Re: Yet ANOTHER ThunderTurd ( Thunderbird ) topic... Text Size

[Darac Marjal]

On 02/06/2024 19:03, Chris M wrote:
I noticed that in SeaMonkey Mail's latest version 2.53.18.2 that the 
text is small in SOME emails, and in some emails its fine. And I can't 
figure out what to change to make the text a little bigger without 
having to use CTRL ++ on those certain emails.


Any ideas on how?


It might be worth checking what language the emails are in. Thunderbird 
allows you to specify fonts separately for each writing system (e.g. if 
you want to specify fonts for Japanese or Greek or Khmer messages, you 
can do). For English and comparable languages, you want to set a font 
for "Latin" writing system. However, note that there is also "Other 
Writing Systems" so I can imagine that, if these emails aren't UTF-8 - 
if they're some strange Windows encoding, for example - they might not 
be using the font you think you've set.





Here is an example:

Original:
https://imgur.com/a/mFfgBLh


After hitting "CTRL +" 1 time:
https://imgur.com/a/eK1mERq



THANKS IN ADVANCE!

CHRIS

ch...@cwm030.com

* Lenovo ThinkCentre M710q*~~~* 1 TB SSD*~~~*15.5 GiB of ram*

~~* Q4OS Trinity Edition* ~~



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Markup in mail messages

[Darac Marjal]

On 15/05/2024 03:17, Max Nikulin wrote:

On 15/05/2024 02:32, Greg Wooledge wrote:

On Tue, May 14, 2024 at 08:16:20PM +0200, Nicolas George wrote:

Messages in Markdown in the Windows world? I have never seen it.

[...]

The only sensible interpretation I can
come up with for why these asterisks were added is that they're being
placed around text that's supposed to be emphasized/italicized.


*Bold*, /italics/, and _underlined_ markup is supported by various
mailers, e.g. Thunderbird and Gnus. Some render superscripts^1 and
subscripts_2 as well.

Backticks (`echo $PATH`) are more specific to markdown. However
sometimes I use them not expecting that the message will be rendered as
markdown. Just to avoid ambiguity where a piece of code starts and ends.

When this sort of subject comes up (as it does, every so often), I 
wonder why `text/markdown` isn't offered as a mime type for sending 
emails. If you're an MUA and you're going to parse text/plain for 
markup, then why not offer text/markdown as the body of the message? I 
know that there have been various attempts to bridge the gap between 
"text/plain is too basic" and "text/html is too powerful" such as 
text/enriched and text/rtf, but Markdown seems to be hitting a sweet 
spot of being easy to write and being widely adopted elsewhere.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: grub requirements for fonts

[Darac Marjal]

On 01/05/2024 10:45, Richard wrote:
I'd like to increase the font size in Grub (v2.12, at least I think 
that's the better alternative to just lowering the resolution) and 
opted to just use a custom font as there seems to be an OTF version of 
"GNU Unifont", though it seems to be jagged by design, but I'm running 
into issues. I thought about just using Noto Mono Regular for it, as 
Noto is supposed to always work and a monospaced font is recommended 
for easier setting of letters, as Grub uses bitmap fonts. Now my issue 
is that on one hand, the conversion to a bitmap font seems to be quite 
bad, the letters look really jagged. On the other hand, it seems that 
despite Noto supposed to being about no tofu, I actually get a lot of 
tofu. Both the up and down arrows in the description text at the 
bottom of grubs boot selector and the border around everything is just 
made up of tofu. And I tried converting the font with both grub-mkfont 
and Grub Customizer, same result.


What command line are you using? I've used the following in the past 
"grub-mkfont -o dejavu_12.pf -a -s 12 
/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf"


You also mention that you're trying Unifont and Noto - are you trying to 
display characters beyond the range of ASCII? I've not tried displaying 
much more than English text. You might need to use the "-r" option if 
you are.




So what exactly are the requirements for fonts to be used in Grub so 
that they are converted to PFF2 fonts in a higher quality and don't 
show tofu?


Best
Richard


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: autofs for /home: exclude admin users

[Darac Marjal]

On 01/04/2024 07:55, Felix Natter wrote:

hello debian-users,

I configured autofs for /home:

* -fstype=nfs,rw,soft,bg,intr SERVER:/share/&
Just to point out that this is "/share", not "/home". You might have set 
user's home directories to be /share/, but you've not 
mentioned that explicitly.


But now the login as "admin" does not work any more, since
it tries to mount SERVER:/share/admin -> Is it possible to exclude
a user from automounting?
Probably the simplest method is to ensure that "admin"'s home directory 
isn't below /share. You could keep that under /home, or make a new 
folder, as you prefer.


The workaround [1] I use is this:

admin -fstype=nfs,rw,soft,bg,intr localhost:/export/admin_homes/&
* -fstype=nfs,rw,soft,bg,intr SERVER:/share/&

where /export/admin_homes/admin is just a normal directory.

[1]
https://serverfault.com/questions/245121/how-to-prevent-autofs-from-mounting-over-specific-directories

Is this a valid solution? Will it work on Debian/Ubuntu/... also in the
future?

Many Thanks and Best Regards,
Felix
I use FreeIPA to manage my NFS home directories, and I've set my users 
there to have home directories under /home/ipa/. This means 
that non-FreeIPA users (i.e. if I need a machine-only user) have their 
homes under /home/ which isn't NFS-mounted.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: trying to parse lines from an awkwardly formatted HAR file ...

[Darac Marjal]

On 23/03/2024 16:34, Greg Wooledge wrote:

On Sat, Mar 23, 2024 at 11:55:04AM -0400, Greg Wooledge wrote:

On Sat, Mar 23, 2024 at 09:54:05AM -0500, Albretch Mueller wrote:

  1) That HAR file is not properly formatted. Instead of
"attribute":value pairs in the standard way, they have used front
slash + quote pairs (instead of just quotes) erratically all around
the file. That is why you can't use jq.

That is not what I see in the file which I pasted here.

Further investigation:

https://google.com/search?q=what+is+a+HAR+file

   https://www.keycdn.com/support/what-is-a-har-file
   Jan 12, 2023 — A HAR file is primarily used for identifying
   performance issues, such as bottlenecks and slow load times, and page
   rendering problems.

   https://en.wikipedia.org/wiki/HAR_(file_format)
   The HTTP Archive format, or HAR, is a JSON-formatted archive file
   format for logging of a web browser's interaction with a site.
   ...
   This document was never published by the Web Performance Working Group
   and has been abandoned.

So, putting these together, it looks like you are taking a file that
was intended to be used for diagnosing browser/network performance
issues, and attempting to use this in place of a downloadable index
of documents from archive.org.

Furthermore, whatever method you are using to *create* this HAR file
is questionable, since apparently you aren't even getting a properly
formatted file in the end.

This tells me we're deep inside an X-Y problem.  The original goal is
possibly something like "I want an index of all the books about this
Greek dude".  Maybe start from there, and see what answers you get.


If someone was looking to query a Web service programmatically, wouldn't 
the first place to start be seeing if the service has an API?


Archive.org has a well-documented API at 
https://archive.org/developers/. There's even a command-line tool 
(assuming one doesn't want to use, say, the python library).




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: distribution archives became unusable

[Darac Marjal]

On 06/03/2024 08:09, Harald Dunkel wrote:

Hi folks,

the repositories listed on https://www.debian.org/distrib/archive have
been signed using expired keys. Unfortunately this page doesn't deal
with this problem.

Do you think this could be improved?


No, I wouldn't have said so. The packages were signed with keys that 
were valid before they were archived. The archive then provides a 
bit-for-bit copy of what was in the repository at that point in time.


If the keys that signed the packages didn't have an expiry, then there'd 
be an opportunity for someone to update (and validly) sign packages 
retroactively.


The fact that the keys /have/ expired should reassure you that the 
archive hasn't been tampered with.





Regards
Harri



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: GRUB lost graphical terminal mode

[Darac Marjal]

On 16/02/2024 17:27, Borden wrote:

For a couple weeks now, I can't use graphical terminal in my GRUB 
configuration. Setting `GRUB_TERMINAL=console` works fine. With that line 
commented out, (thus using default settings), I get a blank screen on boot, 5 
second timeout, then normal boot.

Curiously, keyboard commands work normally. Specifically, I'm on multi-boot 
system, so I can boot into Windows by pressing the down arrow the correct 
number of times and pressing Enter. So I suspect that GRUB is either sending to 
the wrong video output or GRUB no longer supports my video card.

Any way I can troubleshoot without setting set debug=all?



According to the info pages, "console" means "native platform console". 
So, for UEFI, that would mean the UEFI console. For BIOS, I'm not sure 
if there is an equivalent.


Strangely, the info page says that default is "to use the platform's 
native terminal output" (Minor nit, I wish documentation would be 
consistent. Is "native terminal" the same as "native console"?).


Things you can try:

* Keep "GRUB_TERMINAL=console" uncommented. If it works, don't break it.

* Try "GRUB_TERMINAL=gfxterm" (uses graphics mode output).

* Try "GRUB_TERMINAL=morse" (uses the system speaker. Only for really 
desperate debugging :) )




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [ *** ] Job anacron.service/stop running (15min 49s / no limit)

[Darac Marjal]

On 11/02/2024 11:21, Rainer Dorsch wrote:

Hello,

I saw during a reboot

[  *** ] Job anacron.service/stop running (15min 49s / no limit)

eventually I did a hard reset, since I was not sure if the system simply hang.

I have two quick questions:
- How can I found out which process anacron is still running?


I think that, once the shutdown has started this is basically 
impossible. User sessions have likely been killed off so your only 
option would be to log in as root, but you'll probably also find that 
getty has been killed off too, so I don't know how you'd be able to 
enter any commands at this point.


However, one thing that you could look at is to inspect the journal from 
that boot. You can run "journalctl --list-boots" to get a list of boot 
ids, then run "journalctl -b  -u anacron". Anacron will print 
lines like the following:


Feb 10 13:32:50 host.example.com systemd[1]: Started anacron.service - 
Run anacron jobs.
Feb 10 13:32:50 host.example.com anacron[1822]: Anacron 2.3 started on 
2024-02-10
Feb 10 13:32:50 host.example.com anacron[1822]: Will run job 
`cron.daily' in 5 min.
Feb 10 13:32:50 host.example.com anacron[1822]: Jobs will be executed 
sequentially

Feb 10 13:37:50 host.example.com anacron[1822]: Job `cron.daily' started
Feb 10 13:37:50 host.example.com anacron[38129]: Updated timestamp for 
job `cron.daily' to 2024-02-10
Feb 10 13:37:51 host.example.com anacron[1822]: Job `cron.daily' 
terminated (mailing output)

Feb 10 13:37:51 host.example.com anacron[1822]: Normal exit (1 job run)
Feb 10 13:37:51 host.example.com systemd[1]: anacron.service: 
Deactivated successfully.


So, from that, you can see which set of cron scripts were running. If 
you have multiple scripts, then yes, it's harder to tell which script 
was the long running one (perhaps it's something like locate updating 
it's database?)



- How do I set a timeout/limit for anacron, that it cannot block forever
during a reboot?


It may be germane to point out that anacron.service already explicitly 
sets "TimeoutStopSec=Infinity". So, in the opinion of the developers, 
the service shouldn't be prematurely killed. Of course you, as the 
system administrator, always have the right to countermand that sort of 
decision, but it would be curious to find out why the developers thought 
they needed to override the systemd default in the first place?





Thanks
Rainer


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: -new HP AMD ryzen with realtec audio. The HP is mo1-F3xxx It has winblows 11 on it and I want it gone. It does have a 256GB SSD. Is there any thing i need to know before i try to install Bookworm.

[Darac Marjal]

On 10/02/2024 21:48, Maureen Thomas wrote:
So can I please get some help.  I have a portable CD/DVD and I made a 
USB with a ISO on it.  The computer does not have a cd/dvd burner but 
I have a portable one.  Can some one tell me if there are any special 
things I need to do to put Debian 12 on this machine.  I really hate 
windows and need to get it gone.  Your help is always appreciated by 
this old lady.  Thank you in advance>


If you'd prefer to read some documentation before getting started, the 
Debian Installation Guide ( 
https://www.debian.org/releases/stable/amd64/ ) is a VERY good place to 
start. Chapter 3 ( 
https://www.debian.org/releases/stable/amd64/ch03.en.html ) in 
particular, covers things like:


 * What the installation process consists of
 * Minimum Hardware Requirements
 * Some potential pitfalls to be aware of

But the whole document is quite well written, actually.



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: chrony date months off

[Darac Marjal]

On 31/01/2024 12:12, Max Nikulin wrote:

On 31/01/2024 17:54, to...@tuxteam.de wrote:

I think you want "maxstep". It's in the man page chrony.conf(5).

But if the time is "months off" perhaps you've got another problem
to fix first?


I think, the problem is no RTC on some *pi board, certainly chrony out 
of box setup is not ready to such environment and its solution is not 
maxstep.


Gene, are you going to complain again that some package has no man pages?

For Raspberry Pi's, Ubuntu offer a script similar to the following 
https://github.com/Jolicloud/initramfs-tools/blob/master/scripts/local-premount/fixrtc 
(I couldn't find an equivalent to https://sources.debian.net for Ubuntu, 
but the script is simple enough that I doubt if it's very different).


The script works like this: if the root device is specified on the 
kernel command line AND the word "fixrtc" is  specified, then get the 
time that the root file system was last mounted. The script then uses 
"date" to set the clock to that date stamp.


I assume that the idea is that, rather than having the clock start at 
1970, it's better to start it at, say, yesterday. You've still got quite 
a lot of slewing to do if you connect to NTP, but at least there's a 
chance that you can verify certificates etc.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Automatically installing GRUB on multiple drives

[Darac Marjal]

On 24/01/2024 10:17, Nicolas George wrote:

Hi.

We have drives in mdadm RAID1.

Since they are potential boot drives, we have to put a GPT on them.

Since mdadm can only put its superblock at the end of the device (1.0),
at the beginning of the device (1.1) and 4 Ko from the beginning (1.2),
but they still have not invented 1.3 to have the metadata 17 Ko from the
beginning or the end, which would be necessary to be compatible with
GPT, we have to partition them and put the EFI system partition outside
them.

To keep things logical, we have the same partitions on all drives,
including the EFI one. And GRUB is perfectly capable of booting the
system (inside the LVM) inside the RAID inside the partition.

Which leads me to wonder if there is an automated way to install GRUB on
all the EFI partitions.


Possibly. Proxmox (the virtualisation environment built on top of 
Debian, so not actually Debian itself) have a tool they imaginatively 
call "proxmox-boot-tool". It's designed to keep ESPs synchronized when 
you have ZFS on several disks. ZFS (on linux, at least) always creates a 
partition table, even if you allocate a whole disk as a zvol, so at 
least that solves the problem of where to put the ESP. However, 
proxmox-boot-tool registers itself as a hook and, when you update the 
kernel, it will kick in and re-run grub-install on each device.


You might be able to persuade the good people at Proxmox to release 
their tool upstream (i.e. into Debian).





The manual way is not that bad, but automated would be nice.

Regards,



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Why is /var/lib/apt/lists not in /var/cache?

[Darac Marjal]

On 16/12/2023 15:59, Stefan Monnier wrote:

AFAICT, all of `/var/lib/apt/lists` is made of files fetched from
repositories, which APT will re-fetch if missing.
So, it sounds to me like it belongs in `/var/cache/apt/lists`, really.
What am I missing?  Or is it just a historical accident?


 Stefan "whose `/var/lib/apt/lists` is a symlink into /`var/cache`"


I would imagine that it's due to the FHS (Filesystem Hierarchy Standard) 
which defines what the various directories on a "typical Linux system" 
are for. "man hier", for example, tells me that:


* /var/cache - Data cached for programs.

* /var/lib - Variable state information for programs.

So, apt seems to be doing the right thing here. /var/cache is where the 
cached packages are stores, but /var/lib is where the state of the 
repositories is stored. Admittedly, the state of the repositories is 
cached information, but recall that apt is essentially just a network 
fetcher/cacher. dpkg would be the ultimate arbiter of the state of the 
system, so apt's state is more like the state of the repositories.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: what is a tasklet

[Darac Marjal]

On 06/12/2023 12:32, fxkl4...@protonmail.com wrote:

DI: DI: tasklet schedule cost 12ms.

this interesting  message started showing up in syslog a week or so ago
i've never noticed them before
any ideas whet this is


According to https://lwn.net/Articles/830964/, they were a way to defer 
the execution of some code (e.g. an interrupt handler). The intention 
(also documented at https://lwn.net/Articles/239633/) is that tasklets 
are deprecated, and will be replaced by other APIs.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: ntpsec as server questions

[Darac Marjal]

On 04/12/2023 20:36, Greg Wooledge wrote:

On Mon, Dec 04, 2023 at 03:19:33PM -0500, gene heskett wrote:

On 12/4/23 07:17, Greg Wooledge wrote:

ls -hal /etc/localtime

Aha! You found it, but how do I change it?
root@mkspi:/etc# cat timezone
America/New_York
root@mkspi:/etc# ls -hal /etc/localtime
lrwxrwxrwx 1 root root 39 Jul 25  2022 /etc/localtime ->
/usr/share/zoneinfo/America/Los_Angeles

It's just a symbolic link.  It looks like you have the "modern" style
of zone names, so:

 ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime


use mc to edit the /etc/localtime link?  Surely there is  better way...

I don't know how mc works.  I've never used it.  If that can change the
target of a symlink, similar to running "ln -sf", then you may use it.


The string as the last few
bytes of posixrules looks correct at EST5EDT, and I've got a headache.
there are links to links to links in that midden heap.

I classify time zone names into three historic eras.  In the oldest era,
you have zone names like EST5EDT which are composed of three pieces.
The first piece, EST, is the zone's name when the clock is "normal" (not
daylight saving or summer time).  The second piece, 5, is the number
of hours behind GMT the clock is (normally).  The third piece, EDT, is
the zone's name when daylight saving time is in effect.

In the second era, zone names look like "US/Eastern".  The piece on the
right hand side is a component of the piece on the left.  I'm uncertain
whether the pieces on the left are always country codes, or if there's
some other arrangement.

In the modern era, zone names look like "America/Chicago".  The piece on
the left is a continent (or other large geographic region, e.g. "Pacific"),
and the piece on the right is a major city, preferably *the* major city,
which exemplifies the specific time zone in question.

For you and me, the current era time zone name is "America/New_York".
This is how the Debian installer sets the localtime symlink, and is
what we should be using if we have to set it ourselves.

I personally find "US/Eastern" the easiest to grasp, and I'm sad that
this pattern fell out of fashion, for whatever reason.  Whenever I tell
people on the Internet (who may not be Linux users) what time zone I'm
in, I always go with "US/Eastern".  It's just so *clear*.


According to https://mm.icann.org/pipermail/tz/1993-October/009233.html, 
it was Paul Eggert who proposed this new system. I suspect the subtlety 
between the two systems is: Do you want to specify the timezone, or do 
you want the database to track the timezones for you? Or, to put it 
another way, do you want to specify the time offset, do you want to 
specify the (current) timezone, or do you want the database to track it 
for you?


Most people know what timezone they're currently in, but the more likely 
know what their nearest city is. Cities rarely change, but timezones do. 
Take the example of Triana in Paul Eggert's original email. The city 
never moved, but the timezone it was it changed dozens of times. Its a 
lot easier for someone to configure Europe/Tirana than to have to keep 
changing timezones.


If you happen to live somewhere where the timezone has been stable, 
consider yourself privileged.






OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Telnet

[Darac Marjal]

On 04/12/2023 11:30, gene heskett wrote:

On 12/4/23 05:22, Anssi Saari wrote:

debian-u...@howorth.org.uk writes:


I concur, and would add that even on an isolated network one should
prefer ssh. First, to be in the right habit. Second because it will do
things that telnet won't, like tunnel X.


Ah but will it tunnel wayland?? Enquiring minds want to know :)


Yes.


yes here too.


For those who want to know _how_  people like gene and Anssi manage to 
tunnel wayland applications over SSH, the first useful result I find 
when searching for "tunnel wayland" is:


https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/getting_started_with_the_gnome_desktop_environment/remotely-accessing-an-individual-application-wayland_getting-started-with-the-gnome-desktop-environment

The tl;dr is "waypipe -c lz4=9 ssh remote-server application-binary".


.


Cheers, Gene Heskett.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: packages listed vs. apt-rdepends --follow=Depends ...

[Darac Marjal]

On 02/12/2023 04:22, Greg Wooledge wrote:

On Fri, Dec 01, 2023 at 10:01:54PM -0600, David Wright wrote:

On Fri 01 Dec 2023 at 21:55:42 (-0500), Greg Wooledge wrote:

 apt install ./myfile.deb

That requires you to be online, aka "exposed mode". The OP only
exposes a live USB to the outside world, not their "real" system.

I dimly recollect something called apt-move, but I never needed
to use it. Back in the days of dial-up, when I had a real job,
I would upgrade my desk's tower, copy the (uncleaned) archives/
directory onto a Zip drive, take it home and install the .debs
onto my home desktop, configured identically, with dpkg.

In that case, use apt-get instead of apt.  That way the downloaded .deb
files will not be removed afterward.  Then you can just sweep 'em up
from /var/cache/apt/archives, copy them to a stack of floppies, put
the floppies in a box, tie the box to a trained ferret, send the ferret
across town


apt-get has the side effect of installing the packages on the connected 
system. There used to be "apt-zip" (no longer in Debian), which was 
built around the idea of using ZIP disks for transferring files. 
"apt-zip-list" would use the state of packages on the disconnected 
system to product a "want list" of files to be downloaded. This "want 
list" would be a shell script consisting of various wget or curl 
commands. The script would be taken over to the connected system and 
run, to pull the required packages onto a high-capacity removable medium 
(such as a USB drive or ZIP drive). Back at the disconnected system, 
"apt-zip-inst" would complete the process, installing the files from the 
removable medium.


The nice thing about "apt-zip" was that it took the guesswork out of the 
equation. The files required were the ones that the target system 
required, no more no less. Also, the connected system didn't have to be 
debian; there was an option to write the script in a DOS-compatible 
manner, so you could run it on Windows, for example.


I don't know if there's a direct replacement for apt-zip nowadays.



If the OP doesn't have a same-release, same-architecture connected
system to use for this purpose, then I don't have an answer.  I don't
deal with this stone-age crap any longer, and I am unable to express
how *happy* I am that this is the case.
There are still use cases for fully disconnected systems these days. The 
most common one might be an offline Certificate Authority (best practice 
says that the host holding your certificate authority certificate should 
NEVER have network access, to prevent any possibility of compromise), 
but some security professionals prescribe "air-gap" security for other 
systems (think of the Iranian Uranium Enrichment system that Stuxnet 
compromised). For these sorts of systems, you're stuck with using 
something like apt-zip, or else just downloading the point-release ISOs 
and burning them.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Work environment

[Darac Marjal]

On 26/11/2023 13:38, William Torrez Corea wrote:



On Fri, Nov 24, 2023 at 10:11 AM Darac Marjal 
 wrote:



On 23/11/2023 04:34, William Torrez Corea wrote:

Why the people use two desktops and one laptop?
What is the purpose?

I could use a main laptop with Debian for software development
(write code) and the other two desktop:

 1. Testing
 2. Server


Without any context, it's hard to answer. But there are some
possibilities:

* Regardless of any other factor, desktops are bigger than
laptops, so there is room for more hard drives, optical drives,
more PCI cards etc. Therefore, someone might use a desktop
computer for copying optical disks (e.g. two optical drives in the
desktop) or they might use it for gaming (e.g. a large GPU in the
desktop)

* Typically a laptop is smaller, quieter and more energy efficient
than a desktop. Someone might prefer to use the laptop for general
office-type work (browsing the web, reading emails etc), while
reserving the desktops for occasional use (e.g. a gaming night).

* You mention a work environment, so there could be contractual
reasons for maintaining physically separate computers. The
computers could be at different classification levels; some of the
computers could belong to a customer; some of the computers could
have a very particular specification which virtualisation can't
represent.

* There could also be an aspect of hand-me-downs. If the three
computers are significantly different in age, perhaps the user has
upgraded their "workstation" over time, but continued to maintain
their existing computers alongside.

* Depending on how we interpret your question, there may even be
the possibility that the computers are physically separated. A
user might have one desktop in the office, a second desktop in
"the lab", while also having a laptop for when they are working
from home / on a client site / on the train.


Why have a lot of computers if I can get a laptop workstation?


Hi William,

Without any context, it's hard to answer. But there are some 
possibilities why you might have a lot of computers, even if you can get 
a laptop workstation:


* You might find that the laptop workstation doesn't have sufficient GPU 
capabilities for some of your tasks, or maybe you might want optical 
drives, or more storage. Therefore having a separate desktop might be 
suitable (you might find, however, that plugging these devices into a 
docking station work sufficiently well for you)


* You might find the laptop unergonomical. So, while you might be using 
the laptop for some tasks, you might find that keeping another computer 
handy is more comfortable.


* You mention a work environment, so you might find that you are not 
permitted to do all your work on the laptop. Certainly, most companies 
do not like employees doing work on their personal computers. It's 
better to supply the employee with a separate computer which might be 
backed up, joined to the domain, etc. The company might even supply 
multiple computers to ensure a separation of tasks.


* If you already have this "lot of computers", then perhaps you don't 
want to get rid of them. Perhaps you want to keep the old software/files 
on those computers, while starting afresh with your laptop.


* Depending on how we interpret your question, you might even find that 
having physically separate computers is necessary (For example, you 
might want a computer situated close to your customers, which you work 
remotely on).


Or, to put it another way, basically everything I already stated.


--

With kindest regards, William.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Work environment

[Darac Marjal]

On 23/11/2023 04:34, William Torrez Corea wrote:

Why the people use two desktops and one laptop?
What is the purpose?

I could use a main laptop with Debian for software development (write 
code) and the other two desktop:


 1. Testing
 2. Server


Without any context, it's hard to answer. But there are some possibilities:

* Regardless of any other factor, desktops are bigger than laptops, so 
there is room for more hard drives, optical drives, more PCI cards etc. 
Therefore, someone might use a desktop computer for copying optical 
disks (e.g. two optical drives in the desktop) or they might use it for 
gaming (e.g. a large GPU in the desktop)


* Typically a laptop is smaller, quieter and more energy efficient than 
a desktop. Someone might prefer to use the laptop for general 
office-type work (browsing the web, reading emails etc), while reserving 
the desktops for occasional use (e.g. a gaming night).


* You mention a work environment, so there could be contractual reasons 
for maintaining physically separate computers. The computers could be at 
different classification levels; some of the computers could belong to a 
customer; some of the computers could have a very particular 
specification which virtualisation can't represent.


* There could also be an aspect of hand-me-downs. If the three computers 
are significantly different in age, perhaps the user has upgraded their 
"workstation" over time, but continued to maintain their existing 
computers alongside.


* Depending on how we interpret your question, there may even be the 
possibility that the computers are physically separated. A user might 
have one desktop in the office, a second desktop in "the lab", while 
also having a laptop for when they are working from home / on a client 
site / on the train.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: IMAP vs POP was Thunderbird vs Claws Mail

[Darac Marjal]

On 19/11/2023 17:50, Tixy wrote:

On Sun, 2023-11-19 at 07:58 -0800, Peter Ehlert wrote:

Question: with IMAP is it feasible for a mail client to Leave
messages
on the server?

My question was incomplete.  I should have added that I must have
local
copies of almost everything, for Me to filter an purge.
--- > So you folks discussing IMAP made it super clear that POP is my
only choice. < ---

I don't see why you need POP to filter email. Your email client will
almost certainly let you create filters to process and delete emails.
E.g. I use IMAP with Evolution mail client and have various filters for
spam and kill files. Amongst the many filter options is the ability to
pipe new messages to an external program and the perform actions on the
result. That's how I implement killfiles for this email list, I have a
bash script to match email headers against a kill list and then if my
script returns 'true' I have evolution set to delete them.


Depending on your IMAP server, you may even be able to use "Sieve" 
scripts to perform the filtering on the server (i.e. before you even 
download the messages to a client). Sieve scripts can look at headers 
and bodies, so you can do simple things like "Messages from my family 
get moved to the 'Family' folder", "messages with a subject that 
contains 'debian-user' get moved to the 'debian-user' folder", to more 
complicated things like "auto reply to subscription-confirmation emails".






OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [Bookworm] collecting sensors data

[Darac Marjal]

On 29/10/2023 12:00, mick.crane wrote:

On 2023-10-28 18:31, Roy J. Tellason, Sr. wrote:

On Saturday 28 October 2023 07:25:39 am gene heskett wrote:

On 10/28/23 00:14, Max Nikulin wrote:
> On 28/10/2023 01:39, Greg wrote:
>> I just noticed that there is no rrdcollect in Bookworm. What is the
>> "proper" way of collecting sensors readings?
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029995 :
>> please consider removing rrdcollect. Its a tool/daemon to collect
>> metrics from the local system into RRD files. There are quite a 
number

>> of alternatives in Debian to do the same, better (munin, et al).
>
I just looked at munin in synaptic, But while there lots of parts to 
it,

there is not a single word that indicates what it does? Absolutely
nothing that tells me it can monitor the system fans or measure the
systems voltages.  What does it actually DO?


I've seen that fairly often,  particularly with software packages.
It's a real aggravation at times.


I've sometimes thought it would be useful if at the top of man pages 
there was.

"Why would I use this" with explanation.


I suppose that's what the "summary" line is for:

 * ls - list directory contents
 * munin-node - A daemon to gather information in cooperation with the
   main Munin program
 * sensors - print sensors information
 * synaptic - graphical management of software packages



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [Bookworm] collecting sensors data

[Darac Marjal]

On 28/10/2023 12:25, gene heskett wrote:

On 10/28/23 00:14, Max Nikulin wrote:

On 28/10/2023 01:39, Greg wrote:
I just noticed that there is no rrdcollect in Bookworm. What is the 
"proper" way of collecting sensors readings?


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029995 :

please consider removing rrdcollect. Its a tool/daemon to collect
metrics from the local system into RRD files. There are quite a number
of alternatives in Debian to do the same, better (munin, et al).


I just looked at munin in synaptic, But while there lots of parts to 
it, there is not a single word that indicates what it does? Absolutely 
nothing that tells me it can monitor the system fans or measure the 
systems voltages.  What does it actually DO?


Strictly speaking, Munin does two things: it runs a collection of 
plugins and it stores the results of those plugins in RRDs.


Munin works in a server/node pattern. Typically one runs Munin (the 
server part) on a central computer with a web server. Munin will then 
reach out to "Munin-Node" (running either on the same computer or on 
other computers around your network). "Munin-Node" runs the plugins 
(which may do just about anything in any language you like. They can be 
written in perl or python or C or shell; they can fetch CPU metrics, or 
disk metrics, or they can query the amount of coffee in the pot or they 
can tell you how your stocks/shares are doing - basically anything that 
can be represented as a number). The Munin-Node protocol is a fairly 
simple text protocol. Munin receives the metrics and stores these in 
RRDs. Munin also produces a web page containing graphs from the RRDs.


If a more visual demonstration would help, take a look at 
http://demo.munin-monitoring.org/munin-monitoring.org/demo.munin-monitoring.org/ 
to see the kinds of things you can do.


If should, perhaps, be noted that using RRDs to store metrics - while 
still quite serviceable and a good fit for a small system - is 
considered a bit old hat these days. The problem with RRDs is that the 
graphs produced tend to be static (if you want to zoom in, or only show 
one of the lines on the graph etc, you have to re-render the image). The 
modern way is to separate out the collection of metrics, the 
gathering/collating of metrics and the visualisation of metrics into 
their own programs (i.e. the UNIX philosophy). If you want do go down 
that route, you can look into:


 * Collecting
 o collectd
 o telegraf
 o statsd
 o node-exporter
 o etc
 * Gathering
 o Prometheus
 o InfluxDB
 o Graphite
 o OpenTSDB
 * Visualisation
 o Grafana
 o Kibana



Thank you.


https://tracker.debian.org/pkg/rrdcollect
is linked from https://packages.debian.org/bullseye/rrdcollect
and has "[2023-01-30] Removed 0.2.10-4 from unstable" entry in the 
"News" section.




.


Cheers, Gene Heskett.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Problem with apt update (is not signed)

[Darac Marjal]

As another data point, I've tried the following:

$ docker run -it debian apt update

$ docker run -it debian:bullseye apt update

$ docker run -it 
debian@sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b 
apt update


And these all complete successfully:

❯ docker run -it 
debian@sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b 
apt update

Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease 
[48.4 kB]

Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 Packages [8062 kB]
Get:5 http://deb.debian.org/debian-security bullseye-security/main amd64 
Packages [256 kB]
Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages 
[17.4 kB]

Fetched 8544 kB in 2s (4269 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

So this would rule out an issue with the docker image. Instead, the only 
difference would be which mirror you pulled from. 
https://deb.debian.org/ is the mirror service provided by Fastly. 
Fetching URLs on deb.debian.org will transparently redirect you to a 
mirror close to you.


Now, it's possible that the mirror was in the process of updating. It's 
also (less likely) possible that someone tampered with the mirror (and 
so the failing signatures did exactly what they're supposed to do, 
prevent you downloading malicious software).


Unfortunately, unless you can identify which mirror you were directed 
to, it will be difficult for you to know who to notify.



On 26/10/2023 07:29, Paweł Kopeć wrote:


Hello,

since yesterday (2023-10-25) I received an error during the apt update 
command:


docker run -it debian:bullseye /bin/bash
Unable to find image 'debian:bullseye' locally
bullseye: Pulling from library/debian
69b3efbf67c2: Pull complete
Digest: 
sha256:c141beaa9e0767774221cc82efe3a6712a1cc4f75d2699334dfd9a28a6f7357b

Status: Downloaded newer image for debian:bullseye

root@eb335ad71846:/# apt-get update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security 
InRelease [48.4 kB]

Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
  At least one invalid signature was encountered.
Err:2 http://deb.debian.org/debian-security bullseye-security InRelease
  At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bullseye InRelease: At 
least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is 
not signed.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.
W: GPG error: http://deb.debian.org/debian-security bullseye-security 
InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian-security 
bullseye-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: 
At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bullseye-updates 
InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.


Where I should send this problem?

Regards



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: network bonding on Debian/Trixie

[Darac Marjal]

On 17/10/2023 02:11, Gary Dale wrote:

On 2023-10-16 18:52, Igor Cicimov wrote:

Hi,

On Tue, Oct 17, 2023, 8:00 AM Gary Dale  wrote:

I'm trying to configure network bonding on an AMD64 system running
Debian/Trixie. I've got a wired connection and a wifi connection,
both
of which work individually. I'd like them to work together to
improve
the throughput but for now I'm just trying to get the bond to work.
However when I configure them, the wifi interface always shows down.

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8  scope host lo
    valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host noprefixroute
    valid_lft forever preferred_lft forever
2: enp10s0:  mtu 1500
qdisc mq
master bond0 state UP group default qlen 1000
 link/ether 3c:7c:3f:ef:15:47 brd ff:ff:ff:ff:ff:ff
4: wlxc4411e319ad5:  mtu 1500 qdisc noop
state DOWN
group default qlen 1000
 link/ether c4:41:1e:31:9a:d5 brd ff:ff:ff:ff:ff:ff
7: bond0:  mtu 1500 qdisc
noqueue state UP group default qlen 1000
 link/ether 3c:7c:3f:ef:15:47 brd ff:ff:ff:ff:ff:ff
 inet 192.168.1.20/24  brd
192.168.1.255 scope global bond0
    valid_lft forever preferred_lft forever
 inet6 fe80::3e7c:3fff:feef:1547/64 scope link proto kernel_ll
    valid_lft forever preferred_lft forever

It does this even if I pull the cable from the wired connection. The
wifi never comes up.

Here's the /etc/network/interfaces file:

auto lo
iface lo inet loopback

auto enp10s0
iface enp10s0 inet manual
 bond-master bond0
 bond-mode 1

auto wlxc4411e319ad5
iface wlxc4411e319ad5 inet manual
 bond-master bond0
 bond-mode 1

auto bond0
iface bond0 inet static
 address 192.168.1.20
 netmask 255.255.255.0
 network 192.168.1.0
 gateway 192.168.1.1
 bond-slaves enp10s0 wlxc4411e319ad5
 bond-mode 1
 bond-miimon 100
 bond-downdelay 200
 bond-updelay 200


I'd like to get it to work in a faster mode but for now the
backup at
least allows the networking to start without the wifi. Other
modes seem
to disable networking until both interfaces come up, which is not
a good
design decision IMHO. At least with mode 1, the network starts.

Any ideas on how to get the wifi to work in bonding?


Probably your wifi card does not support MII, check with:

~]# ethtool  wlxc4411e319ad5 | grep "Link detected:"

and:

~]# cat /proc/net/bonding/bind0



I'm assuming that no output is bad here. Still, I don't see why a 
device that works shouldn't be able to participate in a bond. As a 
network interface, the wifi device produces and responds to network 
traffic. Are you saying the bonding takes place below the driver level?


I think the lack of output is due to a typo. Files in /proc/net/bonding 
are named after the interface, so "bind0" would only exist if the 
interface was called "bind0". I think Igor was asking for the contents 
of "/proc/net/bonding/bond0".


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: network bonding on Debian/Trixie

[Darac Marjal]

On 16/10/2023 21:59, Gary Dale wrote:
I'm trying to configure network bonding on an AMD64 system running 
Debian/Trixie. I've got a wired connection and a wifi connection, both 
of which work individually. I'd like them to work together to improve 
the throughput but for now I'm just trying to get the bond to work. 
However when I configure them, the wifi interface always shows down.


# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
   valid_lft forever preferred_lft forever
2: enp10s0:  mtu 1500 qdisc mq 
master bond0 state UP group default qlen 1000

    link/ether 3c:7c:3f:ef:15:47 brd ff:ff:ff:ff:ff:ff
4: wlxc4411e319ad5:  mtu 1500 qdisc noop state 
DOWN group default qlen 1000

    link/ether c4:41:1e:31:9a:d5 brd ff:ff:ff:ff:ff:ff
7: bond0:  mtu 1500 qdisc 
noqueue state UP group default qlen 1000

    link/ether 3c:7c:3f:ef:15:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global bond0
   valid_lft forever preferred_lft forever
    inet6 fe80::3e7c:3fff:feef:1547/64 scope link proto kernel_ll
   valid_lft forever preferred_lft forever

It does this even if I pull the cable from the wired connection. The 
wifi never comes up.


Here's the /etc/network/interfaces file:

auto lo
iface lo inet loopback

auto enp10s0
iface enp10s0 inet manual
    bond-master bond0
    bond-mode 1

auto wlxc4411e319ad5
iface wlxc4411e319ad5 inet manual
    bond-master bond0
    bond-mode 1

auto bond0
iface bond0 inet static
    address 192.168.1.20
    netmask 255.255.255.0
    network 192.168.1.0
    gateway 192.168.1.1
    bond-slaves enp10s0 wlxc4411e319ad5
    bond-mode 1
    bond-miimon 100
    bond-downdelay 200
    bond-updelay 200


I'd like to get it to work in a faster mode but for now the backup at 
least allows the networking to start without the wifi. Other modes 
seem to disable networking until both interfaces come up, which is not 
a good design decision IMHO. At least with mode 1, the network starts.


Any ideas on how to get the wifi to work in bonding?


I use systemd-networkd to configure bonding in the same way. I use the 
"active-backup" mode and one parameter that I don't *think* you've set 
is the "primary".  According to 
https://www.kernel.org/doc/Documentation/networking/bonding.txt, you'd 
set "primary" to the interface which is always active if it's available. 
So you probably want to set "bond-primary enp10s0" so that the system 
will switch to the cable when it's connected; when the cable disconnects 
it should switch over to the wifi. Without "primary" being set, I 
suspect the system doesn't have any motivation to prefer the cable when 
both are connected.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Enter passphrase for SSL/TLS keys for 192.168.0.30:443 (RSA)

[Darac Marjal]

On 08/10/2023 12:53, Rainer Dorsch wrote:

Hello,

I have one machine on which I see during upgrade messages like:

Setting up udev (252.17-1~deb12u1) ...
 Enter passphrase for SSL/TLS keys for 192.168.0.30:443 (RSA):
Setting up linux-image-6.1.0-13-armmp (6.1.55-1) ...

/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-6.1.0-13-armmp

Broadcast message from root@home (Sun 2023-10-08 13:45:07 CEST):

Password entry required for 'Enter passphrase for SSL/TLS keys for
192.168.0.30:443 (RSA):' (PID 25235).
Please enter password with the systemd-tty-ask-password-agent tool.

Does anybody know where they (could) come from?


Searching the internet for that exact phrase suggests it's Apache2 
asking that. Specifically, it's a program called "ask-for-passphase": 
https://sources.debian.org/src/apache2/2.4.57-3/debian/ask-for-passphrase/?hl=26#L26





Thanks
Rainer




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: swap-fle on arm64, need to disable, how?

[Darac Marjal]

On 01/10/2023 09:31, gene heskett wrote:




Fedora has it by default since a while, and at first I thought it's a
very stupid idea.  In practise, I can't be bothered anymore to create
these annoying swap partitions.  They're only a waste of disc space.
There haven't been any issues with it, and when the machine runs out
of memory, using swap partitions or swap files isn't going to fix
that.


But with zram  taking over half its memory, its into swap and slowing 
down quicker, and plumb out of memory for big jobs, when it could 
still be working fine with bigger, albeit probably slower than zram, 
swap.


I've no clue how much the zram compression slows it in terms of thru put.

I wiped out the git clone of linuxcnc by re-arranging that SSD 
yesterday, but I'll do another build later today and see how long it 
takes with real swap.


Thank you. Take care & stay well..

Cheers, Gene Heskett.


I might be wrong, but zram probably wouldn't be so popular if it always 
consumed 100% of the space allocated to it.


Instead, I believe zram works like this:

 * The system sets up a zram RAM disk. This will start by consuming a
   few pages of RAM (plus whatever is required by the driver)
 * As memory pressure increases (i.e. as RAM starts to fill up with
   pages), the system will swap the less frequently used pages to a
   swap device.
 * In the case of zram, this essentially moves a page from one part of
   RAM to a smaller representation in another part of RAM.
 * The zram RAM disk will increase in size, but because of the
   compression, it will expand at a slower rate than the rate of pages
   being moved out of RAM, therefore there is a net gain in free RAM.
 * Similarly, when a page is swapped back from zram to RAM, the RAM
   disk will shrink by a certain amount (but not by as much as the
   recovered page will consume)

In other words, zram works a bit like a swap disk, but it also acts a 
bit like compressing data in RAM.


So, applications won't see a slowdown in memory access because they 
still talk directly to RAM. However, if an application has been swapped 
to zram, then decompressing the page from zram WILL be quicker than 
pulling the page from a block device, even an NVMe drive.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Sunrise and Sunset from terminal

[Darac Marjal]

On 23/09/2023 22:51, s...@gmx.com wrote:

Is there a way to get sunrise and sunset time from command interpreter?
I want to use its output for a script!

I use "Sunwait" from https://github.com/risacher/sunwait which is a tool 
you can download and compile. I believe it works entirely offline, but - 
given a latitude and longitude - it can calculate Civil, Nautical and 
Astronomical twilight times. It also has a useful ability to pause until 
a particular state, which might be useful in scripts.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: trying to make gkerelln show motherbord temp and voltages

[Darac Marjal]

On 17/09/2023 11:39, gene heskett wrote:

On 9/17/23 05:35, Phil Wyett wrote:

On Sat, 2023-09-16 at 17:06 -0400, gene heskett wrote:

On 9/16/23 14:55, Phil Wyett wrote:

On Sat, 2023-09-16 at 08:17 -0400, gene heskett wrote:

Greetings all;

gkrellm has traditionally used mbmon to collect the motherboard
data
for
temps and voltages that it can display. Bub mbmon won't run
because
it
can't find the monitor util for this mid-range asus mobo.
Complains
because it cannot find a via-686 thing, which sounds a bit dated
to
me.

I just spent around 3 hours with synaptic looking for likely
suspects
w/o any hits.

Asus z-370 mobo, i5 flavor full 32G memory

Any suggestions??

Thanks all;

Cheers, Gene Heskett.


Hi,

Would more up to date packages like 'lm-sensors' and/or 'dmidecode'
possible give you the data you are looking for? Any additional
information on the data you require and how it would be used would
be
advantageous.

Regards

Phil


Both of those are the newest versions according to apt.
Thanks Phll


Cheers, Gene Heskett.


Hi,

gkrellm does not depend on mbmon currently. mbmom should not be part of
a current conversation regarding use of gkrellm as I see it.

What data are you wanting from the motherboard and what have you tried
thus far?

Notes:

gkrellm depends on gtk2 and should be avoided IMHO.

Both gkrellm and especially mbmon are very dated and IMHO should not be
used with newer hardware as they likely do not fit requirements.

Regards

Phil

No doubt true, but I've not found anything else you can park along the 
edge of the screen on every workspace so you've a constantly visible 
machine status. And I've not found anything that can report psu etc 
voltages, or fan speeds from those that have tach's since buster.  
Temps and other stuff still work though.  I find it handier than the 
lock button on the outhouse door at a family picnic. If Bill wilson 
has dropped it, what are folks using now?


In the world of i3 window managers (i3, i3gaps, sway etc), there is a 
convention to have a "bar" along the top or bottom edge of the screen. 
i3 is a tiling window manager so it's not usual to have a taskbar, but 
it's still useful to have somewhere to put "widgets" such as the system 
tray and the "bar" fulfils this function. There is a "bar" protocol 
allowing several programs to exist which handle the actual rendering of 
the bar, plus nearly all of these bars use an accompanying "status" 
program to provide the actual content. The "status" program (i3status, 
py3status, conky etc) handles all the hard work of querying sensors, 
finding free space etc and presents it in a text form to the bar.


The upshot of this is that the "bar" and "status" programs can, with a 
bit of tinkering, present live statistics of just about any part of your 
system (personally, my bar consists of: the weather, disk space, memory 
usage, CPU usage, CPU temperature, network throughput, battery level, 
headphone battery level, sound system volume, backlight level, date and 
time).


You don't need to switch to a tiling window manager to use a bar, 
though. https://github.com/polybar/polybar/wiki claims to work quite 
nicely with window mangers such as GNOME or KDE's.





Cheers, Gene Heskett.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: bookworm and network connections

[Darac Marjal]

On 02/09/2023 13:09, Brad Rogers wrote:

On Sat, 2 Sep 2023 12:08:37 +0100
Brian  wrote:

Hello Brian,


I did not write any of the text you quote.


You did, but it was not what Timothy was responding to.

What you wrote was quoted right at the bottom of the message, and
irrelevant to Timothy's response.

Which begs the question:
Why do some people respond to a message from person Y, when they're
/actually/ dealing with something written by person X?
One possibility is that espoused by Outlook (which we all know is such a 
paragon of email etiquette(!)), namely "You are not responding to the 
latest message in this conversation". That is, I can envision a 
situation where someone wishes to respond to a point in the email thread 
but, rather than replying to the individual message in question, replies 
at the bottom of the chain, perhaps for reasons of "visibility".


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Security question about daemon-init

[Darac Marjal]

On 29/08/2023 18:35, Bhasker C V wrote:

Apologies in advance for cross-group posting.

I have enabled selinux  and after carefully allowing certain 
permissions, I have put my system in enforcing mode


I do see a suspicious line like this


[  115.089395] audit: type=1400 audit(1693329979.841:11): avc:  denied 
 { getattr } for  pid=3104 comm="daemon-init" 
path="/home/bcv/.thunderbird" dev="dm-5" ino=257 
scontext=system_u:system_r:virtd_t:s0 
tcontext=system_u:object_r:thunderbird_home_t:s0 tclass=lnk_file 
permissive=0


I am not sure why on earth would daemon-init try to read .thunderbird 
directory under my homedir .


Has anyone faced this problem?

What is this daemon-init program and why does it want access to my 
home thunderbird directory ?


According to 
https://packages.debian.org/search?suite=bookworm=any=filename=contents=daemon-init 
there is no file within Debian Stable named "daemon-init".




Regards
Bhasker C V




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: problem with sway package

[Darac Marjal]

On 16/08/2023 13:19, K S R PHANI BHUSHAN wrote:
i have tried installing sway package in debian bookworm but it was not 
displaying any thing and also the terminal was getting stuck in the 
login page it self when i tried to run sway in the default terminal. i 
have tried this in virtual machine several time still the issues 
remians same , please try to look into this and i have to say that i 
am trying to install sway package in my custom debian - bookworm


How are you launching sway? Typically sway and display managers (gdm, 
kdm etc) don't work very well together. So the usual way to launch it is 
to stop your display manager, log in on a virtual console and run "sway".


Additionally, you should let the list know what display hardware you 
have and, perhaps, what your sway config looks like.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Swap size in debain 12

[Darac Marjal]

On 12/08/2023 15:32, Erwan David wrote:

Le 12/08/2023 à 16:24, David Wright a écrit :

On Sat 12 Aug 2023 at 15:45:52 (+0200), Erwan David wrote:

Installing a new debian 12 I see that the installer setups a 1G swap
on a 24G RAM laptop.

Is the hibernation out of swap now ? (I chose to have a biigger swap,
but I find it strange)

The arguments are rehearsed in:

   https://wiki.debian.org/Swap

Cheers,
David.


Not completely : I think I will open a bug (wishlist) against the 
installer : it is complicated to change swap size when you must reduce 
root partition size to do this. So at least a question "will you use 
suspend/hibernate" at install time would be useful (I did not find in 
the installer how to change the sizes so I had to delete bot then 
recreate them, and it would have been complicated on a machine already 
installed)
If it's useful, you *can* Hibernate to a swap file. 
https://wiki.debian.org/Hibernation/Hibernate_Without_Swap_Partition It 
looks a little flaky, though, because you need to tell the kernel how 
many bytes into a device to find the file (which, if you defrag your 
filesystems often could be a problem, but generally speaking files don't 
move around on disk much).


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: 11 to 12 - fresh install or upgrade

[Darac Marjal]

On 07/08/2023 02:22, pa...@quillandmouse.com wrote:

On Sun, 6 Aug 2023 17:45:25 -0400
"Juan R.D. Silva"  wrote:


Hi folks,

It's time to move from bullseye to bookworm. Based on the previous
years experience I've always preferred a fresh install vs. an
upgrade, since the freshly installed system always run smoother and
was not littered with any old junk left from the old system.

However, things might have changed/improved. Thus I decided to ask
the community.

Could you share your opinion based on personal experience? To install
or to upgrade? Mine is fairly simple desktop system for home use.
Nothing special, except maybe the need of dual architecture support
and Wine to run one special little app.

I tend to install packages for testing and forget to uninstall them. I
keep a list of packages I want to keep, which I add to, if I want to
keep a package installed. With that in mind, I reinstall. This wipes
the slate clean of packages I don't want anymore. And as has been
mentioned elsewhere, some packages fall off the roster. If you upgrade
they'll stay, but if you reinstall, they'll go away, which is often a
good thing.


What I've found tends to work quite nicely is to mark as many things as 
possible as "auto-installed" so that when the thing that depends on them 
is removed (either by yourself, or by a dist-upgrade) the "cruft" can be 
cleaned up too.


So, in practice that means that almost all lib* packages are marked as 
auto (the exceptions being libreoffice, some libperl* packages that I 
know I want to keep, and optional plugins such as libspa-0.2-bluetooth).


I find that aptitude is helpful in marking the packages; when you have a 
couple of hours and want to do something mindful, go through the 
packages you have installed but not auto (search for "~i !~M") and mark 
them as auto one-by-one. Typically, marking a package as auto won't 
change the installation state, but if marking a package as auto causes 
aptitude to want to delete it, ask yourself if you want that package or 
not.


In summary, "mark as auto" acts as another level of communication to the 
package manager, saying "these are the packages I care about" vs "I have 
no opinions about whether these packages are installed or not, use your 
best judgement".



Paul



OpenPGP_signature
Description: OpenPGP digital signature

Re: about PTR for an IP

[Darac Marjal]

On 06/08/2023 13:01, Jon Smart wrote:

Hello,

I know a hostname can point to multi-IPs.

but can an IP have multi hostnames in PTR?

164.0.217.172.in-addr.arpa. 86400 INPTR mia09s16-in-f4.1e100.net.
164.0.217.172.in-addr.arpa. 86400 INPTR ord38s42-in-f4.1e100.net.
164.0.217.172.in-addr.arpa. 86400 INPTR yyz08s10-in-f164.1e100.net.

this IP does seem like so. I never know this.


RFC 2181  would 
seem to cover this:


10.2 . PTR records

   Confusion about canonical names has lead to a belief that a PTR
   record should have exactly one RR in its RRSet.  This is incorrect,
   the relevant section ofRFC1034    (section 
3.6.2  ) indicates that the
   value of a PTR record should be a canonical name.  That is, it should
   not be an alias.  There is no implication in that section that only
   one PTR record is permitted for a name.  No such restriction should
   be inferred.





Thanks.



OpenPGP_signature
Description: OpenPGP digital signature

Re: chrome web browser worthless

[Darac Marjal]

On 01/08/2023 10:33, gene heskett wrote:
Google seems to have high jacked port 80, I cannot use it as a browser 
to run klipper as a google search intercepts port 80, so localhost:80 
cannot be used for troubleshooting or for running a 3d printer with 
klipper..


I think this comes down to an ambiguity in how Chrome parses the input:

* "Pictures of Cats" - Clearly not a URI, so pass it to the default 
search engine


* "http://http.cat/302; - Clearly a URI, so navigate to it

* "localhost:80" - This is ambiguous

In the case of the latter, are you wanting to use the localhost scheme 
to access the resource called 80 (now, you're going to say "There is no 
protocol called localhost" and I think that Chrome used to know which 
protocols exist but now it's a bit more agnostic)?



Try being explicit about the scheme (i.e. type "http://localhost:80;) 
and see if Chrome is happier.





FF has no such problems.

Cheers, Gene Heskett.


OpenPGP_signature
Description: OpenPGP digital signature

Re: Why does Debian have code names for releases?

[Darac Marjal]

On 26/06/2023 09:18, Roger Price wrote:
I have difficulty remembering the Debian code names for releases Buzz 
Rex Bo Hamm Slink Potato Woody Sarge Etch Lenny Squeeze Wheezy Jessie 
Stretch Buster Bullseye Bookworm Trixie and Forky.


It's much easier to remember that release numbers are in a sequence 
1.1 ... 14.


Quoting from Google's response to the question “why does Debian have 
code names?”: « Originally, part of the reason for code names was 
because it was not clear whether the next release would be considered 
a point release or not: " we didn't know whether etch would be 
released as Debian 3.2 or Debian 4.0 ". »


Etch was released as Debian 4.0 in May 2010.  Is there some reason why 
Debian still continues to invent and use code names?


OK, a question back at you, then: Why do you feel the need to remember 
Debian codenames? As you can see, the intention of code names is so that 
developers (of Debian) have a way to refer to an as-yet-unreleased 
collection of packages. Once those set of packages are released 
(literally, put out there in the wild), then they become a numbered version.


So, I'd say that, as a user of Debian, you basically want to refer to 
two things:


* Stable/OldStable/OldOldStable to refer to the current and previous 
releases


* A number to refer to the released version.

To put it another way, do you need to remember that Windows 95 was 
codenamed "Chicago", or that Windows 7  was "Longhorn"? Probably not, 
unless you're a developer of Windows, right?




OpenPGP_signature
Description: OpenPGP digital signature

Re: chroot: can't execute command "/bin/bash": No such file or directory

[Darac Marjal]

On 18/06/2023 10:02, Mario Marietto wrote:

Hello.

Maybe a little problem for you,but a bigger problem for me. I've 
debootstrapped jessie on Ubuntu 14.04 with this command :


debootstrap --foreign --arch=armhf jessie jessie-armhf 
http://archive.debian.org/debian 


and it worked ok,but when I try to chroot within it :

root@marietto-Z87-HD3:/home/marietto/Scrivania/Chromebook/linux-distros# 
chroot ./jessie-armhf /bin/bash



it gives the following error :


chroot: can't execute command "/bin/bash": No such file or directory


but I see the file bash within the directory /bin of the 
debootstrapped directory called "jessie-armhf". What could be the 
problem ? thanks.


I believe that one of the causes for this message can be that one of the 
dynamic libraries needed to run the program is not found.


You could try "chroof ./jessie-armhf /usr/bin/ldd /bin/bash" to see 
which libraries bash depends on, and whether they can be found.




--
Mario.


OpenPGP_signature
Description: OpenPGP digital signature

Re: "dpkg-reconfigure" dash no longer works

[Darac Marjal]

On 10/06/2023 16:08, S M wrote:

On Sat, Jun 10, 2023 at 02:12:14PM +0100, Darac Marjal wrote:


Is command-line editing part of POSIX, then? Are you suggesting that dash is
missing some bit of POSIX compliance? That's possible.

Command-line editing in vi-mode is defined by POSIX, but it's not mandatory as
far as I know.

OK, this looks like Bug #561663. If I read that bug correctly, the 
intention IS that dash should support command-line editing (in your 
case, you'd invoke it with -V for vi-style editing. The maintainer 
claimed the block was closed, but then they re-opened it two days later.




OpenPGP_signature
Description: OpenPGP digital signature

Re: "dpkg-reconfigure" dash no longer works

[Darac Marjal]

On 10/06/2023 01:32, S M wrote:

On Fri, Jun 09, 2023 at 08:00:51PM -0400, Greg Wooledge wrote:

On Fri, Jun 09, 2023 at 05:45:04PM -0500, S M wrote:

Regarding a workaround, I ended up creating a symlink /usr/local/bin/sh
pointing to bash and chsh to that.

Why?  Why not simply chsh to /bin/bash if that's what you want as your
interactive shell?

Are you somehow relying on bash's disabling of certain features when
invoked as "sh", in interactive mode?  I don't understand that at all.


Yes. POSIX-compliance is a feature to me. I'd actually be fine with
using dash itself but the lack of command line editing and filename
completion is a deal-breaker to me.
Is command-line editing part of POSIX, then? Are you suggesting that 
dash is missing some bit of POSIX compliance? That's possible.


OpenPGP_signature
Description: OpenPGP digital signature

Re: 60-serial.rules, broken

[Darac Marjal]

On 07/06/2023 15:37, gene heskett wrote:

Greetings all;

/dev/serial/by-id has not been created for quite some time. The arm 
folks have had a patch script for quite a while but it has not been 
fixed in debian that we know of. I have 4 identical banana pi's, 3 of 
which seem to work, but the patch has not fixed the 4th on for some 
unk reason.


When a serial device is plugged into a usb point, /dev/ttyACM# is 
created on all 4 machines, but /dev/serial/by-id entries are not. Some 
of the 3d printer stuff uses that by-id thing to separate printers 
plugged into the same host, and the lack of a /dev/serial entry kills 
the 3d printer drivers.


Can anyone give us a hint as to when this will be addressed?


Hi Gene,

The subject suggest that it's "60-serial.rules" which is broken. This 
would be a udev rules file.


If you know the contents of the patch, couldn't you just create your own 
rules file which implements this patch? Is there any particular reason 
why you need to wait for Debian to make the change?




Thanks.

Cheers, Gene Heskett.


OpenPGP_signature
Description: OpenPGP digital signature

Re: Request for guidance to output(print, i.e.) mouse movements, key press, perepherals insert, etc., on a terminal

[Darac Marjal]

Note that the subject of an email should be just that - an indication of 
the subject matter. Putting important information JUST in the subject 
line can be confusing.


On 24/04/2023 14:40, Susmita/Rajib wrote:

The output could be simple dots for mouse movement, dashes for key
press, and colon for perepherals insert.
No need for exact key or mouse positions or perepheral details.

Try looking at "evtest".

Best wishes,
Rajib



OpenPGP_signature
Description: OpenPGP digital signature

Re: Starting stunnel with systemd.

[Darac Marjal]

1. stunnel hasn't been in Debian since etch (Debian 4.0).

2. stunnel4 comes with a service file template 
(https://sources.debian.org/src/stunnel4/3%3A5.68-2/debian/stunnel4%40.stunnel.service/), 
which is likely to have been tested to work.


3. Could the warning about protecting your POP3 connection be the cause?


On 23/04/2023 17:41, pe...@easthope.ca wrote:

Hi,

After starting interactively, stunnel works.

To automate, this service file was created.

$ cat /etc/systemd/system/stunnel.service
[Unit]
Description=StunnelStarter
Documentation=man:stunnel(8)
After=network.target auditd.service

[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf foreground=yes
Restart=no
Type=simple

[Install]
WantedBy=multi-user.target
Alias=stunnel.service

After booting, no stunnel.

$ ps aux | grep stunnel
root    1463  0.0  0.0   6244   700 pts/0    S+   09:31   0:00 
grep stunnel


$ systemctl status stunnel
* stunnel.service - StunnelStarter
 Loaded: loaded (/etc/systemd/system/stunnel.service; enabled; 
vendor preset: enabled)

 Active: inactive (dead) since Sun 2023-04-23 08:52:52 PDT; 7min ago
   Docs: man:stunnel(8)
    Process: 572 ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf 
foreground=yes (code=exited, status=0/SUCCESS)

   Main PID: 572 (code=exited, status=0/SUCCESS)
    CPU: 13ms

Apr 23 08:52:52 imager stunnel[572]: LOG5[ui]: Threading:PTHREAD 
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
Apr 23 08:52:52 imager stunnel[572]: LOG5[ui]: Reading configuration 
from file /etc/stunnel/stunnel.conf
Apr 23 08:52:52 imager stunnel[572]: LOG5[ui]: UTF-8 byte order mark 
not detected
Apr 23 08:52:52 imager stunnel[572]: LOG5[ui]: FIPS mode disabledApr 
23 08:52:52 imager stunnel[572]: LOG4[ui]: Service [pop3] needs 
authenticati

on to prevent MITM attacks
Apr 23 08:52:52 imager stunnel[572]: LOG5[ui]: Configuration successful
Apr 23 08:52:52 imager stunnel[584]: LOG5[main]: Terminated
Apr 23 08:52:52 imager stunnel[584]: LOG5[main]: Terminating 1 service 
thread(s)
Apr 23 08:52:52 imager stunnel[584]: LOG5[main]: Service threads 
terminated

Apr 23 08:52:52 imager systemd[1]: stunnel.service: Succeeded.

Terminated.  Why?

Thanks,   ... P.



OpenPGP_signature
Description: OpenPGP digital signature

Re: how to limit a CPU temperature?

[Darac Marjal]

On 08/04/2023 15:17, songbird wrote:

   i have a program that has changed it's behavior to suddenly
become a CPU hog (while doing something simple like uploading
files for my website).  probably a bug, but it got me to
wondering how i could limit the CPU temperature to a range
well below the maximum that kicks in by the CPU itself.

   i have an intel processor and it has the MAX which does
prevent it from going higher (100C), but i'd like to keep it
at 70C or lower.

   i've been trying to find anything that will let me set this
but no luck yet in my searches.


You might try combining your queries with terms for various 
CPU-intensive activities such as BOINC, Folding@Home or Bitcoin mining. 
I'm not suggesting your task is related to any of these, but the people 
who do use these programs face similar issues.


For example, there is the TThrottle program for windows which will pause 
BOINC calculations when the CPU temperature goes too high. I don't 
believe that's available for linux, though.


As an alternative, you could try writing a small shell script that works 
like the following (pseudocode):


 STOP_TEMP=70
 START_TEMP=65
 JOB_RUNNING=1

 while true:
   cpu_temp=$(cat /sys/something/temperature)

   if JOB_RUNNING and cpu_temp > STOP_TEMP:
 systemctl stop something.service
 JOB_RUNNING=0
   elif not JOB_RUNNING and cpu_temp < START_TEMP:
 systemctl start something.service
 JOB_RUNNING=1
   endif

   sleep 1
wend




   thanks!  :)


   songbird



OpenPGP_signature
Description: OpenPGP digital signature

Re: [SOLVED?] Re: BIND: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

[Darac Marjal]

On 13/03/2023 23:23, Greg Wooledge wrote:

On Tue, Mar 14, 2023 at 07:04:02AM +0800, Jeremy Ardley wrote:

I replicated your test above and it seems your listing has been accidentally
truncated...

Pipe it through cat to avoid the "left/right scrolling" crap.

If you want to do this regularly, you can set SYSTEMD_PAGER=cat



jeremy@testldap:~$ systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
  Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled;
vendor preset: enabled)
  Active: inactive (dead)
    Docs: man:systemd-resolved.service(8)
  man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients

It would seem the debian default is enabled? See vendor preset below.

I have not to this day figured out what "vendor preset" means here.
It would appear to be 
https://www.freedesktop.org/software/systemd/man/systemd.preset.html. If 
I'm reading the introduction correctly, this is systemd's equivalent to 
Debian's policy-rc.d, inasmuch as it's a place to define whether a 
service starts (or not) _before_ installing the package.


Mine shows the same as yours -- "disabled; vendor preset: enabled".

All I care about is the part that says "disabled".  That's the actual
state.



OpenPGP_signature
Description: OpenPGP digital signature

Re: Building binary package, howto enable init.d/systemd start

[Darac Marjal]

On 02/03/2023 19:56, Konstantin Kletschke wrote:

Dear debian-user Folks,

i am trying to build a binary debian package consisting of a python
script, shell scripts and a config file as daemon with either init.d or
systemd start.

The init.d script gets installed also the systemd file, but both are not
enabled.

I made a directory loqitmon-1.0 and in there are python script,
shellscripts and config file.

In debian/control is:

Source: loqitmon
Section: base
Priority: optional
Maintainer: Konstantin Kletschke 
Build-Depends: debhelper (>=9.0.0), dh-virtualenv (>= 0.8)
Standards-Version: 4.5.1

Package: loqitmon
Architecture: any
Pre-Depends: dpkg (>= 1.16.1), python3, init-system-helpers (>= 1.51~)
Depends: ${misc:Depends}
Description: LoQiT monitoring daemon
  This daemon monitors /var/log/syslog for
  device removal of card reader and removal of
  display and restarts either the X server or
  the entire system accordingly
  Derived from https://github.com/yxiao168/logmonitor.git

In debian/rules is:

#!/usr/bin/make -f

DH_VERBOSE=1

%:
dh $@
clean:
@# Do nothing

build:
@# Do nothing

binary:
mkdir -p debian/loqitmon
mkdir -p debian/loqitmon/usr/
mkdir -p debian/loqitmon/usr/bin
cp loqitmon.py debian/loqitmon/usr/bin/loqitmon
mkdir -p debian/loqitmon/etc
cp loqitmon.ini debian/loqitmon/etc
cp loqitmonaction1 debian/loqitmon/usr/bin
cp loqitmonaction2 debian/loqitmon/usr/bin
cp loqitmonaction3 debian/loqitmon/usr/bin
cp loqitmonstep1 debian/loqitmon/usr/bin
cp loqitmonstep2 debian/loqitmon/usr/bin
cp loqitmonstep3 debian/loqitmon/usr/bin
dh_installinit
dh_installsystemd


This looks relevant, have you read it's manpage?


dh_gencontrol
dh_install
dh_auto_install
dh_builddeb

When I run

# > debuild -b -us -uc

this is the output:

  dpkg-buildpackage -us -uc -ui -b
dpkg-buildpackage: info: source package loqitmon
dpkg-buildpackage: info: source version 1.0-1
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Konstantin Kletschke 

  dpkg-source --before-build .
dpkg-buildpackage: info: host architecture amd64
  fakeroot debian/rules clean
  debian/rules build
  fakeroot debian/rules binary
mkdir -p debian/loqitmon
mkdir -p debian/loqitmon/usr/
mkdir -p debian/loqitmon/usr/bin
cp loqitmon.py debian/loqitmon/usr/bin/loqitmon
mkdir -p debian/loqitmon/etc
cp loqitmon.ini debian/loqitmon/etc
cp loqitmonaction1 debian/loqitmon/usr/bin
cp loqitmonaction2 debian/loqitmon/usr/bin
cp loqitmonaction3 debian/loqitmon/usr/bin
cp loqitmonstep1 debian/loqitmon/usr/bin
cp loqitmonstep2 debian/loqitmon/usr/bin
cp loqitmonstep3 debian/loqitmon/usr/bin
dh_installinit
dh_installsystemd
dh_gencontrol
dpkg-gencontrol: warning: package loqitmon: substitution variable 
${misc:Pre-Depends} unused, but is defined
dh_install
dh_auto_install
dh_builddeb
dpkg-deb: building package 'loqitmon' in '../loqitmon_1.0-1_amd64.deb'.
  dpkg-genbuildinfo --build=binary -O../loqitmon_1.0-1_amd64.buildinfo
  dpkg-genchanges --build=binary -O../loqitmon_1.0-1_amd64.changes
dpkg-genchanges: info: binary-only upload (no source code included)
  dpkg-source --after-build .
dpkg-buildpackage: info: binary-only upload (no source included)
Now running lintian loqitmon_1.0-1_amd64.changes ...
E: loqitmon changes: bad-distribution-in-changes-file unstable
E: loqitmon: file-in-etc-not-marked-as-conffile etc/init.d/loqitmon
E: loqitmon: file-in-etc-not-marked-as-conffile etc/loqitmon.ini
E: loqitmon: no-changelog usr/share/doc/loqitmon/changelog.Debian.gz 
(non-native package)
E: loqitmon: no-copyright-file
W: loqitmon: no-manual-page usr/bin/loqitmon
W: loqitmon: no-manual-page usr/bin/loqitmonaction1
W: loqitmon: no-manual-page usr/bin/loqitmonaction2
W: loqitmon: no-manual-page usr/bin/loqitmonaction3
W: loqitmon: no-manual-page usr/bin/loqitmonstep1
W: loqitmon: no-manual-page usr/bin/loqitmonstep2
W: loqitmon: no-manual-page usr/bin/loqitmonstep3
W: loqitmon: script-in-etc-init.d-not-registered-via-update-rc.d 
etc/init.d/loqitmon
W: loqitmon: unknown-section base
Finished running lintian.

You probably want to investigate these lintian warnings, at some point.


The files
/etc/init.d/loqitmon
/lib/systemd/system/loqitmon.service
The manpage for dh_installsystemd suggests these files should be under 
debian/. Are they, or are they in etc/init.d and lib/systemd/system?


are in the package, but they are are not enabled.

I have the strange feeling the entire postinstall stuff is missing.
Is there a significant typo somewhere so obvious I am to stupid to see?

If there is a distribution like Mint Tessa for example, how does the
system decide which startmethod to choose, if init.d and systemd are
enabled successfully? I see a mix of init.d and systemd there regading
starting stuff.

Kind Regards
Konstantin




OpenPGP_signature
Description: 

Re: Remove route '169.254.0.0/16 dev ovs-system'

[Darac Marjal]

On 22/02/2023 19:40, Greg Wooledge wrote:

On Wed, Feb 22, 2023 at 02:04:58PM -0500, Jeffrey Walton wrote:


Maybe the 'w' is not matching anything.

I thought eth0 and wlan0 went the way of the dinosaurs. I thought with
Consistent Network Device Names and biosdevname, the name will begin
with a 'p' or 'em', not a 'w', and based on the slot number.

"Predictable" interface names always begin with "e" for ethernet, or "w"
for wireless.  "Match w*" should match every wireless interface on the
system.


It would also match "wan0" if you had a network interface for your Wide 
Area Network. You might find this to be a bit more direct (that is, it 
mostly has the same effect, but matches directly what you want, rather 
than indirectly what you meant)


  [Match]
  Type=wlan




OpenPGP_signature
Description: OpenPGP digital signature

Re: clamav eating memory

[Darac Marjal]

On 13/02/2023 14:11, Maurizio Caloro wrote:


hello Debian group

here iam running Debian 10.13, clamav 0.103.7+dfsg-0+deb10u1

but it's this possible that clamav-daemon use 1.2G memory?

Entirely possible. As I recall, clamav-daemon caches the virus 
definitions in RAM in order to minimise startup speed when handling clients.


In other words, if you're only scanning for viruses occasionally (e.g. 
mails which have an attachment), you might find switching from 
"clamdscan" to "clamscan" and not running the daemon suits your purpose.




try to punish little without getting any negative effects.

try to enclose, but after 4-5h the mailserver will freez/break

Depending on your system architecture, you could consider running 
"clamdaemon" on a different host, and configuring "clamdscan" to use a 
TCP socket. This is particularly beneficial if you have several hosts 
which need to perform scanning as they can all pass their payload to the 
central scanning host, and you don't need multiple instances of the daemon.


YMMV.



OpenPGP_signature
Description: OpenPGP digital signature

Re: ipv6 maybe has arrived.

[Darac Marjal]

On 10/02/2023 13:04, Greg Wooledge wrote:

On Fri, Feb 10, 2023 at 05:58:07AM -0500, gene heskett wrote:

hosts:  files mymachines dns myhostname

This is wrong.  I don't know where you got it from, but "mymachines"
and "myhostname" are not valid entries in this file.  NOT EVEN IF THEY
ARE FUCKING METASYNTACTIC PLACEHOLDERS for "coyote.den" and "lupus" or
whatever the FUCK your actual file says.


They are if you have the correct NSS plugins available.

"mymachines" comes from libnss-mymachines:

   nss-mymachines is a plugin for the GNU Name Service Switch (NSS) 
functionality
   of the GNU C Library (glibc) providing hostname resolution for local 
containers
   that are registered with systemd-machined.service(8). The container 
names are
   resolved to IP addresses of the specific container, ordered by their 
scope.

   .
   Installing this package automatically adds mymachines to 
/etc/nsswitch.conf.


"myhostname" comes from libnss-myhostname:

   This package contains a plugin for the Name Service Switch, 
providing host
   name resolution for the locally configured system hostname as 
returned by
   gethostname(2). It returns all locally configured public IP 
addresses or -- if

   none are configured, the IPv4 address 127.0.1.1 (which is on the local
   loopback) and the IPv6 address ::1 (which is the local host).
   .
   A lot of software relies on that the local host name is resolvable. This
   package provides an alternative to the fragile and error-prone 
manual editing

   of /etc/hosts.
   .
   Installing this package automatically adds myhostname to 
/etc/nsswitch.conf.


There are several other NSS plugins, offering a variety of methods of 
discovering "names": https://packages.debian.org/search?keywords=libnss-


Note that the package descriptions explicitly state that just installing 
the plugins will activate them; I don't know if uninstalling them 
removes the entry in /etc/nsswitch.conf (I would hope so).


OpenPGP_signature
Description: OpenPGP digital signature

Re: Trouble with ansible and apt. Is this a known problem?

[Darac Marjal]

On 21/11/2022 08:59, Nathanael Schweers wrote:

Hello people,

I recently installed Debian Bullseye on my desktop machine, having 
previously used Debian sid.


So far it all went well.  Yet two days ago, ansible suddenly reported 
the following message when attempting to use either the `apt` or 
`package` builtin.


fatal: [schweers-pc]: FAILED! => changed=false
 module_stderr: |-
   Shared connection to schweers-pc closed.
 module_stdout: |2-

   Traceback (most recent call last):
 File 
"/home/schweers/.ansible/tmp/ansible-tmp-1669020286.4378655-35342-213285731346074/AnsiballZ_apt.py", 
 line 102, in 

   _ansiballz_main()
 File 
"/home/schweers/.ansible/tmp/ansible-tmp-1669020286.4378655-35342-213285731346074/AnsiballZ_apt.py", 
 line 94, in _ansiballz_main

   invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
 File 
"/home/schweers/.ansible/tmp/ansible-tmp-1669020286.4378655-35342-213285731346074/AnsiballZ_apt.py", 
 line 40, in invoke_module
   runpy.run_module(mod_name='ansible.modules.apt', 
init_globals=None, run_name='__main__', alter_sys=True)

 File "/usr/lib/python3.9/runpy.py", line 210, in run_module
   return _run_module_code(code, init_globals, run_name,    
mod_spec)

 File "/usr/lib/python3.9/runpy.py", line 97, in _run_module_code
   _run_code(code, mod_globals, init_globals,
 File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
   exec(code, run_globals)
 File 
"/tmp/ansible_ansible.legacy.apt_payload_og4qifjt/ansible_ansible.legacy.apt_payload.zip/ansible/modules/apt.py", 
 line 302, in 
 File "", line 1007, in  
_find_and_load
 File "", line 986, in 
_find_and_load_unlocked

 File "", line 664, in _load_unlocked
 File "", line 627, in 
_load_backward_compatible

 File "", line 259, in load_module
 File 
"/tmp/ansible_ansible.legacy.apt_payload_og4qifjt/ansible_ansible.legacy.apt_payload.zip/ansible/module_utils/urls.py", 
 line 115, in 
 File 
"/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py",  
line 50, in 

   import OpenSSL.SSL
 File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py",  
line 8, in 

   from OpenSSL import crypto, SSL
 File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 
1556, in 

   class X509StoreFlags(object):
 File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 
1577, in X509StoreFlags

   CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
   AttributeError: module 'lib' has no attribute 
'X509_V_FLAG_CB_ISSUER_CHECK'

 msg: |-
   MODULE FAILURE
   See stdout/stderr for the exact error
 rc: 1


Note that it does not matter that the package in question is already 
installed.


I have tried to reinstall `python3-urllibs`, `python3-apt` and 
`python3-openssl` yet to no avail.


Is this a known problem?


It doesn't look like this exact problem is known at 
https://github.com/search?q=org%3Aansible+X509_V_FLAG_CB_ISSUER_CHECK+is%3Aissue=issues, 
but there are a few suggestions among the matching bugs.


One suggestion appears to be that your python module "cryptography" is 
too new for Ansible. You don't state how you installed Ansible, but you 
might find installing it into a virtualenv is more reliable.





Kind regards,
Nathanael



OpenPGP_signature
Description: OpenPGP digital signature

Re: install missing unicode fonts

[Darac Marjal]

On 17/11/2022 19:32, Matt Zagrabelny wrote:

Greetings,

I've done some searching but came up empty with the correct way to 
install missing unicode fonts.


For example, in my terminal I type "exa -l --icons" and I see:

 (that is a rectangle with the codepoint: F158)

I don't see what F158 is supposed to represent.


This is probably a NerdFont https://www.nerdfonts.com




How do I find the package that installs this glyph/font/icon/whatever?

If there is more than one package that provides it, how do I find out 
which one I should pick?


Thanks for any help!

-m


OpenPGP_signature
Description: OpenPGP digital signature

Re: No Public Key

[Darac Marjal]

On 13/11/2022 19:14, Thomas George wrote:
I want to do a new verified instillation of a debian iso. I have the 
iso and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried


gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No 
Public Key


I thought to skip this step and tried

gpg --verify SHA515SUMS.sign.txt debian-11.5.0-amd64-netinst.iso with 
the result Can't open signed data debian-11.5.0-amd64-netinst.iso


Clearly I am making some elementary mistakes. I have spent fruitless 
hours trying find and use a public key. One source suggested Curl 
ipinfo.io/ip. This outputs an ip address that seams to have nothing to 
do with my problem.


A reference to a step-by-step procedure would be appreciated.


https://www.debian.org/CD/verify says "The keys used for these 
signatures are all in the Debian GPG keyring and the best way to check 
them is to use that keyring to validate via the web of trust.". If you 
are using a Debian system, you can get those keys by installing 
"debian-archive-keyring". IF you're not (which is likely, given you're 
trying to install Debian), then that page also lists the fingerprints of 
the keys:


pub   rsa4096/988021A964E6EA7D 2009-10-03
  Key fingerprint = 1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6 EA7D
uid  Debian CD signing key 

pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
  Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
uid  Debian CD signing key 

pub   rsa4096/42468F4009EA8AC3 2014-04-15 [SC]
  Key fingerprint = F41D 3034 2F35 4669 5F65  C669 4246 8F40 09EA 8AC3
uid  Debian Testing CDs Automatic Signing Key 



So you should just be able to do, for example:

    $ gpg --receive-keys "1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6 
EA7D"





Tom George



OpenPGP_signature
Description: OpenPGP digital signature

Re: how to add more ipv6 addresses to an interface that is being configured through dhcpv6

[Darac Marjal]

On 13/11/2022 16:07, hw wrote:

Hi,

the subject says it ... I have an interface that is being configured with IPv4
and IPv6 addresses via dhcp.  I need to assign an additional IPv6 address to the
interface.

This is all very easy with network-manager but that seems to be kinda deprecated
and we're supposed to use the anachronistic /etc/network/interfaces file.  The
manual page isn't helpful for this at all.

So I have


auto enp7s0
allow-hotplug enp7s0
iface enp7s0 inet dhcp
iface enp7s0 inet6 dhcp


How do I additionally assign fd53::40/16?

Probably the easiest option is "post-up ip addr add  fd53::40/16 dev 
$IFACE" and "pre-down ip addr del fd53::40/16 dev $IFACE".


OpenPGP_signature
Description: OpenPGP digital signature

Re: is Ansible easy to use?

[Darac Marjal]

On 20/10/2022 15:47, Anssi Saari wrote:

Philipp Ewald  writes:


Hi folks,

is ansible a easy way to configure customized hosts?
First try, its super complicated for me.

For me it has been. ssh loops work too though. Sometimes I've felt
Ansible whines needlessly, something like "please don't do what you need
to do, do it our backward way instead". I think that was about editing a
file with sed.


Ansible's philosophy is "idempotency". That is, instead of having a 
script that, for example "Adds a user to /etc/passwd", Ansible defines a 
configuration to "ensure that the user exists in /etc/passwd".


The difference between the two approaches comes when you re-run the 
script. If you have a script that simply append a line to a config, then 
you'll quickly end up with duplicated lines. But with the ansible 
philosophy, if the line is already there, then there are no changes to 
be made.


By buying into the Ansible philosophy, you get the benefit of all the 
core and community modules where people have already coded all the hard 
bits of "Find matching lines", "Rewrite the file atomically", "Handle 
ACLs and SELinux contexts" and all those things you might not already 
think of.






Trying to create multiple files with content. It takes more time to
create the playbook then creating this file by hand (this damn syntax
acomplicates everything more)
Then formatting is destroyed or need more time on creating the playbook...

Are you sure you aren't over complicating things? To me that sounds like
you need to copy a few files over? Or do you need to create host specific
files? But do they have to be created by Ansible?



It is so hard or im so bad?

I use ansible a little sometimes to propagate config stuff in my little
home network like firewall configuration and such. So, copying files and
running commands mostly. Sometimes appending lines to config files.

I don't really understand why Ansible has two interfaces, the playbook
one and the normal command line. But, for my simple needs running stuff
on the command line works and I have a bunch of notes on how to do
things. Unfortunately pretty much every example online seems to use
playbooks.
You can't check a command line into code control. You can basically only 
run one task or one role from the command line. But this is just the 
same as writing a script versus executing the commands at the bash prompt.




OpenPGP_signature
Description: OpenPGP digital signature

Re: firmware-iwlwifi

[Darac Marjal]

On 05/10/2022 05:18, David Wright wrote:

On Mon 03 Oct 2022 at 13:27:13 (-0600), Charles Curley wrote:

On Mon, 3 Oct 2022 20:53:46 +0300 Georgi Naplatanov wrote:


Actually I think I found out what was happening:
- for failed connection attempts trough SSH - the notebook
sometimes switches to suspend/sleep mode and turns off its WiFi card
and it takes time WiFi connection to become active again

This sounds reasonable. Suspend likely shuts off the wifi receiver, and
upon ending the system may take a while to bring it back up.

I'm not sure I understand how, if the wifi receiver is turned off,
the laptop receives any packets that are intended to (incidentally)
turn it back on and connect to it.

I don't have much experience with sleep states. When my laptop is bone
idle (open, screen blanked, kbd unlit, no logins, on battery), iwd
still scans the wifi every minute, and ping returns are still instant.
I presume this is the state known as S0.

When I close the lid, it sleeps (I presume it's S3 as there's no swap;
much activity occurs, and is logged, when the lid is reopened). Ping
gets no replies.

S1 and S2 are the mystery ones for me, as I have no idea how to
enter/leave them. I suspect they may be the states where people post
about their (non-builtin) keyboards and mice not waking them up.


According to 
https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/pm/sleep-states.rst,


S1 = Standby

S3 = Suspend-to-RAM

S4  = Hibernation

These states can be achieved (if your hardware supports it) by executing 
"echo standby > /sys/power/state", "echo deep > /sys/power/mem_sleep" 
and "echo dik > /sys/power/state" (although you may find a userspace 
tool such as systemd or a GUI may be more suitable).


(S2 is very similar to S3. Maybe the only difference is that devices 
(e.g. the screen) are powered off. I'm not sure that S2 serves much 
practical purpose.)






I wonder why it's going into suspend mode; perhaps it is doing so
unnecessarily.

Is this perhaps something that DEs do, along with screensavers and
screen locking. (I don't know whether the OP installs one; I don't.
Perhaps that's why I've not encountered S1/S2.)

Cheers,
David.



OpenPGP_signature
Description: OpenPGP digital signature

Re: apt-cacher internal error (died)

[Darac Marjal]

On 21/09/2022 14:07, Adam Weremczuk wrote:

Hi David,

There is still something wrong with my /etc/apt/sources.list

Perhaps caused by stretch reaching end of life on 30 June 2022.

Can somebody provide me with a tested list of mirrors for stretch 
working in Sep 2022 for apt-cacher-ng server and clients?


I've tried several different sets getting no errors from "apt update" 
on the server (which has internet connectivity).


Every time I repeat this list in /etc/apt/sources.list on a client 
replacing FQDN (e.g. deb.debian.org or security.debian.org) with my 
server's IP and port (192.168.100.1:3142) I get DNS errors for 
security mirror as below:


Err:5 http://192.168.100.1:3142/debian-security stretch/updates Release
  503  DNS error for hostname debian-security: Name or service not 
known. If debian-security refers to a configured cache repository, 
please check the corresponding configuration file.


I'm no expert in apt-cacher-ng, but the error here says that's it's 
trying to look up "debian-security" as a hostname. If I'm reading this 
page  correctly, you 
shouldn't be changing /etc/apt/sources.list to point to apt-cacher-ng, 
instead, you should continue to point it to deb.debian.org or 
snapshot.debian.org and, instead, tell apt to use apt-cacher-ng as an 
HTTP proxy.


The protocol that a HTTP server and a HTTP proxy use are _slightly_ 
different. Instead of a client asking a server "Give me 
/path/to/index.html", it needs to tell the proxy "Give me 
/path/to/index.html from example.com". I suspect you problem comes of 
trying to download packages from apt-cacher-ng, rather than proxying 
through apt-cacher-ng.





or

503  DNS error for hostname security: No address associated with 
hostname.


Perhaps /etc/apt-cacher-ng/acng.conf on the server needs amending as 
well?


I've found a line there that reads:

Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # 
Debian Archives


Regards,
Adam



On 13/09/2022 05:54, David Wright wrote:

Err:5http://192.168.100.1:3142/security stretch/updates Release
    503  DNS error for hostname security: No address associated with
hostname. If security refers to a configured cache repository, please
check the corresponding configuration file.
E: The repository 'http://192.168.100.1:3142/security stretch/updates
Release' does not have a Release file.




OpenPGP_signature
Description: OpenPGP digital signature

Re: systemd automount unit: run only when server is reachable

[Darac Marjal]

systemd has a number of Condition* rules which can be added to units: 
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conditions%20and%20Asserts 
You could maybe rig something up with that.


Alternatively, if the mount always takes at least 10 seconds, then that 
sounds like it might be a DNS issue. I see that you're trying to mount 
the host as "lana". If you're connecting over a VPN, it's likely that 
you're not using the same DNS resolver as at home, so perhaps something 
is timing out before it finally resolves. Do you get the same 10 second 
delay if you mount the path at the command line? If you add "-v" to the 
mount command, you might see the NFS client trying various options.


On 12/09/2022 08:31, Jürgen Bausa wrote:

Using Linux now for a long time I am still not really familiar with systemd and 
have a
question on its usage. I am sure this is not the best place to ask it (I know, 
its off-topic),
But posting to other lists I didnt get an answer. So if you know a better place 
to ask it please
point me there.

I am using systemd automount units (see below) to mount network shares on my 
laptop
(debian bullseye). This works fine in principle but I have one big issue:

At home it is enough to set TimeoutSec to 2 s in the mount unit. Normally the 
server is
available and the share is mounted. If the server is down I need to wait for 
just 2 s
until I see it is not there. Thats ok.

But when not at home and using a vpn, the mount unit will not mount with 
TimeoutSec set to 2 s.
I need to set it to at least 10 s. Then the mount works. But using 10 s means I 
always have
to wait 10 s for each share the system tries to reach and is not available. 
This is really
annoying when starting libreoffice for example (which seems to check for the 
last used
documents on startup).

What I would like to do is to put a test for server availabilty (e.g. ping -c 1 
$SERVER)
into the automount file. When the server is not available, automount is not run.
Is this possible? Or do I need to create a spcial unit and put something like

 Requires=nfs-server-online.target

in my automount unit? And how would the nfs-server-online unit look like?

What I am doing at the moment is running a script that checks availability of 
the nfs server
every some seconds (via ping) and turns on/off the automount unit accordingly
(via systemctl start/stop mnt-share.automount). This works, but its not a very 
elegant solution.
I am pretty sure it can be done better using systemd only.

Regards,

Jürgen

/etc/systemd/system/mnt-share.automount:
[Unit]
Description=autoount share

[Automount]
Where=/mnt/share
TimeoutIdleSec=1min

[Install]
WantedBy=multi-user.target




/etc/systemd/system/mnt-share.mount:
[Unit]
Description=Mount share

[Mount]
Where=/mnt/share
What=lana:/share
Type=nfs
Options=soft,async
TimeoutSec=10

[Install]
WantedBy=multi-user.target




OpenPGP_signature
Description: OpenPGP digital signature

Re: Processors older than Intel Pentium 4

[Darac Marjal]

On 16/07/2022 16:26, Timothy M Butterworth wrote:
Is anyone running Debian 11 on a processor older than Pentium 4? I ask 
because I would like to bump 32 bit OS support from i386 (1985) to 
i686 Pentium 4 and newer.


Debian hasn't supported 80386 processors for many years. According to 
https://www.debian.org/releases/stable/i386/ch02s01.en.html, the minimum 
processor for Debian Stable _is_ currently a 686-class processor.


Nearly all x86-based (IA-32) processors still in use in personal 
computers are supported. This also includes 32-bit AMD and VIA (former 
Cyrix) processors, and processors like the Athlon XP and Intel P4 Xeon.


However, Debian GNU/Linux bullseye will/not/run on 586 (Pentium) or 
earlier processors.


Older processors might be possible in other architectures, though. Check 
the MIPS and the POWER architectures, perhaps?




Thanks

--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀


OpenPGP_signature
Description: OpenPGP digital signature

Re: Feature request: install package by passing URL to apt-get

[Darac Marjal]

On 22/06/2022 18:04, Person the human wrote:
I just want to get everyone's opinion on this before I request it from 
the developers or possibly try to add it myself.


Would it be nice if it was possible to pass a URL to 'apt install' so 
that a package could be installed without first downloading its .deb 
file? I think it's good because it can save time and prevent 
unneeded damage to SSDs. Even if you don't have any info to add, 
please let me know what you think.


Our cousins Ubuntu already have this capability since 7.10: 
https://wiki.ubuntu.com/AptUrl


The fact that this functionality has been available for ~15 years but 
hasn't made it upstream into Debian suggests that Debian is not 
interested in such functionality.




OpenPGP_signature
Description: OpenPGP digital signature

Re: Needless DNS queries

[Darac Marjal]

On 07/06/2022 17:53, Greg Wooledge wrote:

On Tue, Jun 07, 2022 at 11:22:34AM -0400, Dan Ritter wrote:

search  Search list for host-name lookup.  By default, the search
  [...]
This may be changed by listing the desired domain search
path following the search keyword with spaces or tabs separating the
names.  Resolver queries having fewer than ndots dots (default is
1) in them will be attempted using each component of the search path in
turn until a match is found.

I've read this paragraph a few times, and as far as I can tell, it's
simply wrong.

If you go down farther in the page and look at:

   ndots:n
  Sets a threshold for the number of dots which must appear
  in a name given to res_query(3) (see resolver(3))  before
  an  initial absolute query will be made.  The default for
  n is 1, meaning that if there are any dots in a name, the
  name  will  be tried first as an absolute name before any
  search list elements are appended to it.  The  value  for
  this option is silently capped to 15.

This one says that it simply determines whether the name will be tried
as is *before* appending the search domain(s) to it, or whether it just
skips straight to appending the search domains.

My experience, and the OP's experience, suggests that the description in
the ndots paragraph is correct, and the description in the search paragraph
is not.

To the best of my knowledge, there isn't any setting to *prevent* the
appending of search domains to a name, no matter how many dots you put
in the name.
I've wondered about that in the past. Is this maybe a bug in the 
application, then (I admit that it'll be a widespread bug if so). To my 
knowledge, DNS domains support "relative" names (e.g. "www.example.com") 
as well as "absolute" names (e.g. "www.example.com." - with the trailing 
dot). Should applications be querying for hostnames with the trailing 
dot and, if so, would that prevent the resolver from trying to append 
the search domains?




OpenPGP_signature
Description: OpenPGP digital signature

Re: smartctl puzzlement new disk

[Darac Marjal]

On 14/05/2022 03:02, ghe2001 wrote:

Supermicro workstation, Debian Buster, smartctl v 6.6

I bought a new 12TB Western Digital Gold SATA disk the other day. 
After testing it, smartctl says, among other things:


 22 Unknown_Attribute   0x0023   001   001   025    Pre-fail 
Always   FAILING_NOW 13


And it looks like the test is aborted when smartctl sees that error.  
And there's lots of yelling all over my monitor.


I found some discussion of ID 22 on the 'Net -- it's often used to 
mean 'helium level' which makes some sense on a 12TB disk.  But 
testing the Seagate 12TB next to the Western Digital is OK -- sorta; 
there's no ID 22 in the output.


The Wikipedia article on S.M.A.R.T lists ID 22 as having to do with 
the helium.


On the web, it looked like there's a way of changing what ID 22's 
called so smartctl won't hurl.  I'd like the test to just keep going 
and tell me the other things it finds.


My questions:

Is this error on ID 22 anything to worry about?
(I'm guessing that it isn't, and smartctl and/or something in the 
Western Digital disk's firmware is mildly wrong)


Is there really a way to change 22 so smartctl will report the helium 
level?  How do I do that?


Regardless of whether smartctl knows what ID 22 means, the error is 
actually because the _value_ of ID 22 is too low.


SMART entries show four values:

 * VALUE - This is a "normalised" value, between 0 and 255. The
   RAW_VALUE (shown as the last column) is scaled according to the
   manufacturer's algorithm such that 100 is the ideal value.
 * WORST - This represents the worst level of VALUE that the drive has
   seen.
 * THRESH - This is a level which the manufacturer has determined. If
   VALUE is less than THRESH, there is a problem
 * RAW_VALUE - This is some internal value which the manufacturer knows
   the meaning of (sometimes it might be obvious such as the number of
   hours online, but in the case of the helium level it's not obvious
   what 13 represents)

So, Smartctl might not know that the helium level is low, but it _does_ 
know that ID 22 is at 1, which is less than 25, so therefore the drive 
is failing.


As far as the firmware is concerned, the drive is failing. Whether that 
decision is justified, only the manufacturer can really say.




Is there a way to to get smartctl to finish the test?  If so, how do I 
do that?


TIA...


>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Dino

[Darac Marjal]

On 07/05/2022 02:17, A_Man_Without_Clue wrote:

On 3/13/22 08:24, Stefan Kropp wrote:

On Sa, 2022-03-12 23:00:33, Mongoose wrote:

When may we see Dino messenger included in Debian stable?


The dino XMPP IM Messenger is part of Debian [1]

Version 0.2.0-3 in stable
Version 0.3.0-2~bpo11+1 in stable backports

[1] https://tracker.debian.org/pkg/dino-im




Just being curious.

How many of you use XMPP chatting clients?
I was just trying some of those available on LINUX including this 
Dino-Im and conversations app on android, but desktop clients are not 
really usable.
I've tried a few over the years. Currently, I'm using Thunderbird as my 
XMPP client.


What about SIP phone/messaging?

I am trying Linphone on my desktop and android but android version is 
quite buggy...
Android has SIP calling built in. Typically, you want to open the Phone 
app, enter the menu and select "Calling Accounts". Just be aware that 
being online to receive calls tends to use more battery than being on a 
GSM network does.


Any thoughts about these apps?



OpenPGP_signature
Description: OpenPGP digital signature

Re: updatedb.mlocate

[Darac Marjal]

On 10/04/2022 15:29, Greg Wooledge wrote:

On Sun, Apr 10, 2022 at 06:03:13AM -0400, gene heskett wrote:

Thats fine, as long as the systemd stuff is disabled by finding an entry
in the presently logged in users ~/.config, but I do not consider that as
a user item. thats (updatedb) sysadmin stuff, and much of this hoohah
could be prevented by setting the trigger time at install time with a
random time between 1 and 4 AM when most users are inactive anyway. How
many lines of bash code would it take to do that, 3? 4? IDK but it could
be done...

The mlocate package includes a /lib/systemd/system/mlocate.timer file.
It's static content.  If the package maintainer wanted to randomize the
contents, they would need to write code in the mlocate.postinst script
to change the static file -- which is a really BAD idea.  A slightly
better idea: don't include the static file at all, but include code in
the mlocate.postinst which generates a randomized mlocate.timer file.

The mlocate.postinst script is not a bash script.  It's an sh script.
So, the "obvious" way to do it in bash (a here document with $((RANDOM%...))
expressions in it) won't work.  They would need to call out to some
external process (perhaps awk) to generate some random numbers, store
those in variables, and then use the variables in the here document.

They would also need to arrange for the randomized mlocate.timer file
to be cleaned up when the package is removed, so that's even more code
to write.

Kind of a pain in the ass.

Even if randomizing the times is more trouble than it's worth, I wonder
how much support might exist for simply specifying a different static time
for each package that currently runs at midnight.  E.g. have mlocate
run at 00:05, have man-db run at 00:10, have logrotate run at 00:15,
and so on.  I don't know how many different timers all run at midnight --
just the ones that *I* happen to have.  There are probably lots more.


Systemd already supports this.

* AccuracySec=   Specify the accuracy the timer shall elapse with. [...] 
Within this time window, the expiry time shall be placed at a 
host-specific, randomized, but stable position.


* RandomizedDelaySec =    Delay the timer by a randomly selected, evenly 
distributed amount of time between 0 and the specified time value.



So, "OnCalendar=daily" together with "AccuracySec=24h" *seems* to imply 
"once per day, but at a random time during the day".






OpenPGP_signature
Description: OpenPGP digital signature

Re: Problem downloading "Installation Guide for 64-bit PC (amd64)"

[Darac Marjal]

On 08/04/2022 20:27, David Wright wrote:

On Fri 08 Apr 2022 at 07:18:28 (+0100), Tixy wrote:

On Thu, 2022-04-07 at 09:40 -0500, Richard Owlett wrote:

I need a *HTML* copy of "Installation Guide for 64-bit PC (amd64)" for
*OFFLINE* use.

The HTML links on [https://www.debian.org/releases/stable/installmanual]
lead *ONLY* to Page 1.

You can download all the pages using a recursive wget:

   wget -r -k -np https://www.debian.org/releases/stable/amd64/

That's 774kB of files when I tried it (I know internet data usage is
important to you).

And for those on dial-up, a text version in one big page, compressed,
comes in at 128723 bytes. (I think it would be necessary to solicit
a copy from someone, anyone, by email.)


20 years ago there were services for this: 
http://www.faqs.org/faqs/internet-services/access-via-email/


One used to be able to access FTP, Gopher, Verionica, Jughead or even - 
if you were so inclined - the World Wide Web just by sending commands in 
the body of an email. I've not used these services in about ten years, 
though, so I don't know how many still exist.





OpenPGP_signature
Description: OpenPGP digital signature

Re: [OT] Online CPU configuration tool

[Darac Marjal]

For Intel processors,
https://ark.intel.com/content/www/us/en/ark/search/featurefilter.html?productType=873
might be of use to you. For AMD, it seems to need to choose a processor
type first https://www.amd.com/en/products/specifications

If you're after other manufacturers or other architectures, you might
want to be more specific.

On 22/02/2022 19:59, Grzesiek wrote:
> Hi there,
>
> I'm looking for a tool listing CPUs by different criteria like the
> number of cores, number of memory channels clock speed etc. Is there
> any web page capable of that? I tried to google, no luck.
>
> Regards
> Greg
>

Re: firejail: changing Ethernet network adapter name is breaking Firefox profile

[Darac Marjal]

On 17/01/2022 22:43, piorunz wrote:

Hello,

I run Firefox via firejail. I let Firefox use only one network adapter,
because that cuts off Firefox from my LAN. I run several profiles of
Firefox on my machine. Only one of them has access to LAN for security
reasons.

This is my example shortcut in KDE menu:
firejail --net=enp5s0 --netfilter=/etc/firejail/nolocal.net firefox -P
default-esr

Problem is, every now and then, Ethernet adapter name changes, from
enp5s0 to enp6s0 for example. Shortcut stops working! I have to manually
edit all shortcuts, and change enp5s0 to enp6s0 in each one.


If you have multiple Network Adapters, connected to different networks, 
why not give them more sensible names?


Using 
https://wiki.debian.org/NetworkInterfaceNames#CUSTOM_SCHEMES_USING_.LINK_FILES 
you can assign names such as "lan", "wan", "internal", "wifi" etc.  That 
way, you just need to do "firejail --net=wan 
--netfilter=/etc/firejail/nolocal.net firefox -P default-esr".





How to fix this?


--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄



OpenPGP_signature
Description: OpenPGP digital signature

Re: GRUB really slow to boot

[Darac Marjal]

On 18/12/2021 16:08, Greg Wooledge wrote:

Today I rebooted my machine for the first time in quite a while, after
the kernel update that was released along with Debian 11.2.

When it reached the GRUB screen, I pressed Enter, and nothing happened
as far as I could see.  I was initially worried that it had stopped
seeing my USB keyboard (a thing that I've experienced with GRUB and
certain USB slots on certain machines in the past).  This keyboard
plugged into this same USB slot had worked in previous versions of GRUB
on this machine, though.

The next thing I observed was that after 5 seconds, it still hadn't
booted, nor had the coundown ("will automatically boot in 5s" or whatever)
advanced.  It appeared to be hung.

I waited a bit longer, and the 5s changed to 4s.  It just took a really
long time (like 15+ seconds for each second on the timer).

Eventually, after a minute or two, the system booted.  Everything is
working normally now, post-GRUB.

Has anyone experienced this, or does anyone have ideas about how to
prevent it happening again?  I am not interested in trial and error
for this, because it's far too annoying and disruptive.  But if there
are well-known ideas about things I could try (e.g. "grub 2.04 is known
to have bugs on Intel motherboards, revert to 2.03") then I'm game.


Not a definitive answer here, but to me, this sounds like the sort of 
behaviour a program would have when having to process lots of 
interrupts. You say that pressing Enter does nothing and that the 
countdown happens really slowly. Imagine you had a stuck key - something 
which was repeatedly sending keypresses to GRUB, but which weren't 
triggering the "cancel timer" branch. Something like CTRL or Shift, 
maybe. Or an ACPI key etc.


I see that you say you're not interested in trial-and-error and I can 
understand that. If you can, try using a different keyboard. Or just 
unplug the keyboard entirely (You may need to configure your BIOS to 
allow booting without the keyboard or just allow the BIOS enough time to 
see the keyboard and THEN unplug it before GRUB sees it).


https://sources.debian.org/src/grub2/2.04-20/grub-core/normal/menu.c/#L601 
seems to be the loop of code that GRUB executes while waiting for a key. 
I can see some functions there that, if not written carefully, COULD 
take some time to return.




OpenPGP_signature
Description: OpenPGP digital signature

Re: Reasonably simple setup for 1TB HDD and 250GB M.2 NVMe SSD

[Darac Marjal]

On 10/12/2021 12:21, Dan Ritter wrote:

Andrei POPESCU wrote:

On Jo, 09 dec 21, 09:46:26, Dan Ritter wrote:

In a more perfect world, the space for suspension would not
otherwise be treated as swap space.

It still has to be reserved from somewhere, and swap appears to be the
logical choice for that.

No, it was a convenient choice. A better choice would have been
a way to mark a swap partition or file as for use only by the
hibernation system, or, as actually once existed, a system that
would mount a specific swap partition during the hibernation
shutdown procedure, and unmount it after recovery.


According to systemd-suspend.service(8):

"Immediately before entering system suspend and/or hibernation 
systemd-suspend.service (and the other mentioned units, respectively) 
will run all executables in /lib/systemd/system-sleep/"


There is also /etc/pm/sleep.d, which is a more system-specific location 
(i.e. /etc rather than /lib)


Therefore, it *should* be theoretically possible to reserve a partition 
explicitly for the purpose of hibernation. The script can bring the 
device online (with swapon) and then tell the kernel to hibernate to 
that device (echo $MAJOR:$MINOR > /sys/power/resume). Upon resume, the 
device can be taken offline (with swapoff) so that it isn't used for 
regular swap.


For extra credit, devise a standard marking for this partition (e.g. a 
label or a GPT UUID) so that this system can be made universal :)





-dsr-



OpenPGP_signature
Description: OpenPGP digital signature

Re: Reasonably simple setup for 1TB HDD and 250GB M.2 NVMe SSD

[Darac Marjal]

On 10/12/2021 04:53, David Wright wrote:

On Thu 09 Dec 2021 at 17:12:01 (-), Curt wrote:

On 2021-12-09, hdv@gmail  wrote:

Swap is where a laptop stores RAM during suspend-to-disk, the long
term hibernation suspension. Without at least as much swap as
RAM, you are limited to suspend-to-RAM.

In a more perfect world, the space for suspension would not
otherwise be treated as swap space.

It certainly was the reason why I always had swap at least as big as RAM
in the past on my laptops. However, I have not had any trouble
suspending or hibernating my laptops in the years since I reduced swap
to 2GB. That is just my experience, and it may not be the same for
others. But it might help the thread starter to know this is a feasible
option (depending on their use case).

It's only that there is a distinction between suspend-to-RAM and
suspend-to-disk, the latter using zero power consumption until the
machine is powered on.

Anyway, you probably already knew that (I didn't).

Aka hibernation, it's also incompatible with random-encrypted swap
(recommended in https://lists.debian.org/debian-user/2021/12/msg00239.html,
and by me, if you have sensitive information on your laptop).


It's a shame that TuxOnIce (aka Software Suspend 2) seems to have 
disappeared. That was a mostly-userspace hibernation solution that 
developed some quite neat tricks such as:


 * Mounting a swap device prior to hibernation

 * Graphical progress of hibernation

I seem to recall that, because it *was* a userspace solution, you needed 
to boot a certain amount of kernel and userspace before you could start 
resuming from hibernation, so there should have been a point where you 
could handle decryption (although, you would need a known key to decrypt 
the swap device, I suppose).





Cheers,
David.



OpenPGP_signature
Description: OpenPGP digital signature

Re: how to open mht file

[Darac Marjal]

MHTML files are "MIME-encapsulation of aggregate HTML documents": 
https://en.wikipedia.org/wiki/MHTML


In other words, you can treat this file very similar to a saved email. 
Some web browsers may be able to open it, too. Try the usual interfaces 
for opening a file with (for example in a file browser, do "Open 
With..." or perhaps your browser can do File > Open... etc)


On 05/12/2021 03:16, Long Wind wrote:

i save web page in android phone, it uses mht format
how to open it with bullseye?
below is mht file, abridged:

From: 
Snapshot-Content-Location: 
http://hx.cnd.org/2021/11/11/%e9%bb%8e%e5%ad%a6%e6%96%87%ef%bc%9a%e6%88%91%e6%89%80%e8%ae%a4%e8%af%86%e7%9a%84%e5%bc%a0%e5%b1%95/
Subject: 
=?utf-8?Q?=E9=BB=8E=E5=AD=A6=E6=96=87=EF=BC=9A=E6=88=91=E6=89=80=E8=AE=A4?=
=?utf-8?Q?=E8=AF=86=E7=9A=84=E5=BC=A0=E5=B1=95=20|=20CND=E5=88=8A=E7=89?=
=?utf-8?Q?=A9=E5=92=8C=E8=AE=BA=E5=9D=9B?=
Date: Sat, 27 Nov 2021 21:16:43 -
MIME-Version: 1.0
Content-Type: multipart/related;
 type="text/html";
 
boundary="MultipartBoundary--FlSfdekoR1dzSoPQRrR0OlI4WSFA6zLqLfXw18GN7i"


--MultipartBoundary--FlSfdekoR1dzSoPQRrR0OlI4WSFA6zLqLfXw18GN7i
Content-Type: text/html
Content-ID: 
Content-Transfer-Encoding: quoted-printable
Content-Location: 
http://hx.cnd.org/2021/11/11/%e9%bb%8e%e5%ad%a6%e6%96%87%ef%bc%9a%e6%88%91%e6%89%80%e8%ae%a4%e8%af%86%e7%9a%84%e5%bc%a0%e5%b1%95/



=E9=BB=8E=E5=AD=A6=E6=96=87=EF=BC=9A=E6=88=91=E6=89=80=E8=AE=A4=E8=
=AF=86=E7=9A=84=E5=BC=A0=E5=B1=95 | CND=E5=88=8A=E7=89=A9=E5=92=8C=E8=AE=BA=
=E5=9D=9B
http://gmpg.org/xfn/11;>
http://hx.cnd.org/wp-content/themes/cnd=
2011d/favicon.ico">
http://hx.=
cnd.org/wp-content/themes/cnd2011d/style.css">
http://hx.cnd.org/xmlrpc.php;>

http://hx.cnd.org=
/feed/">
http://hx.cnd.org/comments/feed/;>
http://hx.cnd.org/wp-content/plugins/nextgen-gallery/products/photocrati_ne=
xtgen/modules/nextgen_gallery_display/static/nextgen_gallery_related_images=
.css?ver=3D3.6.1" type=3D"text/css" media=3D"all">














=20
http://hx.cnd.org/2021/11/11/%e9%92%b1%e9%92%a2%ef%bc%9a=
%e4%b8%96%e7%95%8c%e6%9c%80%e5%a4%a7%e7%9a%84%e6%b0%b4%e5%ba%93%e5%9e%ae%e5=
%9d%9d%e6%83%a8%e6%a1%88-1975%e5%b9%b4%e9%a9%bb%e9%a9%ac%e5%ba%97%e5%a4%a7/=
">
http://hx.cnd.=
org/2021/11/11/%e5%88%98%e4%ba%9a%e6%b4%b2%ef%bc%9a%e6%89%93%e5%8f%b0%e6%b9=
%be%e4%b9%8b%e5%89%8d%e5%85%88%e8%a6%81%e4%ba%86%e8%a7%a3%e7%9a%84%e5%87%a0=
%e4%b8%aa%e5%86%b7%e7%9f%a5%e8%af%86/">

http://hx.cnd.org/2021/11/11/%e9%bb%8e%e5%a=
d%a6%e6%96%87%ef%bc%9a%e6%88%91%e6%89%80%e8%ae%a4%e8%af%86%e7%9a%84%e5%bc%a=
0%e5%b1%95/">
http://hx.cnd.org/?p=3D203200;>





 
 
  
 
 http://www.cnd.org/;>http://images.cnd.org/images/logo.gif; align=3D"left">
 http://ads.flychina.com/ad/ad.=
aspx?url=3D2142" target=3D"_blank">http://ads.flychina.com/ad/a=
d.aspx?showbanner=3D2142" alt=3D"FlyChina" width=3D"120" height=3D"60" bord=
er=3D"0">=20
=09
 http://www.kanghealth.com/; target=3D"_blan=
k">http://www.valuecalling.com/banners/468x60_fo=
r_KK.gif" alt=3D"">
 
 
 =09
 
 
 
 
 http://hx.cnd.org/; 
title=3D"CND=E5=88=8A=E7=89=A9=E5=92=
=8C=E8=AE=BA=E5=9D=9B" rel=3D"home">CND=E5=88=8A=E7=89=A9=E5=92=8C=E8=AE=BA=
=E5=9D=9B
 
 
 http://hxwk.org=
/">=E5=8F=88=E4=B8=80=E4=B8=AA CND=E5=8D=8E=E5=A4=8F=E6=96=87=E6=91=98 =E7=
=AB=99=E7=82=B9

 

 
   http://hx.c=
nd.org/2021/11/11/%e9%bb%8e%e5%ad%a6%e6%96%87%ef%bc%9a%e6%88%91%e6%89%80%e8=
%ae%a4%e8%af%86%e7%9a%84%e5%bc%a0%e5%b1%95/#content" title=3D"=E8=B7=B3=E8=
=87=B3=E6=AD=A3=E6=96=87">=E8=B7=B3=E8=87=B3=E6=AD=A3=E6=96=87
 http://www.cnd.org/;>=E9=A6=96=E9=
=A1=B5=EF=BC=8F=E7=99=BB=E5=BD=95

 CND=E5=87=BA=E7=89=88=E7=89=A9=E6=B1=87=E6=80=BB
 http://hx.cnd.org/mobile/;>=
=E7=A7=BB=E5=8A=A8=E6=90=BA=E5=B8=A6=E7=89=88=E9=A6=96=E9=A1=B5
 http://hx.cnd.org/%e7%99%bb%e5%bd%95/;>=E5=85=B3=E4=
=BA=8E=E7=99=BB=E5=BD=95
 http://hx.cnd.org/wp-login.php;>=E7=99=BB=E5=BD=95hx.cnd.org
 http://my.cnd.org/user.php;>=E7=99=BB=E5=BD=95my.cnd.org


=E6=8A=95=E7=A8=BF

 http://hx.cnd.org/wp-admin/post-new.php;>=E6=96=87=E5=BA=93=
=E4=BD=9C=E8=80=85=E7=9B=B4=E6=8E=A5=E7=99=BB=E5=BD=95=E6=8A=95=E7=A8=BF


 http://my.cnd.org/modules/news/submit.php;>=E5=8E=9F=E6=
=8A=95=E7=A8=BF=E6=96=B9=E5=BC=8F
 http://hx.cnd.org/%e6%8a%95%e=
7%a8%bf/">=E5=B0=9A=E6=97=A0=E7=94=A8=E6=88=B7=E5=90=8D=E4=BD=9C=E8=80=85=
=E6=8A=95=E7=A8=BF



  ...



OpenPGP_signature
Description: OpenPGP digital signature

Re: Don't try this at home kids

[Darac Marjal]

On 29/11/2021 22:41, Jeremy Ardley wrote:
>
> On 30/11/21 6:25 am, Bob Bernstein wrote:
>> How do I tell sudo not to ask me for my password?
>>
>> It's me. I'm on my computer. I already logged in with my password. No
>> one else is logged on.
>>
>> I know all you purists out there are rending your garments if not
>> your flesh. but c'mon sudo! Can't a brother catch a break around here?
>>
>> Thank you.
>>
> edit /etc/sudoers and modify / add
>
> username ALL=(ALL) NOPASSWD:ALL
>
> P.S. I am totally unconvinced about the arguments for using sudo
> rather than running as root. You can do exactly the same damage with
> sudo as being root user.
"sudo" is supposed to be used as part of a wider ecosystem. By
encouraging users to run "sudo foo" rather than running "foo" directly
as root, sudo can trigger audit events and so on.
> P.P.S The conventional instruction is to use visudo to do the edits.
> Which means using Vi, which is another anachronism that should be
> humanely put down.
Actually, sudo will run $SUDO_EDITOR or else $VISUAL (hence the name) or
else $EDITOR.  So, you can use emacs or joe or nano or anything like
that, if you prefer.



OpenPGP_signature
Description: OpenPGP digital signature

Re: If the variable has its 'integer' attribute set,

[Darac Marjal]

On 21/11/2021 01:37, sim sim wrote:
> Hi, all.
> My question may be in the wrong place but I'm already exhausted.
> Started reading https://www.gnu.org/software/bash/manual/bash.pdf.
>
> 3.4 Shell Parameters
> .
> 
> A parameter is set if it has been assigned a value.  The null string
> is a valid value.  Once a variable is set, it may be unset only by
> using the 'unset' builtin command.
>    A variable may be assigned to by a statement of the form
>  NAME=[VALUE]
> If VALUE is not given, the variable is assigned the null string.  All
> VALUEs undergo tilde expansion, parameter and variable expansion,
> command substitution, arithmetic expansion, and quote removal
> (detailed below).  If the variable has its 'integer' attribute set,
> then VALUE is evaluated as an arithmetic expression even if the
> '$((...))' expansion is not used.  
> .
> ..
> I do not understand  "If the variable has its 'integer' attribute
> set," where the variable has an 'integer' attribute, after all, this
> is not a function?
> I do not ask to explain in detail, because it is long and I will not
> understand because of my poor English, but if you can just write a
> simple variable for:
>  name=[value]
> where "If the variable has its 'integer' attribute set",
> for example it will help a lot. This manual is difficult for a
> beginner to read. The same concept in different places denotes: either
> an attribute or a parameter or an option.
> And advise a smart forum on this topic, where you can ask questions,
> Google found trash.

The way I would explain it is to assume that bash stores variables with
"data" and "metadata" separately.

You probably already know that if you write:

i = 65

then several things happen:

* a block of memory is allocated

* the address of the allocated memory is stored somewhere, and a
reference to that address is associated with the variable "i"

* The value "65" is stored in that memory location

So, that's a very basic method of storing the variable.  At this point,
we know that the variable "i" equals 65, right? Well, how do we know
that the variable doesn't hold the character "A", or that it's not an
array? So, there must be a table somewhere else that tells us "what KIND
of data is stored in 'i'?".

From a naive point of view, we might use an enumeration for the type (if
the type is 1 it's an integer, if it's 2 it's a string, if it's 3 it's
an array and so on), but the authors of bash, for whatever reason, seem
to use type flags. Perhaps a variable can be an integer *and* a string?
I'm not sure.

In summary, though, I would read "If the variable has its 'integer'
attribute set" as synonymous with "If the variable is declared an
integer". The bit to be careful about is that the value is NOT evaluated
as an arithmetic if the variable merely LOOKS like an integer (e.g. the
string "65").


> Thanks,
> Sim.


OpenPGP_signature
Description: OpenPGP digital signature

Re: why Debian?

[Darac Marjal]

On 14/11/2021 12:56, Thanos Katsiolis wrote:
> Hello,
>
> I am new to the Debian distribution and I would like to hear opinions
> from experienced users on why someone should choose them as OS.
> The reasons I chose them is that Debian is considered a stable and
> reliable OS (the policy of the OS is not to include as many and as
> much quickly as possible new features), and that it has a large and
> dependable community.

Personally,  I chose Debian because of it's amazing package installer
"apt". Like many people, I started with Windows (well, my first computer
was earlier than that, but irrelevant to this discussion). Software
management was (and - although "winget" is making it better - still kind
of is) a bit of a nightmare. You'd either have to got to the developer's
website and download an installer or, if you were lucky, there are sites
like TUCOWS and Sourceforge where you could download several installers.
But windows has always tended to favour the idea of an installer, rather
than a package to be installed. Sure, MSI files exist, but they're still
kind of second rate compared to an EXE installer.

So, when I was venturing into Linux, I started off with Mandrake Linux
(which I got from a CD on a magazine). Mandrake Linux introduced me to
the concept of a Software Repository - a single server hosting just
about any programs you could want. Want a spreadsheet application?
Install StarOffice. Want games? There's plenty of those, too. All
available for free. However, Mandrake is a RedHat-based distribution so,
although there was /so much/ software available through the repository,
these were the days before "yum". So to install a package, you had to
download the RPM for what you wanted, then try to install it, then
download all the dependencies that it needed and try to install those,
then download all the dependencies THEY required and so on.

A friend of mine, however, used Debian Linux and "apt" was a revelation.
With apt (I think we used "dselect" in those days, but "apt-get" worked
just as well if you knew what you wanted to install), it was just a
single command. "apt-get install soffice" was enough to install
StarOffice and all the libraries it required. This was a minor miracle
to me, and I've never really looked back.

Of course, nowadays, you can do the same thing with "yum" and "dnf" on
RedHat based distros, and even Windows is getting to the point where
plenty of software is available through "winget install xxx", but I'm
happy to stick with Debian.



OpenPGP_signature
Description: OpenPGP digital signature

Re: Where is a list of kernel messages ?

[Darac Marjal]

On 18/10/2021 22:16, C.T.F. Jansen wrote:
> Greetings,
>
> Where is there a list of linux kernel messages ?
> So far not found on :
>
>  - google
>  - Debian linux or kernel documentation, specifically linux-doc etc.
>  - not seem in /usr/share/doc
>
>  - www.kernel.org
>
> If they are there then it's time for the discovery process to be
> shortened.
I think the best place to look IS in the kernel source itself.
>
> Two messages that I'm interested in are :
>
>    kernel: [ 6997.564065] sd 3:0:0:0: [sdc] tag#3 data cmplt err -71
> uas-tag 4 inflight: CMD
This appears to be generated at
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/usb/storage/uas.c?h=v5.14.13#n424
>
>    kernel: [ 6997.564108] usb 2-1.4: stat urb: status -71
This appears to be generated at
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/usb/storage/uas.c?h=v5.14.13#n320
>
> The machine currently has  Debian 9 and a new disk dock and new
> internal hard disk set to go in the disk dock.
> The messages may be a result of the OS being too back level for the
> newer hardware. A Debian 11 implementation is in process.
>
> Thanks.
>
> frank.jan...@actrix.gen.nz, ZL2TTS
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: debian-installer RAID question

[Darac Marjal]

On 11/09/2021 17:55, Felix Natter wrote:
> hello fellow Debian users,
>
> I have an SSD for the root filesystem, and two HDDs using RAID1 for
> /storage running Debian10. Now I need a plan B in case the upgrade
> fails.

Just want to check that you've not missed something obvious here. You
don't *need* to involve Debian-Installer in an upgrade. Debian fully
supports in-place upgrades. The process is documented here:
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html


>
> So I made an experiment with a VM and rougly the same setup (disk-wise),
> and found out that when reinstalling Debian11, the d-i does recognize
> the RAID1 (/storage) and can reuse it while keeping the data.
>
> My question is: How does d-i know how the individual HDDs were combined
> into a RAID1? For all that "sudo fdisk -l" shows, the disks are
> "Linux raid autodetect". For all I see, it could be a RAIDX, X!=1 or
> two different RAIDs  Are there RAID headers on the partitions?
>
> The same thing applies when I boot a GNU/Linux rescue system: I think I
> can mount the RAID1 if I know the member partitions and type of RAID
> using mdadm?
>
> Many Thanks and Best Regards,



OpenPGP_signature
Description: OpenPGP digital signature

Re: Bash script problem

[Darac Marjal]

On 06/08/2021 00:30, David wrote:
> On Fri, 6 Aug 2021 at 06:03, Gary L. Roach  wrote:
>
>> Second, why am I separating out the Path the way I am doing? I need to
>> check each level for existence then, if the level doesn't exist, create
>> the directory, cd to the directory, set chown and -x chmod. After that
>> check the next level and repeat the process until I run out of levels.
>> There are other things that need to be done with files that are similar.
> It sounds like you are unaware of 'mkdir -p' and 'chown -R'.
> They are the standard tools for this kind of task.
>
> 'chmod -R' is less useful because it does not discriminate
> between files and directories, I never understood why it
> does not offer that option, because usually we need all file
> permissions to not be the same as all directory permissions.

I also recently discovered that 'mkdir' has a '-m, --mode' option so
that, depending on your use case, you might not even need chmod. 'mkdir
-m u=rwx,g=rx,o= -p /path/to/somewhere' for example.

>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Thunderbird add-on for SMS

[Darac Marjal]

On 06/08/2021 07:36, ellanios82 wrote:
> Good Day, List !
>
>
>  - is there a way to send an SMS to a mobile phone,  from Thunderbird ?
Talk to the service provider for the mobile phone. Some providers offer
an email to SMS service, whereby you are given an email address that
maps to your phone number and the first 140 characters of the body are
sent to the phone.
>
>   Thanks vm
>
> .
>
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Updating kernels impossible when /boot is getting full

[Darac Marjal]

On 01/08/2021 23:51, Greg Wooledge wrote:
> On Sun, Aug 01, 2021 at 03:29:07PM -0700, David Christensen wrote:
>> 2021-08-01 13:52:37 root@dipsy ~
>> # file /boot/initrd.img-4.19.0-17-amd64
>> /boot/initrd.img-4.19.0-17-amd64: gzip compressed data, last modified: Sun
>> Jul 25 19:43:38 2021, from Unix, original size 126331392
> Your initrd image, *uncompressed*, is smaller than the OP's compressed
> images.  That should put to bed any more silly comments about "try
> switching from gzip to bzip2 or xz" that we always get whenever someone
> makes one of these threads.

I object slightly to the comments being "silly", but you are right
that,  although changing the compression will save some space, thinning
out the contents of the initrd is going to have a much bigger effect. I
stand corrected.




OpenPGP_signature
Description: OpenPGP digital signature

Re: Updating kernels impossible when /boot is getting full

[Darac Marjal]

On 01/08/2021 13:34, didier gaumet wrote:
> Hello,
>
>  Disclaimer: I have never tested what is following.
>
>  Perhaps another way of keeping two kernels without increasing the size oft 
> the /boot partition would be to decrease the size of the initrd files: by 
> default they are built with allmost all possible modules, but they can be 
> built with only the modules that are needed (for the hardware which is 
> automatically detected). That is, if Ubuntu acts as Debian in this regard 
> (Debian here)
>
>  As root or via sudo:
> 1) edit the /etc/initramfs-tools/initramfs.conf file to replace  the 
> MODULES=most line by a MODULES=dep one
> 2) to make room in /boot for the following step, delete the big initrd images:
> # rm /boot/initrd*
> 3) generate smaller initrd images
> # update-initramfs -c -k all
>
>  Next time there is a kernel update, the initrd will automatically be 
> generated with a smaller size (but you will perhaps have to make room for it 
> if you have not enough space for three kernels)

Another avenue to try is changing the compression used. I see the OP
uses lz4 compression, XZ and Zstd compression often give better results
but this is definitely a "Your Mileage May Vary" situation. As with the
"MODULES" option above, you can configure the compression with the
"COMPRESS" option.

>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Synaptic error message

[Darac Marjal]

On 26/06/2021 15:20, Richard Owlett wrote:
> I have a empty machine on which I've done a default install of
> Debian 10.7.0 with MATE as my desktop. As I intend later to install
> some non-Debian software I wanted a local repository. To have a known
> base to start from I extracted the contents of dvd1.iso to a local
> directory.
>
> My sources.list references it as:
>> deb [ Trusted=yes ] file:home/richard/DVDs/dvd1/ buster main
>> contrib  non-free
>
> In Synaptic when I do Edit->Reload Package Information it responds:
>> The repository 'file://home/richard/DVDs/dvd1 buster Release' is not
>> signed.
>
>
> https://html.duckduckgo.com/html?q=%2B%22synaptic%22%20%2B%22repository%22%20%2B%22not%20signed%22%20site%3Adebian.org
> gives no useful information.
>
> What do I do?
> What should I have read?

"man sources.list" will give you the format of the "deb ..." line. In
particular, it will tell you that the command for setting a repository
to trusted is "trusted", rather than "Trusted". Computers can be a
little TOO literal at times.


> TIA
>
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: apt-key says deprecated, but not saying what else to use

[Darac Marjal]

On 19/06/2021 21:07, Marco Möller wrote:
>
> Hello,
> Command apt-key and its man page say that apt-key is deprecated, but
> do not suggest an instead recommended tool. It is only mentioned that
> keys would now be organized in /etc/apt/trusted.gpg.d/  . But how
> should I manage the keys saved there, for instance how to update them,
> or what tool of the Debian distribution is managing them there for the
> apt functionality of the Debian OS?
> Guiding me to a properly up-to-date documentation about this topic
> would be welcome!
> Marco.

For some time, I've been using /etc/apt/trusted.gpg.d rather than using
apt-key. As I understand it, keys in apt-key are trusted to sign *any*
repository you pull from. That is, if you add a suspicious repository
and somehow they were able to push packages signed with their key to the
main debian repo servers, then you'd not be able to distinguish between
"signed by Debian" and "signed by attacker".

Instead, the preferred method is to put binary GPG keys into
/etc/apt/trusted.gpg.d (that is, you might need to run "gpg --dearmor"
if you download an ascii-armoured key). Files there can have any name
it's purely up to the system administrator what the names are, but it
makes sense that they indicate the repository they sign. Then, in
/etc/apt/sources.list.d/*.list, you need to write:

deb [signed-by=/etc/apt/trusted.gpg.d/somekey.gpg]
https://repo.attacker.com/ stable main

Now, only this repository trusts that key. If packages there are signed
by another key, verification fails. Similarly, if packages in another
repository are signed by that key, verification fails.

You ask about updating them. There is, as far as I know, no automatic
method for updating these keys, nor for automatically adding them right
now. That's because it's generally considered good practice to add the
key manually. You need to actively state that you trust this repository
on your system. So, for most repositories, that involves a web page
somewhere that says "This is our 'deb ... ' line and this is a link to
our public key." The key will usually be valid for several years, but if
it does start to fail, apt tools *will* tell you that the key has
expired, and that's time to go back and revisit the original site, and
see if they have a new key available.





OpenPGP_signature
Description: OpenPGP digital signature

Re: apt error not understood

[Darac Marjal]

On 22/05/2021 16:48, ghe2001 wrote:
> Buster everywhere, latest update.
>
> I update/upgrade using apt on 3 different computers (SuperMicro
> desktop, Dell laptop, Raspberry Pi cute thing). Sample from a few
> minutes ago, on the desktop:
>
> root@sbox:~# apt update
> Hit:1 http://security.debian.org/debian-security buster/updates InRelease
> Hit:2 http://deb.debian.org/debian buster InRelease
> Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
> Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
> Fetched 98.6 kB in 2s (52.2 kB/s)
> ...
> Error: GDBus.Error:org.freedesktop.systemd1.UnitMasked: Unit -.mount
> is masked.

*.mount files are systemd representations of mount points. Sometimes
they're autogenerated from /etc/fstab (that is, fstab is still a
first-class place to configure mount points), but they might also be in
the usual systemd locations such as /etc/systemd/system

Now you can't name the mount files exactly after the mount points
(mostly because / isn't valid in file names), so systemd uses an
escaping mechanism

$ systemd-escape --unescape - /

So, this is a mount file for the root directory.

Now, what does it mean that the unit is masked? Here, you need to look
at the man page for "systemctl", in the description for the "is-enabled"
subcommand. "Masked" means "Completely disabled, so that any start
operation on it fails". Masking may be done either by the system, or the
administrator, but it basically means that systemd won't be able to
mount your root directory (however, that's a moot point as userspace
never mounts the root directory; that's the kernel's job :)

In summary, I'd say it's a strange error, but harmless.


> ...
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> All packages are up to date.
>
> And all seems to have worked -- when update says there are upgrades
> available, it asks if I want them, then downloads and installs
> properly, but the same error message is displayed.  I've been a Debian
> user for some 15 years, and I've never seen an error from dpkg, apt,
> apt-get, synaptic, or aptitude.  Until a few weeks ago.  On all my
> computers, except the 'Pi (also systemd).  I don't know what makes
> this happen or even what it means (a bent apt update?  a bent systemd
> update?).
>
> Thoughts?  Howtos?
>
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Missing SSL/https root cert(s)?

[Darac Marjal]

On 20/05/2021 12:03, d...@sherohman.org wrote:
> Although everything works properly for actual (human) users, a coworker
> has informed me that some of his automated tests are failing with
> invalid https certificate errors.  I checked and, sure enough, it's not
> just his tests:
>
> $ curl https://ojs.lub.lu.se
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> $ wget https://ojs.lub.lu.se
> --2021-05-20 12:54:48--  https://ojs.lub.lu.se/
> Resolving ojs.lub.lu.se (ojs.lub.lu.se)... 130.235.140.198
> Connecting to ojs.lub.lu.se (ojs.lub.lu.se)|130.235.140.198|:443...
> connected.
> ERROR: The certificate of ‘ojs.lub.lu.se’ is not trusted.
> ERROR: The certificate of ‘ojs.lub.lu.se’ doesn't have a known issuer.
>
> links and lynx both issue similar complaints, and these results are
> consistent across multiple systems using Debian versions 9, 10, and (the
> current pre-release version of) 11.  ca-certficates is up-to-date on all
> systems.
>
> Firefox and Chromium, however, both say the certificate is 100% valid,
> and I am not aware of any users having reported certificate issues with
> the site.
>
> The cert in question is issued by GEANT eScience SSL CA 4, which in turn
> is signed by USERTrust RSA Certification Authority.
> /usr/share/ca-certificates/mozilla does not have any GEANT certs, but
> there is a USERTrust_RSA_Certification_Authority.crt, so it would appear
> that it should work properly.
>
> We have... several... servers all with GEANT-based certificates and this
> behavior is consistent across all those certs.  There are also a handful
> of machines with LetsEncrypt or TERENA certificates which are recognized
> by all tools; this problem seems limited to those issued by GEANT.
>
>
> So, the obvious practical question:  What do I need to do to get the
> command-line tools to recognize GEANT certs?  curl is the one that
> really matters, but a solution that fixes them all in one fell swoop
> would, of course, be ideal.

A great place to start is the SSL Labs Server Test -
https://www.ssllabs.com/ssltest/analyze.html?d=ojs.lub.lu.se -
This will perform various handshakes with a HTTPS server and report all
kinds of useful information, including a summary "Grade".

The most obvious thing I notice from that is that SSL Labs warns that
your certificate chain is incomplete. This probably ties in with the
curl error of "The certificate doesn't have a known issuer". HTTPS
certificates are usually *not* signed directly by the Certificate
Authority. I don't know the details but I think it's to do with the fact
that the CA certificate is very precious so it's usually kept offline.
That CA certificate is used to sign "Intermediate" certificates which
are more easily revoked. However, the Intermediate certificates tend to
be rather more numerous.

Anyway, the upshot of this is that you have two pieces of a chain: At
the bottom of the chain is the certificate which your web server is
using to encrypt the traffic. At the top of the chain is the Certificate
Authority certificate. This is what web clients know about. To "join the
dots", you need to configure the web server to send your individual
certificate AND the intermediate certificate that it was signed by. You
COULD send the whole chain - in that way you're saying "This is me, and
I'm signed by this intermediate and the intermediate is signed by this
CA", but that's generally considered redundant information. If the
client already has the CA certificate, then it just wastes bandwidth by
sending the CA certificate.

So, why do Firefox and Chromium work? I'm not sure, but I could
speculate. Firstly, it's possible that they've already seen the
intermediate certificate somewhere else. The certificates are identified
by name and by a hash so, if the web browser already has that
intermediate in its cache, then it can build a trust path to a known CA
through that. Secondly, they may be fetching the intermediate
certificate on demand - Firefox and Chromium are much more geared
towards fetching multiple resources in parallel; curl and friends
probably just fetch what you asked for.

>
> And the broader question:  Why do GUI browsers recognize the
> certificate, but command-line tools and text-mode browsers do not?
> Shouldn't they all be looking at the same certificates, as provided by
> the ca-certificates package?
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Signed Email PAM authentication

[Darac Marjal]

On 14/05/2021 15:29, Marek Mosiewicz wrote:
> Hello,
>
> I think of idea of having additional PAM module which passes login
> after receiving and validating signed email (for some scenarios it
> could even requires emails from many persons). Signing emails can be
> done easliy in secure way and it could be also good for auditing.

My first thought was "Doesn't PAM have some sort of timeout?" but it
looks like it doesn't. If you have users who can bear to potentially
wait a matter of days before knowing whether they're permitted to access
a system, then I guess this could work. It sounds a little
Heath-Robinson, but  maybe you can argue the case for an ultra-secure
host where every login must come to the immediate attention of one or
more humans.

Hmm. Thinking about it a little more, you might need to consider some
points about reliability:

* If PAM sends an email, it can REQUEST delivery and read receipts, but
those are optional features of email. There's no guarantee that the
email will arrive at the destination.

* Similarly, PAM has no way to guarantee that the signer's reply will
arrive. 

Now, you might be able to say "Well, we use  GMail/HotMail/NeverFails
which is 100% online" or "We always send to X signers and need a quorum
of at least Y of them - which handles the situation when Kevin is on
holiday in the Bahamas for three weeks", but you might want to at least
CONSIDER sending follow up emails (not too often, though. One or two
days between them perhaps?) so that you don't end up waiting for a reply
that will never come.

>
> Cheers,
> Marek Mosiewicz
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Thunderbird: how can I set permanent custom headers?

[Darac Marjal]

On 14/05/2021 11:44, Ottavio Caruso wrote:
> Hi,
>
> For the lack of a dedicated Thunderbird mailing list, I am forced to
> ask here.
>
> I am using Debian Buster. I have set up a custom header (X-no-archive)
> using this guide:
> https://www.lifewire.com/arbitrary-custom-heading-email-thunderbird-1173089
>
>
> It works fine, but I have to click on the double arrows (top right)
> all the time and then type "Yes"
>
> Is there a way to have this header with a default value "Yes" attached
> to all outgoing messages automatically?
>
> My guess is it is probably not possible, but you never know. Thanks.

One way to do this would be to run your own Mail Transfer Agent (MTA)
such as exim, postfix etc. This would become the SMTP server to which
Thunderbird passes the message. You would configure the MTA to add the
required header and then forward all messages to the next SMTP  erver
(which is probably your ISP's SMTP server). This MTA could, conceivably,
run on the same host as Thunderbird (e.g. a laptop).

For postfix, for example, you would read
http://www.postfix.org/STANDARD_CONFIGURATION_README.htm to get started.
The header addition would be achieved either with PREPEND header_check
(http://www.postfix.org/header_checks.5.html) or by configuring the
AlterMIME milter (http://www.postfix.org/header_checks.5.html) in the
case that you feel like you might want to do more mail manipulation later.


>
> -- 
> Ottavio Caruso
>
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Putting small web site online

[Darac Marjal]

On 12/05/2021 07:31, john doe wrote:
> Debians,
>
> I need to have a small web site online but I don't have a commercial
> link nor a server at home that can be publickly available.
>
> I'm planning to test/build the web site locally then have it published
> where it is publickly available.
>
> I'm thinking of using Gitlab to host my web site do you have a better
> solution when you can't host your web site yourself?
Ask your ISP. Many ISPs provide a small amount of web hosting to
customers. You'll usually be given an FTP account where you can upload
the source files of the web page, and the URL for the web page might end
up being something like www.YOUR-CUSTOMER-ID.YOUR-ISP.com, but it's a
great way to get started.
>
> Any feedback is appriciated.
>
> -- 
> John Doe
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: generate a rss.xml from a bunch of HTML files

[Darac Marjal]

On 10/05/2021 07:06, Andrei POPESCU wrote:
> On Lu, 10 mai 21, 01:44:32, Emanuel Berg wrote:
>> Charles Curley wrote:
>>
>>> Right. However, as I found out asking elsewhere, you can
>>> include HTML in Markdown.
>> Hehehe, let's see, first write HTML, then include it in
>> Markdown, then have the static site generator generate
>> HTML... brilliant :)
> Surely there must be some site generator with RSS support that takes 
> "plain" HTML as input.

I would guess that there isn't, purely because the task of figuring out
what information to extract is relatively awkward. OK, there are some
easy tasks such as "What is the title of the page?" ( tag), "What
is the publication date of the page?" (mtime of the file), but there are
trickier questions: "Who was the author of this page?" (well, we could
hope for a meta tag, and fall back to the user running the tool,
perhaps) and "What's the copyright of the page?" (I'm fairly certain
there's no standard tag for that in HTML). Finally, there comes to the
tricky bit of the page summary. Most feeds provide a summary of the page
content to entice readers to read the whole article; one or two
paragraphs should be sufficient. But if you've ever used the "Reader
Mode" of a web browser, or ever pointed a screen reader at a web page,
you'll know that finding the body of the page isn't a 100% accurate task.

This is why so many site generators prefer you to provide the pieces and
they'll build up the final HTML. HTML *is* supposed to be a semantic
language rather than a presentation language (that is, one could argue
that the first few  tags are the first few paragraphs of the page),
but if you're asking for a tool that can parse arbitrary HTML
(including  machine-generated HTML), then I don't think it's going to be
easy.

>
> Kind regards,
> Andrei



OpenPGP_signature
Description: OpenPGP digital signature

Re: URGENT..! Very annoying when UPDATE = debian.map.fastlydns.net

[Darac Marjal]

On 06/05/2021 15:34, David Wright wrote:
> [cut]
> I thought the page rather full of gobbledegook, talking about SRV
> records and CDN instances. As for trying a different mirror, the only
> occurrence of "mirror" is "This service provides mirrors for the
> following Debian archive repositories".
>
> And the instance chosen, "cdn-fastly.deb.debian.org" is not actually
> among these mysterious SRV records, "_http._tcp.deb.debian.org",
> "prod.debian.map.fastly.net" and "dpvctowv9b08b.cloudfront.net" that
> we're not even told how to obtain.

SRV records are a DNS record type. That is, when you want to know what
IPv4 address example.org maps to, you ask for an A record; when you want
to know what IPv6 address it maps to, you ask for an  record. DNS
holds much more than just IP address records, though. You can ask it
"What servers handle the mail for the domain example.org?" (MX records),
"What is the geographical location of example.org?" (LOC records) and
"What are the SSH host keys of example.org, so that I don't have to
hassle users about trusting fingerprints?" (SSHFP records).

SRV records answer the question "Where is the ... service for 
located?" They are a more sophisticated response than a CNAME because
they contain quite a bit of information. Firstly, SRV records should
follow a defined format. "Everyone knows" that to get to the web server
on example.org, you open port 80 at www.example.org, don't they? But
what if you don't want to host it there? With an SRV record at
_http._tcp.example.org (HTTP is always served over TCP, but the format
is always _service._protocol.name), you can point it elsewhere.

The content of an SRV record consists of a string with four
space-separated fields: Priority, Weight. Port and Target. Priority and
Weight are used together, and any client which handles SRV records is
supposed to read them all to provide weighted load-balancing. Port and
Target are the most interesting parts here, though. With these, you can
tell a suitable client that the "HTTP" service for "example.org" is
actually on port 8080 of "dev.example.org" and, the client will connect
there instead of port 80.

Now, SRV records aren't magic. Many protocols either predate the idea of
SRV records, or just don't use it. Some protocols mandate its use. In
the case of HTTP, though, it would appear that the choice to use SRV
records is a client choice. If the User Agent performs an SRV lookup
(like _newer_ apt/apt-get versions do), then they can be redirected.
Otherwise, they will make the assumption to use the well-known addresses.

For more information, please re-read
https://en.wikipedia.org/wiki/SRV_record




OpenPGP_signature
Description: OpenPGP digital signature

Re: repeated system mail, /etc/.pwd.lock ?

[Darac Marjal]

On 04/05/2021 07:12, Emanuel Berg wrote:
> I get system mail all the time - I've got 2757 at the moment -
> that tells me that
>
>   [ 4/Apr/2021 22:11:33]
>   IN_CLOSE_WRITE /etc/.pwd.lock
>   * /etc/.pwd.lock is closed
>
> Any clues what that problem might be?
The "IN_" prefix tells you that this is an inotify event. IN_CLOSE_WRITE
fires when a process _had_ the specified file open for writing, but has
just closed it. Perhaps you have an "incron" job somewhere?
>
> TIA
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: problem with debian

[Darac Marjal]

On 30/04/2021 05:53, Andrei Nae wrote:
>
> Hi, I have a debien OS installed on VMware. When i do the command nano
> /etc/apt/sources.list, I don’t have the debian.map.fastlydns.net
> written in the file but as soon as I try to do apt update it tells me
> that debian.map.fastlydns.net can’t be reached.
>
What DO you have in that file? It's usually not recommended to put a
mirror name directly into that file, specifically for this reason;
individual mirrors sometimes are unavailable.

Instead, it's more common to use a country-wide name such as
ftp.xx.debian.org (where xx is a country code). These hosts don't really
exist, but are a series of redirects pointing to local hosting
providers. Sometimes the list is out of date, and the redirect might
take you to a host which is unavailable.

You can either wait a bit and try again, and you might get redirected to
a different host, or you can use the "new" system at https://deb.debian.org



OpenPGP_signature
Description: OpenPGP digital signature

Re: pci 0000:00:01:0: MSI quirk detected; subordinated MSI disabled ...

[Darac Marjal]

On 29/04/2021 14:03, Albretch Mueller wrote:
>> What is "alpha-offset format"?
>  we, corpora research kinds of folks, need to process thousand of
> files as other people process bytes. UTF8 was basically an
> Americanizierung of alle alphabets. UTF is great to describe an
> alphabet but not for text files.
>
>  UTF8 turned all files into streams not good for questions such as
> what is the charatcer/string sequence starting on the nth addressable
> unit of a file ...

Depends on what you mean by "addressable unit", surely? UTF8 is a
variable-length record format, but it's still addressable. Basically,
it's like taking a CSV file and saying "what's the contents of the cell
starting at byte 123"? CSV cells are variable length. Perhaps there
isn't such a cell. If you want to know the contents of the cell which
includes byte 123, then you need some context, don't you?

>
>  Doing that with utF8 is from way too complicated to impossible. Also
> alpha offset nicely splits the files segments into its different
> parts: ALPHABETICAL text, js, css, ...
So, do you use something more like UTF-32?
>
>  lbrtchx
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: how to use fetchmail with MS Office 365 / davmail?

[Darac Marjal]

On 29/04/2021 13:11, Eric S Fraga wrote:
> Dystopian is right.  Our organization, using O365, has moved to
> "multi-factor authentication" without consultation and I can no longer
> use gnus, for instance.  Absolutely horrible.

Ask your administrator to enable "Per Application Passwords" -
https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

The idea here is that, if a human is logging in, they still provide two
factors (something they know and something they have) via the TOTP
mechanism. But for automated access, where an application is logging in
on behalf of that user, the user generates a long one-off password ONLY
for that application. This works a bit like an API key - password #1 is
for gnus on laptop 1, password #2 is for Fetchmail on laptop 1, password
#3 is for gnus on laptop 2 and so on. Each instance of an application
gets its own long password.

It's ostensibly more secure than storing the user's password in that
application because:

* Per-App passwords are computer-generated. They can be tested for high
entropy and regenerated instantaneously, before a "good" password is
offered to the user. (I don't know whether this is actually done, or
whether it's just the output of a pRNG password generator)

* Per-App passwords can be revoked without spoiling access to other
applications. Did laptop 2 get stolen? Just revoke password #3 and you
don't need to change the passwords stored on Laptop 1.





OpenPGP_signature
Description: OpenPGP digital signature

Re: problem compiling linux-source-4.19

[Darac Marjal]

On 25/04/2021 20:23, John Covici wrote:
> Hi.  In the make bzImage step of compiling linux-source-4.19 I get the
> following error:
>
>   CC  arch/x86/hyperv/hv_init.o
>   arch/x86/hyperv/hv_init.c: In function ‘hyperv_init’:
>   arch/x86/hyperv/hv_init.c:338:52: error: expected expression before
>   ‘,’ token
> guest_id = generate_guest_id(0, LINUX_VERSION_CODE, 0);
> ^
>   
>  make[2]: ***
>   [scripts/Makefile.build:309: arch/x86/hyperv/hv_init.o] Error 1
>
> I am not trying to build the .deb package, just compiling.
>
> Thanks in advance for any suggestions.

I'm going to guess that the caret is *supposed* to line up with the
second comma on that line, rather than the "0", but it's close enough.
It looks like "LINUX_VERSION_CODE" is undefined, so your code is being
parsed as "generate_guest_id(0, ,0);" which is invalid C code.

Questions, then:

 * Do you get the same error if you build vanilla Linux (i.e. from
kernel.org?

 * How are you invoking this build?

 * What C compiler (and what version thereof) are you using?

 * Is there a reason you need what's now quite an old kernel?



>



OpenPGP_signature
Description: OpenPGP digital signature

Re: pci 0000:00:01:0: MSI quirk detected; subordinated MSI disabled ...

[Darac Marjal]

On 22/04/2021 20:53, Albretch Mueller wrote:
[cut]

>  I would also love to see networking taken out of the Linux kernel,
> but this is an entirely different, hellishly "political" issue.
It's not quite the same thing, but you might be able to get what you
want with the Debian HURD port .
HURD is a microkernel whereby the kernel only provides the most basic
services and almost all device drivers are implemented in user space.
>
>  lbrtchx
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Postfix configuration on Bullseye

[Darac Marjal]

On 20/04/2021 00:08, Charles Curley wrote:
> On installing on Bullseye, I usually install postfix, then configure it
> with "dpkg-reconfigure postfix".
>
> I use postfix here only for logwatch and other system emails, so the
> setup isn't concerned with the Internet at large.
>
> The default list of systems to accept mail for doesn't look right to me:
>
> grissom.localdomain, grissom.localdomain, localhost.localdomain, , localhost
>
> * Why is the fully qualified host name in there twice, but not the
>   hostname alone ("grissom")? (localdomain is my local TLD on a private
>   network.)
>
> * What with the two commas toward the end?
>
> Shouldn't that be
>
> grissom.localdomain, grissom, localhost.localdomain, localhost

This looks to come from the debian/postfix.config file, and is thus part
of the Debian packaging of postfix, rather than an upstream thing. In
that file, at line 228, we see: 

if ($mailertype eq "Internet Site") { if ($mailname eq $hostname) {
$destinations = join ", ",("\$myhostname", $mailname, "localhost." .
$domain, ", localhost"); } else { $destinations = join ",
",("\$myhostname", $mailname, $hostname, "localhost." . $domain . ",
localhost"); } } else { # don't accept mail for $mailname by default if
we have a relayhost or local only mail, # unless the mailname bears no
resemblance to $myorigin. $destinations = join ", ",("\$myhostname",
$hostname, "localhost." . $domain . ", localhost" ); unless ( $hostname
=~ m/(^|[\.])$mailname$/ ) { $destinations = $mailname . ", " .
$destinations; } }

[ Taken from
https://sources.debian.org/src/postfix/3.5.6-1/debian/postfix.config/#L228,
which might be easier to read if that wraps ]

This is perl, so the join() function takes a string and an array and
delimits the array with the string. So, if we take the first one as an
example, the literal string "$myhostname" is followed by a comma-space,
then the value in the "mailname" variable, then the literal string
"localhost." with the "domain" variable appended, then another
comma-space. Finally, the last element to be added to the list is ",
localhost". I don't know why this was written this way, but it means
that in every case, the "destinations" variable will end with ", ,
localhost"

Sadly, the earliest revision I can find of this file on salsa.debian.org
(https://salsa.debian.org/postfix-team/postfix-dev/-/commit/a0577ca96dda9c4e5e5bc9dd0c5b7cfc545c5804#ac03215119d5f2efaeb830653c7f84124ceed640_0_192)
already has the ", localhost" code in it, so I can't say why it was
written like that.

On the upside, though, this is an allowlist of domains postfix will
accept mail for. If there are duplicates, it shouldn't REALLY make much
difference. It's a nice to fix (just because, if you can't explain why
the code is doing something weird, you can't adequately say whether it's
a problem or not).






OpenPGP_signature
Description: OpenPGP digital signature

Re: Smart TV on WiFi as Extra Display

[Darac Marjal]

On 19/04/2021 12:24, Barak A. Pearlmutter wrote:
> I have a smart TV which includes a browser. (An LG running WebOS, as
> it happens.) It can, of course, display video streams from a given
> URL. So I'm hoping someone has figured out a way to create a virtual
> display on a Debian computer which streams its contents out as a live
> video stream on some nice port, and which X or Wayland or whatever
> sees as an extra display in xrandr or Gnome Settings>Displays or
> whatever.
>
> The dream:
>
> - on Debian box, run /usr/local/bin/virtual-display -size 1920x1080 -port 
>  &
> - on TV, browse to http://192.168.0.246:
> - go to Gnome Settings>Displays and enable/configure the new display
> - enjoy extra screen without dog chewing HDMI cable
>
> Bonus points for getting pulseaudio to have a new sink that sends
> audio output to the outgoing stream.

You might want to look at Apache Guacamole. It's a web application that
acts as a VNC/RDP/SSH client (that is, a web browser connects to
Guacamole, and Guacamole makes a separate connection to a VNC/RDP/SSH
server and renders the result in the browser).  There are instructions
in the manual for configuring audio with VNC and RDP.

I think the tricker part would be sending the appropriate Xinerama
notifications or whatever is required to tell the X server "A second
monitor has been plugged in", but perhaps someone better acquainted with
VNC or RDP can say if that's easily done.


>
> Cheers,
>
> --Barak A. Pearlmutter 
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections

[Darac Marjal]

On 15/04/2021 11:16, piorunz wrote:
> On 15/04/2021 03:15, Celejar wrote:
>
>>> It certainly works fine for me. I use https only mode for many months
>>> now. Can you bring an example of a page which returns good page on
>>> http,
>>> but 404 error on https?
>>
>> http://www.daat.ac.il/
>> https://www.daat.ac.il/
>>
>> Celejar
>
> Their webserver is misconfigured. AFAIR, if they don't support https,
> their server should redirect to http page. Instead, they throw 404 error.

If they don't support https, they shouldn't respond at all. Receiving a
404 comes after successful TLS negotiation. With HTTPS you first
establish a TCP connection to port 443 on the server, then you establish
a TLS tunnel to the server; only once those are complete can you send
the "GET" verb over the tunnel. The server has then, securely, responded
"I don't have a page called /".

While it's common practice for HTTP  and HTTPS sites to be identical,
it's not really built in to the protocol. I could well see a situation
where a webmaster might configure, say, just the /admin part to be
accessible over HTTPS.

That said, common use is changing. It's now expected that 
http://example.com, https://example.com, http://www.example.com and
https://www.example.com all serve identical content (mostly because
humans are terrible at paying attention to the full URL and just see
that all as "example dot com".

>
> Your web browser behaviour is as intended, everything is fine.
> If webadmins of that page don't know their sh*t, are you sure you want
> to use that website? Who knows what else they forgot to implement.
>
> Disclaimer: I never worked in IT, all self taught, but I have webpage
> which I put up myself on Debian computer, with https cert (it's free),
> TLS 2.0/3.0 only, PFS, HSTS preload with long duration, OCSP stapling,
> top spec security. These guys? They can't even redirect to their http
> page.
>
>
> -- 
>
> With kindest regards, piorunz.
>
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
> ⠈⠳⣄
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Using a remote computer and VGA

[Darac Marjal]

On 08/04/2021 22:51, Richmond wrote:
> Is it possible to use a local computer (L) to: ssh -Y to a remote
> computer (R), run a web browser on R which will then display on
> L, choose what to watch on Netflix, and then having started it, move the
> displayed browser window back to the X window on R, and then move
> it across to the television attached to the VGA port on R?
>
Not extactly, but this might work as an alternative. You will probably
want to use something like X11VNC
(https://packages.debian.org/buster/x11vnc). Unlike the standard VNC
server (which starts a separate display), X11VNC is designed for sharing
a real display.

The way this would work is that you start by SSHing to R. But you don't
need to forward X this time, just create a tunnel to port 5900 (the VNC
port): ssh -L 5900:localhost:5900 root@remote-host

Leave that SSH tunnel open and start a VNC client on L (running
"aptitude search '~Pvnc-viewer'" offers some options there). Connect the
VNC client to "localhost:5900". This is port 5900 on L, but the SSH
tunnel will pipe that through to port 5900 on R and you should be able
to see what's on screen on R.

Et voila, as they say in France, you now have a remote control of the
screen on R.





OpenPGP_signature
Description: OpenPGP digital signature

Re: scrcpy: a really cool and very useful utility not in debian repos?

[Darac Marjal]

On 06/04/2021 10:33, Albretch Mueller wrote:
> # date; apt install scrcpy
> Tue Apr  6 05:27:12 EDT 2021
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> E: Unable to locate package scrcpy
> #
>
>  https://github.com/Genymobile/scrcpy
>
https://packages.debian.org/search?keywords=scrcpy

Version 1.17 is in bullseye (testing) and sid (unstable). Perhaps it's a
relatively new application, and didn't exist when stable was released
(2019)?




OpenPGP_signature
Description: OpenPGP digital signature

Re: Parallel processing unit cluster for single ffmpeg calls?

[Darac Marjal]

On 05/04/2021 12:14, Christoph K. wrote:
> Hi folks,
>
> I was wondering if I can build a cluster to convert / transcode videos
> with ffmpeg.
>
> There are some workstations standing around here ... and I though maybe
> it's possible to combine their computing power?
>
> To be clear: The task is to work on a single video as fast as possible.
>
> I found this, but it's from 2010:
> http://www.samir.ca/2010/11/23/high-speed-ffmpeg-cluster-encoding-with-python-and-avidemux.html
>
> I have no experience in clustering and would be grateful for any
> useful hint.

Another tool from 2010 is dvd::rip https://www.exit1.org/dvdrip/ 

Specifically, the clustering information is at
https://www.exit1.org/dvdrip/doc/cluster.cipp

However, something more modern (and maintained) would be clustercode
https://ccremer.github.io/clustercode-docs/clustercode/index.html
although I've not tried that.


>
> Thanks,
> Christoph
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: Request: A Debian public Wiki repository/bank for complex code lines with examples, scripts, self-explanatory with terminal, otherwise Minimal explanatory texts

[Darac Marjal]

On 31/03/2021 10:46, Susmita/Rajib wrote:
> Follow Up from https://lists.debian.org/debian-user/2021/03/msg01459.html,
>
> Motivation:
> https://lists.debian.org/debian-user/2021/03/msg01358.html
> https://lists.debian.org/debian-user/2021/03/msg01362.html
> https://lists.debian.org/debian-user/2021/03/msg01365.html
> https://lists.debian.org/debian-user/2021/03/msg01435.html
>
>
>
> Wiki is not only about wikipedia,
>
> Word wiki to signify a collaborative effort in stockpiling code
> lines (Section 2 to be referred to, for elaboration). With minimal
> explanation. Only lines of codes (more in Section 2).

This sounds quite similar to https://tldr.sh

[cut]



OpenPGP_signature
Description: OpenPGP digital signature