Re: root acount is loocked,starting shell

2015-12-01 Thread Narcis Garcia 
Bé, sobre la pista... assegura't que a les unitats de CD/DVD no hi hagi
cap disc, i prova després d'arrencar l'ordinador.



__
I'm using this express-made address because personal addresses aren't
masked enough at lists.debian.org archives.

El 01/12/15 a les 20:58, dainat...@riseup.net ha escrit:
> A 2015-12-01 19:34, Narcis Garcia escrigué:
>> Entenc que no se t'obre cap entorn gràfic (on veuries la fletxa pel
>> ratolí).
>> Essent així, aniria bé una fotografia del què surt per pantalla només
>> havent posat la contrasenya de desencriptat, i fins que es queda
>> esperant.
>>
> 
> ..les enviu despres..en seguent mail..
> 
> 
>> També anirien bé aquests detalls:
>> - L'ordinador només té muntat un disc dur o n'hi has afegit un altre?
> 
> nomes original
> 
>> - Debian és l'únic sistema operatiu instal·lat?
> 
> si
> 
>> - Tot just has instal·lat Debian des de zero, o bé has fet algun altre
>> canvi o tasca a l'ordinador?
> 
> debian des de zero al juliol 2015
> ( em van avisar ke tarneta grafica obsoleta iaona...)
> 
> fa 1 setmana vaig instalar aplicacio kdenlive
> i vaig grabar els mp4 en1cd dades
> 
> lo ultim baixar 2 pelis de piratbey
> 
> 
>> - Tens un CD o DVD o USB amb arrencada gràfica de sistema operatiu? (en
>> diuen «Live»)
> 
> (..ni idea..)
> pero
> fa 1mes tambe va pasar!!
> ..no arrencava
> i aquell cop es kedava en negre..i li vaig fer
> expulsar el dvd...
> i vaig poder arrencar
> ( si aixo et dona 1 pista...)
>>
>>
>> __
>> I'm using this express-made address because personal addresses aren't
>> masked enough at lists.debian.org archives.
>>
>> El 29/11/15 a les 16:13, dainat...@riseup.net ha escrit:
>>> debian-user-catalan@lists.debian.org
>>>
>>> hola llista
>>> aviso que
>>> no tinc gens de coneixements per
>>> furgar en la terminal del meu pc
>>>
>>> tinc instalat debian
>>> suposo que jessie.. perque em sobtava que menciones al final de algunes
>>> linees aquest nom
>>> ...:
>>> Em trobo que un cop introduida la contrasenya per desencriptar el disc
>>> dur...
>>> no puc entrar ni com usuaria convidada..
>>> ni com la principal.. que deu ser l'administrador
>>>
>>> al iniciarse el debian
>>> poc triar opcions avançades..
>>>
>>> es com la terminal
>>>
>>> tot el seguit de informacio
>>> te un [ ok vert ]
>>> i al final diu
>>> aixo del
>>>
>>>  sulogin: root acount is loocked,starting shell
>>>
>>>
>>> li he donat ordre de entrar :
>>> -default mode
>>> i..es clar..em porta al inici "interfaz?" per signar
>>> i tampoc he pogut entrar
>>>
>>> - reiniciar..des de ordre root.. i des de "interfaz"?
>>> i no res
>>>
>>> vaig trobar en una llista debian
>>> un comentari q pot ser similar al meu..en angles..
>>> i tampoc estic segura
>>>
>>> https://lists.debian.org/debian-user/2009/05/msg01538.html
>>>
>>> ? es posible que si li demano de modificar contrasenyes
>>> pugui accedir ??
>>> i com he de fer aixo ?
>>>
>>> merci
>>>
>

Re: Trying to remove "architecture i386"

2015-12-01 Thread Steve McIntyre 
boudic...@skimble.plus.com wrote:
>Ansgar Burchardt <"Ansgar Burchardt"@43-1.org> writes:
>>
>> Do you still have any i386 packages installed? I think running
>>
>>   dpkg -l "*:i386"
>>
>> should list them (I don't use multiarch myself, but it works for the
>> native architecture and "*:all").
>>
>> Ansgar
>
>Thanks Ansgar.
>
>--8<---cut here---start->8---
>dpkg -l "*:i386"
>Desired=Unknown/Install/Remove/Purge/Hold
>| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>||/ Name  Version   Architecture  Description
>+++-=-=-=-===
>rc  crossover 14.1.11-1 i386  Run Windows 
>applications like MS Office
>rc  libasound2:i386   1.0.28-1  i386  shared 
>library for ALSA applications
>rc  libc6:i3862.19-18+deb8u1i386  GNU C 
>Library: Shared libraries
>rc  libc6-i686:i386   2.19-18+deb8u1i386  GNU C 
>Library: Shared libraries [i686 optimized]
>rc  libxxf86vm1:i386  1:1.1.3-1+b1  i386  X11 XFree86 
>video mode extension library



>rc  zlib1g:i386   1:1.2.8.dfsg-2+b1 i386  compression 
>library - runtime
>--8<---cut here---end--->8---
>
>Wow, that *is* a lot! But I don't think that they're all installed, ATM.
>I don't know what the "rc" means though.

It's not the clearest unless you're looking for it, but it's in the
header at the top of the output. "r" means "Remove", "c" means
"Conf-files", i.e. the packages have been (or are about to be) removed
but still have configuration left. A normally installed package would
be shown as "ii", by comparison.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Further comment on how I feel about IBM will appear once I've worked out
 whether they're being malicious or incompetent. Capital letters are forecast."
 Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html

Re: OT: reply styles, family matters

2015-12-01 Thread Bob Bernstein 

On Tue, 1 Dec 2015, anxious...@gmail.com wrote:

If I bottom posted at work, no-one would ever discover my 
replies. I occasionally interleave if a point by point 
response seems sensible, or if the joke only works that way


Word dat. 

--
Bob Bernstein

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Sven Arvidsson 
On Tue, 2015-12-01 at 16:39 -0500, Felix Miata wrote:
> "Now", as in Stretch and/or Sid? I searched in Jessie and failed to
> discover
> any available firmware-amd-graphics. Is another repo besides main and
> updates
> required? I booted same machine to Stretch, and neither package was
> found.
> And, Stretch is also using FBDEV, like OP here, and stuck in
> 1280x1024 on a
> 1680x1050 display, with libdrm-radeon1, xserver-xorg-video-ati and
> xserver-xorg-video-radeon installed. ???
> 

Sid and/or stretch, I don't recall exactly when the split was made.

The clue is in the name, nonfree ;)

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5





signature.asc
Description: This is a digitally signed message part

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Felix Miata 
Sven Arvidsson composed on 2015-12-01 18:15 (UTC+0100):

> On Tue, 2015-12-01 at 12:01 -0500, Felix Miata wrote:

>> Hmmm. My Cedar is working in Jessie, and there is no firmware-amd-graphics
>> installed. Neither do aptitude search firmware-amd-graphics or aptitude
>> search amd-graph return anything. firmware-linux-nonfree however is
>> installed.

> The AMD firmware used to be in firmware-linux-nonfree. Now that is a
> metapackage that depends on firmware-amd-graphics and a few others.

"Now", as in Stretch and/or Sid? I searched in Jessie and failed to discover
any available firmware-amd-graphics. Is another repo besides main and updates
required? I booted same machine to Stretch, and neither package was found.
And, Stretch is also using FBDEV, like OP here, and stuck in 1280x1024 on a
1680x1050 display, with libdrm-radeon1, xserver-xorg-video-ati and
xserver-xorg-video-radeon installed. ???

http://fm.no-ip.com/Tmp/Linux/Xorg/xorg.0.log-big41-stretch-fbdev
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

[HS] Totem et Freebox: vous y arrivez?

2015-12-01 Thread didier gaumet 
Salut,

C'est hors-sujet parce que je n'ai pas eu le problème que sur Debian,
mais bon, histoire de ne pas mourir idiot: arrivez-vous à lire des
enregistrements vidéos faits par une Freebox ou à regarder une chaîne de
télévision Freebox au moyen de Totem?

De mémoire, Totem me demande un greffon H264, j'ai le son mais pas
d'image. En installant toutes les bibliothèques h264&5 qui m'avaient
l'air disponibles ça n'avait rien changé, en installant le greffon
gstreamer pour packagekit pour qu'il télécharge le codec adapté, Totem
n'en trouvait pas...

Ceci sous Wheezy (stable) avec le dépôt deb-multimedia Marillat dans mon
sources.list.

Merci.

Re: Problems with Gmail IMAP on Icedove

2015-12-01 Thread Lisi Reisz 
On Monday 30 November 2015 23:06:06 Lisi Reisz wrote:
> I have been trying to set up IMAP from two different accounts on Gmail in
> Icedove: 31.8.0-1~deb7u1.  I have tired changing the password in case I had
> got it wrong, I have retyped everything several times, I have copied and
> pasted, I have crawled up the wall, then I suddenly started to get messages
> from Gmail:
> 
>
> Sign-in attempt prevented
>
>
>
> Hi x,
> Someone just tried to sign in to your Google Account xx...@gmail.com
> from an app that doesn't meet modern security standards.


Annoying as this was, Google may have had a point:

Just received from security alerts:

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 38.4.0-1~deb7u1.


Lisi

Re: X using ~ 35% of a CPU core

2015-12-01 Thread Celejar 
On Mon, 30 Nov 2015 21:47:43 +0100
Sven Arvidsson  wrote:

> On Mon, 2015-11-30 at 13:44 -0500, Celejar wrote:
> > Hi,
> > 
> > On my ThinkPad T61 (Core 2 Duo T7300 @ 2.00GHZ) running Debian stable
> > (8.2) with Xfce, the X process (/usr/bin/X) has recently begun to
> > consume some 35% (seems to vary between 33-40 %) for several minutes
> > at
> > a time, with the system becoming unpleasantly unresponsive during
> > this

...

> Long shot, but maybe it's something similar to this? Probing for new
> screens after resume and spamming a log before giving up?
> 
> https://bbs.archlinux.org/viewtopic.php?id=204098
> 
> Would be interesting to know where the X process spends all that time,
> but I guess you would need to profile it to find out.

Thanks for the tip! My problem is actually at least somewhat similar. I
tried tailing the X log when I caught the problem occurring, and I
found zillions of these:

[ 82198.046] (II) intel(0): EDID vendor "LEN", prod id 16435
[ 82198.046] (II) intel(0): Printing DDC gathered Modelines:
[ 82198.046] (II) intel(0): Modeline "1440x900"x0.0   96.50  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (56.6 kHz eP)
[ 82198.046] (II) intel(0): Modeline "1440x900"x0.0   80.44  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (47.2 kHz e)
[ 82198.084] (II) intel(0): EDID vendor "LEN", prod id 16435
[ 82198.084] (II) intel(0): Printing DDC gathered Modelines:
[ 82198.084] (II) intel(0): Modeline "1440x900"x0.0   96.50  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (56.6 kHz eP)
[ 82198.084] (II) intel(0): Modeline "1440x900"x0.0   80.44  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (47.2 kHz e)
[ 82198.166] (II) intel(0): EDID vendor "LEN", prod id 16435
[ 82198.166] (II) intel(0): Printing DDC gathered Modelines:
[ 82198.166] (II) intel(0): Modeline "1440x900"x0.0   96.50  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (56.6 kHz eP)
[ 82198.166] (II) intel(0): Modeline "1440x900"x0.0   80.44  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (47.2 kHz e)

...

[ 82198.574] (II) intel(0): EDID vendor "LEN", prod id 16435
[ 82198.574] (II) intel(0): Printing DDC gathered Modelines:
[ 82198.574] (II) intel(0): Modeline "1440x900"x0.0   96.50  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (56.6 kHz eP)
[ 82198.574] (II) intel(0): Modeline "1440x900"x0.0   80.44  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (47.2 kHz e)
[ 82198.662] (II) intel(0): EDID vendor "LEN", prod id 16435
[ 82198.662] (II) intel(0): Printing DDC gathered Modelines:
[ 82198.662] (II) intel(0): Modeline "1440x900"x0.0   96.50  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (56.6 kHz eP)
[ 82198.662] (II) intel(0): Modeline "1440x900"x0.0   80.44  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (47.2 kHz e)
[ 82198.710] (II) intel(0): EDID vendor "LEN", prod id 16435
[ 82198.710] (II) intel(0): Printing DDC gathered Modelines:
[ 82198.710] (II) intel(0): Modeline "1440x900"x0.0   96.50  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (56.6 kHz eP)
[ 82198.710] (II) intel(0): Modeline "1440x900"x0.0   80.44  1440 1522 1576 
1706  900 905 914 943 -hsync -vsync (47.2 kHz e)


When the problem ceases (CPU usage back down to zero / normal), these
lines cease, too. Anyone know what this is, and / or how to fix it?

I found this:

https://forums.gentoo.org/viewtopic-t-716774-start-0.html

But I don't have anything like his xrandr script running, and my
problem is intermittent - it starts and stops at apparently random
times.

> Sven Arvidsson

Celejar

Re: Can't startx as normal user

2015-12-01 Thread Rodrigo S. Cañibano 
On 1 December 2015 at 16:47, Sven Arvidsson  wrote:
> The NEWS entry should have been picked up by apt-listchanges:

I must have missed it. Thanks!

Re: Recent linux-image update broke CPU fan

2015-12-01 Thread Neal P. Murphy 
On Sun, 29 Nov 2015 17:18:51 -0500
"Neal P. Murphy"  wrote:

> On Sun, 29 Nov 2015 14:35:15 +0100
> Sven Arvidsson  wrote:
> 
> > On Sun, 2015-11-29 at 02:16 -0500, Neal P. Murphy wrote:
> > > I think the last linux-image update broke my CPU fan. OK, it didn't
> > > actually break it. But since the last update, my CPU fan (stock with
> > > vishera 8350 black) will NOT turn faster than about 3500 RPM.
> > > 
> > > I have been using fancontrol for months. It took weeks to get it set
> > > correctly. At maximum speed, I've seen (and heard) the fan turn in
> > > excess of 6500 RPM.
> > > 
> > > Until the recent kernel update, the CPU and case fans have ramped up
> > > with increasing temp and ramped down with decreasing temp. The CPU
> > > never exceeded about 60C when compiling linux using all 8 CPUs for 5
> > > minutes. And that was with a mild overclock (4.4GHz, 1866 RAM at
> > > 2133).
> > > 
> > > Now, the CPU fan will not exceed about 3700 RPM. That's barely fast
> > > enough to keep 4 non-overclocked CPUs cool.
> > > 
> > > Has anyone else experienced this? Is it related to the kernel update?
> > > Or do I have a power supply or motherboard failing (again)?
> > 
> > If this was on a stable system it seems odd, if it was unstable or
> > testing it might just be one of the "charms" of running something that
> > is in development.

It's still odd. But with no change to the OS, the fan speed has returned. So 
I'm going to conclude that it is related to hardware and/or firmware (flaky 
NVRAM, flaky power supply, flaky mainboard, ), that the kernel update was 
not the cause.

Thanks,
N

Re: [HS] Totem et Freebox: vous y arrivez?

2015-12-01 Thread Bernard Schoenacker 
Le Tue, 01 Dec 2015 21:05:08 +0100,
didier gaumet  a écrit :

> Salut,
> 
> C'est hors-sujet parce que je n'ai pas eu le problème que sur Debian,
> mais bon, histoire de ne pas mourir idiot: arrivez-vous à lire des
> enregistrements vidéos faits par une Freebox ou à regarder une chaîne
> de télévision Freebox au moyen de Totem?
> 
> De mémoire, Totem me demande un greffon H264, j'ai le son mais pas
> d'image. En installant toutes les bibliothèques h264&5 qui m'avaient
> l'air disponibles ça n'avait rien changé, en installant le greffon
> gstreamer pour packagekit pour qu'il télécharge le codec adapté, Totem
> n'en trouvait pas...
> 
> Ceci sous Wheezy (stable) avec le dépôt deb-multimedia Marillat dans
> mon sources.list.
> 
> Merci.
> 

bonjour,

essayes vlc avec freeplayer ...

https://packages.debian.org/fr/wheezy/freeplayer

rmadison freeplayer

freeplayer | 20070531+dfsg.1-3 | oldoldstable| source, all
freeplayer | 20070531+dfsg.1-3 | oldstable   | source, all
freeplayer | 20070531+dfsg.1-3 | stable  | source, all
freeplayer | 20070531+dfsg.1-3 | stable-kfreebsd | source, all

depuis quelques temps la saveur wheezy est passée en oldstable


pour les dépots oldstable de marillat :

deb http://www.deb-multimedia.org wheezy main
or
deb ftp://ftp.deb-multimedia.org wheezy main
or
deb http://www.deb-multimedia.org oldstable main
or
deb ftp://ftp.deb-multimedia.org oldstable main

origine :  http://www.deb-multimedia.org/


slt
bernard

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Felix Miata 
Sven Arvidsson composed on 2015-12-01 23:05 (UTC+0100):

> On Tue, 2015-12-01 at 16:39 -0500, Felix Miata wrote:

>> "Now", as in Stretch and/or Sid? I searched in Jessie and failed to discover
>> any available firmware-amd-graphics. Is another repo besides main and updates
>> required? I booted same machine to Stretch, and neither package was found.
>> And, Stretch is also using FBDEV, like OP here, and stuck in 1280x1024 on a
>> 1680x1050 display, with libdrm-radeon1, xserver-xorg-video-ati and
>> xserver-xorg-video-radeon installed. ???

> Sid and/or stretch, I don't recall exactly when the split was made.

> The clue is in the name, nonfree ;)

Helps to have non-free included in apt sources before searching for nonfree
packages. :-p I wonder if this omission accounts for OP?
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Fail2ban

2015-12-01 Thread Philippe Gras 

Le 1 déc. 2015 à 17:40, Jean-Jacques Doti  a écrit :

> Le 01/12/2015 14:17, andre_deb...@numericable.fr a écrit :
>> Bonjour,
>> 
>> J'avais lancé un help sur ce sujet et modifié
>> jail.conf et fail.local
>> 
>> Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
>> (tentatives de connexions sur des comptes mail) :
>> 
>> "authentication failure; logname= uid=0 euid=0 tty=dovecot
>> ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
>> 
>> Une personne qui n'est pas le propriétaire du mail,
>> tente de se connecter 66 fois alors que le "maxretry=3"
>> 
>> Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
>> (je l'avais bien relancé).
>> 
>> André
>> 
> Salut,
> 
> En fait, le soucis se situe directement dans la façon dont fail2ban 
> fonctionne.
> Le principe est que fail2ban scrute des fichiers de logs à la recherche de 
> certaines chaînes de caractères. Pour dovecot, c'est le fichier 
> /var/log/mail.log qui est examiné (cf /etc/fail2ban/jail.conf section 
> [dovecot]). La chaîne "authentication failure" est normalement bien repérée 
> et l'adresse IP du client récupérée (cf /etc/fail2ban/filter.d/dovecot.conf). 
> Cette adresse IP es bloquée (via iptables) si elle apparaît plus d'un 
> certains nombre de fois pendant un certain laps de temps (par défaut 3 
> apparitions en 600 secondes).
> Or dovecot a tendance à indiquer les erreurs de connexions ainsi :
> authentication failure; logname= uid=0 euid=0 tty=dovecot 
> ruser=pascal.b@ rhost=212.83.40.56 : 66 Times
> c'est à dire avec une seule ligne indiquant de nombreux échecs 
> d'authentification (il s'agit peut-être du nombre d'echec au cours d'une même 
> connexion TCP). Du coup, fail2ban n'enregistre, dans ce cas, qu'une seule 
> tentative (une seule ligne) et l'IP du client n'est pas immédiatement bloquée.
> 
> Je ne vois pas trop comment changer ce comportement facilement.
> Il doit être possible d'arriver à quelque chose d'accpetable en indiquant 
> "auth_verbose=yes" dans /etc/dovecot/conf.d/10-logging.conf et en modifiant 
> ou en ajoutant un filtre fai2ban spécifique (les tentatives 
> d'authentification sont alors toutes loggées, mais le format est différent de 
> ce que fail2ban recherche en standard avec la configuration Debian).
> 
> J'espère que je n'ai pas été trop confus dans mes explications et je suis 
> désolé de ne pas pouvoir fournir une solution clé en main…
> 
> A+
> Jean-Jacques
> 
Ah, ouais :-( C'est pas glop comme fonctionnement !

Dans ce cas, on peut mettre le 'maxretry' à 0, comme

ça l'IP est bannie après une première série de fails.

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Sven Arvidsson 
On Tue, 2015-12-01 at 12:01 -0500, Felix Miata wrote:
> Hmmm. My Cedar is working in Jessie, and there is no firmware-amd
> -graphics
> installed. Neither do aptitude search firmware-amd-graphics or
> aptitude
> search amd-graph return anything. firmware-linux-nonfree however is
> installed.

The AMD firmware used to be in firmware-linux-nonfree. Now that is a
metapackage that depends on firmware-amd-graphics and a few others.

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5





signature.asc
Description: This is a digitally signed message part

Re: OT: reply styles, family matters

2015-12-01 Thread anxiousmac 
On Tuesday, 1 December 2015 16:40:05 UTC, Bob Bernstein  wrote:
> On Wed, 2 Dec 2015, Chris Bannister wrote:
> 
> >> "Please don't respond line by line. It is patronizing and 
> >> annoying."
> 
> > What did he say when you asked what he meant by this? I mean, 
> > how on earth could it possibly be patronising?
> 
> I haven't asked him yet, 
> 
> -- 
> Bob Bernstein

If I bottom posted at work, no-one would ever discover my replies. I 
occasionally interleave if a point by point response seems sensible, or if the 
joke only works that way

anxiousmac

Re: Fail2ban

2015-12-01 Thread Philippe Gras 

Le 1 déc. 2015 à 17:53, Jean-Jacques Doti  a écrit :

> Le 01/12/2015 17:50, Philippe Gras a écrit :
>> Le 1 déc. 2015 à 17:40, Jean-Jacques Doti  a écrit :
>> 
>>> Le 01/12/2015 14:17, andre_deb...@numericable.fr a écrit :
 Bonjour,
 
 J'avais lancé un help sur ce sujet et modifié
 jail.conf et fail.local
 
 Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
 (tentatives de connexions sur des comptes mail) :
 
 "authentication failure; logname= uid=0 euid=0 tty=dovecot
 ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
 
 Une personne qui n'est pas le propriétaire du mail,
 tente de se connecter 66 fois alors que le "maxretry=3"
 
 Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
 (je l'avais bien relancé).
 
 André
 
>>> Salut,
>>> 
>>> En fait, le soucis se situe directement dans la façon dont fail2ban 
>>> fonctionne.
>>> Le principe est que fail2ban scrute des fichiers de logs à la recherche de 
>>> certaines chaînes de caractères. Pour dovecot, c'est le fichier 
>>> /var/log/mail.log qui est examiné (cf /etc/fail2ban/jail.conf section 
>>> [dovecot]). La chaîne "authentication failure" est normalement bien repérée 
>>> et l'adresse IP du client récupérée (cf 
>>> /etc/fail2ban/filter.d/dovecot.conf). Cette adresse IP es bloquée (via 
>>> iptables) si elle apparaît plus d'un certains nombre de fois pendant un 
>>> certain laps de temps (par défaut 3 apparitions en 600 secondes).
>>> Or dovecot a tendance à indiquer les erreurs de connexions ainsi :
>>> authentication failure; logname= uid=0 euid=0 tty=dovecot 
>>> ruser=pascal.b@ rhost=212.83.40.56 : 66 Times
>>> c'est à dire avec une seule ligne indiquant de nombreux échecs 
>>> d'authentification (il s'agit peut-être du nombre d'echec au cours d'une 
>>> même connexion TCP). Du coup, fail2ban n'enregistre, dans ce cas, qu'une 
>>> seule tentative (une seule ligne) et l'IP du client n'est pas immédiatement 
>>> bloquée.
>>> 
>>> Je ne vois pas trop comment changer ce comportement facilement.
>>> Il doit être possible d'arriver à quelque chose d'accpetable en indiquant 
>>> "auth_verbose=yes" dans /etc/dovecot/conf.d/10-logging.conf et en modifiant 
>>> ou en ajoutant un filtre fai2ban spécifique (les tentatives 
>>> d'authentification sont alors toutes loggées, mais le format est différent 
>>> de ce que fail2ban recherche en standard avec la configuration Debian).
>>> 
>>> J'espère que je n'ai pas été trop confus dans mes explications et je suis 
>>> désolé de ne pas pouvoir fournir une solution clé en main…
>>> 
>>> A+
>>> Jean-Jacques
>>> 
>> Ah, ouais :-( C'est pas glop comme fonctionnement !
>> 
>> Dans ce cas, on peut mettre le 'maxretry' à 0, comme
>> 
>> ça l'IP est bannie après une première série de fails.
>> 
> Oui mais non !
> Tu ne veux pas forcément bannir l'utilisateur qui paramètre sa connexion (sur 
> une nouvelle machine ou un nouveau smartphone) et qui fait une faute de 
> frappe lors de la saisie du mot de passe…
> 
> 
Sans doute, mais tu ne paramètres pas ta connexion tous les jours sur un 
nouveau bidule…

Le cas échéant, il vaut mieux penser à modifier sa règle 5 min. Pas pratique 
j'en conviens ;-)

mais une mauvaise solution est parfois meilleure que pas de solution du tout !

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Felix Miata 
Felix Miata composed on 2015-12-01 11:25 (UTC-0500):

> Marc Shapiro composed on 2015-12-01 07:15 (UTC-0800):

>> I will install  firmware-amd-graphics as soon as I get a chance 

> firmware-linux-nonfree is what worked on Jessie for my Cedar and for Mart.

Oops. Retract. I failed conscious notice of firmware-amd-graphics in Mart's 
post.
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Fail2ban

2015-12-01 Thread Jean-Jacques Doti 

Le 01/12/2015 17:50, Philippe Gras a écrit :

Le 1 déc. 2015 à 17:40, Jean-Jacques Doti  a écrit :


Le 01/12/2015 14:17, andre_deb...@numericable.fr a écrit :

Bonjour,

J'avais lancé un help sur ce sujet et modifié
jail.conf et fail.local

Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
(tentatives de connexions sur des comptes mail) :

"authentication failure; logname= uid=0 euid=0 tty=dovecot
ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"

Une personne qui n'est pas le propriétaire du mail,
tente de se connecter 66 fois alors que le "maxretry=3"

Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
(je l'avais bien relancé).

André


Salut,

En fait, le soucis se situe directement dans la façon dont fail2ban fonctionne.
Le principe est que fail2ban scrute des fichiers de logs à la recherche de certaines 
chaînes de caractères. Pour dovecot, c'est le fichier /var/log/mail.log qui est examiné 
(cf /etc/fail2ban/jail.conf section [dovecot]). La chaîne "authentication 
failure" est normalement bien repérée et l'adresse IP du client récupérée (cf 
/etc/fail2ban/filter.d/dovecot.conf). Cette adresse IP es bloquée (via iptables) si elle 
apparaît plus d'un certains nombre de fois pendant un certain laps de temps (par défaut 3 
apparitions en 600 secondes).
Or dovecot a tendance à indiquer les erreurs de connexions ainsi :
authentication failure; logname= uid=0 euid=0 tty=dovecot 
ruser=pascal.b@ rhost=212.83.40.56 : 66 Times
c'est à dire avec une seule ligne indiquant de nombreux échecs 
d'authentification (il s'agit peut-être du nombre d'echec au cours d'une même 
connexion TCP). Du coup, fail2ban n'enregistre, dans ce cas, qu'une seule 
tentative (une seule ligne) et l'IP du client n'est pas immédiatement bloquée.

Je ne vois pas trop comment changer ce comportement facilement.
Il doit être possible d'arriver à quelque chose d'accpetable en indiquant 
"auth_verbose=yes" dans /etc/dovecot/conf.d/10-logging.conf et en modifiant ou 
en ajoutant un filtre fai2ban spécifique (les tentatives d'authentification sont alors 
toutes loggées, mais le format est différent de ce que fail2ban recherche en standard 
avec la configuration Debian).

J'espère que je n'ai pas été trop confus dans mes explications et je suis 
désolé de ne pas pouvoir fournir une solution clé en main…

A+
Jean-Jacques


Ah, ouais :-( C'est pas glop comme fonctionnement !

Dans ce cas, on peut mettre le 'maxretry' à 0, comme

ça l'IP est bannie après une première série de fails.


Oui mais non !
Tu ne veux pas forcément bannir l'utilisateur qui paramètre sa connexion 
(sur une nouvelle machine ou un nouveau smartphone) et qui fait une 
faute de frappe lors de la saisie du mot de passe…

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Felix Miata 
Felix Miata composed on 2015-12-01 11:50 (UTC-0500):

> Felix Miata composed on 2015-12-01 11:25 (UTC-0500):

>> Marc Shapiro composed on 2015-12-01 07:15 (UTC-0800):

>>> I will install  firmware-amd-graphics as soon as I get a chance 

>> firmware-linux-nonfree is what worked on Jessie for my Cedar and for Mart.

> Oops. Retract. I failed conscious notice of firmware-amd-graphics in Mart's 
> post.

Hmmm. My Cedar is working in Jessie, and there is no firmware-amd-graphics
installed. Neither do aptitude search firmware-amd-graphics or aptitude
search amd-graph return anything. firmware-linux-nonfree however is installed.
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: L7 filter and iptables Problem

2015-12-01 Thread Roman 
Hi,

Even if it would be supported there is no much use of iptables l7 filters.
They never worked as expected. Get yourself a small juniper srx  :)

2015-12-01 19:51 GMT+02:00 Peter Ludikovsky :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> According to to project site [0] there hasn't been any real
> development since 2013, which was a patch against the 2.6 kernel line.
> That kernel line is out of support since mid-2015.
>
> I'm afraid the string matching module would be your best bet for now.
>
> Regards,
> /peter
>
> [0] http://l7-filter.clearos.com/
>
> Am 01.12.2015 um 08:56 schrieb Muhammad Yousuf Khan:
> > Hello,
> >
> > i am using  Debian jessie and I have been trying to work with L7
> > filter to block p2p but its not working
> >
> > iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP iptables
> > v1.4.21: Couldn't load match `layer7':No such file or directory
> >
> > Try `iptables -h' or 'iptables --help' for more information.
> >
> > can you guys Please help.  string match with ip tables is easy but
> > i am looking to use L7 filter on jessie. all the how-tos are out
> > dated. example kernel patch etc.
> >
> > Please help.
> >
> > Thanks, Yousuf
> >
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (MingW32)
>
> iQIcBAEBAgAGBQJWXd4OAAoJEM+6Ng5pbtyZAd8P/3vM3gVfiaUcVVdxsNPkRIzb
> NddWvxnWwYp4DNCHRj5sKAJ4X5DhdqClEysT8eLMBfG+IXLW44mF/M3NBeVsbMAk
> 5ugH4hlyaIK2Pxh1yIHOCz1uP7yRnj8X6ASp5PxbzBTowmHLynjyka0OnEdg0pR4
> hsNvw9RyxPKPuqBTXy37SXGbp8mBmuFbQucaX7G80e8n5reCL9CvLTHKLiQ3BGdc
> KanmYQjZ7K1/FISuBpl653iiR/Kpb4bfY2x2Nl54Pxs2ueFMwskIqsfGyxU6nSPb
> Hk9OpDpJlQ14PTxZ2Tw/tvPJIhFqvQshrVD57OvQhgXrda+7o/sz1DbL5djLSAPj
> b05luaVW9U+88XgAkcNPNZfrohy3JY1EnXPY5n3M83yZZ7QPPlwxc66Nu2PBS/rM
> B0erP4t0c2tqxpMoewSmlX3Q0qm83IRET9ozSMqoEWbFYho499MR+uyTCkw1YO05
> JfHS/4o/t+z9PzHo1h2r0tqij52WcgeD4TSZ8W4MdZxMmwk6w+XOsJYDpY7eX2gt
> a6IRr5/pgzv6PLWjpXSwj1XCtQUxoZkWS7GPF5qfbBh1/t3hjRe6Hv8MwQPP0oSw
> LelvMIhii2NVvlPueuSWH46XencEQId66wTkAx02YxP84FMctw7jJl7oljb/JrQ7
> EXo9Iaaohz1ZjLSH3+Ht
> =rHnt
> -END PGP SIGNATURE-
>
>


-- 
Best regards,
Roman.

Re: Fail2ban

2015-12-01 Thread Philippe Gras 

Le 1 déc. 2015 à 18:57, andre_deb...@numericable.fr a écrit :

>> et  en modifiant ou en ajoutant un filtre fail2ban spécifique 
>> (les tentatives d'authentification sont alors toutes loggées, 
>> mais le format est  différent de ce que fail2ban recherche :
> 
>> J'espère que je n'ai pas été trop confus dans mes explications et je 
>> suis désolé de ne pas pouvoir fournir une solution clé en main…
>> A+  Jean-Jacques 
> 
> Merci, pas confus mais pas d'infos sur :
> "comment ajouter un filtre fail2ban spécifique" :-)

Ce n'est pas super compliqué, en fait. Il n'existe pas de tuto parce que
chaque nouveau filtre est spécifique à des besoins personnels.

Personnellement, j'ai procédé comme suit.

D'abord, je me suis fait envoyer les bans par mail (une option à ajouter
qui est décrite dans le haut du fichier jail.{conf | local})

J'ai été regarder mes logs litigieux et j'ai créé une regex dessus.

Puis, j'ai mv un filtre lambda.conf en avotboncoeur.conf

J'ai remplacé sa regex par la mienne et je l'ai testée :

/usr/bin/fail2ban-regex /var/log/nginx/monfichier.access.log 
/etc/fail2ban/filter.d/nginx-login.conf

J'y ai été contraint, parce que je n'ai pas trouvé de filtre sympa sur nginx
et j'ai pas mal d'exploits sur Wordpress.

> 
> La crainte est qu'un jour une intrusion découvre
> le mot de passe d'un compte mail.

C'est clair que ça vaut le coup de se creuser la cervelle pour trouver une
+/- bonne solution avec un maximum d'efficacité.

> 
> Bonne  soirée.
> 
> André
>

Re: L7 filter and iptables Problem

2015-12-01 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

According to to project site [0] there hasn't been any real
development since 2013, which was a patch against the 2.6 kernel line.
That kernel line is out of support since mid-2015.

I'm afraid the string matching module would be your best bet for now.

Regards,
/peter

[0] http://l7-filter.clearos.com/

Am 01.12.2015 um 08:56 schrieb Muhammad Yousuf Khan:
> Hello,
> 
> i am using  Debian jessie and I have been trying to work with L7
> filter to block p2p but its not working
> 
> iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP iptables
> v1.4.21: Couldn't load match `layer7':No such file or directory
> 
> Try `iptables -h' or 'iptables --help' for more information.
> 
> can you guys Please help.  string match with ip tables is easy but
> i am looking to use L7 filter on jessie. all the how-tos are out
> dated. example kernel patch etc.
> 
> Please help.
> 
> Thanks, Yousuf
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWXd4OAAoJEM+6Ng5pbtyZAd8P/3vM3gVfiaUcVVdxsNPkRIzb
NddWvxnWwYp4DNCHRj5sKAJ4X5DhdqClEysT8eLMBfG+IXLW44mF/M3NBeVsbMAk
5ugH4hlyaIK2Pxh1yIHOCz1uP7yRnj8X6ASp5PxbzBTowmHLynjyka0OnEdg0pR4
hsNvw9RyxPKPuqBTXy37SXGbp8mBmuFbQucaX7G80e8n5reCL9CvLTHKLiQ3BGdc
KanmYQjZ7K1/FISuBpl653iiR/Kpb4bfY2x2Nl54Pxs2ueFMwskIqsfGyxU6nSPb
Hk9OpDpJlQ14PTxZ2Tw/tvPJIhFqvQshrVD57OvQhgXrda+7o/sz1DbL5djLSAPj
b05luaVW9U+88XgAkcNPNZfrohy3JY1EnXPY5n3M83yZZ7QPPlwxc66Nu2PBS/rM
B0erP4t0c2tqxpMoewSmlX3Q0qm83IRET9ozSMqoEWbFYho499MR+uyTCkw1YO05
JfHS/4o/t+z9PzHo1h2r0tqij52WcgeD4TSZ8W4MdZxMmwk6w+XOsJYDpY7eX2gt
a6IRr5/pgzv6PLWjpXSwj1XCtQUxoZkWS7GPF5qfbBh1/t3hjRe6Hv8MwQPP0oSw
LelvMIhii2NVvlPueuSWH46XencEQId66wTkAx02YxP84FMctw7jJl7oljb/JrQ7
EXo9Iaaohz1ZjLSH3+Ht
=rHnt
-END PGP SIGNATURE-

Re: Fail2ban

2015-12-01 Thread andre_debian 
On Tuesday 01 December 2015 17:40:24 Jean-Jacques Doti wrote:
[cut]
> Je ne vois pas trop comment changer ce comportement facilement.
> Il doit être possible d'arriver à quelque chose d'accpetable en 
> indiquant "auth_verbose=yes" dans /etc/dovecot/conf.d/10-logging.conf  :

Fait.

> et  en modifiant ou en ajoutant un filtre fail2ban spécifique 
> (les tentatives d'authentification sont alors toutes loggées, 
> mais le format est  différent de ce que fail2ban recherche :

> J'espère que je n'ai pas été trop confus dans mes explications et je 
> suis désolé de ne pas pouvoir fournir une solution clé en main…
> A+  Jean-Jacques 

Merci, pas confus mais pas d'infos sur :
"comment ajouter un filtre fail2ban spécifique" :-)

La crainte est qu'un jour une intrusion découvre
le mot de passe d'un compte mail.

Bonne  soirée.

André

Re: Disable Ctrl-Alt-Del in Jessie [Solved]

2015-12-01 Thread Bit Head 
Thanks, Martin. With that info, I was able to confirm that the link 
'control-alt-del.target -> /dev/null' does disable C-A-D from a tty.  And it 
took a bit to find it, but the behavior in KDE can be managed in:

System Settings --> Shortcuts and Gestures --> Global Keyboard Shortcuts --> 
The KDE Session Manager (from the pull down menu)

There are 3 items there which can be configured independently: Log Out, Log Out 
without Confirmation, and Reboot without Confirmation.  Each can have its own 
keystroke sequence, or be set to None.

Yeah!  No more erroneous reboots due to Windows screen lock attempts on Jessie! 
:-)


From: Martin Read 
Sent: Monday, November 30, 2015 4:31 PM
To: debian-user@lists.debian.org
Subject: Re: Disable Ctrl-Alt-Del in Jessie

On 30/11/15 00:05, Bit Head wrote:
> In Jessie, this is proving to be more challenging as there is no inittab
> file to edit, and while I could create one, it would only contain
> commented lines, having a null effect.  It seems that in prior releases,
> one had to explicitly say what to do in order for anything to happen,
> and in Jessie, one has to explicitly say "do nothing" or action is taken
> (the logout/reboot/shutdown prompt is presented with a 30 second timeout).

That logout/reboot/shutdown prompt is a feature of your GUI environment,
which should have a mechanism for configuring it to do something *else*
(or, hopefully, nothing at all) in response to C-A-D.

For example, my XFCE4 environment is configured to lock the console when
I make the three-finger salute.

Re: Trying to remove "architecture i386"

2015-12-01 Thread Sharon Kimble 
Ansgar Burchardt <"Ansgar Burchardt"@43-1.org> writes:

> Sharon Kimble  writes:
>> ╭
>> │sudo dpkg --remove-architecture i386
>> ╰
>>
>> which failed saying -
>>
>> dpkg: error: cannot remove architecture 'i386' currently in use by the 
>> database
>>
>> How then can I remove 'i386' please, or should I just cut my losses and 
>> reinstall?
>
> Do you still have any i386 packages installed? I think running
>
>   dpkg -l "*:i386"
>
> should list them (I don't use multiarch myself, but it works for the
> native architecture and "*:all").
>
> Ansgar

Thanks Ansgar.

--8<---cut here---start->8---
dpkg -l "*:i386"
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name  Version   Architecture  Description
+++-=-=-=-===
rc  crossover 14.1.11-1 i386  Run Windows 
applications like MS Office
rc  libasound2:i386   1.0.28-1  i386  shared 
library for ALSA applications
rc  libc6:i3862.19-18+deb8u1i386  GNU C 
Library: Shared libraries
rc  libc6-i686:i386   2.19-18+deb8u1i386  GNU C 
Library: Shared libraries [i686 optimized]
rc  libdrm2:i386  2.4.58-2  i386  Userspace 
interface to kernel DRM services -- runtime
rc  libexpat1:i3862.1.0-6+deb8u1i386  XML parsing C 
library - runtime library
rc  libfreetype6:i386 2.5.2-3+deb8u1i386  FreeType 2 
font engine, shared library files
rc  libgcc1:i386  1:4.9.2-10i386  GCC support 
library
rc  libgl1-mesa-glx:i386  10.3.2-1+deb8u1   i386  free 
implementation of the OpenGL API -- GLX runtime
rc  libglapi-mesa:i38610.3.2-1+deb8u1   i386  free 
implementation of the GL API -- shared library
rc  libglu1-mesa:i386 9.0.0-2   i386  Mesa OpenGL 
utility library (GLU)
rc  libice6:i386  2:1.0.9-1+b1  i386  X11 
Inter-Client Exchange library
rc  liblcms2-2:i386   2.6-3+b3  i386  Little CMS 2 
color management library
rc  libpng12-0:i386   1.2.50-2+deb8u1   i386  PNG library - 
runtime
rc  libsm6:i386   2:1.2.2-1+b1  i386  X11 Session 
Management library
rc  libstdc++6:i386   4.9.2-10  i386  GNU Standard 
C++ Library v3
rc  libudev1:i386 215-17+deb8u2 i386  libudev 
shared library
rc  libuuid1:i386 2.25.2-6  i386  Universally 
Unique ID library
rc  libx11-6:i386 2:1.6.2-3 i386  X11 
client-side library
rc  libx11-xcb1:i386  2:1.6.2-3 i386  Xlib/XCB 
interface library
rc  libxau6:i386  1:1.0.8-1 i386  X11 
authorisation library
rc  libxcb-dri2-0:i3861.10-3+b1 i386  X C Binding, 
dri2 extension
rc  libxcb-dri3-0:i3861.10-3+b1 i386  X C Binding, 
dri3 extension
rc  libxcb-glx0:i386  1.10-3+b1 i386  X C Binding, 
glx extension
rc  libxcb-present0:i386  1.10-3+b1 i386  X C Binding, 
present extension
rc  libxcb-sync1:i386 1.10-3+b1 i386  X C Binding, 
sync extension
rc  libxcb1:i386  1.10-3+b1 i386  X C Binding
rc  libxcursor1:i386  1:1.1.14-1+b1 i386  X cursor 
management library
rc  libxdamage1:i386  1:1.1.4-2+b1  i386  X11 damaged 
region extension library
rc  libxdmcp6:i3861:1.1.1-1+b1  i386  X11 Display 
Manager Control Protocol library
rc  libxext6:i386 2:1.3.3-1 i386  X11 
miscellaneous extension library
rc  libxfixes3:i386   1:5.0.1-2+b2  i386  X11 
miscellaneous 'fixes' extension library
rc  libxi6:i386   2:1.7.4-1+b2  i386  X11 Input 
extension library
rc  libxrandr2:i386   2:1.4.2-1+b1  i386  X11 RandR 
extension library
rc  libxrender1:i386  1:0.9.8-1+b1  i386  X Rendering 
Extension client library
rc  libxshmfence1:i3861.1-4 i386  X shared 
memory fences - shared library
rc  libxxf86vm1:i386  1:1.1.3-1+b1  i386  X11 XFree86 
video mode extension library
rc  zlib1g:i386   1:1.2.8.dfsg-2+b1 i386  compression 
library - runtime
--8<---cut here---end--->8---

Wow, that *is* a lot! But I

Re: Xorg replaces TTY1

2015-12-01 Thread Martin Str|mberg 
In article  Chris Bannister 
 wrote:
> On Thu, Nov 26, 2015 at 06:54:34PM +, Brian wrote:
> > There are still users (an example is in
> > this thread) who believe ctrl-alt-backspace no longer works in Debian.
> > It does.

> So it does! Wonder why it didn't work for me on another machine. :(

It's because those nice and user-friendly DE have it disabled by
default (IIRC). I always have to go search for where they've hidden
that option this time, when I try another one or a new version.


-- 
MartinS

Re: [HS] Totem et Freebox: vous y arrivez?

2015-12-01 Thread didier gaumet 
oui, toutes mes excuses, je suis bien en stable, donc "jessie" et pas
"wheezy" (la force de l'habitude).

sinon effectivement accéder aux contenus (enregistrements ou chaînes tv)
de la freebox via vlc (pas besoin du freeplayer, il suffit d'explorer le
réseau local dans la "liste de lecture" et le serveur freebox apparaît)
ou mplayer ne me pose pas de problème.

merci pour ta réponse :-) , mais la question reste posée: y en a-t-il
qui accèdent aux contenus freebox via totem?

Re: Xorg replaces TTY1

2015-12-01 Thread Felix Miata 
Martin Str|mberg composed on 2015-12-02 07:39 (UTC+0100):

> Chris Bannister wrote:

>> On Thu, Nov 26, 2015 at 06:54:34PM +, Brian wrote:

>> > There are still users (an example is in
>> > this thread) who believe ctrl-alt-backspace no longer works in Debian.
>> > It does.

>> So it does! Wonder why it didn't work for me on another machine. :(

> It's because those nice and user-friendly DE have it disabled by
> default (IIRC). I always have to go search for where they've hidden
> that option this time, when I try another one or a new version.

I mostly use KDE, never Gnome, little other. That said,
/etc/X11/xorg.conf.d/00-keyboard.conf always works for me:

Section "InputClass"
Identifier "system-keyboard"
Option "XkbOptions" "terminate:ctrl_alt_bksp"
EndSection
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

(SOLVED) Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Marc Shapiro 

On 12/01/2015 02:05 PM, Sven Arvidsson wrote:

On Tue, 2015-12-01 at 16:39 -0500, Felix Miata wrote:

"Now", as in Stretch and/or Sid? I searched in Jessie and failed to
discover
any available firmware-amd-graphics. Is another repo besides main and
updates
required? I booted same machine to Stretch, and neither package was
found.
And, Stretch is also using FBDEV, like OP here, and stuck in
1280x1024 on a
1680x1050 display, with libdrm-radeon1, xserver-xorg-video-ati and
xserver-xorg-video-radeon installed. ???


Sid and/or stretch, I don't recall exactly when the split was made.

The clue is in the name, nonfree ;)

The correct package in Jessie is firmware-linux-nonfree.  It apparently 
no longer pulls in anything else and has all the drivers, itself.  There 
is no firmware-amd-graphics in Jessie.  Yes.  Having nonfree in your 
sources list does help, but I do keep it there. Installing 
firmware-linux-nonfree and rebooting was the answer.


Thank you to everybody that helped on this.  Since this is solved and 
the answer wasn't found in the logs, I will pass on sending a really 
long post by including the logs.


Marc

Re: A stop job is running for...

2015-12-01 Thread James P. Wallen 



On 12/01/2015 09:47 AM, Sven Arvidsson wrote:

On Mon, 2015-11-30 at 21:04 -0500, Jape Person wrote:

Make remote CUPS printers available locally
Network Time Synchronization

For several weeks I've been seeing this stop job notification for
these
two items frequently when rebooting or shutting down two of my four
testing systems.

The first notification counts all the way up to 1 min 30 sec before
the
shutdown scroll restarts. The second notification only counts for a
few
seconds before terminating.

I'm a patient guy, but adding almost two minutes to almost every
restart
or shutdown procedure gets a bit tedious after a while.


Yes, I have noticed this too, but with different services. So it's
probably not specific to CUPS or NTP.

Unfortunately it seems to always happen when I need to shutdown quickly
(thunderstorms). Would be great if it was possible to configure the
countdown to simply kill the service after a few seconds and proceed
with shutdown/reboot.



Thanks for your response, Sven. It's nice to know that someone else has 
seen this type of problem. I was thinking that this could be 
self-inflicted. Perhaps that's a little less likely now.


So, is this behavior controlled by systemd?

I'm not trying to start a fracas. I'm really interested. What I'm asking 
is, do I need to start poring over systemd documentation to see if there 
might be a way to control this behavior?

Re: OT: reply styles, family matters

2015-12-01 Thread Stuart Longland 
On 01/12/15 11:56, John Hasler wrote:
> Bob Bernstein writes:
>> With that as background, here is my question/request: is anyone aware
>> of a spirited defence of our ideal method of "selective quoting," (for
>> lack of a better label) one, say, that perhaps has achieved the status
>> of a "net classic?" Surely some 'net genius has dealt these
>> nay-sayers, who seem to LIKE top-posting, a solid uppercut?
> 
> Waste of effort.  The usual reason for top-posting (or bottom-posting
> without editing) is laziness.
> 

I often counter that by passing my would-be reply through tac and
top-post it that way.

Then they see it from my perspective.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.



signature.asc
Description: OpenPGP digital signature

Re: L7 filter and iptables Problem

2015-12-01 Thread Muhammad Yousuf Khan 
Thanks i manage to do that with IPtable string  and ipp2p
although still in monitoring however i am seeing some good result.
hopefully that will work.
Thanks,
Yousuf

On Tue, Dec 1, 2015 at 10:58 PM, Roman  wrote:

> Hi,
>
> Even if it would be supported there is no much use of iptables l7 filters.
> They never worked as expected. Get yourself a small juniper srx  :)
>
> 2015-12-01 19:51 GMT+02:00 Peter Ludikovsky :
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hi,
>>
>> According to to project site [0] there hasn't been any real
>> development since 2013, which was a patch against the 2.6 kernel line.
>> That kernel line is out of support since mid-2015.
>>
>> I'm afraid the string matching module would be your best bet for now.
>>
>> Regards,
>> /peter
>>
>> [0] http://l7-filter.clearos.com/
>>
>> Am 01.12.2015 um 08:56 schrieb Muhammad Yousuf Khan:
>> > Hello,
>> >
>> > i am using  Debian jessie and I have been trying to work with L7
>> > filter to block p2p but its not working
>> >
>> > iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP iptables
>> > v1.4.21: Couldn't load match `layer7':No such file or directory
>> >
>> > Try `iptables -h' or 'iptables --help' for more information.
>> >
>> > can you guys Please help.  string match with ip tables is easy but
>> > i am looking to use L7 filter on jessie. all the how-tos are out
>> > dated. example kernel patch etc.
>> >
>> > Please help.
>> >
>> > Thanks, Yousuf
>> >
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2.0.22 (MingW32)
>>
>> iQIcBAEBAgAGBQJWXd4OAAoJEM+6Ng5pbtyZAd8P/3vM3gVfiaUcVVdxsNPkRIzb
>> NddWvxnWwYp4DNCHRj5sKAJ4X5DhdqClEysT8eLMBfG+IXLW44mF/M3NBeVsbMAk
>> 5ugH4hlyaIK2Pxh1yIHOCz1uP7yRnj8X6ASp5PxbzBTowmHLynjyka0OnEdg0pR4
>> hsNvw9RyxPKPuqBTXy37SXGbp8mBmuFbQucaX7G80e8n5reCL9CvLTHKLiQ3BGdc
>> KanmYQjZ7K1/FISuBpl653iiR/Kpb4bfY2x2Nl54Pxs2ueFMwskIqsfGyxU6nSPb
>> Hk9OpDpJlQ14PTxZ2Tw/tvPJIhFqvQshrVD57OvQhgXrda+7o/sz1DbL5djLSAPj
>> b05luaVW9U+88XgAkcNPNZfrohy3JY1EnXPY5n3M83yZZ7QPPlwxc66Nu2PBS/rM
>> B0erP4t0c2tqxpMoewSmlX3Q0qm83IRET9ozSMqoEWbFYho499MR+uyTCkw1YO05
>> JfHS/4o/t+z9PzHo1h2r0tqij52WcgeD4TSZ8W4MdZxMmwk6w+XOsJYDpY7eX2gt
>> a6IRr5/pgzv6PLWjpXSwj1XCtQUxoZkWS7GPF5qfbBh1/t3hjRe6Hv8MwQPP0oSw
>> LelvMIhii2NVvlPueuSWH46XencEQId66wTkAx02YxP84FMctw7jJl7oljb/JrQ7
>> EXo9Iaaohz1ZjLSH3+Ht
>> =rHnt
>> -END PGP SIGNATURE-
>>
>>
>
>
> --
> Best regards,
> Roman.
>

Re: root acount is loocked,starting shell

2015-12-01 Thread Narcis Garcia 
Entenc que no se t'obre cap entorn gràfic (on veuries la fletxa pel ratolí).
Essent així, aniria bé una fotografia del què surt per pantalla només
havent posat la contrasenya de desencriptat, i fins que es queda esperant.

També anirien bé aquests detalls:
- L'ordinador només té muntat un disc dur o n'hi has afegit un altre?
- Debian és l'únic sistema operatiu instal·lat?
- Tot just has instal·lat Debian des de zero, o bé has fet algun altre
canvi o tasca a l'ordinador?
- Tens un CD o DVD o USB amb arrencada gràfica de sistema operatiu? (en
diuen «Live»)


__
I'm using this express-made address because personal addresses aren't
masked enough at lists.debian.org archives.

El 29/11/15 a les 16:13, dainat...@riseup.net ha escrit:
> debian-user-catalan@lists.debian.org
> 
> hola llista
> aviso que
> no tinc gens de coneixements per
> furgar en la terminal del meu pc
> 
> tinc instalat debian
> suposo que jessie.. perque em sobtava que menciones al final de algunes
> linees aquest nom
> ...:
> Em trobo que un cop introduida la contrasenya per desencriptar el disc
> dur...
> no puc entrar ni com usuaria convidada..
> ni com la principal.. que deu ser l'administrador
> 
> al iniciarse el debian
> poc triar opcions avançades..
> 
> es com la terminal
> 
> tot el seguit de informacio
> te un [ ok vert ]
> i al final diu
> aixo del
> 
>  sulogin: root acount is loocked,starting shell
> 
> 
> li he donat ordre de entrar :
> -default mode
> i..es clar..em porta al inici "interfaz?" per signar
> i tampoc he pogut entrar
> 
> - reiniciar..des de ordre root.. i des de "interfaz"?
> i no res
> 
> vaig trobar en una llista debian
> un comentari q pot ser similar al meu..en angles..
> i tampoc estic segura
> 
> https://lists.debian.org/debian-user/2009/05/msg01538.html
> 
> ? es posible que si li demano de modificar contrasenyes
> pugui accedir ??
> i com he de fer aixo ?
> 
> merci
>

Re: Trying to remove "architecture i386"

2015-12-01 Thread Sharon Kimble 
Sharon Kimble  writes:

> I am running a "amd64" version of jessie and in an effort to get
> 'crossover_14.1.11-1.deb' installed, which is 32-bit. To do this I issued the
> command -
>
> ╭
> │sudo dpkg --add-architecture i386
> ╰
>
> and then -
>
> ╭
> │dpkg --print-foreign-architectures
> ╰
>
> then I did a 'apt-get update' and tried to install crossover again. I've
> now given up trying to instal it and wish to move back to just being a
> 64-bit machine using amd64 packages only. I've therefore done -
>
> ╭
> │sudo dpkg --remove-architecture i386
> ╰
>
> which failed saying -
>
> dpkg: error: cannot remove architecture 'i386' currently in use by the 
> database
>
> How then can I remove 'i386' please, or should I just cut my losses and 
> reinstall?
>

I think that I've resolved the situation by -

--8<---cut here---start->8---
deb [arch=amd64] http://foo
deb-src [arch=amd64] http://foo
--8<---cut here---end--->8---

in my sources.list.

I installed all amd64 packages that were shown as being removed in
yesterdays logwatch, and then I manually removed all the i386 packages
From /var/cache/apt/archives and then rebooted.

Everything came back up successfully, and I then "sudo dpkg
--remove-architecture i386" and checked using "dpkg
--print-foreign-architectures" which showed a zero response, and I then
"dpkg --print-architecture" which showed "amd64"!

Mission accomplished!

Thanks
Sharon.
-- 
A taste of linux = http://www.sharons.org.uk
TGmeds = http://www.tgmeds.org.uk
Debian 8.0, fluxbox 1.3.7, emacs 24.5.1


signature.asc
Description: PGP signature

Re: Can't startx as normal user

2015-12-01 Thread Sven Arvidsson 
On Mon, 2015-11-30 at 19:20 -0300, Draco Metallium(Rodrigo S. Cañibano)
wrote:
> It could be that, since I don't have systemd, nor systemd-shim
> installed (I just checked again).
> 
> I had to install xserver-xorg-legacy, just as Harald Dunkel
> suggested.
> 
> Should't apt-get have warned me that there were unmet dependencies?

The NEWS entry should have been picked up by apt-listchanges:
https://sources.debian.net/src/xorg-server/2:1.17.3-2/debian/xserver-xorg-core.NEWS/

(And will probably also be mentioned in the release docs)

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5





signature.asc
Description: This is a digitally signed message part

Re: root acount is loocked,starting shell

2015-12-01 Thread dainateia 

A 2015-12-01 19:34, Narcis Garcia escrigué:
Entenc que no se t'obre cap entorn gràfic (on veuries la fletxa pel 
ratolí).

Essent així, aniria bé una fotografia del què surt per pantalla només
havent posat la contrasenya de desencriptat, i fins que es queda 
esperant.




..les enviu despres..en seguent mail..



També anirien bé aquests detalls:
- L'ordinador només té muntat un disc dur o n'hi has afegit un altre?


nomes original


- Debian és l'únic sistema operatiu instal·lat?


si


- Tot just has instal·lat Debian des de zero, o bé has fet algun altre
canvi o tasca a l'ordinador?


debian des de zero al juliol 2015
( em van avisar ke tarneta grafica obsoleta iaona...)

fa 1 setmana vaig instalar aplicacio kdenlive
i vaig grabar els mp4 en1cd dades

lo ultim baixar 2 pelis de piratbey



- Tens un CD o DVD o USB amb arrencada gràfica de sistema operatiu? (en
diuen «Live»)


(..ni idea..)
pero
fa 1mes tambe va pasar!!
..no arrencava
i aquell cop es kedava en negre..i li vaig fer
expulsar el dvd...
i vaig poder arrencar
( si aixo et dona 1 pista...)



__
I'm using this express-made address because personal addresses aren't
masked enough at lists.debian.org archives.

El 29/11/15 a les 16:13, dainat...@riseup.net ha escrit:

debian-user-catalan@lists.debian.org

hola llista
aviso que
no tinc gens de coneixements per
furgar en la terminal del meu pc

tinc instalat debian
suposo que jessie.. perque em sobtava que menciones al final de 
algunes

linees aquest nom
...:
Em trobo que un cop introduida la contrasenya per desencriptar el disc
dur...
no puc entrar ni com usuaria convidada..
ni com la principal.. que deu ser l'administrador

al iniciarse el debian
poc triar opcions avançades..

es com la terminal

tot el seguit de informacio
te un [ ok vert ]
i al final diu
aixo del

 sulogin: root acount is loocked,starting shell


li he donat ordre de entrar :
-default mode
i..es clar..em porta al inici "interfaz?" per signar
i tampoc he pogut entrar

- reiniciar..des de ordre root.. i des de "interfaz"?
i no res

vaig trobar en una llista debian
un comentari q pot ser similar al meu..en angles..
i tampoc estic segura

https://lists.debian.org/debian-user/2009/05/msg01538.html

? es posible que si li demano de modificar contrasenyes
pugui accedir ??
i com he de fer aixo ?

merci

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Marc Shapiro 

On 11/30/2015 11:32 PM, Felix Miata wrote:

Marc Shapiro composed on 2015-11-30 23:11 (UTC-0800):


Alright.  Knowing nothing about the inner workings of X, I can at least
look through the two log files (in my previous post) and see where they
suddenly go in very different directions.
Using the numbers down the left-hand side of the logs (I don't know what
they actually are, but they seem to be ascending, so I will use them as
markers), at 32.959 in the Wheezy log and at 2271.289 in the Jessie log
they both say:
  (++) using VT number 7
a few lines below that, in the Wheezy log:
[32.974] (II) Module fbdevhw: vendor="X.Org Foundation"
[32.974]compiled for 1.12.4, module version = 0.0.2
[32.974]ABI class: X.Org Video Driver, version 12.1
[32.975] (II) RADEON(0): TOTO SAYS fddc
[32.975] (II) RADEON(0): MMIO registers at 0xfddc: size  128KB
[32.975] (II) RADEON(0): PCI bus 1 card 0 func 0
[32.975] (II) RADEON(0): Creating default Display subsection in Screen 
section
  "Default Screen Section" for depth/fbbpp 24/32
[32.975] (==) RADEON(0): Depth 24, (--) framebuffer bpp 32
[32.975] (II) RADEON(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp 
pixmaps)
[32.975] (==) RADEON(0): Default visual is TrueColor
  SKIP
[33.024] (II) RADEON(0): Detected total video RAM=1048576K, 
accessible=262144K (PCI BAR=262144K)
and in the Jessie log:
[  2271.291] (II) Module fbdevhw: vendor="X.Org Foundation"
[  2271.291]compiled for 1.16.4, module version = 0.0.2
[  2271.291]ABI class: X.Org Video Driver, version 18.0
[  2271.291] (**) FBDEV(2): claimed PCI slot 1@0:0:0
[  2271.291] (II) FBDEV(2): using default device
[  2271.291] (WW) Falling back to old probe method for vesa
[  2271.291] (EE) Screen 0 deleted because of no matching config section.
[  2271.291] (II) UnloadModule: "radeon"
[  2271.291] (EE) Screen 0 deleted because of no matching config section.
[  2271.291] (II) UnloadModule: "modesetting"
[  2271.291] (II) FBDEV(0): Creating default Display subsection in Screen 
section
  "Default Screen Section" for depth/fbbpp 16/16
[  2271.291] (==) FBDEV(0): Depth 16, (==) framebuffer bpp 16
[  2271.291] (==) FBDEV(0): RGB weight 565
[  2271.291] (==) FBDEV(0): Default visual is TrueColor
[  2271.291] (==) FBDEV(0): Using gamma correction (1.0, 1.0, 1.0)
[  2271.291] (II) FBDEV(0): hardware: simple (video memory: 1536kB)
[  2271.291] (II) FBDEV(0): checking modes against framebuffer device...
[  2271.291] (II) FBDEV(0): checking modes against monitor...
[  2271.291] (--) FBDEV(0): Virtual size is 1024x768 (pitch 1024)
[  2271.291] (**) FBDEV(0):  Built-in mode "current"
[  2271.291] (==) FBDEV(0): DPI set to (96, 96)
In Wheezy, the graphics card seems to have been found and a depth of
24bpp is being used by RADEON(0) with a GB of graphics memory, while in
Jessie, Screen 0 is getting deleted and the radeon module is removed.
Instead of RADEON(0) we see FBDEV(0), instead of 24bbp, only 16bbp is
being used.  Only 1536kB of video memory is being used and the screen
size is set to "Virtual size is 1024x768 (pitch 1024)".

FBDEV doesn't ever support 1920x1080 AFAIK. Video RAM and bpp are non-issues
here. What needs to be determined is why RADEON is not being used in Jessie.
FBDEV is a grossly inferior fallback.


I don't know enough to determine what is causing these differences, let
alone how to correct the problem.  If someone else can figure out a
solution I would be most grateful.

You haven't provided everything requested. We don't know which gfxcard you
have, which 'lspci | grep VGA' would report. Your excerpts from Xorg.0.logs
don't have other info that may be required to help, such as kernel cmdline,
which could be the reason why RADEON is not used. Another possibility is that
Jessie provides firmware your ATI gfxcard requires in a separate firmware
package that is not installed, or maybe the ATI driver package didn't get
installed at all. Read through
https://wiki.debian.org/AtiHowTo#Troubleshooting and you may not need any
more help from us.


Here is the lspci output showing the graphics card:

$ lspci | grep VGA
01:00.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI 
Cedar PRO [Radeon HD 5450/6350]


My post prior to the one you quoted above has the entire contents of 
both logs.  After posting them, I saw where the logs diverged so 
radically and made another post with just the excerpts.


Marc

Re: Trying to remove "architecture i386"

2015-12-01 Thread Ansgar Burchardt 
Sharon Kimble  writes:
> ╭
> │sudo dpkg --remove-architecture i386
> ╰
>
> which failed saying -
>
> dpkg: error: cannot remove architecture 'i386' currently in use by the 
> database
>
> How then can I remove 'i386' please, or should I just cut my losses and 
> reinstall?

Do you still have any i386 packages installed? I think running

  dpkg -l "*:i386"

should list them (I don't use multiarch myself, but it works for the
native architecture and "*:all").

Ansgar

Re: OT: reply styles, family matters

2015-12-01 Thread Mart van de Wege 
Bob Bernstein  writes:

> "Please don't respond line by line. It is patronizing and
> annoying."
>
> I have acquired over the years a habit of carefully quoting and
> replying to those quoted snippets. But it rubs some in my family the
> wrong way. They don't see it as part and parcel of effective
> communication, or as, at bottom, simply good netiquette. They feel
> talked down to. My nephew's father had the same problem with me years
> ago but I think I have brought him around over time so that he no
> longer "takes it personal."
>
> With that as background, here is my question/request: is anyone aware
> of a spirited defence of our ideal method of "selective quoting," (for
> lack of a better label) one, say, that perhaps has achieved the status
> of a "net classic?" Surely some 'net genius has dealt these
> nay-sayers, who seem to LIKE top-posting, a solid uppercut?
>
Why not do your correspondents the courtesy of replying in the style
*they* want?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Mart van de Wege 
Felix Miata  writes:

> Another possibility is that Jessie provides firmware your ATI gfxcard
> requires in a separate firmware package that is not installed, or
> maybe the ATI driver package didn't get installed at all.

I manage a bunch of workstations with exactly this issue. I had to
install firmware-linux-nonfree to get X to recognise the Radeon cards in
these machines. Since firmware-linux-nonfree pulls in
firmware-amd-graphics, I suspect installing the latter will be
sufficient for OP.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: OT: reply styles, family matters

2015-12-01 Thread Lisi Reisz 
On Tuesday 01 December 2015 08:54:27 Mart van de Wege wrote:
> Bob Bernstein  writes:
> > "Please don't respond line by line. It is patronizing and
> > annoying."
> >
> > I have acquired over the years a habit of carefully quoting and
> > replying to those quoted snippets. But it rubs some in my family the
> > wrong way. They don't see it as part and parcel of effective
> > communication, or as, at bottom, simply good netiquette. They feel
> > talked down to. My nephew's father had the same problem with me years
> > ago but I think I have brought him around over time so that he no
> > longer "takes it personal."
> >
> > With that as background, here is my question/request: is anyone aware
> > of a spirited defence of our ideal method of "selective quoting," (for
> > lack of a better label) one, say, that perhaps has achieved the status
> > of a "net classic?" Surely some 'net genius has dealt these
> > nay-sayers, who seem to LIKE top-posting, a solid uppercut?
>
> Why not do your correspondents the courtesy of replying in the style
> *they* want?

That's fine, so long as you are not required to reply.  And so long as you 
don't want the discussion to remain vaguely on track.

Lisi

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Flavio Menezes dos Reis 
Colegas,

Eu acredito que a ITI, responsápel pela ICP-Brasil, tenha que fomentar um
software livre para assinatura digital de documentos PDF, no mínimo, para
que seu uso decole. De outra forma toda e qualquer solução de software terá
que reinventar a roda e pagar royalties para Certisigns da vida para
utilização de suas LIBs/APIs.

Já passou da hora, além do assinador software livre, também um verificador
de integridade documentos assinados, também pela ITI.

Bora lá ITI!!!

Em 30 de novembro de 2015 23:06, Jamenson Ferreira Espindula de Almeida
Melo  escreveu:

> Continuando ...
>
>
> JUCESP | Assinatura de Contrato Social com Certificado Digital ICP-Brasil
>
> Assinatura de Contrato Social na Comercial do Estado de São Paulo 100%
> Digital – com utilização do Certificado Digital ICP-Brasil
>
> O MARAVILHOSO MUNDO NOVO!
>
> (*)  Por Nivaldo Cleto
>
> No último dia 14 de setembro, após 125 anos de existência, a JUCESP –
> Junta Comercial do Estado de São Paulo implementou a Plataforma Via
> Rápida Empresa 2 – VRE2, que possibilita ao empreendedor a abertura de
> uma sociedade limitada sem as assinaturas de próprio punho dos sócios
> quotistas e sem a impressão de papel. Isso apenas com a utilização do
> certificado digital (ICP Brasil-Pessoa Física) dos sócios, como
> instrumento de assinatura no meio digital.
>
> Dias, antes, no lançamento do VRE2, no Palácio do Governador, resolvi
> lançar um desafio aos dirigentes da JUCESP, de que faria a abertura da
> primeira sociedade limitada 100% digital, no Estado de São Paulo, ou
> seja, sem a impressão de papel, para comprovar o funcionamento do
> sistema.
>
> Assim sendo, no mesmo dia do lançamento do VRE2, redigi o Contrato
> Social, pelo computador, convertendo-o em PDF. Em seguida, acessamos o
> Portal do VRE2 (vre.portal.jucesp.sp.gov.br), identificados com o
> certificado digital Pessoa Física. Lá, fizemos a pesquisa de
> viabilidade prévia do local da Prefeitura Conveniada e, após a
> aprovação da viabilidade, preenchemos o cadastro, recolhemos as taxas,
> fizemos o upload do Contrato Social, em formato PDF. Os sócios,
> diretamente de seus locais de trabalho, residência ou mesmo com o uso
> de seus smartphones, assinaram o ato, com seus certificados digitais.
> O documento eletrônico foi recebido na JUCESP, por um analista
> técnico, que analisou as formalidades legais do ato, após conferir as
> assinaturas digitais, enviou o documento para registro.
>
> Pronto, estava aberta a primeira sociedade limitada 100% digital, no
> Estado de São Paulo. Sem papel, sem assinatura de próprio punho, mas
> com respaldo legal, já que sócios, advogado, testemunhas, assessor
> técnico e Secretário Geral da JUCESP, assinaram com seus certificados
> digitais ICP Brasil.
>
> Gravamos algumas imagens durante a realização desse processo no meu
> escritório e na JUCESP. As mesmas estão disponíveis num vídeo de três
> minutos.
>
> Nenhuma folha foi impressa durante o processo de registro, portanto é
> evidente a economia com papel, tempo e combustível. Tudo isso perdeu
> para a velocidade da tecnologia, em uma verdadeira inovação no
> processo de registro do comércio.
>
> O VRE2, da JUCESP, com a Certificação Digital dos sócios Pessoas
> Físicas, tornou desnecessária a ida ao balcão, o protocolo e as filas
> para retirar o documento registrado pois, de agora em diante, tudo
> poderá acontecer no meio digital. Ao final do registro, se a
> Prefeitura tiver convênio com a Junta Comercial, o empreendedor
> receberá até o Alvará de Funcionamento junto com o Contrato Social
> Registrado, Inscrição no CNPJ, Inscrição Estadual e Municipal em até
> cinco dias.
>
> Segundo os dirigentes da JUCESP, será dada prioridade para os
> processos digitais, pois a ausência da movimentação física trará ganho
> de tempo para análise e fluxo dos processos de registro.
> Temos, agora, a missão de disseminar na sociedade o uso desse meio
> revolucionário de assinatura de atos societários para que se
> compreenda a segurança, a economia de tempo e os benefícios com a
> desburocratização e a desmaterialização dos processos, resguardadas a
> segurança e a legalidade.
>
> Caberá aos profissionais da contabilidade e do direito, por meio das
> entidades profissionais, por serem os grandes usuários da certificação
> digital, já que, diariamente, atendem as obrigações fiscais,
> acessórias e os prazos judiciais de seus clientes, a massificação do
> uso dessa tecnologia e do VRE2.
>
> Já existem estudos em Juntas Comerciais do Brasil que exigirão no
> prazo de dois anos que todos os atos societários sejam assinados com
> os Certificados Digitais ICP Brasil.
> Será esse o “Maravilhoso Mundo Novo”, “Sem Papel”, “Nas Nuvens” que as
> corporações e o governo migrarão nos próximos quinze anos?
> Na minha opinião será um caminho sem volta.
>
> (*) Nivaldo Cleto é contador e empresário da contabilidade
> Conselheiro do Comitê Gestor do ICP Brasil
> Conselheiro do Comitê Gestor da Internet do

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Leandro Guimarães Faria Corcete DUTRA 
Le 1 décembre 2015 08:02:35 GMT-02:00, Flavio Menezes dos Reis 
 a écrit :
>
>Eu acredito que a ITI, responsápel pela ICP-Brasil, tenha que fomentar
>um software livre para assinatura digital de documentos PDF

E por que você acredita nisso?

Eu creio que o ideal é que a comunidade o faça.  Não tenho as competências, 
você as teria?



-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191 (Net)gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691 (Vivo) ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: OT: reply styles, family matters

2015-12-01 Thread Nicolas George 
Le decadi 10 frimaire, an CCXXIV, Bob Bernstein a écrit :
> With that as background, here is my question/request: is anyone aware of a
> spirited defence of our ideal method of "selective quoting," (for lack of a
> better label) one, say, that perhaps has achieved the status of a "net
> classic?" Surely some 'net genius has dealt these nay-sayers, who seem to
> LIKE top-posting, a solid uppercut?

I do not have a pointer to that kind of text, but I have found this analogy
rather relevant:

When you watch a TV series episode, does it end with an announce "Previously
in $series" and the full rerun of the last episode?

Regards,

-- 
  Nicolas George

[Résolu][Montage usb téléphone]Pas accès aux données de la carte SD

2015-12-01 Thread Grégory Bulot 

Avant de chercher plus loin, il faudrait écarter un point tout bête
mais qui m'a fait galérer un petit moment… Depuis quelques version
d'Android, lorsque l'on branche le téléphone en USB, il est nécessaire
de le déverrouiller pour que les données soit accessible via le
protocole MTP et que le téléphone puisse être monté.



rhaa, c'est évident quand ont sait  merc

[Montage usb téléphone]Pas accès aux données de la carte SD

2015-12-01 Thread Grégory Bulot 

Le 2015-12-01 11:35, Grégory Bulot a écrit :

Avant de chercher plus loin, il faudrait écarter un point tout bête
mais qui m'a fait galérer un petit moment… Depuis quelques version
d'Android, lorsque l'on branche le téléphone en USB, il est 
nécessaire

de le déverrouiller pour que les données soit accessible via le
protocole MTP et que le téléphone puisse être monté.


En fait pas résolu, je m'étais trompé de téléphone 

toujours pas de volume disponible




--
Cordialement,

--
Grégory Bulot

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Flavio Menezes dos Reis 
Leandro,

Simplesmente porque a ITI é a responsável pela ICP-Brasil. Sendo assim ela
deveria centralizar as ações para o desenvolvimento desses software. E como
eu disse, deveriam ser livres, porque entre outros, permitiria a auditagem.
Quem melhor do que a ITI para fomentar isto, inclusive, com uma comunidade
trabalhando neste sentido?

Além disso, para o negócio tocado pela ICP-Brasil, é essencial que existam
algumas ferramentas mínimas. Isto é o que eu acredito.

Vês outra alternativa?

Atte.,

Em 1 de dezembro de 2015 08:22, Leandro Guimarães Faria Corcete DUTRA <
l...@dutras.org> escreveu:

> Le 1 décembre 2015 08:02:35 GMT-02:00, Flavio Menezes dos Reis <
> flavio-r...@pge.rs.gov.br> a écrit :
> >
> >Eu acredito que a ITI, responsápel pela ICP-Brasil, tenha que fomentar
> >um software livre para assinatura digital de documentos PDF
>
> E por que você acredita nisso?
>
> Eu creio que o ideal é que a comunidade o faça.  Não tenho as
> competências, você as teria?
>
>
>
> --
> skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
> +55 (61) 3546 7191 (Net)gTalk: xmpp:leand...@jabber.org
> +55 (61) 9302 2691 (Vivo) ICQ/AIM: aim:GoIM?screenname=61287803
> BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm
>
>


-- 
Flávio Menezes dos Reis
Analista de Informática
Procuradoria-Geral do Estado do RS
(51) 3288 1764

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Marc Shapiro 

On 12/01/2015 07:03 AM, Sven Arvidsson wrote:

On Mon, 2015-11-30 at 23:11 -0800, Marc Shapiro wrote:

In Wheezy, the graphics card seems to have been found and a depth of
24bpp is being used by RADEON(0) with a GB of graphics memory, while
in
Jessie, Screen 0 is getting deleted and the radeon module is removed.
   
Instead of RADEON(0) we see FBDEV(0), instead of 24bbp, only 16bbp is

being used.  Only 1536kB of video memory is being used and the screen
size is set to "Virtual size is 1024x768 (pitch 1024)".

I don't know enough to determine what is causing these differences,
let
alone how to correct the problem.  If someone else can figure out a
solution I would be most grateful.

Most likely missing firmware as others have suggested, check dmesg and
grep for radeon and/or drm.

I will install  firmware-amd-graphics as soon as I get a chance 
(probably this evening) and report back.  Meanwhile, Felix says that he 
never received my post with the full logs and others seem not to have 
received them, either, by what they have posted.  For the sake of 
keeping all of the information available for the future, I will post 
them at that time, as well.  Should they be sent as attachments, or 
inline.  I sent them as attachments last time. Could that have been the 
problem?


Marc

Re: Fail2ban

2015-12-01 Thread Philippe Gras 

Le 1 déc. 2015 à 15:56, andre_deb...@numericable.fr a écrit :

> On Tuesday 01 December 2015 14:28:18 Philippe Gras wrote:
>> Le 1 déc. 2015 à 14:17, andre_deb...@numericable.fr a écrit :
>>> J'avais lancé un help sur ce sujet et modifié
>>> jail.conf et fail.local
>>> Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
>>> (tentatives de connexions sur des comptes mail) :
>>> "authentication failure; logname= uid=0 euid=0 tty=dovecot 
>>> ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
>>> Une personne qui n'est pas le propriétaire du mail,
>>> tente de se connecter 66 fois alors que le "maxretry=3"
>>> Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
>>> (je l'avais bien relancé).
> 
>> Cette adresse IP est-elle rapportée dans Logwatch d'un jour à l'autre ? :
> 
> Les IP intrusives changent d'un jour à l'autre.

Bon, ben alors c'est normal. Quand tu auras banni toutes les IP du pirate ça
va se tasser, mais ça prend évidemment plusieurs jours

> 
>> La période de ban peut être augmentée (> 1 mois c'est bien) :
> 
> Quelle est la ligne à ajouter/ configurer dans les fichiers jail.conf 
> et .local ?

bantime = nombre de secondes en nombre entier
> 
>> Sinon, les requêtes peuvent avoir été envoyées en même temps, et en
>> masse, c'est une technique utilisée pour passer les filtres fail2ban :
> 
> Comment contourner la technique des ? :
> "requêtes envoyées en même temps et en masse".

À ma connaissance ce n'est pas possible. Par contre tu peux filtrer le nombre
de connections simultanées sur ton serveur ou avec iptables.
> 
> André
> 
>

Re: Debian Wheezy boot messages

2015-12-01 Thread Liam O'Toole 
On 2015-12-01, Brian  wrote:
> On Tue 01 Dec 2015 at 12:33:23 +, Liam O'Toole wrote:
>
>> On 2015-11-30, Klaus Jantzen  wrote:
>> > Hallo,
>> >
>> > where are the messages stored that Debain produces during booting (checking
>> > of various components, startup of e.g. postgresql, messages issued by
>> > /udev,
>> > error messages in case a routine could not be started, etc).
>> >
>> > I looked in /var/log through all logs but could not find those messages.
>> >
>> 
>> Try the bootlogd package:
>> 
>> https://packages.debian.org/wheezy/bootlogd
>
> This mail might be of interest:
>
>   https://lists.debian.org/debian-user/2015/10/msg00199.html
>
>> bootlogd is a hack and does not work properly under
>> sysvinit and not at all under systemd.

Yes, that is interesting. My own experience is that bootlogd worked as
intended in Wheezy. I don't use it in Jessie.

-- 

Liam

saludos lista

2015-12-01 Thread David Miranda Aragon 

tengo un problema con mi cliente jabber psi-plus
pues en mi empresa tengo como servidor jabber el openfire y no me puedo 
conectar a mi servidor jabber desde el psi-plus si la conexion del mismo 
no es cifrada

mi servidor jabber esta montado en debian 7 y yo utilizo debian 8
ahhh esto me sucede en linux nada mas
pues en otras estaciones de trabajo donde esta el windows instalado si 
se conecta bien


--
Lic. David Miranda Aragón
Unidad de Investigación para la Construcción Cienfuegos. ENIA-MICONS
Administrador de Red
Email: da...@eniacfg.co.cu
Jabber: da...@jabber.eniacfg.co.cu
Teléfono: (043) 525128
Ave 56 # 5101 (Altos), Cienfuegos - CUBA

Archivos bloqueados

2015-12-01 Thread Luis Ernesto Garcia reyes 
En ocasiones cuando so el repositorio que tengo en un hdd algunas carpetas
como por ejemplo la del bind9 en pool/main/ en debían me sale la carpeta
vacia y en Windows me dice que está dañada como puedo resolver el problema??

[OT] Otra de discos...

2015-12-01 Thread Maykel Franco 
Llevo un tiempo que me ha mirado un tuerto... Ahora me llega las
alertas de smartctl:

Device: /dev/sdc [SAT], 8 Offline uncorrectable sectors

Está usado durante 3 años pero lo he formateado hace poco y reusado
para otras cosas... Es necesario cambiarlo? Esa es mi duda porque he
visto en algún foro que no es necesario cambiar el disco duro.

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Moacir Hardt Godoy 
Também entendo que o ITI deveria desenvolver um assinador. E o
Observatório Nacional disponibilizar um carimbo do tempo grátis. E não me
venham com conversas de restrição de verbas pois o INPE, mesmo com
restrições orçamentárias,  desenvolveu e disponibilizou excelentes
softwares de geoprocessamento
(SPRING e Terraview) bem como abriu todo o seu repositório de imagens de
satélite para quem quiser baixar. A iniciativa foi pioneira a
nível mundial e o EROS data center comprou a ideia e fez o mesmo. O
CPTEC divulga imagens meteorológicas pela internet e não cobra nada por
isso.

É o dinheiro público em benefício público.

E ainda, acredito que seja de interesse do governo que todo cidadão
tenha seu certificado digital, o qual seria sua verdadeira "carteira de
identidade"

abs


Em 01/12/2015 07:02, Flavio Menezes dos Reis escreveu:
> Colegas,
>
> Eu acredito que a ITI, responsápel pela ICP-Brasil, tenha que fomentar
> um software livre para assinatura digital de documentos PDF, no
> mínimo, para que seu uso decole. De outra forma toda e qualquer
> solução de software terá que reinventar a roda e pagar royalties para
> Certisigns da vida para utilização de suas LIBs/APIs.
>
> Já passou da hora, além do assinador software livre, também um
> verificador de integridade documentos assinados, também pela ITI.
>
> Bora lá ITI!!!
>
> Em 30 de novembro de 2015 23:06, Jamenson Ferreira Espindula de
> Almeida Melo > escreveu:
>
> Continuando ...
>
>
> JUCESP | Assinatura de Contrato Social com Certificado Digital
> ICP-Brasil
>
> Assinatura de Contrato Social na Comercial do Estado de São Paulo 100%
> Digital – com utilização do Certificado Digital ICP-Brasil
>
> O MARAVILHOSO MUNDO NOVO!
>
> (*)  Por Nivaldo Cleto
>
> No último dia 14 de setembro, após 125 anos de existência, a JUCESP –
> Junta Comercial do Estado de São Paulo implementou a Plataforma Via
> Rápida Empresa 2 – VRE2, que possibilita ao empreendedor a abertura de
> uma sociedade limitada sem as assinaturas de próprio punho dos sócios
> quotistas e sem a impressão de papel. Isso apenas com a utilização do
> certificado digital (ICP Brasil-Pessoa Física) dos sócios, como
> instrumento de assinatura no meio digital.
>
> Dias, antes, no lançamento do VRE2, no Palácio do Governador, resolvi
> lançar um desafio aos dirigentes da JUCESP, de que faria a abertura da
> primeira sociedade limitada 100% digital, no Estado de São Paulo, ou
> seja, sem a impressão de papel, para comprovar o funcionamento do
> sistema.
>
> Assim sendo, no mesmo dia do lançamento do VRE2, redigi o Contrato
> Social, pelo computador, convertendo-o em PDF. Em seguida, acessamos o
> Portal do VRE2 (vre.portal.jucesp.sp.gov.br
> ), identificados com o
> certificado digital Pessoa Física. Lá, fizemos a pesquisa de
> viabilidade prévia do local da Prefeitura Conveniada e, após a
> aprovação da viabilidade, preenchemos o cadastro, recolhemos as taxas,
> fizemos o upload do Contrato Social, em formato PDF. Os sócios,
> diretamente de seus locais de trabalho, residência ou mesmo com o uso
> de seus smartphones, assinaram o ato, com seus certificados digitais.
> O documento eletrônico foi recebido na JUCESP, por um analista
> técnico, que analisou as formalidades legais do ato, após conferir as
> assinaturas digitais, enviou o documento para registro.
>
> Pronto, estava aberta a primeira sociedade limitada 100% digital, no
> Estado de São Paulo. Sem papel, sem assinatura de próprio punho, mas
> com respaldo legal, já que sócios, advogado, testemunhas, assessor
> técnico e Secretário Geral da JUCESP, assinaram com seus certificados
> digitais ICP Brasil.
>
> Gravamos algumas imagens durante a realização desse processo no meu
> escritório e na JUCESP. As mesmas estão disponíveis num vídeo de três
> minutos.
>
> Nenhuma folha foi impressa durante o processo de registro, portanto é
> evidente a economia com papel, tempo e combustível. Tudo isso perdeu
> para a velocidade da tecnologia, em uma verdadeira inovação no
> processo de registro do comércio.
>
> O VRE2, da JUCESP, com a Certificação Digital dos sócios Pessoas
> Físicas, tornou desnecessária a ida ao balcão, o protocolo e as filas
> para retirar o documento registrado pois, de agora em diante, tudo
> poderá acontecer no meio digital. Ao final do registro, se a
> Prefeitura tiver convênio com a Junta Comercial, o empreendedor
> receberá até o Alvará de Funcionamento junto com o Contrato Social
> Registrado, Inscrição no CNPJ, Inscrição Estadual e Municipal em até
> cinco dias.
>
> Segundo os dirigentes da JUCESP, será dada prioridade para os
> processos digitais, pois a ausência da movimentação física trará ganho
> de tempo para análise e fluxo dos

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Flavio Menezes dos Reis 
Leandro,

Eu não consigo ver, porque, assim como tantas outras atividades públicas, a
ICP-Brasil, através do ITI, não possa fomentar o desenvolvimento de algumas
peças de software. Pode ter certeza de que isto seria uma parcela ínfima do
orçamento da ITI utilizado para a ICP-Brasil. De outra forma, se a
pretensão da ITI não fosse outra, com a ICP-Brasil, do que fomentar a
utilização da certificação digital, criptografia, entre outros, não teria
se lançado neste mercado, teria deixado para a iniciativa privada operar
toda a AC Raiz Brasileira.


Assim, a ITI fomentando a comunidade, acredito que o processo de
desenvolvimento bazar iria produzir algo de qualidade e com um custo menor.

Atte.,

Em 1 de dezembro de 2015 10:12, Guimarães Faria Corcete DUTRA, Leandro <
l...@dutras.org> escreveu:

> 2015-12-01 9:54 GMT-02:00 Flavio Menezes dos Reis <
> flavio-r...@pge.rs.gov.br>:
> >
> > O interessante da opinião é que cada um tem a sua hehehehe. Só pra dizer
> que
> > discordo da tua afirmação "Não vejo porque uma coisa implicaria na
> outra".
> > Ora, se o negócio da ICP-Brasil é promover a certificação, nada mais
> > importante do que todas as frentes possíveis (com custo admissível) que
> > tornem o seu uso o mais massificante possível.
>
> Sim, claro.  Mas o dinheiro da ICP Br não deve ser ilimitado; havendo
> voluntários, tanto melhor.
>
>
> > Qual seria a alternativa, por curiosidade?
>
> Já havia dito, e acabo de dizer novamente…
>
> Aliás, é uma patologia bem brasileira achar que alguém mais deve
> fazer, de preferência com dinheiro público, em vez de botar seu
> próprio tempo, dinheiro e (ou) habilidades em jogo.
>
>
> --
> skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
> +55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
> +55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
> BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm
>
>


-- 
Flávio Menezes dos Reis
Analista de Informática
Procuradoria-Geral do Estado do RS
(51) 3288 1764

Re: VideoConferencia

2015-12-01 Thread Maykel Franco 
El día 1 de diciembre de 2015, 1:17, Ricardo Adolfo Sánchez Arboleda
 escribió:
> http://openmeetings.apache.org/
>
>
> *Saludes;*
>
> rasa.
>
>
> El día 27 de noviembre de 2015, 9:12, frank.sc
>  escribió:
>> Hola Lista Necesito saber como crear un servidor de vídeo conferencias en
>> debian
>> Saludos
>>
>> --
>> Frank A Sanchez Calzada
>>
>> Especialista B en Ciencias Informáticas
>>
>> División de Talleres Asertec Holguin
>>
>> Jabber: fr...@jabber.asertec.azcuba.cu
>>
>> Telf: (024)426446
>>
>

Yo he probado openmeetings que funciona muy bien, con pizarra, subida
de archivos, videoconferencia muy chulo y tambien bigbluebutton:

http://bigbluebutton.org/

Que funciona muy bien también.

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Guimarães Faria Corcete DUTRA , Leandro 
2015-12-01 9:54 GMT-02:00 Flavio Menezes dos Reis :
>
> O interessante da opinião é que cada um tem a sua hehehehe. Só pra dizer que
> discordo da tua afirmação "Não vejo porque uma coisa implicaria na outra".
> Ora, se o negócio da ICP-Brasil é promover a certificação, nada mais
> importante do que todas as frentes possíveis (com custo admissível) que
> tornem o seu uso o mais massificante possível.

Sim, claro.  Mas o dinheiro da ICP Br não deve ser ilimitado; havendo
voluntários, tanto melhor.


> Qual seria a alternativa, por curiosidade?

Já havia dito, e acabo de dizer novamente…

Aliás, é uma patologia bem brasileira achar que alguém mais deve
fazer, de preferência com dinheiro público, em vez de botar seu
próprio tempo, dinheiro e (ou) habilidades em jogo.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Problems with Gmail IMAP on Icedove

2015-12-01 Thread Liam O'Toole 
On 2015-11-30, Lisi Reisz  wrote:
> I have been trying to set up IMAP from two different accounts on Gmail in 
> Icedove: 31.8.0-1~deb7u1.  I have tired changing the password in case I had 
> got it wrong, I have retyped everything several times, I have copied and 
> pasted, I have crawled up the wall, then I suddenly started to get messages 
> from Gmail:
> 
>
> Sign-in attempt prevented
>
>
>
> Hi x,
> Someone just tried to sign in to your Google Account xx...@gmail.com
> from an app that doesn't meet modern security standards.
>
> Details:
> Monday, 30 November 2015 22:35 (GMT)We strongly recommend that you use a
> secure app, like Gmail, to access your account. All apps made by Google
> meet these security standards. Using a less secure app, on the other hand,
> could leave your account vulnerable. Learn more
>.
>
> Google stopped this sign-in attempt, but you should review your recently
> used devices:
> -
>
> I have spent an hour at least trying to enter the * details - and they 
> were fine.  Google had just decided to block me.
>
> The purpose of the exercise wasn't to access the mail, which is only 
> gibberish.  The purpose is to test setting up an IMAP account in Icedove from 
> Gmail.
>
> What do I do now?  Install Thunderbird?  Will it even work in Thunderbird?  
> Give up and tear my hair out?  Icedove isn't even mentioned on the Devices 
> and Activities page or I could tell it to accept it.  And Google would claim 
> that it is being helpful!
>
> I can use Icedove on Wheezy to fetch email from Gmail via POP3.  G.
>
> Lisi
>

Icedove 31.8.0-1~deb8u1 (Jessie) works fine. Google seem to have a
very subtle understanding of Debian version numbers.

-- 

Liam

Re: Debian Wheezy boot messages

2015-12-01 Thread Liam O'Toole 
On 2015-11-30, Klaus Jantzen  wrote:
> Hallo,
>
> where are the messages stored that Debain produces during booting (checking
> of various components, startup of e.g. postgresql, messages issued by
> /udev,
> error messages in case a routine could not be started, etc).
>
> I looked in /var/log through all logs but could not find those messages.
>

Try the bootlogd package:

https://packages.debian.org/wheezy/bootlogd

-- 

Liam

Re: Fwd: Fwd: Editor de Vídeo

2015-12-01 Thread Isaac Ferreira Filho 



On 28-11-2015 14:31, Paulo Alexandre A. P. de Oliveira wrote:

Tenho usado o kdenlive, para fazer mini video-formações num Atom, e
tenho feito 5 estrelas.

O ambiente de trabalho é KDE.


Também uso o kdenlive e recomendo!

--
Isaac Ferreira Filho
http://yzakius.eu
Jabber: isaacmob arroba riseup.net
@yzakius

Re: [OT] Re: Eliminar indices graylog Debian Wheezy

2015-12-01 Thread Maykel Franco 
El día 31 de octubre de 2015, 17:16, Camaleón  escribió:
> El Sat, 31 Oct 2015 15:01:59 +0100, Maykel Franco escribió:
>
>> Buenas, tengo un servidor graylog que se está llenando el almacenamiento
>> y me gustaría borrar índices de elasticsearch para así liberar espacio,
>> por ejemplo lo anterior a un mes, he cambiado los siguientes parámetros
>> en server.conf y reiniciado graylog pero no libera espacio...
>
> (...)
>
>> Me falta algo o estoy haciendo algo mal?
>
> Revisa este artículo:
>
> A Retention Complication
> http://secopsmonkey.com/a-retention-complication.html
>
> Saludos,
>
> --
> Camaleón
>

Retomo este tema...

He seguido la guía que me pasastes, cambiado los parámetros según como
dice y sigue sin rotar ni un solo GB... Tengo ya usados 662G y no
libera...

http://pastebin.com/HtEBwVYE

La verdad no sé que hacer porque me quedo sin espacio... Otra opción
es borrar todos los índices pero eso no es solución, dentro de unos
meses estaré igual...

Alguna sugerencia?

Nettoyage du spam : novembre 2015

2015-12-01 Thread jean-pierre giraud 
Bonjour,
Comme nous sommes en décembre, il est désormais possible de
traiter les archives du mois de novembre 2015 des listes francophones.

N'oubliez bien sûr pas d'ajouter votre nom à la liste des relecteurs
pour que nous sachions où nous en sommes.

Détails du processus de nettoyage du spam sur :

https://wiki.debian.org/I18n/FrenchSpamClean

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Chris Bannister 
On Mon, Nov 30, 2015 at 05:10:33PM -0800, Marc Shapiro wrote:
> On 11/30/2015 04:45 PM, Mike Kupfer wrote:
> >Marc Shapiro wrote:
> >
> >>On 11/30/2015 04:01 PM, Mike Kupfer wrote:
> >>>- Boot a Live image and see what resolution it gives you.
> >>I can still boot into Wheezy and get 1920x1080.
> >I meant a Jessie Live image.
> >
> >Though given that you didn't find an old xorg.conf file, the odds of the
> >Live image doing something different seem pretty slim.
> >
> >I agree with Felix's recommendation to post information about the
> >graphics card and at least the Jessie X log file (having both the Jessie
> >and Wheezy log files would be better).
> >
> >regards,
> >mike
> I have a copy of Xorg.0.log for both Wheezy and Jessie.  How do I post them
> to paste.debian.net?

Please post them to the mailing list for future info.
It's only Felix who suggests that, you've been on the list long enough
to know that logs are sent with the emails.

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Leandro Guimarães Faria Corcete DUTRA 
Le 1 décembre 2015 08:44:28 GMT-02:00, Flavio Menezes dos Reis 
 a écrit :
>
>Simplesmente porque a ITI é a responsável pela ICP-Brasil. Sendo assim
>ela deveria centralizar as ações para o desenvolvimento desses software.

Não vejo porque uma coisa implicaria na outra.


>Quem melhor do que a ITI para fomentar isto, inclusive, com uma
>comunidade trabalhando neste sentido?

Em tempos de crise, quem tiver orçamento.  Ou, melhor ainda, voluntários.


>Vês outra alternativa?

Sim.



-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191 (Net)gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691 (Vivo) ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Flavio Menezes dos Reis 
Leandro,

O interessante da opinião é que cada um tem a sua hehehehe. Só pra dizer
que discordo da tua afirmação "Não vejo porque uma coisa implicaria na
outra". Ora, se o negócio da ICP-Brasil é promover a certificação, nada
mais importante do que todas as frentes possíveis (com custo admissível)
que tornem o seu uso o mais massificante possível.

Eu faria um paralelo simplório a uma montadora de automóveis e a
necessidade de investir em dezenas, senão centenas de conveniados em sua
rede autorizada para que o usuário tenha um pós-venda minimamente eficaz e
dê alguma credibilidade à marca. Vide o que fez a Hyundai em parceria com a
CAOA ou mesmo a JAC Motors.

Qual seria a alternativa, por curiosidade?

Atte.,

Em 1 de dezembro de 2015 09:38, Leandro Guimarães Faria Corcete DUTRA <
l...@dutras.org> escreveu:

> Le 1 décembre 2015 08:44:28 GMT-02:00, Flavio Menezes dos Reis <
> flavio-r...@pge.rs.gov.br> a écrit :
> >
> >Simplesmente porque a ITI é a responsável pela ICP-Brasil. Sendo assim
> >ela deveria centralizar as ações para o desenvolvimento desses software.
>
> Não vejo porque uma coisa implicaria na outra.
>
>
> >Quem melhor do que a ITI para fomentar isto, inclusive, com uma
> >comunidade trabalhando neste sentido?
>
> Em tempos de crise, quem tiver orçamento.  Ou, melhor ainda, voluntários.
>
>
> >Vês outra alternativa?
>
> Sim.
>
>
>
> --
> skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
> +55 (61) 3546 7191 (Net)gTalk: xmpp:leand...@jabber.org
> +55 (61) 9302 2691 (Vivo) ICQ/AIM: aim:GoIM?screenname=61287803
> BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm
>
>


-- 
Flávio Menezes dos Reis
Analista de Informática
Procuradoria-Geral do Estado do RS
(51) 3288 1764

Re: [Montage usb téléphone]Pas accès aux données de la carte SD

2015-12-01 Thread steve 

Le 01-12-2015, à 11:40:01 +0100, Grégory Bulot a écrit :


En fait pas résolu, je m'étais trompé de téléphone 
 
 Elle est belle celle-là :)

Re: A stop job is running for...

2015-12-01 Thread Sven Arvidsson 
On Mon, 2015-11-30 at 21:04 -0500, Jape Person wrote:
> Make remote CUPS printers available locally
> Network Time Synchronization
> 
> For several weeks I've been seeing this stop job notification for
> these 
> two items frequently when rebooting or shutting down two of my four 
> testing systems.
> 
> The first notification counts all the way up to 1 min 30 sec before
> the 
> shutdown scroll restarts. The second notification only counts for a
> few 
> seconds before terminating.
> 
> I'm a patient guy, but adding almost two minutes to almost every
> restart 
> or shutdown procedure gets a bit tedious after a while.

Yes, I have noticed this too, but with different services. So it's
probably not specific to CUPS or NTP.

Unfortunately it seems to always happen when I need to shutdown quickly
(thunderstorms). Would be great if it was possible to configure the
countdown to simply kill the service after a few seconds and proceed
with shutdown/reboot.

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5





signature.asc
Description: This is a digitally signed message part

Re: Fail2ban

2015-12-01 Thread andre_debian 
On Tuesday 01 December 2015 14:28:18 Philippe Gras wrote:
> Le 1 déc. 2015 à 14:17, andre_deb...@numericable.fr a écrit :
> > J'avais lancé un help sur ce sujet et modifié
> > jail.conf et fail.local
> > Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
> > (tentatives de connexions sur des comptes mail) :
> > "authentication failure; logname= uid=0 euid=0 tty=dovecot 
> > ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
> > Une personne qui n'est pas le propriétaire du mail,
> > tente de se connecter 66 fois alors que le "maxretry=3"
> > Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
> > (je l'avais bien relancé).

> Cette adresse IP est-elle rapportée dans Logwatch d'un jour à l'autre ? :

Les IP intrusives changent d'un jour à l'autre.

> La période de ban peut être augmentée (> 1 mois c'est bien) :

Quelle est la ligne à ajouter/ configurer dans les fichiers jail.conf 
et .local ?

> Sinon, les requêtes peuvent avoir été envoyées en même temps, et en
> masse, c'est une technique utilisée pour passer les filtres fail2ban :

Comment contourner la technique des ? :
"requêtes envoyées en même temps et en masse".

André

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Marc Shapiro 

On 12/01/2015 04:15 AM, Chris Bannister wrote:

On Mon, Nov 30, 2015 at 05:10:33PM -0800, Marc Shapiro wrote:

On 11/30/2015 04:45 PM, Mike Kupfer wrote:

Marc Shapiro wrote:


On 11/30/2015 04:01 PM, Mike Kupfer wrote:

- Boot a Live image and see what resolution it gives you.

I can still boot into Wheezy and get 1920x1080.

I meant a Jessie Live image.

Though given that you didn't find an old xorg.conf file, the odds of the
Live image doing something different seem pretty slim.

I agree with Felix's recommendation to post information about the
graphics card and at least the Jessie X log file (having both the Jessie
and Wheezy log files would be better).

regards,
mike

I have a copy of Xorg.0.log for both Wheezy and Jessie.  How do I post them
to paste.debian.net?

Please post them to the mailing list for future info.
It's only Felix who suggests that, you've been on the list long enough
to know that logs are sent with the emails.

I have posted them to the list.  My post of Nov. 30 (yesterday) at 5:27 
PM PDT contains the full content of both log files.


Marc

Re: Trying to remove "architecture i386"

2015-12-01 Thread Martin Read 

On 01/12/15 08:47, Ansgar Burchardt wrote:

Do you still have any i386 packages installed? I think running

   dpkg -l "*:i386"

should list them (I don't use multiarch myself, but it works for the
native architecture and "*:all").


I can confirm on my multiarch system that the command you suggest will 
do what you intend.

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Sven Arvidsson 
On Mon, 2015-11-30 at 23:11 -0800, Marc Shapiro wrote:
> In Wheezy, the graphics card seems to have been found and a depth of 
> 24bpp is being used by RADEON(0) with a GB of graphics memory, while
> in 
> Jessie, Screen 0 is getting deleted and the radeon module is removed.
>   
> Instead of RADEON(0) we see FBDEV(0), instead of 24bbp, only 16bbp is
> being used.  Only 1536kB of video memory is being used and the screen
> size is set to "Virtual size is 1024x768 (pitch 1024)".
> 
> I don't know enough to determine what is causing these differences,
> let 
> alone how to correct the problem.  If someone else can figure out a 
> solution I would be most grateful.

Most likely missing firmware as others have suggested, check dmesg and
grep for radeon and/or drm. 

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5





signature.asc
Description: This is a digitally signed message part

Re: OT: reply styles, family matters

2015-12-01 Thread Bob Bernstein 

On Tue, 1 Dec 2015, Lisi Reisz wrote:


On Tuesday 01 December 2015 08:54:27 Mart van de Wege wrote:


Why not do your correspondents the courtesy of replying in 
the style *they* want?


That's fine, so long as you are not required to reply.  And so 
long as you don't want the discussion to remain vaguely on 
track.


And, so long as you _know_ what that desired style is. I've been 
trading emails with my nephew for years with nary a peep from 
him that he was annoyed by, of all things, my email reply style. 
Last night, I guess he had just had it "up to HERE" with me and 
my pompous internet posing!


I have to think about this a bit more because I am starting to 
have it UP TO HERE with him just writing this message! 


Thanks all. I knew I could find cooler heads here than in my 
family.


--
Bob Bernstein

Re: Fail2ban

2015-12-01 Thread andre_debian 
Bonjour,
 
J'avais lancé un help sur ce sujet et modifié jail.conf et jail.local
 
Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
(tentatives de connexions sur des comptes mail) :
 
"authentication failure; logname= uid=0 euid=0 tty=dovecot 
ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
 
Une personne qui n'est pas le propriétaire du mail,
tente de se connecter 66 fois alors que le "maxretry=3"
 
Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
(je l'avais bien relancé).
 
André

Re: Fail2ban

2015-12-01 Thread Philippe Gras 

Le 1 déc. 2015 à 14:17, andre_deb...@numericable.fr a écrit :

> Bonjour,
> 
> J'avais lancé un help sur ce sujet et modifié
> jail.conf et fail.local
> 
> Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
> (tentatives de connexions sur des comptes mail) :
> 
> "authentication failure; logname= uid=0 euid=0 tty=dovecot 
> ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"

Cette adresse IP est-elle rapportée dans Logwatch d'un jour à l'autre ?

La période de ban peut être augmentée (> 1 mois c'est bien ;-))

Sinon, les requêtes peuvent avoir été envoyées en même temps, et en

masse, c'est une technique utilisée pour passer les filtres fail2ban.
> 
> Une personne qui n'est pas le propriétaire du mail,
> tente de se connecter 66 fois alors que le "maxretry=3"
> 
> Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
> (je l'avais bien relancé).
> 
> André
>

Re: Fail2ban

2015-12-01 Thread Bernard Schoenacker 
Le Tue, 1 Dec 2015 14:17:43 +0100,
andre_deb...@numericable.fr a écrit :

> Bonjour,
> 
> J'avais lancé un help sur ce sujet et modifié
> jail.conf et fail.local
> 
> Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
> (tentatives de connexions sur des comptes mail) :
> 
> "authentication failure; logname= uid=0 euid=0 tty=dovecot 
> ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
> 
> Une personne qui n'est pas le propriétaire du mail,
> tente de se connecter 66 fois alors que le "maxretry=3"
> 
> Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
> (je l'avais bien relancé).
> 
> André
> 

bonjour,


serait il possible de comparer avec cet exemple :

http://wiki.dovecot.org/HowTo/Fail2Ban

ensuite, serait il possible de donner la version de dovecot installée ?


et de lire ceci : /usr/share/doc/fail2ban/run-rootless.txt



slt
bernard

Re: Fail2ban

2015-12-01 Thread Bernard Schoenacker 
Le Tue, 1 Dec 2015 14:43:12 +0100,
Bernard Schoenacker  a écrit :

> Le Tue, 1 Dec 2015 14:17:43 +0100,
> andre_deb...@numericable.fr a écrit :
> 
> > Bonjour,
> > 
> > J'avais lancé un help sur ce sujet et modifié
> > jail.conf et fail.local
> > 
> > Malgré, j'ai toujours ce type de message dans mon logwatch
> > quotidien, (tentatives de connexions sur des comptes mail) :
> > 
> > "authentication failure; logname= uid=0 euid=0 tty=dovecot 
> > ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"
> > 
> > Une personne qui n'est pas le propriétaire du mail,
> > tente de se connecter 66 fois alors que le "maxretry=3"
> > 
> > Ici, fail2ban ne joue pas son rôle, il reste insensible à ses
> > configs. (je l'avais bien relancé).
> > 
> > André
> >   
> 
> bonjour,
> 
> 
> serait il possible de comparer avec cet exemple :
> 
> http://wiki.dovecot.org/HowTo/Fail2Ban
> 
> ensuite, serait il possible de donner la version de dovecot
> installée ?
> 
> 
> et de lire ceci : /usr/share/doc/fail2ban/run-rootless.txt
> 
> 
> 
> slt
> bernard
> 

bonjour,

j'ai oublié un lien :

http://www.fail2ban.org/wiki/index.php/Talk:Dovecot

slt
bernard

Re: OT: reply styles, family matters

2015-12-01 Thread Chris Bannister 
On Mon, Nov 30, 2015 at 09:27:02PM -0500, Neal P. Murphy wrote:
> I'll top-post here because I am replying to the entire message (quoted below).

Sorry to be picky, but there was nothing in the text to which you
directly replied to. 

I think personal correspondence is completely different to posting and
replying on a mailing list where it is presumed that posters are using
and familiar with a thread capable mail client.

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X

Re: OT: reply styles, family matters

2015-12-01 Thread Chris Bannister 
On Mon, Nov 30, 2015 at 08:31:29PM -0500, Bob Bernstein wrote:
> 
> "Please don't respond line by line. It is patronizing and
> annoying."

What did he say when you asked what he meant by this? I mean, how on
earth could it possibly be patronising?

I'm guessing your nephew isn't subscribed to any mailing lists.

Would I be correct in that he uses Windoze and outhouse as a mailer?

Of course I could be completely wrong, it is just a guess, but I am
intrigued as to how he could find inline responses annoying ... unless
... his client doesn't handle it properly.

I must admit reading mail from yahoo and outhouse mailers is difficult
at the best of times, and is perhaps one reason why top posting is
preferred.

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X

Re: Software Livre assinador de documentos PDF

2015-12-01 Thread Humberto A. Sousa 

Esquema de cartório.
Padrão Brasil.

Saudações,


Humberto Araujo de Sousa
humbe...@dontec.com.br

Em 30/11/2015 22:41, Jamenson Ferreira Espindula de Almeida Melo escreveu:

Saudações.   Olha só que "festa" eu quero estragar:



30 de novembro de 2015, 16h35

Por Tadeu Rover

A Ordem dos Advogados do Brasil passa a oferecer um portal de
assinaturas que permite ao advogado assinar documentos on-line. A
ferramenta possibilita a assinatura e transmissão do documento por
meio digital, sem necessidade de papel ou deslocamento para recolher
as assinaturas de todas as partes interessadas.

O serviço oferecido pela OAB é uma parceria com a Certisign, empresa
fornecedora de certificados digitais. Umas das principais facilidades
da ferramenta é que a assinatura on-line elimina a necessidade dos
signatários estarem no mesmo local para as assinaturas, gerando
economia e celeridade.

Atualmente, 50% dos advogados do país utilizam o Certificado Digital
OAB. "Isso significa que os processos judiciais estão cada vez mais
digitais, seguros e transparentes no país, e entendemos que esses
benefícios podem ser ampliados para os escritórios e seccionais. Por
isso, agora, disponibilizamos o Portal de Assinaturas OAB, no qual o
advogado pode assinar qualquer documento por meio do certificado
digital, assim como as seccionais podem migrar seus processos físicos
para o digital por meio da solução", diz o presidente do Conselho
Federal da OAB, Marcus Vinicius Furtado Coêlho.

Entre as diversas funções da ferramenta disponibilizada pela OAB
estão: criação de fluxos, assinatura em lote, notificação automática
dos signatários e a possibilidade de envio e armazenamento do
documento diretamente na plataforma.

O sistema é compatível com qualquer tipo de Certificado Digital
ICP-Brasil e pode ser experimentado gratuitamente. Os advogados com
certificado OAB tem direito a assinar 20 documentos sem custo,
enquanto que os profissionais com certificados digitais emitidos por
outra entidade podem assinar 10 documentos gratuitamente.

Outro serviço anunciado pela OAB é a versão mobile do Certificado
Digital OAB, que estará disponível aos advogados no início do próximo
ano. "A possibilidade de o advogado poder armazenar o certificado no
celular ou tablet concede a ele muito mais mobilidade e comodidade. Em
qualquer lugar, ele pode acessar as aplicações que exigem o uso do
certificado e fazer o que precisa ser feito", afirma o presidente da
OAB.

Sem certificado
A assinatura eletrônica de documentos também é possível sem a
certificação digital. Para isso, os signatários são autenticados de
diferentes maneiras com a confirmação de dados pessoais.

Marcelo Kramer, um dos sócios fundadores da Clicksign — empresa que
oferece esse serviço no Brasil —, explica que, além do certificado
digital, há outras maneiras de autenticar a assinatura. "Nós
registramos múltiplos pontos de autenticação do signatário, tais como
o endereço de e-mail (confirmado por meio de um link único), endereço
de IP, nome e CPF. Caso seja necessário, é possível colocar ainda mais
pontos de autenticação."

Kramer explica que o documento tem a mesma validade de um documento
físico. De acordo com ele, a legislação brasileira aceita, além de
certificação digital, outros meios para comprovação de autoria e
integridade.

Na Clicksign, a cobrança é feita por cada documento assinado,
independentemente do número de signatários e do tamanho do documento.
O valor varia conforme as especifidades de cada caso e da quantidade
de documentos contratados. Com informações da Assessoria de Imprensa
da OAB.


Fonte: 
.
   Acesso em: 30 nov. 2015.   21:15:45.


Eu apenas entendo que a assinatura digital de documentos não deveria
ser uma fonte de rendimentos.   Eu até concordo em comprar o chamado
"certificado digital", mas pára por aí.


Espero ter me feito entender.


Jamenson Ferreira Espindula de Almeida Melo
Usuário GNU/Linux nº 166197
https://linuxcounter.net/cert/166197.png

Impressão digital da chave:
234D 1914 4224 7C53 BD13  6855 2AE0 25C0 08A8 6180

Fail2ban

2015-12-01 Thread andre_debian 
Bonjour,

J'avais lancé un help sur ce sujet et modifié
jail.conf et fail.local

Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
(tentatives de connexions sur des comptes mail) :

"authentication failure; logname= uid=0 euid=0 tty=dovecot 
ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"

Une personne qui n'est pas le propriétaire du mail,
tente de se connecter 66 fois alors que le "maxretry=3"

Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
(je l'avais bien relancé).

André

Re: Debian Wheezy boot messages

2015-12-01 Thread Brian 
On Tue 01 Dec 2015 at 12:33:23 +, Liam O'Toole wrote:

> On 2015-11-30, Klaus Jantzen  wrote:
> > Hallo,
> >
> > where are the messages stored that Debain produces during booting (checking
> > of various components, startup of e.g. postgresql, messages issued by
> > /udev,
> > error messages in case a routine could not be started, etc).
> >
> > I looked in /var/log through all logs but could not find those messages.
> >
> 
> Try the bootlogd package:
> 
> https://packages.debian.org/wheezy/bootlogd

This mail might be of interest:

  https://lists.debian.org/debian-user/2015/10/msg00199.html

   > bootlogd is a hack and does not work properly under
   > sysvinit and not at all under systemd.

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

2015-12-01 Thread Felix Miata 
Marc Shapiro composed on 2015-12-01 07:15 (UTC-0800):

> I will install  firmware-amd-graphics as soon as I get a chance 

firmware-linux-nonfree is what worked on Jessie for my Cedar and for Mart.

> (probably this evening) and report back.  Meanwhile, Felix says that he 
> never received my post with the full logs and others seem not to have 

Looks like it never reached
https://lists.debian.org/debian-user/2015/12/threads.html either, possibly
due to excessive size, or maybe pasting as attachment rather than inline.

> received them, either, by what they have posted.  For the sake of 
> keeping all of the information available for the future, I will post 

Some people think "all information" should be saved for the future. Others
don't. It's your choice. Be aware that "all information" in the case of Xorg
logs and dmesg is voluminous, and like other mailing list info, stays on the
Internet forever. As some small portion of Xorg.0.log is arguably personal,
one may not wish it to be available forever. Those concerned with noise in
archive searches also may prefer the linking method of log sharing. Little in
those logs is actually relevant to solution, and often, what is is relevant
only to the OP.

Chris Bannister's opinion how to share voluminous data is not universal. On
some other mailing lists, inclusion is explicitly frowned upon. There are no
published/official rules here (of which I'm aware, and I did look) that say
one must or must not pollute list archives with voluminous logs.
http://paste.debian.net/ and other pastebins exist for good reason. Ephemeral
need is precisely one of them. Reducing loss of privacy is another.

> them at that time, as well.  Should they be sent as attachments, or 
> inline.  I sent them as attachments last time. Could that have been the 
> problem?

At this point, what's the point? Solution has almost certainly been
determined to be missing firmware. Xorg.0.log and dmesg won't explain why
firmware was installed in Wheezy but wasn't installed in Jessie. If your
trouble continues after installing firmware, previous logs are unlikely to be
helpful to resolution.
-- 
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: OT: reply styles, family matters

2015-12-01 Thread Bob Bernstein 

On Wed, 2 Dec 2015, Chris Bannister wrote:

"Please don't respond line by line. It is patronizing and 
annoying."


What did he say when you asked what he meant by this? I mean, 
how on earth could it possibly be patronising?


I haven't asked him yet, in the interest of not muddying still 
waters. I've been thinking about his "patronizing" response and 
I believe it is an objection to the obvious clarity and 
precision that inline responses afford. Clarity and precision 
are not exactly in the ascendancy as far as cultural values are 
concerned. It is thought much more important to be "passionate" 
and "authentic," In the introductory assay of a little book of 
his from 1928, _Sceptical Essays_, Russell said


"...it is undesirable to believe a proposition for which there 
is no ground whatever for supposing it true."


Nobody anymore has the least interest in such an approach to 
life, in fact, it is deemed dangerous and probably evil in most 
of our university English departments and beyond.


However Russell's little gem of a claim describes very 
accurately what is done on email lists devoted to computing 
topics. We want to know what is the case, and why. The vast 
majority of our fellow citizens *do* find a constant focus on 
those aims quite disconcerting in any context, and, very likely, 
"patronizing." They think "How dare you subject me to 
your rules of inference and standards of factuality! What sort 
of horrible person are you?"


I'm guessing your nephew isn't subscribed to any mailing 
lists.


I doubt it.

Would I be correct in that he uses Windoze and outhouse as a 
mailer?


He uses a gmail account with "Ipad Mail".

Oh well. Thanks Chris.

--
Bob Bernstein

Re: Fail2ban

2015-12-01 Thread Jean-Jacques Doti 

Le 01/12/2015 14:17, andre_deb...@numericable.fr a écrit :

Bonjour,

J'avais lancé un help sur ce sujet et modifié
jail.conf et fail.local

Malgré, j'ai toujours ce type de message dans mon logwatch quotidien,
(tentatives de connexions sur des comptes mail) :

"authentication failure; logname= uid=0 euid=0 tty=dovecot
ruser=pascal.b@ rhost=212.83.40.56 : 66 Times"

Une personne qui n'est pas le propriétaire du mail,
tente de se connecter 66 fois alors que le "maxretry=3"

Ici, fail2ban ne joue pas son rôle, il reste insensible à ses configs.
(je l'avais bien relancé).

André


Salut,

En fait, le soucis se situe directement dans la façon dont fail2ban 
fonctionne.
Le principe est que fail2ban scrute des fichiers de logs à la recherche 
de certaines chaînes de caractères. Pour dovecot, c'est le fichier 
/var/log/mail.log qui est examiné (cf /etc/fail2ban/jail.conf section 
[dovecot]). La chaîne "authentication failure" est normalement bien 
repérée et l'adresse IP du client récupérée (cf 
/etc/fail2ban/filter.d/dovecot.conf). Cette adresse IP es bloquée (via 
iptables) si elle apparaît plus d'un certains nombre de fois pendant un 
certain laps de temps (par défaut 3 apparitions en 600 secondes).

Or dovecot a tendance à indiquer les erreurs de connexions ainsi :
authentication failure; logname= uid=0 euid=0 tty=dovecot 
ruser=pascal.b@ rhost=212.83.40.56 : 66 Times
c'est à dire avec une seule ligne indiquant de nombreux échecs 
d'authentification (il s'agit peut-être du nombre d'echec au cours d'une 
même connexion TCP). Du coup, fail2ban n'enregistre, dans ce cas, qu'une 
seule tentative (une seule ligne) et l'IP du client n'est pas 
immédiatement bloquée.


Je ne vois pas trop comment changer ce comportement facilement.
Il doit être possible d'arriver à quelque chose d'accpetable en 
indiquant "auth_verbose=yes" dans /etc/dovecot/conf.d/10-logging.conf et 
en modifiant ou en ajoutant un filtre fai2ban spécifique (les tentatives 
d'authentification sont alors toutes loggées, mais le format est 
différent de ce que fail2ban recherche en standard avec la configuration 
Debian).


J'espère que je n'ai pas été trop confus dans mes explications et je 
suis désolé de ne pas pouvoir fournir une solution clé en main…


A+
Jean-Jacques