date:20160810

On Wed, Aug 10, 2016 at 11:44:19AM -0700, pe...@easthope.ca wrote:
> Thanks Liam and Dan.
> 
> From: Dan Ritter , Wed, 10 Aug 2016 12:12:14 -0400
> > ... if you used XINERAMA or NVidia or AMD's proprietary tools, ...
> 
> Used xrandr commands in .xsessionrc.

xrandr controls XINERAMA, Intel, NVidia or AMD driver features.

What driver are you using?

Do you have a completely dynamic xorg.conf, or one that you
wrote or edited?

> Is xrandr capable of setting the screen numbers as suggested above.  
> If so, a tip will help.  If not, what approach might work?

I think you want to read
https://wiki.archlinux.org/index.php/multihead

to understand the terminology and the capabilities.

It sounds like you are asking for separate screens, rather than
multihead (merged screens) or Zaphod (separate screens, separate
X sessions, possibly separate users). That requires lower-level 
configuration than xrandr.

-dsr-

Re: The DISPLAY variable.

2016-08-10 Thread peter

Thanks Liam and Dan.

From:   Dan Ritter , Wed, 10 Aug 2016 12:12:14 -0400
> ... if you used XINERAMA or NVidia or AMD's proprietary tools, ...

Used xrandr commands in .xsessionrc.

peter@dalton:~$ cat .xsessionrc
# dalton:/home/peter/.xsessionrc created 2014-12-10.
#xrandr --output VGA-0 --auto
xrandr --output VGA-0 --mode 1280x960 --rate 85.0
xrandr --output DVI-0 --auto --right-of VGA-0

> You would need to reconfigure. 

I read the xrandr manual and added --screen parameters.
xrandr --output VGA-0 --mode 1280x960 --rate 85.0 --screen 0
xrandr --output DVI-0 --auto --right-of VGA-0 --screen 1

No luck.  The DVI screen is overlaid on the VGA.  The display is worse.
I didn't find an error message.  Seems that my revised .xsessionrc is 
syntactically correct.

Is xrandr capable of setting the screen numbers as suggested above.  
If so, a tip will help.  If not, what approach might work?

Thanks,   ... Peter E.

-- 
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel +1 360 639 0202 
http://easthope.ca/Peter.html Bcc: peter at easthope. ca

Re: Récupérer un partitionnement détruit par Windows7.

2016-08-10 Thread Randy11


On 08/08/2016 20:49, Pascal Hambourg wrote:

Le 08/08/2016 à 15:15, hamster a écrit :

Le 08/08/2016 14:46, Randy11 a écrit :


Existe-t-il une solution pour restaurer le partitionnement initial ?


testdisk et photorec sont tes amis, pour ton probleme, surtout testdisk


Ou bien gpart (à ne pas confondre avec gparted ou gdisk).



Bonjour,

Merci pour l'aide, 1.8 To récupéré !

Bon, j'ai utilisé Testdisk comme c'était le premier outil proposé et que 
j'ai

commencé à l'utiliser tout de suite vu la situation. Testdisk permet de
naviguer dans la partition susceptible d'être restaurée ce qui est 
rassurant.


Je viens de regarder la page "man" de Gpart où j'ai trouvé "No checks 
are performed
whether a found filesystem is clean or even consistent/mountable". À 
priori, sans avoir
utilisé Gpart en condition réelle, le fait que Tesdisk vérifie la 
partition me semble un

atout. Maintenant, je serais content d'en apprendre plus sur Gpart.

Alors, encore merci à tous.

Randy11.

Re: The DISPLAY variable.

2016-08-10 Thread deloptes

pe...@easthope.ca wrote:

> xrandr recognizes only one screen?  Why?  Any ideas to have
> the two screens recognized according to the documentation?
> 
> Thanks,             ... Peter E.

Screen and display are completely different things in different contexts.

If you have 1 graphic card you usually have 1 screen and one display, which
would correspond to DISPLAY=:0.0 in X11 terminology.
If you have some special card flavor or perhaps two cards you could have 2
displays/screens.

I have the feeling what you call screen or display is not exactly what you
mean. What you mean is most probably monitor. One screen may stretch to
multiple monitors - one display to multiple screens.

DISPLAY=:D.S
D - display
S - screen

http://askubuntu.com/questions/432255/what-is-display-environment-variable

In your case - if you want to put a program window somewhere, you should
work with the position parameter(s) - xoff,yoff

xeyes --help
[-geometry [{width}][x{height}][{+-}{xoff}[{+-}{yoff}]]]

regards

Re: pulseaudio, derivative problems

On Wed 10 Aug 2016 at 13:23:08 -0400, Cindy-Sue Causey wrote:

> On 8/10/16, Brian  wrote:
> > On Wed 10 Aug 2016 at 07:48:22 -0600, Levi Darrell wrote:
> >
> >> > It is not necessary for a user to be in the audio group these days.
> >> >
> >> >   ls -l /dev/snd/*
> >> >
> >> > shows all files have permissions crw-rw+. The "+" sign indicates an
> >> > ACL (Access Control List). Then (as the user)
> >> >
> >> >   getfacl /dev/snd/*
> >> >
> >> > will show whether the user is on the List.
> >> >
> >> > It looks like my user has rw permissions for all those that are in the
> >> audio group.
> >
> > Your user has rw permissions to use sound devices. This is granted in
> > /lib/udev/rules.d/70-uaccess.rules. Being in the audio group is neither
> > here nor there.
> 
> 
> I've posted this before but will share again for the benefit of any
> new newcomers...
> 
> >From Debian's own wiki:
> 
> https://wiki.debian.org/SystemGroups

Quoting from it:

  audio: This group can be used locally to give a set of users
  access to an audio device (the soundcard or a microphone). 

Maybe it can but times have moved on. uaccess takes care of audio access
now. But, are there particular circumstances in which it does this?

An experiment: Remove a user from the audio group (I would use vigr).
Log out and back in. Can an audio CD still be played by the user? If not,
why not?

> Based on that wiki page, group "audio" is about granting access to
> 'audio devices" e.g. soundcards and microphones. Makes it sound like
> it's hardware centric, yes, no? :)

Whatever group "audio" is supposed to do, membership of it may be of no
great consequence. It depends.

Re: pulseaudio, derivative problems

On Wed 10 Aug 2016 at 10:25:43 -0600, Levi Darrell wrote:

> >
> > Being in the audio group is neither
> > here nor there.
> >
> 
>  The audio problem is specifically with pavucontrol. The audio itself still
> works through alsa. I'm inclined to believe it has something to do with
> some of the libraries I installed, since other programs, such as firefox
> and evince, are also failing.

You compiled audacity v. 2.1.2; why not use the version in Stretch,
which is 2.1.2?

I cannot see what pulseaudio does or doesn't do has any bearing on a
document viewer or a web browser behaving correctly.

Re: iso hacked suspicious: answers

Hi,

Andrew F Comly wrote:
> E) Burn iso to media
> dd if=/dev/zero of=/dev/sdb1 bs=1M;
> wait;

Why this overwriting of partition 1 by zeros ?
The partition table will be overwritten by the ISO anyways.

(And on what asynchronous processes are you waiting to end ?)

> ddif=/media/LG/AC/bckup/Install/2_Bootable-OS/Debian/i386/debian-8.5.0-i386-l
xde-CD-1.iso of=/dev/sdb

Blanks matter. :))

Assumed that you did put a blank between "dd" and "/media", the command
would be ok for copying the ISO onto a USB stick at /dev/sdb.
(For me it runs substantially faster if i add option bs=1M.)

Did the command last long enough to be credible ?
Did it report
  1255424+0 records in
  1255424+0 records out
?

>             sudo sha256sum /dev/sdb

As we learn from the copy-to-stick command, we need to curb to 1255424
blocks of dd's default size (512 bytes per block). My USB stick is at
/dev/sdc:

  $ dd if=/dev/sdc count=1255424 | sha256sum
  ...
  fd7729e3bdfcb2b1b8793f5a19096fb2eee3cf709c39112ed2da7e7a2d7f6886  -

  $ fgrep fd7729e3bdfcb2b1b8793f5a19096fb2eee3cf709c39112ed2da7e7a2d7f6886 
SHA256SUMS
  fd7729e3bdfcb2b1b8793f5a19096fb2eee3cf709c39112ed2da7e7a2d7f6886  
debian-8.5.0-i386-lxde-CD-1.iso

Testing with ./check_debian_iso (which counts blocks of 2048 bytes each):

  $ ./check_debian_iso SHA512SUMS debian-8.5.0-i386-lxde-CD-1.iso /dev/sdc
  Piping 313856 blocks of '/dev/sdc' through 'sha256sum'
  to verify checksum list item 'debian-8.5.0-i386-lxde-CD-1.iso'.
  313856+0 records in
  313856+0 records out
  642777088 bytes (643 MB) copied, 31.7854 s, 20.2 MB/s
  Ok: '/dev/sdc' matches 'debian-8.5.0-i386-lxde-CD-1.iso' in 'SHA256SUMS'

Have a nice day :)

Thomas

Re: pulseaudio, derivative problems

2016-08-10 Thread Cindy-Sue Causey

On 8/10/16, Brian  wrote:
> On Wed 10 Aug 2016 at 07:48:22 -0600, Levi Darrell wrote:
>
>> > It is not necessary for a user to be in the audio group these days.
>> >
>> >   ls -l /dev/snd/*
>> >
>> > shows all files have permissions crw-rw+. The "+" sign indicates an
>> > ACL (Access Control List). Then (as the user)
>> >
>> >   getfacl /dev/snd/*
>> >
>> > will show whether the user is on the List.
>> >
>> > It looks like my user has rw permissions for all those that are in the
>> audio group.
>
> Your user has rw permissions to use sound devices. This is granted in
> /lib/udev/rules.d/70-uaccess.rules. Being in the audio group is neither
> here nor there.

I've posted this before but will share again for the benefit of any
new newcomers...

>From Debian's own wiki:

https://wiki.debian.org/SystemGroups

Based on that wiki page, group "audio" is about granting access to
'audio devices" e.g. soundcards and microphones. Makes it sound like
it's hardware centric, yes, no? :)

PS I appreciate that coming back up because I keep forgetting that
potentially helpful little tidbit for my own setup. Audio group =
microphone might finally work.. Check! :)

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* Actually runs into a potentially viable answer 'pon occasion *

Re: iso hacked suspicious: answers


Le 10/08/2016 à 17:13, Andrew F Comly   康大成 a écrit :

iso hacked suspicious: answers

Concerning the other questions re: "E-F)", please find the below answers:

E) Burn iso to media
dd if=/dev/zero of=/dev/sdb1 bs=1M;


This action is not needed. The next command will overwrite previous 
contents anyway.



dd 
if=/media/LG/AC/bckup/Install/2_Bootable-OS/Debian/i386/debian-8.5.0-i386-lxde-CD-1.iso
 of=/dev/sdb


Did you run this command as root with su or sudo ?
Apart from this it looks fine, although you could a block size of at 
least 4096 (4k) to speed up the copy.



F) Check media drive still has same sha512sum hash number


Same as what ? As before the copy (it should have changed) or as the ISO 
image file (it should be different due to different sizes) ?



sudo fdisk -l #(lookup location of burnt iso media)


What do you need to print the partition tables ?


sudo sha256sum /dev/sdb

Re: pulseaudio, derivative problems

2016-08-10 Thread Levi Darrell

>
> Being in the audio group is neither
> here nor there.
>

 The audio problem is specifically with pavucontrol. The audio itself still
works through alsa. I'm inclined to believe it has something to do with
some of the libraries I installed, since other programs, such as firefox
and evince, are also failing.

Re: The DISPLAY variable.

On Wed, Aug 10, 2016 at 07:00:57AM -0700, pe...@easthope.ca wrote:
> 
> Here Debian jessie is running on a machine with two screens 
> connected to one video card.  Therefore try these commands.

There are a bunch of ways of doing that. In particular, if you
used XINERAMA or NVidia or AMD's proprietary tools, you almost
certainly have one "screen", or DISPLAY, even though it is
stretched across two or more monitors.

> peter@dalton:~$ xrandr | grep Screen
> Screen 0: minimum 320 x 200, current 2432 x 960, maximum 4096 x 4096

says that is the case.

> xrandr recognizes only one screen?  Why?  Any ideas to have 
> the two screens recognized according to the documentation?

You would need to reconfigure. 

-dsr-

Re: you iso's may have been hacked

Hi,

Andrew F Comly wrote:
> Am I supposed to edit the script and put something in for magic=' '?

No. Magic is what an ISO 9660 should bear at byte offset 32768:
A byte with ASCII value 1 and five bytes saying "CD001":

  $ dd if=debian-8.4.0-amd64-netinst.iso bs=1 skip=32768 count=6 | od -c
  ...
  000 001   C   D   0   0   1

Your file yielded two blanks on this shell command

  dd if="/dev/sdb" bs=2048 skip=16 count=1 |
  dd bs=1 count=6 | od -x | head -1 | \
  awk '{print $2 " " $3 " " $4}'

Wheras an ISO is supposed to yield (on little-endian machine):

  4301 3044 3130

I get two blanks as result when i apply the command to a file which does
not have 32768 bytes or to which i have no read permission.
Given the fact that you run cmp under sudo, i'd guess it is about read
permission.

To my experience, /dev/sr0 is readable for the desktop user. So one would
not experience this difficulty with optical media.


Have a nice day :)

Thomas

Re: Limiting internet access by time

On Wed, Aug 10, 2016 at 10:51:03AM -0400, Stefan Monnier wrote:
> > a maximum consumption of about 3W, and has no configuration at
> [...]
> > A typical AP needs 10-20W,
> 
> What kind of AP would consume 20W?  Mine consumes around 5W and that includes
> a 2TB disk attached to it (and spinning).

An Asus RT-N56U needs 30W max. A Linksys EA6900 needs 42W. 

Your 2TB spinning disk probably uses 4-5W when it is awake but
not reading/writing.

> > and has an expected lifetime of 1-4 years.
> 
> Where do you get those numbers?  In my world, if it dies on you before
> 5 years, then it was just a really bad quality AP.

In my world, a warranty defines the expected lifetime. Do you
have any 5 year warranted APs that aren't campus-grade units?

As it happens, I have APs which have outlived their warranty
period... which means that I expect to have to replace them
at any point, and am happy each month that goes by without a
failure. 

-dsr-

BEA Systems Users List

2016-08-10 Thread Johanna Goodwin

 

 

Hi, 

A quick follow to you if you are interested in BEA systems Users list to
improve your business campaigns?

We have other organization users list also we will provide you according to
your criteria and interest level in this.

Information Fields: Name, Title, Email, Company Name, and Company Details
like, Physical Address, Web Address, Revenue Size, Employee Size and
industry.

Please review and let me know what technology users you are interested in
and I will get back to you with more information for the same.

Thanks,
Johanna Goodwin
Marketing Analytics

QEMU accessing VLAN

2016-08-10 Thread Andrew Wood

I've got a host with some QEMU virtual machines on it, the host did have 
just one IP address (untagged VLAN) on eth0, Ive now added a second IP 
on VLAN 2 (eth0.2). The host machine is working fine but a QEMU VM is 
not able to access anything on VLAN2.


Im using the default setup whereby QEMU provides NAT. Do I need to alter 
the VM config somehow. I was expecting it to pass packets up to the host 
and the host to recognise which interface it was for and route it out 
accordingly. Obviously Im  missing something. Can anyone advise me please?



Regards

Andrew

Re: The DISPLAY variable.

2016-08-10 Thread Liam O'Toole

pe...@easthope.ca wrote:
> Hi,
> 
> https://wiki.debian.org/EnvironmentVariables has no mention 
> of the DISPLAY variable.
> 
> https://www.debian.org/doc/manuals/debian-reference/ch07.en.html 
> mentions DISPLAY only incidentally in the last section.
> 
> https://www.x.org/archive/X11R6.7.0/doc/X.7.html states, 
> "... every X server has a display name of the form:
>  hostname:displaynumber.screennumber"
> 
> https://en.wikipedia.org/wiki/Environment_variable states,
> "$DISPLAY
> Contains the identifier for the display that X11 programs 
>   should use by default."
> 
> https://wiki.debian.org/Shell states 
> "Within Debian, the default /bin/sh shell must be SUSv3/POSIX 
>   compliant (see debian-policy)."
> 
> https://en.wikipedia.org/wiki/Environment_variable#Unix states,
> "if used in front of a program to run, the variables will be 
>   exported to the environment and thus appear as real environment 
>   variables to the program:
> VARIABLE=value program_name [arguments]"
> 
> Here Debian jessie is running on a machine with two screens 
> connected to one video card.  Therefore try these commands.
> peter@dalton:~$ DISPLAY=:0.0 program
> peter@dalton:~$ DISPLAY=:0.1 program
> In both cases the program runs in a window opened on the left 
> screen.  DISPLAY is ignored?
> 
> Also try program1.
> peter@dalton:~$ DISPLAY=:0.0 program1
> It runs in a window on the right screen.
> 
> peter@dalton:~$ DISPLAY=:0.1 program1
> gives this error.
> "program1: Kernel: Initialized and started.
> Cannot open X11 display :0.1"
> 
> peter@dalton:~$ xrandr | grep Screen
> Screen 0: minimum 320 x 200, current 2432 x 960, maximum 4096 x 4096
> 
> xrandr recognizes only one screen?  Why?  Any ideas to have 
> the two screens recognized according to the documentation?
> 
> Thanks, ... Peter E.
> 

In the second case, try

DISPLAY=:1.0 program1

-- 

Liam

Re: debian dañado ayuda: Resuelto

2016-08-10 Thread Felipe Perry

Si puedes luego sube un video porque es un problema bien común y puede
ayudar a muuuch*s

iso hacked suspicious: answers

2016-08-10 Thread Andrew F Comly 康大成

iso hacked suspicious: answers


#Thanks for the reminder that protonmail didn't save the two email addresses 
that I entered in the "To:" line.


Concerning the other questions re: "E-F)", please find the below answers:

E) Burn iso to media
dd if=/dev/zero of=/dev/sdb1 bs=1M;
wait;
dd 
if=/media/LG/AC/bckup/Install/2_Bootable-OS/Debian/i386/debian-8.5.0-i386-lxde-CD-1.iso
 of=/dev/sdb


F) Check media drive still has same sha512sum hash number
sudo fdisk -l #(lookup location of burnt iso media)
sudo sha256sum /dev/sdb


Sincerely,
Andrew F Comly

[RESUELTO] Samba 4 + RSAT + GPO

2016-08-10 Thread Laotrasolucion



El 09/08/16 a las 13:22, Camaleón escribió:
> El Tue, 09 Aug 2016 12:34:52 -0300, Laotrasolucion escribió:
> 
>> El 09/08/16 a las 11:58, Camaleón escribió:
> 
> (...)
> 
 Lo que si me pareció raro y corrijanme si no es así, es que la carpeta
 sysvol no tiene ACL definidos para grupos de AD. Pienso que deberia
 tener al menos los grupos de "domain admins" "domain users"


 root@pdc:/var/lib/samba# getfacl sysvol/
 # file: sysvol/
 # owner: root # group: root user::rwx group::rwx other::r-x


 Y cuando quiero crear un archivo en una unidad compartida, por ejemplo
 sysvol, me deja crearlo pero no me deja modificarlo o guardarlo.

 desde ya muchas gracias.
>>>
>>> Pues sobre los permisos adecuados de ese recurso, ni idea :-?
>>>
>>> Lo que sí puedes hacer es apuntar los valores que tiene actualmente por
>>> si algo saliera mal y quisieras recuperarlos y reiniciarlos para ver si
>>> coinciden con los que tenías (comando extraído de la wiki¹ de Samba):
>>>
>>> ***
>>> Reset wrong SysVol ACLs (if you use the "sysvolcheck" option, it will
>>> check the ACLs instead)
>>> # samba-tool ntacl sysvolreset ***
>>>
>>> ¹
>>> https://wiki.samba.org/index.php/
> Updating_Samba#Update_an_early_Samba_4_version_on_Samba_Active_Directory_DCs
>>>
>>
>> casualmente probé varias de las soluciones de samba, en el caso que
>> nombras @camaleon no me dio errores de ningún tipo.
> 
> El comando no tiene que darte errores sino establecer los permisos 
> predeterminados sobre el recurso sysvol, nada más. Si te hubiera dado 
> algún error hubiera sido extraño.
> 
>> Navegando por ahí encontré un pdc en jessie que se llama "turnkey domain
>> controller". Probé instalarlo y con RSAT puedo crear las GPO sin
>> problemas, leer/escribir/modificar archivos en la unidad compartida
>> sysvol.
> 
> Interesa que trabajes con los mismos usuarios y el mismo archivo de GPO 
> que tienes en samba, no vaya a ser que tenga algún problema.
> 
>> Estoy investigando cual puede ser la causa de esto, por ahora vi que la
>> carpeta sysvol tiene definidos grupos por default con ACL y el grupo es
>> 300 que no tengo idea de donde lo obtiene.
>>
>> root@dc1 lib/samba# getfacl sysvol/
>> # file: sysvol/
>> # owner: root # group: 300 user::rwx user:root:rwx group::rwx
>> group:300:rwx group:301:r-x group:302:rwx group:303:r-x
>> mask::rwx other::---
>> default:user::rwx default:user:root:rwx default:group::---
>> default:group:300:rwx default:group:301:r-x
>> default:group:302:rwx default:group:303:r-x default:mask::rwx
>> default:other::---
> 
> Los permisos han cambiado, sí. Pues si te sigue dando el mismo error, 
> comprueba que tengas bien configurada la utilidad RSAT:
> 
> https://wiki.samba.org/index.php/Installing_RSAT
> 
> Saludos,
> 

Hola,

Después de renegar un buen rato y probar varias configuraciones, tuve
suerte.
Habilite el servicio s3fs (fuse) en smb.conf para poder editar los FS en
el pdc y crear las gpo sin problemas. No era un problema de samba, ni
rsat, ni los clientes. el problema como siempre digo suele estar entre
el teclado y la silla.
Dejo la configuración del pdc por si a alguien le resulta útil.

/etc/resolv.conf

search test.lan
nameserver 172.21.0.2
nameserver 172.21.0.254


/etc/krb5.conf

[libdefaults]
default_realm = TEST.LAN
dns_lookup_realm = false
dns_lookup_kdc = true



/etc/samba/smb.conf

# Global parameters

[global]
workgroup = TEST
realm = test.lan
netbios name = PDC
server role = active directory domain controller
dns forwarder = 172.21.0.254
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns
idmap_ldb:use rfc2307 = yes

[netlogon]
path = /var/lib/samba/sysvol/test.lan/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No


¹https://wiki.samba.org/index.php/Samba4/s3fs




signature.asc
Description: OpenPGP digital signature

Re: you iso's may have been hacked

2016-08-10 Thread Steve McIntyre

Thomas Schmitt wrote:
>Steve McIntyre wrote:
>> It's also contained in the debian-role-keys keyring in the
>> debian-keyring package: [...]
>> and the full fingerprint is also on the Debian website using https for
>> people who would rather trust that.
>
>We users could easily be outsmarted in this aspect, i fear.
>It's hard to tell whom to trust and how to avoid being spoofed by others.
>
>In any case somebody with edit powers should replace in
>
>  https://www.debian.org/CD/faq/#verify
>
>"SHA1" and "MD5" by "SHA512".
>Just to make this aspect safe for the next few years ... hopefully.

Good point - I've just updated the FAQ to remove mentions of MD5 and
SHA1 and switch to SHA512 and SHA256 instead.

There's work ongoing on the new cleaner/clearer download page, and I'm
hoping to have that live soon-ish.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
  Armed with "Valor": "Centurion" represents quality of Discipline,
  Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
  concord the digital world while feeling safe and proud.

Re: 2 attempts failed: 1) cmp; 2) /home/a/scripts/check_debian_iso

2016-08-10 Thread Andrew F Comly 康大成

Pascal & other security knowledgible persons,
Thanks for your advice on how to deal with this problem. Below are my two 
attempts, along with their failed results.
Attempt 01
$ ls
debian-8.5.0-i386-lxde-CD-1.checksum SHA512SUMS
debian-8.5.0-i386-lxde-CD-1.iso SHA512SUMS.sign
Debian8_i386_SHA256SUMS.sign
$ wget https://people.debian.org/~danchev/debian-iso/check_debian_iso
~/scripts$ chmod +x check_debian_iso
$ /home/a/scripts/check_debian_iso SHA512SUMS debian-8.5.0-i386-lxde-CD-1.iso 
/dev/sdb
Does not look like an ISO 9660 filesystem: '/dev/sdb' magic=' '
{fail}

Am I supposed to edit the script and put something in for magic=' '?

Attempt 02
$ sudo cmp 
/media/LG/AC/bckup/Install/2_Bootable-OS/Debian/i386/debian-8.5.0-i386-lxde-CD-1.iso
 /dev/sdb
[sudo] password for a:
/media/LG/AC/bckup/Install/2_Bootable-OS/Debian/i386/debian-8.5.0-i386-lxde-CD-1.iso
 /dev/sdb differ: byte 1, line 1

Sincerely,
Andrew F Comly

==

 Original Message 
Subject: Re: you iso's may have been hacked
Local Time: August 10, 2016 10:17 AM
UTC Time: August 10, 2016 10:17 AM
From: pas...@plouf.fr.eu.org
To: debian-user@lists.debian.org

Le 10/08/2016 à 08:36, Thomas Schmitt a écrit :
>
> Andrew F Comly wrote:
>
>> Notice how the two sha512sum numbers (local vs burnt usb) don't match!

Of course : the image and the device do not have the same size.

> Determine the ISO size on /dev/sdb by program isosize and curb its reading
> by help of program dd, or try
>
> wget https://people.debian.org/~danchev/debian-iso/check_debian_iso
>
> ./check_debian_iso SHA512SUMS debian-8.5.0-i386-lxde-CD-1.iso /dev/sdb

Or use 'cmp' to compare the USB device contents with the image file.

cmp debian-8.5.0-i386-lxde-CD-1.iso /dev/sdb

If the comparison ends by reaching the end of the image file, there is
no difference.

Re: Limiting internet access by time

2016-08-10 Thread Stefan Monnier

> a maximum consumption of about 3W, and has no configuration at
[...]
> A typical AP needs 10-20W,

What kind of AP would consume 20W?  Mine consumes around 5W and that includes
a 2TB disk attached to it (and spinning).

> and has an expected lifetime of 1-4 years.

Where do you get those numbers?  In my world, if it dies on you before
5 years, then it was just a really bad quality AP.

The point about reliability and lack of configuration of a dumb switch is
well taken, tho.


Stefan

Re: Help on investigating partition-related changes

2016-08-10 Thread Gene Heskett

On Wednesday 10 August 2016 03:29:26 Lisi Reisz wrote:

> On Wednesday 10 August 2016 00:45:32 Mark Fletcher wrote:
> > I would hope that most decent mail clients roll up the quoted text
> > and let you unroll it if you want to read it -- Inbox certainly
> > does.
>
> Googlemail Inbox is your definition of a decent email client??? :-0
>
> Lisi

Brainwashed by winders maybe? That would have to be the last server on 
the planet before I'd try to wade thru its brokenness.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page

Re: machine checks on Dell R815 under jessie

2016-08-10 Thread Jeffrey Mark Siskind

   From: Ritesh Raj Sarraf 

   I (still) have MCE errors on my new laptop [1]. But so far, hasn't created
   any problem.

It causes my servers to halt.

Jeff (http://engineering.purdue.edu/~qobi)

The DISPLAY variable.

2016-08-10 Thread peter

Hi,

https://wiki.debian.org/EnvironmentVariables has no mention 
of the DISPLAY variable.

https://www.debian.org/doc/manuals/debian-reference/ch07.en.html 
mentions DISPLAY only incidentally in the last section.

https://www.x.org/archive/X11R6.7.0/doc/X.7.html states, 
"... every X server has a display name of the form:
 hostname:displaynumber.screennumber"

https://en.wikipedia.org/wiki/Environment_variable states,
"$DISPLAY
Contains the identifier for the display that X11 programs 
  should use by default."

https://wiki.debian.org/Shell states 
"Within Debian, the default /bin/sh shell must be SUSv3/POSIX 
  compliant (see debian-policy)."

https://en.wikipedia.org/wiki/Environment_variable#Unix states,
"if used in front of a program to run, the variables will be 
  exported to the environment and thus appear as real environment 
  variables to the program:
VARIABLE=value program_name [arguments]"

Here Debian jessie is running on a machine with two screens 
connected to one video card.  Therefore try these commands.
peter@dalton:~$ DISPLAY=:0.0 program
peter@dalton:~$ DISPLAY=:0.1 program
In both cases the program runs in a window opened on the left 
screen.  DISPLAY is ignored?

Also try program1.
peter@dalton:~$ DISPLAY=:0.0 program1
It runs in a window on the right screen.

peter@dalton:~$ DISPLAY=:0.1 program1
gives this error.
"program1: Kernel: Initialized and started.
Cannot open X11 display :0.1"

peter@dalton:~$ xrandr | grep Screen
Screen 0: minimum 320 x 200, current 2432 x 960, maximum 4096 x 4096

xrandr recognizes only one screen?  Why?  Any ideas to have 
the two screens recognized according to the documentation?

Thanks, ... Peter E.

-- 
123456789 123456789 123456789 123456789 123456789 123456789 123456789
Tel +1 360 639 0202 
http://easthope.ca/Peter.html Bcc: peter at easthope. ca

Re: you iso's may have been hacked

Hi,

Steve McIntyre wrote:
> It's also contained in the debian-role-keys keyring in the
> debian-keyring package: [...]
> and the full fingerprint is also on the Debian website using https for
> people who would rather trust that.

We users could easily be outsmarted in this aspect, i fear.
It's hard to tell whom to trust and how to avoid being spoofed by others.

In any case somebody with edit powers should replace in

  https://www.debian.org/CD/faq/#verify

"SHA1" and "MD5" by "SHA512".
Just to make this aspect safe for the next few years ... hopefully.

Have a nice day :)

Thomas

Re: More problems

The OP already opened a thread for the same problem under the title 
"i8042 controller not found". I made about the same suggestions as you. 
Well, I guess a rephrase cannot hurt.

Re: pulseaudio, derivative problems

On Wed 10 Aug 2016 at 07:48:22 -0600, Levi Darrell wrote:

> > It is not necessary for a user to be in the audio group these days.
> >
> >   ls -l /dev/snd/*
> >
> > shows all files have permissions crw-rw+. The "+" sign indicates an
> > ACL (Access Control List). Then (as the user)
> >
> >   getfacl /dev/snd/*
> >
> > will show whether the user is on the List.
> >
> > It looks like my user has rw permissions for all those that are in the
> audio group.

Your user has rw permissions to use sound devices. This is granted in
/lib/udev/rules.d/70-uaccess.rules. Being in the audio group is neither
here nor there.

Re: Networking: unable to get multi-homed host working in Debian 8


Le 10/08/2016 à 14:43, Tom Browder a écrit :


$ ip -4 addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
group default
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 192.168.0.17/24 brd 192.168.0.255 scope global eth0
   valid_lft forever preferred_lft forever


Well, it it looks like I was right.


Is there confusion in my Debian 8 between networking setting methods
(ip ves ifconfig)?


What makes you think this ? Does ifconfig display the additional 
addresses ? I doubt it.


Reading again your original message, IIRC the "restart" action acts only 
on interfaces configured with "auto" or "allow-auto", not 
"allow-hotplug". This is the reason of the big warning displayed when 
you run the command.


Should I understand that by "all went well" you just meant there was no 
error message but you did not check the actual interface configuration ?


Did you reboot the system ? If not, try this :
ifup --force eth0

Re: debian dañado ayuda: Resuelto

2016-08-10 Thread Camaleón

El Tue, 09 Aug 2016 20:27:54 -0400, Yehender Carrasco escribió:

(acordaos de usar siempre un formato de texto plano para enviar correos a 
la lista y de responder en el mismo hilo donde se ha iniciado el tema, si 
no el mensaje queda perdido y sin conexión con el hilo principal)

> Gracias amigos! ya estaba subiendo un video para mostrarles, pero
> presioné como sugirieron en uno de los mails CTRL+ALT+ f1 f2 f3 f4 

Ctrl+Alt+F1-6 te lleva a una terminal pero lo normal es que el sistema se 
cargue automáticamente y se inicie con el entorno gráfico (tty7).

> uno de esos funciono y me dio acceso para loguear como root y poder usar
> comandos, luego de eso, probe con dpkg --configure -a y reconfiguro
> varias cosas, e igual utilice apt-get update y tambien entré al aptitude
> y lo actualice, no se cual de todas estas acciones funciono pero
> finalmente tengo de nuevo del debian trabajando GRACIAS!!!b(disculpen
> no se usar muy bien la mailist )

Para la próxima, no hay que interrumpir nunca al sistema cuando está 
actualizando porque si el paquete del kernel se queda a mitad o sin 
configurar y no tienes otro con el que iniciar lo puedes pasar realmente 
mal.

Si el sistema queda dañado o actualizado a medias, cuando llegues a la 
pantalla de GRUB2 puedes seleccionar la opción de arranque "Modo de 
rescate" para que te inicie con los servicios mínimos y poder trabajar 
desde ahí.

Saludos,

-- 
Camaleón

Re: you iso's may have been hacked

2016-08-10 Thread Steve McIntyre

Thomas Schmitt wrote:
>Hi,
>
>Andrew F Comly wrote:
>> gpg: WARNING: This key is not certified with a trusted signature!
>
>I wonder whom we could trust to certify the Debian gpg key ...

It's signed by a number of prominent DDs, including 2 DPLs and 2
Release Managers. Oh, and a number of idiots who don't understand GPG:
they have signed it and pushed signatures to the keyservers without
any fingerprint verification. :-(

It's also contained in the debian-role-keys keyring in the
debian-keyring package:

gpg --no-default-keyring -kvc --keyring 
/usr/share/keyrings/debian-role-keys.gpg DA87E80D6294BE9B
pub   4096R/DA87E80D6294BE9B 2011-01-05
  Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
uid  Debian CD signing key 
sub   4096R/642A5AC311CD9819 2011-01-05

and the full fingerprint is also on the Debian website using https for
people who would rather trust that.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
  Armed with "Valor": "Centurion" represents quality of Discipline,
  Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
  concord the digital world while feeling safe and proud.

Re: Samba4 como subdominio de otro Samba4

2016-08-10 Thread Camaleón

El Tue, 09 Aug 2016 18:00:38 -0400, Lic. Manuel Salgado escribió:

> Saludos a toda la comunidad:
> Hace algun tiempo anduve por aquí en estos asuntos sobre la compilación
> de Samba4 + Bind9 con el soporte para DLZ en fin, tenia problemas para
> poder instalar Bind con este soporte, ya todo eso quedo resuelto. Lo que
> necesito ahora es que algun gurú me eche una mano en como puedo lograr
> aprovisionar un samba4 en su version 4.3.0 que -repito ya esta compilado
> e instalado correctamente con bind9 con soporte para DLZ en su version
> 2.10.0- como subdominio de otro samba4,
> que corre exactamente las mismas versiones de sistema operativo (debian
> squeezy 32 bits). Es decir tengo ya funcionalmente un dominio prueba.cu,
> con su correspondiente PDC y quiero a traves de samba-tool aprovisionar
> otro PDC como subdominio de este, quedando como sub.prueba.cu.

¿Has probado primero a seguir los pasos que indican en la documentación?

Join an additional Samba DC to an existing Active Directory
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#Join_the_existing_domain_as_a_Domain_Controller

Saludos,

-- 
Camaleón

Re: pulseaudio, derivative problems

2016-08-10 Thread Levi Darrell

>
>
> It is not necessary for a user to be in the audio group these days.
>
>   ls -l /dev/snd/*
>
> shows all files have permissions crw-rw+. The "+" sign indicates an
> ACL (Access Control List). Then (as the user)
>
>   getfacl /dev/snd/*
>
> will show whether the user is on the List.
>
> It looks like my user has rw permissions for all those that are in the
audio group.

Re: pulseaudio, derivative problems

On Wed 10 Aug 2016 at 08:54:14 -0400, Jude DaShiell wrote:

> Is the stretch user in the audio group?  If not, maybe adding the user to
> audio will help.

It is not necessary for a user to be in the audio group these days.

  ls -l /dev/snd/*

shows all files have permissions crw-rw+. The "+" sign indicates an
ACL (Access Control List). Then (as the user)

  getfacl /dev/snd/*

will show whether the user is on the List.



 
> On Wed, 10 Aug 2016, Levi Darrell wrote:
> 
> >Date: Wed, 10 Aug 2016 08:34:04
> >From: Levi Darrell 
> >To: debian-user@lists.debian.org
> >Subject: pulseaudio, derivative problems
> >Resent-Date: Wed, 10 Aug 2016 12:34:37 + (UTC)
> >Resent-From: debian-user@lists.debian.org
> >
> >I've really done it this time.
> >
> >I'm running Debian Stretch Testing, Kernel v. 4.3.0-1-amd64. With X Server
> >I use the LXDE desktop environment.
> >
> >I had been using pulseaudio without any trouble. I tried to install
> >audacity v. 2.1.2. I compiled it from source, but when I open audacity, it
> >doesn't read any audio input or output sources. If I try to open a file and
> >play it back, it says, 'Error while opening sound device. Please check the
> >playback device settings and the project sample rate.' The playback device
> >setting drop-down menu is greyed out, however, as is the input device
> >setting. Incidentally, I have audacity installed on a Windows 10 virtual
> >machine (VBox), and it works fine, but I need audacity on the host machine
> >as well.
> >
> >Frustrated with this, I attempted a possible fix of using 'pavususpender'.
> >This did not help at all. I then attempted to download Ardour, as an
> >alternative to audacity, compile it from source, and install it. I was
> >lacking several package dependencies, however, so I began installing them
> >through the apt package manager: boost library, pkg-config, glib-2.0,
> >glibmm-2.4, sndfile, liblo, taglib, vamp-sdk, vamp-hostsdk, rubberband, and
> >clang. I installed the -dev version of all these packages where applicable.
> >I still haven't been able to complete the installation of Ardour, for
> >reasons which are not the object of this inquiry.
> >
> >Now pulseaudio won't work at all, in addition to several other programs.
> >Issuing 'pulseaudio' returns 'pid.c: Daemon already running; main.c:
> >pa_pid_file_create() failed.' however if I issue 'pavucontrol', a dialog
> >box flashes for an instant and then disappears, and the volume control gui
> >tool never opens. The volume control keyboard shortcuts still work (I still
> >have sound), but they must be going through alsa.
> >
> >Even more inexplicably, the same thing happens if I try to open up a pdf
> >file with evince, and when I try to use the firefox browser. A dialog box
> >flashes for an instant, but the program never opens. The screenshot
> >accessory has also stopped working. Chromium-based browsers are still
> >working just fine, however, and for viewing pdf files I can still use
> >Master PDF Editor 3.
> >
> >These are all the previously fully functional programs which have stopped
> >functioning since this debacle that have so far come to my attention.
> >Having audacity working would be a nice luxury, but now my first priority
> >is getting firefox going again, since there are some web-based tasks I must
> >perform on a regular basis which do not work properly in chromium browsers.
> >
> >Thanks in advance for any light you may shed upon me in my state of
> >ignorance.
> >
> >Levi
> >
> 
> -- 
>

Re: escritorio remoto

2016-08-10 Thread Camaleón

El Tue, 09 Aug 2016 14:35:53 -0400, merlinverdecia escribió:

> El otro sistema operativo es window XP.
> saludos

Vale, pero no abras un hilo nuevo para decir eso, responde mejor en el 
que has creado antes de lo contrario no se sabe a qué o quién estás 
respondiendo ;-)

Pues entonces -si tienes instalado gnome o xfce- yo probaría con Remmina 
que es multi-protocolo y así te sirve para acceder a cualquier otro 
sistema (linux, windows...).

Saludos,

-- 
Camaleón

Re: Limiting internet access by time

On Tue, Aug 09, 2016 at 03:14:27PM -0400, Stefan Monnier wrote:
> > Nope. Buy a $20 5-8 port ethernet switch. Very reliable. That's
> > in the diagram above as "switch".
> 
> But it also means one more box.  If you had one box before, that doubles
> the number of boxes, and might also double the 24/7 power consumption.

An 8 port ethernet switch, such as the one on my desk here, is
roughly the size of a paperback book. It sips electricity, with
a maximum consumption of about 3W, and has no configuration at
all. Lifetime warranties are reasonably common.

A typical AP needs 10-20W, is a full-fledged computer running a
configurable operating system and has an expected lifetime of
1-4 years.

-dsr-

Re: NFS no_root_squash not working (permission denied)

2016-08-10 Thread Greg Wooledge

On Tue, Aug 09, 2016 at 09:14:56AM -0400, Greg Wooledge wrote:
> On Mon, Aug 08, 2016 at 11:14:36AM -0400, Greg Wooledge wrote:
> > It appears that no_root_squash is being ignored.

Opened bug #833925. :(

Re: pulseaudio, derivative problems

2016-08-10 Thread Jude DaShiell

Is the stretch user in the audio group?  If not, maybe adding the user 
to audio will help.

On Wed, 10 Aug 2016, Levi Darrell wrote:

Date: Wed, 10 Aug 2016 08:34:04
From: Levi Darrell 
To: debian-user@lists.debian.org
Subject: pulseaudio, derivative problems
Resent-Date: Wed, 10 Aug 2016 12:34:37 + (UTC)
Resent-From: debian-user@lists.debian.org

I've really done it this time.

I'm running Debian Stretch Testing, Kernel v. 4.3.0-1-amd64. With X Server
I use the LXDE desktop environment.

I had been using pulseaudio without any trouble. I tried to install
audacity v. 2.1.2. I compiled it from source, but when I open audacity, it
doesn't read any audio input or output sources. If I try to open a file and
play it back, it says, 'Error while opening sound device. Please check the
playback device settings and the project sample rate.' The playback device
setting drop-down menu is greyed out, however, as is the input device
setting. Incidentally, I have audacity installed on a Windows 10 virtual
machine (VBox), and it works fine, but I need audacity on the host machine
as well.

Frustrated with this, I attempted a possible fix of using 'pavususpender'.
This did not help at all. I then attempted to download Ardour, as an
alternative to audacity, compile it from source, and install it. I was
lacking several package dependencies, however, so I began installing them
through the apt package manager: boost library, pkg-config, glib-2.0,
glibmm-2.4, sndfile, liblo, taglib, vamp-sdk, vamp-hostsdk, rubberband, and
clang. I installed the -dev version of all these packages where applicable.
I still haven't been able to complete the installation of Ardour, for
reasons which are not the object of this inquiry.

Now pulseaudio won't work at all, in addition to several other programs.
Issuing 'pulseaudio' returns 'pid.c: Daemon already running; main.c:
pa_pid_file_create() failed.' however if I issue 'pavucontrol', a dialog
box flashes for an instant and then disappears, and the volume control gui
tool never opens. The volume control keyboard shortcuts still work (I still
have sound), but they must be going through alsa.

Even more inexplicably, the same thing happens if I try to open up a pdf
file with evince, and when I try to use the firefox browser. A dialog box
flashes for an instant, but the program never opens. The screenshot
accessory has also stopped working. Chromium-based browsers are still
working just fine, however, and for viewing pdf files I can still use
Master PDF Editor 3.

These are all the previously fully functional programs which have stopped
functioning since this debacle that have so far come to my attention.
Having audacity working would be a nice luxury, but now my first priority
is getting firefox going again, since there are some web-based tasks I must
perform on a regular basis which do not work properly in chromium browsers.

Thanks in advance for any light you may shed upon me in my state of
ignorance.

Levi

--

Re: More problems

2016-08-10 Thread Greg Wooledge

On Tue, Aug 09, 2016 at 08:05:41PM -0400, Maureen L Thomas wrote:
> It starts to boot up and goes through all of the normal boot processes 
> and then stales just before the final screen to sign on. All I get is 
> the - flashing in the upper left hand corner.  The only message I get is 
> i8042 controller not found.

So wait.  Do you get a blank screen with just a flashing cursor?
Or do you get a message that says "i8042 controller not found"?

In any case, since you seem to be saying you had visible messages on
the screen during boot, this sounds like a problem at the moment your
display manager (DM) tries to start X.  Which in turn sounds like a
non-working video driver.

Use Ctrl-Alt-F2 to get back to a text console.

Disable your DM (gdm3 or lightdm or kdm or whatever it is) for now.

Try to "startx" as root.

If "startx" doesn't work, try alternative video drivers.  Repeat until
you can "startx" as root.

Then try "startx" as a non-root user.

Once THAT works, then you can re-enable your DM.

Re: Networking: unable to get multi-homed host working in Debian 8

2016-08-10 Thread Tom Browder

On Wed, Aug 10, 2016 at 7:13 AM, Pascal Hambourg  wrote:
> Le 10/08/2016 à 13:22, Tom Browder a écrit :
>>
>>
>> Ping from the test host itself to its primary first alias IP:
>>
>> PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.
>>>
>>> From 192.168.0.17 icmp_seq=1 Destination Host Unreachable
>
>
> It really looks like the secondary address is not configured on the host.
> Did you check with "ip -4 addr" ?

$ ip -4 addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
group default
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
inet 192.168.0.17/24 brd 192.168.0.255 scope global eth0
   valid_lft forever preferred_lft forever

Is there confusion in my Debian 8 between networking setting methods
(ip ves ifconfig)?

I'm in the dark and just following docs and helpful folks like you!

Best,

-Tom

pulseaudio, derivative problems

2016-08-10 Thread Levi Darrell

I've really done it this time.

I'm running Debian Stretch Testing, Kernel v. 4.3.0-1-amd64. With X Server
I use the LXDE desktop environment.

I had been using pulseaudio without any trouble. I tried to install
audacity v. 2.1.2. I compiled it from source, but when I open audacity, it
doesn't read any audio input or output sources. If I try to open a file and
play it back, it says, 'Error while opening sound device. Please check the
playback device settings and the project sample rate.' The playback device
setting drop-down menu is greyed out, however, as is the input device
setting. Incidentally, I have audacity installed on a Windows 10 virtual
machine (VBox), and it works fine, but I need audacity on the host machine
as well.

Frustrated with this, I attempted a possible fix of using 'pavususpender'.
This did not help at all. I then attempted to download Ardour, as an
alternative to audacity, compile it from source, and install it. I was
lacking several package dependencies, however, so I began installing them
through the apt package manager: boost library, pkg-config, glib-2.0,
glibmm-2.4, sndfile, liblo, taglib, vamp-sdk, vamp-hostsdk, rubberband, and
clang. I installed the -dev version of all these packages where applicable.
I still haven't been able to complete the installation of Ardour, for
reasons which are not the object of this inquiry.

Now pulseaudio won't work at all, in addition to several other programs.
Issuing 'pulseaudio' returns 'pid.c: Daemon already running; main.c:
pa_pid_file_create() failed.' however if I issue 'pavucontrol', a dialog
box flashes for an instant and then disappears, and the volume control gui
tool never opens. The volume control keyboard shortcuts still work (I still
have sound), but they must be going through alsa.

Even more inexplicably, the same thing happens if I try to open up a pdf
file with evince, and when I try to use the firefox browser. A dialog box
flashes for an instant, but the program never opens. The screenshot
accessory has also stopped working. Chromium-based browsers are still
working just fine, however, and for viewing pdf files I can still use
Master PDF Editor 3.

These are all the previously fully functional programs which have stopped
functioning since this debacle that have so far come to my attention.
Having audacity working would be a nice luxury, but now my first priority
is getting firefox going again, since there are some web-based tasks I must
perform on a regular basis which do not work properly in chromium browsers.

Thanks in advance for any light you may shed upon me in my state of
ignorance.

Levi

Re: debian version ID


Le 10/08/2016 à 03:02, Seeker a écrit :


On 8/9/2016 4:49 PM, David Wright wrote:

On Tue 09 Aug 2016 at 13:27:34 (-0700), Seeker wrote:


That was my first thought too, but looking up base-files for one of
the LTS releases on packages.ubuntu.com and reading
the change log, looks like to do update the os-release with xx.xx.1,
xx.xx.2, etc...


Where was that, then? (To save us all having to search for it.)

When you say "update the os-release with xx.xx.1", do you
mean the VERSION_ID line? This line is optional anyway,
is it not?


http://changelogs.ubuntu.com/changelogs/pool/main/b/base-files/base-files_7.2ubuntu5.5/changelog

"base-files (7.2ubuntu5.5) trusty; urgency=medium

  * /etc/issue, /etc/issue.net, /etc/lsb-release, /etc/os-release: Bump
version number to 14.04.5 in preparation for the point release.


I downloaded the package from 
 and extracted the 
files.


/etc/os-release :

NAME="Ubuntu"
VERSION="14.04.5 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.5 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/;
SUPPORT_URL="http://help.ubuntu.com/;
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/;

/etc/lsb-release :

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"

Re: Networking: unable to get multi-homed host working in Debian 8


Le 10/08/2016 à 13:22, Tom Browder a écrit :


Ping from the test host itself to its primary first alias IP:

PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.

From 192.168.0.17 icmp_seq=1 Destination Host Unreachable


It really looks like the secondary address is not configured on the 
host. Did you check with "ip -4 addr" ?

Re: How to get rid of M10


Le 10/08/2016 à 01:28, Mark Fletcher a écrit :

On Wed, Aug 10, 2016 at 12:19 AM Pascal Hambourg 
wrote:


Le 09/08/2016 à 15:35, Mark Fletcher a écrit :



2) The partition table layout needs to be right for UEFI, and what works
for an MBR boot won't work for UEFI.


I'm not sure I understand what you mean.
Legacy and EFI boot have different requirements (legacy needs a boot
loader in the MBR, EFI needs a boot loader in the EFI system partition),
but they are not incompatible, so it is possible to have the same
installation boot either in legacy or EFI mode. When it's not possible
is only due to firmware bugs.


I meant the very fact that EFI requires particular partitions to exist,


Actually I am not even sure of this, although I didn't read the EFI 
specification.


I could see with efibootmgr that an EFI boot variable stores the full 
location (GUID and position) of the partition containing the boot 
loader, so I wondered if the partition really had to by of the "EFI 
system" type. I manually registered a copy of GRUB EFI core image stored 
on a standard FAT partition (so that the UEFI firmware can read it) with 
efibootmgr, and could successfully boot it from the UEFI boot menu. So 
either the EFI system partition is not a requirement, or this UEFI 
firmware implementation was more permissive.


So it could be that the EFI system partition is only needed to boot with 
the default bootloader, when no EFI boot variable is defined for the 
device (e.g. when it is a removable device such as the installer).


Granted, a FAT partition is not that common on GNU/Linux systems, so 
that does not help us much.



while non-EFI requires only that at least 1 partition exist.


This is not a standard BIOS requirement. The BIOS should be partition 
agnostic and only check the 0xAA55 (or 0x55AA) signature in the last two 
bytes of the MBR. Unfortunately, I observed that some BIOSes I call 
"broken" check the MSDOS partition table and require that one partition 
with the boot flag exist.


Many misconceptions exist about requirements and limitations of the 
BIOS. For example, a common belief is that the BIOS cannot address more 
than 2 TiB of a disk. However such a limit does not exist in the BIOS 
specification, but only in the MBR/MSDOS partition table format. As 
usual you may come across a particular BIOS implementation with that 
limit, but it's a bug. Of course one is free to act as if all BIOSes 
have this limit for safety, but it is not a general truth.



It's entirely
feasible to construct a partition scheme that works happily with non-EFI
boot but will not work with EFI boot -- indeed, almost any reasonable
structure that a user comes up with that makes sense from a legacy
perspective in the absence of knowledge of EFI's requirements, will not
work with EFI, at least because it doesn't include the EFI boot partition
required by EFI. So no, compatible they certainly ain't.


They are compatible in the sense that adding what is required for the 
EFI boot does not remove the compatibility with the BIOS boot. They can 
coexist, if you prefer.



What is extremely hard is booting a machine MBR and then setting it up to
boot UEFI.


I would not say "extremely", but harder than the other way around. One
reason is that you need to create an EFI system partition on the boot
disk, usually going through the hassle of reducing another partition.


Have you ever tried it?


Of course I have. Otherwise I would not dare to be so affirmative.


grub-install won't be able to work because the
system calls it tries to make fail. virtual file systems (efivars or
something? I forget exactly) that need to be populated... aren't.


Correct, but there is a workaround. Booting in EFI mode to have access 
to EFI variables is needed only to create an EFI boot entry. But you 
don't need an EFI boot entry to boot the default boot loader. This is 
how the installer boots from a removable medium, but it also works on a 
fixed drive (actually some broken UEFI firmwares can only launch the 
default boot loader, ignoring existing EFI boot entries).


grub-install as a --removable option to install the core image in the 
default boot loader location /boot/efi/efi/boot/boot.efi, assuming 
the EFI system partition is mounted on /boot/efi. You can also copy the 
core image from the standard Debian location 
/boot/efi/debian/grub.efi manually.  may be ia32 or x64 
depending on the firmware architecture.


Alternatively, some EFI firmwares are sophisticated enough to allow you 
to select manually the EFI file to boot from without an EFI boot entry.



Bringing
up a machine from a legacy boot and then getting the infrastructure in
place to be able to run grub-install is hard.


Yes, I acknowledged it was hard, but not extremely hard when you know 
the few steps.

Re: Networking: unable to get multi-homed host working in Debian 8

2016-08-10 Thread Tom Browder

On Wednesday, August 10, 2016, Pascal Hambourg  wrote:
>
> Le 10/08/2016 à 03:16, Tom Browder a écrit :
>>
>> Then, as root, I executed "service networking restart" and all looked
>> well until I logged in to another host and tried to ping the new IP
>> and got no good ping.
>
> Can you elaborate "all looked well" and "no good ping" ?
> Commands, results ?

Thanks for the reply, Pascal.

Ping from another host to the test host (bigtom):

PING bigtom.tombrowder.com (192.168.0.17) 56(84) bytes of data.
64 bytes from bigtom.tombrowder.com (192.168.0.17): icmp_seq=1 ttl=64
time=3.05 ms
64 bytes from bigtom.tombrowder.com (192.168.0.17): icmp_seq=2 ttl=64
time=3.14 ms

Then a ping to the primary IP:

PING 192.168.0.17 (192.168.0.17) 56(84) bytes of data.
64 bytes from 192.168.0.17: icmp_seq=1 ttl=64 time=3.07 ms
64 bytes from 192.168.0.17: icmp_seq=2 ttl=64 time=3.00 ms

Then a ping to the secondary IP (first alias):

PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.
>From 192.168.0.35 icmp_seq=1 Destination Host Unreachable
>From 192.168.0.35 icmp_seq=2 Destination Host Unreachable

> What's the result of ping to these addresses from the host itself ?

I didn't think of that.

Ping from the test host itself to its host name:

PING bigtom.tombrowder.com (127.0.1.1) 56(84) bytes of data.
64 bytes from bigtom.tombrowder.com (127.0.1.1): icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from bigtom.tombrowder.com (127.0.1.1): icmp_seq=2 ttl=64 time=0.011 ms

Ping from the test host itself to its primary IP:

PING 192.168.0.17 (192.168.0.17) 56(84) bytes of data.
64 bytes from 192.168.0.17: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.168.0.17: icmp_seq=2 ttl=64 time=0.013 ms

Ping from the test host itself to its primary first alias IP:

PING 192.168.0.18 (192.168.0.18) 56(84) bytes of data.
>From 192.168.0.17 icmp_seq=1 Destination Host Unreachable
>From 192.168.0.17 icmp_seq=2 Destination Host Unreachable

Thanks again for your help.

Best regards,

-Tom

Re: upgrade vers jessy

2016-08-10 Thread Sébastien NOBILI

Bonjour,

Le mardi 09 août 2016 à 13:42, Pascal Hambourg a écrit :
> contrairement à Squeeze-LTS, pas besoin d'ajouter un dépôt spécifique pour en
> bénéficier.

Merci pour l’info, cette subtilité m’avait échappé. Bonne initiative qui aidera
grandement la gestion de parc.

Sébastien

Re: you iso's may have been hacked


Le 10/08/2016 à 08:36, Thomas Schmitt a écrit :


Andrew F Comly wrote:


Notice how the two sha512sum numbers (local vs burnt usb) don't match!


Of course : the image and the device do not have the same size.


Determine the ISO size on /dev/sdb by program isosize and curb its reading
by help of program dd, or try

  wget https://people.debian.org/~danchev/debian-iso/check_debian_iso

  ./check_debian_iso SHA512SUMS debian-8.5.0-i386-lxde-CD-1.iso /dev/sdb


Or use 'cmp' to compare the USB device contents with the image file.

cmp debian-8.5.0-i386-lxde-CD-1.iso /dev/sdb

If the comparison ends by reaching the end of the image file, there is 
no difference.

Re: Networking: unable to get multi-homed host working in Debian 8


Le 10/08/2016 à 03:16, Tom Browder a écrit :


Then, as root, I executed "service networking restart" and all looked
well until I logged in to another host and tried to ping the new IP
and got no good ping.


Can you elaborate "all looked well" and "no good ping" ?
Commands, results ?

What's the result of ping to these addresses from the host itself ?

RE: Networking: unable to get multi-homed host working in Debian 8

2016-08-10 Thread Bonno Bloksma

Hi,

> I have read the current Debian networking docs on the subject 
> (https://wiki.debian.org/NetworkConfiguration#iproute2_method).
> I want to use at least two IPv4 static addresses on the same physical NIC. 

[..]

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
  address 192.168.0.17
  netmask 255.255.255.0
  gateway 192.168.0.1
  dns-nameservers 208.67.222.222   208.67.220.220

  # add new IPv4 devices
  up ip addr add 192.168.0.18/24 dev eth0
  down ip addr del  192.168.0.18/24 dev eth0

  up ip addr add 192.168.0.19/24 dev eth0
  down ip addr del  192.168.0.19/24 dev eth0

This way eth0 will have 3 addresses, you don’t need the special labels or the 
$IFACE is only used in some scripts AFAIK.
You might want to include the broadcast address but I think that is still in my 
config due to an old bug in previous version.
I have lines like:
   up ip addr add 217.114.99.213/27 broadcast 217.114.99.223 dev eth3
on my firewall server where I have multiple addresses on the external interface 
to connect to multiple services.

However... you also talk about your server being multi-homed in your subject, 
multi-homed means something else than just having multiple ip addresses in the 
same network on the same interface.
What are you trying to achieve?

Bonno Bloksma

Trying to collect samples of USB descriptor data

2016-08-10 Thread Daniel Kopeček

Hello,
I'm working on an open-source project called USBGuard (currently in
the process of being packaged for Debian[1]) which aims to provide an
user-space framework that complements the USB device authorization
feature[2] in the Linux kernel. There are parts which deal with USB
descriptor data and I would like to test them thoroughly (fuzzing,
etc.). For that I need some samples of the USB descriptor data. I can
generate some samples but it's always a good idea to have real world
samples.

Now to my actual request. I wrote a script[3] for collecting USB
descriptor data from a Linux based system and I would like you to help
me by running this script on your system (should work without root)
and send me the results to dnk.usb...@gmail.com or by other means,
whatever is convenient for you. The script is very simple and it
should be easy to check that it doesn't do anything malicious.

If you own some "exotic" USB devices, please connect them before
running the script.

Here's a short description of what the script does:

1. It looks for usb devices in /sys/bus/usb/devices
2. For each device it:
- computes the sha1 of the USB descriptors (the "descriptors" file in
the device sub-directory)
- copies the "descriptors" file into a temporary directory
- counts the number of configuration, interface and endpoint
descriptors using lsusb and saves this information in the temporary
directory
3. Compresses the temporary directory -- the archive is the result.
4. Removes the temporary directory

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825302
[2] https://www.kernel.org/doc/Documentation/usb/authorization.txt
[3]
https://raw.githubusercontent.com/dkopecek/usbguard/master/scripts/usb-descriptor-collect.sh

Thank you!

Re: machine checks on Dell R815 under jessie

2016-08-10 Thread Ritesh Raj Sarraf

On Tue, 2016-08-09 at 20:43 -0400, Jeffrey Mark Siskind wrote:
> I upgraded four Dell R815s from wheezy to jessie a few weeks ago. Prior to the
> upgrade, they were running reliably for about 5 years. Since the upgrade, two
> machines have been getting periodic machine checks. The machines boot fine and
> run for a day or more. The machine checks appear to happen sporadically. I
> can't determine a correlation with anything in particular.
> 
> The front panel on the first machine says the machine check was on CPU #4. The
> front panel on the second machine said the first machine check was on CPU #1
> and the second machine check was on CPU #2.
> 
> I am suspicious that this is really a hardware problem. Three CPUs begin
> exhibiting machine checks within a few weeks of each other, all immediately
> after upgrading wheezy to jessie, after working reliably for five years.
> 
> Has anybody else encountered this issue? Any suggestions on how to debug and
> fix?

I (still) have MCE errors on my new laptop [1]. But so far, hasn't created any
problem.

[1] https://www.researchut.com/blog/lenovo-yoga-2-13-debian


-- 
Given the large number of mailing lists I follow, I request you to CC
me in replies for quicker response

signature.asc
Description: This is a digitally signed message part

Re: i8042 controller not found

[Please reply on list. Also, when replying on list, consider using 
interleaved style as I do instead of top posting.]


Le 10/08/2016 à 01:03, Maureen L Thomas a écrit :

When I boot in rescue mode it asks for the admin password or Ctrl D.


Good. You must type the root password to start a shell. Then what 
happens if you run 'startx' in the shell ? It should launch a graphic 
environment. If it does not hang with a blinking cursor again, then the 
issue could be with the desktop manager.



but after it reboots from that it still stops at the blinking - in the
upper left hand corner.  It goes no where from there and none of the
keys work so I have to hit ctrl-alt-del to reboot it.


Can't you switch back to a text console with Ctrl+Alt+F2 ?


I also have checked the net and no one seems to have an option for what
to do.


If it is a graphic issue, you may want to try to add "nomodeset" to the 
kernel command line in the boot menu.

Re: Help on investigating partition-related changes

2016-08-10 Thread Lisi Reisz

On Wednesday 10 August 2016 00:45:32 Mark Fletcher wrote:
> I would hope that most decent mail clients roll up the quoted text and
> let you unroll it if you want to read it -- Inbox certainly does.

Googlemail Inbox is your definition of a decent email client??? :-0

Lisi

Re: you iso's may have been hacked

Hi,

Andrew F Comly wrote:
> gpg: WARNING: This key is not certified with a trusted signature!

I wonder whom we could trust to certify the Debian gpg key ...


> Notice how the two sha512sum numbers (local vs burnt usb) don't match!

Determine the ISO size on /dev/sdb by program isosize and curb its reading
by help of program dd, or try

  wget https://people.debian.org/~danchev/debian-iso/check_debian_iso

  ./check_debian_iso SHA512SUMS debian-8.5.0-i386-lxde-CD-1.iso /dev/sdb


Have a nice day :)

Thomas

Re: you iso's may have been hacked