Re: USB3 Monitors

[David Christensen]

On 02/25/2017 07:33 PM, Brian Sammon wrote:

On Sat, 25 Feb 2017 20:56:39 -0500
Carl Fink  wrote:

(I want to do this at least largely to get a
super-low-power-consumption system. USB3 monitors use as little as 5
watts when in active use and even less in standby.)


You may want to consider USB-powered monitors that use a more traditional video 
connection (such as HDMI).  I've been using a GeChic USB-powered HDMI monitor 
and I've been happy with it.  It pulls 2 amps off of USB.


Beware -- 2 amperes is too much current for convention USB 1.1, 2.0, and 
3.0 ports found on most motherboards and USB adapters.  You need 
specialized USB ports for devices that draw that much current:


https://en.wikipedia.org/wiki/USB

https://en.wikipedia.org/wiki/USB-C


David

Re: USB3 Monitors

[Carl Fink]

On 02/25/2017 10:33 PM, Brian Sammon wrote:
As far as I am aware, video-over-USB is "displaylink". Including 
"displaylink" in your web search may provide results


Thank you, that was exactly the missing piece.

You may want to consider USB-powered monitors that use a more 
traditional video
connection (such as HDMI). I've been using a GeChic USB-powered HDMI 
monitor and

I've been happy with it. It pulls 2 amps off of USB.


I will indeed consider doing that. Most of the low-power portable 
monitors I've found for sale
seem to be USB3 single-cable for both signal and power, which seems cool 
to me.


Again, thank you.

Carl

Re: USB3 Monitors

[Brian Sammon]

On Sat, 25 Feb 2017 20:56:39 -0500
Carl Fink  wrote:

> Does anyone know whether Debian (or the kernel in general, I guess)
> supports USB3 monitors? A quick web search finds no mention of it, if

As far as I am aware, video-over-USB is "displaylink".  Including "displaylink" 
in your web search may provide results

> (I want to do this at least largely to get a
> super-low-power-consumption system. USB3 monitors use as little as 5
> watts when in active use and even less in standby.)

You may want to consider USB-powered monitors that use a more traditional video 
connection (such as HDMI).  I've been using a GeChic USB-powered HDMI monitor 
and I've been happy with it.  It pulls 2 amps off of USB.

USB3 Monitors

[Carl Fink]

Does anyone know whether Debian (or the kernel in general, I guess)
supports USB3 monitors? A quick web search finds no mention of it, if
so.

If this support does exist, does that knowledgeable person know whether
a boot console is supported, or the USB monitor can only be secondary,
with a more specialized adapter used for setup? I think I'm asking
whether the stock Debian kernel incorporates USB video support and
autodetection and can thus boot directly to a USB3 console or Xorg
screen. If not, could I compile a kernel to do that?

(I want to do this at least largely to get a
super-low-power-consumption system. USB3 monitors use as little as 5
watts when in active use and even less in standby.)

Thanks for any assistance.

Carl

Re: Swift lang in Debian?

[Dale Harris]

On Sat, Feb 25, 2017 at 2:37 PM, Brian Sammon
 wrote:
>
> lack of volunteers?
>
> The google password is "ITP" (stands for Intent-to-Package):
>  https://bugs.debian.org/788327
>
> P.S. Not _this_(http://swift-lang.org/) swift.
>

Ah okay, well, there is some intent, at least.


-- 
Dale Harris
rod...@maybe.org
rod...@gmail.com
/.-)

Re: good LDAP resources

[Joshua Schaeffer]

LDAP can be very difficult to learn if you are just starting out with it, but 
also very powerful. There may be other faster solutions then a manual setup, 
but I found that I learned the most by doing all of it manually. On Red Hat 
based systems, I believe their IPA solution is quite good. It uses LDAP and 
Kerberos and does most of the leg work for you. I have no idea if any of that 
is compatible with Debian based systems (I don't think it is).

Anyway here are a lot of the resources I used when learning, configuring, and 
setting up my authentication system:

*

 *

   http://debian-handbook.info/browse/wheezy/sect.ldap-directory.html

 *

   http://ubuntuforums.org/showthread.php?t=1421998

 *

   http://www.openldap.org/lists/openldap-technical/201401/msg00140.html

 *

   https://help.ubuntu.com/community/GnuTLS

 *

   https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/115967

 *

   help.ubuntu.com/community/OpenLDAPServer 


 *

   http://www.openldap.org/doc/admin24/guide.html

 *

   https://help.ubuntu.com/community/Kerberos

 *

   http://www.openldap.org/lists/openldap-technical/201201/msg00140.html

 *

   slapd-config(5)

 *

   *http://www.zytrax.com/books/ldap/* 


 *

   http://www.zytrax.com/books/ldap/ch7/#overview

 *

   http://www.zytrax.com/books/ldap/ape/config.html#olcsyncprovconfig

 *

   http://www.cyberciti.biz/faq/how-do-i-rotate-log-files/

 *

   https://www.ietf.org/rfc/rfc2307.txt

 * https://tools.ietf.org/id/draft-howard-rfc2307bis-02.txt

*
There's plenty more out there as well. If you want I can send you my own setup 
guide, which I built over the years from all these resources (and probably many 
more I never recorded), just keep in mind that doc is specific to myself and my 
business and it involves setting up OpenLDAP not just for authentication but 
for almost anything. I also don't use OpenLDAP for authentication only 
authorization. I use MIT Kerberos for auth (which uses OpenLDAP as its backend).

To be more specific to your question of "good resources" I would say as a 
subset of all the links above the below are the best ones to start with:

*http://debian-handbook.info/browse/wheezy/sect.ldap-directory.html
***help.ubuntu.com/community/OpenLDAPServer 

**http://www.zytrax.com/books/ldap/

As one last suggestion/comment/remark, I would suggest setting up OpenLDAP as 
your implementation of LDAP and would use PPolicy to authn/authz over TLS. If 
you don't want to send passwords over the wire then use Kerberos for the 
authentication component.

Thanks,
Joshua Schaeffer

On 02/25/2017 03:16 PM, bri...@aracnet.com wrote:

I need to set-up some sort of password server for a small network so that i 
don't have to set-up accounts on every machine.

It looks like LDAP is the best way to do that.

Is it ?

I've been looking at the LDAP how-to's and even tried to turn things on using 
one of them, but I can't quite get things working.

Can someone point me to a good resource as to how to make it work ?

Thanks!

Re: Crashes in Icedove on Stretch

[Daniel Bareiro]

Hi.

On 16/02/17 11:05, Daniel Bareiro wrote:

>> I think I fixed the random Icedove crashes I was experiencing on Jessie
>> by setting layers.offmainthreadcomposition.enabled to false in Icedove's
>> config editor.

> Thanks for the tip. I applied this change. Let's see if it makes any
> difference.

Although crashes continue to occur in my case, when using this option
Icedove seems more stable than before.

Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Crashes in Icedove on Stretch

[Daniel Bareiro]

Hi again.

On 15/02/17 19:52, Daniel Bareiro wrote:

>> Isn't there a plan to migrate back to Thunderbird anyway, just as 
>> Iceweasel has been replaced with firefox?
>>
>> I wonder if stretch has thunderbird packages? (no time to check right 
>> now)

> It looks like it's currently in Sid. Has anyone tried it?
> 
> https://packages.debian.org/search?searchon=names=thunderbird

Here is the official announcement:

https://lists.debian.org/debian-devel-announce/2017/02/msg4.html


Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: [solved?] Re: Secure Boot won't let boot into Debian

[Ben Caradoc-Davies]

On 26/02/17 02:04, Rodolfo Medina wrote:

How do I check if my machine is `64 or 32 bit'


I use "cat /proc/cpuinfo | grep 'model name'", to find the model name 
and look it up on Wikipedia or Google for the manufacturer data sheet. 
64-bit support is often called "AMD64", or "x86-64" by non-AMD 
manufacturers.


If the "flags" section contains "lm", your CPU has 64-bit support, but 
might be IA64 (Itanium, Intel's 64-bit server architecture) rather than 
AMD64 (which Intel itself now uses). I find it easier to Google for the 
model as described above.


Most consumer desktop CPUs manufactured in the last five years have 
amd64 support, including, as far as I know, all Intel Core 2 Intel 
processors (since 2006), even the budget models with Pentium or Celeron 
branding. Some Atom CPUs support 64-bit, but not the earliest models.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

good LDAP resources

[briand]

I need to set-up some sort of password server for a small network so that i 
don't have to set-up accounts on every machine.

It looks like LDAP is the best way to do that.

Is it ?

I've been looking at the LDAP how-to's and even tried to turn things on using 
one of them, but I can't quite get things working.

Can someone point me to a good resource as to how to make it work ?

Thanks!

Re: Swift lang in Debian?

[Brian Sammon]

On Sat, 25 Feb 2017 13:34:46 -0500
Dale Harris  wrote:

> I imagine this is being discussed somewhere in the larger Debian
> community, but I'm having problems finding anything online, off hand.
> Does anyone know if there is there any plans to package Swift language
> into Debian?  It has been open sourced for a while now, I think it has
> a compatible license for Debian. You can install it on Ubuntu, so why
> not just package it into Debian?

lack of volunteers?

The google password is "ITP" (stands for Intent-to-Package):
 https://bugs.debian.org/788327

P.S. Not _this_(http://swift-lang.org/) swift.

Re: ssh naar Linux computer achter "router"

[Paul van der Vlis]

Op 25-02-17 om 18:42 schreef Geert Stappers:
> On Sat, Feb 25, 2017 at 05:50:54PM +0100, Paul van der Vlis wrote:

>> Verder het bijbehorende simpele paswoord wat ik regelmatig wijzig, maar
>> een key is wellicht beter.
> 
> "user management" op Mike is inderdaad iets om in te plannen.
> Als in "van te voren over nadenken"

Ondanks dat je /usr/sbin/nologin kunt gebruiken als shell, schijnt het
toch gevaarlijk te zijn dat mensen kunnen connecten naar je VPS.

Via een SOCKS proxy schijnen onaardige mensen je computer te kunnen
misbruiken, zo is mij verteld.

Mochten er hier mensen zijn die weten hoe je dat diabled en veilig
krijgt, dan zou ik dat prettig vinden. Dan hoef ik niet steeds het
paswoord te wijzigen of zou ik een generieke key kunnen gebruiken...

Groeten,
Paul

-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

Swift lang in Debian?

[Dale Harris]

I imagine this is being discussed somewhere in the larger Debian
community, but I'm having problems finding anything online, off hand.
Does anyone know if there is there any plans to package Swift language
into Debian?  It has been open sourced for a while now, I think it has
a compatible license for Debian. You can install it on Ubuntu, so why
not just package it into Debian?

https://swift.org/

-- 
Dale Harris
rod...@maybe.org
rod...@gmail.com
/.-)

Re: ssh naar Linux computer achter "router"

[Paul van der Vlis]

Op 25-02-17 om 18:11 schreef Geert Stappers:

> Misschien is mijn probleem ook wel: Welk package maakt het makkelijk om
> aan de Alice kant de juiste zaken klaar te zetten voor reverse SSH?

Naar zoiets ben ik al lang op zoek, het is er volgens mij nog niet.

Maar, ik zou het best willen maken. Ik denk dan aan een bash-script, een
item in het start-menu en een simpele gui via iets als Zenity.
Het lijkt me dat ik dat wel kan.

Mijn package-kennis is wel te mager, maar toevallig was ik er net mee
bezig dat te verbeteren ;-)

Groeten,
Paul



-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

Re: Comment empêcher Debian-Installer de configurer en IPv6 ?

[Haricophile]

Le Sat, 25 Feb 2017 12:24:06 +0100,
sTriX  a écrit :

> Bonjour,
> Je suis chez Free, j'utilise SIP depuis des années et les 
> communications vers les mobiles ne passent pas. De toute évidence 
> Free ne fait rien pour que cela change. :-/

Le compte sip de Free associé à la box a son intérêt mais ce n'est pas
un modèle du genre. Pour un compte sans bridage, il faut aller voir
ailleurs (OVH ou autre selon ce qu'on cherche).

Re: ssh naar Linux computer achter "router"

[Geert Stappers]

On Sat, Feb 25, 2017 at 05:50:54PM +0100, Paul van der Vlis wrote:
> Op 25-02-17 om 17:00 schreef Geert Stappers:
> > 
> > Het idee is om Alice een SSH verbinding naar Mike te laten maken.
> > Bob gaat zelf ook naar Mike om vervolgens via de SSH verbinding
> > van Alice naar haar computer te gaan.
> > 
> > 
> >   B --- M === A
> > 
> > 
> > Wat bestaat er aan Debian packages voor zulke situaties?
> 
> Ik geef Alice een commando zoals dit:
> ssh -NfR 12888:localhost:22 wel...@xen7.vandervlis.nl
> Dat staat bij mij op een webpagina, zodat ze copy/paste kan doen.
> Het kan als gewone user.

Mmm, met een webpagina plus knip en plak, ook een goed idee.


> Verder het bijbehorende simpele paswoord wat ik regelmatig wijzig, maar
> een key is wellicht beter.

"user management" op Mike is inderdaad iets om in te plannen.
Als in "van te voren over nadenken"

 
> Op mijn server doe ik dan iets als:
> ssh localhost -o "StrictHostKeyChecking no" -p 12888
> 
> Daarna log ik in als gewone gebruiker en wordt daarna root. Inloggen als
> root is immers default geblokkeerd.

Ja, Bob moet ook een account aan de Alice kant hebben/weten.
En makkelijk root kunnen worden is wel zo fijn.


> Dat "StrictHostKeyChecking no" lijkt niet te werken, ik weet niet
> waarom. Moet ik nog eens uitzoeken. Ik moet dus steeds iets weghalen uit
> mijn known_hosts. Wie weet waarom het niet werkt mag het zeggen.

Ik weet het niet. Misschien omdat "localhost" iets specials is?


> De user "welkom" kan als shell "/usr/sbin/nologin" hebben.

Zinvolle tip, dank je wel.

 
> Bij een klant is dit een icoontje op het desktop van de gebruikers met
> een bijbehorende key waarmee wordt ingelogd. Heel gebruiksvriendelijk.
> 
> Er is daar ook een icoontje waarmee je de user grafisch kunt overnemen,
> en dat alles werkt via een Mike-server, dus er is geen poortforwarding
> nodig bij Alice. Ik heb dit niet zelf ingericht, het werkt met Vino:
> https://packages.debian.org/vino
 
Vino, VNC server for GNOME, komt pas na de reverse SSH verbinding,
zo ver ben ik dus nog niet. Zo ver zijn Alice en Bob nog niet ;-)


Groeten
Geert Stappers
-- 
Leven en laten leven

Re: Jessie, OCS Inventory, Erro Perl (XMLin() requires either XML::SAX or XML::Parser)

[elderjmp]

Ricardo,

O cpan faz parte do perl, ele é usado para instalação dos módulos. A versão
é a 5.20.

Em 24 de fevereiro de 2017 14:21, Ricardo Ramos 
escreveu:

> Desculpa,
>
> Mas não vi no comando o interpretador perl, confirma se ele tá instalado e
> em que versão.
>
> A Sex, 24 de fev de 2017, 17:47, elderjmp  escreveu:
>
>> Ricardo,
>>
>> Instalei todas as dependências que são solicitadas pelo OCS Inventory, o
>> Apache2 e o PHP5.
>>
>> install apache2-dev gcc libapache2-mod-perl2 libapache-dbi-perl
>> libarchive-zip-perl libdbd-mysql-perl libdbi-perl libio-compress-perl
>> libnet-ip-perl libsoap-lite-perl libxml-libxml-simple-perl
>> libxml-parser-lite-perl libxml-parser-lite-tree-perl libxml-sax-base-perl
>> libxml-sax-expat-perl libxml-sax-expatxs-perl libxml-sax-perl
>> libxml-simple-perl make mysql-client php5-curl php-pclzip texinfo
>> libphp-pclzip
>>
>> # cpan -i Apache2::SOAP
>> # cpan -i XML::Entities
>> # cpan -i Compress::Zlib
>> # cpan -i MIME::Types
>> # cpan -i XML::SAX::ExpatXS
>>
>> Inclusive os dois itens que aparece no erro, estão instalados:
>> XML::Parser is up to date e XML::SAX is up to date.
>>
>> Att.
>>
>> Em 24 de fevereiro de 2017 12:53, Ricardo Ramos > > escreveu:
>>
>> Boa tarde Elder,
>>
>> Pelo que pude ver tem coisas faltando no sistema, provavelmente algum
>> módulo do perl. Tem como dar mais detalhes do cenário e do erro? Qual
>> comando originou o erro? Como foi instalado o apache e quais pacotes estão
>> instalados (relacionados com o OCS)?
>>
>> A Sex, 24 de fev de 2017, 15:59, elderjmp  escreveu:
>>
>> Boa tarde pessoal,
>>
>> Alguém que instalou o OCS Inventory no Debian Jessie se deparou com o
>> erro abaixo? Poderia me ajudar?
>>
>> *[perl:error] [pid 23700] [client 192.168.1.55:63980
>> ] XMLin() requires either XML::SAX or
>> XML::Parser at /usr/local/share/perl/5.20.2/Apache/Ocsinventory.pm line
>> 215.\nXML::Simple called at
>> /usr/local/share/perl/5.20.2/Apache/Ocsinventory.pm line 215.\n*
>>
>> Att.
>>
>> Elder
>>
>> --
>>
>> Ricardo Ramos
>> +927 927 953 770
>> Técnico de Informática
>>
>>
>> --
>
> Ricardo Ramos
> +927 927 953 770
> Técnico de Informática
>

Re: Crashes in Icedove on Stretch

[GiaThnYgeia]

And you have not updated icedove/thunderchicken in the past 10 days I
assume.  If you have, how can you tell that this was the fix and was not
in the update?

Mattia Oss:
> On Sat, Feb 25, 2017 at 04:40:44PM +0100, Jörg-Volker Peetz wrote:
>> Jörg-Volker Peetz wrote on 02/18/17 10:32:
>>> Daniel Bareiro wrote on 02/16/17 15:14:
 Thanks for sharing your experience. It would be good to know if it
 remains stable after several days. I just applied the change suggested
 by Benjamin in another message in this thread.

 Kind regards,
 Daniel

>>> Meanwhile I had the first crash of thunderbird. After updating some gtk- and
>>> glib related stuff I'm trying it again. If thunderbird still crashes, I 
>>> surely
>>> apply the setting of the config variable
>>> "layers.offmainthreadcomposition.enabled" (OMTC) which is enabled for 
>>> faster and
>>> smoother composition.
>>>
>> Since I suffered another crash of thunderbird, I now flipped
>> "layers.offmainthreadcomposition.enabled" to "false". No more crashes so far.
>>
>> Regards,
>> jvp.
> 
> +1 
> No more crashes after 10+ days. This option is the devil himself. :)
> 
> Bye,
> Mattia
> 

-- 
 "The most violent element in society is ignorance" rEG

Re: MPEG-TS : édition de fichier vidéo TNT HD.

[φ Dhénin Jean-Jacques]

Le 25 février 2017 à 17:34, Dominique Dumont  a écrit :

> On lundi 13 février 2017 22:57:48 CET Randy11 wrote:
> > J'enregistre les émissions de la télévision transmises en TNT HD,
> > comme celles d'ARTE, les fichiers sont au format MPEG-TS et
> > je souhaiterais pouvoir les éditer : couper les minutes avant et
> > après la partie intéressante, supprimer les publicités.
>

si "$1" est un fichier  MPEG-TS,

la ligne ci-dessous le convertira en mp4

ffmpeg -i "$1" -c:a aac -vcodec libx264 "$1".mp4

L'édition (couper les pub !) peut se faire ensuite avec MPEG SteamClip


Cordialement.

-
>
(V)  Dhénin Jean-Jacques
( ..) 48, rue de la Justice 78300 Poissy
c(')(')  dhe...@gmail.com
-

Re: Bumblebee sur Asus UX501VW/Debian Stretch

[Michel Memeteau - EKIMIA]

Pourquoi installer bumblebee maintenant que Nvidia Prime gère optimus ?
<-->
Michel Memeteau  - Directeur.


Notre Boutique Ordinateurs GNU/Linux : http://shop.ekimia.fr
280 avenue de la malvesine 13720 La Bouilladisse - France.
Fixe :  +33 (0) 972308334   Mobile : +33(0) 624808051
<-->


Le 25 février 2017 à 17:37, Dominique Dumont  a écrit :
> On mardi 14 février 2017 18:19:30 CET Pascal Ognibene wrote:
>> Symptômes : je peux installer les paquets nvidia, compiler les modules avec
>> dkms, installer bumblebee, primus/optimus, etc.
>> Redémarrage du laptop : j'ai le login de gnome.
>> Je me logge : freeze du laptop. Pas de logs Xorg à analyser.
>
> https://github.com/Bumblebee-Project/Bumblebee/issues/764 avec les solutions
> de type work-around..
>
> HTH
>

Re: Crashes in Icedove on Stretch

[Mattia Oss]

On Sat, Feb 25, 2017 at 04:40:44PM +0100, Jörg-Volker Peetz wrote:
> Jörg-Volker Peetz wrote on 02/18/17 10:32:
> > Daniel Bareiro wrote on 02/16/17 15:14:
> > 
> >> Thanks for sharing your experience. It would be good to know if it
> >> remains stable after several days. I just applied the change suggested
> >> by Benjamin in another message in this thread.
> >>
> >> Kind regards,
> >> Daniel
> >>
> > Meanwhile I had the first crash of thunderbird. After updating some gtk- and
> > glib related stuff I'm trying it again. If thunderbird still crashes, I 
> > surely
> > apply the setting of the config variable
> > "layers.offmainthreadcomposition.enabled" (OMTC) which is enabled for 
> > faster and
> > smoother composition.
> > 
> Since I suffered another crash of thunderbird, I now flipped
> "layers.offmainthreadcomposition.enabled" to "false". No more crashes so far.
> 
> Regards,
> jvp.

+1 
No more crashes after 10+ days. This option is the devil himself. :)

Bye,
Mattia

Re: Bumblebee sur Asus UX501VW/Debian Stretch

[Dominique Dumont]

On mardi 14 février 2017 18:19:30 CET Pascal Ognibene wrote:
> Symptômes : je peux installer les paquets nvidia, compiler les modules avec
> dkms, installer bumblebee, primus/optimus, etc.
> Redémarrage du laptop : j'ai le login de gnome.
> Je me logge : freeze du laptop. Pas de logs Xorg à analyser.

https://github.com/Bumblebee-Project/Bumblebee/issues/764 avec les solutions 
de type work-around..

HTH

Re: MPEG-TS : édition de fichier vidéo TNT HD.

[Dominique Dumont]

On lundi 13 février 2017 22:57:48 CET Randy11 wrote:
> J'enregistre les émissions de la télévision transmises en TNT HD,
> comme celles d'ARTE, les fichiers sont au format MPEG-TS et
> je souhaiterais pouvoir les éditer : couper les minutes avant et
> après la partie intéressante, supprimer les publicités.

J'utilise vdr + vdr-plugin-xineliboutput pour enregistrer ARTE-HD.

vdr fournit un  éditeur suffisant pour enlever les pubs.

Ensuite, je ré-emballe les fichiers ts en mkv avec ffmpeg (ou je garde les ts 
tel quels pour les sous-titres: le format mkv ne supporte pas les sous-titres 
dvb)

HTH

Re: ssh naar Linux computer achter "router"

[mj]

Hoi,


En hier dan het plaatje

  B --- M === A


Wat bestaat er aan Debian packages voor zulke situaties?


Dat zou je toch kunnen oplossen met reverse ssh?

Lees bv: https://www.howtoforge.com/reverse-ssh-tunneling

MJ

ssh naar Linux computer achter "router"

[Geert Stappers]

Hoi,

Eerst een verhaal om een plaatje te kunnen schetsen.


Vijftig kilometer verderop staat een "huis-tuin-en-keuken-computer".
Ter plekke is een Internet aansluiting m.b.v. een consumentenrouter.
Je weet wel, van die "routers" die modem zijn en NAT doen.
Laten die plaats/computer  "Alice" noemen.

Elders heb ik een VPS waar gelukkig geen Network Adres Translation
gebeurd. Die computer noemen we "Mike" met de M van 'Man in the Middle'.

Zelf zit ik op een derde plek in het mooie grote Internet.
En laat me voor het verder verhaal "Bob" noemen.


Als Bob kom ik niet zonder bij de computer van Alice.

Het idee is om Alice een SSH verbinding naar Mike te laten maken.
Bob gaat zelf ook naar Mike om vervolgens via de SSH verbinding
van Alice naar haar computer te gaan.

En hier dan het plaatje

  B --- M === A


Wat bestaat er aan Debian packages voor zulke situaties?


 
Groeten
Geert Stappers
-- 
Leven en laten leven

Re: Mixing firewall tools

[Dan Ritter]

On Sun, Feb 26, 2017 at 03:40:53AM +1300, Richard Hector wrote:
> On 26/02/17 03:19, Dan Ritter wrote:
> > On Sat, Feb 25, 2017 at 07:54:32PM +1300, Richard Hector wrote:
> >> I have a machine with a hand-rolled firewall script, which just runs
> >> iptables commands - all well and good.
> >>
> >> The trickiest bits are for my LXC containers; I need to forward ports
> >> etc - but that's ok.
> >>
> >> The complications start when I add fail2ban - now I have an extra bit in
> >> my init script that reloads fail2ban after reloading my script, because
> >> my script does a flush of all existing rules. This is now getting ugly,
> >> but it still worked.
> >>
> >> Does anyone have better ideas for that stage? Do any of the many
> >> firewall tools cope with this adequately?
> > 
> > 
> > Take a step back and describe your topology, please.
> 
> A remotely hosted VPS (yes, many layers ...) with a single IP address
> allocated. Getting more from this provider is tedious at best.
> 
> At the moment, it runs a few things itself, but most public services are
> in LXC containers. Everything public-facing is supposed to be in a
> container. It does however run nginx, proxying to the internal web
> services, and that does all the TLS. There's a mail container running
> postfix and dovecot; that all gets forwarded by iptables.
> 
> There's a postgresql and an internal-only BIND on the host, running on
> the host's internal ip.
> 
> SSH is accessible on the host, on a non-standard port; containers are
> sshable via forwarded non-standard ports. There is or will be a git
> container which needs the standard port.
> 
> > Remember that fail2ban needs to run on the "machine" (host or
> > container or VM or whatever) where both the daemon logs are
> > stored and iptables decisions can be made. In order to cleanly
> > accomplish that, you should have a fail2ban instance and an
> > iptables instance inside each machine, and leave the host
> > firewall to take care of the host and generically handle any
> > needed NAT.
> 
> That would mean fail2ban needs to run on the host (for ssh, nginx) _and_
> on each container. It still needs to coexist.

Correct, but it doesn't need to cross boundaries. The fail2ban
on the host runs solely for ssh and nginx. The fail2ban on your
mail server machine runs for IMAP and SMTP, and doesn't share 
information out to the host on which it lives.

> However, AFAIK it doesn't make sense to run iptables inside a container;
> it's all one kernel. It currently doesn't work, anyway. That means that
> any fail2ban instances running in containers would have to somehow
> control iptables outside, which is probably not desirable. It's probably
> better to have fail2ban monitoring the container filesystems (which are
> visible from the host) instead.

It's all one kernel, but by giving each container its own IP
address, you get to operate in a different network namespace.
iptables inside a network namespace should work smoothly,
believing it is in sole control.

http://containerops.org/2013/11/19/lxc-networking/ seems to be
a good reference.

> > If you can, it's cleaner and easier to give an IP address to
> > each machine and use routing instead of NAT. Push NAT to the
> > perimeter of your network.
> 
> The only available public IP address is on the host. Everything else is
> RFC1918.

NAT on the host, then, and RFC1918 addresses internally.

> >> Now the biggie: I want to add Docker. Docker wants to do its own thing
> >> with iptables. Do I need to resort to just telling Docker to keep its
> >> hands off, and do everything myself?
> > 
> > Doing Docker and LXC at the same time is oddly duplicative. But
> > the same principles apply.
> 
> It is. I've been learning Docker more recently than the machine was set
> up, and I'm starting to see benefits - partly the fact that much of the
> work might have been done for me, and partly I think it'd use less disk
> space overall due to the layering.
> 
> I would certainly consider migrating the other containers from LXC to
> Docker.
> 
> Mind you, I'm also starting to think the poor thing's getting a bit
> overloaded ...

LXC and Docker add very little CPU overhead by themselves, but
they are not so great at network and disk I/O. The big loss,
however, is in quantity of memory used by duplicative services.

Docker is usually set up to use the network namespace feature
from the beginning, so that's probably the biggest difference.

-dsr-

Re: Crashes in Icedove on Stretch

[Jörg-Volker Peetz]

Jörg-Volker Peetz wrote on 02/18/17 10:32:
> Daniel Bareiro wrote on 02/16/17 15:14:
> 
>> Thanks for sharing your experience. It would be good to know if it
>> remains stable after several days. I just applied the change suggested
>> by Benjamin in another message in this thread.
>>
>> Kind regards,
>> Daniel
>>
> Meanwhile I had the first crash of thunderbird. After updating some gtk- and
> glib related stuff I'm trying it again. If thunderbird still crashes, I surely
> apply the setting of the config variable
> "layers.offmainthreadcomposition.enabled" (OMTC) which is enabled for faster 
> and
> smoother composition.
> 
Since I suffered another crash of thunderbird, I now flipped
"layers.offmainthreadcomposition.enabled" to "false". No more crashes so far.

Regards,
jvp.

Re: [solved?] Re: Secure Boot won't let boot into Debian

[Patrick Bartek]

On Sat, 25 Feb 2017 08:36:04 + Rodolfo Medina
 wrote:

> Rodolfo Medina  writes:
> 
> > I frehly installed Debian Sid in dual boot with Windows 10 on my
> > brand new Lenovo desktop pc but it won't boot into Debian system I
> > suspect because of the new Secure Boot policy.  I want to disable
> > it but the problem is that there's no Secure Boot option anywhere
> > in its Bios.  In fact, in the Security submenu, there are only the
> > options for administrator and power-on password setting.
> >
> > What do you suggest me to do?
> 
> 
> I tried to install Debian again so to do as suggested by Pascal,
> i.e.  install GRUB in the "removable path"; but this time strangely
> the installation wouldn't proceed up to end and stopped at a certain
> point.  Then I was tired with all that stuff, all those Legacy
> problems and so on, and did GiaThnYgeia's way and formatted the drive
> and got rid of that stupid system it came with: now Debian runs
> without problems.  I left some free space on disk so to install
> Windows 10 later on...  maybe ;-)

I would just install Windows 10 in a virtual machine like VirtualBox
with Debian as the host. No need for dual booting.  Although you may
have to contact Microsoft directly to get W10 authenicated.  You'll
need sufficient RAM, too.

B

Re: Mixing firewall tools

[Richard Hector]

On 26/02/17 03:19, Dan Ritter wrote:
> On Sat, Feb 25, 2017 at 07:54:32PM +1300, Richard Hector wrote:
>> I have a machine with a hand-rolled firewall script, which just runs
>> iptables commands - all well and good.
>>
>> The trickiest bits are for my LXC containers; I need to forward ports
>> etc - but that's ok.
>>
>> The complications start when I add fail2ban - now I have an extra bit in
>> my init script that reloads fail2ban after reloading my script, because
>> my script does a flush of all existing rules. This is now getting ugly,
>> but it still worked.
>>
>> Does anyone have better ideas for that stage? Do any of the many
>> firewall tools cope with this adequately?
> 
> 
> Take a step back and describe your topology, please.

A remotely hosted VPS (yes, many layers ...) with a single IP address
allocated. Getting more from this provider is tedious at best.

At the moment, it runs a few things itself, but most public services are
in LXC containers. Everything public-facing is supposed to be in a
container. It does however run nginx, proxying to the internal web
services, and that does all the TLS. There's a mail container running
postfix and dovecot; that all gets forwarded by iptables.

There's a postgresql and an internal-only BIND on the host, running on
the host's internal ip.

SSH is accessible on the host, on a non-standard port; containers are
sshable via forwarded non-standard ports. There is or will be a git
container which needs the standard port.

> Remember that fail2ban needs to run on the "machine" (host or
> container or VM or whatever) where both the daemon logs are
> stored and iptables decisions can be made. In order to cleanly
> accomplish that, you should have a fail2ban instance and an
> iptables instance inside each machine, and leave the host
> firewall to take care of the host and generically handle any
> needed NAT.

That would mean fail2ban needs to run on the host (for ssh, nginx) _and_
on each container. It still needs to coexist.

However, AFAIK it doesn't make sense to run iptables inside a container;
it's all one kernel. It currently doesn't work, anyway. That means that
any fail2ban instances running in containers would have to somehow
control iptables outside, which is probably not desirable. It's probably
better to have fail2ban monitoring the container filesystems (which are
visible from the host) instead.

> If you can, it's cleaner and easier to give an IP address to
> each machine and use routing instead of NAT. Push NAT to the
> perimeter of your network.

The only available public IP address is on the host. Everything else is
RFC1918.

>> Now the biggie: I want to add Docker. Docker wants to do its own thing
>> with iptables. Do I need to resort to just telling Docker to keep its
>> hands off, and do everything myself?
> 
> Doing Docker and LXC at the same time is oddly duplicative. But
> the same principles apply.

It is. I've been learning Docker more recently than the machine was set
up, and I'm starting to see benefits - partly the fact that much of the
work might have been done for me, and partly I think it'd use less disk
space overall due to the layering.

I would certainly consider migrating the other containers from LXC to
Docker.

Mind you, I'm also starting to think the poor thing's getting a bit
overloaded ...

Thanks,
Richard




signature.asc
Description: OpenPGP digital signature

Re: Mixing firewall tools

[Dan Ritter]

On Sat, Feb 25, 2017 at 07:54:32PM +1300, Richard Hector wrote:
> I have a machine with a hand-rolled firewall script, which just runs
> iptables commands - all well and good.
> 
> The trickiest bits are for my LXC containers; I need to forward ports
> etc - but that's ok.
> 
> The complications start when I add fail2ban - now I have an extra bit in
> my init script that reloads fail2ban after reloading my script, because
> my script does a flush of all existing rules. This is now getting ugly,
> but it still worked.
> 
> Does anyone have better ideas for that stage? Do any of the many
> firewall tools cope with this adequately?


Take a step back and describe your topology, please.

Remember that fail2ban needs to run on the "machine" (host or
container or VM or whatever) where both the daemon logs are
stored and iptables decisions can be made. In order to cleanly
accomplish that, you should have a fail2ban instance and an
iptables instance inside each machine, and leave the host
firewall to take care of the host and generically handle any
needed NAT.

If you can, it's cleaner and easier to give an IP address to
each machine and use routing instead of NAT. Push NAT to the
perimeter of your network.

> Now the biggie: I want to add Docker. Docker wants to do its own thing
> with iptables. Do I need to resort to just telling Docker to keep its
> hands off, and do everything myself?

Doing Docker and LXC at the same time is oddly duplicative. But
the same principles apply.

-dsr-

Multiply Online Visitors: kangry.com

[Donald Jackson]

Dear kangry Team,

It’s my Pleasure to write you this email.


Website is one of the important essential for online business so you should
always operate and manage it through safe hands. These days many unethical
practices are followed to make a website visible and get maximum traffic
which ends up reaching in sand box to get black listed.

There are many approaches which should be initiated while entering into
online competition. We assure you having ample amount of experience and
experts in this digital world, together we can move towards right direction
and get ROI.

The first approach of online promotion should be an error free website,
which will help to overcome the huddle of getting index. Selection of
competitive keywords for your website is one of the crucial factors during
the promotion phase as your competitors are always there to replace you.
Regular update on Social media platforms will also help to increase your
brand awareness.

There are many additional ways that will make your website stand out among
your competitors and if you would like to learn more about them and are
curious to know what our working together would involve, then I would be
glad to provide you with a detailed analysis in the form of a WEBSITE AUDIT
REPORT for FREE.

There are many examples where our Support Team have proven them and shown
remarkable results while working on a website. After we start our business
relationship you can also feel and see how professionally our Team work and
also measure the improvement every month.

Feel free to email us or alternatively you can provide me with your phone
number and the best time to call you to have further discussion.











*Donald Jackson*

Site Analyst /Digital Marketing
Tel: USA (813) 708-8643
*Skype*: high.rank

……..

Ps: If you do not want such emails ask us to “REMOVE”.

This e-mail is an initiative to let you know about your website performance
through our Marketing ID. Once you revert us back, we will start
communicating with you from our Corporate ID.


[image: beacon]

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[deloptes]

Thomas Schmitt wrote:

> It's easy to guess that /boot is the main suspect in this list.
> But still no idea why a blockwise disk copy should not work when it comes
> to identifying a program file as ELF format. Somehow GRUB must get to the
> wrong file content.

+1

Re: [solved?] Re: Secure Boot won't let boot into Debian

[deloptes]

Rodolfo Medina wrote:

> So, generally speaking, how do I know what to choose?  How do I check if
> my machine is `64 or 32 bit', and what of all those different Debian .isos
> to install?

In general you would install 64bit amd64 to modern 64bit
architecture/machine - it might be intel or amd.
If you want to run 32bit on 64bit you would enable multi-arch and install
32bit dependencies.

The advantage is that you would use 100% of the hardware capability and
still 32bit would run, so pick up simply the amd64 iso.

regards

Re: [solved?] Re: Secure Boot won't let boot into Debian

[Rodolfo Medina]

Pascal Hambourg  writes:

> Le 25/02/2017 à 13:26, GiaThnYgeia a écrit :
>> AMD64 is for 64bit Amd and Intel processors,
>
> 64-bit Intel *x86* processors. There was once another 64-bit architecture
> called ia64 used by Intel "Itanium" processors, not compatible with amd64.
>
>> i386 is a 32bit system for
>> old pre64 architectures.  So even though a 32bit will work on a 64bit
>> system I have yet to find a good reason for doing so.
>
> Here are some good reasons to use a 32 bit system on 64 bit hardware :
> - You are tight on memory (e.g. embedded system).
> - You need to run software available only for 32 bit architecture.

So, generally speaking, how do I know what to choose?  How do I check if my
machine is `64 or 32 bit', and what of all those different Debian .isos to
install?

Rodolfo

Re: [solved?] Re: Secure Boot won't let boot into Debian

[Pascal Hambourg]

Le 25/02/2017 à 13:26, GiaThnYgeia a écrit :

AMD64 is for 64bit Amd and Intel processors,


64-bit Intel *x86* processors. There was once another 64-bit 
architecture called ia64 used by Intel "Itanium" processors, not 
compatible with amd64.



i386 is a 32bit system for
old pre64 architectures.  So even though a 32bit will work on a 64bit
system I have yet to find a good reason for doing so.


Here are some good reasons to use a 32 bit system on 64 bit hardware :
- You are tight on memory (e.g. embedded system).
- You need to run software available only for 32 bit architecture.

Re: [solved?] Re: Secure Boot won't let boot into Debian

[GiaThnYgeia]

AMD64 is for 64bit Amd and Intel processors, i386 is a 32bit system for
old pre64 architectures.  So even though a 32bit will work on a 64bit
system I have yet to find a good reason for doing so.  The other way
around wouldn't work.

kat

Rodolfo Medina:
> ...Just curiosity: I installed debian-8.7.1-i386-netinst.iso, but my machine 
> is
> an AMD, and everything went fine.  So what's that difference for?
> 
> Rodolfo
> 

-- 
 "The most violent element in society is ignorance" rEG

Re: Comment empêcher Debian-Installer de configurer en IPv6 ?

[sTriX]

le vendredi 24 février 2017 à 12:13 (+0100), daniel huhardeaux a écrit:
> >Je n'ai pas vérifié dernièrement mais l'utilisation de SIP
> >n'interdit-elle pas la gratuité des appels vers les mobiles en
> >France ou vers certaines destinations à l'étranger ?
> 
> L'étranger oui, les mobiles non à ma connaissance. Interdire une
> gratuité revient à faire payer non ;-)
> 
> -- 
> Daniel
> 
Bonjour,
Je suis chez Free, j'utilise SIP depuis des années et les 
communications vers les mobiles ne passent pas. De toute évidence 
Free ne fait rien pour que cela change. :-/
-- 
Gérard 

Re: [solved?] Re: Secure Boot won't let boot into Debian

[Rodolfo Medina]

...Just curiosity: I installed debian-8.7.1-i386-netinst.iso, but my machine is
an AMD, and everything went fine.  So what's that difference for?

Rodolfo

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[Thomas Schmitt]

Hi,

Lucio Crusca wrote:
> I lack the skills to understand how grub (or the BIOS firmware if grub hands
> the task to it) could access SSD any different than HDD, given that, as far
> as I know, the SATA protocol is just the same.

Even more, all disk-like storage devices are operated via SCSI commands
independly of the bus technology. So with USB, SATA, PATA it's all the same.
A block written to Logical Block Address X should be retrievable from that
same address, however its data are stored pysically.


> Then I copied partition contents over with cp run in a live systemrescuecd,
> except /boot, /dev /proc and /sys. It more or less worked

It's easy to guess that /boot is the main suspect in this list.
But still no idea why a blockwise disk copy should not work when it comes
to identifying a program file as ELF format. Somehow GRUB must get to the
wrong file content.


Have a nice day :)

Thomas

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[Lucio Crusca]

Felix Miata wrote:

Did you look for any significant differences between the working and 
non-working grub.cfgs? Does Grub see your SSD as an NVMe device and 
need to embed a different binary or load a different module for it?


I think you've caught it! Here is what seems to me the most interesting 
diff:


< set root='hd1,msdos5'
---
> set root='hd0,msdos1'

The difference in the partition number (msdos5 vs msdos1) is expected 
because, when I did the clean install, I did not carry over the Windows 
partitions. The difference in the drive identifier is more interesting 
instead. Why does grub identified the old HDD as hd1 but the SDD as hd0? 
I've never had more than one drive installed in the notebook (it's a 
sure bet, because it doesn't have room for two drives). Moreover, the 
old disk is a plain disk only, not a hybrid:


https://www.cnet.com/products/seagate-momentus-7200-4-st9250410as-hard-drive-250-gb-sata-300-series/specs/

Anyway, that's likely the reason why grub couldn't find its files on the 
SSD. Misleading error message though.

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Feb 25, 2017 at 04:28:33AM -0500, Felix Miata wrote:
> Lucio Crusca composed on 2017-02-25 10:16 (UTC+0100):
> ...
> >I hate to workaround problems without understanding them, this is a loss.
> 
> >Thanks everyone for your support anyway.
> 
> Did you look for any significant differences between the working and
> non-working grub.cfgs? Does Grub see your SSD as an NVMe device and
> need to embed a different binary or load a different module for it?

This is actually an interesting point. I always forget Grub has become
an OS on its own and that disk isn't always dis. Yes, Grub seems to need
special magic for NVMe.

Thanks
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlixUNYACgkQBcgs9XrR2kZIwACfaL1RD7Cwd3XsEOKLW+Y+aCEL
FPgAn3nBejDT4ZVeXkWu/XPQsgAhQmdt
=UAuV
-END PGP SIGNATURE-

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Feb 25, 2017 at 10:16:18AM +0100, Lucio Crusca wrote:

[...]

> I hate to workaround problems without understanding them, this is a loss.

I know that feeling. Makes for an interesting life ;-P

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlixUAsACgkQBcgs9XrR2kb6YACfdC71ajMDnJ7d2QwXboFXHIA4
4UoAnj8mNv7MChAfhszBc8wLReRnKlLr
=0yLx
-END PGP SIGNATURE-

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[Felix Miata]

Lucio Crusca composed on 2017-02-25 10:16 (UTC+0100):
...

I hate to workaround problems without understanding them, this is a loss.



Thanks everyone for your support anyway.


Did you look for any significant differences between the working and non-working 
grub.cfgs? Does Grub see your SSD as an NVMe device and need to embed a 
different binary or load a different module for it?

--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: "Invalid arch-independent ELF magic" in grub after SSD migration

[Lucio Crusca]

to...@tuxteam.de wrote:

In the OP's context this doesn't make much sense. From the OP's mail

   dd if=/dev/sda of=/dev/sdb [other params elided]

That would copy boot sector, partition table and everything. If

  (a) the one (or the other) disk isn't broken
  (b) no one else is concurrently writing to the copied disk

everything should work. And from the thread up to now, I gather that
there's at least good evidence against (b).


There's also good evidence of (a), because cmp reported no errors 
(besides, I had also checked dmesg and smartctl of both drives).



There's nothing magical about the boot sector [...]
I have some dim memories of some helpful firmware [...]
But hard/firmware vendors are known to do strange things: go check
your BIOS whether some funny RAID thingie is enabled.


Not really much in the BIOS screens of Dell laptops. That does not 
exclude the BIOS is doing some "helpful magic" behind the scenes 
nevertheless.


deloptes wrote:


Usually grub-install helps. I assume the problem is due to different disk
architecture or precisely how the PC would access SDD - so might be
hardware vendor related. Are you sure it points to the same piece of data
or sector/block when giving control to grub loader? I vote for
grub-install.
I lack the skills to understand how grub (or the BIOS firmware if grub 
hands the task to it) could access SSD any different than HDD, given 
that, as far as I know, the SATA protocol is just the same. However it 
is indisputably true that my knowledge does not reach far enough.



In such a case I do boot from live usb stick, chroot and perform grub
install.


Tried that too, to no avail.

Mark Fletcher wrote:
> I am not sure I can explain why this would be necessary (theoretically,
> it wouldn't) but you might want to try manually recreating the partition
> structure on the SSD and then using dd (or just cp actually) to copy
> each partition.

I ended up installing a clean Debian base system (same version as the 
one I was trying to migrate, Linux Kernel 4.9, Grub 2.02~beta3), just to 
make sure Debian had no compatibility issues with my SSD and that my SSD 
had no compatibility issues with my notebook. To my surprise, that 
worked like a charm. I can only infer there actually is some "magic" 
going on behind the scenes and that "magic" must be there in the debian 
installer.


Then I copied partition contents over with cp run in a live 
systemrescuecd, except /boot, /dev /proc and /sys. It more or less 
worked (some apt-fu needed to fix a few package state issues).

I'm now writing from the SSD-migrated Debian GNU/Linux system.

I hate to workaround problems without understanding them, this is a loss.

Thanks everyone for your support anyway.

Re: [solved?] Re: Secure Boot won't let boot into Debian

[Rodolfo Medina]

Rodolfo Medina  writes:

> Rodolfo Medina  writes:
>
>> I frehly installed Debian Sid in dual boot with Windows 10 on my brand new
>> Lenovo desktop pc but it won't boot into Debian system I suspect because of
>> the new Secure Boot policy.  I want to disable it but the problem is that
>> there's no Secure Boot option anywhere in its Bios.  In fact, in the
>> Security submenu, there are only the options for administrator and power-on
>> password setting.
>>
>> What do you suggest me to do?
>
>
> I tried to install Debian again so to do as suggested by Pascal, i.e.
> install GRUB in the "removable path"; but this time strangely the
> installation wouldn't proceed up to end and stopped at a certain point.  Then
> I was tired with all that stuff, all those Legacy problems and so on, and did
> GiaThnYgeia's way and formatted the drive and got rid of that stupid system
> it came with: now Debian runs without problems.  I left some free space on
> disk so to install Windows 10 later on...  maybe ;-)
>
> Thanks to all who helped.  Anyway, this experience tell us maybe how
> aggressive anti-Linux policies are coming up...?

When I was trying to install Debian alongside with Windows 10, I noticed a lot
of small partitions that were there created by Windows I didn't understand what
for...  really stupid system...?

Rodolfo

[solved?] Re: Secure Boot won't let boot into Debian

[Rodolfo Medina]

Rodolfo Medina  writes:

> I frehly installed Debian Sid in dual boot with Windows 10 on my brand new
> Lenovo desktop pc but it won't boot into Debian system I suspect because of
> the new Secure Boot policy.  I want to disable it but the problem is that
> there's no Secure Boot option anywhere in its Bios.  In fact, in the Security
> submenu, there are only the options for administrator and power-on password
> setting.
>
> What do you suggest me to do?


I tried to install Debian again so to do as suggested by Pascal, i.e.  install
GRUB in the "removable path"; but this time strangely the installation wouldn't
proceed up to end and stopped at a certain point.  Then I was tired with all
that stuff, all those Legacy problems and so on, and did GiaThnYgeia's way and
formatted the drive and got rid of that stupid system it came with: now Debian
runs without problems.  I left some free space on disk so to install Windows 10
later on...  maybe ;-)

Thanks to all who helped.  Anyway, this experience tell us maybe how aggressive
anti-Linux policies are coming up...?

Cheers,

Rodolfo