Re: Question About Free File Transfering Apps

[tomas]

On Fri, May 31, 2024 at 01:16:28PM -0400, Greg Wooledge wrote:
> On Fri, May 31, 2024 at 05:30:19PM +0100, mick.crane wrote:
> > I only drag stuff in and out of the directory in Thunar. Dragging from the
> > directory takes a copy. I wondered what would happen if somebody deleted a
> > file while you were half way through fetching it.
> 
> If you're copying a file, that means some process has the file opened.

(that's what I meant with "the meaning of fetch". Is it the drag
process by the user? Then the file is not yet open -- and nothing
will be copied. Is it the actual copy? Then your description is
the most accurate one)

> Removing (unlinking) a file that's opened causes it to vanish from the
> raw directory, but the inode and the blocks of data are left alone until
> all processes have closed it.  Only then will it be marked for recyling.
> 
> You'll just have to hope that the (remote) copy succeeds on the first
> try, because once the remote reader loses connection, if the file is
> closed on the server, it's gone.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Question About Free File Transfering Apps

[tomas]

On Fri, May 31, 2024 at 05:30:19PM +0100, mick.crane wrote:

[...]

> I only drag stuff in and out of the directory in Thunar. Dragging from the
> directory takes a copy. I wondered what would happen if somebody deleted a
> file while you were half way through fetching it.

This will depend on the precise values you assign to "you" and "fetch". And,
of course to "delete".

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: moving some packages back to bookworm stable

[tomas]

On Mon, May 27, 2024 at 02:02:47PM -0400, Stefan Monnier wrote:
> >> > # apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin
> >> 
> >> I can never remember exactly what `-t` really does, but I suspect you'll
> >> need things like
> >> 
> >> apt install libc-bin/bookworm
> >
> > To install a single backported (or other release) package, 
> > apt-get install packagename/releasename
> >
> > and to install a backported package plus dependencies which
> > are also from that specific release, use 
> > apt-get -t releasename packagename
> 
> But that's not the whole story of what `-t` does since the above does
> not explain why his attempt to use `-t` to downgrade some packages
> resulted in `apt` saying " is already the newest version".

ISTR that "apt-get install =" will unconditionally
install  of , if necessary pulling in dependencies.

But I've never tried it :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Uninstalling a package and its entourage

[tomas]

On Mon, May 27, 2024 at 04:59:55PM +0200, Nicolas George wrote:
> Eben King (12024-05-27):
> > Is there an easier way to uninstall a package and everything it brought in
> > at one swell foop?  Thanks.
> 
> The packages you did not choose to install but were installed as a
> consequence are shown by apt-get when you do almost anything:
> 
> The following packages were automatically installed and are no longer 
> required:
>   

...and there is `apt-get autoremove' for that.

cheers
-- 
t


signature.asc
Description: PGP signature

Re: Aliases and OpenSMTPD

[tomas]

On Fri, May 24, 2024 at 01:08:56PM -0400, Paul M Foster wrote:
> On Fri, May 24, 2024 at 06:40:09PM +0200, to...@tuxteam.de wrote:
> 
> > On Fri, May 24, 2024 at 11:45:56AM -0400, Paul M Foster wrote:
> > > Folks:
> > 
> > [...]
> > 
> > > If I send an email directly to pa...@yosemite.mars.lan from buckaroo, it
> > > arrives. That means this config can do what it's designed to do, 
> > > basically.
> > > However, mails to "root" on buckaroo don't get to yosemite. They should,
> > > because my /etc/aliases table looks like this:
> > > 
> > > ---
> > > ...
> > > rootpa...@yosemite.mars.lan
> > > ---
> > 
> > Still out of my depth with OpenSMTPD, but... good ol' aliases,of sendmail
> > lore would have a colon after the "root" up there. The MTAs I know of
> > all have inherited that.
> 
> There is a colon in my aliases file. I just omitted it in the email.

I see. Then I'm out of ideas (except that "newaliases" thing). Perhaps
your MTA has a log file where to find clues?

Cheers & good luck
-- 
tomás


signature.asc
Description: PGP signature

Re: Address 127.0.1.1

[tomas]

On Fri, May 24, 2024 at 05:23:55PM +0100, Joe wrote:
> On Fri, 24 May 2024 17:17:45 +0200
>  wrote:
> 
> > On Fri, May 24, 2024 at 04:49:18PM +0200, Marco Moock wrote:
> > 
> > [...]
> > 
> > > If you operate mail servers, you must have a FQDN. .lan can't be
> > > used for the global DNS stuff, so set a proper FQDN that belongs to
> > > you.  
> > 
> > I think this is wrong in that sweeping generality.
> > 
> 
> I believe the dynamic DNS services will supply an FQDN if you don't
> have one, it just won't be personal, it will be one of theirs. But
> trying to run a mail server on a dynamic address leads to all kinds of
> blacklist problems.

As far as I know we are talking of local networks all the time. No
dynamic IP addresses, no routable IP addresses -- most probably no
DNS at all.

Of course, if you go "out there" things change drastically. More so
if your MTA is supposed to accept mail from "out there" then it needs
an MX record, yadda, yadda.

But if I understood OP correctly, we are far from this scenario.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Aliases and OpenSMTPD

[tomas]

On Fri, May 24, 2024 at 11:45:56AM -0400, Paul M Foster wrote:
> Folks:

[...]

> If I send an email directly to pa...@yosemite.mars.lan from buckaroo, it
> arrives. That means this config can do what it's designed to do, basically.
> However, mails to "root" on buckaroo don't get to yosemite. They should,
> because my /etc/aliases table looks like this:
> 
> ---
> ...
> rootpa...@yosemite.mars.lan
> ---

Still out of my depth with OpenSMTPD, but... good ol' aliases,of sendmail
lore would have a colon after the "root" up there. The MTAs I know of
all have inherited that.

And... if your MTA distro came with a command "newaliases" try running
that. Many MTAs like to look things up in a hashed version of the textual
file.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Address 127.0.1.1

[tomas]

On Fri, May 24, 2024 at 05:22:14PM +0200, Marco Moock wrote:
> Am 24.05.2024 um 17:17:45 Uhr schrieb to...@tuxteam.de:
> 
> > On Fri, May 24, 2024 at 04:49:18PM +0200, Marco Moock wrote:
> > 
> > [...]
> > 
> > > If you operate mail servers, you must have a FQDN. .lan can't be
> > > used for the global DNS stuff, so set a proper FQDN that belongs to
> > > you.  
> > 
> > I think this is wrong in that sweeping generality.
> 
> In the case it should communicate with other MTAs in the internet, this
> will be true because many of them require a resolvable (also reverse)
> FQDN in HELO/EHLO that matches the IPv4/IPv6 addresses of the server.

Definitely.

But then it'd another interface which isn't 127.0.0.1 or the 192.168.x.y

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Address 127.0.1.1

[tomas]

On Fri, May 24, 2024 at 04:49:18PM +0200, Marco Moock wrote:

[...]

> If you operate mail servers, you must have a FQDN. .lan can't be used
> for the global DNS stuff, so set a proper FQDN that belongs to you.

I think this is wrong in that sweeping generality.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 03:17:00PM -0400, Jeffrey Walton wrote:

[...]

> > If your LAN is isolated, you can basically do whatever you
> > want.
> 
> And then act surprised when networking breaks :)

You just have to understand what's going on, that's all
> 
> > And then there are "special" TLDs (.local, I'm looking at
> > you) where you'll get lots of fun effects should you decide
> > to use them (zeroconf, I'm looking at you :-)
> 
> I _think_ .local is reserved for mDNS. See
> .

It's a while ago -- I went through this in some $BIGCORP.
Windows ops insisted in having the internal top level as
.local (don't ask :-)

For me it was as easy as kicking out Avahi. For the Mac
users it was... interesting :-)

> It looks like .internal and possibly .private are coming soon. See
> 
> and .

Whatever. Your net, your rules. Just make sure the software
you use plays along (Avahi is fond of .local because of
mDNS, for example).

Cheers
-- 
tomás


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 01:50:21PM -0400, Jeffrey Walton wrote:
> On Thu, May 23, 2024 at 12:08 PM Paul M Foster  
> wrote:
> >
> > On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
> >[...]
> > > Also, I think you should be using *.home.arpa, and not *.lan.
> > > home.arpa is reserved for private use by ICANN and the IETF. I suspect
> > > *.lan is not reserved for private use.
> >
> > On a LAN, you can use anything you like. I've used .mars.lan for decades
> > with no difficulty.
> 
> Citation, please.

No need. It just works. Of course, if you have domain names
in your LAN which also is "out there", you won't "see" both.

If your LAN is isolated, you can basically do whatever you
want.

And then there are "special" TLDs (.local, I'm looking at
you) where you'll get lots of fun effects should you decide
to use them (zeroconf, I'm looking at you :-)

That's the why of the above recommendation.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 07:53:31AM -0400, Paul M Foster wrote:
> On Thu, May 23, 2024 at 12:54:31AM -0400, Jeffrey Walton wrote:
> 
> > On Thu, May 23, 2024 at 12:43 AM Paul M Foster  
> > wrote:
> 
> [snip]
> > 
> > On the video server, run nslookup and see if it can resolve 
> > yosemite.mars.lan.
> 
> Nslookup fails. However, yosemite.mars.lan is in the hosts file and you
> can successfully ping it. It has a fixed (local) IP, which was set in the
> router. I don't understand why nslookup fails when buckaroo knows who
> yosemite is.

Nslookup asks directly your name servers (those in the resolv.conf).
Programs should ask the local resolver [1] , which can (and usually
is) configured to look first in /etc/hosts (that's this line

  hosts: files dns

in your /etc/nsswitch.conf). Some applications (browser, I'm looking
at you!) which deem themselves more important than all the other
snowflakes are starting to bypass this.

Cheers

[1] this is a library, which comes with a man page
-- 
tomás


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[tomas]

On Thu, May 23, 2024 at 07:46:30AM -0400, Paul M Foster wrote:
> On Thu, May 23, 2024 at 06:38:11AM +0200, to...@tuxteam.de wrote:

[...]

> > Have you tried leaving out the "paul@" part? [...]

> The smarthost URL is straight out of the man page. The "paulf@" part allows
> OpenSMTP to figure which credential in the "secrets" file to use.

Makes sense, yes.

> 
> However, I took your advice and lopped off the "paulf@" from the URL, and
> managed to get an email through. Go figure.

And this doesn't, but glad you got it working :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: OpenSMTPD can't parse smarthost

[tomas]

On Wed, May 22, 2024 at 09:37:18PM -0400, Paul M Foster wrote:
> Folks:
> 
> Here's a shot in the dark. I've looked up and down the internet, and can't
> find a solution.

[...]

> "warn: Failed to parse smarthost smtp+notls://pa...@yosemite.mars.lan:25"
> 
> Note that the "protocol" doesn't matter. I can use "smtp" alone as the
> protocol, and it still won't parse. And yes, yosemite.mars.lan is in my
> local hosts file.

But "p...@yosemite.mars.lan" doesn't look like a host (unless you are
trying to sneak in the creds in the URL -- then I'd expect something
like user:pass@host). No idea how opensmtp works and whether it tries
to parse credentials off the URL.

Have you tried leaving out the "paul@" part? Do you have access credentials
elsewhere in your config (typically they are in a separate file to better
control access to that).

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Markup in mail messages

[tomas]

On Fri, May 17, 2024 at 03:25:49PM -0400, Stefan Monnier wrote:
> >> Actually I've been tempted to teach my mail reader to transform HTML
> >> into some lightweight markup (yeah, you need a bit of heuristics for
> >> that ;-) -- say Org, but why not its poor sister Markdown.
> > Please don't settle for markdown. I would love a org filter!
> > org-mode just handles tabular data admirably :)
> 
> Just beware that Org's code is generally written under the implicit
> assumption that the Org document is trusted, so if you try to reuse
> parts of Org's code to do the rendering be extra mindful of the
> potential for security holes.

My tip of the hat towards Org was somewhat tongue-in-cheek. The
problem I actually see with Org (and with Markdown, to a lesser
extent) is that they are pretty ad-hocish and tinker friendly.

Which is a *big* plus on the one hand.

On the other, though, once you want to formalize the thing (a
prerequisite to be able to even start talking about security),
a myriad of dialects has evolved.

Then you either need a dictatorship (Github aka Microsoft, cf.
"github flavoured Markdown") or you have a long and painful
process (Org is trying, currently).

The upside of Org and Markdown is that you (currently, at least)
don't need a special reader to make sense of them.

But (that's the fourth or fifth hand?) if you follow the evolution
of HTML, back then (TM) you didn't need a special reader either.
Looking at the crud generated by e.g. "modern" Microsoft mailers,
though...

There's room for information technology sociologists here :)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to create a custom Debian ISO

[tomas]

On Thu, May 16, 2024 at 05:20:40PM +0200, Thomas Schmitt wrote:
> Hi,
> 
> Aditya Garg wrote:
> > I would prefer making the ISO as similar to the official Debian ISO and just
> > replace the Debian kernel with the customised kernel.
> 
> In that case, i'd go along

[...]

Not the OP, but thanks, Thomas. Your posts are always
a trove. And pleasant, on top!

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Markup in mail messages

[tomas]

On Thu, May 16, 2024 at 09:28:05AM -0400, Stefan Monnier wrote:

[...]

> So, yes, I encourage you to send more of those, and if your recipients
> don't like the result, try and get them to complain to their
> MUA's authors (most of those MUAs are of course proprietary and are not
> very ... responsive, but that's all we can do).

Actually I've been tempted to teach my mail reader to transform HTML
into some lightweight markup (yeah, you need a bit of heuristics for
that ;-) -- say Org, but why not its poor sister Markdown.
> 
> The stupidest case I bumped into is Github where replying by `plain/text`
> email lets you add comments to an issue, but `text/markdown` replies are
> simply sent to `/dev/null` even though Markdown is the standard format
> they use in the web interface.

What'd you expect from Microsoft? -- Excelence!1!!

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: OT: Top Posting (was: Dovecot correct ownership for logs)

[tomas]

On Tue, May 14, 2024 at 04:08:19PM +0200, Richard wrote:
> Just because something isn't an official ISO standard doesn't mean it's not
> standard behavior. And how it relates to this mailing list? It's called a
> setting.

Most people prefer inline quoting around here (I know I do). That's
because for big mailing lists, with long threads, it works much, much
better.

That said, we usually are tolerant of top posts. What gets me
is the hostility of your reaction. You aren't going to convince
anyone. Even not with "industry standards" [1]

As far as your main concern goes... I lost interest.

Cheers

[1] Q: How many Microsoft technicians does it take to change a
   light bulb?
A: None, they just redefine Darkness (TM) as the new industry
   standard.

https://www.linux.com/news/how-many-microsoft-technicians-does-it-take-change-light-bulb/

-- 
t


signature.asc
Description: PGP signature

Re: Dovecot correct ownership for logs

[tomas]

On Tue, May 14, 2024 at 02:11:53PM +0200, Richard wrote:

[...]

> Setting the permissions in /var/log/dovecot to 666 actually didn't
> solve the problem [...]

This seems to prove (or, at least, strongly suggest) that I was barking
up the wrong tree. I've currently run out of trees and at $DAYJOB, so
tight on resources. Good luck :)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Dovecot correct ownership for logs

[tomas]

On Tue, May 14, 2024 at 07:36:17PM +0800, jeremy ardley wrote:

[...]

> Postfix is chrooted (usuallly) to /var/spool/postfix
> 
> If postfix complains about /var/log/dovecot it's actually complaining about
> /var/spool/postfix/var/log/dovecot

I'm sceptical about this -- the error would have been ENOENT, not EPERM
(because an intervening directory would be missing).

But of course, I might be wrong.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Dovecot correct ownership for logs

[tomas]

On Tue, May 14, 2024 at 01:29:17PM +0200, Richard wrote:
> My guess is that postfix runs as postfix.

That would be my guess too (or perhaps as some special "Debian-+postfix".

> At least processes like local,
> smtpd, bounce etc run as that user. But beyond that I have no idea how to
> find that out. At least there's nothing in the postfix.service or
> postfix@.service
> about that. So I've changed the files to dovecot:postfix 664, but same
> error.

You might try

  ps -eo pid,user,group,comm | grep postfix

or similar. Or have a look at Posrfix's log file ownerships.

You might try making the log files in question world writable just
to see whether the problem disappears or this approach is a blind
alley (don't forget to revert that: leaving them world-writable
seems like asking for trouble).

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: sudo echo 1 > /proc/sys/net/ipv4/ip_forward [was: How to run automatically a script as soon root login]

[tomas]

On Tue, May 14, 2024 at 04:54:26PM +0800, Bret Busby wrote:
> 
> Wasn't sudo echo the name of a pop group?
> 
> :)

If it wasn't it should've been one.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to run automatically a script as soon root login

[tomas]

On Tue, May 14, 2024 at 08:09:18AM +0200, Mario Marietto wrote:
> Nobody can show a different way,a modern way, for creating my script ? Why
> did I feel so comfortable by recreating the 1960s GOTO statement in Bash ?

I think your style is too alien to most of the people here to
make them feel their time is worth trying to wrap their heads
around it (I just got a rough feeling on how it works, asked
myself "Why?" and went on).

You'll have to go it alone if you chose such an idiosyncratic
style, it seems.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Dovecot correct ownership for logs

[tomas]

On Mon, May 13, 2024 at 10:16:13PM +0200, Richard wrote:
> Maybe someone here knows how the ownership of these files for Dovecot needs
> to be in order to work, as various distributions of Dovecot packages seem
> to use different users:
> I'd like Dovecot not to log into syslog, but to dedicated files. Therefore
> I've created the directory /var/log/dovecot and told dovecot in
> 10-logging.conf to log info, debug and error messages to separate files.
> But I get error messages from postfix (weird):

I think this Dovecot's LDA (the local delivery agent) [1], which is
invoked by the MTA (Postfix) and is, therefore, most probably running
as postfix.

[...]

> > (temporary failure. Command output: lda(user): Error:
> > net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied Can't
> > open log file /var/log/dovecot/error.log: Permission denied )

This message actually is an indicator against the chroot theory posed
elsewhere in this thread (in a chroot, you would get "no such file or
directory", I guess).
> 
> This is the content of /var/log/dovecot:
> -rw-r--r--  1 dovecot dovecot0 13. Mai 20:50 debug.log
> -rw-r--r--  1 dovecot dovecot  880 13. Mai 21:21 error.log
> -rw-r--r--  1 dovecot dovecot  40K 13. Mai 21:20 info.log

Try to set the log file's group to mail (or whatever group Postfix is
running as) and make them group writable.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: sudo echo 1 > /proc/sys/net/ipv4/ip_forward [was: How to run automatically a script as soon root login]

[tomas]

On Mon, May 13, 2024 at 08:37:16PM +0200, Erwan David wrote:
> Le 13/05/2024 à 19:45, Stefan Monnier a écrit :

[...]

> >  % sudo zsh -l
> >  # echo 1 > /proc/sys/net/ipv4/ip_forward
> >  # ^D
> >  logout
> >  %
> > 
> > 
> > 
> > 
> >  Stefan
> > 
> > 
> sudo -i will do the job instead of sudo zsh -l

...provided Stefan's shell in /etc/passwd is set to
zsh, that is :)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: sudo echo 1 > /proc/sys/net/ipv4/ip_forward [was: How to run automatically a script as soon root login]

[tomas]

On Mon, May 13, 2024 at 01:45:40PM -0400, Stefan Monnier wrote:
> > $ su -
> > Password:
> > # echo 1 > /proc/sys/net/ipv4/ip_forward
> > # ^D
> > logout
> > $
> >
> > I don't need no stinkin' sudo :-)
> 
> And if you only have `sudo`, but not the root password, of course:
> 
> % sudo zsh -l
> # echo 1 > /proc/sys/net/ipv4/ip_forward
> # ^D
> logout
> %

Or just "sudo -s", which will invoke "your" favourite shell. Or "sudo -i",
which will do roughly the same (-s looks first at $SHELL, then at passwd,
-i looks at passwd and invokes a login shell).

> 

I always forget how my fave shell is spelt ;-)

Cheers
-- 
t


signature.asc
Description: PGP signature

sudo echo 1 > /proc/sys/net/ipv4/ip_forward [was: How to run automatically a script as soon root login]

[tomas]

Since this happens so often, I'm trying to offer a recap.

As others have noted, the above

  sudo echo 1 > /proc/sys/net/ipv4/ip_forward

won't work, since it runs echo under sudo, but the file opening
(that pesky ">") happens in your shell, which is probably running
unprivileged (otherwise, what do you need the sudo for, anyway?)

Others have rightfully noticed that, in this case, sysctl possibly
is the more appropriate tool for the job.

Barring that -- what is to do?

One solution put forward was to wrap a whole shell in the sudo:

  sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Of course, you can (gasp!) wrap a whole xterm which invokes a
shell (why not go the full thing and wrap LibreOffice Calc? It
surely has a shell escape hidden somewhere ;-)

Another solution is to find a program which would be willing
to open a named file for you and sudo that one.

A common choice would be tee (which in this case has the side
effect of dumping the desired output *also* to stdout:

  echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

(also outputs 1 to stdout). Less common, but my personal favourite
is dd, which is free of that side effect (it's harmless enough
when it's just an "1", but if longer data is involved...):

  echo 1 | sudo dd of=/proc/sys/net/ipv4/ip_forward

(note that dd's default if is stdin).

Now share your ideas :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to run automatically a script as soon root login

[tomas]

On Mon, May 13, 2024 at 06:06:37PM +0200, Hans wrote:
> Am Montag, 13. Mai 2024, 13:24:17 CEST schrieb Greg Wooledge:
> > On Mon, May 13, 2024 at 07:36:07AM +0200, Richard wrote:
> > > .profile
> 
> Sorry, dumb question: Depending of the shell, the user is using (let's say, 
> he 
> will use bash), can the script not be added into ~/.bashrc?

Yes. Consult your shell's manual. And it will also depend on whether
it is considered to be a "login shell". And on a couple of other
factors.

> If yes, second dumb question: Coiuld it be ANY script or command? 
> (also running as non-rootuser, like adding "runuser -u myuser 
> command_whatever").

Root can do this, yes.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to run automatically a script as soon root login

[tomas]

On Mon, May 13, 2024 at 09:17:31AM -0400, Greg Wooledge wrote:
> On Mon, May 13, 2024 at 02:03:59PM +0100, Richmond wrote:
> > >> sudo xterm -e "echo 1 > hello"
> 
> > Yes, but why did it allow me to delete the file? I was not root
> > then. Try it.
> 
> Because you have write permission on the *directory* that the file is in.
> 
> Removing (unlinking) a file is an operation that modifies a directory,
> not the file itself.  You don't need write permission on the file.  Just
> the directory.

Unless the directory has the sticky bit set (e.g. /tmp).

(For completeness: I know you know that).

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to run automatically a script as soon root login

[tomas]

On Mon, May 13, 2024 at 02:53:18PM +0200, Nicolas George wrote:
> to...@tuxteam.de (12024-05-13):
> > That's like slicing your morning baguette with the chainsaw.
> 
> Worse than that, it will only work from an X11 environment. Certainly
> not at boot.

The analogy to that would be that not many kitchens are equipped with
a chainsaw. Mine isn't ;-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: How to run automatically a script as soon root login

[tomas]

On Mon, May 13, 2024 at 01:36:23PM +0100, Richmond wrote:
> I was experimenting, and found this works:
> 
> sudo xterm -e "echo 1 > hello"

That's like slicing your morning baguette with the chainsaw.

But if it works for you... hey :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Spurious messages at the console

[tomas]

On Sat, May 11, 2024 at 08:57:24PM -0400, Paul M Foster wrote:

[...]

> Excellent advice. Thanks.
> 
> Here's an oddity. The following commands are equivalent, according to the
> dmesg(1) man page:
> 
> dmesg -n 1 and dmesg -n emerg
> 
> But according to every document I've viewed, "emerg" is code for 0, not 1.
> If anyone can explain, I'd be interested.

This is funny, yes. It seems intentional, though:

  https://sources.debian.org/src/util-linux/2.38.1-5/sys-utils/dmesg.c/#L1505

calls parse_level with a second arg of 0, which causes parse_level()

  https://sources.debian.org/src/util-linux/2.38.1-5/sys-utils/dmesg.c/#L348

to add an offset of 1. No idea what the thought behind this is.

Perhaps backward-compat to some forgotten lore?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Spurious messages at the console

[tomas]

On Fri, May 10, 2024 at 05:30:44PM -0400, Paul M Foster wrote:
> Folks:
> 
> I've installed Debian (latest) without X on a small form factor PC, and
> typically SSH into it, though I also have a keyboard and monitor
> temporarily connected to it.
> 
> I'm getting spurious error messages in groups on the monitor connected to
> it. They look like:
> 
> [76056.389126] pcieport :00:1c.0: PCIe Buss Error: severity=Corrected,
> type=Physical Layer, (Reciever ID)
> 
> That's just one line. Others are related but different. These happen every
> few minutes, and only on the monitor, not where I'm SSHed in.

I don't know exactly what this is doing (to my naïve eye it looks like
some part of the PCI bus is doing things the kernel doesn't expect but
thinks it can fix) but...

> It would be neat to know what's going wrong, and if you can come up with a
> reason, I'd be interested. But I'm not really fixated on that. Instead,
> what I'm interested in is how to make them stop.

...for that try "dmesg -D" (see man dmesg). You can also try to mess
with the value of /proc/sys/kernel/printk, documented, e.g. here [1],
to set it permanently.

Cheers

[1] https://www.kernel.org/doc/html/latest/core-api/printk-basics.html
or, of course, locally. If you are in Debian, part of the linux-doc
package, in /usr/share/doc/linux-doc/html/core-api/printk-basics.html

-- 
t


signature.asc
Description: PGP signature

Re: Debian no es tan fácil como dicen

[tomas]

On Fri, May 10, 2024 at 11:45:25AM -0400, Carlos Garcia Elmis wrote:
> Hola equipo Debian, soy nuevo en Linux/GNU y en si no es una correo de
> queja si no de ampliar Debian, no solo instale Debian si no también un
> montón de sus derivados, y en todos menos en una fue que me facilito la
> vida y estoy hablando de deepin:

[...]

¡Hola, Carlos!

- No hay equipo aquí: esta es la lista de los usuarios

- Si quieres hablar con usuarios en castellano, por aquí
 hay una lista en este lenguaje:

  https://en.wikipedia.org/wiki/Variant_Call_Format

 Quizás sea más apropiada para ti (la mayoría de la gente
 aquí no entiende castellano)

- Me alegro mucho que te guste Deepin; sin embargo, aquì
 encontrarás gente que usa Debian y lo prefiere así (yo
 soy uno de esos). Tengo dudas de que una misiva como
 la tuya sea ùtil en este caso.

Saludos
-- 
tomás


signature.asc
Description: PGP signature

Re: Lightweight Emacs for container?

[tomas]

On Mon, May 06, 2024 at 04:19:32PM -0400, Stefan Monnier wrote:
> > Is there some package, or a simple workaround, that will allow me to use
> > a basic Emacs without all the cruft?
> 
> I think the usual answers look like:
> 
> - Use Zile (or some other small Emacs-inspired editor).
> - Use Tramp (i.e. run Emacs outside the container and access the
>   container's files as a kind of remote host).

Tramp is the way to go, for a bunch of other reasons. You carry around
your set of customizations. You have less instances to keep up to date
and to care-and-feed.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: large complaint / very urgent

[tomas]

On Mon, Apr 29, 2024 at 06:03:46AM +, crackmap wrote:
> hello
> 
> large complaint

But in the wrong direction, in many ways.

> Please forward this mail to the Debian department; Update and Upgrade

There is no "Debian department" -- this is a volunteer project.
Help out!

> thank you in advance ! ! !
> 
> I'm really pissed off !!!

That's unfortunate. I'll refrain to further comment on this.

> why does Kali-Linux not get Firefox-ESR update for months ? ? ?

This is the Debian user's mailing list, so your complaints
are wrong here. Most people won't be able to help you.

> Kali-Linux is running with version Firefox-ESR 115. 8 and we are, however, at 
> version 115. 10 ! ! !

Kali has its own project infrastructure. You are welcome to
help out there:

  https://www.kali.org/docs/community/contribute/

> Is Linux Debian bankrupt ???
> 
> Linux Debian needs money ???

Debian doesn't take direct donations, but you can always
donate to Software in the Public Interest -- this will help
all of us (yes, you too).

> please fix quickly !!!

Go and fix it yourself (see above). This would be a little
"thankyou" for all the stuff you got for free!

> The Debian update doesn't work with Linux Parrot Security either ! ! !

Why should it? Want to submit a proof-of-concept to convince
people that it's a good idea?

> Very poor performance of Debian Linux .

Hey, you not only get it for free, but on top or that, it's
free software. Take it, enhance it -- or leave it.

Cheers
-- 
tomás


signature.asc
Description: PGP signature

Marking as spam [was: *****SPAM***** Re: LibreOffice removed from Debian]

[tomas]

Hi, Hans

is it your mail setup adding that *SPAM* decoration to the
subject?

Just curious...

cheers
-- 
t


signature.asc
Description: PGP signature

Re: tbird troubles

[tomas]

On Wed, Apr 17, 2024 at 05:00:05PM -0400, gene heskett wrote:
> On 4/17/24 14:52, The Wanderer wrote:

[...]

> > You're welcome.
> > 
> > Please extend your thanks to Tomas, who is the one who tracked down the
> > links that led to the bug report where I found the analysis and this
> > advice, and also to Curt, who was giving the same recommendation in
> > different terms before I got to it [...]

Heh. Actually, this was a beautiful example of collaborative pondering.

It was eben's hint to start the thing from the command line and you
reporting the results (still two windows) what set me off to go with
the right terms to the search engine.

[...]

> Also, many thanks to those whose mother tongue is not English, for learning
> English [...]

Actually I'm thankful for having got the chance to learn a couple of
languages. It has been a lot of fun. And also to you folks who put up
with my mediocre English.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: opinion - apt-mirror or aptly

[tomas]

On Wed, Apr 17, 2024 at 05:49:29AM +, fxkl4...@protonmail.com wrote:
> i intend to create a local mirror for debian armhf
> it seems apt-mirror and aptly are the applications most used
> is one easier, more reliable, ...

Has it to be a mirror, or would a cache do? I'm asking, because
a cache is easier to set up, *and* much easier to use.

What are your aims?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: is security.debian.org broken

[tomas]

On Wed, Apr 17, 2024 at 05:26:57AM +, fxkl4...@protonmail.com wrote:
> have a look at
> 
> https://security.debian.org/debian-security/dists/bookworm-security/updates/
> 
> is it broken or just me

Works here, too.

Folks -- "broken" is a very short problem description. A bit
more detail is always helpful :)

I know it's sometimes difficult, but trying doesn't hurt.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: tbird troubles

[tomas]

On Tue, Apr 16, 2024 at 10:39:42AM -0400, The Wanderer wrote:
> On 2024-04-16 at 10:28, Greg Wooledge wrote:
> 
> > On Tue, Apr 16, 2024 at 02:21:27PM -, Curt wrote:
> > 
> >> Have you tried *closing* one of the two windows, *quitting* the 
> >> remaining one, and then restarting your bird?
> > 
> > In his original message, he claimed that closing one window makes
> > the other one also close.
> > 
> > I asked *how* he was closing them, and he said that he gets the same 
> > result whether he uses the WM's close button, or the application's
> > Exit menu choice.
> 
> From what I saw in a Bugzilla bug report [...]

Thanks for actually reading the links for us -- I was too deep
in some ugly PHP code to do it myself ATM.

Makes sense, TB seems to remember its window configuration [1] when
closing, like its cousin but seems to remember "I had *two* windows
last time around", quite unlike its cousin.

Cheers

[1] Can't they just let the window manager do its job?

-- 
t 


signature.asc
Description: PGP signature

Yet another lick at Gmail and Google [was: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick]

[tomas]

On Tue, Apr 16, 2024 at 01:39:34PM -, Curt wrote:

[...]

> It would've been clearer to have advised using another mail application,
> period [...]

> But no harm, no foul, and all is well. The only real mystery is how
> Tomas resisted getting yet another lick in against Gmail and Google, et
> al.

Because it'd been off-topic, just as your little oblique stab here is ;-D

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: e1000e driver Network Card Detected Hardware Unit Hang

[tomas]

On Tue, Apr 16, 2024 at 09:05:29AM -0400, Stefan Monnier wrote:
> > It has been known to happen that drivers implement workarounds for issues
> > in the hardware itself, so that hardware bugs do not get tripped (or are
> > tripped less often).
> 
> 
> 
> You make it sound like it's a rare occurrence, but it's actually
> quite common.  Most of it is discrete so you'll rarely be exposed to it,
> but `grep bugs /proc/cpuinfo` is one of the places where you can see it
> being somewhat documented.

One might argue that a driver's whole raison d'être /is/ to work around
hardware bugs. But then, perhaps I'm a cynic ;-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: tbird troubles

[tomas]

On Mon, Apr 15, 2024 at 03:10:20PM -0400, gene heskett wrote:

[...]

> > Try running "thunderbird" from a terminal emulator and see what happens.
> > 
> Stopped it. opened an xfce4 terminal and typed "thunderbird"enter, same old
> same old, two gui's stacked on top of each other.

This, at least, rules out the mouse.

OK, asking my favourite search thingy (spoiler: it's not that one
with the big G) for 'thunderbird "two windows"' yields a couple of
promising hits (no time to peruse them right now, sorry):

  https://forum.manjaro.org/t/thunderbird-two-windows-workaround/154069
  https://bugzilla.mozilla.org/show_bug.cgi?id=531588
  http://forums.mozillazine.org/viewtopic.php?f=39=1962329
  
https://blog.ueffing.net/post/2018/03/24/thunderbird-starts-with-two-window-instances/

At least, you don't seem to be the only one having the fun :)

HTH
-- 
tomás


signature.asc
Description: PGP signature

Re: config files - newline possible?

[tomas]

On Thu, Apr 11, 2024 at 05:56:05PM +0200, Hans wrote:
> Hi folks, 
> 
> O know in shell scripts it is possible, to seperate a looong line of commands 
> into several short lines.
> 
> But can this be done in config-files, too?
> 
> I have a files with the syntax like this:
> 
> Do_not_write="/path1/subfolder /path1/subfolder2 ... /pathX/subfolderX"

As Nicolas George says, "config-file" is too generic a term.
If the above is a variable assignment, then you can escape the
newlines with a backslash, like so

Do_not_write="path1/subfolder \
  path1/subfolder2 \
  ..."

Note that the backslash has to be the last character in the
line. No extra whitespace after that (this is somewhat
fragile). I prefer to put such things in here docs:

read -d '' Do_not_write <<"__END"
this
that
the other
__END

echo "Do_not_write"
=>
this
that
the other

Put attention to the quotes. In bash, type "help read" to learn
about the options (it is a builtin, it has to).

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: NextGov: Linux XZ Utils Backdoor Was Long Con, Possibly With Support

[tomas]

On Fri, Apr 05, 2024 at 08:38:36PM +0200, to...@tuxteam.de wrote:

[...]

> No, on the contrary. First of all, it is great that it has been
> caught /before/ it could cause much harm [...]

...and of course kudos and thans to Andres Freund who spotted
the thing!

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: NextGov: Linux XZ Utils Backdoor Was Long Con, Possibly With Support

[tomas]

On Fri, Apr 05, 2024 at 12:27:03PM -0400, Cindy Sue Causey wrote:
> Hi, All..
> 
> This just hit my emails seconds ago. It's the most info that I've
> personally read about the XZ backdoor exploit. I've been following
> NextGov as a friendly, plain language resource about government:
> 
> Linux backdoor was a long con, possibly with nation-state support, experts 
> say;
> By David DiMolfetta; 2024.04.05 12:59pm EDT
> 
> https://www.nextgov.com/cybersecurity/2024/04/linux-backdoor-was-long-con-possibly-nation-state-support-experts-say/395511/
> 
> Continues to sound like one single perp is destroying the TRUST factor that an
> untold number of future programmers must meet. That's heartbreaking.

No, on the contrary. First of all, it is great that it has been
caught /before/ it could cause much harm -- I think this is a
testament to the free software community. Second, this is one
pretty standard instance of supply chain attack (albeit a pretty
spectacular one), of which there have been quite a few during the
last decennium. Another spectacular one was event-stream [0],
from 2018 or the Solarwinds [1] things (interestingly, proprietary
software tends to fare significantly worse than our beloved
free software).

There is a growing corpus of academic work dedicated to it. This
nice overview [2] goes over 174 cases (and is already 4 years old).

So hardly new. What's special about this case is that the contributor
had been working for the project for two years, thus earning trust
with the community -- the most widespread notion seems to be that
they had been planning the thing all along. I see at least another
possible interpretation, that they started as a genuine contributor
and wend bad, be it by bribing, coertion, or even replacement. Secret
services and hackers (where's the difference, anyway?) are like
that. Opportunists.

Reminds us that trust is, at the root, a human thing, and thus sometimes
fragile. As in Real Life, we need ways to recover.

Cheers

[0] https://lwn.net/Articles/773121/
[1] 
https://en.wikipedia.org/wiki/SolarWinds#2019%E2%80%932020_supply_chain_attacks
[2] https://arxiv.org/abs/2005.09535

-- 
t


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Tue, Apr 02, 2024 at 07:14:02AM -0500, Nate Bargmann wrote:
> * On 2024 01 Apr 23:41 -0500, to...@tuxteam.de wrote:

[...]

> > This pattern has been seen in other contexts. Here [1] is a good review
> > of "supply chain attacks" [...]

> If you have Rust and Go in mind,

Absolutely not. On the contrary. I don't even think that the language
makes a difference in the risk of supply chain attack.

>  I am hugely skeptical of both, not
> because of the languages themselves but because both, from what I see,
> do not lend themselves easily to a set of known curated packages that
> can be used for development.
> 
> Noted Debian developer Ian Jackson wrote a blog post back on 21 March
> detailing the extra steps necessary to *only* use Debian Rust packages:
> 
> https://diziet.dreamwidth.org/18122.html

No need to convince *me*.

> > So yes, the pattern was known. It was, up to now, pretty unusual in
> > this context. But the deeper "the stack" becomes... (so I think Nate
> > had a point. That Andy read that as a "systemd insult" is IMHO
> > infortunate, because it clogs a potentially useful discussion. But
> > there you are).
> 
> I think Andy was responding to Jacob Bachmeyer's use of "katamari" to
> describe systemd/libsystemd which he uses again in:

Yes, but he preferred to latch on "systemd", which is a pity, because
the "katamari" part does have a point.

> > The next level is using a package phantasized by your trusty "AI" [2]
> > counsellor (and whose name was predicted by a malicious actor, because 
> > "AI" tends to phantasize names consistently). Note that this one was
> > just (yet?) a proof of concept.
> 
> I am guessing that the Jia Tan actor(s) are watching the response to
> this event carefully.  I doubt they have been deterred.

We don't know much about Jia Tan (and we might never know). To me, one
possible branch is the one most being talked about, that it was a
state-level actor (group) planning things for two years from the start.

More plausible to me would be a bona fide contributor who at some point
was picked up and turned bad (by bribery or coercion). That's more the
modus operandi of such actors [1]. To be honest, this one is also more
unsettling to me.

Cheers

[1] Remember Bruce Schneier's observation that the NSA is better at
   breaking knuckles than at breaking code?
-- 
t


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Mon, Apr 01, 2024 at 03:19:18PM -0500, Nate Bargmann wrote:
> * On 2024 01 Apr 14:01 -0500, Andy Smith wrote:

[...]

> Until now, who anticipated this?  I'm sure there are security
> researchers who have and it's likely that I'm not well-read enough on
> this topic to have seen it discussed.  How many people did it occur to
> that when A links to B and B links to C that C can create a
> vulnerability in A?  That is what I understand happened here.

This pattern has been seen in other contexts. Here [1] is a good review
of "supply chain attacks", which unsurprisingly happen most often in
decentrally managed package distributions which at the same time have
"production environments" where time-to-deploy is the main mover: npm,
PyPi and RubyGems. If you don't have the time to even consider what the
hundreds of packages you're ploughing into your app actually do, this
is no surprise.

So yes, the pattern was known. It was, up to now, pretty unusual in
this context. But the deeper "the stack" becomes... (so I think Nate
had a point. That Andy read that as a "systemd insult" is IMHO
infortunate, because it clogs a potentially useful discussion. But
there you are).

The next level is using a package phantasized by your trusty "AI" [2]
counsellor (and whose name was predicted by a malicious actor, because 
"AI" tends to phantasize names consistently). Note that this one was
just (yet?) a proof of concept.

Cheers

[1] https://arxiv.org/abs/2005.09535
[2] 
https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/
-- 
tomás


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Mon, Apr 01, 2024 at 07:00:29PM +, Andy Smith wrote:
> Hi,
> 
> On Mon, Apr 01, 2024 at 03:33:37AM -0500, Nate Bargmann wrote:
> > From what I have read, lzma is not a direct dependency of openssh.  It
> > turns out that it lzma is a dependency of libsystemd and that
> > relationship affected openssh.
> > 
> > Jacob Bachmeyer in analysis
> > (https://lists.gnu.org/archive/html/automake/2024-04/msg0.html)
> > says:
> > 
> > Lastly on this topic, some of the blame for this needs to fall on the
> > systemd maintainers [...]

> In my view a great example of the "people other than me just need to
> get good" fallacy merged with the group of people predisposed to
> hate systemd.

[...]

Please, don't make this into a systemd flamefest. W've had our share
of this already.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick

[tomas]

On Sat, Mar 30, 2024 at 07:32:16PM +0200, Antti-Pekka Känsälä wrote:
> Yes, closing Firefox does allow the stick to unmount cleanly, but I still
> worry.

To get an idea of what's going on, you can use "lsof":

  tomas@trotzki:~$ lsof /dev/sda1
  COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
  bash3982 tomas  cwdDIR8,1 40962 /boot
  hexdump 4056 tomas0r   REG8,1 33464584   28 
/boot/initrd.img-5.10.0-26-amd64
  hexdump 4074 tomas0r   REG8,1  7044672   27 
/boot/vmlinuz-5.10.0-26-amd64

There are three processes accessing my /dev/sda1 ("aka" /boot). I put
them there to have something to show :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Thu, Mar 28, 2024 at 03:23:48PM -0400, Lee wrote:

[...]

> I disagree.  I don't think I'm qualified to make an adequate threat
> analysis for a Debian system and yet

Nobody is. The threat analysis for my virtual server "out there" is
totally different (sshd, exim, http(s), git running on external ports,
yadda, yadda), but running 24/7 in some physically protected data
center; for my laptop, most of the time behind a firewall, but running
a web browser *and* phisically insecure (can be stolen/left behind).

So in the first case it makes sense to focus on network hardening,
whereas disk encryption is an unnecessary hassle (ever tried to boot
from a LUKS disk remotely? Yes, I know it /can/ be done). In the
second case disk encryption is a /must/ (as it is to keep up to date
with it).

How would you make a threat analysis "for Debian"? That makes no
sense. The only you can do is to document the security properties of
each and every component and use that as a toolkit for your particular
use case.

Security, as Bruce Schneier [1] says, is a process. Not a product.

Cheers

[1] https://www.schneier.com/
-- 
t


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Thu, Mar 28, 2024 at 12:22:57PM -0400, Lee wrote:
> On Thu, Mar 28, 2024 at 1:11 AM tomas wrote:

[...]

> > Security means first and foremost understanding the threat.
> 
> Which I don't.  Hence the request for 'secure by default' instructions
> for Debian.  Even better would be a secure by default installation
> option.

This makes little sense. No threat analysis -- no security. Security
is always a relative (to the threat model) term, "security by default"
suggests something absolute. This ain't going to work.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Thu, Mar 28, 2024 at 06:16:32AM +0100, Emanuel Berg wrote:
> "Secure by default" is an OpenBSD slogan BTW. Or they have
> made it into one at least. But I'm not sure it is any more
> secure than Debian - maybe.

That depends.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: making Debian secure by default

[tomas]

On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> I just saw this advisory
>   Escape sequence injection in util-linux wall (CVE-2024-28085)
> https://seclists.org/fulldisclosure/2024/Mar/35
> where they're talking about grabbing other users sudo password.

Are there any users logged in to your computer you dont't trust?

Thought so.

Relax.

Security means first and foremost understanding the threat. Randomly
reaching into the CVE box will most probably keep you from actually
working on your real issues. E.g. your browser. Or your social media
account.

Cheers

[1] https://xkcd.com/1200/
-- 
t


signature.asc
Description: PGP signature

Re: filesystem info

[tomas]

On Mon, Mar 25, 2024 at 11:05:44AM -0400, Cindy Sue Causey wrote:

[...]

> apt-cache search kernel filesystem doc
> 
> Which brought up two docs appropriate for my own Trixie setup: linux-doc-6.5
> and linux-doc-6.6. The description for 6.6 is:
> 
> Description-en: Linux kernel specific documentation for version 6.6

[...]

That's a good one, thanks :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: trying to parse lines from an awkwardly formatted HAR file ...

[tomas]

On Sat, Mar 23, 2024 at 12:53:24AM -0500, Albretch Mueller wrote:
> out of a HAR file containing lots of obfuscating js cr@p and all kinds of
> nonsense I was able to extract line looking like:

It's not "js cr@p", It is called JSON. And there's a spec for
it.

[...]

> I have tried substring substitution, sed et tr to no avail.

You might have a lot of fun trying to parse JSON with sed and
tr.

If you are serious about it, you should try a proper parser
and extractor. I'd recommend jq [1], available in Debian under
the same-named package. I have written a few shell scripts
reaching into the innards of 

You'll have to wrap your brain around it, but in the time you
have implemented a parser for js in "sed and tr" (you might
need a dash of "proper programming language" around that, some
luck and a ton of elbow grease) you might have wrapped your
brain like 16 times around jq (or some other appropriate tool).

Cheers
-- 
tomás


signature.asc
Description: PGP signature

Re: Can't find informatin on passwdqc, pwqcheck or cracklib

[tomas]

On Fri, Mar 22, 2024 at 01:16:13PM +1100, n...@linearg.com wrote:
> I'm wanting to upgrade my security, and like to use some of the suggested
> tools. I've installed some of the tools, but can't find man pages on them.
> Similarly there's no results to be had from googling.
> I must be missing something..

As far as I can see [1], cracklib comes with man pages...

Cheers

[1] https://packages.debian.org/bookworm/amd64/cracklib-runtime/filelist
-- 
t


signature.asc
Description: PGP signature

Please, don't feed the trolls [was: ...]

[tomas]

On Thu, Mar 21, 2024 at 09:28:11PM -0400, Paul M Foster wrote:
> On Thu, Mar 21, 2024 at 06:47:10PM +, jmax wrote:
> 
> > Dear Brothers and Sisters:

[...]

> I'm not your brother or sister [...]

This was an obvious troll [1]. Don't feed them or they'll come
back

Cheers

[1] https://en.wikipedia.org/wiki/Internet_troll
"... a troll is a person who posts deliberately offensive
 or provocative messages online"

-- 
t


signature.asc
Description: PGP signature

Re: Root password strength

[tomas]

On Wed, Mar 20, 2024 at 11:02:41AM -0500, John Hasler wrote:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password.  Write it down.

Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS encryption).
I memorize the most important of them. The older I get, the easier it gets
(surprisingly :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Root password strength

[tomas]

On Wed, Mar 20, 2024 at 09:23:58AM -0400, Jeffrey Walton wrote:

[...]

> > Also, are you saying that you do not let users rotate their keys
> > themselves; and if so, why on Earth not?
> 
> Key continuity has turned out to be a better security property than
> key rotation. It is wise to avoid gratuitous rotation schemes.

I will be the last ne to advocate any gratuitous rotation scheme (key
or password or anything).

My point is giving users enough wits and power (and competent help) to
make good decisions and to implement them.

If my laptop gets stolen, I'll definitely generate new keys.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Root password strength

[tomas]

On Wed, Mar 20, 2024 at 11:03:16AM +, Michael Kjörling wrote:
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
> 
> What exactly is this "certificate" that you speak of? In typical
> usage, it means a public key plus some surrounding metadata, but you
> say that you "don't use public key".

My take. I'm always a bit oversuspicious when umbrella words are thrown
around.

A certificate is (usually) a signed public key. You need it whenever
you need more complex key management (definitely not when things are
between your server and you).

> > For ssh use I issue secret keys to each user and maintain matching public
> > keys in LDAP servers [...]

> So the private keys aren't private, thereby invalidating a lot of
> assumptions inherent in public key cryptography.

We are using that schema in our (small) company, too. Private keys
are definitely private here (we don't "issue keys" to anyone, everyone
uploads their *public* keys to the LDAP).

> Also, are you saying that you do not let users rotate their keys
> themselves; and if so, why on Earth not?

Definitely. "Issuing keys" to people is a "crypto smell". I know,
it is being done far too often. People are too stupid to make their
key pairs, it is often said. But keeping people stupid is your
biggest security hole!

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Root password strength

[tomas]

On Wed, Mar 20, 2024 at 02:01:44AM -0400, Jeffrey Walton wrote:
> On Wed, Mar 20, 2024 at 1:32 AM  wrote:
> >
> > On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote:
> >
> > > A 'safer' implementation will not even expose an ssh port. Instead there
> > > will be a certificate based VPN where you first need a certificate to
> > > connect and then you need a separate certificate to log in as root. A
> > > further enhancement of security is to use 2-factor authentication - which 
> > > is
> > > supported in sshd via pam.
> >
> > How will a "VPN" with a "certificate" (whatever that means in this context)
> > be more secure than a SSH (assuming key pair authentication, not password)?
> 
> This may be more theoretical, but... IPSec uses
> Encrypt-then-Authenticate (EtA), which is provably secure under random
> models. In fact, I believe IPSec is IND-CCA2 secure (Ciphertext
> Indistinguishability), which is a strong notion of security. SSH uses
> Encrypt-and-Authenticate (E), which is provably insecure. The SSH
> protocol leaks information because of the order of operations of
> encryption and authentication.

Of course it's not only theoretical. I took issue with the umbrella
statement "VPN", which might be IPSec or some variant of TLS, to
mention two ends of the scale.

We might have lots of ground to cover until the issues you mention
really matter, but at some point they will, for sure.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Root password strength

[tomas]

On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote:

> A 'safer' implementation will not even expose an ssh port. Instead there
> will be a certificate based VPN where you first need a certificate to
> connect and then you need a separate certificate to log in as root. A
> further enhancement of security is to use 2-factor authentication - which is
> supported in sshd via pam.

How will a "VPN" with a "certificate" (whatever that means in this context)
be more secure than a SSH (assuming key pair authentication, not password)?

They are doing the same dance (key exchange, key pair validation, session
key establishment) -- the "certificate" part is just a step further (and,
BTW, SSH can do that, too), which just eases key management (at the expense
of security: you have but one more moving part).

The "port" thing stays the same: the VPN server uses a TCP connection, too.

Moving the port to a non-standard number, using fail2ban, firewall knocking
and those things don't increase security *directly* -- they just remove
noise from the logs, which eases the admin's task and thus increase security
indirectly.

There's no magic.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: After installing no access to the installed system.

[tomas]

On Mon, Mar 18, 2024 at 02:35:59PM -0500, David Wright wrote:
> On Mon 18 Mar 2024 at 17:31:24 (+0100), Marco Moock wrote:
> > Am 18.03.2024 um 16:17:55 Uhr schrieb Thomas Schweikle:
> > 
> > > EFI. While not installing grub, no boot entry is created too.
> > 
> > This is to be expected.
> > 
> > > It seems the installer fails silently at some point, after having
> > > installed all packages. Maybe it fails installing grub?

See below.

> > This doesn't explain the users not being set up.
> 
> My installer logs show Grub being installed before the
> users are set up.

This would go first, yes.

> > Can you go to the other virtual consoles to investigate the situation?
> > Maybe there is an error message.
> 
> There should be /var/log/installer/syslog on the newly installed
> filesystem.

My hunch currently is that nothing at all gets really written to
the disk, either failing silently or the OP not seeing the failures.

I wouldn't bet my farm on it (first of all because I have no
farm), but this would be the first I'd check. For example, by
looking around after the installer thinks it's done and *before*
the final reboot. What is mounted? Which devices are there?
Which partitions? What's in there?

Alternatively, boot the install/live medium in rescue mode and
try to find/mount the partitions where the fresh installation
is supposed to have landed.

If everything is there, my hunch was wrong and the primary suspect
seems to become Grub. Some BIOSes are rumoured to play games here.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: After installing no access to the installed system.

[tomas]

On Mon, Mar 18, 2024 at 07:00:57PM +, Andy Smith wrote:
> Hi,
> 
> On Mon, Mar 18, 2024 at 05:31:24PM +0100, Marco Moock wrote:
> > Am 18.03.2024 um 16:17:55 Uhr schrieb Thomas Schweikle:
> > > It seems the installer fails silently at some point, after having
> > > installed all packages. Maybe it fails installing grub?
> > 
> > This doesn't explain the users not being set up.
> 
> Given that this is a live media, is it possible that by leaving the
> disc in, the OP is in fact booting the live environment not the one
> they installed? This might explain no users and "wrong" locale.

I think the OP even said that. But by all appearances, the installer
(silently?) fails to write the boot loader to the disk (and possibly
to write to the disk at all, not sure about that).

@Thomas: can you check whether anything was written to the disk?
You could try to list its partition table and even mount (some of)
its partitions, if any, from your live system. Anything in there?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: After installing no access to the installed system.

[tomas]

On Mon, Mar 18, 2024 at 11:44:32AM -0400, Greg Wooledge wrote:
> On Mon, Mar 18, 2024 at 03:24:14PM +0100, Thomas Schweikle wrote:
> > Package: Debian installer
> > Version: As on Debian live-CD/DVD for Debian 12.5
> > Severity: critical
> 
> Note that you sent this email to the debian-user list, not to the bug
> tracking system.
> 
> > 6. For User and Passwort enter
> > Full name: demo Demo
> > Username: de-de
> > Password 1st: start123
> > Password 2nd: start123
> > 7. Click install
> > 8. Wait until the installer finishes and reboots into this newly installed
> > system
> > 9. Try to login with the credentials given above:
> > User: de-de
> > Password: start123
> > 
> > The newly installed system just tells: unknown user or password, user or
> > password wrong. You wont be able to login.
> 
> I wonder if it's the hyphen character.  Maybe the installer transforms
> that into an underscore, or omits it entirely?  That's just a guess.

Hyphen seems to be fine, at least according to the useradd(8) man page.
It has even a paragraph referencing Debian, mentioning the restriction
that the hyphen not be at the beginning of the name. But who knows. Perhaps
something else breaks.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Bookworm Networking Issues

[tomas]

On Sun, Mar 17, 2024 at 04:54:27PM +, David wrote:
> I am running Bookworm on a thin client and Network-Manger seems to be
> the source of my problems.
> 
> I have purged Network-Manager from this thin client, but I can't find
> out how to get /etc/network/interface to run. I have added to 2 NIC's
> that I need.
> 
> Can anybody suggest how to get the networking running?

Package ifupdown is installed?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: shellcheck, bashism's and one liners.

[tomas]

On Sun, Mar 17, 2024 at 09:25:10AM +, Tim Woodall wrote:
> Hi,

[...]

> Is there a one-liner way to make shellcheck happy on the count line
> below (other than # shellcheck disable=SC2046)?
> 
> args() { echo a b c d; }
> count() { echo $#; }
> count $(args)
> 
> Obviously, any correct solution should output 4

Hm. Another way of counting words? Would "wc" count as cheating?
If yes, in which way?

(I'm trying to get a grasp of your problem by throwing possibly
flawed solutions at it, so I won't be hurt if you say so :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: emacs 27.1 from Buster work on Bookworm?

[tomas]

On Fri, Mar 15, 2024 at 06:56:15PM -0700, John Conover wrote:
> 
> Can emacs 27.1 from Debian 11 Buster be installed on Debian 12 Bookworm?

Hm. libc6 hasn't changed /that/ much and is known to handle ABI
compatibility pretty well. I fear the other libs aren't as friendly.

The package system will try to prevent you doing that (for a good
reason), but you can talk it into doing it anyway.

Your best bet seems to be to download the package source and build
deps and re-build for bookworm (and see what breaks).

Not for the faint of heart, but not a research project either. What
are you trying to achieve?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Debugging an USB array issue

[tomas]

On Fri, Mar 15, 2024 at 08:24:04PM +0100, Marc SCHAEFER wrote:
> Hello,
> 
> On Fri, Mar 15, 2024 at 06:54:38PM +0100, to...@tuxteam.de wrote:
> > I may be stating the obvious, but have you made sure the USB hub
> > is providing enough power to keep your disks happy?
> 
> It's a 60W external power supply, for 4 disks.

Thanks, that seems to settle that :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Debugging an USB array issue

[tomas]

On Fri, Mar 15, 2024 at 05:32:30PM +0100, Marc SCHAEFER wrote:
> Hello,
> 
> on a Debian bullseye uptodate system [1], I experiment frequent (every
> 3-4 hours on heavy load) disk disconnections from a md RAID10 array with
> 4 drives connected to an USB 1M adapter [2].
> 
> Errors do not look like a timeout, but like a DMA error [3].

I may be stating the obvious, but have you made sure the USB hub
is providing enough power to keep your disks happy?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Fri, Mar 15, 2024 at 09:01:30AM -0700, Mike Castle wrote:
> On Fri, Mar 15, 2024 at 1:49 AM Alain D D Williams  wrote:
> > We seem to be told that this must be done by those who will not be doing the
> > work.
> 
> Was that explicitly stated anywhere?  Or is the lack of any type of
> explicit "I'm willing to help drive this" statements leading to that
> conclusion?

My humble take: just a troll in search of food.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: strange time problem with bullseye

[tomas]

On Thu, Mar 07, 2024 at 08:31:16AM -0500, gene heskett wrote:

[...]

> So I purged ntpsec and re-installed chrony which I had done once before with
> no luck but this time timedatectl was stopped and it worked!

great :-)

> Now, how do I assure timedatectl stays stopped on a reboot? [...]

I'll have to leave this to others more fluent in systemd-ish.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: strange time problem with bullseye

[tomas]

On Wed, Mar 06, 2024 at 09:36:56PM -0500, Greg Wooledge wrote:
> On Wed, Mar 06, 2024 at 08:33:37PM -0500, gene heskett wrote:
> > no place in the ntpsec docs, nor the chrony docs
> > does it show the ability to slam the current time into the SW clock on these
> > arm systems at bootup's first access time.
> 
> Traditionally, this was done by the ntpdate command, which was in the
> ntpdate package.

[...]

>-g, --panicgate

[...]

Heh. Great minds read alike :-)

But thanks for the historical background, which I didn't know.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: strange time problem with bullseye

[tomas]

On Wed, Mar 06, 2024 at 08:06:15PM -0600, John Hasler wrote:
> Look at the chronyd settime command and the chrony.conf makestep
> directive.  These are intended for your situation.

This from man(8) ntpd:

 -g, --panicgate
   Allow the first adjustment to be Big.  This option may appear an
   unlimited number of times.

   Normally, ntpd exits with a message to the system log if the off‐
   set exceeds the panic threshold, which is 1000 s by default. This
   option allows the time to be set to any value without restric‐
   tion; however, this can happen only once. If the threshold is ex‐
   ceeded after that, ntpd will exit with a message to the system
   log. This option can be used with the -q and -x options.  See the
   tinker configuration file directive for other options.

 -G, --force-step-once
   Step any initial offset correction..
   [...]

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: *****SPAM***** Re: Spam from the list?

[tomas]

On Wed, Mar 06, 2024 at 01:53:49PM +0100, Hans wrote:
> Hi Brad,
> 
> I am using this spamfilter now for several years. It should be well trained 
> and 
> almost until about 4 months I never had any problems with it.
> 
> But until then suddenly the false positives increased from one day to 
> another, 
> although I had changed nothing. 

You keep saying that. Your mail provider seems to have changed something.
Your spamassassin is seeing those new headers (which, by all comments in
this thread are being added on the way from the mailing list to you)
and acts accordingly.

So nothing weird. Except, perhaps, your mail provider. There are few of
them which are not weird these days.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: electrons/the Internet doesn't like question authority niggahs?, oris it that I like to eat raw garlic, ...

[tomas]

On Mon, Mar 04, 2024 at 07:44:41PM -0500, gene heskett wrote:
> On 3/4/24 11:42, Albretch Mueller wrote:
> > spend days on end reading, coding and thinking about Math?
> [...]
> Your traceroute might be your isp throttling things as traceroute demands an
> answer from every machine it passes thru to get to the destination. Some
> ISP's might frown on that as its a huge traffic burst.
> 
> > _LINK="https://christuniversity.in/uploads/course/E_21-25_Lateral
> > Entry(1)_20210618043317.pdf"
> 
> This above is busted and will continue to be until you replace the " "
> wrapping it up with left & right arrows like: 

Sorry, Gene -- this is nonsense (at several levels).

The quotes (") prevent the shell from splitting the thing into two pieces.
You'll have to make sure to quote the expansion like so "$_LINK" if you
want to prevent it being split again where it's used (e.g. as an arg to
wget or curl, or...)

That hasn't changed.

The angle brackets may quote in very specific contexts (e.g. an email
body). Or they may not. That depends on all the mail handling tidbits
in their way.

For the shell, the angle brackets HAVE A TOTALLY DIFFERENT MEANING
(sorry for raising my voice). They might redirect your stdin/stdout
or kill all kitten in your household, depending on context.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: electrons/the Internet [...]

[tomas]

On Mon, Mar 04, 2024 at 10:37:28AM -0600, Albretch Mueller wrote:
> spend days on end reading, coding and thinking about Math?

Sorry. Try again. The whole post doesn't make much sense to
me.

I just tried this:

  curl -LI 
"https://christuniversity.in/uploads/course/E_21-25_LateralEntry(1)_20210618043317.pdf"

(the L is because you first get a 302) and the whole thing
says "403 Forbidden", so it may just be you need some kind
of credentials. But hey, as I said, I didn't understand much
of what you are tryig.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: missing development package?

[tomas]

On Mon, Mar 04, 2024 at 11:13:24AM +, thyme after thyme wrote:
> On 2024-03-04 10:48, to...@tuxteam.de wrote:
> 
> > That's right: in your /etc/apt/sources.list (or in some file
> > under .../sources.list.d/ at your preference) there must be
> > a way for your installer to find the sources. Something akin
> > to:
> > 
> >   deb-src http://ftp.de.debian.org/debian/ bullseye-updates main contrib 
> > non-free
> 
> I'm on bookworm. Pasting my current sources below. Is something missing?

Hm. The package "xfce4-screensaver" doesn't exist for bookworm. It
does for trixie, that's why I assumed that.

That makes things more interesting, I guess :-)

I'm at $DAYJOB currently, so I'll have to bow out of this thead for
now. But now, at least, the landscape is clearer.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: missing development package?

[tomas]

On Mon, Mar 04, 2024 at 10:38:18AM +, thyme after thyme wrote:
> Hi t,
> 
> thanks very much for the help. Responses below:
> 
> On 2024-03-04 10:05, to...@tuxteam.de wrote:
> > There's an automatic way to do this: install the build
> > dependencies:
> > 
> >   sudo apt-get install build-dep 
> 
> I get an error:
> 
> ~ $ sudo apt-get install build-dep xfce4-screensaver
> [sudo] password for m:   
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> E: Unable to locate package build-dep
> ~ [100] $
> 
> The man page tells me the syntax is actually apt-get build-dep [pkg],
> not apt-get install build-dep [pkg]. That gets me to here:

Eh -- sorry, yes.

> ~ $ sudo apt-get build-dep xfce4-screensaver
> Reading package lists... Done
> E: You must put some 'deb-src' URIs in your sources.list
> ~ [100] $ 

That's right: in your /etc/apt/sources.list (or in some file
under .../sources.list.d/ at your preference) there must be
a way for your installer to find the sources. Something akin
to:

  deb-src http://ftp.de.debian.org/debian/ bullseye-updates main contrib 
non-free

(the details are different: you are at least on trixie, I guess,
and you might want to choose another source).

[...]

> > Are you building xfce4-screensaver from the Debian package source,
> > or from upstream?
> 
> >From git master at the aforelinked gitlab repo.

Note that Debian might have some patches to make the package
buildable in Debian context; so installing Debian's build
deps is just an approximation.

If I were you, I'd first install the Debian src package and
its build deps, build that, and work on from there.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: missing development package?

[tomas]

On Mon, Mar 04, 2024 at 09:23:52AM +, thyme after thyme wrote:
> Hello everyone,
> 
> I'm not a developer, but I'm trying to build xfce4-screensaver and
> suspect I may be missing a development package.
> 
> I've sudo apt-get installed everything on this list:
> https://salsa.debian.org/xfce-extras-team/xfce4-screensaver/blob/debian/master/debian/control#L6

There's an automatic way to do this: install the build
dependencies:

  sudo apt-get install build-dep 

[...]

> savers/Makefile.am:53: error: library used but 'RANLIB' is undefined
> savers/Makefile.am:53:   The usual way to define 'RANLIB' is to add
> 'AC_PROG_RANLIB'
> savers/Makefile.am:53:   to 'configure.ac' and run 'autoconf' again.
> autoreconf: error: automake failed with exit status: 1

This might be due to package "build-essential" missing (which, I
think, would have come with "install build-dep"). But not quite
sure about that. I guess build-essential won't be listed as an
explicit build dependency.

Are you building xfce4-screensaver from the Debian package source,
or from upstream?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: {OT] Mailing lists etc for postmasters

[tomas]

On Fri, Mar 01, 2024 at 08:19:42AM +, Michael Grant wrote:
> https://list.mailop.org/listinfo/mailop
> 
> And the main page 
> https://www.mailop.org/

Thanks abig bunch!
-- 
tomás


signature.asc
Description: PGP signature

Re: {OT] Mailing lists etc for postmasters

[tomas]

On Fri, Mar 01, 2024 at 01:42:07AM +, Gareth Evans wrote:
> I have somehow only just discovered that Gmail, Apple and Yahoo are 
> introducing, or have recently introduced, DMARC requirements for senders.
> 
> See for exmaple
> https://www.proofpoint.com/us/blog/email-and-cloud-threats/google-and-yahoo-set-new-email-authentication-requirements
> 
> Can anyone recommend good mailing lists or other resources for people who 
> look after email servers/services?  It takes up little of my work, but an 
> area of interest.

Me too :)

ISTR that there was a mention of such a thing here in debian-user@,
but my search-fu hasn't been up to the challenge of finding it.

OTOH, my memory could be playing games on me.

Cheers
-- 
t


signature.asc
Description: PGP signature

Troll or not? [was: Serious problem with debian 12 bookworm]

[tomas]

On Thu, Feb 29, 2024 at 01:59:19PM -0700, Charles Curley wrote:
> On Thu, 29 Feb 2024 19:58:13 + (UTC)
> Anastasia Broch  wrote:
> 
> > Hi I'm using debian 12 in Lenovo yoga legion core i5 12th gen with
> > RTX 3050 and I'm figuring a serious issue using debian 12 on this PC,
> > …
> > 
> > Sent from Yahoo Mail for iPhone
> 
> Apparently some people haven't noticed that this is a near duplicate of
> this recent email on the list:
> 
> From: Mansour Nasri 
> To: debian-user@lists.debian.org
> Subject: Problem of suspend activities ( debian 12 )
> Date: Thu, 29 Feb 2024 09:38:05 +0100
> 
> The main difference, as far as I can see, it the sender's email
> address. Troll? Who knows? Who cares? I suggest you ignore this thread.

I don't really think so. The post itself actually makes sense.
Perhaps their provider is throwing away the responses (or hiding
them in the spam box, which nearly amounts to the same). Big mail
providers are like that these days.

When the OP doesn't think of double-checking (e.g. by looking into
the Web archives), they'll assume their mail hasn't made it. Resending
seems like a valid option.

But then... who knows. Perhaps it's a startup training their so-called
"AI". But then I might be. Or you.

My take: not troll. Bad mail provider.

Cheers
-- 
t


signature.asc
Description: PGP signature

Reply to list vs. group reply [was: Inlclusive terminology...]

[tomas]

On Sun, Feb 25, 2024 at 10:35:33AM +0100, Geert Stappers wrote:

[Adjusting the topic]

> For keeping that promise would it be better to use "Reply-To-List".
> 
> And in other cases is it also better to use "Reply-To-List".

I know it is a hot topic here. Preferences vary by the sender, which
I can't perfectly know.

My e-mail client honours "Mail-Followup-To", which is the sender's
way to state "hey, I'd prefer for you to send replies to...",
usually to the list address.

[...]

> P.S.
> The better e-mail client has 3 reply buttons:
> - Reply
> - Reply-To-All
> - Reply-To-List

Mine has those. It *also* honours "Mail-Followup-To" (and could set it,
if I cared the other way around, but my MDA eliminates dupes anyway, so
I'm happy both ways).

If you care, you might consider setting your "Mail-Followup-To" header?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Sun, Feb 25, 2024 at 06:30:35PM +1100, Zenaan Harkness wrote:
> On 2/25/24, to...@tuxteam.de  wrote:
> > On Sun, Feb 25, 2024 at 09:14:44AM +1100, Zenaan Harkness wrote:
> >
> > [...]
> >
> >> The "problem" is asking the majority (10s of thousands of people) to
> >> make efforts to help 1 or 2 heal in their journey's of pain and
> >> healing.
> >
> > To make sure the "majority" stays majority for all so ever: white,
> > male, Western Europe or US, English speaking?
> 
> Ha! Had to pull the race card now huh? Figured that's where the sjw
> wokesters would go. When all else fails, cry "racism".

[...]

I think I'm out of it. *Plonk*
-- 
t


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Sat, Feb 24, 2024 at 06:05:26PM -0500, Karen Lewellen wrote:
> May I interject a different perspective?
> what brings greater freedom, asking that words be changed by many, that some
> see, no matter how justified from their view as harmful?  Or teaching those
> people how to free themselves from being controlled by those words?

Not using the words doesn't remove the injustice. I'm not that naïve. It's
just a question of politeness.

As an example: I left the Christian religion long time ago. If I visit a
church (to admire its architecture, for example), I behave with a modicum
of respect and restrain myself of farting aloud. If I visit a mosque (I'm
not a Muslim) I take off my shoes.

Because I know there are people in there who might well be offended by some
behaviour.

It's that easy.

> Yes, your goals may be honorable to be sure, but in the end do not the words
> still win if the control remains?

Removing the injustice is a much longer process, and it's important to
put a lot of work in it. The above is just a friendly acknowledgement
"yes, I see you". Just politeness. Not more.

After all, I try to be polite to you too (I might fail at that, dunno).

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Sun, Feb 25, 2024 at 09:14:44AM +1100, Zenaan Harkness wrote:

[...]

> The "problem" is asking the majority (10s of thousands of people) to
> make efforts to help 1 or 2 heal in their journey's of pain and
> healing.

To make sure the "majority" stays majority for all so ever: white,
male, Western Europe or US, English speaking?

For better or worse (IMO for better!) demography of our geek
communities is slowly changing. This brings about some friction.
I'm all for facilitating this process: this involves questioning
my preconceptions.

As a scientist, I'm used to do that, anyway.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Sat, Feb 24, 2024 at 04:54:12PM +, Alain D D Williams wrote:
> On Sat, Feb 24, 2024 at 09:03:45AM -0500, The Wanderer wrote:
> 
> > > It was a BLM thing, not sure if it matters the etymology of such
> > > words.
> > 
> > The etymology certainly *should* matter, insofar as that is the origin
> > of the *meaning* of the word(s).
> 
> +1
> 
> However that is not the way that the world works, or prolly more accurately 
> how
> some people think. They see a word/phrase that they have decided that they
> "own" [...]

It's not just "they", that's the point. It's us all.

> I sometimes think that something similar to Postel's Law but applied to human
> interactions would be useful. However that is wishful thinking

Actually, Postel's Law is a very appropriate metaphor. It has two sides.
My side is here: if I have reasons to suspect something might offend my
interlocutor, I'll try to avoid it -- unless there's a stronger reason
not to.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Support for AMD SOC digital microphone

[tomas]

On Sat, Feb 24, 2024 at 01:24:58PM +0100, Pavel Lunix wrote:
> Hello,
> I have Lenovo Thinkpad P14s Gen4 AMD and found the integrated microphone is
> not working due to missing kernel module (+ the integraded dmic under the
> same structure):
> https://www.kernelconfig.io/config_snd_soc_amd_ps
> 
> >From Debian stock kernel config:
> # CONFIG_SND_SOC_AMD_PS is not set
> 
> What is the appropriate place to request adding this module to Debian
> kernel?

This seems to be addressed here:

 https://lists.debian.org/debian-kernel/2023/12/msg00362.html

HTH
-- 
tomás


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Fri, Feb 23, 2024 at 11:24:39AM +0100, Marco Moock wrote:
> Am 23.02.2024 schrieb Alain D D Williams :
> 
> > It is "fixing" an issue for today's English speakers. Should we scour
> > our systems looking for similar issues in other languages ?

[...]

Fifty years ago it was "normal" to beat kids with a ruler
(I know from experience). Should we stop doing this now?

I'd say yes, but perhaps that's just me.

> > say, 20 years time when different words will then be considered
> > offensive, by some, do this all again ?
> 
> In Germany, some organizations do that as well - and most people are
> annoyed by that because it has no benefit.

While I do agree that reality is complex, and that it not always makes
sense, dismissing it right away because it doesn't matter to *you*
is also wrong.

> The most important thing is that the upstream projects would need to
> change that - including all the translators.
> 
> This is always a PITA - for no realistic benefit.

No benefit to *you* perhaps. See, I'm watching this space (free
software and friends) for quite a while now. I've watched it
since before the birth of Linux. Since then, the diversity of
people involved has increased quite a bit (it could be better,
mind you). So the array of things which matter has widened.

It isn't unplausible that the terminology "slave" is offensive
to someone outside your (or my) bubble. So it does make sense
to listen to others than just going by one's "gut feeling".

Here's [1] one ref on that. So yes, it might matter to some.

And to all those "I only take technical decisions". Folks:
tech is as much about physics and chemistry as it is about
anatomy and social science; after all, it is made by humans
for humans. And as to what happens when you have a strong
selection bias in technical design, [2] seems to be the
standard ref those days.

I just don't get it. If people isn't interested in the topic,
fine. Debian is huge, and no one can be interested in every
topic. Just keep out. But this kind of strong reactions...

 - "there is no good reason *why*"
 - "US political feel-good activism" [3]
 - "wastes people's time"

... as seen in this thread, to a simple question? Nah.

And now, I'm out of that thread myself (oh, another package:
git's default branch name "master" has become "main" these
days. No kittens were sacrified for that).

Cheers

[1] https://www.apa.org/ed/precollege/psn/2022/09/inclusive-language
[2] Carolina Criado Pérez "Invisible Women"
Exposing data bias in a world designed for men
Penguin Random House, 2019
[3] The OP was asking from Austria, and given their name, is
   Austrian, but hey, there you go. Perhaps there was some
   contagion via Schwarzenegger -- I hear he is (*horrors*)
   in California.

-- 
tomás


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Fri, Feb 23, 2024 at 11:00:39AM +0100, Marco Moock wrote:
> Am 23.02.2024 schrieb :

[...]

> > Oh, goody. A culture warrior.
> 
> I'm sure you have good reasons for changing the terms. Feel free to
> provide some real arguments that have a benefit for the users.

I'm not the one proposing changing the terms. But I do have
strong reasons to dislike people foaming at the mouth whenever
someone considers even discussing it.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[tomas]

On Fri, Feb 23, 2024 at 10:33:08AM +0100, Mariusz Gronczewski wrote:
> On 22.02.2024 11:19, Ralph Aichinger wrote:
> > Hello!
> > 
> > I know this is a loaded topic. I really don't want to discuss the
> > political aspects of the "why", but just want to know the facts, i.e.
> > how far this has been progressed in Debian.
> 
> There is no good reason *why*. It's entirely US political feel-good activism
[...]

Oh, goody. A culture warrior.

*plonk*

-- 
t


signature.asc
Description: PGP signature

Re: Meeting with the Development Team

[tomas]

On Thu, Feb 22, 2024 at 08:40:32AM +, Ray Galt wrote:
> Hello,
> 
> I would like to reach out to the decision-maker in the IT environment within 
> your company.

[...]

Sometimes, satire is written by marketing departments. Or by
some LLM run in reverse posing as such -- these days, you
just can't know. As far as I'm concerned, they all pass the
Turing test with flying colours.

SCNR
-- 
t


signature.asc
Description: PGP signature

Re: Orphaned Inode Problem

[tomas]

On Wed, Feb 21, 2024 at 05:15:55PM +0100, Jörg-Volker Peetz wrote:
> Henning Follmann wrote on 21/02/2024 14:16:
> > On Wed, Feb 21, 2024 at 12:00:17PM +0100, Jörg-Volker Peetz wrote:
> 
> > > Somewhere I read, for maintainance of an SSD all it's cells should be read
> > > from time to time like this
> > > 
> > > sudo dd if=/dev/DEVICE of=/dev/null bs=8M status=progress
> > 
> > Where did you read that? That seems like a huge waste of time.
> > 
> As far as I remember, the idea behind this suggestion is to help the SSD
> firmware detect bad blocks or cells early on and to mask them out. Of
> course, a good firmware with it's wear leveling algorithm
> (https://en.wikipedia.org/wiki/Wear_leveling) should do this by itself.

Actually... you only have to read regularly those blocks which are
known to have stuff in them. The file system should know which those
are, that's its job.

And then, this is a backup, at least in my book, and yes, you should
do that regularly, even on spinning rust ;-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: partition reporting full, but not

[tomas]

On Wed, Feb 21, 2024 at 12:21:05PM +1100, Keith Bainbridge wrote:
> 
> On 21/2/24 10:47, Felix Miata wrote:
> > I didn't think so, which begs the question why OP Keith is using it. :p
> > -- 
> 
> I read somewhere about 2 years ago,  that it automagically de-duped data
> when it detected I was copying the same file to different directories [...]

I think the Wikipedia [1] is a good ref, at least at the level we are
discussing. 

Deduplication is mentioned there requiring userspace tools, so it seems
you'll have to run a process (as a daemon, from cron, whatever) to achieve
that.

It also mentions "reflinks", which is a kind of COW file copy (not to be
confused with a hardlink, which all civilised file systems have).

Cheers
[1] https://en.wikipedia.org/wiki/Btrfs#List_of_features
-- 
t


signature.asc
Description: PGP signature

Re: Timer doing apt update

[tomas]

On Tue, Feb 20, 2024 at 07:44:55AM -0500, Greg Wooledge wrote:

[...]

> For me, it's a combination of two things:
> 
> 1) This apt-daily.timer stuff is quite complex and difficult to discover
>and understand [...]

I gather this from the thread, yes. I just checked, and the scripts
come with apt -- but they are ineffective if one is "on" SysV init.

All is well. Phew ;-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: partition reporting full, but not

[tomas]

On Tue, Feb 20, 2024 at 09:21:15PM +1100, Keith Bainbridge wrote:
> 
> On 20/2/24 19:38, to...@tuxteam.de wrote:

[...]

> Tomas, the upgrade failure was earlier than these notes. It has now worked

I see.

> Sorry, but I don't know how to assess the snapshot space usage.

Nor do I -- my question was rather directed at Felix, who seems to
be the only one in this thread with some btrfs experience.

Perhaps it'd be wise to include "btrfs" in the Subject to attract
the attention of btrfs buffs?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: partition reporting full, but not

[tomas]

On Tue, Feb 20, 2024 at 02:42:18AM -0500, Felix Miata wrote:
> Keith Bainbridge composed on 2024-02-20 17:45 (UTC+1100):
> 
> > I just removed 3 snapshots from my daily driver with no change in used 
> > space reported by df
> 
> df doesn't know how to calculate freespace on btrfs. You need to be typing
> 
>   btrfs filesystem df
> 
> if you have not aliased df to btrfs filesystem df.

Still, Keith seems to have a real shortage of file system free space,
otherwise Debian upgrades wouldn't fail.

I don't know much about btrfs, but what would be really helpful (if
you do, and it seems so) would be for you to fill us in on how to
asses the space used up by old snapshots (what seems to be the main
suspect currently).

Cheers
-- 
t


signature.asc
Description: PGP signature