Re: Conseils sur l'utilisation de certificats Letsencrypt [RESOLU]

[Olivier]

Merci à tous pour ces précieux éléments de réponse.

Je n'avais visiblement pas compris le rôle de /etc/cron.d/certbot: c'est
compris maintenant.

Pour la centralisation de la gestion, je me rends compte qu'elle est
probablement handicapante pour une machine publique dont le certificat est
renouvelable par le challenge HTTP-01.

Encore merci.

Import and Export of Zfs pools

[James Allsopp]

Hi,
I've got a zfs pool that works fine in normal use on my debian system and
remains after a reboot.
When I reboot into recovery mode, I have to reimport the pool manually
using
zpool import -d /dev/disk/by-id 

I export before I reboot, but when I reboot into the full version of Debian
10, the pool isn't there. I can reimport it using the zpool import command,
but I have to do that every time unless I reset the cache using;
zpool set cachefile=none tank
zpool set cachefile=/etc/zfs/zpool.cache tank

which I found as the zfs-import-cache.service had failed.

My pool isn't particularly complicated;
root@hawaiian:~# zpool status
  pool: tank
 state: ONLINE
  scan: none requested
config:

NAMESTATE READ WRITE CKSUM
tankONLINE   0 0 0
  mirror-0  ONLINE   0 0 0
wwn-0x5f000b074105  ONLINE   0 0 0
wwn-0x50024e9001a4ea77  ONLINE   0 0 0

errors: No known data errors

What I want to do is this;

   - Reboot in single user mode
   - import pool.
   - cp -a /var to /tank/var
   - Set the mount point on /tank/var to /var
   - Remove /var entry from /etc/fstab
   - Export the pool
   - Reboot


And then I should have a ZFS var for VMs and Docker containers when the
main OS imports ZFS for /var.

I tried this with a VM and it worked.
Thanks
James

Re: NTFS partitions can't be mounted

[Charlie Gibbs]

On Wed, 25 Nov 2020 22:30:02 +0100 Joe  wrote:

> On Wed, 25 Nov 2020 22:11:47 +0100  wrote:
>
>> On Wed, Nov 25, 2020 at 03:47:12PM -0500, Stefan Monnier wrote:
>>
 Microsoft changes the system required to kill the fast-boot every
 so often, almost surely to make it difficult for users of Linux
 to access Windows from the Linux system.
>>>
>>> That seems highly unlikely: it's a tiny number of users, and not
>>> only they're not a threat but annoying them won't bring any benefit
>>> to MS.
>>
>> This is a pattern which I like to call "emergent evil". Most likely
>> nobody does it on purpose, yet it happens often enough to annoy
>> competing ecosystems. Magic!
>
> NTFS has been NTFS since the 90s, while Linux has had ext2, ext3,
> ext4, Reiser among other filesystems. Is it not likely that 'NTFS'
> has really been a similar parade of different filesystems with each
> version of Windows retaining the code to read previous versions?
> Occam's Razor?

In situations like this, I think not of Occam's, but of Hanlon's Razor:

Never attribute to malice that which can
be adequately explained by stupidity.

At this point, though, a little voice in the back of my mind says,
"But Microsoft isn't stupid!"

This isn't just paranoia, nor is it the first time.  For instance,
when Samba was first developed to allow non-Windows machines to
access Windows file shares, Microsoft changed their software to
deliberately send an invalid command.  If the error message returned
wasn't worded exactly the way they expected, they would refuse to
work.  Thanks to the open source community, a Samba patch was issued
within a few days so that it would spoof the expected response.

--
cgi...@surfnaked.ca (Charlie Gibbs)

Re: Missing SATA Drives on ROMED8-2T Motherboard

[Sven Hartge]

Scott Colby  wrote:

> Well, I spent some more time reading dmesg logs and messing around in
> the BIOS. I enabled SR-IOV [1] and the drives appeared! I'm not
> entirely sure _why_ this worked, 

Yes, me neither. Maybe that option also changed something in the
background as well.

> but at this point (it's been over a week of messing with this), I'm a
> bit tired of looking. If anyone has thoughts on why this change fixed
> my problem, I'd love to hear them.

No idea. Firmware/BIOS and its inner working is a deep black hole I try
to stay away from.

A former collegue of mine used to work on this stuff and told stories of
how quirky and spaghetty-codey that stuff is, sometimes resembling
first-year CS students code.

S°

-- 
Sigmentation fault. Core dumped.

Re: color border in image, drop everything outside of it

[Emanuel Berg]

tomas wrote:

>> BTW maybe the AI people already have a true and tested
>> algorithm for this problem?
>
> I repeat myself. It is a variant of flood fill. AI not needed.
> Classical raster computer graphics stuff.

Well, AI or not, I remember the old graphics program (e.g.,
MacPaint) did this all the time. Filled inner and outer regions.
But these regions were uniform, that's the difference...

-- 
underground experts united
http://user.it.uu.se/~embe8573
https://dataswamp.org/~incal

Re: Missing SATA Drives on ROMED8-2T Motherboard

[Scott Colby]

Well, I spent some more time reading dmesg logs and messing around
in the BIOS. I enabled SR-IOV [1] and the drives appeared! I'm not
entirely sure _why_ this worked, but at this point (it's been over
a week of messing with this), I'm a bit tired of looking. If anyone
has thoughts on why this change fixed my problem, I'd love to hear
them.

Thanks,
Scott

[1] https://en.wikipedia.org/wiki/Single-root_input/output_virtualization

Re: Problem with /var/mail file > 2GB with pop3

[David Wright]

On Wed 25 Nov 2020 at 17:56:27 (+), Curt wrote:
> On 2020-11-25, David Wright  wrote:
> >
> > There's a big difference between the requirements for your local
> > storage when using POP compared with IMAP. When using POP in a
> > conventional manner (transfer, and delete at the server end), you
> > need reliable local storage. And you also need reliable file locking
> > at least when you're using mbox files.
> 
> The requirements may be different, but here, using Alpine, I think the
> local storage format is identical and unrelated to the protocol used
> on the server end (POP or IMAP). 

So it should be, assuming "here" means on your local computer systems.
But I'm not talking about which form of local storage you've chosen to
use, nor even which forms are available to you.

Perhaps I should be more specific about what I mean by "requirements".
I don't mean required by the protocol, nor the computer system, nor
anything else, but by any sensible user making serious use of emails
for more than trivia.

Using IMAP, it's an easy matter to make sure that an email is secure
and backed up before you delete it from the server. Using POP in a
conventional manner (deliberately or involuntarily), that's more
difficult. My requirements would be a RAID filesystem, UPS, and online
backup were I forced to use POP.

Cheers,
David.

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[David Wright]

On Wed 25 Nov 2020 at 00:08:27 (+), mick crane wrote:
> On 2020-11-23 12:19, Andrei POPESCU wrote:
> > On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:
> > > I was interested to read that Flo, the OP, uses separate mail
> > > collection, sendmail and thunderbird. Some of the replies sound like
> > > this is a common practice.
> > > 
> > > What are the advantages of this set of processes over letting tbird do
> > > it all? - or any other client for that matter?
> > 
> > It makes it easier to switch between different e-mail clients if the
> > sending and/or receiving is handled externally, e.g. one might use a
> > graphical e-mail client in general and a text mode client occasionally.
> > 
> > Such a setup also typically uses standard locations for the storage (as
> > opposed to e-mail client specific), which makes it easier to add more
> > functionality (e.g. serve local e-mail via IMAP) or replace individual
> > components.
> 
> As I can make out if you try to do the useful stuff on your home network
> like having Dovecot doing your mail it is really a bodge if you are
> not advertising those services on the internet.

Apart from any security considerations, you'd need to be running your
server 24/7 if it's going to receive mail from random MTAs across the
globe. We run our modem and routers 24/7 (and my old modem burnt out
recently after 7 years) but I'm not prepared to run my old computers
like that.

> I am I suppose in the domain of Sky who provide my wired connection so
> I use sky/yahoo SMTP server as part of service but they add to
> outgoing email "Reply-Path" being my Sky user account in the headers
> which seems to be confusing exim email lists and results in rejected
> or bounced emails recently.

We only see the accepted emails, of course, and I can see that you
changed something late last year in the way you submit your posts.
I'm not sure why that change would cause rejection or bounces.

I had to make a similar change more recently. Submitting to my ISP
now necessitates using an ISP account as the Envelope-from in order to
authorise a submission (even though the connection has already been
authenticated with the same ISP account *and* password). That works
fine at home, though it's untested when travelling.

> I'd like to sort it out to avoid that if I knew what they were doing.
> I like things as they are when it is working and really, really don't
> want to go the whole hog of advertising email services. I think it is
> some relatively new thing where they are double authenticating or
> something but ideally I don't know why SMTP server does just pass
> message along and not add items to the header except they received it
> and passed it along to the recipient.

Perhaps the problem is similar to the one I had with this list
(hence the change I made above). What happened was that my posts'
Envelope-from (set to the same as my From address above) was being
changed by my mail hosting service to an address on their outgoing
mail gateway. AIUI Debian immediately tries to establish an email
connection to that address on port 25 to verify it exists, but the
outgoing gateway apparently is not an incoming mail receiver, and
is not listening on port 25. So Debian rejects the post.

Hence my change in mail submission for this list, from using my
email hosting service to my ISP instead.

What sort of rejections and/or bounces have you had?

Cheers,
David.

Re: Missing SATA Drives on ROMED8-2T Motherboard

[Scott Colby]

On Wed, Nov 25, 2020, at 05:04, Sven Hartge wrote:
> Hmm. The controller at 49:00.0 is missing here. Could it be hosting the
> missing drives?

Good catch! I did some more investigation with verbose lspci output,
here's the diff between 48:00.0 and 49:00.0:

1c1
< 48:00.0 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] FCH SATA 
Controller [AHCI mode] [1022:7901] (rev 51) (prog-if 01 [AHCI 1.0])
---
> 49:00.0 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] FCH SATA 
> Controller [AHCI mode] [1022:7901] (rev 51) (prog-if 01 [AHCI 1.0])
3c3
<   Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
---
>   Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- 
> Stepping- SERR- FastB2B- DisINTx-
5,6c5
<   Latency: 0, Cache Line Size: 64 bytes
<   Interrupt: pin A routed to IRQ 154
---
>   Interrupt: pin A routed to IRQ 170
8c7
<   Region 5: Memory at b1b0 (32-bit, non-prefetchable) [size=2K]
---
>   Region 5: Memory at  (32-bit, non-prefetchable)
32,33c31,32
<   Capabilities: [a0] MSI: Enable+ Count=16/16 Maskable- 64bit+
<   Address: fee0  Data: 
---
>   Capabilities: [a0] MSI: Enable- Count=1/16 Maskable- 64bit+
>   Address:   Data: 
50d48
<   Kernel driver in use: ahci
51a50
>

The most interesting bits seem to be 49:00.0 has BusMaster-, DisINTx-,
and MSI: Enable-, compared to + for all those in 48:00.0. The
capabilities count of 1/16 instead of 16/16 also seems interesting.
There also is the fact that 49:00.0 doesn't have a kernel driver
in use, which would make sense if it is disabled somehow.

I looked through my dmesg output for the PCI bus IDs and compared
the various messages:

[2.086414] pci :48:00.0: BAR 5: assigned [mem 0xb1b0-0xb1b007ff]
...
[2.086424] pci :49:00.0: BAR 5: no space for [mem size 0x0800]
[2.086424] pci :49:00.0: BAR 5: failed to assign [mem size 0x0800]

This looks like an error! I found 23 instances of this in `dmesg |
egrep -c 'BAR.*failed to assign'`. Is this a significant problem?
I've of course only noticed the issue with the 4 drives on SATA0_3,
but I wonder if other PCIe devices would also be problematic.

Thanks,
Scott

P.S. Earlier tonight, I booted from a Windows installer USB, and all 10
drives (8 SATA HDDs and 2 NVMe SSDs) were detected there, putting
a nail in the coffin of my "partially broken motherboard" theory.

P.P.S. Full lspci output in case there's something else I didn't deem
interesting:

# lspci -nn -vv -d :7901
48:00.0 SATA controller [0106]: Advanced Micro Devices, Inc. [AMD] FCH SATA 
Controller [AHCI mode] [1022:7901] (rev 51) (prog-if 01 [AHCI 1.0])
Subsystem: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI 
mode] [1022:7901]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Capabilities: [50] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA 
PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [64] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 0, Latency L0s <4us, L1 
unlimited
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ 
SlotPowerLimit 0.000W
DevCtl: Report errors: Correctable- Non-Fatal- Fatal- 
Unsupported-
RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 512 bytes
DevSta: CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr- 
TransPend-
LnkCap: Port #0, Speed unknown, Width x16, ASPM L0s L1, Exit 
Latency L0s <64ns, L1 <1us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed unknown, Width x16, TrErr- Train- SlotClk+ 
DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, 
OBFF Not Supported
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, 
OBFF Disabled
LnkCtl2: Target Link Speed: Unknown, EnterCompliance- SpeedDis-
 Transmit Margin: Normal Operating Range, 
EnterModifiedCompliance- ComplianceSOS-
 Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -3.5dB, 
EqualizationComplete+, EqualizationPhase1+
 EqualizationPhase2+, EqualizationPhase3+, 
LinkEqualizationRequest-
Capabilities: [a0] MSI: Enable+ Count=16/16 Maskable- 64bit+
Address: fee0  

Re: NTFS partitions can't be mounted

[Stefan Monnier]

> Microsoft has a bad habit of changing things under the hood without
> bumping the version number. They could very well have changed NTFS
> enough to bollix Linux NTFS libraries and not bothered to tell anyone.

Except that `ntfs-3g` can read and write NTFS and hasn't seen the need
for updates to follow those hypothetical changes on MS's side.  So if
there has been updates, they've been subtle and discreet enough not to
require significant changes on "our" side.  In constrast an `ext2`
filesystem driver for Windows would have trouble reading (and even more
so, writing) some `ext4` filesystems.


Stefan

Re: NTFS partitions can't be mounted

[Kanito 73]

to...@tuxteam.de Wrote:

> This is a pattern which I like to call "emergent evil". Most likely
> nobody does it on purpose, yet it happens often enough to annoy
> competing ecosystems. Magic!

HAHAHAHAHA (with capital letters)... As far as I remember, Microsoft (Windoze) 
used to annoy Linux users since long time ago... Installing Windoze disables 
Linux to boot... NTFS was cryptic for years with no tech specifications of the 
filesystem, a mystery so for many years Linux developers were unable to create 
a driver to access such partitions, in fact I remember that in the past it was 
only possible to mount as read only... Aaahhh and the recent damn habit of 
locking NTFS partitions so other operating systems are unable to use them... 
And I am not very sure, but I remember that in ancient versions, installing 
Windoze wiped out the entire hard disk removing all operating systems before 
installation...

I hate Windoze as an operating system but some programs and games are cool... 
And there is a fact: THE ONE WHO HITS FIRST, HITS TWICE (translated from 
spanish). Bill Gates was pioneer of the graphical environments (when computers 
had simple text terminals) and further graphical operating systems. It is a 
very selfish attitude but today virtually he's one of the most rich men in the 
world, so (fair or not) he can do whatever he wants 


From: to...@tuxteam.de
Sent: Wednesday, November 25, 2020 9:11 PM
To: debian-user@lists.debian.org
Subject: Re: NTFS partitions can't be mounted

On Wed, Nov 25, 2020 at 03:47:12PM -0500, Stefan Monnier wrote:
> > Microsoft changes the system required to kill the fast-boot every so often,
> > almost surely to make it difficult for users of Linux to access Windows from
> > the Linux system.
>
> That seems highly unlikely: it's a tiny number of users, and not only
> they're not a threat but annoying them won't bring any benefit to MS.

This is a pattern which I like to call "emergent evil". Most likely
nobody does it on purpose, yet it happens often enough to annoy
competing ecosystems. Magic!

Cheers
 - t

Re: How to run AppImage file (was: clipgrab as alternative to youtube-dl)

[Fred]

On 11/25/20 2:15 PM, Greg Wooledge wrote:

On Wed, Nov 25, 2020 at 02:12:03PM -0700, Fred wrote:

fred@ragnok:~$ uname -m
i686
fred@ragnok:~$ file ClipGrab-3.9.2-x86_64.AppImage
ClipGrab-3.9.2-x86_64.AppImage: ELF 64-bit LSB executable, x86-64, [...]


Well, um.  It's clearly not going to work.

You either need to use a 32-bit version of the application, or you need
to use a 64-bit Debian system.



That's a fine how-dee-do.  I thought I was using 64 bit.  Perhaps I have 
some upgrading to do.


fred@ragnok:~$ lscpu
Architecture:i686
CPU op-mode(s):  32-bit, 64-bit
(the rest cut)

Best regards,
Fred

Re: Printer not Ready after Scan

[Dan Norton]

Thanks to Greg Marks, the answer is:

root@deb4:~# /usr/sbin/cupsenable HP_LaserJet_3050

and the printer is ready. Thanks Greg!

On Tue, 24 Nov 2020 19:23:43 -0500
Dan Norton  wrote:

> My printer on the desktop became not ready and my attempts to make it
> ready have bit the dust. I don't print much, usually just text, using
> the lp command. My printer worked fine until I used gscan2pdf to scan
> one page to a pdf for an email. The pdf was created but gscan2pdf did
> not terminate cleanly and I had to kill it. Now, print jobs are queued
> and do not print. 
> 
> root@deb4:~# lpq
> HP_LaserJet_3050 is not ready
> RankOwner   Job File(s) Total Size
> 1st unknown 493 unknown 1024 bytes
> 
> root@deb4:~# uname -v
> #1 SMP Debian 4.19.152-1 (2020-10-18)
> 
> The HP 3050 is a usb-connected legacy printer on my desktop. Functions
> include print, fax, and scan. The display window on the printer says
> it is ready. The printer prints OK when connected to another PC. Some
> things I've tried, not necessarily in order:
> 
> root@deb4:~# systemctl restart cups
> root@deb4:~# apt remove hplip  # this is the driver for legacy
> printers root@deb4:~# apt install hplip
> root@deb4:~# /usr/sbin/lpadmin -p "HP_LaserJet_3050"
> root@deb4:~# /usr/sbin/lpadmin -p HP_LaserJet_3050 -E
> root@deb4:~# /usr/sbin/cupsenable --release HP_LaserJet_3050
> lpadmin: The printer or class does not exist.
> 
> The cups error log (/var/log/cups/error_log) has complaints about
> blank Name, unable to encrypt, and no URI. These don't seem relevant
> to me.
> 
> I have tried many things but not the right thing. There must be a
> bit turned crossways somewhere. Please help.
> 
> root@deb4:~# /usr/sbin/lpc status
> HP_LaserJet_3050:
>   printer is on device 'hp' speed -1
>   queuing is enabled
>   printing is disabled
>   1 entries
>   daemon present
> HP_LaserJet_3050_fax:
>   printer is on device 'hpfax' speed -1
>   queuing is enabled
>   printing is enabled
>   no entries
>   daemon present
> 
> root@deb4:~# lpstat -p
> printer HP_LaserJet_3050 disabled since Sat 21 Nov 2020 09:21:24 PM
> EST
> - reason unknown
> printer HP_LaserJet_3050_fax is idle.  enabled since Thu 04 Oct 2018
> 03:48:41 PM EDT
> 
> Thanks,
>  - Dan

Re: Printer not Ready after Scan

[Brian]

On Tue 24 Nov 2020 at 19:23:43 -0500, Dan Norton wrote:

> My printer on the desktop became not ready and my attempts to make it
> ready have bit the dust. I don't print much, usually just text, using
> the lp command. My printer worked fine until I used gscan2pdf to scan
> one page to a pdf for an email. The pdf was created but gscan2pdf did
> not terminate cleanly and I had to kill it. Now, print jobs are queued
> and do not print. 

A red herring. It is highly doubtful that a printing setup would be
affected by a scanning issue. IMO, of course.

> root@deb4:~# lpq
> HP_LaserJet_3050 is not ready
> RankOwner   Job File(s) Total Size
> 1st unknown 493 unknown 1024 bytes
> 
> root@deb4:~# uname -v
> #1 SMP Debian 4.19.152-1 (2020-10-18)
> 
> The HP 3050 is a usb-connected legacy printer on my desktop. Functions
> include print, fax, and scan. The display window on the printer says it
> is ready. The printer prints OK when connected to another PC. Some
> things I've tried, not necessarily in order:
> 
> root@deb4:~# systemctl restart cups
> root@deb4:~# apt remove hplip  # this is the driver for legacy printers
> root@deb4:~# apt install hplip
> root@deb4:~# /usr/sbin/lpadmin -p "HP_LaserJet_3050"

This command doesn't do anything. It needs -v and -m options to be
added.

> root@deb4:~# /usr/sbin/lpadmin -p HP_LaserJet_3050 -E

As above.

> root@deb4:~# /usr/sbin/cupsenable --release HP_LaserJet_3050
> lpadmin: The printer or class does not exist.

No destination has been setup. See above.

> The cups error log (/var/log/cups/error_log) has complaints about blank
> Name, unable to encrypt, and no URI. These don't seem relevant to me.

Missing URI? Nowhere for the job to go.

-- 
Brian.

Re: Conseils sur l'utilisation de certificats Letsencrypt

[Sébastien Dinot]

Olivier a écrit :
> Si j'ai bien compris, le fichier /etc/crond.d/certbot renouvelle tous
> les certificats toutes les 12 heures:

Non, il vérifie toutes les 12 heures si ces certificats doivent être
renouvelés. Les certificats générés par Let's Encrypt ont une durée de
validité de 3 mois, mais Certbot les renouvèle au bout de 2 mois (à
moins qu'on ne réduise le paramètre renew_before_expiry et qu'on ramène
le délai par exemple à 7 jours).

> Pourtant lors de sa création, mon certificat est annoncé comme valide
> jusqu'au 2021-02-23

C'est normal pour un certificat créé le 2020-11-23.

> 1. Que pensez-vous de centraliser la gestion des certificats ?

Bof, beaucoup de complications pour rien. Le seul cas de figure où la
chose est intéressante, c'est lorsqu'on veut confier à Let's Encrypt la
création de certificats pour des machines qui ne sont pas exposées (seul
leur nom étant alors publié dans la zone DNS publique). Le « proxy »
public dialogue alors avec les serveurs de Let's Encrypt et un outil
maison distribue ensuite les certificats sur les machines qui en ont
besoin en interne (et bien évidemment, dans ce cas, la résolution DNS
interne ne donne pas le même résultat que la résolution DNS externe).

> 2. Que conseillez-vous pour la fréquence de renouvellement ?

Ils ne sont valides que 3 mois et il me semble inutile de vouloir les
renouveler toutes les semaines. Pour ma part, je ramène juste le délai
de renouvèlement avant échéance de 30 à 7 jours.

> 3. Est-il possible de disposer simultanément d'un certificat wildcard
>*.mondomaine.tld et d'un autre foo.mondomaine.tld ?

Je n'ai jamais essayé, mais je pense que Certbot braille dans ce cas.

> 4. Quels usages légitimes pour un certificat wildcard, quand on peut
>créer rapidement un nouveau certificat et qu'on veut pouvoir les
>répudier au cas par cas ?

Dans les infrastructures cloud élastiques, pour lesquelles on ne connait
pas à l'avance le nombre de serveurs et la ventilation des services.
Mais dans ce cas, on réserve souvent le wildcard à un sous domaine. Par
exemple :

www.domain.tld
gitlab.domain.tld
*.cloud.domain.tld

(et non *.domain.tld)

> 5. Comment sauvegarder la machine avec laquelle on gère ses
>certificats ?

Comme toute autre machine, en n'oubliant pas de sauvegarder le
répertoire /etc/letsencrypt. ;)

Sébastien


-- 
Sébastien Dinot, sebastien.di...@free.fr
http://www.palabritudes.net/
Ne goûtez pas au logiciel libre, vous ne pourriez plus vous en passer !

Re: NTFS partitions can't be mounted

[Charles Curley]

On Wed, 25 Nov 2020 21:22:30 +
Joe  wrote:

> NTFS has been NTFS since the 90s, while Linux has had ext2, ext3,
> ext4, Reiser among other filesystems. Is it not likely that 'NTFS'
> has really been a similar parade of different filesystems with each
> version of Windows retaining the code to read previous versions?
> Occam's Razor?

Microsoft has a bad habit of changing things under the hood without
bumping the version number. They could very well have changed NTFS
enough to bollix Linux NTFS libraries and not bothered to tell anyone.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: NTFS partitions can't be mounted

[Joe]

On Wed, 25 Nov 2020 22:11:47 +0100
 wrote:

> On Wed, Nov 25, 2020 at 03:47:12PM -0500, Stefan Monnier wrote:
> > > Microsoft changes the system required to kill the fast-boot every
> > > so often, almost surely to make it difficult for users of Linux
> > > to access Windows from the Linux system.  
> > 
> > That seems highly unlikely: it's a tiny number of users, and not
> > only they're not a threat but annoying them won't bring any benefit
> > to MS.  
> 
> This is a pattern which I like to call "emergent evil". Most likely
> nobody does it on purpose, yet it happens often enough to annoy
> competing ecosystems. Magic!
> 

NTFS has been NTFS since the 90s, while Linux has had ext2, ext3, ext4,
Reiser among other filesystems. Is it not likely that 'NTFS' has really
been a similar parade of different filesystems with each version of
Windows retaining the code to read previous versions? Occam's Razor?

-- 
Joe

Re: How to run AppImage file (was: clipgrab as alternative to youtube-dl)

[Greg Wooledge]

On Wed, Nov 25, 2020 at 02:12:03PM -0700, Fred wrote:
> fred@ragnok:~$ uname -m
> i686
> fred@ragnok:~$ file ClipGrab-3.9.2-x86_64.AppImage
> ClipGrab-3.9.2-x86_64.AppImage: ELF 64-bit LSB executable, x86-64, [...]

Well, um.  It's clearly not going to work.

You either need to use a 32-bit version of the application, or you need
to use a 64-bit Debian system.

Re: NTFS partitions can't be mounted

[tomas]

On Wed, Nov 25, 2020 at 03:47:12PM -0500, Stefan Monnier wrote:
> > Microsoft changes the system required to kill the fast-boot every so often,
> > almost surely to make it difficult for users of Linux to access Windows from
> > the Linux system.
> 
> That seems highly unlikely: it's a tiny number of users, and not only
> they're not a threat but annoying them won't bring any benefit to MS.

This is a pattern which I like to call "emergent evil". Most likely
nobody does it on purpose, yet it happens often enough to annoy
competing ecosystems. Magic!

Cheers
 - t


signature.asc
Description: Digital signature

Re: How to run AppImage file (was: clipgrab as alternative to youtube-dl)

[Fred]

On 11/25/20 12:30 PM, Reco wrote:

Hi.

On Wed, Nov 25, 2020 at 12:13:03PM -0700, Fred wrote:

fred@ragnok:~$ ./ClipGrab-3.9.2-x86_64.AppImage --help
bash: ./ClipGrab-3.9.2-x86_64.AppImage: cannot execute binary file: Exec format 
error


uname -m

Reco



fred@ragnok:~$ uname -m
i686
fred@ragnok:~$ file ClipGrab-3.9.2-x86_64.AppImage
ClipGrab-3.9.2-x86_64.AppImage: ELF 64-bit LSB executable, x86-64, 
version 1 (SYSV), dynamically linked, interpreter 
/lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, stripped


Actually neither /lib64/ nor ld-linux-x86-64.so.2 exist and apt-cache 
search doesn't show anything for ld-linux-x86-64.so.

Maybe the binary wont run on Debian (or Devuan).

Best regards,
Fred

Re: Driver issues with GDM & wifi on Intel

[Dan Ritter]

AW wrote: 
> Ive got a new Dell Lattitude 3410 with "Integrated Intel UHD for 10th
> Generation Intel Core i3-10110U graphics" and Intel wifi but I cannot get
> either of them working properly on Debian 10. Ive tried installing
> firmware-linux-nonfree and firmware-linux but it still wont progress past
> 'Starting GNOME display manager' and ip a doesnt list the Wifi.

I would assume you need a backports kernel, firmware and X11 intel video
server on such a new machine. I don't know for certain.

-dsr-

Re: How to run AppImage file (was: clipgrab as alternative to youtube-dl)

[Fred]

On 11/25/20 12:30 PM, Reco wrote:

Hi.

On Wed, Nov 25, 2020 at 12:13:03PM -0700, Fred wrote:

fred@ragnok:~$ ./ClipGrab-3.9.2-x86_64.AppImage --help
bash: ./ClipGrab-3.9.2-x86_64.AppImage: cannot execute binary file: Exec format 
error


uname -m

Reco



fred@ragnok:~$ uname -m
i686

Re: NTFS partitions can't be mounted

[Stefan Monnier]

> Microsoft changes the system required to kill the fast-boot every so often,
> almost surely to make it difficult for users of Linux to access Windows from
> the Linux system.

That seems highly unlikely: it's a tiny number of users, and not only
they're not a threat but annoying them won't bring any benefit to MS.


Stefan

Re: Why use an email client AND sendmail/popa3d

[Celejar]

On Wed, 25 Nov 2020 20:11:29 +
Joe  wrote:

> On Wed, 25 Nov 2020 09:13:03 -0500
> Celejar  wrote:
> 
> > On Wed, 25 Nov 2020 09:03:21 +
> > Joe  wrote:
> > 
> > ...
> > 
> > > proper email client or webmail. I have to admit I use a netbook
> > > while away from home, as I have both "smart"phone and tablet, but
> > > they are extremely limited toys and they are owned by Google. If I
> > > need a mobile computer, then I want a real computer, and one where
> > > I have root access.   
> > 
> > A smartphone running something like LineageOS is not really owned by
> > Google (although there are still the very real problems of binary
> > blobs and the baseband black box stuff). If you get one with an
> > unlocked bootloader, you can have root as well. They're certainly not
> > quite the same thing as a "real" computer, admittedly.
> >
> 
> I'm not really comfortable about downloading a random rooting tool from

Fair points, certainly. But things like LineageOS, TWRP, and Magisk are
not just "random rooting tools" - they are legitimate, well-established
open source projects (although I would concede that they are probably
somewhat less "adult" and responsible than something like the Debian
project we know and love ;))

> the Net, and I have the impression, rightly or wrongly, that writers of
> software for phones and tablets take the same kind of proprietorial
> view of other peoples' devices as writers of Windows software.

Well, that's probably true of developers in the mainstream smartphone
ecosystems, but I don't think it is generally true of the FLOSS
developers for such devices, and particularly not with regard to the
members of sub-communities like F-Droid.

> That's my main objection to using Windows: not so much the OS itself as
> the tendency for writers of software to believe that they own *my*
> computer, and can do what they like with it and with my data.

Certainly.

Celejar

Re: NTFS partitions can't be mounted

[Doug McGarrett]

On 11/25/20 2:54 PM, The Wanderer wrote:

On 2020-11-25 at 12:31, Linux-Fan wrote:


Kanito 73 writes:


Hello

Al the previous issues I published are now solved. Relative to the
RTL8821CE, I searched for a module rtl8821ce.ko but the generated
module was just 8821ce.ko so when I loaded the only RTL*
(rtl8821ae.ko) the right 8821ce.ko was already loaded and I thought
it was the rtl8821ae activating my wifi. [SOLVED]

Now I have another BIG problem.  I installed both Windows10
(version OCTOBER 2020) and Debian 10.0.6 in dual boot and left a
large NTFS partition for data on the primary disk (HDD) and the
whole secondary disk (SDD) also as a unique NTFS partition.
Well, I installed Windows, then Installed Linux and tested the NTFS
  partitions from Linux (Debian) mounting and copying some files
successfully.

[...]


So I think that Windows 10 locks the partitions or something weird
is going on.

The Wanderer's post contains a more elaborate explanation of the
immediate issue you are most likely facing: Windows going into
suspend-to-disk rather than actual shutdown.

A  possibility to bypass the fastboot/rapid startup technology is to
use suitable arguments to the Windows `shutdown` command.

Yeah, I thought of that after hitting Send. The syntax for "shut down
now" should be 'shutdown /s /t 0'.


It used to be possible to bypass it by doing a right-click on the
Windows logo in the lower left and then choose "Shutdown" from that
menu but I am not sure if this still works.

No, to the best of my awareness it does not. If it *does*, I'd be quite
interested to learn that.


Microsoft changes the system required to kill the fast-boot every so often,
almost surely to make it difficult for users of Linux to access Windows from
the Linux system. The routine as I last used it, a couple of months ago,
requires that you become Administrator in the Windows system, which
is not really very straightforward, but is doable. Then you access the
terminal and type in a word or two, and return. It's on the web--Firefox
is your friend.
--doug

Driver issues with GDM & wifi on Intel

[AW]

Ive got a new Dell Lattitude 3410 with "Integrated Intel UHD for 10th 
Generation Intel Core i3-10110U graphics" and Intel wifi but I cannot 
get either of them working properly on Debian 10. Ive tried installing 
firmware-linux-nonfree and firmware-linux but it still wont progress 
past 'Starting GNOME display manager' and ip a doesnt list the Wifi.



Below is the output from lspci

00:00.0 Host bridge: Intel Corporation Device 9b71 (rev 0c)
00:02.0 VGA compatible controller: Intel Corporation Device 9b41 (rev 02)
00:04.0 Signal processing controller: Intel Corporation Skylake 
Processor Thermal Subsystem (rev 0c)

00:08.0 System peripheral: Intel Corporation Skylake Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Device 02f9
00:13.0 Serial controller: Intel Corporation Device 02fc
00:14.0 USB controller: Intel Corporation Device 02ed
00:14.2 RAM memory: Intel Corporation Device 02ef
00:14.3 Network controller: Intel Corporation Device 02f0
00:15.0 Serial bus controller [0c80]: Intel Corporation Device 02e8
00:15.1 Serial bus controller [0c80]: Intel Corporation Device 02e9
00:16.0 Communication controller: Intel Corporation Device 02e0
00:17.0 SATA controller: Intel Corporation Device 02d3
00:1c.0 PCI bridge: Intel Corporation Device 02bf (rev f0)
00:1f.0 ISA bridge: Intel Corporation Device 0284
00:1f.3 Multimedia audio controller: Intel Corporation Device 02c8
00:1f.4 SMBus: Intel Corporation Device 02a3
00:1f.5 Serial bus controller [0c80]: Intel Corporation Device 02a4
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. 
RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)


Can someone point me in the direction of the correct drivers and 
firmware for graphics, wifi and sound controllers please?


Thanks

Andrew

Re: An apt repository has changed its key

[songbird]

Bob Bernstein wrote:
...
  it looks like you are mixing Ubuntu and Debian?


  songbird

Re: Why use an email client AND sendmail/popa3d

[Joe]

On Wed, 25 Nov 2020 09:13:03 -0500
Celejar  wrote:

> On Wed, 25 Nov 2020 09:03:21 +
> Joe  wrote:
> 
> ...
> 
> > proper email client or webmail. I have to admit I use a netbook
> > while away from home, as I have both "smart"phone and tablet, but
> > they are extremely limited toys and they are owned by Google. If I
> > need a mobile computer, then I want a real computer, and one where
> > I have root access.   
> 
> A smartphone running something like LineageOS is not really owned by
> Google (although there are still the very real problems of binary
> blobs and the baseband black box stuff). If you get one with an
> unlocked bootloader, you can have root as well. They're certainly not
> quite the same thing as a "real" computer, admittedly.
>

I'm not really comfortable about downloading a random rooting tool from
the Net, and I have the impression, rightly or wrongly, that writers of
software for phones and tablets take the same kind of proprietorial
view of other peoples' devices as writers of Windows software.

That's my main objection to using Windows: not so much the OS itself as
the tendency for writers of software to believe that they own *my*
computer, and can do what they like with it and with my data.

-- 
Joe

Re: NTFS partitions can't be mounted

[The Wanderer]

On 2020-11-25 at 12:31, Linux-Fan wrote:

> Kanito 73 writes:
> 
>> Hello
>> 
>> Al the previous issues I published are now solved. Relative to the
>> RTL8821CE, I searched for a module rtl8821ce.ko but the generated
>> module was just 8821ce.ko so when I loaded the only RTL*
>> (rtl8821ae.ko) the right 8821ce.ko was already loaded and I thought
>> it was the rtl8821ae activating my wifi. [SOLVED]
>> 
>> Now I have another BIG problem.  I installed both Windows10
>> (version OCTOBER 2020) and Debian 10.0.6 in dual boot and left a
>> large NTFS partition for data on the primary disk (HDD) and the
>> whole secondary disk (SDD) also as a unique NTFS partition.

>> Well, I installed Windows, then Installed Linux and tested the NTFS
>>  partitions from Linux (Debian) mounting and copying some files
>> successfully.
> 
> [...]
> 
>> So I think that Windows 10 locks the partitions or something weird
>> is going on.

> The Wanderer's post contains a more elaborate explanation of the
> immediate issue you are most likely facing: Windows going into
> suspend-to-disk rather than actual shutdown.
> 
> A  possibility to bypass the fastboot/rapid startup technology is to
> use suitable arguments to the Windows `shutdown` command.

Yeah, I thought of that after hitting Send. The syntax for "shut down
now" should be 'shutdown /s /t 0'.

> It used to be possible to bypass it by doing a right-click on the
> Windows logo in the lower left and then choose "Shutdown" from that
> menu but I am not sure if this still works.

No, to the best of my awareness it does not. If it *does*, I'd be quite
interested to learn that.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: NTFS partitions can't be mounted [SOLVED]

[Linux-Fan]

Kanito 73 writes:

[...]


> Linux-fan:
> Which parts went onto the SSD and which onto the HDD in the end?
> Which of the two systems do you intend to use more often?
> Which of the two systems will run computation-intensive (CPU, RAM, GPU)
> applications?

HDD:
sda1-sda4 Windows 10 (100Gb+)
sda5-sda7 Debian 10 (100Gb+)
sda8 Data partition (700Gb NTFS)

SDD:
sdb1 Data partition (128Gb NTFS)


Thanks for sharing!

My primary OS is Linux, rarely I use Windows but I require a native  
installation to run some programs with direct access to the hardware... Most  
programs can be run into a VirtualBox machine but some games will not work  
and a few programs would run better directly on the computer. The most hungry  
programs (processor and memory) are in Linux, basically KDEnlive and OBS,  
except for a few games and programs in Windows (not commonly used but they  
are available when I need them).


Thanks all of you (and the other people who helped me along the installation  
and configuration) for your help and comments. My Windows 10 / Debian 10 box  
is up and running. Once everything was working and tuned up I made a  
Clonezilla backup of all partitions, so when one of the systems gets  
saturated or damaged I just need to restore the corresponding boot partition  
or the whole system partitions with the system already installed and  
configured, since my work and files are stored in the external data  
partitions I have not to make or restore a backup...


[...]

OK. I still wonder wheter NTFS is the best file system to use under the  
condition that it is mainly Linux with some Windows use? What do you do  
against the mangled Unix permissions on NTFS drives?


Usually, in such a scenario of mostly Linux, I'd recommend using two data  
partitions, one "main" data partition (e.g. 500 GiB) with ext4 and one  
"exchange" data partition (e.g. 200 GiB NTFS) for data explicitly shared  
with Windows. This way, most Windows malware will not access or damage all  
of the data but just the parts shared with Windows. And, the Linux  
applications will not incur the problems arising from wrong permissions.


In case you are interested in some experimentation, I suggest trying another  
virtualization software on Linux (e.g. you used VirtualBox so how about virt- 
manager + KVM?) Maybe another virtualization software can make your hardware  
accessible to guest (Windows) systems in a way that it performs well. USB  
redirection works quite well for me on virt-manager + KVM on Debian 10. PCIe  
redirection not so much (maybe I tried to advanced things with too old  
hardware :) ).


There does not seem to be a convincing solution for gaming on Linux,  
though. A few years ago, the only virtual machine solution that could  
provide some (reduced, but OK for me) 3D gaming performance for Windows VMs  
was VMWare. I personally like `playonlinux` (avoids the virtualization and  
"real" Windows altogether), but not all games will run with it.


HTH
Linux-Fan

öö


pgphNRyuiUKJG.pgp
Description: PGP signature

Re: How to run AppImage file (was: clipgrab as alternative to youtube-dl)

[Reco]

Hi.

On Wed, Nov 25, 2020 at 12:13:03PM -0700, Fred wrote:
> fred@ragnok:~$ ./ClipGrab-3.9.2-x86_64.AppImage --help
> bash: ./ClipGrab-3.9.2-x86_64.AppImage: cannot execute binary file: Exec 
> format error

uname -m

Reco

Re: NTFS partitions can't be mounted [SOLVED]

[Kanito 73]

Hello!

> john doe: Is "fastboot" disabled in Windows or in the bios?

Windows 10 -> Control Panel -> Power Control -> disable fast startup. As I 
found in a few posts and publications, Windows stores some data on the disks to 
load faster the next time and sets a flag to deny access or mount to ensure it 
remains there for the next startup. In the BIOS I disabled SECURE BOOT to allow 
boot from USB (installation) and later for Linux (Debian).

> Joe:
> I had that happen the other day, booted to Windows and it did indeed
> claim something was wrong with the partition and offered to fix it.
> After that, I was back to rw mounting on Linux. It has only happened
> once in about 18 months of dual booting. There is no problem here with
> disc naming, as one drive is sda and the other is mmc
> ... I don't know how it happened ...

> The Wanderer:
> Modern Windows versions have a quirk that, in a default configuration,
> "Shut Down" doesn't actually shut all the way down

> John Boxall:
> You are running into Windows "hibernation" that leaves the disks in an
> "unclean" state when shut down

Well, by 1:30am I found some posts about this problem. It was solved in the 
Windows control panel at POWER CONTROL configuration section... Just had to 
turn of the FAST STARTUP (hibernation turn off is not required unless disabling 
fast startup does not work) XD

I've read all your answers and all of them are valid, turn off the hibernation 
(although it is not necessary if the fast startup is disabled) or disabling it 
manually on a shell window by command line... The control panel option is the 
fastest way, just a few seconds... but as I said, all of your solutions work...



> Linux-fan:
> Which parts went onto the SSD and which onto the HDD in the end?
> Which of the two systems do you intend to use more often?
> Which of the two systems will run computation-intensive (CPU, RAM, GPU)
> applications?

HDD:
sda1-sda4 Windows 10 (100Gb+)
sda5-sda7 Debian 10 (100Gb+)
sda8 Data partition (700Gb NTFS)

SDD:
sdb1 Data partition (128Gb NTFS)

My primary OS is Linux, rarely I use Windows but I require a native 
installation to run some programs with direct access to the hardware... Most 
programs can be run into a VirtualBox machine but some games will not work and 
a few programs would run better directly on the computer. The most hungry 
programs (processor and memory) are in Linux, basically KDEnlive and OBS, 
except for a few games and programs in Windows (not commonly used but they are 
available when I need them).



Thanks all of you (and the other people who helped me along the installation 
and configuration) for your help and comments. My Windows 10 / Debian 10 box is 
up and running. Once everything was working and tuned up I made a Clonezilla 
backup of all partitions, so when one of the systems gets saturated or damaged 
I just need to restore the corresponding boot partition or the whole system 
partitions with the system already installed and configured, since my work and 
files are stored in the external data partitions I have not to make or restore 
a backup...



From: ...
Sent: ...
To: debian-user@lists.debian.org
Subject: ...

... REPLY TO ALL COMMENTS IN A SINGLE MAIL ...

How to run AppImage file (was: clipgrab as alternative to youtube-dl)

[Fred]

On 11/17/20 11:47 PM, Anssi Saari wrote:

Fred  writes:


There is a binary for Linux available for download as a AppImage
file. What is an AppImage file and what does one do with it.  The
program was probably compiled for Ubuntu.  Is it likely to also run on
Debian?


AppImage files are a kind of package that contain an app and all its
dependencies so yes, it's very likely it'll run on Debian. All you have
to do is make the AppImage file executable and run it. I recently got
into these since I have a problem with the Firefox Debian bundles but
someone maintains a current Firefox build as AppImage.


Hi,
I downloaded the AppImage clipgrab file and made it executable but it 
won't run.


fred@ragnok:~$ ls -l ClipGrab*
-rwxr-xr-x 1 fred fred 95575752 Nov 21 07:10 ClipGrab-3.9.2-x86_64.AppImage

fred@ragnok:~$ ./ClipGrab-3.9.2-x86_64.AppImage --help
bash: ./ClipGrab-3.9.2-x86_64.AppImage: cannot execute binary file: Exec 
format error


Any ideas how to fix?

Best regards,
Fred

Chismes de pasillo y problemas entre empleados

[Denisse Mijangos Ahumada]

DISNEY no solo ha llegado a la televisión, también a nuestra Empresa...
Comunicación Interna e Identidad Corporativa al estilo DISNEY

Workshop Online en Vivo / 10 y 17 de Diciembre 2020 

DESCARGAR FOLLETO COMPLETO 

HOY MÁS QUE NUNCA, ES CLAVE SABER TRANSMITIR CON SEGURIDAD Y CONFIANZA A TODOS 
NUESTROS EMPLEADOS.

Uno de los Workshops más innovadores, divertidos y novedosos de América Latina. 
Impartido por la Maestra Grisell Vázquez.

Deseo recibir información vía WhatsApp 





O mayores informes comuníquese a los teléfonos:

Ciudad de México / 55 2450 6187
Monterrey, N.L. / 81 2974 7731
Guadalajara, Jal. / 33 2005 0994
(Contamos con más de 12 líneas a su disposición) 










Este boletín informativo tiene como objetivo crear valor en usted y en su 
Organización. Si usted desea dejar de recibir este tipo de boletines conteste 
con la palabra BAJADISNEY636.
O en su defecto haga click en el siguiente enlace: unsubscribe from this list 

Re: Problem with /var/mail file > 2GB with pop3

[Curt]

On 2020-11-25, David Wright  wrote:
>
> There's a big difference between the requirements for your local
> storage when using POP compared with IMAP. When using POP in a
> conventional manner (transfer, and delete at the server end), you
> need reliable local storage. And you also need reliable file locking
> at least when you're using mbox files.

The requirements may be different, but here, using Alpine, I think the
local storage format is identical and unrelated to the protocol used
on the server end (POP or IMAP). 

Re: Instructions for command line usage of WiFi.

[Celejar]

On Wed, 25 Nov 2020 19:18:43 +0300
Reco  wrote:

> On Wed, Nov 25, 2020 at 10:31:55AM -0500, Celejar wrote:
> > On Wed, 25 Nov 2020 17:43:00 +0300
> > Reco  wrote:
> > 
> > > On Wed, Nov 25, 2020 at 09:19:08AM -0500, Celejar wrote:
> > > > On Wed, 25 Nov 2020 10:42:59 +0300
> > > > Reco  wrote:
> > > > 
> > > > > On Tue, Nov 24, 2020 at 03:06:59PM -0800, pe...@easthope.ca wrote:
> > > > > > This is the only oddity evident after ifup wlxa0f3c10a28f7.
> > > > > > 
> > > > > >   DHCPDISCOVER on wlxa0f3c10a28f7 to 255.255.255.255 port 67 
> > > > > > interval 3
> > > > > >   send_packet: No buffer space available
> > > > > >   dhclient.c:2445: Failed to send 300 byte long packet over 
> > > > > > wlxa0f3c10a28f7 interface.
> > > > > > 
> > > > > > Nevertheless, after a few more lines from DHCP the link works.
> > > > > > Any ideas about buffer space?
> > > > > 
> > > > > The kernel has no free RAM to queue a packet or that Tp-Link device
> > > > > you're is using low-quality kernel module. Happens with Tp-Link, but
> > > > 
> > > > With TP-Link? Aren't they just using other manufacturers' chipsets?
> > > 
> > > The hardware is definitely OEM'ed. The firmware is most likely theirs.
> > 
> > Really? I thought that network drivers load firmware based solely on
> > the chipset.
> 
> It's more complicated than this. For instance, to identify a NIC chip
> you need something that responds to said identification.
> 
> To put it simple, to load a firmware you need something to accept it.
> Some chips (ESP, nRF to name a few) allow you to write a firmware, but
> can hide lower-level functions like actual frame sending (i.e. - blobs
> in SDK). I.e. you provide a chip a tiny, yet complete OS, because
> otherwise all you have a chip that cannot even boot. From the host POV
> you just put some bits on a appropriate bus and hope that the other
> side is something you expect it to be. An example - [1].
> 
> Some chips (Broadcom, Realtek or Intel, for instance), have an OS part
> baked-in (or, very rarely - stored at EEPROM), and payload (i.e.
> application-level software) needs to be loaded by host.  And that my
> "firmware" statement was referred to a part that's baked-in, not a blob
> from linux-firmware. After all, A0:F3:C1 in that NIC above is Tp-Link,
> not Realtek.

Thanks for the detailed explanation, although I'm afraid that it's
still a little above my head. So when you referred above to a
"low-quality kernel module," you weren't referring to the linux kernel,
but something that TP-Link installs onto their products?

Celejar

Re: /bin/sh naar bash i.p.v. dash linken

[Geert Stappers]

On Wed, Nov 25, 2020 at 04:11:58PM +0100, Richard Lucassen wrote:
> On Wed, 25 Nov 2020 10:52:57 +0100
> Cecil Westerhof  wrote:
> 
> > Ik heb er zelf nooit last van gehad, maar door een vraag van iemand
> > anders kwam ik erachter dat sh een link is naar dash. Is er een
> > mogelijk heid om bij installatie sh naar bash te laten verwijzen?
> 
> ln -sf /bin/bash /bin/sh
> 
> zou ik zeggen, Na installatie dan. Maar verwijs in je eigen scripts
> gewoon naar /bin/bash als je bash wilt, dan ben je niet meer
> afhankelijk van het feit van hoe de /bin/sh staat.

Dat is inderdaad beter, zeggen "dit script is voor deze intepreter"


En inderdaad, het probleem dat shell shell is en de ene shell is niet de
andere shell blijft.  Helaas.


Regards
Geert Stappers
-- 
Silence is hard to parse

Re: Conseils sur l'utilisation de certificats Letsencrypt

[Daniel Caillibaud]

Le 25/11/20 à 17h38, Olivier  a écrit :

> Bonjour,
> 
> Je viens d'obtenir avec certbot mon premier certificat Letsencrypt via le
> challenge DNS-01 (cf [1]).
> C'est l'occasion pour moi de définir ma façon de gérer ces certificats.
> 
> Pour différentes raisons (parmi elles, celle qui consiste à éviter
> d'installer Certbot et des identifiants sensibles sur de multiples
> machines),

Il n'y a rien de sensible sur la machine qui lance certbot.

J'utilise certbot sur chaque frontal https, lorque je veux ajouter un vhost
foo.mondomaine.tld
- j'ajoute foo dans le dns de mondomaine.tld (seulement une entrée A, pour 
  pointer sur le bon frontal web)
- je génère le premier certificat manuellement (sur le frontal concerné) 
  avec la commande
certbot certonly --rsa-key-size 4096 --webroot -w /var/www/certbot -d
foo.mondomaine.tld
  (plusieurs -d possibles)
- je crée la conf nginx du vhost avec ce certif
et ensuite ça roule tout seul…

J'ai juste ajouté un override systemd pour ne faire le check qu'une fois par 
nuit
et pour appeler un hook maison afin d'être prévenu à chaque renouvellement.


Pour que ça fonctionne, j'ai une règle nginx sur le http_default (le vhost 
est pas encore créé car j'ai pas encore le certif)

  location ~ ^/.well-known/acme-challenge {
root /var/www/certbot;
  }

(le user qui lance la commande certbot doit avoir les droits d'écriture sur
/var/www/certbot, pour que LE retrouve ses petits dans ce dossier lorsqu'il 
fait sa vérif)

> j'imagine centraliser la gestion (création, renouvellement,
> suppression) des certificats sur une machine unique et de mécaniser, si
> possible, la copie de ces certificats sur les machines où ils sont
> nécessaires.
> 
> Si j'ai bien compris, le fichier /etc/crond.d/certbot renouvelle tous les
> certificats toutes les 12 heures:
> 0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system &&
> perl -e 'sleep int(rand(43200))' && certbot -q renew

non, il regarde toutes les 12 heures s'il faut le renouveler.

> Pourtant lors de sa création, mon certificat est annoncé comme valide
> jusqu'au 2021-02-23

Oui, c'est 3 mois, et certbot va le renouveler 20j avant l'échéance.

> 1. Que pensez-vous de centraliser la gestion des certificats ?

Pas très bien compris, amha c'est plus compliqué.

> 2. Que conseillez-vous pour la fréquence de renouvellement ?

Ça c'est pas toi qui choisit, c'est LE qui impose 3 mois de validité.

> 3. Est-il possible de disposer simultanément d'un certificat wildcard
> *.mondomaine.tld et d'un autre foo.mondomaine.tld ?

Je crois pas que LE propose de wildcard, mais tu peux lister autant de 
domaines que tu veux dans le même certif (pas forcément tous des sous-domaines 
du même domaine).

> 4. Quels usages légitimes pour un certificat wildcard, quand on peut créer
> rapidement un nouveau certificat et qu'on veut pouvoir les répudier au cas
> par cas ?

Pas bien compris, j'utilise toujours un certif par sous-domaine et j'en ai 
jamais répudié, mais je suppose que tu répudie le certif global et que tu 
en recrée un nouveau avec la même chose sauf ce que tu veux répudier.

> 5. Comment sauvegarder la machine avec laquelle on gère ses certificats ?

Comme n'importe quelle autre machine, mais j'ai probablement pas compris la 
question.

> [1] https://buzut.net/certbot-challenge-dns-ovh-wildcard/

Ça me paraît bien compliqué, pour ma part j'installe le paquet debian certbot 
et 
rien d'autre, et c'est hors de question de lui filer un droit de modif sur mes 
dns 
ou ma conf nginx.

-- 
Daniel

Plus je grossis, plus je m'aigris.
Philippe Geluck, Le chat

Re: NTFS partitions can't be mounted

[Linux-Fan]

Kanito 73 writes:


Hello

Al the previous issues I published are now solved. Relative to the RTL8821CE,  
I searched for a module rtl8821ce.ko but the generated module was just  
8821ce.ko so when I loaded the only RTL* (rtl8821ae.ko) the right 8821ce.ko  
was already loaded and I thought it was the rtl8821ae activating my wifi.  
[SOLVED]


Now I have another BIG problem.  I installed both Windows10 (version OCTOBER  
2020) and Debian 10.0.6 in dual boot and left a large NTFS partition for data  
on the primary disk (HDD) and the whole secondary disk (SDD) also as a unique  
NTFS partition.


Which parts went onto the SSD and which onto the HDD in the end?
Which of the two systems do you intend to use more often?
Which of the two systems will run computation-intensive (CPU, RAM, GPU)  
applications?


Well, I installed Windows, then Installed Linux and tested the NTFS  
partitions from Linux (Debian) mounting and copying some files successfully.  


[...]

So I think that Windows 10 locks the partitions or something weird is going  
on.


If not solved I will clear the entire disks and install only Debian and run  
Windoze on VirtualBox, I don't want since there are some games that I want to  
play on native Windows but if it does not work will have to remove it from  
the computer. CHKDSK.EXE reports no errors when I run it on such partitions.


[...]

Damn Windows it is making me cry blood but I need it for some games and  
programs...


[...]

See https://lists.debian.org/debian-user/2020/11/msg00574.html

The Wanderer's post contains a more elaborate explanation of the immediate  
issue you are most likely facing: Windows going into suspend-to-disk rather  
than actual shutdown.


A  possibility to bypass the fastboot/rapid startup technology is to use  
suitable arguments to the Windows `shutdown` command. It used to be possible  
to bypass it by doing a right-click on the Windows logo in the lower left  
and then choose "Shutdown" from that menu but I am not sure if this  
still works.


I'd still very much recommend running one of the two systems inside a  
virtual machine rather than physically despite the fact that the immediate  
issue with the rapid startup may be solved.


What about running virtual Linux under a Windows host? This would retain the  
gaming performance while at the same time solve the issues wrt. the file  
system. Of course, if you want to use your full RAM for Linux, this approach  
will not work. From my experience it is already difficult to run a 8 GiB  
Linux VM on a 16 GiB Windows machine (tested with Windows 10, Debian 10 and  
Microsoft Hyper-V).


HTH
Linux-fan

öö


pgpsdHpHL6qE9.pgp
Description: PGP signature

Re: Mise à jour automatique

[JC.EtiembleG]

Le 25/11/2020 à 16:01, firenze...@orange.fr a écrit :
. Forcément, en dehors de la liste des miroirs officiels de Debian, dont 
aucun ne semble en https


Ha bon !! alors pourtant sur Debian 10 mon sources.list est en https

## debian 10 buster main paquets via https
deb https://deb.debian.org/debian/ buster main contrib non-free

## buster security via https
deb https://deb.debian.org/debian-security buster/updates main contrib 
non-free


## buster updates  paquets via https
deb https://deb.debian.org/debian/ buster-updates main contrib non-free

et ça marche, elle est pas belle la vie

--
J-C Etiemble

Re: Mise à jour automatique

[JC.EtiembleG]

Le 25/11/2020 à 16:01, firenze...@orange.fr a écrit :

Je cherche à automatiser les mises à jour Debian buster pour le compte 
d'un utilisateur qui vient tout juste d'abandonner Windows


suivant le bureau par exemple sur XFCE avec Package Update Indicator il 
affiche les mises à jour dans la zone de notification, il suffit alors 
de cliquer sur le bouton et les mises à jour se font

pour info
https://i.postimg.cc/bw1t1vfc/maj.png

--
J-C Etiemble

Re: Mise à jour automatique

[JC.EtiembleG]

Le 25/11/2020 à 17:28, Basile Starynkevitch a écrit :

Forcément, en dehors de la liste des miroirs officiels de Debian, dont 
aucun ne semble en https.


Ha bon !! alors pourtant sur Debian 10 mon sources.list est en https

## debian 10 buster main paquets via https
deb https://deb.debian.org/debian/ buster main contrib non-free

## buster security via https
deb https://deb.debian.org/debian-security buster/updates main contrib 
non-free


## buster updates  paquets via https
deb https://deb.debian.org/debian/ buster-updates main contrib non-free

et ça marche, elle est pas belle la vie ;)

--
J-C Etiemble

Conseils sur l'utilisation de certificats Letsencrypt

[Olivier]

Bonjour,

Je viens d'obtenir avec certbot mon premier certificat Letsencrypt via le
challenge DNS-01 (cf [1]).
C'est l'occasion pour moi de définir ma façon de gérer ces certificats.

Pour différentes raisons (parmi elles, celle qui consiste à éviter
d'installer Certbot et des identifiants sensibles sur de multiples
machines), j'imagine centraliser la gestion (création, renouvellement,
suppression) des certificats sur une machine unique et de mécaniser, si
possible, la copie de ces certificats sur les machines où ils sont
nécessaires.

Si j'ai bien compris, le fichier /etc/crond.d/certbot renouvelle tous les
certificats toutes les 12 heures:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system &&
perl -e 'sleep int(rand(43200))' && certbot -q renew

Pourtant lors de sa création, mon certificat est annoncé comme valide
jusqu'au 2021-02-23


1. Que pensez-vous de centraliser la gestion des certificats ?
2. Que conseillez-vous pour la fréquence de renouvellement ?
3. Est-il possible de disposer simultanément d'un certificat wildcard
*.mondomaine.tld et d'un autre foo.mondomaine.tld ?
4. Quels usages légitimes pour un certificat wildcard, quand on peut créer
rapidement un nouveau certificat et qu'on veut pouvoir les répudier au cas
par cas ?
5. Comment sauvegarder la machine avec laquelle on gère ses certificats ?

[1] https://buzut.net/certbot-challenge-dns-ovh-wildcard/

Slts

Re: Mise à jour automatique

[Basile Starynkevitch]

On 11/25/20 4:01 PM, firenze...@orange.fr wrote:


Bonjour à tous,

Je cherche à automatiser les mises à jour Debian buster pour le compte 
d'un utilisateur qui vient tout juste d'abandonner Windows. Pour cela 
je tente de paramétrer unattended-upgrades avec des entrées en https 
dans les fichiers /etc/apt/sources.list et les fichiers du répertoire 
/etc/apt/sources.list.d. Forcément, en dehors de la liste des miroirs 
officiels de Debian, dont aucun ne semble en https.




On pourrait imaginer utiliser crontab(5) 
, systemd(1) 
 ou batch(1) 




Le diable est dans les détails, et ils sont nombreux.


Cordialement

--
Basile Starynkevitch  
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: Instructions for command line usage of WiFi.

[Reco]

On Wed, Nov 25, 2020 at 10:31:55AM -0500, Celejar wrote:
> On Wed, 25 Nov 2020 17:43:00 +0300
> Reco  wrote:
> 
> > On Wed, Nov 25, 2020 at 09:19:08AM -0500, Celejar wrote:
> > > On Wed, 25 Nov 2020 10:42:59 +0300
> > > Reco  wrote:
> > > 
> > > > On Tue, Nov 24, 2020 at 03:06:59PM -0800, pe...@easthope.ca wrote:
> > > > > This is the only oddity evident after ifup wlxa0f3c10a28f7.
> > > > > 
> > > > >   DHCPDISCOVER on wlxa0f3c10a28f7 to 255.255.255.255 port 67 interval 
> > > > > 3
> > > > >   send_packet: No buffer space available
> > > > >   dhclient.c:2445: Failed to send 300 byte long packet over 
> > > > > wlxa0f3c10a28f7 interface.
> > > > > 
> > > > > Nevertheless, after a few more lines from DHCP the link works.
> > > > > Any ideas about buffer space?
> > > > 
> > > > The kernel has no free RAM to queue a packet or that Tp-Link device
> > > > you're is using low-quality kernel module. Happens with Tp-Link, but
> > > 
> > > With TP-Link? Aren't they just using other manufacturers' chipsets?
> > 
> > The hardware is definitely OEM'ed. The firmware is most likely theirs.
> 
> Really? I thought that network drivers load firmware based solely on
> the chipset.

It's more complicated than this. For instance, to identify a NIC chip
you need something that responds to said identification.

To put it simple, to load a firmware you need something to accept it.
Some chips (ESP, nRF to name a few) allow you to write a firmware, but
can hide lower-level functions like actual frame sending (i.e. - blobs
in SDK). I.e. you provide a chip a tiny, yet complete OS, because
otherwise all you have a chip that cannot even boot. From the host POV
you just put some bits on a appropriate bus and hope that the other
side is something you expect it to be. An example - [1].

Some chips (Broadcom, Realtek or Intel, for instance), have an OS part
baked-in (or, very rarely - stored at EEPROM), and payload (i.e.
application-level software) needs to be loaded by host.  And that my
"firmware" statement was referred to a part that's baked-in, not a blob
from linux-firmware. After all, A0:F3:C1 in that NIC above is Tp-Link,
not Realtek.

Reco

[1] https://github.com/espressif/esp-hosted

Re: NTFS partitions can't be mounted

[John Boxall]

P.S. Debian is working 100% perfectly, it is up and running, the 
unique problem is the access to the NTFS partitions


You are running into Windows "hibernation" that leaves the disks in an 
"unclean" state when shut down in that manner (sadly, a 
default..."fastboot" as John Doe was pointing you to).


From CNET: "In the Command Prompt *window*, type

                                            powercfg.exe /*hibernate* off

                                            and press the Enter key. ..."

Shut the Windows system down and try again.

--
Regards,

John Boxall

Re: Instructions for command line usage of WiFi.

[Celejar]

On Wed, 25 Nov 2020 17:43:00 +0300
Reco  wrote:

> On Wed, Nov 25, 2020 at 09:19:08AM -0500, Celejar wrote:
> > On Wed, 25 Nov 2020 10:42:59 +0300
> > Reco  wrote:
> > 
> > > On Tue, Nov 24, 2020 at 03:06:59PM -0800, pe...@easthope.ca wrote:
> > > > This is the only oddity evident after ifup wlxa0f3c10a28f7.
> > > > 
> > > >   DHCPDISCOVER on wlxa0f3c10a28f7 to 255.255.255.255 port 67 interval 3
> > > >   send_packet: No buffer space available
> > > >   dhclient.c:2445: Failed to send 300 byte long packet over 
> > > > wlxa0f3c10a28f7 interface.
> > > > 
> > > > Nevertheless, after a few more lines from DHCP the link works.
> > > > Any ideas about buffer space?
> > > 
> > > The kernel has no free RAM to queue a packet or that Tp-Link device
> > > you're is using low-quality kernel module. Happens with Tp-Link, but
> > 
> > With TP-Link? Aren't they just using other manufacturers' chipsets?
> 
> The hardware is definitely OEM'ed. The firmware is most likely theirs.

Really? I thought that network drivers load firmware based solely on
the chipset.

Celejar

Re: Problem with /var/mail file > 2GB with pop3

[David Wright]

On Tue 24 Nov 2020 at 17:17:24 (+), Curt wrote:
> On 2020-11-23, rhkra...@gmail.com  wrote:
> > On Monday, November 23, 2020 06:15:09 AM Sven Hartge wrote:
> >> Joe  wrote:
> >> > That's why we have IMAP, which doesn't use mbox.
> >> 
> >> The IMAP protocal and the backend storage have no connection.
   ↑↑↑
> >
> > Well, they do in a way -- if you use IMAP from your ISP for example, you 
> > don't 
> > need local storage on your email device (not any of mbox, maildir, or 
> > whatever).
> >
> > (I don't use IMAP (I use POP3), but I assume that if I were using IMAP as 
> > described, I could save emails on my local device, but I'm not clear on 
> > that 
> > mechanism / storage method.)
> 
> The IMAP protocol and the local storage format are orthogonal, I believe is 
> what
> he said, so you've come full circle in your reflections.

AIUI the backend storage is what the IMAP (and POP) protocols serve,
and the local storage is where the emails are stored when they have
been served.

It appears that the OP, like me, has their emails served by a remote
server, so one typically has no control over, knowledge or concern
about the hosting service's backend storage (beyond its being
reliable, 24/7 available, etc).

There's a big difference between the requirements for your local
storage when using POP compared with IMAP. When using POP in a
conventional manner (transfer, and delete at the server end), you
need reliable local storage. And you also need reliable file locking
at least when you're using mbox files.

OTOH for IMAP, there's no requirement for any local storage at all,
beyond a screen display so that you can read the emails. The client
*can* cache emails and/or make local copies, but it's not necessary
because you can reacquire any email at will.

Joe's IMAP *server* does have backend storage, but it looks as though
that's being fed by SMTP, which AIUI is not what the OP is thinking
of using (nor me).

Cheers,
David.

Re: Why use an email client AND sendmail/popa3d

[David Wright]

On Wed 25 Nov 2020 at 09:30:41 (+1100), Keith Bainbridge wrote:
> On Sun, 22 Nov 2020 23:34:56 -0600  David Wright wrote:
> >>> On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote:
> >>> > So does htis get a new subject in the list?
> 
> Interesting. I'll try it next time I want to use a comment from one
> thread as a separate topic.  BUT I wrote a totally new subject line.
> Surely that is removing 'Re: '

Oops, sorry, my mistake. I was simultaneously replying to several
emails at too late an hour—your subject line was fine.

> I'd appreciate a good explanation if somebody is up to it.

Of why it starts a new thread? Because there are no References and no
In-reply-to, it doesn't get threaded onto an existing thread.

There's an exception where a client threads a message onto any other
one with a similar subject. I remember this often causing problems
20 years ago when someone would send "Lunch?" expecting an immediate
reply, and the recipient's client would thread it to a months-old
duplicate message.

> >>> It would appear so. [snipped the misleading sentence that was here]
> >>>
> >>> > I was interested to read that Flo, the OP, uses separate mail
> >>> > collection, sendmail and thunderbird. Some of the replies sound
> >>> > like this is a common practice.
> >>> >
> >>> > What are the advantages of this set of processes over letting
> >>> > tbird do it all? - or any other client for that matter?
> >>>
> >>> Disadvantages of using your email client to send might include:
> >>> . sending is relatively instant as the client is dispatching
> >>>   it to the same machine, not the remote smarthost,
> 
> So I wouldn't get the message saying the note is being sent by the
> client - because that bit is 'instantaneous' by being local.

I must have been half-asleep: that's poorly expressed.
Each bullet point is meant to be an advantage of using an MTA,
and a disadvantage of sending direct from client to smarthost.

So bullet point 1 ought to say:
  . sending [via an MTA]  is relatively instant as the client is dispatching
it [the email] to the [MTA, running on the] same machine, not the remote 
smarthost,

What you would observe in the two cases is (using mutt as an example):

  With an MTA, the email is transferred almost immediately to the MTA
  running on the same machine, and the client says "Mail sent".

  With sending direct, some messages will flicker by as communication
  is established with the smarthost; with large emails, there'll be a
  pause while the file is transferred; then a couple more messages and
  finally "Mail sent". On this computer, the mutt debug logs show that
  sending a trivial email takes between 2 and 7 seconds, mostly
  related to starting up the connection.

  My transfer speeds (by cable) are very good nowadays. A decade ago
  in the UK, with several miles to the exchange going over copper,
  speeds were fairly dire (until FTTC arrived). Large attachments
  could take a while to get out.

> >>> . exim will retry sending if your smarthost is busy/unavailable,
> 
> OK. I have had instances of the 'sending' notice being there when I
> come back after lunch.
> 
> >>> . it keeps logs,
> 
> Fair enough
> 
> >>> . it send emails on behalf of other processes, like cron jobs,
> >>>   where your client is not involved.
> 
> Is that why email from cron doesn't happen sometimes, then magically
> happens.

I would hesitate to guess without more information.

> >>> I don't collect emails in Flo's sense, as I use IMAP rather than
> >>> POP. So my INBOX is merely mutt's cache of individual emails,
> >>> rather than a live mailfile. The actual server is somewhere around
> >>> Manchester/Stockport.
> 
> I prefer imap as I check mail on 3 devices, but it's become too slow to
> be workable, recently.   I do check back occasionally to see if the
> connection to Germany is getting better. It is 20,000Km I suppose.

That beats my 7000km (over a very fat pipe).

IMAP is designed to be interactive, and fetch each email when you ask
for it. But you can cheat. One way with mutt is to use "search in
message bodies" for some "impossible" string (like a long random one),
and then go and make the coffee. The client is forced to fetch and
cache all the unread emails while searching for the string. When you
return, you'll be able to read new messages instantaneously because
they're already cached.

> I had this thought as I completed that last sentence: should I use my
> ISP as a collection point for my many addresses?

Personally, I prefer to keep my email hosting separate from my ISP.
It's one less complication when travelling, changing service provider,
or moving home or job.

> Thanks for a thought provoking response.   I'll be contemplating this
> for a bit yet.

I hope I was a bit clearer.

Cheers,
David.

Re: /bin/sh naar bash i.p.v. dash linken

[Richard Lucassen]

On Wed, 25 Nov 2020 10:52:57 +0100
Cecil Westerhof  wrote:

> Ik heb er zelf nooit last van gehad, maar door een vraag van iemand
> anders kwam ik erachter dat sh een link is naar dash. Is er een
> mogelijk heid om bij installatie sh naar bash te laten verwijzen?

ln -sf /bin/bash /bin/sh

zou ik zeggen, Na installatie dan. Maar verwijs in je eigen scripts
gewoon naar /bin/bash als je bash wilt, dan ben je niet meer
afhankelijk van het feit van hoe de /bin/sh staat.

-- 
richard lucassen
http://contact.xaq.nl/

Mise à jour automatique

[firenze . rt]

Bonjour à tous,

Je cherche à automatiser les mises à jour Debian buster pour le compte 
d'un utilisateur qui vient tout juste d'abandonner Windows. Pour cela je 
tente de paramétrer unattended-upgrades avec des entrées en https dans 
les fichiers /etc/apt/sources.list et les fichiers du répertoire 
/etc/apt/sources.list.d. Forcément, en dehors de la liste des miroirs 
officiels de Debian, dont aucun ne semble en https.


En dépit de mes recherches sur internet, je n'ai pas réussi jusqu'à 
présent. J'ai testé sur un ordinateur cobaye pour voir, mais sans succès.


   :~$ apt-cache policy
   Fichiers du paquet :
 100 /var/lib/dpkg/status
 release a=now
 500 https://dl.jami.net/nightly/debian_10 ring/main amd64 Packages
 release o=ring,n=ring,l=Ring debian_10 Repository,c=main,b=amd64
 origin dl.jami.net
 100 https://debian.univ-nantes.fr/debian buster-backports/contrib
   amd64 Packages
 release o=Debian
   Backports,a=buster-backports,n=buster-backports,l=Debian
   Backports,c=contrib,b=amd64
 origin debian.univ-nantes.fr
 100 https://debian.univ-nantes.fr/debian buster-backports/main
   amd64 Packages
 release o=Debian
   Backports,a=buster-backports,n=buster-backports,l=Debian
   Backports,c=main,b=amd64
 origin debian.univ-nantes.fr
 500 https://debian.univ-nantes.fr/debian buster-updates/main amd64
   Packages
 release
   o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=amd64
 origin debian.univ-nantes.fr
 500 https://debian.univ-nantes.fr/debian-security
   buster/updates/main amd64 Packages
 release
   v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=amd64
 origin debian.univ-nantes.fr
 500 https://debian.univ-nantes.fr/debian buster/contrib amd64 Packages
 release
   v=10.6,o=Debian,a=stable,n=buster,l=Debian,c=contrib,b=amd64
 origin debian.univ-nantes.fr
 500 https://debian.univ-nantes.fr/debian buster/main amd64 Packages
 release v=10.6,o=Debian,a=stable,n=buster,l=Debian,c=main,b=amd64
 origin debian.univ-nantes.fr

   La partie Origins-Patern du fichier
   /etc/apt/apt.conf.d./50unattended-upgrades se présente comme ceci :

   Unattended-Upgrade::Origins-Pattern {
    // Codename based matching:
    // This will follow the migration of a release through
   different
    // archives (e.g. from testing to stable and later oldstable).
    // Software will be the latest available for the named release,
    // but the Debian release itself will not be automatically
   upgraded.
   // "origin=debian.univ-nantes.fr,codename=${distro_codename}-updates";
   //
   "origin=debian.univ-nantes.fr,codename=${distro_codename}-proposed-updates";
   //
   "origin=debian.univ-nantes.fr,codename=${distro_codename},label=Debian";
    "https://debian.univ-nantes.fr/debian-security
   buster/updates/main amd64
   Packages,origin=Debian,codename=${distro_codename},label=Debia$
    "https://dl.jami.net/nightly/debian_10 ring/main amd64
   Packages,o=ring,n=ring,l=Ring debian_10 Repository",c=main,b=amd64;

   cat 10periodic
   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";
   APT::Periodic::Download-Upgradeable-Packages "1";

   cat 20auto-upgrades
   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";

   sudo unattended-upgrades -d
   Initial blacklist :
   Initial whitelist:
   Démarrage du script de mise à niveau automatique
   Les origines permises sont:
   https://debian.univ-nantes.fr/debian-security buster/updates/main
   amd64 Packages,origin=Debian,codename=buster,label=Debian-Security,
   https://dl.jami.net/nightly/debian_10 ring/main amd64
   Packages,o=ring,n=ring,l=Ring debian_10 Repository,c=main,b=amd64
   Using
   
(^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^linux-image-unsigned-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*|^linux-buildinfo-[0-9]+\.[0-9\.]+-.*|^linux-source-[0-9]+\.[0-9\.]+-.*)
   regexp to find kernel packages
   Using
   

Re: Instructions for command line usage of WiFi.

[Reco]

On Wed, Nov 25, 2020 at 09:19:08AM -0500, Celejar wrote:
> On Wed, 25 Nov 2020 10:42:59 +0300
> Reco  wrote:
> 
> > On Tue, Nov 24, 2020 at 03:06:59PM -0800, pe...@easthope.ca wrote:
> > > This is the only oddity evident after ifup wlxa0f3c10a28f7.
> > > 
> > >   DHCPDISCOVER on wlxa0f3c10a28f7 to 255.255.255.255 port 67 interval 3
> > >   send_packet: No buffer space available
> > >   dhclient.c:2445: Failed to send 300 byte long packet over 
> > > wlxa0f3c10a28f7 interface.
> > > 
> > > Nevertheless, after a few more lines from DHCP the link works.
> > > Any ideas about buffer space?
> > 
> > The kernel has no free RAM to queue a packet or that Tp-Link device
> > you're is using low-quality kernel module. Happens with Tp-Link, but
> 
> With TP-Link? Aren't they just using other manufacturers' chipsets?

The hardware is definitely OEM'ed. The firmware is most likely theirs.


> I know people don't like Realtek and Broadcom,

Realtek is a hit-or-miss. Too many incompatible revisions of the same
hardware.
Broadcom is the definition of Adult Entertainment with the user put at
the receiving end.


If one needs a good and proper WiFi/Bluetooth combo, there's Intel and
Atheros.

Reco

Re: Instructions for command line usage of WiFi.

[Celejar]

On Wed, 25 Nov 2020 10:42:59 +0300
Reco  wrote:

> On Tue, Nov 24, 2020 at 03:06:59PM -0800, pe...@easthope.ca wrote:

...

> > This is the only oddity evident after ifup wlxa0f3c10a28f7.
> > 
> >   DHCPDISCOVER on wlxa0f3c10a28f7 to 255.255.255.255 port 67 interval 3
> >   send_packet: No buffer space available
> >   dhclient.c:2445: Failed to send 300 byte long packet over wlxa0f3c10a28f7 
> > interface.
> > 
> > Nevertheless, after a few more lines from DHCP the link works.
> > Any ideas about buffer space?
> 
> The kernel has no free RAM to queue a packet or that Tp-Link device
> you're is using low-quality kernel module. Happens with Tp-Link, but

With TP-Link? Aren't they just using other manufacturers' chipsets? I
know people don't like Realtek and Broadcom, but does TP-Link make
their own silicon? In any event, I've always been pretty happy with
their products.

> there's a bright side - it could've been Broadcom.
> 
> Try increasing a value of vm.min_free_kbytes, it may help.
> 
> Reco
> 


Celejar

Re: Why use an email client AND sendmail/popa3d

[Celejar]

On Wed, 25 Nov 2020 09:03:21 +
Joe  wrote:

...

> proper email client or webmail. I have to admit I use a netbook while
> away from home, as I have both "smart"phone and tablet, but they are
> extremely limited toys and they are owned by Google. If I need a mobile
> computer, then I want a real computer, and one where I have root
> access. 

A smartphone running something like LineageOS is not really owned by
Google (although there are still the very real problems of binary blobs
and the baseband black box stuff). If you get one with an unlocked
bootloader, you can have root as well. They're certainly not quite the
same thing as a "real" computer, admittedly.

Celejar

Re: comment sauvegarder le carnet d'adresses d'un téléphone mobiule Redmi / Android vers Debian (avant réinitialisation du téléphone)

[JC.EtiembleG]

Le 25/11/2020 à 14:11, raivac a écrit :

Tu peux tout simplement exporter ton carnet d'adresse depuis le menu des 
contacts.

Ça génère un .vcf qui inclu les photos des contacts.


Oui c'est le plus simple ;)

--
J-C Etiemble

Re: Opschonen /var/cache/apt/archives

[Cecil Westerhof]

Cecil Westerhof  writes:

>> Normaal gezien is dat alleen relevant als je "apt-get update" doet ipv
>> "apt update", omdat die laatste na installatie standaard meteen de net
>> geïnstalleerde pakketten verwijdert.
>
> Dan is het toch echt vreemd, want ik gebruik al tijden apt
> update/upgrade i.p.v. spt-get.

Het bleek dat mijn script toch apt-get gebruikte. Oorspronkelijk was
dat wel apt, maar mij was aangeraden om apt-get te gebruiken. Ik wist
niet dat dit alles download zonder weer te verwijderen. Ik heb het
weer terug gezet naar apt.

Preciezer: ik gebruik nu voor update apt en upgrade apt-get. Het
probleem van niet verwijderen uit de cache treed bij apt-get niet op
bij upgrade.

-- 
Cecil Westerhof
Senior Software Engineer
LinkedIn: http://www.linkedin.com/in/cecilwesterhof

/bin/sh naar bash i.p.v. dash linken

[Cecil Westerhof]

Ik heb er zelf nooit last van gehad, maar door een vraag van iemand
anders kwam ik erachter dat sh een link is naar dash. Is er een
mogelijk heid om bij installatie sh naar bash te laten verwijzen?

-- 
Cecil Westerhof
Senior Software Engineer
LinkedIn: http://www.linkedin.com/in/cecilwesterhof

Re: comment sauvegarder le carnet d'adresses d'un téléphone mobiule Redmi / Android vers Debian (avant réinitialisation du téléphone)

[François-Marie BILLARD]

Le 25/11/2020 à 11:20, Basile Starynkevitch a écrit :

Bonjour les listes April & Debian-User-French


J'ai un téléphone portable RedMi Note 7 sous Android 10 QKQ1

J'ai un ordinateur fixe (processeur AMD64 sous Debian Buster)

J'ai un cable USB pour connecter l'un à l'autre.

Je souhaiterais réinitialiser mon téléphone portable en ayant 
préalablement sauvegardé l'ensemble des photos (au format JPEG) et 
l'ensemble du carnet d'adresses sur l'ordinateur fixe.



La rumeur dit que le carnet d'adresse du téléphone serait dans une ou 
plusieurs bases de données SQLite (lesquelles? où?). J'aimerais aussi 
éditer ce carnet d'adresse sur mon ordinateur fixe.


Je suis capable de compiler un logiciel libre (sur mon ordinateur fixe) 
depuis son code source.


Comment procéder?

Librement


Bonjour
en utilisant un autre outil de gestion du carnet d'adresse disponible 
sur Fdroid qui permert l'export complet du répertoire.


https://f-droid.org/fr/packages/com.simplemobiletools.contacts.pro/




--
François-Marie

Re: comment sauvegarder le carnet d'adresses d'un téléphone mobiule Redmi / Android vers Debian (avant réinitialisation du téléphone)

[raivac]

Tu peux tout simplement exporter ton carnet d'adresse depuis le menu des 
contacts.
Ça génère un .vcf qui inclu les photos des contacts.

Re: Why use an email client AND sendmail/popa3d

[Greg Wooledge]

On Wed, Nov 25, 2020 at 09:30:41AM +1100, Keith Bainbridge wrote:
> On Sun, 22 Nov 2020 23:34:56 -0600  David Wright
>  wrote:
> 
> >>> On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote:
> >>> > So does htis get a new subject in the list?
> 
> Interesting. I'll try it next time I want to use a comment from one
> thread as a separate topic.  BUT I wrote a totally new subject line.
> Surely that is removing 'Re: '

It's not the Subject: header that matters for thread construction.(*)
It's the In-Reply-To: header, which contains the Message-ID:s of your
parent message(s).

A sufficiently advanced email client (MUA) takes all the messages,
with all of their unique Message-ID:s, and all of their In-Reply-To:
headers, and constructs a tree in memory, with all of the parent/child
relationships laid out explicitly.  Then it presents this tree
structure to you, however it was programmed to do.

(*) Unless you're using Microsoft Outlook or other similar crap.

Re: [April] comment sauvegarder carnet adresses téléphone mobiule Redmi / Android

[ajh-valmer]

> > J'ai un téléphone portable RedMi Note 7 sous Android 10 QKQ1
> > J'ai un ordinateur fixe (processeur AMD64 sous Debian Buster)
> > J'ai un cable USB pour connecter l'un à l'autre.
> > Je souhaiterais réinitialiser mon téléphone portable en ayant 
> > préalablement sauvegardé l'ensemble des photos (au format JPEG) et 
> > l'ensemble du carnet d'adresses sur l'ordinateur fixe.

Toutes les données se voient comme avec une clé USB,
que l'on peut sauvegarder sur son ordinateur.

Ils existent tas de logiciels à télécharger pour mieux présenter
et faire les sauvegardes :-)

C'est importe le portable.

Re: NTFS partitions can't be mounted

[The Wanderer]

On 2020-11-24 at 22:34, Kanito 73 wrote:

> Hello
> 
> Al the previous issues I published are now solved. Relative to the
> RTL8821CE, I searched for a module rtl8821ce.ko but the generated
> module was just 8821ce.ko so when I loaded the only RTL*
> (rtl8821ae.ko) the right 8821ce.ko was already loaded and I thought
> it was the rtl8821ae activating my wifi. [SOLVED]
> 
> Now I have another BIG problem.  I installed both Windows10 (version
> OCTOBER 2020) and Debian 10.0.6 in dual boot and left a large NTFS
> partition for data on the primary disk (HDD) and the whole secondary
> disk (SDD) also as a unique NTFS partition.
> 
> Well, I installed Windows, then Installed Linux and tested the NTFS
> partitions from Linux (Debian) mounting and copying some files
> successfully. After rebooting with Windows those partitions were not
> accessible from Linux anymore. If they are mounted at boot time via
> /etc/fstab it silently mounts them as "ro" (read only) although from
> time to time they are mounted ocasionally as "rw" but as soon as I
> try to write or copy there they are turned to "ro". If I mount
> manually with the mount command, they are also mounted as "ro"
> showing a message indicating that the NTFS partition was unmounted
> uncleanly (and to fix with Windows) or that it is locked by windows
> to perform a check or installation of something or an update BUT THEY
> ARE CLEAN EMPTY PARTITIONS.
> 
> What can I do? At this moment I am formating the 700Gb HDD partition
> and just formated the 128Gb SDD from Windows with the full format
> (not quick format) to see if there is a physical error on the disks.
> The SDD was fully formated with no errors. The HDD partition
> currently at 80% has not showed errors... So I think that Windows 10
> locks the partitions or something weird is going on.

Modern Windows versions have a quirk that, in a default configuration,
"Shut Down" doesn't actually shut all the way down; it effectively
performs a type of "suspend". The reasons are a little complicated to
describe, but boil down to making it possible for the next boot-up to
happen faster.

One effect of the way this is implemented is that at least the primary
Windows drive (usually C:) doesn't get cleanly unmounted before the
shutdown. In order to avoid risk of corrupting it, the Linux NTFS tools
will refuse to mount such a partition read-write. It's possible (I don't
think I've ever tested) that this will happen for other partitions, as
well.

One way to test whether this is what is happening would be to use
"Reboot", rather than "Shut Down", to get out of Windows. A "Reboot"
doesn't do that suspend-analog, it actually does shut things all the way
down before rebooting. If you then boot to another OS (or even power off
via the power button, once you've reached the POST screen) before going
back into Windows, then if this is what is happening, you'll find that
the partition in question was cleanly unmounted and the Linux tools can
mount it read-write.

There's also a way to disable this behavior, but I don't remember what
it was; also, while I think I tried to implement it on computers at my
workplace at one point, I don't remember having ever actually gotten it
to work as advertised. If you want to try going that way, good luck.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: NTFS partitions can't be mounted

[Joe]

On Wed, 25 Nov 2020 03:34:40 +
Kanito 73  wrote:

> Hello
> 
> Al the previous issues I published are now solved. Relative to the
> RTL8821CE, I searched for a module rtl8821ce.ko but the generated
> module was just 8821ce.ko so when I loaded the only RTL*
> (rtl8821ae.ko) the right 8821ce.ko was already loaded and I thought
> it was the rtl8821ae activating my wifi. [SOLVED]
> 
> Now I have another BIG problem.  I installed both Windows10 (version
> OCTOBER 2020) and Debian 10.0.6 in dual boot and left a large NTFS
> partition for data on the primary disk (HDD) and the whole secondary
> disk (SDD) also as a unique NTFS partition.
> 
> Well, I installed Windows, then Installed Linux and tested the NTFS
> partitions from Linux (Debian) mounting and copying some files
> successfully. After rebooting with Windows those partitions were not
> accessible from Linux anymore. If they are mounted at boot time via
> /etc/fstab it silently mounts them as "ro" (read only) although from
> time to time they are mounted ocasionally as "rw" but as soon as I
> try to write or copy there they are turned to "ro". If I mount
> manually with the mount command, they are also mounted as "ro"
> showing a message indicating that the NTFS partition was unmounted
> uncleanly (and to fix with Windows) or that it is locked by windows
> to perform a check or installation of something or an update BUT THEY
> ARE CLEAN EMPTY PARTITIONS.
> 
> What can I do? At this moment I am formating the 700Gb HDD partition
> and just formated the 128Gb SDD from Windows with the full format
> (not quick format) to see if there is a physical error on the disks.
> The SDD was fully formated with no errors. The HDD partition
> currently at 80% has not showed errors... So I think that Windows 10
> locks the partitions or something weird is going on.
> 
> If not solved I will clear the entire disks and install only Debian
> and run Windoze on VirtualBox, I don't want since there are some
> games that I want to play on native Windows but if it does not work
> will have to remove it from the computer. CHKDSK.EXE reports no
> errors when I run it on such partitions.
> 
> THEORIES
> ---
> - Disk geometry may be interpreted different in Windows and Linux so
> it can cause problems. Windows partitions were created by Windows and
> Debian partitions were created by Linux.
> - It may be related to some UEFI configuration (I only disabled
> secure boot and disk legacy to use UEFI) blocking or interferring
> - A few times, Linux has swapped the disk devices. First disk (sda)
> is HDD and second disk (sdb) is SDD, but two or three times when I
> checked the partitions with fdisk (only see the partition types and
> numbers) HDD was sdb and SDD was sda, and after reboot they were
> again HDD:sda SDD:sdb... Is it a Linux problem or a UEFI problem or
> WTF? It is WEIRD, never have seen something like that...
> 
> Damn Windows it is making me cry blood but I need it for some games
> and programs...
> 
> Thanks for your patience (sorry for too many posts)
> 
> P.S. Debian is working 100% perfectly, it is up and running, the
> unique problem is the access to the NTFS partitions

I had that happen the other day, booted to Windows and it did indeed
claim something was wrong with the partition and offered to fix it.
After that, I was back to rw mounting on Linux. It has only happened
once in about 18 months of dual booting. There is no problem here with
disc naming, as one drive is sda and the other is mmc

I don't know how it happened, as I don't use fast boot on Windows (as a
different OS is used most of the time) and there was no unexpected
shutdown with either OS. I use the shared partition quite a lot, as my
VeraCrypt file lives on it, and it is always mounted when Linux runs on
the machine.

-- 
Joe

Re: [April] comment sauvegarder le carnet d'adresses d'un téléphone mobiule Redmi / Android vers Debian (avant réinitialisation du téléphone)

[nicolas schont]

Bonjour

une option accès simplet je pense et de passer par un module de 
synchronisation de contact comme davx

https://f-droid.org/fr/packages/at.bitfire.davdroid/

qui fait du carddav et d'avoir un service de caldav/cardav comme 
nextcloud ou radicale


Le chatons parinux propose les 2 avec inscriptions libre
https://bastet.parinux.org/


Nicolas

Le 25/11/2020 à 11:20, Basile Starynkevitch a écrit :

Bonjour les listes April & Debian-User-French


J'ai un téléphone portable RedMi Note 7 sous Android 10 QKQ1

J'ai un ordinateur fixe (processeur AMD64 sous Debian Buster)

J'ai un cable USB pour connecter l'un à l'autre.

Je souhaiterais réinitialiser mon téléphone portable en ayant 
préalablement sauvegardé l'ensemble des photos (au format JPEG) et 
l'ensemble du carnet d'adresses sur l'ordinateur fixe.



La rumeur dit que le carnet d'adresse du téléphone serait dans une ou 
plusieurs bases de données SQLite (lesquelles? où?). J'aimerais aussi 
éditer ce carnet d'adresse sur mon ordinateur fixe.


Je suis capable de compiler un logiciel libre (sur mon ordinateur fixe) 
depuis son code source.


Comment procéder?

Librement


--
Pour connaître la configuration de la liste, gérer votre abonnement à la liste 
april et vos informations personnelles :
https://www.april.org/my





OpenPGP_signature
Description: OpenPGP digital signature

Re: /bin/sh naar bash i.p.v. dash linken

[Richard Lucassen]

On Wed, 25 Nov 2020 10:52:57 +0100
Cecil Westerhof  wrote:

> Ik heb er zelf nooit last van gehad, maar door een vraag van iemand
> anders kwam ik erachter dat sh een link is naar dash. Is er een
> mogelijk heid om bij installatie sh naar bash te laten verwijzen?

Ik gebruik zelf al jaren de expliciete verwijzing, nooit /bin/sh. Ik
gebruik #!/bin/dash het meeste en af en toe #!/bin/bash. Overigens is
dash een POSIX shell en bash zal ook doen wat dash kan, maar omgekeerd
niet. Volgens mij gebruikt bash ook 10 keer zoveel memory. Door de
shell expliciet aan te wijzen heb je dat probleem nooit.

Dat /bin/sh naar dash wijst is volgens mij een jaar of tien, vijftien
terug gedaan. Er bestaat ook een pagina bij Ubuntu waarbij de
verschillen worden aangeduid, toen het spul overging van bash naar dash:

https://wiki.ubuntu.com/DashAsBinSh

R.

-- 
richard lucassen
http://contact.xaq.nl/

Re: RTL8821CE does not load automatically at boot time

[didier gaumet]

Le mardi 24 novembre 2020 à 19:10:06 UTC+1, Alexander V. Makartsev a écrit :

> Is there a reason for using an external driver? Kernel module for your NIC is 
> already provided by stable kernel image. You've probably just missing a 
> firmware. [1]
> Have you tried to install "firmware-realtek" package from non-free section of 
> official Debian "buster" or "buster-backports" repo?
> 
> 
> [1] https://packages.debian.org/buster/firmware-realtek

Hello,

RTL8821AE and RT8821CE are two different chips, albeit with similar features, 
the latter improves upon the former:
 https://www.realtek.com/en/products/communications-network-ics/item/rtl8821ae
 https://www.realtek.com/en/products/communications-network-ics/item/rtl8821ce

there is a RTL8821AE branch in the mainline kernel source tree and at least up 
to 5.8, there is none for RTL8821CE.

I have had a RTL8821CE based card in my laptop (since replaced by an Intel 
AX200) and was building its driver from the above mentionned site (Pinho): I 
don't remember the module being rtl8821ae instead of rtl8821ce (but perhaps 
have I forgotten)

comment sauvegarder le carnet d'adresses d'un téléphone mobiule Redmi / Android vers Debian (avant réinitialisation du téléphone)

[Basile Starynkevitch]

Bonjour les listes April & Debian-User-French


J'ai un téléphone portable RedMi Note 7 sous Android 10 QKQ1

J'ai un ordinateur fixe (processeur AMD64 sous Debian Buster)

J'ai un cable USB pour connecter l'un à l'autre.

Je souhaiterais réinitialiser mon téléphone portable en ayant 
préalablement sauvegardé l'ensemble des photos (au format JPEG) et 
l'ensemble du carnet d'adresses sur l'ordinateur fixe.



La rumeur dit que le carnet d'adresse du téléphone serait dans une ou 
plusieurs bases de données SQLite (lesquelles? où?). J'aimerais aussi 
éditer ce carnet d'adresse sur mon ordinateur fixe.


Je suis capable de compiler un logiciel libre (sur mon ordinateur fixe) 
depuis son code source.


Comment procéder?

Librement

--
Basile Starynkevitch  
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: Missing SATA Drives on ROMED8-2T Motherboard

[Sven Hartge]

Scott Colby  wrote:
> On Tue, Nov 24, 2020, at 02:40, Sven Hartge wrote:

>> Which would mean that the Kernel does not have a driver for the chip
>> driving SATA0_3 as it seems.

> Makes sense.

>> Can you provide more information, for example a lspci listing?

> No problem, here you go, with apologies for the linewidth:

> 48:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA 
> Controller [AHCI mode] (rev 51)
> 49:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA 
> Controller [AHCI mode] (rev 51)
> 83:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA 
> Controller [AHCI mode] (rev 51)
> 84:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA 
> Controller [AHCI mode] (rev 51)

> Here also are what seem to be the relevant lines from my dmesg output, which 
> is from `dmesg | grep -i ata` with a few lines removed:

> [9.902740] ahci :83:00.0: AHCI 0001.0301 32 slots 8 ports 6 Gbps 0xff 
> impl SATA mode
> [9.905132] ahci :84:00.0: AHCI 0001.0301 32 slots 8 ports 6 Gbps 0xff 
> impl SATA mode
> [9.911701] ahci :48:00.0: AHCI 0001.0301 32 slots 8 ports 6 Gbps 0xff 
> impl SATA mode

Hmm. The controller at 49:00.0 is missing here. Could it be hosting the
missing drives?

Other than that: No idea. I don't see anything obvious, any glaring
errors.

S!

-- 
Sigmentation fault. Core dumped.

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[Joe]

On Wed, 25 Nov 2020 00:08:27 +
mick crane  wrote:

> On 2020-11-23 12:19, Andrei POPESCU wrote:
> > On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:  
> >> So does htis get a new subject in the list?
> >> 
> >> Good afternon All
> >> 
> >> I was interested to read that Flo, the OP, uses separate mail
> >> collection, sendmail and thunderbird. Some of the replies sound
> >> like this is a common practice.
> >> 
> >> What are the advantages of this set of processes over letting
> >> tbird do it all? - or any other client for that matter?  
> > 
> > It makes it easier to switch between different e-mail clients if the
> > sending and/or receiving is handled externally, e.g. one might use a
> > graphical e-mail client in general and a text mode client
> > occasionally.
> > 
> > Such a setup also typically uses standard locations for the storage
> > (as opposed to e-mail client specific), which makes it easier to
> > add more functionality (e.g. serve local e-mail via IMAP) or
> > replace individual components.  
> 
> As I can make out if you try to do the useful stuff on your home
> network like having Dovecot doing your mail it is really a bodge if
> you are not advertising those services on the internet.

As I've posted elsewhere, I run my own servers and don't open the email
ports to the world (other than SMTP). I use ssh with port forwarding to
reach email from outside, or occasionally OpenVPN.

> I am I suppose in the domain of Sky who provide my wired connection
> so I use sky/yahoo SMTP server as part of service but they add to
> outgoing email "Reply-Path" being my Sky user account in the headers
> which seems to be confusing exim email lists and results in rejected
> or bounced emails recently.
> I'd like to sort it out to avoid that if I knew what they were doing.
> I like things as they are when it is working and really, really don't
> want to go the whole hog of advertising email services. I think it is
> some relatively new thing where they are double authenticating or
> something but ideally I don't know why SMTP server does just pass
> message along and not add items to the header except they received it
> and passed it along to the recipient.

As it happens outside your control, there's not a lot you can do about
it other than hire an email service that is fairly professional i.e.
not a domestic service whose primary client base is children (of all
ages). A lot of domestic providers insist that you send using one of
their email addresses, which doesn't suit everyone. I lease a few
domains and I expect to use them for my email addresses.

-- 
Joe

Re: Why use an email client AND sendmail/popa3d

[Joe]

On Wed, 25 Nov 2020 09:30:49 +1100
Keith Bainbridge  wrote:


> 
> I like the idea of a local imap server. I have a RPi that will do the
> job, sitting ready and waiting.  How easy is it to get phone/tablet to
> connect while I'm away? though.  A good URI would be an excellent
> answer.
> 

Less so than with an external email provider.

I prefer not to open email collection ports to the Net, so I use ssh
with keys and port forwarding, on a non-standard port to keep the logs
cleaner. I forward both web and the email ports, so I can either use a
proper email client or webmail. I have to admit I use a netbook while
away from home, as I have both "smart"phone and tablet, but they are
extremely limited toys and they are owned by Google. If I need a mobile
computer, then I want a real computer, and one where I have root
access. 

I'm in the process of building a couple of RPi servers to replace my
HP microserver, and the mail server seems to be running OK. I have
exim4 as the MTA, dovecot for IMAP and Roundcube for webmail. Roundcube
requires an SQL database, and I'm running MariaDB for other reasons, and
it's happy with that. It's also running bind9, as I'm sending and
receiving email directly and need a good local DNS service.

-- 
Joe