop master br0 state > DOWN group default qlen 1000 > link/ether 08:00:27:e1:93:46 brd ff:ff:ff:ff:ff:ff > 3: enp0s8: mtu 1500 qdisc noop master br0 state > DOWN group default qlen 1000 > link/ether 08:00:27:7e:c0:bb brd ff:ff:ff:ff:ff:ff > 4: br0: mtu 1500 qdisc noop state DOWN group > default qlen 1000 > link/ether 08:00:27:7e:c0:bb brd ff:ff:ff:ff:ff:ff This shows that you have not configured any IP address on `br0`, and have not brought the interfaces up either. ifconfig enp0s3 up ifconfig enp0s8 up ifconfig br0 up should be enough for the bridge to work in the sense that your "backup" server should now be able to talk to the "router" (via the "host") as if it were connected directly to the router. E.g. it should be able to get an IP address via DHCP. You'll also want to configure your `br0` interface so it gets an IP address (so your "host" can also connect to the Internet). Assuming your "router" runs a DHCP daemon, you get that IP address via DHCP. Stefan
Re: SOLVED Re: Cannot rum multiple command on remote machine via SSH
>> $ cat opt/bin/hibernate.sh >> mate-screensaver-command -l # Activates screensaver and locks >> the screen >> sudo systemctl hybrid-sleep # Hibernate and suspend the system. This >> will trigger activation of >> the special target unit >> hybrid-sleep.target. [...] > So it's not clear which command is causing the ssh client to hang. Maybe it's simply that `hybrid-sleep` is fast enough to stop the network before the SSH command completes? Stefan
Re: Web page management.
> Just going to https://www.canada.ca/en/revenue-agency.html > > shows me this: > > canada.ca > www.canada.ca > adobedtm.com > ajax.googleapis.com > akamaiedge.net > botframework.com > demdex.net > duckduckgo.com > go-mpulse.net > gstatic.com > omtrdc.net > v0cdn.net Looking for these sites in the actual HTML text of the page suggests many of them are only requested indirectly. Accessing this page while using uMatrix tells me it requested (besides stuff from canada.ca): CSS from fonts.gstatic.com and scripts from adobedtm.com, botframework.com, ajax.googleapis.com, and go-mpulse.net. Funnily, the HTML code also includes references to facebook, instagram, linkedin, and youtube, but nothing is directly requested from these sites. Stefan
Re: Web page management.
> The HTML file will contain references to each of the URLs, > directing the browser to go fetch things from them and execute > or display them as appropriate. FWIW, that HTML page does not include "gstatic" in its source text (but apparently some other pages fetched from `canada.ca` do). OTOH, it contains a weird: what's this "//"? Do web browsers automatically add a "http(s):" in front nowadays, or does it end up referring to a copy on the CRA's server. Stefan
Re: ipv6 maybe has arrived.
> has worked very well since redhat 5.0 in 1998. The only thing I do is > a chattr +i on resolv.conf so network mangler can't putz with it. And That kind of quick&dirty hack is fairly dangerous in the long run: as they accumulate, they increase the risk that one of them will lead to a completely unexpected behavior that nobody can predict/understand. Quick&dirty hacks are very handy, and I use them on a regular basis, but if experience has taught me anything its that they have to be short term and hence accompanied with a parallel effort to try&fix the origin of the problem. Stefan
Re: New Dell Inspiron 15 3000 Series 3511 sound problem on Debian 11 Stable
> And of course recommendations for a current laptop (preferably > reasonably priced) that actual experience shows does work well with > Debian would be welcome. If your main concerns are a good price and well supported by Debian, then you're spelling "refurbished, or second hand". The planet will also thank you for it. Stefan "writing this on my 2015 desktop because my 2007 laptop is in the backpack"
Re: ipv6 maybe has arrived.
> Network printers from 2016 almost certainly (always in my > experience) do ship with IPP-over-USB. For some reason USB-only > devices generally do not provide it; it's very hit-and-miss. IPP-over-USB basically requires the whole traditional networking stack, so it's no surprise that it's usually present in printers that include a network interface (very little extra cost) and not in USB-only printers. Stefan
Re: Flatpak memory usage
> I'm not a friend of flatpaks and similar concepts, either. For me, > it's not memory use, but the shifting of power from a distrubution > model to single applications. I find that makes software less "free". Indeed. These end up reproducing the black-box model "it just works". If you like that, then you presumably don't care what's inside the box. It might as well be iOS, Windows, Oracle, ... Stefan
Re: Partitioning an SSD?
> Therefore, except for the narrow case of writing into a block which has > never before been written, every write on a SSD *is* an erase+write > operation. No, that would lead to terribly poor performance (both in terms of speed and in terms of wear). >> So: you read the whole block, blank it, then re-write all the other >> sectors and your updated sector? No, definitely not, that would be >> terrible. > That is exactly what I've always been told *does* happen, Don't believe everything you hear. > That's an interesting design approach. Given that I've never seen it > mentioned before, I imagine it must be comparatively recent as SSD > controller designs go. Nope. It's more like "step 1". There are rumors that some early cheap SD cards did not perform any wear-leveling, and I'm quite willing to believe them, but I'd be very surprised if those still exist. > I'm also not sure that I'd have chosen to take the trade-off of that > added complexity for the presumed added performance and lack of need to > keep track of block size handling. It's not just that: it's also cheaper. By spreading the writes around the whole flash memory, you can extend the life-expectancy of your drives very significantly, which means you can use cheaper flash cells (e.g. which may die even before reaching than 10k erase-cycle) and still have a device that will last long enough to avoid embarrassment. Yes it costs a bit more on the controller side, but this cost is mostly *design* cost, i.e. a one-time cost which has been paid already more than a decade ago. [ The other downside is the complexity of the code running on the controller, which leads to a higher risk of encountering bugs (which manifest themselves as a dead drive or at lest a total loss of your data), which is why for a while SSDs were not really more reliable than HDDs. ] > So, if this is correct, we have both less understanding and less control > of where and how data is stored on the drives than we think we do. If you want more control, you need to use flash memory cells directly, as happens sometimes in some embedded systems (those won't appear as /dev/sd devices but /dev/mtd). And then you need to use software on your CPU to do the same wear-leveling job (e.g. with UBI or jffs2 or more modern variants of that). FWIW, I liked the UBI design and it would arguably be a good idea for SSDs to expose such an API rather than to try and pretend they're "normal block devices", but that's not the way the industry chose. Stefan
Re: CUPS - how to match autodetected printers to physical ones
to...@tuxteam.de [2023-02-16 16:53:02] wrote: > Just for kicks: have you tried sending a PS (or *gasp* PDF) file > down that alley (e.g. with socat)? > > For That One Form in the Year this might be just sufficient... > > Hint: start with a small one :) I don't think "a small one" can be small enough in case it misfires. Instead, I usually make sure there's only 1 sheet of paper in the tray when I send the test (usually a sheet that I already used :-) Stefan
Re: snapd vs apt
> When both snapd and apt sources are available, which one should I choose > for package installation? Though I found the package versions in snapd are > a bit newer than apt. Snap and friends are technologies which make it easy to package an application without having to pay attention to how it interacts with other things installed on the system (since it's confined in a kind of lightweight virtual machine). So if the Snap version of the package is older than the APT version, it's a pretty strong sign that something's amiss with the Snap package. If you want your application to be nicely integrated into the rest of the system, the APT version is probably the better choice. Same thing if you care about the difference between `main` and `non-free` since it's much easier to make a Snap package which includes not-really-Free libraries. Same thing if you want your application to be automatically kept up-to-date w.r.t. security issues. Where Snap and friends shine is when the application is too hard to package up sanely for Debian, in which case either it's not included in Debian at all, or only in a very old version and it's on the verge of being dropped from Debian because upstream is making it too hard. Typically, these are services/applications written in things like node.js or Go, where it's common practice to use "vendoring" and to have dependencies that require "the one and only compatible version" of libraries. Often just tracking down all the dependencies and their respective licenses is tiresome (and has to be redone on a regular basis). :-( Compared to things like PPAs, Snaps tend to be less likely to mess up your OS. Stefan
Re: snapd vs apt
> There are some hints at this in the GNU GPL (e.g. the sources have > to be made available in their "preferred form"), but it goes much > further, I think. As a long time Emacs hacker I can only agree. satisfying the legal part of the definition of "Free Software" is just the first step. If you care about "Free as in Free speech" you also want to go through extra trouble to help your users becomes hackers/developers. Rather than focus on providing a slick&seamless experience you want to focus on exposing your users to the program's source code. It comes with its own downsides, of course. E.g. Emacs has not been internationalized yet, and it's not completely clear that it should: to internationalize it well, we'd need for example to replace `M-x` with something that uses translated command names rather than using the names used in the source code. That would be helpful for non-English users, obviously, but that would also make it harder for them to know what to write in their `.emacs` and to understand Emacs' source code. Stefan
Re: snapd vs apt
> The virtual environment model is a containerization: we're going > to separate the versions of language and libraries that we use from > everything else on the system so that we don't have to worry > about cross-interference. That allows multiple projects to work > on the same system. That also prevents combining two projects (because they all too often depend on different versions of the same libraries). So, as mentioned elsewhere in the thread it ends up going down the path where the developers only care about *their* own use of the code. Users are presumed to be "pure users" who may have legal access to the code but aren't really expected to do anything with the code. > Those were the pro arguments. The con arguments are that every > project needs to have all dependencies tracked, and if necessary > rebuilt when a security, performance or correctness problem is > solved -- independently. Organizations need to understand that > these things have costs. Then they can make decisions. Sadly, those who make the decisions can all too often arrange so that someone else gets to pay the costs. Stefan
Re: Remove route '169.254.0.0/16 dev ovs-system'
>> Having installed package openvswitch-switch and doing `ip route` I do get >> 169.254.0.0/16 dev ovs-system scope link src 169.254.201.7 metric 1004 >> >> What can be done to prevent that "zeroconf" >> configures interface `ovs-system`? > > Please have a look at https://wiki.debian.org/Avahi. > According to the section "Disabling avahi-daemon" the following > commands should work: > > For permenant disablement (surviving a machine reboot): > systemctl mask avahi-daemon.service avahi-daemon.socket > systemctl disable avahi-daemon.service avahi-daemon.socket > systemctl stop avahi-daemon.service avahi-daemon.socket But Avahi provides more functionality (e.g. mdns) than merely configuring network interfaces, so disabling it altogether may be undesired. So hopefully there's a way to keep Avahi and still avoid that interface being configured in such a dummy way. [ I thought Avahi only did such configuration as a "last recourse", so there's a chance that you're only seeing the effect of another problem which prevents the interface from being configured properly and there's just no need to worry about preventing this dummy config: just find and fix the other problem, and then Avahi won't kick in. ] Stefan
Re: Looking for an advanced offline touch typing tutor
> why does the space bar span 6 keys? Because you chose a keyboard whose designers liked the number 6 for the space bar. The one I currently use only spans 5 keys, I'm sure others are shorter and yet others may be longer. Stefan
Re: dmesg ... XFS (sdb1): log I/O error ...
> [22565.451321] usb-storage 1-1:1.0: USB Mass Storage device detected > [22565.451467] scsi host3: usb-storage 1-1:1.0 > [22566.457236] scsi 3:0:0:0: Direct-Access ST16000N M001G-2KK103 >PQ: 0 ANSI: 5 > [22566.457527] sd 3:0:0:0: Attached scsi generic sg2 type 0 IIUC you plug your disk via USB and it uses the standard "USB Mass Storage" (UMS) protocol. > [22566.457823] sd 3:0:0:0: [sdb] Very big device. Trying to use READ > CAPACITY(16). > [22566.457997] sd 3:0:0:0: [sdb] 31251759104 512-byte logical blocks: > (16.0 TB/14.6 TiB) > [22566.458365] sd 3:0:0:0: [sdb] Write Protect is off > [22566.458369] sd 3:0:0:0: [sdb] Mode Sense: 28 00 00 00 > [22566.458640] sd 3:0:0:0: [sdb] No Caching mode page found > [22566.458644] sd 3:0:0:0: [sdb] Assuming drive cache: write through > [22566.538074] sdb: sdb1 sdb2 > [22566.583373] sd 3:0:0:0: [sdb] Attached SCSI disk > [22575.515358] XFS (sdb1): Mounting V5 Filesystem > [22575.742880] XFS (sdb1): Starting recovery (logdev: internal) > [22575.919197] XFS (sdb1): Ending recovery (logdev: internal) > [22575.932002] xfs filesystem being mounted at > /media/user/77d8da74-a690-481a-86d5-9beab5a8e842 supports timestamps > until 2038 (0x7fff) OK, now it read the disk just fine and mounted it. > [22582.368977] usb 1-1: USB disconnect, device number 21 After just 7s it disconnected? Sounds like you have a connection problem. Poor cabling? Or maybe the disk consumes more power than its power adapter can provide? (seems unlikely since it's a 16TB drive, so presumably spinning and those usually reach their top consumption when spinning up, so it would have failed before mounting the filesystem, but it's still a possibility). > the drive has its own power cable and those kinds of failures have > actually happened in research rooms in libraries, which are rented by > VIPs for their own conferences ...; so, I doubt those electrical > outlets are also failing Te problem is probably not coming from the electrical outlet, but it could come from the disk's power cable or power adapter. > The laptop + external disk combination I am using right now has a > very pore transfer rate. I need at least three times that around > 100MB/sec: 100MB/s means more than 1Gb/s so you definitely can't reach that much with USB2. Make sure your USB<->SATA adapter is USB3 and that you plug the disk into a USB3 port as well. But even then you may find it difficult to reach that speed because of the overhead introduced by USB. 36.87MB/s is quite reasonable for a USB2 connection (I'd even venture to say it's pretty good). Stefan
Re: Strange application menus (File, Edit…) behaviour since last update
> AFAIK, "apt full-upgrade" is for stable to the next stable, > not for testing and unstable (one typically resolves conflicts > interactively). Interesting. I don't use `apt` but "full-upgrade" is what I've been using with testing for the last 20 years, first with `apt-get` then with `aptitude`. Stefan
Re: Strange application menus (File, Edit…) behaviour since last update
>> > AFAIK, "apt full-upgrade" is for stable to the next stable, >> > not for testing and unstable (one typically resolves conflicts >> > interactively). >> >> Interesting. I don't use `apt` but "full-upgrade" is what I've been >> using with testing for the last 20 years, first with `apt-get` then with >> `aptitude`. > > It's just a tad riskier -- you allow apt to change versions and > potentially remove packages. If you keep a small cross section > you won't get hit often :) I always review the set of removed packages, indeed (tho when that set is large, it's easy to miss something). Note that this same problem occurs for users of `stable` when moving from one release to the next, tho, with the caveat that in this case the set is always large (arguably too large to review). Stefan
Re: PDF on debian
>> However, the cost of implementation was high; computers output raw >> PS code that would be interpreted by the printer into a raster image >> at the printer's natural resolution. This required high performance >> microprocessors and ample memory. The LaserWriter used a 12 MHz >> Motorola 68000, making it faster than any of the Macintosh computers >> to which it attached. When the laser printer engines themselves cost >> over a thousand dollars the added cost of PS was marginal. But as >> printer mechanisms fell in price, the cost of implementing PS became >> too great a fraction of overall printer cost > > As processor prices fell, this turned around. The ARM or MIPS > processor and RAM inside a $100 laser printer is a tiny fraction of the > cost, and completely capable of running PostScript. Indeed, a $5 RPi Zero is easily a hundred times more powerful than that 12MHz 68K. Moreover, nowadays printer manufacturers want your printer to be on the internet [anything that gets them closer to a subscription business model], and users also want their printers to be available over the network without having to manage a home-server, so printers necessarily come with a CPU powerful enough to run a web&print-server over wifi, which again is a lot more than that poor old 12MHz 68K. > Now, the licensing cost from Adobe for PostScript is terribly > high, but open source rode to the rescue: most printers say "PS > compatible" rather than PostScript(tm). They tend to run Linux > and GhostScript -- here's the Debian package description: Postscript has become sufficiently niche that I expect many printers don't bother to support it even though they easily could. Nowadays PDF is what matters: it's the standard format for driverless printing (along with a mix of JPEG, PWG raster, or PCLm depending on which driverless printing standard you're talking about). Admittedly, standards like IPP Everywhere require support only for the PWG raster and JPEG format, while the PDF format is relegated to "should be supported", but PDF is so pervasive and so easy&cheap to support on current hardware that it doesn't make much sense not to support it, except maybe for printers that focus on things like printing photos. [ Note: this is just a guess, I have no actual data to back it up :-) ] Stefan
Re: real debian or true debian?
> No. I meant, some people pre-installed some packages on debian and release > it, which is declared as xxx-debian. What does "it" refers to? "some packages" meaning "some Debian packages" or "some non-Debian packages"? > I am just not sure about the two words "true" and "real". which is suitable > for description of the "official" debian? If you mean "a system whose packages are all taken directly from Debian", I might describe it as "unadulterated" or "vanilla". Or maybe you're thinking of https://wiki.debian.org/DebianPureBlends, like FreedomBox? Stefan
Re: blu-ray recommendations?
> They are different in shape, price, ruggedness and safety against > inadverted overwriting. Probably also in terms of ecological footprint, BTW. Stefan
Re: blu-ray recommendations?
> "Energy"? Or "environmental externalities confounded?" I remember it talking specifically about energy. Stefan
Re: blu-ray recommendations?
> My hunch is that those chips are fairly expensive, ecologically, but > where's the tipping point? I remember reading somewhere that back around the turn of the century a laptop's RAM chips needed about the same energy to produce as the laptop's energy consumption during its lifetime. And AFAIK there are precious few studies trying to measure such things, so who knows whee things stand now. I think it's fair to assume that chips are very expensive ecologically, indeed, and optical disks are likely much cheaper in this regard. But the same amount of chips as a blu-ray drive probably gives you a multi-TB HDD, so the tipping point probably requires use of more than a hundred blu-ray disks. Stefan
Re: blu-ray recommendations?
>> > "Energy"? Or "environmental externalities confounded?" >> I remember it talking specifically about energy. > Interesting. Part of the discussion was about it being useless to recycle those material 'cause most of the damage is in the form of energy used to put those material in this particular shape. Only *reuse* (or keep using) is really beneficial. Stefan
Re: blu-ray recommendations?
>> yes indeed, unless those few blocks are part of a tar file :) > Hm. Now there would be some utility for an error-correcting encoder > as easy to use as gzip. Perusing the debian repos I do see some > libraries made for that (reed-solomon and friends). Indeed, e.g. `par2` (that's what `bup` uses to defend itself against single-block errors). Stefan
Re: Low-Cost Tablet PC suitable for Debian
> didn't find any for debian but maybe lineageos > https://lineageos.org/ LineageOS is nice, I strongly recommend it, BUT it is Android (just a nicer distribution of Android), so it doesn't fit the requirements, I think. Stefan
Re: Low-Cost Tablet PC suitable for Debian
> Must it be a tablet? The main requirement on that side seems to be resistance to dust, so it has to be fanless and ideally closed more or less hermetically, so a non-mechanical keyboard is likely preferable as well. I think mainline Linux support for some ARM SoCs has improved enough that Debian can probably be installed on some of those cheap tablets (I know I've seen mention of people doing just that with some tablets using Allwinner SoCs), but figuring out which ones work acceptably and which ones are hopelessly unsupported is far from obvious. Maybe a simpler solution is to be found at https://www.laptopmain.com/fanless-laptops/ E.g. maybe something like an Asus Transformer Book could do the trick, tho I'm not sure how well it works under Debian. Stefan
Re: Low-Cost Tablet PC suitable for Debian
> it's android without the "I'd like to call home' parts, if you choose the > bare install. AFAIK the bare install will still call home: every time you connect to a wifi network it performs an HTTP request to a Google server in order to detect whether the local connection gives you access to the internet or not (and if not, it presumes it's a captive portal and offers you to launch a browser to sign in). Stefan
Re: Low-Cost Tablet PC suitable for Debian
> I've always wondered how Android (and Windows) "know" whether you're > connected to the internet or not. I guess what you say make sense. Is > this documented somewhere? Is there a way to change the HTTP request to > some other host of your choosing? Supposedly there is, but I haven't found one that works on my system yet. Stefan
Re: Low-Cost Tablet PC suitable for Debian
>> AFAIK the bare install will still call home: every time you connect to >> a wifi network it performs an HTTP request to a Google server in order to >> detect whether the local connection gives you access to the internet or >> not (and if not, it presumes it's a captive portal and offers you to >> launch a browser to sign in). >> > I didn't install google 'services', Neither did I. The above description has nothing to do with "google services". Stefan
Re: do you find old firefox is better than new one?
> That's a notification from Firefox that you're accessing a site that > requires DRM. Since you have DRM turned off, you're going to get this > notification. You could disable ALL notifications. Or don't access > sites that require DRM. It's too easy to click it by mistake. I want to turn off not just the misfeature but also the popup. Stefan
Re: Migrate Stretch to New UEFI Build?
> more research, I've concluded I have no need for LVM, but encryption Side note: whether I need LVM or not, I just always use it. It's just a much nicer option than partitions and UUIDs. Stefan
Re: Migrate Stretch to New UEFI Build?
>> > more research, I've concluded I have no need for LVM, but encryption >> Side note: whether I need LVM or not, I just always use it. > I never could understand that type of "reasoning." With me, if there's > no NEED, it's not done. I'm very much the pragmatist. Not sure if pragmatism has much to do with it: I use LVM because it's more convenient, even if in the end what I do with it could have been done with partitions. Stefan
Re: Debian stretch crashes on Lenovo T410s *often*
> swapped it into was running the last stable rock solid for years. > > I am kind of lost. I cannot reproduce it at will. I know it is not the > xserver, I know it is not the hardware, I know it is not the memory. Usually/often/ideally a hard crash like you describe can only be caused by either a hardware failure or a kernel bug. I'd suggest you try to try kernels from oldstable and/or from testing (the kernels from `testing` will work just fine with your `stable` system, and IIRC the kernels from `oldstable` should also work fine). Stefan
Re: USB hard drives -- recommendations?
> Would anybody care to voice an opinion on USB external hard drives in the > 2 terabyte size range, for automated backup purposes? I personally use my external HDDs without enclosures. I.e. I use a USB<->SATA adapter (e.g. https://www.dx.com/p/usb-3-0-to-sata-22-pin-2-5-hard-disk-driver-adapter-cable-black-18cm-2021357) and then connect the "raw drives". The advantage is that the same adapter cable works for various sizes of drives (e.g. I have some extra-thick 2½" 2TB drives which don't fit in a normal 2½" enclosure). Some of those adapters can also be used with 3½" drives (at the cost of extra work to power the drive, and I'm not sure it's worth the trouble: I personally stopped using 3½" disks when the 2½" disks crossed the 2TB threshold). Stefan
Message exchange systems (was: What to do about spam in debian-user [was: Your Password Reset Link from CorrLinks])
> Sorry for being so clear, but I feel strongly about mail: it's the last > means of communication left where I have the choice of client software, Mostly true. It does suffer from a terrible design w.r.t encryption, tho. The other existing mediums (with a choice of clients) I'm aware of are XMPP and Matrix. XMPP has many more clients than Matrix, but has the downside that it was designed for instant messages where delivery either happens "immediately" or not at all, so it's not a great choice as a replacement for email (although IIUC they have designed various patches on top of the design to try and provide more-or-less reliable delivery even is some of the machines along the way are or go offline at an inopportune moment). I use Matrix on my phone (i.e. to exchange brief messages and pictures), but not (yet) for email-like communications (where I need a real keyboard). Stefan
Re: NetworkManager with VPN for internet, not local LAN
> What do I need to do in the NetworkManager VPN configuration, to ensure > that when I've enabled that VPN it will apply to internet addresses but > not local non-routable LAN addresses? AFAIK this happens automatically by default (because the system is normally configured with the VPN as the default gateway, so it's only used for hosts which can't be contacted directly). I suggest you show us a concrete example of problem you encountered. Maybe your issue is one of DNS rather than IP-level routing? Stefan
Re: User rw Permissions on New Hard Drive
>>nofail is intended for removable drives that could be missing on boot, >>such as Thinkpad ultrabay drives/CF or SD cards. > It is also, as he said, useful if you don't want a failure of > a non-essential disk to make the system drop to single user on boot. Yup. `nofail` corresponds to the behavior that was standard before systemd. The only partitions where I don't use `nofail` are those where I forgot to put it ;-) Stefan
Re: Laptop still extremely slow after replacing msata ssd and putting old one back
> results. I do remember that cached reads were about 1.1 GB/s for both > the old and the new SSD after the slowness started. FWIW, the "cached read" speed of hdparm doesn't have much to do with the SSD (it reads from the in-RAM cache, not from the in-"disk" cache, AFAIK). Stefan
Re: Group thoughts on: Anti-virus tools
> Starting assumption: I do want to run A/V. You have it: it's called `apt` (i.e. in the world of Debian, the response to "viruses" is to plug the hole they try to exploit, instead of leaving those holes gaping while wasting resources trying to look for known attacks). > * (Clamscan already caught 4 things) I'll bet that none of those 4 "things" exploit a hole to which you are vulnerable. Hence catching those attacks has not made you more secure: it just wasted resources. My SSHd daemon has probably rejected more attempts to log into my system while writing this email. So what? None of those attempts are real threats, anyway, just like those 4 "things" that Clamscan says it caught. Stefan
Re: Group thoughts on: Anti-virus tools
> While bearing in mind that 'free' doesn't mean 'problem-free'. > Remember how many people audited the Heartbleed code before it was > released? Indeed. But it doesn't take more time to update openssl than to update a virus scanner. Stefan
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
> Not that I'm aware of. The thing is - instead of taking an insecure OS > and building assorted kludges (in the form of anti-virus) around it, > it's considered wise here to use a secure OS from the beginning. This is misleading: all OSes are somewhat insecure, in practice. The question is what to do when a security hole is found: plug the hole right away, or try to recognize potential attacks via some anti-virus software? Of course, AV software houses can't really plug security holes in Windows (only Microsoft can), so their livelihood depends on making people believe that an AV is a good supplement. Stefan
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
> I think the premises of your syllogism might lead some to another > conclusion---that the livelihood of the AV software houses depends upon > the innate insecurity of the Windows OS. Hmm... they don't actually need that: they only need people to think that they're vulnerable (regardless if their Windows is actually secure or not, and regardless is Windows is more or less secure than other OSes). But yes, this is made easier if Windows is actually insecure. Stefan
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
> re: apt solving all? I understand it recently had a long-time vulnerability > itself... > Linux will get hit more as it gets more popular. My point is not that APT and/or Debian is bullet-proof (I live under no delusion in this respect). Just that instead of keeping your A/V up-to-date, the GNU/Linux approach to protecting oneself from attacks is to keep your OS up-to-date. Stefan PS: I guess that means I should have pointed to `unattended-upgrades` rather than to `apt` as the solution that corresponds to an anti-virus.
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
> There is a spectrum of Windows software than runs between evil malware > and legitimate programs, it isn't just black and white, and many Agreed, but I doubt A/V software will know where to draw the line. Stefan
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
> OP has a point though. The real world happens to have a huge amount of > heterogeneous networks, and asking for tools to keep those systems safe > is legitimate. I did not perceive the OP's request to be about the case where you administer lots of machines and you want to use a Debian machine as a virus-filter for all those other machines running Windows or whatnot. So I assumed he meant "I do want to run A/V" to mean that he wants to run an A/V just like all random Windows users feel the need to run some A/V software on their machine to feel safer. Stefan
Re: Only using masquerading on internet facing server
> Ip range on server a: 172.17.232.0/24 > IP range on server b: 192.168.3.0/24 That's very vague. But I'll assume that your "server b" has an address 172.17.232.NN on one network interface and 192.168.3.1 on another. > If I enable MASQUERADING on server b everything works as expected but as > soon as I disabled MASQUERADING on server b the hosts behind it don't > have internet access for example. > What do I need to do on server a to properly MASQUERADE server b? My guess is that on "server a" you have not setup routing so as to send all the 192.168.3.0/24 packets to "server b". IOW on "server a" you need to do something like route add -net 192.168.3.0/24 gw 172.17.232.NN -- Stefan
Re: Only using masquerading on internet facing server
> Does it help understanding what I'm trying to do? It just confirms what I guessed. Did you try my suggestion? Stefan
Re: Format an MS-DOS floppy on /dev/sdc
> I got myself a USB 3.5" disk drive and want to format a 3.5" HD disk > so that it Just Works™ as a standard MS-DOS floppy. Reading the manpage of mkfs.fat gives me the impression that mkfs.fat /dev/sdc should do the trick. Have you tried? Stefan
Re: Format an MS-DOS floppy on /dev/sdc
> Since it was the industry standard for "sneakernet" file > transfer for over a decade, I don't think it's a strange use case. > What did I miss? The two decades that passed by since? ;-) Especially since the media was notoriously unreliable back then and it probably hasn't gotten better with age. Stefan
Re: Q. about Tinkering with Debian Source Code
> When I use "apt source sl" (from sid, into its own directory) and compare > that tree (?) with what I get if I download via what that suggests (git > clone https://salsa.debian.org/debian/sl.git) (into its own directory), I > notice that the Makefile in the Debian version is slightly > more complex. I believe the difference should be that "apt source sl" will have applied the patches that you can find in the `debian/patches` subdirectory of the https://salsa.debian.org/debian/sl.git version. Stefan
Re: Command DD
> No tengo idea de como hacerlo. > > seria algo asi como: > > dd if=/dev/sda | pv | dd of=/home/knoppix/disco/imgwindows7x.img > count=43010047 Al parecer sí tenés idea: me parece correcto. En cualquier caso, podés probarlo, no le va hacer mal a nada. Stefan
Re: text editors
> And, for people coming from Windows, EMACS (at least before a WYSIWYG / mouse > version (which I think exists now Not sure what you mean by "now", but assuming you mean a time after 1994, then yes it exists "now". Stefan
Re: text editors
>> I use vim. > I use crispr! I was tempted to try it out, but I heard it only handles a 4-char alphabet. How do you handle accents? Stefan
Re: text editors
> Sorry not. While Elisp is a Lisp dialect, therefore is a language that > has been formally proved to be equivalent to turing-machine, that is > not certain for vimscript. Vimscript may not be as elegant and powerful as Elisp, but there is no doubt that it is Turing-complete (pretty much any language with a `while` loop and some kind of dynamic allocation is Turing-complete, so it's a pretty low bar). It's a full-blown programming language. Stefan
Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file
> Anyway, I edit large files many times a day and try to save it at each > edit or partial edit (at a guess, one particular file is around 100 > MB, and I may save it 200 or more times a day). So, we're looking in the order of 100GB / day. > 1. I'd like to count how many times a day I actually save the file. (One > approach (at least I think I could do this) could be to write a sort of shell > script wrapper and always initiate saves using the shell script, but I was > hoping there was more of pre-built solution.) It likely depends on the tool you're using to edit that file (in many tools you can tweak the tool to keep track of that info). > 2. A lot of my editing involves editing near (but not at) the end of > a file. I assume (I know) that the software that saves the file is > smart enough not to rewrite the entire file but instead to preserve > the beginning of the file and just rewrite the changed part of the > file (or from there to the end of the file). Not completely sure if "you assume" or "you know" it to be the case. Especially given that you then add: > Can anyone confirm that, which suggest you're not really sure (unless it referred to something else). Stefan
Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file
>> Not completely sure if "you assume" or "you know" it to be the case. > Sorry, I should have tried to be more clear -- sort of a digression, but I > came from an environment where anytime someone used the word assume, someone > else would point out what (they thought) that meant (it makes an ass out of > [yo]u and me). [ I think I understand what you mean. In French, "assume" means something quite different from the use we're discussing so I use "présume" instead, which also works in English (modulo the accent, obviously). ] > I thought "edit" would be pretty clear (implying a text editor / word > processor), but, to get more specific, depending on the file I use > kate, nedit, or kwrite, and I am starting to migrate toward using any > scintilla based editor. I don't specifically know what those do, but at least I know Emacs tries to avoid "unnecessary" modifications when *re-reading* a file, but makes no such effort when writing it: it would just blindly write the 100MB on top of the old content. So I would not be surprised if those other text editors do likewise. > To (try to) be clear, I am not sure whether only the changed part (or > from the changed part of the file to the end is written). I can > imagine that is reasonably possible -- I mean, the file is stored in > blocks on the disk, and some of those blocks are not changed, so why > rewrite them. Indeed, it's definitely possible. But there can be various reasons not to do that: - it's simpler to send the 100MB and forget about it than having to first read (the beginning of) those 100MB to see which part was left unchanged. - in order to make the save atomic, the editor may prefer to write the 100MB to another file and only when that's done rename that file to overwrite the old file. - ... probably other reasons ... > Well, with atsar or smartctl, I anticipate some experiments that might > confirm that for me. Sounds like a better approach, indeed (after all, you don't really care about what your tool does so much as you care about the resulting amount of writes that gets sent to the disk). Stefan
Re: Is Debian 9 supposed to work on a Geode?
> When I see "uSD slot, easy accessible" in a bulleted list of what looks > like requirements, then I get the impression that any device that lacks > a microSD slot, or where it's not easy to access, would be excluded. I > wouldn't reject an otherwise promising computer just because it has a > SATA disk instead of a microSD card, and I don't mind using a > screwdriver if I need to replace a hard disk. That's all I meant. Most of those ARM SBCs come with a µSD slot plus other things. Even if you connect a SATA disk, you'll often need a µSD because some of those SBCs don't have any on-board flash memory, so you need the µSD to hold the U-Boot (which plays the role of the BIOS) without which the board doesn't even know how to read from the SATA disk. IOW it's not "SATA or µSD?" but rather "does it support SATA (additionally to µSD)?" Stefan
