d-Until also disable
file integrity checks?
There is more in man page apt-secure about what security things
can be overridden.
https://manpages.debian.org/buster/apt/apt-secure.8.en.html
Cheers,
Andy
¹ and I could well be wrong, since I am only a user of Debian, not a
Developer or co
:Check-Valid-Until=false update
but I admit it could also have been me manually downloading the .deb
files from archive,debian.org and installing them with dpkg.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
"I remember the first time I made love. Perhaps it was not love ex
about what the default behaviour of yahoo mail is. Up to you.
Cheers,
Andy
¹ Seems a bit too off-topic, and mostly a waste of time trying to
change people's minds.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
y I understand then I suspect those who say the WiFi
is the problem are correct.
Cheers,
Andy
production but if anyone has I would be
really interested to see a with and without comparison of
performance.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
icit list of address/port pairs to
listen on then it would do multiple binds and I believe the IPv4
ones would show up in netstat etc as being tcp4.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
nds of £/$/€.
Most consumers and even most businesses will find it more cost
effective and flexible to backup to HDDs and storage clouds.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
any user logging in on tty*
into the group "mysudogroup". If you allowed "mysudogroup" to use
sudo in /etc/sudoers then maybe that works.
I would be interested to know if that is a workable solution.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Fri, Jul 31, 2020 at 10:24:03PM +0530, Didar Hossain wrote:
> On Fri, Jul 31, 2020 at 01:52:30PM +0000, Andy Smith wrote:
> > https://www.mailop.org/
>
> Now this is the list that I want to be on. But, I am getting SSL errors trying
> to connect to https://chill
ecause I operate a VM hosting
company, but I speak on this as a recipient of email and as a member
of the mailop mailing list where every month we see people
complaining they can't get mail out of a spam sewer and into gmail.
https://www.mailop.org/
Cheers,
Andy
--
https://bitfolk.com/ --
e LVM and pick minimal capacities for all
the above, leaving the majority unallocated. You can then grow
logical volumes as needed and the problem goes away.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
it because
"/sbin" is not in your user's PATH.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
month but it's been
in 24/7 usage for 15 years.
https://twitter.com/grifferz/status/1276115086785069056
I still wouldn't use OP's system for anything except curiosity or
maybe propping a door open.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ce with gkrellm so I don't know how or if
you can force it to make a request immediately. If not then maybe
you have to look back through your logs. But do first check that you
have actually firewalled that, as otherwise this is a waste of time.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
xen-devel
but they are quite likely to refer you to upstream's xen-user or
xen-devel lists.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Tue, Jun 23, 2020 at 06:40:17PM -0600, Joe Pfeiffer wrote:
> I assume the list is using mailman?
Debian lists do not use Mailman, but SmartList I believe. It's
probably also a fair bit modified from upstream.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
way. It doesn't have any particular
Debian-specific features aside from being ad-free. If you have
another that's ad-free then I don't see a problem with using that
one.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
g this, preferring to try to wrangle the
d-i for every task. I don't think it's a good strategy.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
mparison unless you describe exactly what you are trying to do.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
On Sat, Jun 13, 2020 at 09:28:45AM -0400, Gene Heskett wrote:
> On Saturday 13 June 2020 09:19:39 Andy Smith wrote:
> > On Sat, Jun 13, 2020 at 09:12:06AM -0400, Gene Heskett wrote:
> > > No > present
> >
> > I think you are confused. None of us wrote any such
are looking at the header
section and getting confused. We are talking about the body of the
email. You can see the ">From" text in the archives and in the
original message in this thread if you look in your own mail client:
https://lists.debian.org/debian-user/2020/06/msg00215.html
On Sat, Jun 13, 2020 at 12:21:12PM +, Andy Smith wrote:
> The mbox mail archive format is a single file containing all
> messages concatenated together. Separate messages are recognised by
> a line that starts:
>
> >From y...@example.com ...
Amusingly I didn't
s a result a lot of (mostly older) mail software escapes mail body
lines that begin with "From" by putting a ">" in front, sometimes
even when not in the context of archiving into an mbox. This is most
likely what happened here. The use of ">" for this is just a very
common convention.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
On Sat, Jun 13, 2020 at 07:52:55AM +, Andy Smith wrote:
> Looking at the email concerned, it had a line starting with "From"
> quoted with a ">".
>
> Mailing lists often do things like that, breaking DKIM.
I will add that I recall that Debian postmasters
t;.
Mailing lists often do things like that, breaking DKIM.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
level. But if it does not
work properly with other things you could try reporting it as an
upstream kernel bug in the driver and see what happens.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
an
acceptable compromise.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
e all that data.
This is a great example of why it's not good to be stingy with the
size of /boot.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Tue, Apr 28, 2020 at 11:43:22AM -0400, Default User wrote:
> Andy, you mentioned restic, which I am not familiar with. Similar
> considerations would seem to apply to that also. But I might also try
> that out later.
Note that you did not state any of these requirements
There are many
different backup solutions that support clouds like these.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
med Debian developer
and DPL emeritus; if they try to push through a change that is
controversial and ignore dissent then someone will call a GR and
then the proponent has 1 vote just like every other eligible Debian
voter.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ages, libraries etc to use when
developing something on Debian then it sounds like a user question
as this is a user activity.
After you identify these things there may be more appropriate
upstream communities for each item that can answer in-depth
questions. Also your further questions probably won't be
be replied to by
email, although they are unfortunately all HTML mail.
Most of the Discourse instances I care about are followed in mailing
list mode and read in my Mutt client as like you I don't want to
miss posts.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
try
with an open mind.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ut.
I don't think we've seen the ntp.conf for 192.168.71.3 so maybe it
does have at least three "server" directives in there. If it
doesn't, you should take care of that.
If you have an always-on Internet connection I would also consider
adding more "server" directives even to the clie
s actually slightly smaller than your "500GB" HDDs.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
is a
good idea in respect to performance and redundancy is another
question but it's nice that the option is there.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
linux-btrfs mailing list to see how many cases of data loss and
loss of availability people have reported this month.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi Russell,
On Mon, Feb 03, 2020 at 07:11:21AM +, Russell L. Harris wrote:
> On Mon, Feb 03, 2020 at 07:05:11AM +0000, Andy Smith wrote:
> >(do these as root, since that seems to be how you are working)
> >
> ># which a2ensite
> ># ls -la /usr/sbin/a2ensite
>
ensite: command not found
Your shell is failing to find the "a2ensite" command. Normally it is
found at /usr/sbin/a2ensite and is part of the apache2 package. What
do the following commands say?
(do these as root, since that seems to be how you are working)
# which a2ensite
# ls -la /usr/sb
ftware (or desired
new features of required software) will force an upgrade before the
strict end of life of a given CentOS release.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
fact that any drive that has been in use for a while has too
much noise for the data immediately prior to the wipe to be
distinguishable from that.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
cymru.com TXT # note reversed IP
"54113 | 151.101.0.0/22 | US | arin | 2016-02-01"
$ whois as54113
ASNumber: 54113
ASName: FASTLY
ASHandle: AS54113
(I omitted some uninteresting lines of output)
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
a list?
https://www.debian.org/MailingLists/HOWTO_start_list
You seem convinced it will help, so why not give it a go? Debian is
entirely run by volunteers.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
intentado unir el pc en debian al dominio pero también me ha dado error.
Alguien pudiera darme un norte.
Gracias de antemano
Andy
u made it worth chipping in, and I see I made the wrong
choice. Apparently since I am not quite 50 years old so lack
your half century in customer service you would prefer that I shut
up; fair enough.
OK Richard, as usual you know best, have fun passing links to
debian-user to customer service people.
Regards,
Andy
ual architecture
of their systems and likely isn't going to need a pointer to
a debian-users thread!
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
On Sun, Nov 17, 2019 at 09:57:39AM -0500, Gene Heskett wrote:
> You may have to resort to similar measures.
Hopefully though, most people asking questions here are more willing
to read documentation and accept advice, and so will end up with
more sensible solutions.
Regards,
Andy
--
ht
On Sat, Nov 09, 2019 at 01:20:40PM -0500, Gene Heskett wrote:
> On Saturday 09 November 2019 10:07:43 Andy Smith wrote:
> > On Fri, Nov 08, 2019 at 10:55:33PM -0500, Gene Heskett wrote:
> > > unforch, reinstalling apache2 is not a workable situation because it
> > >
Hello,
On Sat, Nov 09, 2019 at 01:34:11PM -0500, Gene Heskett wrote:
> On Saturday 09 November 2019 10:10:53 Andy Smith wrote:
> > You've repeatedly been advised to block these bots in Apache by
> > their UserAgent. Have you tried that yet? It would be a lot simpler
> > th
en before, but
> is no longer DDOSing my site.
You've repeatedly been advised to block these bots in Apache by
their UserAgent. Have you tried that yet? It would be a lot simpler
than fail2ban or trying to keep up with their IP addresses.
Regards,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
eally odd conclusion. Apache has a very rich syntax for
authentication and authorization that makes protecting it with
tcpwrappers rather pointless.
Just because you only have a hammer, doesn't mean that every piece of
software is a nail.
Regards,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ng large static files you may also want to put a CDN
in front of your site. Here's some free options:
https://geekflare.com/free-cdn-list/
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
signature.asc
Description: Digital signature
tes.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ment, and don't want to run two different things
simultaneously, I was planning to wait until my oldest hosts have
been upgraded enough and then do them all at once. I don't really
want to starting rewriting the firewalls on older Debian 8 servers
when they should go away within a year anyway.
Cheers,
Andy
eature is there, and that's the
sort of thing that would be worth exploring if someone is seriously
wanting to lock down this sort of big desktop deployment.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
s, check you do not have it
using DNS.
"ssh -v localhost" might give you some hint as to where in the
connection/login process the time is being spent.
But because of your reluctance to tell us exactly what you're trying
to do, we don't even know if ssh is the best tool for the job.
Che
On Sun, Sep 29, 2019 at 10:51:22PM +, Andy Smith wrote:
> On Sun, Sep 29, 2019 at 02:36:02PM -0700, pe...@easthope.ca wrote:
> > An interactive shell session with minimal overhead. (Or maximal
> > efficiency.)
> I am old enough to remember how we used to remotely manage mac
ather than the problem
itself. They risk missing a much better solution because they
focussed on the particular method they knew of.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
nce between su and sudo" in your favourite search engine and
there are pages and pages of results.
It is probably some sort of failure that a GUI application needs the
user to do anything at all with "su" or "sudo" or anything at a
shell prompt. Although I would never want to give up use of the
shell prompt, it is a steep learning curve for the new user, who
just wants to install and play a game.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ctx->b64digest' < /etc/os-release
lzA=
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
iendly output formats such as CSV, JSON and so
on.
http://trac.ffmpeg.org/wiki/FFprobeTips#Duration
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ow you get ants.
Cheers,
Andy
quite
complicated so if 1x SSD and 2x HDD is what you have to work with,
just putting them all together in a RAID isn't necessarily a bad
idea.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
would be no
redundancy though, which is too bad for me to consider.
Not doing anything special would leave your LVs being allocated
sequentially from whichever PV has capacity, in this setup resulting
in no redundancy and max performance of one device, so that would be
the worst setup.
Cheers,
Andy
-
shown the full
output.
Running "apt upgrade" again will probably either repeat the action
or tell you what to type to repeat the action, so please do that and
show us the full output.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
see if your mailer is showing differently?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ntent. Parsing the content is expensive and comes
later.
Cheers,
Andy
¹ A lot of networks don't have protections against spoofing, in that
they allow packets to go out into the Internet with source IP
addresses that do not correspond to what has been assigned to that
network.
This wi
ave functioning abuse departments
and as a result are widely blocked for the misdeeds of their
customers. As someone who operates in this space I will not name any
providers, but if it seems too cheap to be true then it probably is.
Cheers,
Andy
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/os-release",
"ansible_distribution_file_variety": "Debian",
"ansible_distribution_major_version": "10",
"ansible_distribution_release": "buster",
"ansible_distribution_version": "10.0"
},
"changed": false
}
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ow all the domains).
You will have an easier time over IPv4 as Gmail relax their SPF/DKIM
requirement, though can still avoid unwanted trashing of your email
by implementing SPF and/or DKIM.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
t can SSH in and use sudo when
it needs to. But if you want to you can make it SSH as root.
Best practice would be an unprivileged user, ssh by public key, use
sudo where necessary.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
On Thu, Jul 11, 2019 at 05:12:03PM +0300, Reco wrote:
> On Thu, Jul 11, 2019 at 12:03:53PM +0000, Andy Smith wrote:
> > I think the wiki article at
> > https://wiki.debian.org/BoottimeEntropyStarvation really shows that
> > currently there is no such consensus availab
at least one
expert who thinks it is bad.
So assuming the option of "find an expert who everyone agrees with
and get them to write some documentation" isn't available, what
next?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi Curt,
On Wed, Jul 10, 2019 at 09:26:31AM -, Curt wrote:
> On 2019-07-10, Andy Smith wrote:
> > But, let's say this use of RDRAND to supply boot-time entropy is as
> > serious as you argue. What would be your suggested configuration
>
> I would like Debian to make it
argue. What would be your suggested configuration
"out of the box" and how would you communicate the issue to the
user?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi Nicholas,
On Mon, Jul 08, 2019 at 04:49:00PM -0500, Nicholas Geovanis wrote:
> On Mon, Jul 8, 2019 at 3:45 PM Andy Smith wrote:
> > Flash forward to 2017 and T'so himself wrote a patch to add a
> > configure option to allow RDRAND to be used early on to bootstrap
> >
Hello,
On Mon, Jul 08, 2019 at 02:50:18PM -0400, Gene Heskett wrote:
> On Monday 08 July 2019 14:14:10 Andy Smith wrote:
> > On Mon, Jul 08, 2019 at 05:48:24PM -, Curt wrote:
> > > it "amounts to trusting that CPU manufacturer (perhaps with the
> > > insistenc
U's random number generation facilities."
Again, everyone using a popular CPU is already in that position.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
from Intel engineers to let /dev/random
> rely only on the RDRAND instruction.
Note that relying *only* on RDRAND and using RDRAND as *one* of the
entropy sources are different situations.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ly better at AMD.
Personally I use RDRAND and also hardware entropy sources
(EntropyKey and OneRNG).
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Please consider the environment before reading this e-mail.
— John Levine
tions?
Host your stuff on any reasonable provider that you like and put a
CDN in front of it. The CDN will take care of serving locally to
clients worldwide.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
you is going to tell him that running virtual
machines is a bit of a stretch on a 32-bit host?
Better luck next time! :)
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
On Sat, Jun 22, 2019 at 07:34:52PM +, Andy Smith wrote:
> That is why the stance that, "I have IPv4 so I don't need to do
> anything" is not completely correct: it's not urgent for much of the
> world at present, but we will get into a situation where either one
> or bo
On Mon, Jun 24, 2019 at 12:42:37PM -, Curt wrote:
> On 2019-06-22, Andy Smith wrote:
> > I am not aware of any other compression tool that offers to do what
> > gzip's --rsyncable option does, but I owuld be interested if there
> > are some that I overlooked.
Hello,
On Mon, Jun 24, 2019 at 12:34:36PM +1200, Richard Hector wrote:
> On 23/06/19 12:07 PM, Andy Smith wrote:
> > andy@debtest1:~$ su - bob
> > Password:
> > bob@debtest1:~$ whoami
> > bob
> > bob@debtest1:~$ sudo -i
> > [sudo] password for bob:
> &
ount" as root I would
make scripts that only mounted the exact things to the exact places,
and then let them run those scripts as root.
andy@debtest1:~$ su - bob
Password:
bob@debtest1:~$ whoami
bob
bob@debtest1:~$ sudo -i
[sudo] password for bob:
Sorry, user bob is not allowed to e
ked.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
g if I could use an HDD or SSD instead.
To give you some idea of what decent SSDs manage:
http://strugglers.net/~andy/blog/2019/05/29/linux-raid-10-may-not-always-be-the-best-performer-but-i-dont-know-why/
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
t is a problem that
should be looked into.
If they aren't doing their bit and not providing v6 then I
personally would be asking why and looking around for another
provider, but it is the case that a lot of people are in a
near-monopoly without real choice of ISP.
Eventually the cost of CGNAT will force even
this exploit, so that they can be dealt with the same
way persistent SSH dictionary attackers are.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
at the same
> time?
Running big apps like that will benefit more from having enough
memory. After that is satisfied, fast storage will certainly help.
You'll have to look at the exact specifications of Plus vs Pro.
What are you trying to achieve?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi Bob,
On Tue, Jun 18, 2019 at 12:07:16AM -0400, Bob Bernstein wrote:
> On Tue, 18 Jun 2019, Andy Smith wrote:
> >What happens if you try to ping something? Like:
[…]
> PING linode.com(2600:3c00::22 (2600:3c00::22)) 56 data bytes
> 64 bytes from 2600:3c00::22 (2600:3c00::22): ic
route is.
And how are you determining that networking doesn't work? i.e. what
are the symptoms?
What happens if you try to ping something? Like:
$ ping 8.8.8.8
I am ignoring the tun0 stuff right now but that could possibly be
related.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ip address show
Or do you generally have no networking until X starts and gives you
NetworkManager, etc?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
o give out allocations so big that very few applicants should
ever need to come back for a second one (and thereby introduce
another global route).
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
machine seems to have additional sources. They may be in
a file under /etc/apt/sources.list.d/ rather than in
/etc/apt/sources.list itself.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Fri, May 31, 2019 at 08:48:36AM -0500, Jason wrote:
> On Wed, May 29, 2019 at 11:46:50PM +0000, Andy Smith wrote:
> > How did you install this system?
[…]
> > One other person in this thread said they used (a script which
> > ultimately uses) debootst
h, that's interesting. I didn't think of the case where there is no
libcap2-bin. Still, these reporters aren't getting a suid bit
either, so I guess there must be something else going wrong. Not
debootstrap.
Cheers,
Andy
ll through debootstrap.
If you've just done a debootstrap, what does getcap return for the
/bin/ping that got installed?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
701 - 800 of 2609 matches
Mail list logo