Re: [DNG] meta: list
On Fri 02/Sep/2022 22:09:27 +0200 marc wrote: But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) I think OVH allows classless delegation or at least setting PTRs for fixed IPs. I'd guess it's laziness the reason why it isn't set. The list has no DKIM signature, which is another sign of it. However, they have a good SPF record. Aha - now that you mention it: $ dig +nocmd +short dyne.org txt "google-site-verification=6FghqJroXIvBY8cutq6ouO0RC-a8qynFu6sJR3S-IbA" "v=spf1 mx ip4:162.19.139.95/32 ip4:195.169.149.119/32 ip4:213.127.207.66/32 ip4:141.95.83.167/32 ip4:141.95.47.84/32 -all" "google-site-verification=xUtkCygX3roBSYAEh01x4JWAYzvUarh3igtFGUu99v8" "google-site-verification=Jl4hhjC5wPXP1owryns13qpeuEksWw_m-8lWNL_Kleg" "google-site-verification=2XoWrMMTQ7jmgcB_76Y_TQSnWDGhR4e-y_KLqoKOK1Q" Maybe it is not the spf line that makes a difference here but the other gunk. I worry that takes us ever closer to changing the E in email to a G. No, those records seem to be for the web, not for email. Maybe related news, and some more reading: https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ The reason why Google breaks email is not their getting stricter. That blog surprised me when it says that a company cannot afford disk space to hold email for its employees! Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu 01/Sep/2022 23:22:13 +0200 marc wrote: It's imperative that you have rdns, spf, dkim and dmarc set up and that it all matches. My MTA will reject you if your ptr doesn't match your a record and your helo/ehlo hostname. spf, dkim and dmarc are all scored via spamassassin. Google rejects, outright, if there is any sort of mismatch in any of that at all. Setting up dnssec for your domain is also helpful. DNG list traffic comes through just fine. But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) I think OVH allows classless delegation or at least setting PTRs for fixed IPs. I'd guess it's laziness the reason why it isn't set. The list has no DKIM signature, which is another sign of it. However, they have a good SPF record. As you can see that reverse IP doesn't match what the SMTP server connects as. So I am actually not quite sure if your MX is as strict as you claim it to be ? Or am I missing something ? Do you have a different Received header - it should be one of the first lines of every message ? And your server isn't alone in being not quite as strict as claimed: Curtis said his MTA weights authentication along with a bunch of other factors to get a message score. That's fuzzy, but sometimes works. Despite the received wisdom that one had to have SPF+DKIM+DMARC+YOLO+SPQR+WTF :) set up to send mail to the dominant email servers, this wasn't actually true: At least until last week I managed to get mail accepted reliably by google despite having only a proper MX and reverse DNS entry - nothing else, not even SPF. And given that real people answered to those mails, most of them did not end up in their spam folders either. But this seems to have changed recently... hence this thread. Reverse DNS was already in use by some MTAs (and FTP servers) when I started to connect to the Internet. SPF came short afterwards, in the early 2000. My first DKIM filter appeared in 2010. DMARC still has no "standard" spec. It is coming very slowly, not only for inertia and indolence of mail operators, but also. The original anti-spam recipe, to block key words or phrases in the message body, is faulty. Against phishing, it's definitely disastrous. The point of domain-based authentication is to allow domains to earn a reputation, so that good actors can be trusted and messages accepted or rejected on a solid basis. The alternative for Internet mail is to go Bananas[*], methinks. Best Ale -- [*] https://en.wikipedia.org/wiki/Bananas_(film) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu 01/Sep/2022 18:33:48 +0200 Hendrik Boom wrote: On Thu, Sep 01, 2022 at 11:30:43AM +1000, onefang wrote: The problem with PTRs is that I run several domains from the one IP address, and PTR can only point to one of those. It costs money to get more IPs, my pension is barely coping with the recent cost of living increases. That is what MX records are for. It's straightforward to set up mail.example.com with its PTR having a single name that matches. Then, for all the other domains set the MX to it. For example: whatever.domain IN MX 2 mail.example.com. the HELO (or EHLO) command also uses mail.example.com. Nobody will notice any difference unless the analyze the message header. From: uses the virtual domain . DKIM signatures with d=whatever.domain. SPF records at whatever.domain have the address of mail.example.com. DMARC record for whatever.domain has rua=reports@whatever.domain. If IP's are expensive, would it help to switch to IPv6? Not all MXes have IPv6 address. You need an IPv4 to send to an IPv4-only MX. Google is said to be more severe with mail coming from IPv6 addresses. HTH Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Shutdown/halt versus WiFi and NFS
On Sat 28/May/2022 10:23:33 +0200 Brad Campbell via Dng wrote: Before that, I tried renaming K01network-manager to K06network-manager, to place it after the NFS unmount, but it ran earlier anyway. That's the wrong way to do it. Start/ stop order is defined by the so called LSB headers[*]. If the existing LSB header is wrong, you can override it in /etc/insserv/overrides/. The files in /etc/rc?.d should then be "compiled" by insserv. That program runs whenever updating a package requires it, and it is going to undo any manual fixes. To prevent that, I replaced it with a script like so: 676-north:tmp# file `which insserv` /sbin/insserv: POSIX shell script, ASCII text executable 677-north:tmp# cat !$ cat `which insserv` #! /bin/sh echo "***" >&2 echo "insserv: called as $0 $*" >&2 echo "call fix-init instead" >&2 echo "***" >&2 exit 0 Where fix-init[†] is a Perl script I coded trying to take into account existing fixes. Caution: use it if you dare. Best Ale -- [*] https://wiki.debian.org/LSBInitScripts/ [†] http://www.tana.it/sw/fix-init/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] resolv.conf
On Mon 09/May/2022 21:21:30 +0200 list-devuan wrote: tito via Dng wrote on 2022-05-09 04:54: Hi, two usual culprits are network-manager and/or dhclient. For network manager add in /etc/NetworkManager/NetworkManager.conf [main] section; dns=none for dhclient create a file "/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate" with content: #!/bin/sh make_resolv_conf(){ : } According to the man page dhclient-script(8), a file (of any name) in /etc/dhcp/dhclient-enter-hooks.d is invoked inline (so no shebang needed) if and only if it is executable. I use a one line file containing: make_resolv_conf(){ :; } Then chmod +x the file. Some of that arcane is unveiled in Debian wiki: These packages include various configuration files for other packages (such as isc-dhcp-client). For example, resolvconf includes a file which modifies the make_resolv_conf shell function used by dhclient-script(8). https://wiki.debian.org/resolv.conf#Configuring_openresolv_or_resolvconf Sorry for being late Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Why do I need xdg-desktop portal?
On Sat 12/Mar/2022 18:27:45 +0100 Florian Zieboll wrote: On Sat, 12 Mar 2022 11:06:44 +0100 Alessandro Vesely via Dng wrote: Hi all, I don't use flatpak, so yesterday I removed xdg-desktop-portal from a machine where it was causing df to err trying to access a fuse mount. I wandered how came xdg-desktop-portal was installed. Today I got the answer. I run apt-get dist-upgrade on another machine, and got: Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed: linux-headers-5.10.0-12-amd64 linux-headers-5.10.0-12-common linux-image-5.10.0-12-amd64 xdg-desktop-portal xdg-desktop-portal-gtk The following packages will be upgraded: chromium chromium-common chromium-sandbox chromium-shell linux-headers-amd64 linux-image-amd64 6 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 169 MB/169 MB of archives. After this operation, 365 MB of additional disk space will be used. Do you want to continue? [Y/n] Oh well, I'm going to say Y and purge xdg-sektop-portal right after. Is there a way to ban it from future upgrades? Chromium has a hard dependency on 'xdg-desktop-portal', although (IIUC) it is only required by 'chromium-sandbox', which is /not/ a dependency of Chromium. Indeed, it also uninstalled chromium. I'm not sure I had installed it before. Perhaps it was installed and that's what triggered the installation of xdg-desktop-portal. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Why do I need xdg-desktop portal?
Hi all, I don't use flatpak, so yesterday I removed xdg-desktop-portal from a machine where it was causing df to err trying to access a fuse mount. I wandered how came xdg-desktop-portal was installed. Today I got the answer. I run apt-get dist-upgrade on another machine, and got: Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed: linux-headers-5.10.0-12-amd64 linux-headers-5.10.0-12-common linux-image-5.10.0-12-amd64 xdg-desktop-portal xdg-desktop-portal-gtk The following packages will be upgraded: chromium chromium-common chromium-sandbox chromium-shell linux-headers-amd64 linux-image-amd64 6 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 169 MB/169 MB of archives. After this operation, 365 MB of additional disk space will be used. Do you want to continue? [Y/n] Oh well, I'm going to say Y and purge xdg-sektop-portal right after. Is there a way to ban it from future upgrades? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Thu 13/Jan/2022 19:38:56 +0100 Simon wrote: Similarly with file names. Once upon a time the human had to adapt to what the computer supported - such as fitting your entire file name into 8 characters. Now the computer (mostly) supports what is natural for a human - and that includes using spaces in their writing. After_all_it_does_seem_a_bit_un-natural_not_being_allowed_to_use_spaces_in_your_writing_-_it_would_make_a_hard_to_read_book_! Indeed, early writings didn't use spaces, not even underscores, to separate words. And they had no 'puters at the time. Spaces in filenames may look friendlier than underscores, but they undergo a few annoying characteristics due to the fact that they cannot be seen. You cannot distinguish them from tabs, or do you have a convention to not use tabs in file names? And in that case may I ask why? Oh, tabs do something else in a "save as..." form? Well, spaces do something else when you use them on the command line. They require quoting, which is annoying. When used in URLs spaces become %20, which is not more readable than _. For some reason, nobody use spaces in the local part of email addresses, although the syntax allows it. People do so in order to be easier. Please don't use spaces in the names of files that you share. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Wed 12/Jan/2022 01:27:45 +0100 Florian Zieboll via Dng wrote: On Tue, 11 Jan 2022 18:52:10 -0500 william moss wrote: Bash is taking the string in the double quotes as a single command; this is well documented. If either the command or parameters have spaces, you will have to use eval. Check the bash man page for details. This will also usually work X=$( "command and such" ) due to the execute block. I am replying to the list to share the valid (tested) alternative. Thanks a lot! Bash still considers a quoted command as such, for example: ale@pcale:~/tmp$ X=$("echo foo") bash: echo foo: command not found Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] SOLVED: Cron daily didn't run
On Tue 21/Dec/2021 14:01:16 +0100 Antony Stone wrote: On Tuesday 21 December 2021 at 13:53:48, Alessandro Vesely via Dng wrote: Yesterday I upgraded and then rebooted. how come cron daily didn't run? No idea - when is it supposed to run? I have an entry in crontab saying: 47 4 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) That's cron.weekly, and will only run on Sundays. Oops, I picked the wrong line. The problem is a hard link to /etc/crontab; it is described here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647193 I too made the hard link for archive purposes. And I made it on 26 November. It didn't hurt until I rebooted... Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Help: Cron daily didn't run
Hi all, Yesterday I upgraded and then rebooted. how come cron daily didn't run? I have an entry in crontab saying: 47 4 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) The cron.log just says nothing around 4:47: Dec 21 04:09:01 78 north CRON[6746]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) Dec 21 04:39:01 78 north CRON[7485]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) Dec 21 04:45:01 78 north CRON[7701]: (clamav) CMD ([ -x /usr/sbin/clamav-unofficial-sigs ] && /usr/sbin/clamav-unofficial-sigs) Dec 21 05:08:01 78 north CRON[8300]: (courier) CMD (/export/mail/honeypot/bot-report.sh) Those entries come from /etc/cron.d snippets. It seems that cron doesn't run any more crontab entries since the reboot. Only entries in /etc/cron.d. /etc/crontab didn't change. What is going wrong? TIA for any hint Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] SOLVED: gdb won't run
Now this is even funnier. I installed libsource-highlight-dev and wrote a short program whose only relevant expression is: srchilite::SourceHighlight *X = new srchilite::SourceHighlight(); Then: 1015-north:tmp$ g++ foo.C /usr/bin/ld: /tmp/ccn6kzOe.o: in function `main': foo.C:(.text+0x46): undefined reference to `srchilite::SourceHighlight::SourceHighlight(std::__cxx11::basic_string, std::allocator > const&)' collect2: error: ld returned 1 exit status 1016-north:tmp$ g++ foo.C -l source-highlight 1017-north:tmp$ gdb -q --args ./a.out Reading symbols from ./a.out... (No debugging symbols found in ./a.out) (gdb) break main Breakpoint 1 at 0x11a9 (gdb) run Starting program: /home/ale/tmp/a.out [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Breakpoint 1, 0x51a9 in main () (gdb) q A debugging session is active. Inferior 1 [process 21681] will be killed. Quit anyway? (y or n) y So, gdb can run without symbols. 1018-north:tmp$ g++ -g foo.C -l source-highlight 1019-north:tmp$ gdb -q --args ./a.out Reading symbols from ./a.out... (gdb) break main Breakpoint 1 at 0x11b0: file foo.C, line 6. (gdb) run Starting program: /home/ale/tmp/a.out [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Breakpoint 1, main () at foo.C:6 gdb: symbol lookup error: gdb: undefined symbol: _ZN9srchilite15SourceHighlightC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE Although the symbol is probably the same... 1020-north:tmp$ ldd a.out linux-vdso.so.1 (0x7ffcbf1eb000) libsource-highlight.so.4 => /usr/local/lib/libsource-highlight.so.4 (0x7f9d18b3e000) libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x7f9d18971000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x7f9d18957000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f9d18792000) libboost_regex.so.1.49.0 => /usr/lib/libboost_regex.so.1.49.0 (0x7f9d18669000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f9d18525000) /lib64/ld-linux-x86-64.so.2 (0x7f9d18e57000) libicuuc.so.48 => /usr/lib/x86_64-linux-gnu/libicuuc.so.48 (0x7f9d1816b000) libicui18n.so.48 => /usr/lib/x86_64-linux-gnu/libicui18n.so.48 (0x7f9d17d3f000) libicudata.so.48 => /usr/lib/x86_64-linux-gnu/libicudata.so.48 (0x7f9d169cf000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f9d169c4000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f9d169a2000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f9d1699c000) That's the culprit, /usr/local/lib/libsource-highlight.so.4 installed in 2016. Removed it, now gdb works. Sorry for the noise Ale On Fri 12/Nov/2021 17:41:30 +0100 Alessandro Vesely wrote: Hi all, don't know since when this happened, maybe since I upgraded to Chimaera. When I run gdb I get: src$ gdb -n -q --args ./anyexec Reading symbols from ./anyexec... (gdb) break main Breakpoint 1 at 0x7c7a: file anyexec.c, line 10. (gdb) run Starting program: /home/ale/tmp/src/anyexec [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Breakpoint 1, main (argc=3, argv=0x7fffe1c8) at anyexec.c:10 gdb: symbol lookup error: gdb: undefined symbol: _ZN9srchilite15SourceHighlightC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE src$ echo $? 127 Demangled symbol seems to be: srchilite::SourceHighlight::SourceHighlight(std::__cxx11::basic_stringstd::char_traits, std::allocator > const&) I cannot strace gdb, so I don't know where it looks for that missing symbol. I tried to remove and reinstall gdb, reinstall all libsource-highlight*, to no avail. Any idea? TIA Ale ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] gdb won't run
Hi all, don't know since when this happened, maybe since I upgraded to Chimaera. When I run gdb I get: src$ gdb -n -q --args ./anyexec Reading symbols from ./anyexec... (gdb) break main Breakpoint 1 at 0x7c7a: file anyexec.c, line 10. (gdb) run Starting program: /home/ale/tmp/src/anyexec [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Breakpoint 1, main (argc=3, argv=0x7fffe1c8) at anyexec.c:10 gdb: symbol lookup error: gdb: undefined symbol: _ZN9srchilite15SourceHighlightC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE src$ echo $? 127 Demangled symbol seems to be: srchilite::SourceHighlight::SourceHighlight(std::__cxx11::basic_string, std::allocator > const&) I cannot strace gdb, so I don't know where it looks for that missing symbol. I tried to remove and reinstall gdb, reinstall all libsource-highlight*, to no avail. Any idea? TIA Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is libc5-i686 | lib32gcc1 (proliant package dependencies)
On Wed 27/Oct/2021 18:54:16 +0200 karl wrote: For libc5, run "man libc" and look under the heading "Linux libc". Damn my fatty fingers, it was libc6-i686. (Not that it is much newer, it was in stretch.) Thanks for pointing it out anyway. The hp-health package itself is dated 2019 in the repository[*]. However, the top entry in the changelog is dated Fri, 27 Aug 2010. The third entry there is of December 2009 and says: * Add dependency on lib32gcc1 for amd64 to avoid segfault when hpasmcli exits. That software used to work under Beowulf. I don't know why it was damaged during the upgrade to Chimaera. I'm trying and reinstall it, because I know of no other ways to read some hardware-specific values. If 32bit libraries didn't have incompatible changes, they may still work. Is there anything I can check before forcing the install? TIA for any hint Ale -- [*] https://downloads.linux.hpe.com/SDR/repo/mcp/pool/non-free/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] What is libc5-i686 | lib32gcc1 (proliant package dependencies)
Hi all, I have a .deb package from HP (hp-health) that has this requirement, and doesn't install because of it. It got damaged somehow during the last dist-upgrade. I think I'd better re-install it. I have both libc6:i386 and lib32gcc-s1 (on an AMD 64bit machine). libc6-i686:i386 is tagged 'rc' transitional dummy package. HP doesn't seem to be inclined to update their support packages. Should I force the install, rebuild the package with a different DEBIAN/control, or something else? BTW, is the latter option just dpkg-deb -R followed by dpkg-deb -b? Thanks for any hint Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Why do I need libselinux1?
On Mon 25/Oct/2021 13:12:57 +0200 Olaf Meeuwissen via Dng wrote: Alessandro Vesely via Dng writes: Did we have it on Beowulf? Yes. I just checked on my Beowulf laptop and e.g. tar and sed both declare a Pre-Depends: on libselinux1. Since these two are both Essential packages, libselinux1 is required on Beowulf. Hope this helps, Yeah, it is reassuring. Thanks. Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Why do I need libselinux1?
Hi all, when I switched to Chimaera, one of the difficulties was an /etc/selinux directory left over since several years ago. After boot with the new system, X didn't want to start. It said something about selinux, so I found the leftover and startx worked again. Now I checked what selinux packages are installed, and find libselinux1. If i try to remove it, I get errors like: :~# apt-get purge libselinux1 Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: fontconfig : Depends: fontconfig-config but it is not going to be installed gnuplot : Depends: gnuplot-qt but it is not going to be installed or gnuplot-x11 or gnuplot-nox libcurl3-gnutls : Depends: libgssapi-krb5-2 (>= 1.17) but it is not going to be installed Recommends: ca-certificates but it is not going to be installed libfontconfig1 : Depends: fontconfig-config (>= 2.13.1-4.2) but it is not going to be installed libglib2.0-0 : Depends: libmount1 (>= 2.35.2-7~) but it is not going to be installed Depends: libselinux1 (>= 3.1~) but it is not going to be installed Recommends: shared-mime-info libgpgmepp6 : Depends: libgpgme11 (>= 1.9.0) but it is not going to be installed libneon27-gnutls : Depends: libgssapi-krb5-2 (>= 1.17) but it is not going to be installed Recommends: ca-certificates but it is not going to be installed libpaper-utils : Depends: libpaper1 but it is not going to be installed librdf0 : Depends: librasqal3 (>= 0.9.31) but it is not going to be installed libreoffice-common : Depends: ucf (>= 0.8) but it is not going to be installed Recommends: fonts-liberation2 but it is not going to be installed or ttf-mscorefonts-installer but it is not going to be installed Recommends: apparmor (>= 2.13.1~) but it is not going to be installed Recommends: python3-uno (>= 4.4.0~beta2) but it is not going to be installed tar : PreDepends: libselinux1 (>= 3.1~) but it is not going to be installed E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages. Running `apt-cache rdepends libselinux1` reports lots of essential packages. Is that correct? Perhaps all what they need is to call is_selinux_enabled() from libselinux.so.1. Does it make sense? Did we have it on Beowulf? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] The audacity of it all...
On Wed 25/Aug/2021 00:41:59 +0200 Mason Loring Bliss wrote: There's also an iptables-centric method: https://serverfault.com/questions/550276/how-to-block-internet-access-to-certain-programs-on-linux Blocking by user-id seems to me to be the only serious option. You should have good reasons to believe that a given user is not able to escalate privileges. Blocking by executable name sounds somewhat silly, as a program could still launch, say, curl to do its dirty job. A different approach could be to find out which servers Muse Group uses to collect data and block routing to them for the whole system. (Actually, it doesn't seem that any of these is needed for Audacity.) Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Nasty Linux systemd security bug revealed
On Thu 12/Aug/2021 13:12:29 +0200 Aitor wrote: On 31/7/21 11:20, aitor wrote: Sometimes I use the following buffer struct for dynamic allocation: https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/backend_src/sbuf.c I guess we all ended up developing something similar. My take: http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.h http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.c It's harsh as it assumes the caller _always_ checks return code. The functions don't check for NULL on entry (albeit they often assert() it, a passage usually not compiled in production code.) Non-nullness has to be checked by the caller, for example (from zaggregate.c in the same package): if (to_header) { to_header = cstr_printf(to_header, "%s %s", n_addr == 0? "To:": ",", dom->addr[i].addr); if (to_header && dom->addr[i].limit != UINT64_MAX) to_header = cstr_printf(to_header, " (limit=%" PRIu64 ")", dom->addr[i].limit); ++n_addr; } Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] APT upgrade, was USB mount problem
On Wed 07/Jul/2021 23:10:15 +0200 Patrick Bartek via Dng wrote: On Mon, 5 Jul 2021 19:41:43 +0200 Alessandro Vesely wrote: Here's the sequence of what I did: I wrote to the list each time, so I know the exactly when. 4 January 2020: migrate from debian/stretch to beowulf https://lists.dyne.org/lurker/message/20200104.101800.7b0f18cb.en.html Beowulf was the stable version at the time. Afterwards, I upgraded it regularly and smoothly. I'm assuming you didn't try to migrate from Stretch to Beowulf directly before doing the ascii migration. Hm.. yes, you must be right. And I keep detailed logs of what I do. On a server, I used to run release dist-upgrades under script. I gave up after realizing I never dug into those files. The last time I just kept the tripwire log. (Albeit tripwire leaves something to be desired w.r.t., say, subversion.) None on those on a client, which is this case. How did you remove those packages? No idea. Didn't remove them intentionally. Not even sure /when/ they were removed. During your migration to Beowulf and dist-upgrade to Chimaera, and if you followed instructions, autoremove could have removed them as part of the cleanup. [snip] Upgrade by design won't install major upgrades to apps, system files, etc. which can occur with Testing. However, apt should still keep back unupgraded packages, so that if you issue a dist-upgrade afterwards, it can find them and upgrade them, correct? It should, but if you used autoremove, those "held back" packages will be removed and forgotten. Ugh, the man page says: Packages which you have installed explicitly via install are also never proposed for automatic removal. Inkscape must have been installed explicitly. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] APT upgrade, was USB mount problem
Hi, On Sun 04/Jul/2021 21:09:01 +0200 Patrick Bartek wrote: On Sat, 3 Jul 2021 13:01:52 +0200 Alessandro Vesely via Dng wrote: On Sat 26/Jun/2021 01:10:08 +0200 Patrick Bartek Via Dng wrote: On Fri, 25 Jun 2021 11:34:32 +0200 Alessandro Vesely via Dng wrote: After I did a system upgrade, I couldn't mount an USB key any more, until I manually installed udevil. What happened, dependency changes? This is one of the "gotchas" that can happen when running an "in development" version. As far as why it happen: could be a number of things. Most of the time, it's because a dependency, like udevil to spacefm, become mismatched version-wise. That is, udevil has become "too old" to work with spacefm, and the upgrade process uninstalls it. Try "full-grade" instead of just "upgrade" to get the newer version of the dependencies when "upgrading." In fact, this is the recommended procedure when running an "in development" or testing version. I tried apt-get dist-upgrade afterwards, but it didn't bring up much staff. Later on, I found that some software that I don't use very often was removed from my system. I had to install anew Inkscape and MariaDB server. Without knowing the particulars of how you installed Chimaera or how it's configured, it's going to be difficult to diagnose your problems. However, the main problem is that you are using Chimaera which is still in development, and that can introduce problems. Although, usually, they correct themselves when the developers do the next round of "fixes." Did you do a clean install or upgrade from a previous version? IIRC, you dist-upgraded from a Debian distro, but I've forgotten which one. This can and does introduce problems even if done correctly. Here's the sequence of what I did: I wrote to the list each time, so I know the exactly when. 4 January 2020: migrate from debian/stretch to beowulf https://lists.dyne.org/lurker/message/20200104.101800.7b0f18cb.en.html Beowulf was the stable version at the time. Afterwards, I upgraded it regularly and smoothly. 19 April 2021: upgrade from beowulf to chimaera. https://lists.dyne.org/lurker/message/20210419.111049.2c050382.en.html As I wrote at the time: Everything incredibly smooth! I don't know why I rebooted between upgrade and dist-upgrade. The graphics didn't come up, so I run dist-upgrade on the tty terminal. That's the only annoyance I had. Heck, the process took an inordinate amount of time. autoremove is still running for 435 packages... Isn't there a way to remove packages not used for more than one year? 24 June 2021: apt-get update + apt-get upgrade https://lists.dyne.org/lurker/message/20210625.093432.02c220e2.en.html I hadn't updated the system since April. Network printer and usb key access were damaged by the upgrade. I'm sure I used both between Apr 19 and Jun 24. For the printer, I just deleted and discovered it again. For spacefm, I installed udevil. I found no relevant differences in spacefm dependencies. I'm not sure whether udevil was installed before (it is suggested). Perhaps usb access was granted in some other way. After looking for timestamps, I don't think I used Inkscape or MariaDB during that period. Perhaps those packages were removed during the April upgrade and I only noticed after the June upgrade. Post your /etc/apt/sources.list and anything that is in /etc/apt/sources.list.d/, too. If they are not set up properly, that can cause problems. They look clean. The only file in sources.list.d, mptcp, was commented out in April, before doing the upgrade. I attach both. 3408640 4 -rw-r--r-- 1 root root 1032 Apr 19 09:28 /etc/apt/sources.list 3409224 4 -rw-r--r-- 1 root root 65 Apr 19 09:24 /etc/apt/sources.list.d/mptcp.list I remember many release changes done in two steps, apt-get upgrade followed by apt-get dist-upgrade for the rest. This time it seems that the system forgot about removed packages. Is it so because chimaera is not yet released? How did you remove those packages? No idea. Didn't remove them intentionally. Not even sure /when/ they were removed. No. Chimaera still being Testing shouldn't be a cause.. When using Testing, don't use apt-get upgrade, but only apt-get dist-upgrade or apt full-upgrade. This is recommended when running Testing instead of Stable. Ok, lesson learned. Upgrade by design won't install major upgrades to apps, system files, etc. which can occur with Testing. However, apt should still keep back unupgraded packages, so that if you issue a dist-upgrade afterwards, it can find them and upgrade them, correct? After Testing (Chimaera) becomes Stable, then use only apt-get upgrade or apt upgrade. There are times when dist-upgrade needs to be used to "fix" something, but we'll deal with that later.
Re: [DNG] APT upgrade, was USB mount problem
Hi, On Sat 26/Jun/2021 01:10:08 +0200 Patrick Bartek Via Dng wrote: On Fri, 25 Jun 2021 11:34:32 +0200 Alessandro Vesely via Dng wrote: After I did a system upgrade, I couldn't mount an USB key any more, until I manually installed udevil. What happened, dependency changes? > This is one of the "gotchas" that can happen when running an "in development" version. As far as why it happen: could be a number of things. Most of the time, it's because a dependency, like udevil to spacefm, become mismatched version-wise. That is, udevil has become "too old" to work with spacefm, and the upgrade process uninstalls it. Try "full-grade" instead of just "upgrade" to get the newer version of the dependencies when "upgrading." In fact, this is the recommended procedure when running an "in development" or testing version. I tried apt-get dist-upgrade afterwards, but it didn't bring up much staff. Later on, I found that some software that I don't use very often was removed from my system. I had to install anew Inkscape and MariaDB server. I remember many release changes done in two steps, apt-get upgrade followed by apt-get dist-upgrade for the rest. This time it seems that the system forgot about removed packages. Is it so because chimaera is not yet released? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] APT upgrade (was Re: USB mount problem)
On Sun 27/Jun/2021 11:07:33 +0200 Arnt Karlsen wrote: On Sun, 27 Jun 2021 09:44:00 +0900, Olaf wrote in message <87czs887cf.fsf@quark>: Upon first glance manual pages make it look as if full-upgrade and dist-upgrade are the same but I am not sure the details of package dependency conflict resolution it identical for both. ..they are slightly different and I don't recall the differences right now. Google is your friend: https://duckduckgo.com/?t=ffnt=%22apt-get+dist-upgrade%22+vs+%22apt+full-upgrade%22=web While apt upgrade seems to be slightly more rounded than apt-get upgrade —the former can install new packages introduced as dependencies— the respective full-upgrade and dist-upgrade do the same thing. For the record, I did apt-get upgrade, which is presumably why I missed USB mounting. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] USB mount problem
On Sat 26/Jun/2021 11:45:46 +0200 o1bigtenor wrote: so you're suggesting the use of # apt update # apt full-grade or is that # apt full-upgrade? apt-get dist-upgrade? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] USB mount problem
On Tue 15/Jun/2021 20:41:09 +0200 Patrick Bartek via Dng wrote: I have found that each desktop uses its own method of automounting. PCManFM may have the mounting code built-in. Or it may use udiskie. Check PCManFM's dependencies and see if udiskie is listed. Did you install udiskie yourself? If not, then some other app did and it's probably needed. If it's not causing problems, leave it be. Right. For spacefm it is udevil. Curiously, spacefm was mounting smoothly until yesterday, on chimaera + openbox. After I did a system upgrade, I couldn't mount an USB key any more, until I manually installed udevil. What happened, dependency changes? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ntp setup
On Mon 21/Jun/2021 00:52:42 +0200 karl wrote: Rick Moen: ... https://support.ntp.org/bin/view/Dev/DeprecatingNtpdate ... Thanks for the link. And for the heads-up. I've been using ntpdate-debian every 30 minutes for years. After tuning the HW clock, the adjustment is usually less than 20 milliseconds. More than enough for my needs, and preferable to the resources consumed by a full-fledged ntpd. Switching to sntp seems to be an easy task. However, there is no "sntp-debian" available. I could read NTPSERVERS from /etc/default/ntpdate and use them with sntp, or just use pool.ntp.org. (sntp doesn't compare responses, just uses the first it receives.) With respect to ntpdate, sntp has separate options to enable slew or step mode, and max offset for slew. Thus, one can enable slew only and set a reasonable number of milliseconds, so that sntp won't update the system time if it gets an unreasonable response from a runaway remote server. However, the logged line (on user.log) and the exit code don't say whether the system time was changed or not. Perhaps should cron something like so: sntp -M 128 -s pool.ntp.org|\ ( read first_line_not_used read date time utc offset rest case $offset in ([+-]0.00*):;; (*) logger -t sntp -p user.crit "Time offset: $offset";; esac ) Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] End of free open source software?
On Sat 15/May/2021 15:50:12 +0200 spiralofhope wrote: On Fri, 14 May 2021 14:27:15 +0200 "Enrico Weigelt, metux IT consult" wrote: On 09.05.21 08:33, tito via Dng wrote: So the first question that arises is: how could open source and free software projects ensure protection from damage up to data loss if actually even proprietary software comes with no warranty at all? >> Make it crystal clear, that our software is neither a product, nor service, nor anything near to any commercial thing, but instead just a piece of art, like a novel or a poem. A programming language used to write code is not different than the English an author uses to write a story. It would take some effort to explain, but programming and authoring do map to one another. For example, it's a long-time pursuit for many programmers to author more natural language-like readable code. On the other hand, the majority of people cannot write or read computer programs. Some barely understand the principles by which computers work. Yet, they use them, and at times may happen to depend on them for life-or-death matters. Should that people use free software? Actually, even programmers use a number of software packages without even bothering to download their sources. We may appreciate the syntax or the ease of use, but much of the poetry gets lost. I'd confess that I read code only in a few occasions. When there's not enough docs, when there's a malfunction, when I have to write code which interacts with that. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Keeping unneeded packages of your system (was Re: Advice to migrate from Beowulf to Chimaera)
On Wed 28/Apr/2021 14:15:43 +0200 Olaf Meeuwissen via Dng wrote: What I did find somewhat weird is that it asked whether I wanted to keep all of the xserver-xorg-video-* individually when I had already said `Y` to the `task-desktop` package. With `apt-mark` I just marked `task-xfce-desktop` as manual and didn't have to make up my mind about all the video drivers. Yes, I tried it and it asks lots of useless questions. Once I told it to remove Evolution (since I use Thunderbird), and it went on asking whether I wanted to keep each evolution plugin. Of a smart package, I'd have expected to look at what packages are configured for day to day usage. There are several ways to do so, starting from the alternatives system, perhaps Firefox's handlers, recently accessed executables, whatever. And how about packages downloaded and installed outside of the apt system (typically libreoffice, I'd guess)? What I really missed is a percent indicator. How many questions are there ahead? I terminated with 'q'. Possibly, the only package it helped to remove is debfoster itself. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Advice to migrate from Beowulf to Chimaera
On Tue 20/Apr/2021 16:03:59 +0200 Bernard Rosset via Dng wrote: find /usr/bin -atime +360 | xargs -l1 apt-file find | sort I would suggest dpkg -S instead of apt-file find, which matches prefix, not exact file. I would also filter on the package name and ensure unicity. Also, never log in as root. Here would me my quick & dirty take at your command chain: find /usr/bin -atime +360 | xargs -l1 sudo dpkg -S | awk -F ':' '{print $1}' | sort | uniq Nice command. If found some 76 packages, including, for example, gcc-4.8, setcd, wmtime... Thanks to all also for the apt- and debfoster- based methods. They need more thought. On the dark side, something bad happened during the upgrade, which I only realized later: *pulseaudio* was surreptitiously installed. Beowulf worked well without it, and Chimaera also worked well as soon as I removed it. *python* was not installed at all. How come? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Advice to migrate from Beowulf to Chimaera
On Sun 18/Apr/2021 11:37:58 +0200 Alessandro Vesely wrote: I'll try tomorrow. Everything incredibly smooth! I don't know why I rebooted between upgrade and dist-upgrade. The graphics didn't come up, so I run dist-upgrade on the tty terminal. That's the only annoyance I had. Heck, the process took an inordinate amount of time. autoremove is still running for 435 packages... Isn't there a way to remove packages not used for more than one year? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Advice to migrate from Beowulf to Chimaera
On Sat 17/Apr/2021 15:37:31 +0200 Florian Zieboll via Dng wrote: On April 17, 2021 2:33:53 PM GMT+02:00, Alessandro Vesely via Dng wrote: Is there a guide, a wiki, release notes, any help? my Beowulf to Chimaera (LXqt with openbox) went quite smooth. I had posted my notes to this list, approx. one month ago; you should find it by searching the subject lines for (most probably) the two release names. IIRC, I just did a last dist-upgrade to be sure to have all the latest packages, then adapted the sources.list and went 'apt update' - 'apt upgrade' - reboot - 'apt dist-upgrade' - reboot. Found it! https://lists.dyne.org/lurker/message/20210325.205609.62226b42.en.html You went directly from ASCII to Chimaera without passing through Beowulf. Wow. I'll try tomorrow. Thank you Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Advice to migrate from Beowulf to Chimaera
Hi all, I usually prefer to stick on released system, but I'd start working on OpenSCAD and the version available is rather oldish. As it has lots of graphical dependencies, I think it may be easier to switch to Chimaera than to pin all that stuff. I run Openbox, btw. Is there a guide, a wiki, release notes, any help? TIA Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FSF and human rights
On Fri 26/Mar/2021 22:58:39 +0100 Riccardo Mottola wrote: I want politics out of free software. [...] Remember how many voices there were back then against "evil Microsoft" and IE6? But how many raise their voices today against Chrome? And IBM before M$... Two weights, two measures. If you mean Google (or just Chrome) is enjoying undue community favor, I disagree. Google's curve is still growing and the handover to the next actor is not yet on sight, but some marks are visible. For one, Google doesn't appear among FSF's patrons after 2016[*]. By now, they reached the evil's side. Opposing voices are raising, and I look forward for a GNU SmartOS. If you look at the tangent envelope of all those curves, you see the growth of software is very strong. It is certainly an economic question. How, then, could you keep politics off? Free software poses political problems. These problems are different from those of the previous industrial revolution, but they are still political problems. Best Ale -- [*] https://www.fsf.org/patrons/fy2016 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] FSF and human rights
Hi All, Debian is engaging in a disgusting attack against RMS: https://www.debian.org/vote/2021/vote_002 Does Devuan have resolutions to sign open letters? I'd propose to sign this one instead: https://rms-support-letter.github.io/ See also: An orthodox analysis entitled Justice for Dr. Richard Matthew Stallman, which recaps the whole story. https://jorgemorais.gitlab.io/justice-for-rms/ A post, written by Hannah Wolfman-Jones, with a response from civil-rights expert Nadine Strossen, former president of the ACLU. https://www.wetheweb.org/post/cancel-we-the-web Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who is disabling core dumps?
On 18/11/2020 13:38, tito via Dng wrote: On Wed, 18 Nov 2020 12:10:19 +0100 Alessandro Vesely via Dng wrote: I enabled core dumps in /etc/security/limits.d/coredump.conf (* - core unlimited); core_pattern and suid_dumpable are set appropriately. However, most processes have a soft limit of 0; that is, core dump disabled: # for p in $(ps -e -o pid| tail -n +1); do prlimit --noheadings --core --pid $p 2>/dev/null; done | sort |uniq -c 1 CORE max core file size00 bytes 260 CORE max core file size0 unlimited bytes 44 CORE max core file size unlimited unlimited bytes Only 44 processes have coredump enabled. Why? I looked for 'ulimit' in /etc/init.d, .bashrc's, and other starters, but found nothing relevant. The one with hard limit 0 is ssh-agent, presumably set by the program itself for obvious security reasons. Who is soft-disabling core dumps for the other 260? Apparmor? Hmm... I have apparmor=0 in GRUB_CMDLINE_LINUX, but still have an apparmor script in /etc/init.d. Can it still bite? Curiously, the shell in the root terminal window had 0. But all daemons were already started by the time I could put my fingers on a shell's input. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Who is disabling core dumps?
Hi all, I enabled core dumps in /etc/security/limits.d/coredump.conf (* - core unlimited); core_pattern and suid_dumpable are set appropriately. However, most processes have a soft limit of 0; that is, core dump disabled: # for p in $(ps -e -o pid| tail -n +1); do prlimit --noheadings --core --pid $p 2>/dev/null; done | sort |uniq -c 1 CORE max core file size00 bytes 260 CORE max core file size0 unlimited bytes 44 CORE max core file size unlimited unlimited bytes Only 44 processes have coredump enabled. Why? I looked for 'ulimit' in /etc/init.d, .bashrc's, and other starters, but found nothing relevant. The one with hard limit 0 is ssh-agent, presumably set by the program itself for obvious security reasons. Who is soft-disabling core dumps for the other 260? Is there a better way to enable them, other than for each process? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Missing /run/user/$uid
Hi all, I create a terminal window for a different user using a script like so: #! /bin/bash # # Extract auth of current user and run x-terminal-emulator in new user printf -v altgksu 'export DISPLAY=:0; touch ~/.Xauthority; echo "%s"| xauth nmerge -; dbus-launch --exit-with-x11 x-terminal-emulator;' "$(xauth nextract - $DISPLAY)" su -l -c "$altgksu" $1 When $1 is not root, I get errors from, e.g., geany, when it tries to create a "uim" subdirectory: stat("/run/user/111/uim", 0x7ffee78a9180) = -1 ENOENT (No such file or directory) mkdir("/run/user/111/uim", 0700)= -1 ENOENT (No such file or directory) write(2, "uim_helper_get_pathname() failed"..., 33) = 33 There is no folder 111 in /run/user. Should I create it in the above script? But then, who created /run/user/0? Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ..devuan to the rescue? Easiest possible newbie email server setup, ideas?
On Tue 29/Sep/2020 11:10:12 +0200 Simon Hobson wrote: Alessandro Vesely via Dng wrote: I have no choice over the neighbours ! Don't buy overly cheap connections... Doesn't matter how much you pay - unless you get an entire net-block to yourself then you have no control over the neighbours. Only the ISP has control over the neighbours. Correct. ISPs which maintain a restricted set of non-spamming customers tend to ask for higher rates. Mass discount ISPs, cutting abuse team costs, accept anyone. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ..devuan to the rescue? Easiest possible newbie email server setup, ideas?
On Sun 27/Sep/2020 20:11:39 +0200 Simon Hobson wrote: Alessandro Vesely via Dng wrote: [...] And it is key to get an IP address without poorly reputed neighbors —check talosintelligence.com. I have no choice over the neighbours ! Don't buy overly cheap connections... I also use lack of rDNS as a check. I also check it for obvious misconfigurations like (from memory) : it's an IP literal (not allowed by RFC), Currently, the RFC allows anything in the HELO name. Without looking it up, I'm sure there are some constraints. The SMTP client MUST, if possible, ensure that the domain parameter to the EHLO command is a primary host name as specified for this command in Section 2.3.5. If this is not possible (e.g., when the client's address is dynamically assigned and the client does not have an obvious name), an address literal SHOULD be substituted for the domain name. An SMTP server MAY verify that the domain name argument in the EHLO command actually corresponds to the IP address of the client. However, if the verification fails, the server MUST NOT refuse to accept a message on that basis. https://tools.ietf.org/html/rfc5321#section-4.1.4 In any case, there are some thing it makes sense to block - so-one else should be running a mail server and claiming to be in my domain, stuff like that. Some basic protocol checks block a good proportion of spam - and very cheaply in terms of resources needed. Correct. Mail servers have a variety of option to check the HELO name. Another possibility to discard spammers claiming to be your domain is to set SPF -all. That, however, has other drawbacks. Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ..devuan to the rescue? Easiest possible newbie email server setup, ideas?
On Sat 26/Sep/2020 23:19:33 +0200 Simon Hobson wrote: Marjorie Roome via Dng wrote: I also end up rejecting a lot of spam because it lacks a reverse hostname (it's easily the largest category). So it's not just a few such as ntlworld and gmx that check this. IIRC the specific complaint wasn't that they checked for rDNS, but that they matched it against the domain of the sender. That makes no sense at all, it prevents running more than one domain on one mail server. Why would it? A configurable mail server, Courier-MTA for example, lets you use multiple domains and multiple IPs. However, unless you send many thousands messages per day, I would suggest to stick to one domain name and one outgoing IP address. And it is key to get an IP address without poorly reputed neighbors —check talosintelligence.com. Hosting additional domains is as easy as publishing an MX record. You can also publish DKIM and SPF records so as to produce DMARC-aligned authentication for any hosted domain. Users won't notice any difference. As Mark said, it does make deliverability easier to send via one established SMTP server. I also use lack of rDNS as a check. I also check it for obvious misconfigurations like (from memory) : it's an IP literal (not allowed by RFC), Currently, the RFC allows anything in the HELO name. jm2c Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Dbus services file names
Hi at boot, I get messages like: dbus-daemon[1918]: [system] Service file "X" should have been named "Xn" and will not work with system bus activation Where some values for X and Xn are as follows: X Xn /usr/share/dbus-1/services/org.gnome.evolution.dataserver.UserPrompter.service org.gnome.evolution.dataserver.UserPrompter0.service /usr/share/dbus-1/services/org.gnome.evolution.dataserver.AddressBook.service org.gnome.evolution.dataserver.AddressBook9.service /usr/share/dbus-1/services/org.gnome.evolution.dataserver.Calendar.service org.gnome.evolution.dataserver.Calendar7.service /usr/share/dbus-1/services/org.gnome.Caribou.Antler.service org.gnome.Caribou.Keyboard.service /usr/share/dbus-1/services/obex-data-server.service org.openobex.service /usr/share/dbus-1/services/org.gnome.FileRoller.ArchiveManager1.service org.gnome.ArchiveManager1.service /usr/share/dbus-1/services/org.gnome.evolution.dataserver.Sources.service org.gnome.evolution.dataserver.Sources5.service Files X belong to their own packages. Are they meant to be reported as package bugs? What does numbering depend on? BTW, I use openbox, not gnome. Yet, have lots of gnome packages... BTW2, perhaps I have a somewhat broken d-bus settings, I often get messages like: dbind-WARNING **: 13:56:59.823: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Any help? TIA Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Upgrade [ ascii -> beowulf ]: so many obsolete packages...
Hi all, running `aptitude search ~o` shows hundreds of obsolete packages. There were none before the upgrade. Well, one may say it's not so many, compared to the thousands of `dpkg --get-selections`. However, what to do about them? Certainly, some of them are to be purged, but which ones? Only a minority are tagged as automatically installed (A), and that's not a criterion for choosing what to purge, since they may be needed by some "obsolete" package that still works... BTW, the upgrade triggered some nasty problems. Some server programs stopped working. Both upgradable daemons and manually compiled ones at a certain stage during the dist-upgrade were unable to connect. netstat showed them listening, tcpdump showed sync packets coming in, but strace on the processes showed idle waiting. Even after reboot, manually installed stuff had to be recompiled in order to work. So, I'm a bit scared about how obsolete packages can behave. Anyway, to look at each package one by one sounds daunting. Any ideas to slim down the list? The last time I renamed a command, I installed a wrapper script to log each call. Then, after some time, check if the old command is still used. Doing so automatically for each executable might be possible, albeit sinister. But how could one track libraries usage? TIA Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] apt-get vs apt
Hi, TL;DR: apt fails where apt-get works. Why? I just updated ASCII using apt: root@pcale:~# apt update Get:1 http://deb.devuan.org/merged ascii InRelease [25.6 kB] Get:2 http://deb.devuan.org/merged ascii-updates InRelease [25.6 kB] Get:3 http://deb.devuan.org/merged ascii-security InRelease [25.6 kB] Get:4 http://deb.devuan.org/merged ascii-backports InRelease [25.6 kB] Get:5 http://deb.devuan.org/merged ascii-security/main Sources [192 kB] Get:6 http://deb.devuan.org/merged ascii-security/main i386 Packages [492 kB] Fetched 787 kB in 1s (762 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 6 packages can be upgraded. Run 'apt list --upgradable' to see them. root@pcale:~# root@pcale:~# root@pcale:~# root@pcale:~# apt upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: libargon2-0 libqrencode3 Use 'apt autoremove' to remove them. The following packages will be upgraded: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl perlmagick 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 7,761 kB of archives. After this operation, 1,024 B of additional disk space will be used. Do you want to continue? [Y/n] Err:1 http://deb.devuan.org/merged ascii-security/main i386 libimage-magick-perl all 8:6.9.7.4+dfsg-11+deb9u8 404 Not Found [IP: 130.225.254.116 80] Err:2 http://deb.devuan.org/merged ascii-security/main i386 perlmagick all 8:6.9.7.4+dfsg-11+deb9u8 404 Not Found [IP: 130.225.254.116 80] Err:3 http://deb.devuan.org/merged ascii-security/main i386 imagemagick-6-doc all 8:6.9.7.4+dfsg-11+deb9u8 404 Not Found [IP: 130.225.254.116 80] Err:4 http://deb.devuan.org/merged ascii-security/main i386 imagemagick-doc all 8:6.9.7.4+dfsg-11+deb9u8 404 Not Found [IP: 130.225.254.116 80] Err:5 http://deb.devuan.org/merged ascii-security/main i386 imagemagick-6-common all 8:6.9.7.4+dfsg-11+deb9u8 404 Not Found [IP: 130.225.254.116 80] Err:6 http://deb.devuan.org/merged ascii-security/main i386 imagemagick-common all 8:6.9.7.4+dfsg-11+deb9u8 404 Not Found [IP: 130.225.254.116 80] E: Failed to fetch http://mirrors.dotsrc.org/debian-security/pool/updates/main/i/imagemagick/libimage-magick-perl_6.9.7.4+dfsg-11+deb9u8_all.deb 404 Not Found [IP: 130.225.254.116 80] E: Failed to fetch http://mirrors.dotsrc.org/debian-security/pool/updates/main/i/imagemagick/perlmagick_6.9.7.4+dfsg-11+deb9u8_all.deb 404 Not Found [IP: 130.225.254.116 80] E: Failed to fetch http://mirrors.dotsrc.org/debian-security/pool/updates/main/i/imagemagick/imagemagick-6-doc_6.9.7.4+dfsg-11+deb9u8_all.deb 404 Not Found [IP: 130.225.254.116 80] E: Failed to fetch http://mirrors.dotsrc.org/debian-security/pool/updates/main/i/imagemagick/imagemagick-doc_6.9.7.4+dfsg-11+deb9u8_all.deb 404 Not Found [IP: 130.225.254.116 80] E: Failed to fetch http://mirrors.dotsrc.org/debian-security/pool/updates/main/i/imagemagick/imagemagick-6-common_6.9.7.4+dfsg-11+deb9u8_all.deb 404 Not Found [IP: 130.225.254.116 80] E: Failed to fetch http://mirrors.dotsrc.org/debian-security/pool/updates/main/i/imagemagick/imagemagick-common_6.9.7.4+dfsg-11+deb9u8_all.deb 404 Not Found [IP: 130.225.254.116 80] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? I repeated it a second time, same result. At that point I noticed the last line says "maybe run *apt-get* update". Using apt everything worked (well, almost) and the packages were found; see below. I notice that https://www.devuan.org/os/documentation/dev1fanboy/en/upgrade-to-beowulf always uses apt-get. I used to always use apt-get myself. One or two years ago I found apt was meant to be an "easier" interface and, since it's shorter, started using that. I guess I'd switch back to using apt-get, shouldn't I? Best Ale -- root@pcale:~# apt-get update Hit:1 http://deb.devuan.org/merged ascii InRelease Hit:2 http://deb.devuan.org/merged ascii-updates InRelease Hit:3 http://deb.devuan.org/merged ascii-security InRelease Hit:4 http://deb.devuan.org/merged ascii-backports InRelease Reading package lists... 1% Reading package lists... Done root@pcale:~# root@pcale:~# root@pcale:~# apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: libargon2-0 libqrencode3 Use 'apt autoremove' to remove them. The following packages will be upgraded: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl perlmagick 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 7,761 kB of archives.
Re: [DNG] Debian abandons LSB
On 07/06/2020 00:33, Adam Borowski wrote: > On Fri, Jun 05, 2020 at 04:04:33PM +0100, Simon Hobson wrote: >> While upgrading a system to Beowulf, I noticed this in the changelogs. >> Is this one of those "it was fizzling out anyway so no big deal" things, or >> another policy change by Debian ? Not really bothered, just curious. > > LSB was a project by some RPM-based distributions, and was never strongly > followed by Debian. And, it's dead now -- the last upstream release was > on June 3, 2015. https://en.wikipedia.org/wiki/Linux_Standard_Base#Limitations_on_Debian >>> lsb (9.20150826) unstable; urgency=low >>> >>> This update drops all lsb-* compatibility packages, and is therefore an >>> abandon of the pursuit of LSB compatibility for Debian. Only lsb-release >>> and >>> lsb-base are kept as they continue to be used throughout the archive. > > Note the date. You're mentioning a change that's 5 years old, much > predating Stretch and Buster. > > What's left in Debian are bits that are actually used by some programs. Such as the LSB headers in init scripts? Some SysV init maintainers have very strict opinions on those headers, considered a language for the insserv "compiler". They horrified at the idea that a sysadmin could still manually number some links in rc?.d, thereby rejecting the idea of stable renumbering in order to keep existing order where possible (fix-init). Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Alternatives to synaptic?
On Fri 10/Jan/2020 01:35:55 +0100 Erik Christiansen wrote: > On 09.01.20 17:44, Alessandro Vesely via Dng wrote: >> >> Synaptic is convenient as it allows to search for keywords, e.g. "pdf", and >> choose a package that does the task at hand. Google does the same, but is >> not >> version specific. > > For many years I have found "apt-cache search ", piped to more > or grep for further refining, eminently satisfactory. Yes, "pdf" is a > sufficiently vague query to elicit a surfeit of matches, but when I look > for e.g. "avr", the matchlist is very concise. apt-cache, yes! That works very well. If I pipe through less rather than more I can restrict the output by, say, '', and examine a package by issuing '!apt-cache show package| less'... Thanks Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Alternatives to synaptic?
On Thu 09/Jan/2020 18:20:55 +0100 Dimitris via Dng wrote: > On 1/9/20 7:04 PM, Alessandro Vesely via Dng wrote: >> >> Hm... in fact I have consolekit installed. And if I try to remove it, apt >> wants to install elogind instead. Perhaps consolekit is less bad...? >> >> > > consolekit goes away, When? For Beowulf, I read Mark's msg: https://lists.dyne.org/lurker/message/20200106.160443.c98b4e23.en.html > but do you get synaptic? Not yet. > what happens with : > # apt install libelogind0 libpam-elogind synaptic Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: elogind libept1.5.0 policykit-1 Suggested packages: dwww software-properties-gtk The following packages will be REMOVED: libpam-ck-connector The following NEW packages will be installed: elogind libelogind0 libept1.5.0 libpam-elogind policykit-1 synaptic 0 upgraded, 6 newly installed, 1 to remove and 3 not upgraded. Need to get 876 kB/3,047 kB of archives. After this operation, 11.4 MB of additional disk space will be used. Do you want to continue? [Y/n] n Abort. if I just try synaptic, I get additional packages libept1.5.0 and policykit-1, so adding elogind doesn't seem to help. Best Ale -- signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Alternatives to synaptic?
On Thu 09/Jan/2020 17:50:15 +0100 Mark Hindley wrote: > On Thu, Jan 09, 2020 at 05:44:17PM +0100, Alessandro Vesely via Dng wrote: >> Hi, >> >> is there a recommended GUI package browser for Devuan? >> >> After migrating, synaptic isn't installed. If I try to install it, it says >> it >> needs policykit-1. Since the latter seems to be akin to systemd, I reply >> 'n'. > > I really don't think that is true. There is no direct relationship between > policykit-1 and systemd. And our policykit works with either elogind or > consolekit, so you have options. Hm... in fact I have consolekit installed. And if I try to remove it, apt wants to install elogind instead. Perhaps consolekit is less bad...? > If you want a integrated gui desktop that allows you to do privileged things > like install packages, you will need policykit-1 or something similar. When I, by mistake, run synaptic from an unprivileged terminal it just erred. (IME, I need the root password to install packages.) > Alternatively, use apt or aptitude from the commandline. That's what I do, if I know the package name. Thanks Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Alternatives to synaptic?
Hi, is there a recommended GUI package browser for Devuan? After migrating, synaptic isn't installed. If I try to install it, it says it needs policykit-1. Since the latter seems to be akin to systemd, I reply 'n'. Synaptic is convenient as it allows to search for keywords, e.g. "pdf", and choose a package that does the task at hand. Google does the same, but is not version specific. At the time, I only have libsystemd0:amd64 libsystemd0:i386 from that lot. TIA for any hint Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Migrating from debian stretch/ openbox
On Sat 04/Jan/2020 03:00:43 +0100 golinux wrote: > > Have fun!! Ok, I did it! I slavishly followed migrate-to-ascii[*], except * I skipped install and config of xfce4, since I had openbox, * I skipped install sysvinit-core and reboot, as sysvinit was already running, * I also added contrib and non-free to the four lines in sources.list, * in order to install devuan-keyring I removed /etc/apt.conf.d/99default-release (was APT::Default-Release "stretch"), Everything went like a breeze, except on shutting down the system, instead of rebooting it froze in a loop printing: printk messages dropped ** [numbers] IO_PAGE_FAULT device=00:12.0 domain=3 address=0x80 flags=0x20 I powered off. The boot was fine, except for wicd. After openbox started, it displayed a window asking for a password. Then it claimed the password was wrong. I hit "cancel", and it quit, threatening that the UI wouldn't work until I made it work. The box is a wired desktop, and works perfectly nevertheless. Suspending ans resuming works fine. Thank you all for the tips and a great thank to all Veteran Unix Admins who created Devuan! best Ale -- [*] https://devuan.org/os/documentation/dev1fanboy/migrate-to-ascii ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Migrating from debian stretch/ openbox
Hi all, After the latest GR, it seems to be time to migrate. Is ASCII the right planet to go? I found migrate-to-ascii[*] but no equivalent guide for beowulf. Furthermore, neither that guide[*] nor the os/ page[†] mention openbox. I have a minimal openbox installation, but it works for me. Should I really change it in order to migrate? Any other hint? TIA for any reply Best Ale -- [*] https://devuan.org/os/documentation/dev1fanboy/migrate-to-ascii [†] https://devuan.org/os/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng