Re: auxiliary mail client for HTML

[Dejan Jocic]

On 12-11-19, Curt wrote:
> On 2019-11-08, Nate Bargmann  wrote:
> >
> >> I thought everybody just used a mailcap file and was fine.
> >
> > I do and have it setup to use w3m to deal with most HTML mail.  Some
> > does look better in a GUI program and that's why I do this.
> >
> 
> Well, then
> 
>  text/html;  /usr/bin/firefox %s >/dev/null 2>&1; needsterminal
>  text/html;  elinks -dump %s; nametemplate=%s.html; copiousoutput
> 
> Or something like it. Needing or preferring a gui client doesn't seem
> preclude using a mailcap file (or vice versa). 
> 
> I'm not a mutt user, though, so maybe I got it wrong. I also forgot what
> the "this" was in the "that's why I do this" above.
> 
> ;-)

text/html;  firefox -new-tab %s & sleep 5; test=test -n "$DISPLAY";
nametemplate=%s.html
text/html;  lynx -dump %s; nametemplate=%s.html; copiousoutput

Or at least that works here. I'm sure that it can be done better though,
but did not have need to dig in more into it.

All best,
Dejan

Re: New Linux User needs some guidance

[Dejan Jocic]

On 08-10-19, Tony van der Hoff wrote:
> On 07/10/2019 19:04, Thomas Schmitt wrote:
> > Hi,
> > 
> > lwhona...@gmail.com wrote:
> >> I was under the impression, if I copied the dvd image to a usb stick,
> >> I could boot from the stick and start the install.
> > 
> > This is true. You have to put it as image onto the raw USB stick device.
> > 
> >   https://www.debian.org/CD/faq/#write-usb
> > proposes for GNU/Linux something like
> >   cp debian-10.0.0-amd64-netinst.iso /dev/sdd
> > where /dev/sdd is the device file representing the USB stick.
> 
> I've been following this thread with interest, as right from the start
> it talks about "copying" the .iso image to the ssd. At risk of
> displaying some ignorance, and attracting flames, I think this is
> misleading and take issue with the FAQ.
> 
> cp copies a file onto s file system, bit that's not what's wanted here.
> To create a bootable image from a .iso, you need 'dd', i.e.
> sudo dd bs=4M \
> if=/path-todebian-10.iso\
> of=/dev/sdx\
> oflag=sync
> 
> Make sure you identify the correct usb stick for sdx, or you may end up
> overwriting something important.
> 
> This is explained in detail at
> https://linuxize.com/post/create-bootable-debian-10-usb-stick-on-linux/
> 
> It worked for me.
> Good luck, Tony
> -- 
> Tony van der Hoff| mailto:t...@vanderhoff.org
> Buckinghamshire, England |
> 

You do not need dd command to make bootable usb with iso image. You can
do that also with cat, or cp. All 3 ways will do, if you are doing it
from Linux system. For cat: 

cat /path-to-downloaded-image.iso > /dev/sdX; sync ( X is number of the
drive, usually "b" but you need to check anyway, or you'll wipe some
drive instead )

for cp:

cp /path-to-downloaded-image.iso /dev/sdX; sync ( same as above applies )

sync is recommended to make sure that any data from RAM will be written
where it should go ( that all reads and writes will be executed and that
there will be nothing left in pending status ). To check on which device
you would like to write your image, you can use lsblk. 

dd is useful command for creating various backup images, testing storage
devices and similar, but is certainly not required for making bootable
installation images on the usb devices.

Anyway, most of Linux newbies will not create usb from Linux machine
anyway, so I doubt that any of this will help OP. Personally, can't even
remember when I was creating usb image from anything but Linux, so can't
be of much help there.

All best,
Dejan

Re: which mutt?

[Dejan Jocic]

On 04-05-19, Curt wrote:
> On 2019-05-04, Erik Christiansen  wrote:
> > On 03.05.19 18:01, Russell L. Harris wrote:
> >> P.S.  Would someone kindly tell me how, while in Mutt and reading a
> >> message such as this, to launch a browser to open links such as [1]
> >> and [2] above?
> >
> > A convenient alternative is to just double-click on a link in mutt's
> > display in an xterm, then paste anywhere in the middle of firefox/iceweasel
> > (not in the URL box up top). That works with a simple config:

If you are using xterm, best solution for me was to set opening URLs
from anywhere in xterm, not just mutt, would be to set highlighting URLs
with double click and opening them with Shift + Mouse left button.

For that you would need in your .Xresources these lines

xterm*charClass: 33:48,36-47:48,58-59:48,61:48,63-64:48,95:48,126:48

xterm*VT100*translations: #override Shift :
exec-formatted("firefox '%t'", PRIMARY)

Dejan

Re: Docker and Container Tools Podman/Buildah/Skopeo

[Dejan Jocic]

On 06-03-19, Reco wrote:
>   Hi.
> 
> On Wed, Mar 06, 2019 at 12:17:27PM +0100, Dejan Jocic wrote:
> > On 05-03-19, Reco wrote:
> > > 
> > > Canonical's famous for their NIH too. Mir, Unity, LXD - it's a long
> > > list, although RedHat has longer one.
> > > 
> > > Reco
> > 
> > 
> > Mir and Unity I can get, but why would you put LXD in that sentence about
> > NIH? 
> 
> Given the existence of LXC, why would anyone need LXD?
> 
> Reco
> 

You do realise that LXD is wrap around LXC, or rather libxlc, which
improves its functionality, while not taking anything from it?

Some of that functionality is live snapshot migration, bit improved
security, improved/easier to manage networking, overall better
management. 

Also, while Canonical is not only supporter of LXC, it is practically
major supporter, as far as I know ( but could be wrong about it ).So,
again, I don't really think that it belongs under NIH syndrome.

Thanks for reply,
Dejan

Re: Docker and Container Tools Podman/Buildah/Skopeo

[Dejan Jocic]

On 05-03-19, Reco wrote:
> 
> Canonical's famous for their NIH too. Mir, Unity, LXD - it's a long
> list, although RedHat has longer one.
> 
> Reco


Mir and Unity I can get, but why would you put LXD in that sentence about
NIH? 

Dejan

Re: need google chrome installation instructions that work

[Dejan Jocic]

On 21-11-18, Felix Miata wrote:
> john doe composed on 2018-11-21 10:06 (UTC+0100):
> 
> > Felix Miata wrote:
> 
> >> (Stretch)
> >> Downloading Chrome is easy. Installing is not. The download page says 
> >> "download and install",
> >> but all that happens is firefox fetches, and no auto install via apt* or 
> >> dpkg is attempted. Apt
> >> and aptitude won't install the local file because it "isn't found". The
> >> https://www.google.com/linuxrepositories/ "Google Linux Software 
> >> Repositories" page says how to
> >> configure GPG, but nothing about configuring repo in sources.list. Where 
> >> are the secret
> >> incantations to be found?
> 
> > The below link might be useful:
> 
> > https://www.wikihow.com/Install-Google-Chrome-Using-Terminal-on-Linux
> 
> It worked. I had tried on previous occasions downloaded debs with 'dpkg -i' 
> without any
> successes that I can recall. The provided deps on that page did the trick.
> 
> > you should also consider googling "installing chrome on linux".
> 
> Before posting here that's sort of what I did with DuckDuckGo:
> 
> google chrome debian sources.list
> google chrome for debian configuration
> 
> Nothing I had clicked on seemed appropriate to the expected task. I'm not a 
> Chrome user. This is
> for a friend whose vision is about 5% and tasks me with his upgrades.
> 
> Thanks!
> -- 
> Evolution as taught in public schools is religion, not science.
> 
>  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
> 
> Felix Miata  ***  http://fm.no-ip.com/
> 

Bit late on party, but as others already said dpkg -i followed by
apt-get -f ( --fix-broken ) should do the trick. It will add it to the
sources list. 

One new thing to add would be that it will very annoyingly mess up with
alternatives and after install and after every damn update/upgrade it
will set itself up with crazy high preference in alternatives, that will
always be with priority higher than other browsers. So, if you want to
keep some other browser as your x-www-browser, or gnome-www-browser as
primary, you will need to amend those settings.

All best,
Dejan

Re: Undesired ssh login attempts

[Dejan Jocic]

On 10-06-18, Reco wrote:
>   Hi.
> 
> On Sun, Jun 10, 2018 at 12:55:24PM +0200, deloptes wrote:
> > Hi,
> > I recently get many of those, which means someone found out that ssh
> > external is on port 2 and is trying to do some evil work there.
> > Should I worry or do something?
> > Similar for apache web server.
> 
> You mean that all these connections originate from 197.159.128.171?
> "iptables -I INPUT -s 197.159.128.171/29 -j DROP" will take care of it.
> 
> While you're at it, write an abuse letter to Jonathan Lamptey - he? owns
> problematic IP range according to AFRINIC.
> 

While that will certainly solve that problematic IP address, best
practice would be to have some limit per IP address set in your firewall
rules. In case of using iptables something like this should work:

iptables I INPUT -p tcp --dport  -i eth0 -m state --state NEW -m recent 
--set

iptables -I INPUT -p tcp --dport  -i eth0 -m state --state NEW -m recent  
--update --seconds 60 --hitcount 4 -j DROP

That will limit to 3 attempts per minute per IP address for port  which you 
use for SSH. If you use ufw for firewall, it would be simpler:

ufw limit /tcp
> 
> > I think both are secure: for ssh no users with easy password allowed to
> > login
> 
> If you have password-enabled ssh with stock Ciphers, MACs, and Kex'es
> enabled, and your only protection is non-standard ssh port - then you
> are doing it wrong.
> 
> Set these to /etc/ssh/sshd_config, and watch all those script-kiddies
> cry as they won't be able to connect to you at all:
> 
> Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com
> MACs 
> hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com
> KexAlgorithms 
> curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256
> 
> And forbid ssh password authentication. They've invented key-based
> authentication for cases like yours 15 years ago.
> 
> 

Aye, key-based authentication is definitely way to go. Password
authentication is bad for your health.

Re: Question about kernel boot parameter

[Dejan Jocic]

On 08-06-18, stuv wrote:
> Hi everyone,
> 
> I'm using a debian derivate of linux and i'm searching for a way to
> make permanent changes to the kernel boot parameters without GRUB or
> any other boot loader, i want to disable ipv6 permanently, when i do it
> over /init.d/modprobe.d the changes only last until the next reboot.
> 
> best regards.
> 

man sysctl
man sysctl.conf
man sysctl.d

and then read files /etc/sysctl.conf and files under /etc/sysctl.d/.
Those should give you enough examples. For your example, line you need
to add to some of those files, or even better new file under sysctl.d
with descriptive name for what will be done in it:

net.ipv6.conf.all.disable_ipv6 = 1

Re: Chinese file name problem in xterm

[Dejan Jocic]

On 09-05-18, Long Wind wrote:
>  Thank Ben!
> 
> i use twm, don't you realize it when you see screen shot attached in my 2nd 
> mail of thread? twm is simple, i won't try xfce or gnome,they are complex, 
> they may display Chinese correctly, but they likely have other problem,  even 
> small problem like ugly font is unacceptable to me, you know
> 
> i think vfat partition use unicode, which support many languages, i think it 
> support both Traditional and simplified Chinese
> 
> Chinese in your mail are correctly displayed in my firefox, i'v installed 
> font-noto-cjk, but xterm still can't display all Chinese
> 
> 
> 
> 
> On Wednesday, May 9, 2018, 6:22:00 AM GMT+8, Ben Caradoc-Davies 
>  wrote:  
>  
>  On 08/05/18 21:39, Long Wind wrote:
> > i decide to use old font with problem
> > the new font a user suggests can display Chinese correctly
> > but it display English ugly, and most of time i use English
> 
> I use and recommend xfce4-terminal from Xfce. gnome-terminal should 
> perform similarly. What desktop environment do you use?
> 
> With a UTF-8 locale, ext4 filesystem (UTF-8 filenames), and the 
> fonts-noto package, I can in an xfce4-terminal terminal instance:
> 
> touch English
> touch 中文
> 
> tmp$ ls -al
> total 16
> drwxrwx---  2 ben ben  4096 May  9 10:04 ./
> drwx-- 14 ben ben 12288 May  9 10:00 ../
> -rw-rw  1 ben ben    0 May  9 10:01 English
> -rw-rw  1 ben ben    0 May  9 10:04 中文
> tmp$
> 
> Screenshot attached.
> 
> > is that a bug? it still puzzle me
> > Chinese characters that aren't correctly displayed are common ones
> > so common that if any program can display Chinese it should be able to 
> > display them
> > why it can display some while it fail to display other?
> 
> Traditional or simplified Chinese? (I do not speak or read Chinese, but 
> I know there is a difference, and can use Google Translate.)
> 
> Your font likely has incomplete Unicode coverage. fonts-noto provides 
> large coverage for CJK code points:
> https://packages.debian.org/sid/fonts-noto
> https://packages.debian.org/sid/fonts-noto-cjk
> 
> If your Chinese text is displayed properly in Firefox, you might already 
> have this font installed.
> 
> > i want to be perfect, but i'm in poor health, can't bother such small thing
> > maybe next debian distro will not have such problem
> 
> Debian bugs are fixed only when users and developers care about them. 
> What better health tonic than exercise, sunshine, and fixing Debian bugs?
> 
> Kind regards,
> 
> -- 
> Ben Caradoc-Davies 
> Director
> Transient Software Limited 
> New Zealand
>   

You can always switch between fonts in xterm. In your home directory, in
.Xresources file, you can define several fonts. By right click with
mouse while holding Ctrl key on xterm window, you can then change fonts.
That right click dialogue will give you options like Default, Unreadable
and so on. It does not matter how those are called, it matters how did
you define them in your resources. Each font can be of same size and
just used for different languages, like in your case. Bitmap fonts work
fine in that set up, just find one that will show correctly Chinese
letters.

Re: messed up release in apt

[Dejan Jocic]

On 30-04-18, Anil Duggirala wrote:
> > I would first use old sources.list to purge wine and follow it up
> > with
> > autoremove. But after that new, this time intended and correct,
> > sources.list with apt-get should solve problem.
> > 
> 
> When you say "old" do you mean the sources.list without the jessie
> backports entry? Could you explain to me why exactly you would do that,
> thanks a lot for your help
> 

By old, I was referring to sources.list with jessie backports. I wold do
that to make sure that apt will clean up all dependencies for Wine in
jessie backports. It is probably not needed and it is more than likely
overkill, but I'm always bit of paranoid when it comes to mixing up
things in sources.list, specially when backports are involved. Simply
changing your sources.list to correct backports and then doing update
and upgrade with apt should get you version of Wine with dependencies
for stretch backports. 

Sorry for possible confusion and for not explaining it bit better in
first place.

Re: messed up release in apt

[Dejan Jocic]

On 30-04-18, Brian wrote:
> On Mon 30 Apr 2018 at 11:49:33 -0500, Anil Duggirala wrote:
> 
> > hello,
> > I mistakenly added an etc/apt/sources.list line for "jessie"(backports)
> > instead of "stretch", which is my current release. I proceded to update
> > apt and installed Wine (along with many packages, some i386) from the
> > jessie-backports source (i.e. apt install wine/jessie-backports).
> > Please tell me how I can locate all wrongly installed packages and
> > remove them, and install correct packages from stretch-backports,
> > thank you,
> 
> Take a look at apt's log in /var/log.
> 
> Or let apt sort it out with the correct line in sources.list and then
> update and upgrade.
> 
> Or, both.
> 
> -- 
> Brian.
>  
> 

I would first use old sources.list to purge wine and follow it up with
autoremove. But after that new, this time intended and correct,
sources.list with apt-get should solve problem.

Re: Iptables at boot

[Dejan Jocic]

On 21-01-18, Mark Fletcher wrote:
> On Sun, Jan 21, 2018 at 02:02:07AM +0100, Dejan Jocic wrote:
> > On 20-01-18, Jacques Rodary wrote:
> > > Hi
> > > How can I start iptables at boot. I don't find  an equivalent to  " 
> > > service
> > > iptables start" with systemd and does'nt know how to create a new
> > > iptables.service. The manpages aren't quite clear for me. Thanks for any
> > > help.
> > >   Jacques
> > > 
> > 
> > There are two options. One would be to learn to write systemd service
> > units. There are many tutorials on net for how to write those with
> > examples. Other would be to install iptables-persistent package. You can
> > find more about using iptables-persistent package if you google it, you
> > will surly run on few quick howtos.
> > 
> > 
> 
> To get you started [addressing the OP], here is the service file I use:
> 
> [Unit]
> Description=Load Iptables Rules
> ConditionFileIsExecutable=/etc/systemd/scripts/iptables
> After=network.target
> 
> [Service]
> Type=forking
> ExecStart=/etc/systemd/scripts/iptables
> TimeoutSec=0
> RemainAfterExit=yes
> 
> [Install]
> WantedBy=multi-user.target
> 
> This goes in /lib/systemd/system/iptables.service and assumes your 
> iptables commands are in a script which is called iptables, is 
> executable, and is located in /etc/systemd/scripts
> 
> I must point out there may be Debian policies of which I am not aware 
> about where the files should ideally go; I lifted this configuration 
> from a non-Debian box. There is nothing about it that will _not work_ on 
> Debian, but there may be a preferred Debian location for such files, 
> which hopefully my contribution will encourage someone knowledgable to 
> add.
> 
> then to run it once, as root:
> systemctl start iptables
> 
> and to set it up so it runs at boot, as root:
> systemctl enable iptables
> 
> HTH
> 
> Mark
> 

Location for local custom unit files should be /etc/systemd/system but
it can be on several more places, if you desire so. It is just that
those in /etc/systemd/system take precedence over others.

Re: Iptables at boot

[Dejan Jocic]

On 20-01-18, Jacques Rodary wrote:
> Hi
> How can I start iptables at boot. I don't find  an equivalent to  " service
> iptables start" with systemd and does'nt know how to create a new
> iptables.service. The manpages aren't quite clear for me. Thanks for any
> help.
>   Jacques
> 

There are two options. One would be to learn to write systemd service
units. There are many tutorials on net for how to write those with
examples. Other would be to install iptables-persistent package. You can
find more about using iptables-persistent package if you google it, you
will surly run on few quick howtos.

Re: Embarrassing security bug in systemd

[Dejan Jocic]

On 10-12-17, Joe wrote:
> On Sun, 10 Dec 2017 11:02:45 +0100
> Dejan Jocic <jode...@gmail.com> wrote:
> 
> > On 10-12-17, Joe wrote:
> > > On Sun, 10 Dec 2017 00:13:59 +0100
> > > Dejan Jocic <jode...@gmail.com> wrote:
> > > 
> > >   
> > > > 
> > > > Man page for pklocalauthority is bit more helpful, but far from
> > > > self explanatory.   
> > > 
> > > And not updated for Debian.
> > >   
> > > > In its examples section, it provides some insight about
> > > > writing .pkla files, but it does not show all possible options,
> > > > or at least I can't be sure that it does. For example:
> > > > 
> > > > [Exclude Some Problematic Users]
> > > >Identity=unix-user:homer;unix-user:grimes
> > > >Action=com.example.awesomeproduct.*
> > > >ResultAny=no
> > > >ResultInactive=no
> > > >ResultActive=auth_admin
> > > > 
> > > > According to that, and after reading man page for polkit, I can
> > > > only deduct that .pkla file will for that example in that
> > > > com.example.awesomeproduct.* files reads lines under defaults and
> > > > "answer" on allow_any and allow_inactive with no value and on
> > > > allow_active with auth_admin value. Fine, that can work. Guess
> > > > that you can use wildecards for all users, like unix-user:*, but
> > > > that is only guess, cause I can't see it documented anywhere
> > > > ( might have missed it). What I also do not see anywhere is if
> > > > those are the only options available? Or there is some man page,
> > > > or additional documentation in Debian that can explain that?
> > > >   
> > > More examples, and in fact, all the Debian policies, are *.policy
> > > files and under /usr/share/polkit-1, as Brian pointed out.
> > > 
> > > -- 
> > > Joe 
> > >   
> > 
> > And all the files under /usr/share/polkiit-1 should listen to the
> > local settings under /etc/polkit-1/localauthority/ so I do not
> > understand what is your point?
> 
> I thought you might find more examples helpful. The man page says that
> policies come from /etc/polkit-1 and /var/lib/polkit-1, but on my
> system the /var/lib location is almost empty, and there's a lot
> in /usr/share/polkit-1, almost nothing in /etc/polkit-1.
> 

And, like I've said, thank you for your time. But those examples are all
policy files and local settings are done under
/etc/polkit-1/localauthority.conf.d/ for configuring which users, groups
or netgroups will be considered as admins for authentication, and under
/etc/polkit-1/localauthority/ directories with .pkla extension files
should be used for overriding policies with local settings. At least it
goes like that as far as I could deduct from man pages ( anyone thinking
that I did not understood that well, please correct me ). Now, files
under /etc/polkit-1/localauthority.conf.d/ I understand, or at least
believe so. What I'm still searching for is better understanding of
those .pkla files. I've read those man pages some time ago, when I've
started with attempts to wrap my head around policikit, but was rather
busy after that and did not completely finish with it. If I understood
it right, about any .pkla file should look something like this:

  [ Description of what it does ]
  
Identity=unix-user:someuser;unix-user:someotheruser;unix-group:somegroup;unix-group:someothergroup;unix-netgroup:somegroup;unix-netgroup:someothergroup
  Action=something.from.usr.share.polkit-1.actions
  ResultAny=no/yes/auth_self/auth_admin/auth_self_keep/auth_admin_keep
  ResultInactivee=same/options/as/above
  ResultActive=same/options/as/above

Now, what I believe is that for Identity and Action wildecards are
allowed and that there are no more options aside from ResultAny,
ResultInactive and ResultActive that can follow Action part. And that
no, yes or other values will be returned to Defaults section in that
policy file defined under Action part and change whatever was defined
there. If someone with greater understanding of Polkit could tell me if
I got it right, or not, that would be great. In case that I did not get
that right, any point in right direction, or explanation would be great
too.

Thank you for your time,
Dejan

Re: Embarrassing security bug in systemd

[Dejan Jocic]

On 10-12-17, Joe wrote:
> On Sun, 10 Dec 2017 00:13:59 +0100
> Dejan Jocic <jode...@gmail.com> wrote:
> 
> 
> > 
> > Man page for pklocalauthority is bit more helpful, but far from self
> > explanatory. 
> 
> And not updated for Debian.
> 
> > In its examples section, it provides some insight about
> > writing .pkla files, but it does not show all possible options, or at
> > least I can't be sure that it does. For example:
> > 
> > [Exclude Some Problematic Users]
> >Identity=unix-user:homer;unix-user:grimes
> >Action=com.example.awesomeproduct.*
> >ResultAny=no
> >ResultInactive=no
> >ResultActive=auth_admin
> > 
> > According to that, and after reading man page for polkit, I can only
> > deduct that .pkla file will for that example in that
> > com.example.awesomeproduct.* files reads lines under defaults and
> > "answer" on allow_any and allow_inactive with no value and on
> > allow_active with auth_admin value. Fine, that can work. Guess that
> > you can use wildecards for all users, like unix-user:*, but that is
> > only guess, cause I can't see it documented anywhere ( might have
> > missed it). What I also do not see anywhere is if those are the only
> > options available? Or there is some man page, or additional
> > documentation in Debian that can explain that?
> > 
> More examples, and in fact, all the Debian policies, are *.policy
> files and under /usr/share/polkit-1, as Brian pointed out.
> 
> -- 
> Joe 
> 

And all the files under /usr/share/polkiit-1 should listen to the local
settings under /etc/polkit-1/localauthority/ so I do not understand what
is your point?

Thank you for your time,
Dejan

Or the man pages are totally wrong?

Re: Embarrassing security bug in systemd

[Dejan Jocic]

On 09-12-17, Brian wrote:
> On Sat 09 Dec 2017 at 20:07:17 +0100, Dejan Jocic wrote:
> 
> > On 09-12-17, Jonathan Dowland wrote:
> > > On Sat, 2017-12-09 at 10:00 +, Brian wrote:
> > > > Consistencey can be achieved by not installing policykit. The OP
> > > > appears to have chosen the wrong target.Consistencey can be achieved > 
> > > > by not installing policykit.
> > > 
> > > As Michael pointed out in [1], that's not the case; prior to polkit,
> > > there was no consistency.
> > > 
> > > 
> > > [1]  <8430b277-3757-8261-0e1e-23e274a0b...@debian.org>
> > > 
> > 
> > Is it anywhere in Debian documentation described how to achieve
> > consistency in a way different than current defaults? Or, even better,
> > is there way that we could get some kind of configuration option to
> > achieve it? Polkit does not really have user friendly configuration and
> > is not really something that system administrators configure on a
> > everyday bases. At least not in my experience. Only thing that I did
> > find about configuring polkit was from some other distros. Debian wiki
> > page about PolicyKit is not really helpful.
> 
> Apart from not installing policykit, setting allow_active to "no" in
> /usr/share/polkit-1/actions/org.freedesktop.login1.policy would do it.
> 
> Much better is to use /etc/polkit-1/localauthority. See the manual for
> pklocalauthority.
> 
> -- 
> Brian.
> 

Man page for pklocalauthority is bit more helpful, but far from self
explanatory. In its examples section, it provides some insight about
writing .pkla files, but it does not show all possible options, or at
least I can't be sure that it does. For example:

[Exclude Some Problematic Users]
   Identity=unix-user:homer;unix-user:grimes
   Action=com.example.awesomeproduct.*
   ResultAny=no
   ResultInactive=no
   ResultActive=auth_admin

According to that, and after reading man page for polkit, I can only
deduct that .pkla file will for that example in that
com.example.awesomeproduct.* files reads lines under defaults and
"answer" on allow_any and allow_inactive with no value and on
allow_active with auth_admin value. Fine, that can work. Guess that you
can use wildecards for all users, like unix-user:*, but that is only
guess, cause I can't see it documented anywhere ( might have missed it).
What I also do not see anywhere is if those are the only options
available? Or there is some man page, or additional documentation in
Debian that can explain that?

Thank you for your time,
Dejan

Re: Embarrassing security bug in systemd

[Dejan Jocic]

On 09-12-17, Jonathan Dowland wrote:
> On Sat, 2017-12-09 at 10:00 +, Brian wrote:
> > Consistencey can be achieved by not installing policykit. The OP
> > appears to have chosen the wrong target.Consistencey can be achieved > by 
> > not installing policykit.
> 
> As Michael pointed out in [1], that's not the case; prior to polkit,
> there was no consistency.
> 
> 
> [1]  <8430b277-3757-8261-0e1e-23e274a0b...@debian.org>
> 

Is it anywhere in Debian documentation described how to achieve
consistency in a way different than current defaults? Or, even better,
is there way that we could get some kind of configuration option to
achieve it? Polkit does not really have user friendly configuration and
is not really something that system administrators configure on a
everyday bases. At least not in my experience. Only thing that I did
find about configuring polkit was from some other distros. Debian wiki
page about PolicyKit is not really helpful.

Thank you for your time,
Dejan

Re: Embarrassing security bug in systemd

[Dejan Jocic]

On 07-12-17, Michael Biebl wrote:
> 
> As has already been mentioned, active, local users can shutdown/reboot
> the system without requiring a password. This is intended behaviour (for
> the reasons already mentioned) and can indeed be overridden by custom
> polkit rules.
> 

Is there anywhere in Debian documentation example, or explanation how to
override anything with custom polkit rules? I could not find it, but
guess that it is possible that somehow I've missed it.



> 
> -- 
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
> 

Re: [rkhunter] coyote.coyote.den - Daily report

[Dejan Jocic]

On 28-11-17, Michael Stone wrote:
> On Tue, Nov 28, 2017 at 01:20:52PM +0100, Dejan Jocic wrote:
> > If you do not understand it, purge it and
> > warnings will be gone. That rkhunter is approved, tested and well used
> > and recommended tool by some security experts is of no value at all.
> 
> I think you'd find more security experts who roll their eyes at it.
> 
> Mike Stone
> 

Well, I would love to see sources where you've found that. Any links
perhaps, or is it more based on personal opinion and/or conversations
you had with some security experts?

Re: [rkhunter] coyote.coyote.den - Daily report

[Dejan Jocic]

On 27-11-17, Gene Heskett wrote:
> On Monday 27 November 2017 17:39:45 Brian wrote:
> 
> > On Mon 27 Nov 2017 at 16:56:15 -0500, Gene Heskett wrote:
> > > On Monday 27 November 2017 15:57:34 Brian wrote:
> > > > On Mon 27 Nov 2017 at 15:46:55 -0500, Gene Heskett wrote:
> > > > > On Monday 27 November 2017 14:35:17 root wrote:
> > > > >
> > > > > Installed new firefox-esr yesterday, from the wheezy repos.
> > > > > Today, rkhunter has a cow:
> > > >
> > > > [rkhunter nonsense snipped]
> > > >
> > > > > How should I restore?
> > > >
> > > > Restore what?
> > >
> > > An obviously contaminated firefox-esr. Or whatever in this list is
> > > contaminated: Its to complete list from the last wheezy update.
> > >
> > > Turns out that rkhunter looked over firefox-esr on its previous run
> > > and apparently gave it a passing grade. So I have to assume its
> > > something in yesterdays list:
> >
> > [Long list snipped]
> >
> > I'd ignore it. Better still, purge rkhunter from the system. It is
> > renowned for giving false positives. There is no well-substantiated
> > account of it ever discovering anything of consequence.
> 
That is terrible advice. If you do not understand it, purge it and
warnings will be gone. That rkhunter is approved, tested and well used
and recommended tool by some security experts is of no value at all.

> Thats another possibility, I get tired of its mewling about stuff thats 
> normal here. I use amanda, so yes, xinetd is in use, and other similar 
> crap. I am amazed it doesn't fuss about ~/gene/bin/mailwatcher, which is 
> my coupling between fetchmail and kmail.
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page 
> 

If you are tired of its "mewling about stuff thats normal here" then do
something about it. Rkhunter has conf file where you can whitelist that
stuff.

All that rkhunter did was its job. He issued you warnings about some
stuff that according to its conf file is suspicious. Now, it is on you
to investigate that and see if those warnings  are serious, or not.

Re: Another Devuan annoyance: CLI default apps

[Dejan Jocic]

On 01-11-17, Reco wrote:
>   Hi.
> 
> On Wed, Nov 01, 2017 at 10:00:27AM +0100, Jochen Spieker wrote:
> > deloptes:
> > > 
> > > Indeed, thanks for the hint, however OP wanted to edit crontab, which 
> > > needs
> > > root access.
> > 
> > 'crontab -e' works for all users.
> 
> A more correct way to put it is 'crontab utilizes root access'.
> 
> $ ls -al /usr/bin/crontab
> -rwxr-sr-x 1 root crontab 34936 May  3  2015 /usr/bin/crontab
> 
> So, anyone can run crontab, that's true.
> Does not change the fact that crontab runs as root.
> 
> Reco
> 

That is SGID bit is for group, which is crontab, not root. On Debian,
every user can edit its own crontab file by default, which can be
changed if file /etc/cron.allow exists and user is added there, or if
/etc/cron.deny exists and user is not there.

Re: Recovering accidentally deleted file folder

[Dejan Jocic]

On 16-10-17, Richard Owlett wrote:
> It wasn't backed up - will have to follow advice  advice I've given others
> ;/
> I've not done file recovery since early days of WinXP.
> 
> On the affected machine I'm running Stretch(9.1) with Mate desktop.
> The affected folders are on a partition normally mounted by a line in fstab.
> 
> I immediately shut down.
> There is another instance of Debian on a separate partition.
> Logging in as root I edited fstab commenting out the appropriate line.
> 
> I feel the the data is still valid - there is just no appropriate directory
> entries for the affected folder and its sub-directories.
> 
> Guidance please.
> 
> TIA
> 

You can use scalpel, or foremost. Both work fine, both are packaged in
Debian. You can use them both on hard drives/partitions and on imaged
files.

Re: non-free firmware not found despite unofficial CD

[Dejan Jocic]

On 13-10-17, Emanuel Berg wrote:
> Curt wrote:
> 
> >> I managed to install it by unplugging the
> >> Ethernet cable, moving the computer to
> >> another place, and instead using
> >> a smartphone with USB-tethering to provide
> >> Internet. Now one wonders, what will happen
> >> when I plug in an Ethernet cable once more
> >> and expect Internet to work? Will it?
> >
> > For the answer to these questions and more,
> > be sure to tune in to the next installment of
> > "Manny Does Debian."
> 
> :)
> 
> > You must upgrade to the newest BIOS, because
> > the F.07< bioses, were known to have trouble
> > with ethernet drivers in Linux (and also in
> > Windows XP). After that you don't have to add
> > `noacpi` options on boot, as it is said in
> > some forums.
> 
> Upgrade the BIOS? How do I do that?
> 
> And how do I know if I have F.07 or less?
> 
> > You do have an HP Compaq 6720s, right?
> 
> Yes.
> 
> -- 
> underground experts united
> http://user.it.uu.se/~embe8573
> 

I've checked it fast and it looks like that there is no BIOS updates to
download for Linux for your model. But there are some for Windows XP.
So, there are 2 possible solutions. One is to install M$ on some hard
and to download and install BIOS update with it. After that get rid of
that infection of operating system. Other solution would be to do
something like this:

https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/How-to-update-BIOS-on-Linux/td-p/4869835

Never did it on HP, so not sure how well it would go. But I know that
method like that/similar to that was successful on Dell laptops before.
As for how to find BIOS version, you can use dmidecode command, with
root privs to find out.

Hope that this helps.

Re: AIDE defaults in debian stretch

[Dejan Jocic]

On 10-10-17, j...@bluemarble.net wrote:
> The Debian configuration files in AIDE on Debian seem to monitor a lot of
> files that I'm not sure need monitoring. Maybe someone could shed some
> light.
> 
> Is there a reason I should monitor /run? What about the /var/log/ files that
> are rotated. It often complains about that. How about systemd journal files?
> 
> Thanks.
> 
> 

I'm far from expert in this, just user of AIDE, so was hopping that
someone with more knowledge than me will shed some light on this.
Anyway, I did not like how AIDE works in Debian, looked overcomplicated
to me, so I've installed aide without recommends. If you do it like
that, you end up without aide-common package, which will make AIDE much
more vanilla like. You do not have any config file, nor cron job added
automatically. So, you need to do bit of learning that way and to
include in that aide.conf file what you want, and what you do not want.
Find some examples on net, like this one:

# define the path for creating the databases.
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
database_new=file:/var/lib/aide/aide.db.new
 
# define your own aide rule.
MYRULE =  p+n+u+g+s+m+c+xattrs+md5+sha1
 
# choose your directories/files you want in the database and which rule should 
be used.
/ MYRULE
 
# define your exceptions.
!/proc   # ignore /proc filesystem
!/sys# ignore /sys filesystem

That one is obvious overkill, because whole system will be checked
except /proc and /sys, but is good example how you can exclude what you
do not want to. Also, that one uses /var/lib/aide for databases, which
for sure is not recommended practice. Best practice would be to put
aide.conf, databases and even aide binary on, for example, USB that
would be inserted just for check. As for should you make AIDE check /run
and /var/log, not really sure. Some think that even some things under
/proc should be checked (not that AIDE can do it anyway). But checking
/var/log is annoying and bit of overkill, at least for me.

Hope that this helps you at least a bit.

Re: How to change the console font?

[Dejan Jocic]

On 27-09-17, Hugo Vanwoerkom wrote:
> I used to be able to change the console font with a GUI program.
> But I have forgotten how to do that. Console setup doesn't do it, I don't
> know what that does.
> 
> Can anybody help me out here?
> 
> Hugo (Sid)
> 

Don't know about GUI program, can't remember of any that was able to do
it. But, console settings are in /etc/default/console-setup. You can
edit those by hand, or run dpkg-reconfigure console-setup. That worked
for me.

Re: Rescue mode when root account locked

[Dejan Jocic]

On 20-09-17, solitone wrote:
> When I boot in rescue mode, I get this message:
> 
> Cannot open access to console, the root account is locked. See sulogin(8)
> man page for more details
> 
> When I press Enter to continue, it continues bootup in normal graphical
> mode.
> 
> Would it be wiser to unlock the root account, so that I can go into single
> user mode? Or is there something I can do, without unlocking the root
> account?
> 

You have locked root account, presumably during install, when you
decided that you do not need it and that you will just use sudo instead.
That stuff is more for Ubuntu than for Debian, because ubuntu has
patched sulogin to allow single user mode when root account is locked.
You can easily unlock you root account with sudo passwd root. Enter
password and root account will be unlocked. Unless you've used some
other method for locking root, like putting /usr/sbin/nologin shell in
/etc/passwd for root instead of /bin/bash. In that case you will have to
undo your changes there. 

Re: Make CapsLock an additional Escape key - Problem: https://wiki.debian.org/Keyboard advice does not work

[Dejan Jocic]

On 15-09-17, Peter Smith wrote:
> > Hi,
> >
> > I have tried to change the behavior of the CapsLock key to make it an
> > additional Escape key. In order to do this I read the advice on
> > https://wiki.debian.org/Keyboard
> >
> > Specifically I did:
> > I changed the file /etc/default/keyboard to:
> >
> > XKBLAYOUT="us,at"
> > XKBVARIANT=","
> > BACKSPACE="guess"
> > XKBMODEL="pc105"
> > XKBOPTIONS="caps:escape"
> >
> > Then I tried to execute the commands
> >
> > # service keyboard-setup restart
> >
> > and rebooting the the whole system. Nothing worked. After rebooting
> > the CapsLock key behaved in exactly the same manner as before
> > rebooting. It is still a CapsLock key.
> >
> > Maybe this is helpful:
> > I use Debian Testing with Gnome.
> >
> > Does anyone have any tips on why this does not work? Or how to inform
> > the Wiki team that this page contains wrong information?
> >
> > Best regards,
> > Peter
> >
> > P.S.: I actually was able to change the keyboard layout later on by
> > the Gnome Tweak tool, but nevertheless I do not unterstand why the
> > official information does not work and it should be rectified.
> >
> 
> >In case of Gnome, use gnome tweak tool, typing, caps lock key behaviour.
> >Set it there and that's it.
> 
> 
> --> Yes, I have already done that. Nevertheless the documentation on
> that Wiki page is wrong. I'd like to report a bug or something like
> this but the Wiki page does not provide any clues on how to do that.
> I don't want anybody else to waste his/her time by reading and
> following that wrong documentation. Do you know how to file a bug for
> that Wiki page?

Ahh, sorry, did not get that P.S. part, thought that it is part of
signature, or something like that. As for wiki question, perhaps you can
find answer on this page: https://wiki.debian.org/DebianWiki/Contact

Re: Make CapsLock an additional Escape key - Problem: https://wiki.debian.org/Keyboard advice does not work

[Dejan Jocic]

On 15-09-17, Peter Smith wrote:
> Hi,
> 
> I have tried to change the behavior of the CapsLock key to make it an
> additional Escape key. In order to do this I read the advice on
> https://wiki.debian.org/Keyboard
> 
> Specifically I did:
> I changed the file /etc/default/keyboard to:
> 
> XKBLAYOUT="us,at"
> XKBVARIANT=","
> BACKSPACE="guess"
> XKBMODEL="pc105"
> XKBOPTIONS="caps:escape"
> 
> Then I tried to execute the commands
> 
> # service keyboard-setup restart
> 
> and rebooting the the whole system. Nothing worked. After rebooting
> the CapsLock key behaved in exactly the same manner as before
> rebooting. It is still a CapsLock key.
> 
> Maybe this is helpful:
> I use Debian Testing with Gnome.
> 
> Does anyone have any tips on why this does not work? Or how to inform
> the Wiki team that this page contains wrong information?
> 
> Best regards,
> Peter
> 
> P.S.: I actually was able to change the keyboard layout later on by
> the Gnome Tweak tool, but nevertheless I do not unterstand why the
> official information does not work and it should be rectified.
> 

In case of Gnome, use gnome tweak tool, typing, caps lock key behaviour.
Set it there and that's it.

Re: Upgrade from jessie to strech wants to bloat by system

[Dejan Jocic]

On 07-09-17, Urs Thuermann wrote:
> After fully updating my jessie system using
> 
> aptitude update; aptitude full-upgrade
> 
> I edited sources.list to dist-upgrade to strech.  A folloing aptitude
> upgrade wants to install additional 1.5 GB on my system which is
> currently ~5 GB, i.e. a 30% increase:
> 
>   # df -h / /usr
>   Filesystem  Size  Used Avail Use% Mounted on
>   /dev/dm-0   2.0G  1.8G  135M  93% /
>   /dev/dm-2   7.8G  4.4G  3.0G  60% /usr
>   # du -hs /root
>   1.4G/root
>   # aptitude upgrade
>   Resolving dependencies...
>   ...
>   The following NEW packages will be installed:
> btrfs-progs{a} clang-3.8{a} cpp-6{a} cpp-6-doc{a} dh-autoreconf{a}
> ...
>   The following packages will be REMOVED:
> cpp-4.9-doc{u} docutils-common{u} docutils-doc{u} g++-4.9{u} 
> gir1.2-vte-2.90{u}
> ...
>   The following packages will be upgraded:
> acct acl acpi acpi-support-base acpid adduser adwaita-icon-theme apache2
> ...
>   1151 packages upgraded, 297 newly installed, 128 to remove and 82 not 
> upgraded.
>   Need to get 1843 MB of archives. After unpacking 1537 MB will be used.
>   Do you want to continue? [Y/n/?]
> 
> I see that some new versions of packages are installed without the old
> versions being removed, although they are marked as automatically
> installed, e.g. Linux kernel, clang, llvm, and some others.  For
> example
> 
>   # aptitude search "~i clang"
>   i   clang - C, C++ and Objective-C compiler (LLVM based)
>   i A clang-3.5 - C, C++ and Objective-C compiler (LLVM based)
>   i A libclang-common-3.5-dev   - clang library - Common development package
>   i A libclang1-3.5 - C interface to the clang library
> 
> and aptitude full-upgrade will install clang-3.8 but not remove
> clang-3.5.  But my suspicion is that even when I manually remove all
> these old packages, the installation is still unreasonably larger than
> it is currently.
> 
> urs
> 

Can you check what happens if you use apt-get update && apt-get upgrade
followed by apt-get dist-upgrade? Aptitude is not really best tool for
upgrades between distribution releases.

Re: Recommended editor for novice programmers?

[Dejan Jocic]

On 03-09-17, solitone wrote:
> On Saturday, 2 September 2017 15:01:37 CEST The Wanderer wrote:
> > I'm not sure what you would qualify as a "programming editor", but what
> > I use to write code (when nano won't do) is geany, which is a graphical
> > syntax-highlighting editor with various other features useful to a
> > programmer.
> 
> But is there anything that can do code autocomplation, for C++ or Java for 
> instance? Like getting the list of methods available for an object, when 
> typing a dot, as a typical IDE would do.
> -- 
> ⢀⣴⠾⠻⢶⣦⠀ 
> ⣾⠁⢠⠒⠀⣿⡁Sent from my brain using neurons fueled by glucose.
> ⢿⡄⠘⠷⠚⠋⠀ 
> ⠈⠳⣄
> 

For Vim:

http://valloric.github.io/YouCompleteMe/

For Emacs:

https://www.emacswiki.org/emacs/AutoComplete

Something like that?

Re: how to roll back to jessie

[Dejan Jocic]

On 03-09-17, Brian wrote:
> On Sun 03 Sep 2017 at 10:56:59 +, Long Wind wrote:
> 
> > i had installed jessie a long time agotoday i run command "apt-get
> > update"and "apt-get install ..."a lot of packages upgraded then I find
> > that sources.list is pointed to stablewhich means stretchclearly this
> > is not the correct way to upgrade to stretchand some programs do not
> > work now i want to go back to jessiewhat should i do? Thanks!
> 
> I do not think you can and have never seen an account of its being done
> successfully.
> 
> -- 
> Brian.
> 

Well, some claimed that it worked. Like, change sources lists, pin
packages to version you want to downgrade to, apt-get update && apt-get
upgrade, apt-get dist-upgrade and then purge misbehaving packages. And
after that another dist-upgrade. But, not sure that it will work every
time, never did it personally nor seen someone really doing it. Plus I
do not understand need for that. Just backup your data, get selection of
manually installed packages with apt-mark, or with aptitude, install
Jessie and backup your data, then use apt-mark and apt-get to install
those packages. It is much safer approach to solving that problem.

Re: debian-user-digest Digest V2017 #975

[Dejan Jocic]

On 03-09-17, Ian Martin wrote:
> 
> > 
> > The emacs (non-DFSG) info pages will be useful for novices, but will
> > be absent unless you install them. The emacsNN-common-non-dfsg package
> > for the corresponding version (NN) of emacs is one way to do so.
 
You've missed thread. This is definitely wrong one.

> Geany +1 ( with the addon packages).  Also Bluefish.
> 
> Novices are on a steep learning curve as it is.  If you're trying to
> encourage them to consider programming as a viable use of time, minimising
> the number of new things to learn before they achieve a result is
> important.  Most computer users already know how to interact with an Office
> text editor; changing the paradigm to that of vim or emacs condemns them to
> having to learn a whole new way of opening/ writing/ saving.
> 
> While I have used emacs & vim, there's a feeling of intense satisfaction on
> actually managing to save a changed file without any unpleasant surprises. 
> It shouldn't be that much of a relief! If copy/move/edit/save requires
> significant cognitive effort, there's something wrong with the process and
> only the stubborn will survive.  Pointing people to the manual for that
> basic a process is not a solution; if I bought a bicycle that required me to
> read the manual before I could ride it, it'd be returned unfit for purpose
> a.s.a.p.
> 
> 
> Ian.
> 

What are you talking about? Both Vim and Emacs have GUI that will let
you open, save and stuff like that files with mouse, as well as with
shortcuts. And both Emacs and Vim come with tutorials that will set you
up and running for basic tasks in no time at all. And once you learn not
to use GUI tools in Vim and Emacs, which will not take you long time
with just a bit of practice, you will be much faster and every editing
task will become easier. 

Re: Recommended editor for novice programmers?

[Dejan Jocic]

On 02-09-17, rhkra...@gmail.com wrote:
> On Saturday, September 02, 2017 06:46:33 PM david...@freevolt.org wrote:
> > On Sat, 2 Sep 2017, Mario Castelán Castro wrote:
> > [snip]
> > 
> > > On 02/09/17 13:34, Dejan Jocic wrote:
> > >> You can set up both Vim and Emacs as powerful programming editors.
> > > 
> > > These are the *worst* possible suggestions. Both of these editors
> > > require a lot of learning to even use them at all. If the OP follows
> > > your advice, his users will have the impression that all software in
> > > GNU/Linux is as arcane and difficult to use as GNU Emacs and Vim
> > > are.
> > 
> > I somehow doubt that you yourself find Emacs or Vim "difficult to
> > use", or believe their design is "arcane". (Of course, I might well be
> > mistaken. I'm only guessing.)
> > 
> > My contrary view, for whatever it might be worth: In the early weeks
> > of my own initiation to a unix-like operating system, we used
> > Emacs. Accompanied by a cheat-sheet of commonly useful keyboard
> > shortcuts, I found that learning the basics of Emacs in particular,
> > and navigating the self-contained documentation, was an eye-opening
> > introduction to the unix-like world and its universe of reliable
> > tools.
> > 
> > When, many years later, I developed a greater interest in computers, I
> > was happy to discover that
> > 
> >1. I hadn't been taught only how to ride a tricycle, but had been
> >riding a full-fledged bicycle all along, and
> > 
> >2. I would never need to learn to use another text-editor again, if
> >I didn't want to do so.
> 
> I "grew up" using editors (of a sort) (or card punches) (or teletype 
> machines) 
> on a variety of other OSs (IBM 360, Univac 1108, PDP-8, -11 (and one other) 
> VAX, Foxboro, Westinghouse, (not in sequential order), and eventually DOS, 
> Windows, and Linux.  I didn't encounter Vim or Emacs until I got to Linux.  
> By 
> then I was very used to GUI editors, a vast improvement over things I had 
> used 
> before.
> 
> I made more than one attempt to learn both, and I do occasionally use vi 
> (when 
> I'm stuck with no other editor), but I wouldn't wish either on a novice 
> programmer.  Further, I don't think they have any advantage over a good GUI 
> editor with features like a scripting language, keyboard macros, outlining / 
> folding, syntax highlighting, and such.
> 

Actually, they do have advantage, plus all those things that you've
mentioned. Their advantage is in the speed of moving around. Plus tones
of extensions, scripts, addons that exist for them. If you search around
for best programming editor, most searches will return vim. Sure, that
does not mean it is best for you. But it is certainly not bad
recommendation. Nor is Emacs. They are about same. But both have
downside. Best downside of Vim I've found would be this:

"Once you're used to it, you won't like other editors

When your fingers have learned Vim's keyboard commands, you'll find
yourself reaching for them even when using other text editors. You'll
get frustrated every time you have to reach for the mouse or move your
cursor letter by letter with the arrow keys. You'll notice every time a
Vim feature would save you time and tedium, and you'll wish the editor
you're actually using had it. You'll wish the editor was Vim. You'll
wish everything was Vim. You'll wish this imperfect world we live in
could somehow become just a little bit more graceful, a little bit more
elegant, by adopting modal text editing as a common paradigm. You'll
wish desperately that this world was that better one. But it isn't. It
isn't. And it never will be.:wq"

Best downside of Emacs would be that once you really start working in
it, you can start living in it. Best upside of Emacs is that it has evil
mode.

Re: Recommended editor for novice programmers?

[Dejan Jocic]

On 02-09-17, Mario Castelán Castro wrote:
> On 02/09/17 13:34, Dejan Jocic wrote:
> > You can set up both Vim and Emacs as powerful programming editors.
> 
> These are the *worst* possible suggestions. Both of these editors
> require a lot of learning to even use them at all. If the OP follows
> your advice, his users will have the impression that all software in
> GNU/Linux is as arcane and difficult to use as GNU Emacs and Vim are.
> 
> -- 
> Do not eat animals; respect them as you respect people.
> https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
> 

That depends on whom you ask. For me, there was not anything arcane in
both Emacs and Vim. I've found them easier to use than nano, for
example. OP is looking for programming editor. While there are some GUI
based editors that can fulfill that role, with some extensions added and
or enabled, for most beginner programming tasks, Vim and Emacs will do
fine. Net is full of tutorials and primers for both, some of which are
really excellent source of getting started. I've did try them as soon as
I've started to get into command line and bash scripts and I've never
looked back. Others I've tried, including but not limited to nano,
Gedit, Kate and so on were not so pleasant to use for anything but quick
one line editing, reading some text or copy paste things. And if someone
prefers GUI editor, there is always gvim. Though all that stuff like
what is best editor/desktop environment/music player/insert something
here is matter of opinion and taste, not facts. Including, but certainly
not limited to my opinion. And OP certainly can install several
different editors and let users try them all and pick what suites them
best.

Re: Recommended editor for novice programmers?

[Dejan Jocic]

On 02-09-17, Tom Browder wrote:
> My Linux user group is setting up one desktop computer and one laptop
> computer for lending to our local library as an educational resource for
> folks who want to explore what Linux is all about.  We are using Debian 9
> for now.
> 
> I am open to any suggestions for standard packages we should add. I have
> already installed gcc and friends as well as Scilab, R, Perl 6, and some
> other stuff, including emacs.
> 
> I would especially appreciate other ideas for programming editors for
> novice programmers.
> 
> Thanks.
> 
> Best regards,
> 
> -Tom

You can set up both Vim and Emacs as powerful programming editors.

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Dejan Jocic]

On 31-08-17, Dejan Jocic wrote:
> On 31-08-17, Felix Miata wrote:
> > Over an hour I've been searching in vain, apparently using broken 
> > Google-fu, for
> > something using examples to explain how to prevent unwanted package(s) from
> > being installed via pinning when apt-mark's hold is being disregarded. 
> > Anyone
> > familiar with an URL that would do this?
> > 
> > In openSUSE, it's a simple process:
> > 
> > zypper al unwantedpackagename[version]
> > 
> > That's all there is to it, other than it also works with wildcards.
> > -- 
> > "The wise are known for their understanding, and pleasant
> > words are persuasive." Proverbs 16:21 (New Living Translation)
> > 
> >  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
> > 
> > Felix Miata  ***  http://fm.no-ip.com/
> > 
> 
> Not sure that I understand, because man page gives enough examples.
> Like:
> 
>  P < 0
>   prevents the version from being installed
> 
> So, for preventing some package to be installed:
> 
> Package: somepackage
> Pin: origin ""
> Pin-Priority: -1
> 
> That will prevent all packages with somepackage name to be installed, no
> matter of origin. In Pin section, you can use release instead, if you
> want to restrict just specific release, but that is all well explained
> in man page of apt_preferences with lots of examples.
> 
Eh, was bit sleepy still when I wrote this. Posting before properly
waking up should be forbidden. That origin part will prevent only from
local site. Use something like Pin: release a=stable instead of it. You
can also use name like Pin: release n=stretch. And for package, you can
use also version, like Pin: version 2.01.1-1+b2. Or even Pin: version
2.01* to prevent all versions starting with 2.01 to be installed.


Sorry for confusion.

Re: want pinning with examples to prevent unwanted package(s) from being installed

[Dejan Jocic]

On 31-08-17, Felix Miata wrote:
> Over an hour I've been searching in vain, apparently using broken Google-fu, 
> for
> something using examples to explain how to prevent unwanted package(s) from
> being installed via pinning when apt-mark's hold is being disregarded. Anyone
> familiar with an URL that would do this?
> 
> In openSUSE, it's a simple process:
> 
>   zypper al unwantedpackagename[version]
> 
> That's all there is to it, other than it also works with wildcards.
> -- 
> "The wise are known for their understanding, and pleasant
> words are persuasive." Proverbs 16:21 (New Living Translation)
> 
>  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
> 
> Felix Miata  ***  http://fm.no-ip.com/
> 

Not sure that I understand, because man page gives enough examples.
Like:

 P < 0
  prevents the version from being installed

So, for preventing some package to be installed:

Package: somepackage
Pin: origin ""
Pin-Priority: -1

That will prevent all packages with somepackage name to be installed, no
matter of origin. In Pin section, you can use release instead, if you
want to restrict just specific release, but that is all well explained
in man page of apt_preferences with lots of examples.

Re: Debian pre installed

[Dejan Jocic]

On 28-08-17, Banks Mawson wrote:
> Hello,
> I,am hoping you can help me. I,am looking to buy a new laptop,
> But would like Debian 9 pre-installed on it. 
> Can you please tell me where  I can get one from.
> Tried installing it on Lenovo r61i but to no avail.   
>   Hope you can help.  
> Regards
>Banks Mawson
> Isle of Man
> 
> Sent from Mail for Windows 10
> 

Here is page that you might find helpful:

https://www.debian.org/distrib/pre-installed

Aside from that, there are many laptops on which you can install and use
Debian 9 without problem. From personal experience, you can always pick
Dell that comes with pre-installed Ubuntu on it. Debian will install on
it too, though you will probably need non-free firmware for most of
those ( not problem at all if you use install image with non-free
firmware ). Also it is worth checking these links:

http://linux-laptop.net/

https://system76.com/laptops

http://zareason.com/Laptops/

Re: security issues

[Dejan Jocic]

On 26-08-17, R Calleja wrote:
> Buenos dias, soy usuario de debian 8.9 desde hace 2 años.
> Tengo problemas de seguridad que me obligan a reinstalar el sistema a
> menudo, una vez al año.
> He leido documentos y ayuda para mejorar la seguridad.
> Pero no soy un usuario con conocimientos avanzados de sistemas.
> Mi objetivo es conseguir una estacion de trabajo segura .
> He conocido herramientas como:
> Lynis, openval, nessus, grsecurity,apparmor, selinux, etc
> Si puede alguien con conocimientos de seguridad  ayudarme. O hay alguna
> empresa que de soporte.
> 
> Muchas gracias, Roberto
> 
> 
> Good afternoon, I have been debian 8.9 user for 2 years.
> I have security issues that force me to reinstall the system often, once a 
> year.

What security issues?

> I have read documents and help to improve security.

What documents?

> But I am not a user with advanced systems knowledge.

That is not problem, you can find lots of tutorials and documents
around.

> My goal is to get a safe work station.
> I have known tools like:
> Lynis, openval, nessus, grsecurity, apparmor, selinux, etc.

Apparmor and selinux do not go together, use just apparmor because it is
easier to set up and easier not to mess up. Selinux in theory can
provide you with more protection, but in practical use you will not see
it. Lynis is probably too much for you. Openval I do not know, nessus I
did not use. Grsecurity is, according to Linus Torvald:

"

Don't bother with grsecurity.

Their approach has always been "we don't care if we break
anything, we'll just claim it's because we're extra secure".

The thing is a joke, and they are clowns. When they started
talking about people taking advantage of them, I stopped
trying to be polite about their bullshit.

Their patches are pure garbage.

Linus
"
> If anyone with safety knowledge can help me. Or is there any support company.
> 
> Thank you very much, Roberto

For someone who knows little, you are sure installing too much things.
Here are some general advices, but do not take this for granted, it is
based on personal opinion after all, and I'm not security expert, though
I did read for few of those have to say about security in linux.

1. Firewall. If you are connected to net and use some services you
really want it. Choose simple one, like gufw. That is front end for ufw
( uncomplicated firewall ) and will serve your needs well. If you want
something more secure, but really more complicated, you will have to
learn iptables.

2. Always keep your system updated with latest security patches. So, do
your daily routine of apt-get update && apt-get upgrade. Even apt-get
dist-upgrade, in case of need.

3. apparmor can help to mitigate risks of some exploits and is easier to
setup than selinux.

4. Use some tools that can help you detect potential rootkits. So, learn
how to use rkhunter, chkrootkit and some of intrusion detection tools,
like aide, or tripwire. Also some network based intrusion detection
tools like Snort, or suricata.

5. If you use ssh, disable root login, disable logging with passwords,
use pair of keys. When we are at root account, if someone else can
physically access your comp, you should disable it too and use sudo. But
it is not necessary and will not increase your security as standalone
solution in cases where someone can poke your comp freely. For further
reading about restricting root account: 
https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-wstation-privileges-noroot.html

6. Just in case that you are connected to some windows based machines,
you can install and use clamav. But it will not protect you personally,
will just make you better neighbour.

7. Oh, yes, secure password is good thing to have too. Do not use your
name, your family names, your dog name, nor anything that can be
connected to you, or is susceptible to dictionary attacks. You can
install some tool like john the riper to check if your password is weak.

8. Encrypt your data and use backups.

9. Do a lot of reading about all that, practice a bit and do not put
high hopes in paying someone to protect you. If you do not know what are
you doing, no one can babysit your 24 hours a day.

10. I'm sure that there is more and that some people around can tell
you more, but complete guide to security is hard to get on this list, or
in some forums. There are some books around about that subject, written
by people that know lots and can presented better than I can. Again, it
requires lots of reading, research and practicing. And no one can do it
for you. If you want to be more secure, than you must get "advanced
knowledge".

Hope that this can help you a bit.

Re: Debian v9 it's a stretch

[Dejan Jocic]

On 24-08-17, Brian wrote:
> On Thu 24 Aug 2017 at 21:56:51 +0200, Dejan Jocic wrote:
> 
> > On 24-08-17, Brian wrote:
> > > On Thu 24 Aug 2017 at 21:31:55 +0200, Dejan Jocic wrote:
> > > 
> > > > On 24-08-17, Brian wrote:
> > > > > On Thu 24 Aug 2017 at 21:16:26 +0200, Dejan Jocic wrote:
> > > > > 
> > > > > > On 24-08-17, Brian wrote:
> > > > > > > > The alternative would be to reconfigure rkhunter.
> > > > > > > 
> > > > > > > You could make a start by purging it from your system. It 
> > > > > > > performs no
> > > > > > > useful function.
> > > > > > > 
> > > > > > > -- 
> > > > > > > Brian.
> > > > > > > 
> > > > > > 
> > > > > > Could you explain that bit more, please?
> > > > > 
> > > > > apt-get purge rkhunter. Enough?
> > > > > 
> > > > 
> > > > No, not really. Why do you think that rkhunter is useless?
> > > 
> > > It does not anything of consequence.
> > > 
> > > -- 
> > > Brian
> > > 
> > 
> > Do you find checking for possible rootkits is useless, or you are just
> > not happy how rkhunter performs that function?
> 
> A well-documented case of rkhunter discovering a rootkit in the last
> ten years (the 1000s of false positives do not count) would go a long
> way to establishing its credence,
> 

So, those in security/forensics who recommend use of rkhunter have just
been silly? Interesting. But think that I'll use it anyway, just to be
on the safe side. It does not hurt.

Re: Debian v9 it's a stretch

[Dejan Jocic]

On 24-08-17, Brian wrote:
> On Thu 24 Aug 2017 at 21:31:55 +0200, Dejan Jocic wrote:
> 
> > On 24-08-17, Brian wrote:
> > > On Thu 24 Aug 2017 at 21:16:26 +0200, Dejan Jocic wrote:
> > > 
> > > > On 24-08-17, Brian wrote:
> > > > > > The alternative would be to reconfigure rkhunter.
> > > > > 
> > > > > You could make a start by purging it from your system. It performs no
> > > > > useful function.
> > > > > 
> > > > > -- 
> > > > > Brian.
> > > > > 
> > > > 
> > > > Could you explain that bit more, please?
> > > 
> > > apt-get purge rkhunter. Enough?
> > > 
> > 
> > No, not really. Why do you think that rkhunter is useless?
> 
> It does not anything of consequence.
> 
> -- 
> Brian
> 

Do you find checking for possible rootkits is useless, or you are just
not happy how rkhunter performs that function?

Re: Debian v9 it's a stretch

[Dejan Jocic]

On 24-08-17, Brian wrote:
> On Thu 24 Aug 2017 at 21:16:26 +0200, Dejan Jocic wrote:
> 
> > On 24-08-17, Brian wrote:
> > > On Thu 24 Aug 2017 at 15:44:30 +0200, Rob van der Putten wrote:
> > > 
> > > > Hi there
> > > > 
> > > > 
> > > > On 24/08/17 15:39, Dan Ritter wrote:
> > > > 
> > > > >As of Stretch, the standard OpenSSH sshd does not support
> > > > >Protocol 1, so there's no particular reason to enforce it
> > > > >by stating Protocol 2.
> > > > 
> > > > I assumed as much. It's just a simple way to keep rkhunter happy.
> > > > 
> > > > >PermitRootLogin now defaults to "prohibit-password", which
> > > > >means that you can log in as root with a proper SSH key or
> > > > >via other methods you have set up, but not with a password.
> > > > >Another useful argument is forced-commands-only, which requires
> > > > >both public-key authentication and a command="blah blah" option
> > > > >in the authorized_keys file, and only allows those commands to
> > > > >be run. If you've got a pull backup system, that can help.
> > > > 
> > > > The alternative would be to reconfigure rkhunter.
> > > 
> > > You could make a start by purging it from your system. It performs no
> > > useful function.
> > > 
> > > -- 
> > > Brian.
> > > 
> > 
> > Could you explain that bit more, please?
> 
> apt-get purge rkhunter. Enough?
> 

No, not really. Why do you think that rkhunter is useless?

Re: Debian v9 it's a stretch

[Dejan Jocic]

On 24-08-17, Brian wrote:
> On Thu 24 Aug 2017 at 15:44:30 +0200, Rob van der Putten wrote:
> 
> > Hi there
> > 
> > 
> > On 24/08/17 15:39, Dan Ritter wrote:
> > 
> > >As of Stretch, the standard OpenSSH sshd does not support
> > >Protocol 1, so there's no particular reason to enforce it
> > >by stating Protocol 2.
> > 
> > I assumed as much. It's just a simple way to keep rkhunter happy.
> > 
> > >PermitRootLogin now defaults to "prohibit-password", which
> > >means that you can log in as root with a proper SSH key or
> > >via other methods you have set up, but not with a password.
> > >Another useful argument is forced-commands-only, which requires
> > >both public-key authentication and a command="blah blah" option
> > >in the authorized_keys file, and only allows those commands to
> > >be run. If you've got a pull backup system, that can help.
> > 
> > The alternative would be to reconfigure rkhunter.
> 
> You could make a start by purging it from your system. It performs no
> useful function.
> 
> -- 
> Brian.
> 

Could you explain that bit more, please?

Re: Question to new network device names

[Dejan Jocic]

On 24-08-17, Hans wrote:
> Hi folks,
> 
> I stumbled over the new network names (i.e. wl0p8 instead of wlan0), and of 
> course I know, that this is obviously the newe standard (please correct me, i 
> I am wrong).
> 
> What I would like to know: Is this new naming scheme an international 
> standard 
> on all linux distributions, or is this just a debian thing? At the moment, I 
> renamed all devices to the old names (wlan0, eth0 and so on), as I many tools 
> are still want the old names (however, it might be, that these are also not 
> renewed documentations).
> 
> So, what is the status today? How have people accepted the new names also for 
> long running systems? 
> 
> I think, most people might rename their stuff, just as I did, because they 
> are 
> more comfortable with the old names.
> 
> I would be happy for a little bit background information and if I am a 
> dinosaur with old names.
> 
> Best regards
> 
> Hans
>  
> 

Long answer short:

https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/

Re: Virtualbox for stretch and buster not in repos

[Dejan Jocic]

On 22-08-17, RavenLX wrote:
> On 08/18/2017 10:25 AM, Dejan Jocic wrote:
> > On 18-08-17, RavenLX wrote:
> > > On 08/18/2017 09:14 AM, Sven Hartge wrote:
> > > > RavenLX <rave...@sitesplace.net> wrote:
> > > > 
> > > > > I always used the Oracle repo anyway because it was updated more
> > > > > frequently. But I do wish that something could be worked out so that
> > > > > it would be back in Debian.
> > > > 
> > > > Highly unlikely, as Oracle behaves like this for all software released
> > > > and distributed by them.
> > > > 
> > > > Grüße,
> > > > Sven.
> > > > 
> > > 
> > > I wonder if there's a replacement for VirtualBox? I need something that 
> > > will
> > > allow me to share a directory between host and virtual machine, and to be
> > > able to go between both quickly (I don't have a dual-screen system - no 
> > > room
> > > where I live for that). If I could find something that would work I'd
> > > switch, I think. As for my friend, he would need far more features I guess
> > > (I don't know what though).
> > > 
> > 
> > qemu-kvm does not serve your needs? You can use it with GUI friendly
> > virt-manager, or from command line. And switching between host and guest
> > is switching between windows. As for shared directory, NFS?
> 
> The shared directory has to be a directory on the host (ie. ext4 is what I'm
> using). VirtualBox lets me share as many directories as I like and lets me
> specify which ones. I think I tried qemu and kvm and didn't even know how to
> use it or where to begin. I might have to revisit that sometime especially
> if I get tired of VirtualBox.
> 

Hmm, I was curious to see if it can be done with qemu-kvm. It can and is
not really hard. At least not with virt-manager, did not check on
command line. Anyway, just as a note if you decide to use it.

Once you make and open your VM, go to view, details, add hardware
button, file system, select folder for source ( like /home/something on
your host ), select folder for destination ( something on your guest
like example ), then mount that example where you want on your guest.
You just need to get right mount command, this is from qemu wiki:

mount -t 9p -o trans=virtio [mount tag] [mount point] -oversion=9p2000.L

Here is that page for further reading:

http://wiki.qemu.org/Documentation/9psetup

And here is with bit less reading and illustrated from kvm:

http://www.linux-kvm.org/page/9p_virtio

Personally, I do not have use for shared files between host and guest,
but hope that this can help you.

Re: apt-get: Why "Unable to find source package" errors?

[Dejan Jocic]

On 21-08-17, Kynn Jones wrote:
> OK, I added the trailing / (which, BTW, I guarantee I *never* needed
> before, and I've been doing this for years), ran apt-get update, etc., but
> in the end I got the same results.
> 
> Does apt-get build-dep emacs25 work ok for you all?  (I assume that if you
> try it, you'll get a Y/N prompt that'll let you back out.)
> 
> Thanks!
> 

Hmm, live and learn. I've been using trailing / for years, I think.
Anyway, yes, apt-get build-dep emacs25 works here fine, at least with
--simulate flag.

Re: apt-get: Why "Unable to find source package" errors?

[Dejan Jocic]

On 20-08-17, kamaraju kusumanchi wrote:
> On Sun, Aug 20, 2017 at 8:08 PM, Kynn Jones  wrote:
> > Example:
> >
> > % sudo apt-get build-dep emacs25
> > Reading package lists... Done
> > E: Unable to find a source package for emacs25
> >
> > I have run `apt-get update` before running the command above, and my
> > `/etc/apt/sources.list` file contains the following
> >
> > deb  http://deb.debian.org/debian stretch main contrib non-free
> > deb-src  http://deb.debian.org/debian stretch main contrib non-free
> >
> > deb  http://deb.debian.org/debian stretch-updates main contrib non-free
> > deb-src  http://deb.debian.org/debian stretch-updates main contrib
> > non-free
> >
> > deb http://security.debian.org/ stretch/updates main contrib non-free
> > deb-src http://security.debian.org/ stretch/updates main contrib
> > non-free
> >
> > What am I doing wrong?
> 
> Your apt-get build-dep command is fine. This could be be a problem
> with the particular mirror you are using. Try using
> http://httpredir.debian.org/debian/ instead of
> http://deb.debian.org/debian and see if that works.
> 

Actually, httpredir.debian.org is unmaintained and all it does is to
redirect to deb.debian.org. What he does miss is / after debian. So it
looks like this:

deb http://deb.debian.org/debian/ stretch main contrib non-free
deb-src http://deb.debian.org/debian/ stretch main contrib non-free

deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
deb-src http://deb.debian.org/debian/ stretch-updates main contrib non-free


> raju
> -- 
> Kamaraju S Kusumanchi | http://raju.shoutwiki.com/wiki/Blog
> 

Re: kvm/qemu virtual machine can't find hard drives

[Dejan Jocic]

On 18-08-17, Gary Roach wrote:
> I really appreciate all of you quick responses.
> 
> For some unknown reason, when I searched the  Debian database virt came up
> empty. This time it didn't. So, at this point, its go RTFM.
> 
> The manual will probably clear it up but When trying to run virt-manager, I
> did get the following error:
> 
> unable to complete install: 'unsupported configuration: CPU mode 'custom'
> for x86_64 kvm domain on x86_64 host is not supported by hypervisor'
> 
> Traceback (most recent call last):
>   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in
> cb_wrapper
> callback(asyncjob, *args, **kwargs)
>   File "/usr/share/virt-manager/virtManager/create.py", line 2288, in
> _do_async_install
> guest.start_install(meter=meter)
>   File "/usr/share/virt-manager/virtinst/guest.py", line 461, in
> start_install
> doboot, transient)
>   File "/usr/share/virt-manager/virtinst/guest.py", line 396, in
> _create_guest
> self.domain = self.conn.createXML(install_xml or final_xml, 0)
>   File "/usr/lib/python2.7/dist-packages/libvirt.py", line 3523, in
> createXML
> if ret is None:raise libvirtError('virDomainCreateXML() failed',
> conn=self)
> libvirtError: unsupported configuration: CPU mode 'custom' for x86_64 kvm
> domain on x86_64 host is not supported by hypervisor
> 
> I'll give things another try and may be back later. If not, thanks again.
> 
> Gary R
> 

Do this:

grep -E -c '(vmx|svm)' /proc/cpuinfo

if you get 0, your CPU does not support virtualisation with KVM. If you
get more than zero, make sure that virtualisation is enabled in your
BIOS settings.

Re: Virtualbox for stretch and buster not in repos

[Dejan Jocic]

On 18-08-17, RavenLX wrote:
> On 08/18/2017 09:14 AM, Sven Hartge wrote:
> > RavenLX  wrote:
> > 
> > > I always used the Oracle repo anyway because it was updated more
> > > frequently. But I do wish that something could be worked out so that
> > > it would be back in Debian.
> > 
> > Highly unlikely, as Oracle behaves like this for all software released
> > and distributed by them.
> > 
> > Grüße,
> > Sven.
> > 
> 
> I wonder if there's a replacement for VirtualBox? I need something that will
> allow me to share a directory between host and virtual machine, and to be
> able to go between both quickly (I don't have a dual-screen system - no room
> where I live for that). If I could find something that would work I'd
> switch, I think. As for my friend, he would need far more features I guess
> (I don't know what though).
> 

qemu-kvm does not serve your needs? You can use it with GUI friendly
virt-manager, or from command line. And switching between host and guest
is switching between windows. As for shared directory, NFS?

Re: kvm/qemu virtual machine can't find hard drives

[Dejan Jocic]

On 17-08-17, Gary Roach wrote:
> Sorry bob but the  debian 9 archives doesn't include libvirtd or anything
> equivalent. I have been trying to use virt-manager but have gotten a bit
> confused. The screen shot is attached. I have two hard drives. One is a 160
> Gb boot drive called bootdisk and another empty 1 Tb drive called bigdisk.
> It looks like virt-manager picked the empty 1Tb drive and only allocated 20
> Gb to the program. I hit the Volumes + but didn't see any way to add the
> boot drive. Are we talking about a virtual drive that is situated in the
> bigdisk. Is the guest OS situated in the bigdisk. If so, this is not a bad
> thing since I will probably have massive amounts of data produced. But I do
> need to figure out what I am dealing with.
> 
> Any help will be appreciated.
> 
> Gary R.

Package you want is libvirt-bin and libvirt-daemon-system and
libvirt-clients come as dependences with it. Most of the guides around,
including debian wiki guide about qemu-kvm tell you to install those.
Package bridge-utils too. I see that you talk again about your hard
drives. That is wrong because because virt-manager and libvirt do not
care about your hard drives, it cares about storages and storage
volumes. Default storage volume is at /var/lib/libvirt/images. But I
guess that you do not want your image there, most people do not.
Creating image with virt-manager is as easy as following 5 steps, after
you launch it, click FIle and select create new virtual machine:

1. Choose how you would like to install. Will guess that you have local
install media in form of downloaded ISO. Pick it up, do not touch
architecture options, if you do not need them. Click forward.

2. Use ISO image and click browse. Use browsing to find your download
location. Choose your ISO image. It should automatically detect that it
is debian stretch. Forward.

3. Choose CPU and memory settings. Forward.

4. Enable storage for this virtual machine checked. Choose Select or
create custom storage. Click Manage... Use + signs to make new volume
and storage for your image where you want it, or choose existing one.
You have there options to choose max capacity for it, but no worries, it
can be expanded, it is virtual machine. Use qcow2 format. I have no need
for backing store, but see for yourself if you want it. Finish. Choose
that volume that you've made. Forward.

5. Read to begin the installation screen. You can customize
configuration before install, if you want. By default, on my laptop and
without changing anything in network files, network selection is not
needed, it will choose virtual network 'default' and work out of the
box. Finish and install will start in new window.




5. 

Re: kvm/qemu virtual machine can't find hard drives

[Dejan Jocic]

On 17-08-17, Gary Roach wrote:
> Hi all,
> 
> Debian 9 (Stretch) system
> KDE Desktop
> MSI970A-G43 motherboard
> AMD FX 4350 processor - not overclocked
> 
> Ive been trying to get a virtual machine set up and have run into problems
> with both virtualbox and kvm/qemu packages. I have a very messy project
> (Elmer fem) and want things completely walled off from my regular system. So
> I opted for a virtual machine.
> 
> The kvm/qemu package seems to install properly (no errors). But when I try
> to install Debian 9 into it, the installer can't find my two hard drives sda
> and sdb. It then ask me to pick from a long list of drivers. I haven't been
> able to determine what the drivers should be for my system.  Sda is boot
> drive, 500 Gb WD160 and the there is a WD10 1 Tb, ext4 blank drive. Both
> drives show up on Dolphin so they must be mounted.
> 
> Am I missing some library or something? Any help will be greatly
> appreciated.
> 
> Gary R.
> 

Can you explain steps you used to get to that error message? Think that
you've messed something up in installation process, because installer on
virtual machine should not care about your physical drives, it uses
virtual drives that you've assigned to it. In case that you would like
easy to use install process for qemu-kvm, I would suggest you to install
virt-manager, that is GUI frontend for managing virtual machines.

Re: No ifconfig [Was: no /etc/inittab]

[Dejan Jocic]

On 15-08-17, Erik Christiansen wrote:
> On 15.08.17 15:03, Dejan Jocic wrote:
> > And what exactly do you miss in ifconfig and net-tools package, that you
> > can not do with ip, which is part of iproute2 package that comes as part
> > of base system?
> 
> Around 30 years of familiarity across many *nix flavours. If the package
> builders are more familiar with ip, then perhaps tradition goes out the
> window. Not a problem. I have installed net-tools.
> 
> Erik
> 

I can understand that very well, even with much less years of
familiarity. But it moves forward, for good or worse. Not first familiar
tool that will vanish, nor last. May we live to see many more. I know
that I've thought something like "you will pry ifconfig out of my cold
dead heands" first time I've used ip. But, time passed and ip almost
become familiar tool.

Re: No ifconfig [Was: no /etc/inittab]

[Dejan Jocic]

On 15-08-17, Erik Christiansen wrote:
> On 15.08.17 13:33, Nicolas George wrote:
> > L'octidi 28 thermidor, an CCXXV, Erik Christiansen a écrit :
> > > If it's no longer part of the base system, then perhaps the system is
> > > too base?
> > 
> > Please ellaborate. Why should ifconfig be part of the base system?
> 
> With pleasure. It is the most basic and useful *nix networking tool,
> traditional since well back in the last millennium, spanning hp-ux,
> sunos, then solaris, and various linux distros, in my experience. Even
> if used mostly interrogatively these days, it is the quickest way to
> check how "eth0" is currently encrypted, what the IP address is, etc. It
> is not anything which needs to be added - we just need busybodies to
> refrain from taking it out.
> 
> Granted, there's quite a bit of cruft taking up space, like
> NetworkMunger. I've been forced to wipe that from several Ubuntu
> versions in particular, as networking wouldn't function until I did.
> Everything has always been sweet once that was gone. Debian does seem to
> have it more under control, though, so I'll trade - leave both.
> 
> Erik
> 

And what exactly do you miss in ifconfig and net-tools package, that you
can not do with ip, which is part of iproute2 package that comes as part
of base system?

Re: name for wireless interface

[Dejan Jocic]

On 12-08-17, pe...@easthope.ca wrote:
> A TL-WN722N adapter connected to a stretch system gives these results.
> 
> peter@imager:~$ lsusb | grep Ath
> Bus 002 Device 003: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
> 
> root@imager:/home/peter# iwlist scan
> wlxa0f3c10a28f7  Interface doesn't support scanning : Network is down
> 
> loInterface doesn't support scanning.
> 
> eth0  Interface doesn't support scanning.
> 
> What is the origin of the long name, wlxa0f3c10a28f7?
> Can a shorter name be assigned?
> 
> Thanks,   ... Peter E.
> 
> 
> -- 
> 
> 123456789 123456789 123456789 123456789 123456789 123456789 123456789
> Tel: +1 360 639 0202  Pender Is.: +1 250 629 3757
> http://easthope.ca/Peter.html  Bcc: peter at easthope. ca
> 

It was asked many times on this list, and all around generally. Best
answer would be to look here:

https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/

It has full explanation of why those long names and what to do if you do
not like it. It is easy to assign shorter name, if you wish so and is
explained nicely, with 3 possible methods.

Re: Btrs vs ext4. Which one is more reliable?

[Dejan Jocic]

On 11-08-17, Christian Seiler wrote:
> Am 2017-08-10 16:02, schrieb Dejan Jocic:
> > On 10-08-17, David Wright wrote:
> > > On Thu 10 Aug 2017 at 07:04:09 (-0400), Dan Ritter wrote:
> > > > On Wed, Aug 09, 2017 at 09:46:09PM -0400, David Niklas wrote:
> > > > > On Sat, 29 Jul 2017 04:59:40 +
> > > > > Andy Smith <a...@strugglers.net> wrote:
> > > > >
> > > > > Also, my use case is at home where the power can and *does* fail. I 
> > > > > also
> > > > > find myself using the latest kernel and oftentimes an experimental 
> > > > > driver
> > > > > for my AMD graphics card, hence my need for a *very* stable fs over
> > > > > sudden unmount.
> > > >
> > > > Buy a cheap UPS with a USB or serial connection to your
> > > > computer. Even if it only supplies power for 2 minutes, that's
> > > > enough time for the computer to receive the power outage signal
> > > > and do an orderly shutdown.
> > > 
> > > Two minutes barely covers the timeouts that can often occur when
> > > shutting down systemd; the commonest timeout period here seems
> > > to be 90 seconds. I wouldn't mind reducing them if that's possible.
> > > Processes got just a few seconds with sysvinit before they were
> > > killed.
> > > 
> > 
> > Yes, those 90 sec waiting for nothing is one of the most annoying
> > "features" of systemd that I would love to get rid of.
> 
> You can set TimeoutStopSec= for some units explicitly, for example
> via drop-in. Example:
> 
> mkdir -p /etc/systemd/system/XYZ.service.d
> cat > /etc/systemd/system/XYZ.service.d/stop-timeout.conf < [Service]
> TimeoutStopSec=10s
> EOF
> 
> Even if the service is only provided by an init script this will
> still work.
> 
> You can also set DefaultTimeoutStopSec= in /etc/systemd/system.conf
> to alter the default for all units (though individual settings for
> units will still override that).
> 

Thank you for suggestion. I did find that solution, some time ago, can't
remember exactly where. But it was followed by warning that it is bad
idea, can't remember exactly why. Do you have any hint of why it could
be bad idea to limit timeout, or I've just misunderstood whatever I've
read about it?

> > And most annoying
> > aspect of it is that problem is rarely constant. It can exist in one
> > release in systemd, vanish in other, and then come back again in next
> > release. And it can occur once in every 10 shutdowns/reboots, or not
> > occur once in every 10 shutdowns/reboots.
> 
> That is an indication that you have a race condition during
> shutdown.
> 
> The "90s" thing is basically just systemd saying: yeah, I've tried
> to shutdown a specific unit and it's still active, now I'm going
> to wait for the timeout before I send a hard SIGKILL. You can't
> really compare that to sysvinit, because sysvinit doesn't actually
> track processes properly, so what most often would happen is that
> the init script would send a TERM signal to a process, the better
> ones maybe also a KILL signal after some time, before they'd just
> consider the service stopped. But if other processes had been
> started by the service, sysvinit wouldn't care about them, and
> only kill those in the final "let's kill all that's still left
> over" killing spree. systemd by contrast actually tracks what's
> happening with a service and kills the remaining processes.
> 
> That said: what could happen here is that the systemd unit created
> for a given service has a bug. For example it could not be ordered
> correctly and hence systemd tries to stop it too early while other
> services still depend on it.
> 
> Or the stop command that is called by systemd hangs because it
> tries to do something that it shouldn't do during shutdown (for
> example start another service).
> 
> See the following page for information on how to debug shutdown
> issues with systemd (and keep in mind that Debian has systemd stuff
> installed  in /lib and not /usr/lib):
> https://freedesktop.org/wiki/Software/systemd/Debugging/#index2h1
> 
> I've found systemd to be far more reliable during shutdown (even
> if you have to wait for a timeout if something's gone wrong),
> because at least there is a timeout. With sysvinit I've sometimes
> had the problem that a shutdown script would hang and then nothing
> further would happen and the computer would never properly shut
> down. This was especially frustrating with headless machines. What
> systemd does do is make it much more apparent if there's a
> misconfiguration somewhere.
> 
> Regards,
> Christian
> 

Thank you for your explanation. I do understand why it is happening, did
some reading about that subject even before I've ran on that bug, but it
is still annoying. As for more reliable during shutdown part, not in
my experience, at least on Stretch. It was on Jessie though, where that
feature was hitting me not more than once in every 15-20
shutdowns/reboots. 


Anyway, thank you for your time and help.

Re: Btrs vs ext4. Which one is more reliable?

[Dejan Jocic]

On 10-08-17, David Wright wrote:
> On Thu 10 Aug 2017 at 07:04:09 (-0400), Dan Ritter wrote:
> > On Wed, Aug 09, 2017 at 09:46:09PM -0400, David Niklas wrote:
> > > On Sat, 29 Jul 2017 04:59:40 +
> > > Andy Smith  wrote:
> > > 
> > > Also, my use case is at home where the power can and *does* fail. I also
> > > find myself using the latest kernel and oftentimes an experimental driver
> > > for my AMD graphics card, hence my need for a *very* stable fs over
> > > sudden unmount.
> > 
> > Buy a cheap UPS with a USB or serial connection to your
> > computer. Even if it only supplies power for 2 minutes, that's
> > enough time for the computer to receive the power outage signal
> > and do an orderly shutdown.
> 
> Two minutes barely covers the timeouts that can often occur when
> shutting down systemd; the commonest timeout period here seems
> to be 90 seconds. I wouldn't mind reducing them if that's possible.
> Processes got just a few seconds with sysvinit before they were
> killed.
> 

Yes, those 90 sec waiting for nothing is one of the most annoying
"features" of systemd that I would love to get rid of. And most annoying
aspect of it is that problem is rarely constant. It can exist in one
release in systemd, vanish in other, and then come back again in next
release. And it can occur once in every 10 shutdowns/reboots, or not
occur once in every 10 shutdowns/reboots.

Re: no non-free firmware on lapton, no Ethernet, related?

[Dejan Jocic]

On 10-08-17, Emanuel Berg wrote:
> Dejan Jocic wrote:
> 
> > Also, once, for reason unknown to me,
> > firmware from usb did not work, but installer
> > with firmware on it did. Could be that it was
> > USB fault, though not sure about it.
> > Was using that USB without problem
> > after that.
> 
> What should I do with the installer?
> 
> Do you mean this file:
> 
> https://packages.debian.org/jessie/all/firmware-b43-installer/download
> 
> ?
> 
> -- 
> underground experts united
> http://user.it.uu.se/~embe8573
> 

No, I meant downloading installer with firmware included, like for
example this one for Jessie:

https://cdimage.debian.org/cdimage/unofficial/non-free/images-including-firmware/archive/8.9.0+nonfree/multi-arch/iso-cd/

and this one for Stretch

https://cdimage.debian.org/cdimage/unofficial/non-free/images-including-firmware/9.1.0+nonfree/multi-arch/iso-cd/

Those are multiarch net install CDs that will work both for 32-bit and
64-bit PCs. You just need to choose your arch when you boot into
installer. But, if you do not want to download and use those and that
downloaded firmware did not work for you, you can download just those
packages that you need and install them with dpkg. But you will have to
do same with dependencies of those packages. Also, you mentioned that
you need your ethernet to work, these b43 packages are for Broadcom
wireless cards. 

Whatever that you choose to do, do not forget to check your
/etc/apt/sources.list file and add contrib and non-free after main
wherever it is needed, something like this:

deb http://deb.debian.org/debian/ jessie main contrib non-free

Hope that this helps.

Re: no non-free firmware on lapton, no Ethernet, related?

[Dejan Jocic]

On 09-08-17, Emanuel Berg wrote:
> Dejan Jocic wrote:
> 
> > Well, you should have write down what was
> > missing during installation, those messages
> > you get for reason. Also, when you have
> > firmware and you get note that it is missing,
> > it is best to abort installation and download
> > needed firmware and put in USB you can insert
> > during installation.
> 
> Well, I can redo the installation!
> 
> Actually I just tried that, and what is missing
> is b43/ucode13.fw .
> 
> I downloaded this archive [1] and copied the
> files (the archive as well as all the files,
> unpacked) onto a USB stick.
> 
> However inserting it didn't help because after
> a short while of "looking" (?) the same error
> message came up again.
> 
> [1] 
> http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/jessie/current/firmware.zip
> 
> --
> underground experts united
> http://user.it.uu.se/~embe8573
> 

Did you check among those files if there is firmware that you need?
Also, if you have another USB stick, just to be sure, try with it too?
>From quick search in debian packages, these are all related to b43:

https://packages.debian.org/jessie/firmware-b43-installer

https://packages.debian.org/jessie/b43-fwcutter

https://packages.debian.org/jessie/firmware-b43legacy-installer

So check if your hardware is related to any of those. Also, once, for
reason unknown to me, firmware from usb did not work, but installer with
firmware on it did. Could be that it was USB fault, though not sure
about it. Was using that USB without problem after that.

Re: no non-free firmware on lapton, no Ethernet, related?

[Dejan Jocic]

On 09-08-17, Emanuel Berg wrote:
> I installed a 32-bit Debian on an HP laptop the
> other day, and during installation it said
> non-free components were not installed as not
> on the disc, for political reasons I suppose,
> and then the network couldn't be set up
> correctly despite the cable in place.
> 
> When done, I couldn't get Internet to work
> despite doing as superuser 'dhclient eth0'
> which is all it takes on my other Debian, which
> I also installed from a DVD.
> 
> So I wonder, are the Ethernet problems related
> to the missing firmware?
> 
> And if not, what seems to be the problem?
> 
> TIA
> 
> -- 
> underground experts united
> http://user.it.uu.se/~embe8573
> 

Well, you should have write down what was missing during installation,
those messages you get for reason. Also, when you have firmware and you
get note that it is missing, it is best to abort installation and
download needed firmware and put in USB you can insert during
installation. Or, to use one of the "unnofficial" images with firmware
on it:

https://cdimage.debian.org/cdimage/unofficial/non-free/

That said, now first step would be to check your network cards and what
drivers are in use. As regular user do:

lspci -v | grep -A10 -i net

If you type that as root change A10 to A15.

Re: How to change default umask in Stretch?

[Dejan Jocic]

On 07-08-17, Garrett R. wrote:
> No effect.
> 
> I added  "session optional pam_umask.so umask=0077" to the end of 
> /etc/pam.d/common-session. Then I confirmed /etc/login.defs has a umask 
> entry. Then I logged out and back in.
> 
> A new gedit document still reports permission rw-r--r--.
> 


Unfortunately. It looks like it is systemd thing indeed, according to
this: 

https://unix.stackexchange.com/questions/254378/how-to-set-umask-for-the-entire-gnome-session#254923

and this

https://github.com/systemd/systemd/issues/6077

It also looks like it does not have workaround. Except to touch file
from terminal before editing it in gedit( if it is login shell, for
gnome-terminal edit > profile preferences > command > run command as
login shell ). Or even better launch gedit from that terminal, it will
have right umask settings. Or, make custom shortcut that will launch
terminal and gedit from it at same time, something like gnome-terminal
-e gedit. Sorry, but not much more help with systemd involved, I'm
afraid.

Re: How to change default umask in Stretch?

[Dejan Jocic]

On 07-08-17, Garrett R. wrote:
> I just tried this, adding "session optional pam_umask.so umask=0077" to the 
> end of the /etc/pam.d/login file.
> 
> No effect.
> 
> - Original Message -
> From: "Dejan Jocic" <jode...@gmail.com>
> To: debian-user@lists.debian.org
> Sent: Monday, August 7, 2017 1:11:02 PM
> Subject: Re: How to change default umask in Stretch?
> 
> On 07-08-17, Garrett R. wrote:
> > I apologize for the omissions.
> > 
> > I am booting debian to GDM. I login. I then open gedit (or libreoffice, 
> > etc). I type document. I save it.
> > 
> 
> 
> Have you tried to set in /etc/pam.d/login this:
> 
> session optional pam_umask.so umask=0077
> 
> Logout and login back after that?
> 

Now try to add it too to the /etc/pam.d/common-session and to set it up
in /etc/login.defs to your preferred value. Of course, logout/login
after all that.

Re: How to change default umask in Stretch?

[Dejan Jocic]

On 07-08-17, Garrett R. wrote:
> I apologize for the omissions.
> 
> I am booting debian to GDM. I login. I then open gedit (or libreoffice, etc). 
> I type document. I save it.
> 


Have you tried to set in /etc/pam.d/login this:

session optional pam_umask.so umask=0077

Logout and login back after that?

Re: How to change default umask in Stretch?

[Dejan Jocic]

On 07-08-17, Greg Wooledge wrote:
> On Mon, Aug 07, 2017 at 07:02:14PM +0200, Dejan Jocic wrote:
> > Ehh, disregard please. Just checked with gnome-terminal here, and it did
> > respect umask settings in .profile. But gedit did not.
> 
> If gnome-terminal is reading .profile, that means it must be running
> your shell as a login shell, which is a questionable practice.
> 
> Yet another strike against GNOME, if true.
> 

I run all my shells in terminal as login shells, because I prefer it
that way. If you do not like it, do not do it :P It has nothing to do
with Gnome.

Re: How to change default umask in Stretch?

[Dejan Jocic]

On 07-08-17, Dejan Jocic wrote:
> On 07-08-17, Garrett R. wrote:
> > Terminal confirms my umask is 022. That is, my entries at login.defs, 
> > xsessionrc, etc are not working.
> > 
> > Thank you for your assistance, Greg. Before asking here, my research 
> > indicated gnome is the problem and it is because of systemd that there is a 
> > problem. I assumed because gnome is default on debian, you might have some 
> > insight. 
> > 
> > Thank you for your efforts, much appreciated.
> > 
> 
> Depends on terminal. If you use xterm under Gnome, it will respect umask
> settings, wherever those are, global or local in .profile or .bashrc.
> But gnome-terminal does not respect those settings. Guess that you
> should file bug against gnome.
> 
> 
> 


Ehh, disregard please. Just checked with gnome-terminal here, and it did
respect umask settings in .profile. But gedit did not.

Re: How to change default umask in Stretch?

[Dejan Jocic]

On 07-08-17, Garrett R. wrote:
> Terminal confirms my umask is 022. That is, my entries at login.defs, 
> xsessionrc, etc are not working.
> 
> Thank you for your assistance, Greg. Before asking here, my research 
> indicated gnome is the problem and it is because of systemd that there is a 
> problem. I assumed because gnome is default on debian, you might have some 
> insight. 
> 
> Thank you for your efforts, much appreciated.
> 

Depends on terminal. If you use xterm under Gnome, it will respect umask
settings, wherever those are, global or local in .profile or .bashrc.
But gnome-terminal does not respect those settings. Guess that you
should file bug against gnome.

Re: Darn 'beep' stoped working after installing Stretch in place of Jessie

[Dejan Jocic]

On 01-08-17, RavenLX wrote:
> On 08/01/2017 11:17 AM, Dejan Jocic wrote:
> > On 01-08-17, RavenLX wrote:
> > > Having it work out-of-the-box would be nice. After a fresh install, I 
> > > have a
> > > bash script I run that installs all the apps I use and configures them.
> > > Sometimes though, there are things that a user needs to answer. Thus, if I
> > > want to have the script running and go do something else, I want to "beep"
> > > when it's going to need attention by the user. I noticed this does not 
> > > work
> > > in Stretch so I ended up removing the part to install the "beep" package 
> > > and
> > > use beep to alert the user. I have tried escape codes via echo -e as well,
> > > and no beep there either.
> > > 
> > 
> > Does printf "\a" works for you? Though, echo -e "\a" works here too.
> 
> I just now tried it in Konsole. Nope, doesn't work.
> 

I do not have Konsole here and did not use it for a long time, but in
Xterm there are setting for terminal bell, so there are in
gnome-terminal. Perhaps there are those settings in Konsole too. Under
preferences, or some such thing.

Re: Darn 'beep' stoped working after installing Stretch in place of Jessie

[Dejan Jocic]

On 01-08-17, RavenLX wrote:
> Having it work out-of-the-box would be nice. After a fresh install, I have a
> bash script I run that installs all the apps I use and configures them.
> Sometimes though, there are things that a user needs to answer. Thus, if I
> want to have the script running and go do something else, I want to "beep"
> when it's going to need attention by the user. I noticed this does not work
> in Stretch so I ended up removing the part to install the "beep" package and
> use beep to alert the user. I have tried escape codes via echo -e as well,
> and no beep there either.
> 

Does printf "\a" works for you? Though, echo -e "\a" works here too.

Re: debootstrap error with dvdrom install

[Dejan Jocic]

On 29-07-17, Pierre Frenkiel wrote:
> On Sat, 29 Jul 2017, Dejan Jocic wrote:
> 
> > On 29-07-17, Pierre Frenkiel wrote:
> > > hi,
> > > I'm trying to install Stretch on a Lenovo laptop with the KDE dvdrom and
> > > each time I get the error:
> > >   debootstrap error. Unable to find the codename for release
> > > 
> > > I saw a lot of posts about this error, but they were all related to a usb 
> > > install, but one.
> > > This one said he left the install in standby for several hours, but this 
> > > is not my case.
> > > So, I don't know what to do. Has anybody an idea?
> > > 
> > > best regards,
> > > --
> > > Pierre Frenkiel
> > > 
> > 
> > Do not use live images for install. Those are bit flaky, especially KDE
> > one. Use net install, or regular install image.
> > 
> 
>  thanks for this information. I can't use net install, as it would need 4 or 
> 5 firmware files.
>  The only iso file without netinst  I found was xxx-xfce. I'll then try with 
> this one.
> 
> best regards,
> -- 
> Pierre Frenkiel

Actually, you have separate images with firmware, though "unofficial".
But they work really well, in my experience. Here are links both to net
install with firmware and regular install:

https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/

All best,
Dejan

Re: debootstrap error with dvdrom install

[Dejan Jocic]

On 29-07-17, Pierre Frenkiel wrote:
> hi,
> I'm trying to install Stretch on a Lenovo laptop with the KDE dvdrom and
> each time I get the error:
>   debootstrap error. Unable to find the codename for release
> 
> I saw a lot of posts about this error, but they were all related to a usb 
> install, but one.
> This one said he left the install in standby for several hours, but this is 
> not my case.
> So, I don't know what to do. Has anybody an idea?
> 
> best regards,
> -- 
> Pierre Frenkiel
> 

Do not use live images for install. Those are bit flaky, especially KDE
one. Use net install, or regular install image. 

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 28-07-17, Greg Wooledge wrote:
> On Fri, Jul 28, 2017 at 05:39:39PM +0200, Dejan Jocic wrote:
> > So, same question as above, did and of those they messed up? Are there
> > opened bugs that autoremove from any of used tools in debian removes
> > packages it should not? And qualifications for that statement are years
> > of use of both apt-get and aptitude with autoremove following
> > update/upgrade. Never had any trouble with it.
> 
> The concern is that you may have used some shared library to compile a
> third-party program which is installed in /usr/local or /opt, or anywhere
> else that's outside of Debian's knowledge.  Debian would not know that
> the library is still being used, and therefore might autoremove it.
> 
> The impact of this is directly proportional to how many things you
> compile yourself, and how important those things are to you.
> 

If you manually installed shared library, did autoremove removed
it/proposed to removed it? Or, it was installed as dependency of some
other package that you removed? If former, it is bug. If later, you
should have mark it as manually installed, if your compiled software
depends on it.

Also, if you compile third party programs, there are ways to make debian
packages out of them and keep yourself and your preferred debian package
tool happy. Just saying.

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 27-07-17, David Wright wrote:
> On Tue 25 Jul 2017 at 16:16:44 (+0200), Dejan Jocic wrote:
> > On 25-07-17, Greg Wooledge wrote:
> > > Is there any way to permanently neuter apt-get autoremove, so that even
> > > if something invokes it against my will, it will *never* remove anything?
> > > 
> > > And more, is there a way to get apt and apt-get to *stop* prompting me
> > > to run it, and *stop* spamming me with a list of packages that it would
> > > like me to remove?  (Maybe that's the same as the first question, maybe
> > > not.)
> > > 
> > > My strategy so far has been "ignore the spam, and never willingly run
> > > autoremove".  This mostly works, but I recently learned that tasksel
> > > will apparently run an autoremove, without warning, whether I want it
> > > to or not (<http://bugs.debian.org/868892>).
> > > 
> > > If autoremove will also remove *kernels*, which this thread seems to
> > > indicate is the case, then my concerns just went up another notch.
> > > 
> > > I suppose one could manually mark each and every single installed
> > > package as "manually installed", but you'd have to remember to repeat
> > > this periodically, and it seems clumsy and inelegant compared to some
> > > sort of master switch that can just tell autoremove to go die in a fire.
> > > 
> > 
> > Your fear from autoremove is silly. It
> 
> Please note that "it" is "they", viz: apt and apt-get, …
> 

Sure it is they. Did any of those they ever removed something that you
needed with autoremove? Or they always remove just things that you do not
need any more, packages that are just sitting there doing nothing,
former dependencies that are not needed for anything?

> > will not remove anything you
> > really need and, if you stick to default settings, 
> 
> … and that they have different defaults. What's more, apt's behaviour
> may change between versions, so unqualified statements like this
> should really be confirmed before being relied on.
> 

So, same question as above, did and of those they messed up? Are there
opened bugs that autoremove from any of used tools in debian removes
packages it should not? And qualifications for that statement are years
of use of both apt-get and aptitude with autoremove following
update/upgrade. Never had any trouble with it.

> > will keep all
> > packages it replaced in /var/cache/apt/archives, as far as I know. And
> > if you have some package that you really, really want to keep, you can
> > always pin it, or put it on hold with apt-mark. It is not spam, it is
> > keeping your system clean.
> 
> Cheers,
> David.
> 

All best,
Dejan

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 25-07-17, Greg Wooledge wrote:
> Is there any way to permanently neuter apt-get autoremove, so that even
> if something invokes it against my will, it will *never* remove anything?
> 
> And more, is there a way to get apt and apt-get to *stop* prompting me
> to run it, and *stop* spamming me with a list of packages that it would
> like me to remove?  (Maybe that's the same as the first question, maybe
> not.)
> 
> My strategy so far has been "ignore the spam, and never willingly run
> autoremove".  This mostly works, but I recently learned that tasksel
> will apparently run an autoremove, without warning, whether I want it
> to or not ().
> 
> If autoremove will also remove *kernels*, which this thread seems to
> indicate is the case, then my concerns just went up another notch.
> 
> I suppose one could manually mark each and every single installed
> package as "manually installed", but you'd have to remember to repeat
> this periodically, and it seems clumsy and inelegant compared to some
> sort of master switch that can just tell autoremove to go die in a fire.
> 

Your fear from autoremove is silly. It will not remove anything you
really need and, if you stick to default settings, will keep all
packages it replaced in /var/cache/apt/archives, as far as I know. And
if you have some package that you really, really want to keep, you can
always pin it, or put it on hold with apt-mark. It is not spam, it is
keeping your system clean.

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 25-07-17, Cindy-Sue Causey wrote:
> 
> 
> Ok, so this is where the OP, VigneshDhanraj, could pin their kernel if
> they know the release number... That's a-suming one can pin out of
> numerical sequence...

No, that script is for automatically marking for autoremoval no longer
needed kernels and keeping at least last 2. If he wants to pin it, it is
done as always at /etc/apt/preferences, or even better under some file
under /etc/apt/preferences.d/. Or he can simply use apt-mark to put it
on hold. If that is what he really want. In my opinion, it is better
just to give a shot to new kernel and keep old one just as long as he
needs to be sure that new one works. Besides, if he does not clean apt
archives in /var/cache/apt/archives, he will have there older kernels
that can be installed with dpkg.
> 
> The "deal" about it, the rationale that the toggle is buried there
> would be that pinning, not pinning kernels versus "just" other
> software would most likely matter most to someone who is tech savvy
> enough to have that need. That person would know they need to go
> digging for the toggle that helps preserve their tear stained kernel.
> :)
> 
> Interesting to know. I JUST yesterday downloaded the .xz tar for
> 4.12.3 for purposes of self-education. The new tip learned from this
> thread is perfectly timed and priceless. :)
> 
> Cindy :)
> -- 
> Cindy-Sue Causey
> Talking Rock, Pickens County, Georgia, USA
> 
> * runs with duct tape *
> 

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 25-07-17, Cindy-Sue Causey wrote:
> On 7/25/17, Dejan Jocic <jode...@gmail.com> wrote:
> > On 25-07-17, Greg Wooledge wrote:
> >> On Tue, Jul 25, 2017 at 09:41:24AM +0200, Dejan Jocic wrote:
> >> > When you upgrade to Jessie, it will install new kernel automatically.
> >> > However, it should not remove your Wheezy kernel, because upgrading
> >> > kernels always leaves one old one there, in case that you can not boot
> >> > into your new kernel for some reason. You can then mark that kernel via
> >> > grub options as one you would like to boot in. You can do it during
> >> > boot
> >> > in grub, or by setting it as default in /etc/default/grub.
> >>
> >> All true.
> >>
> >> > You will also
> >> > have to use apt-mark to put that kernel on hold, to prevent removing it
> >> > on future updates, or to do some apt pinning.
> >>
> >> False.  The kernel will simply sit there forever, unless you take some
> >> explicit action to remove it.  No holds or pinning or other wrestling
> >> required.
> >>
> >
> > That is not true, if you use autoremove. Only 2 last kernels will be
> > kept. This is upgrade from Jessie here. I have 4.9.0.2 and 4.9.0.3
> > kernels. Jessie kernel is long gone with autoremove.
> 
> 
> Well, that's a little... scary. *frown*
> 
> Except that... I just deleted the rest of what I first wrote because
> it hit me. Autoremove is what apt-get tells me to use to remove
> packages. that are no longer needed that are no longer
> "dependencies". What it actually tells *me* is something like "apt
> autoremove" (not "apt-get autoremove").
> 
> Aaaa... So in autoremove's mind... It might touch on that previous
> kernel and say... hm, nothing's using it now, nothing needs it to
> function properly, so trash it
> 
> Or something like that there.. :)
> 
> Cindy :)
> -- 
> Cindy-Sue Causey
> Talking Rock, Pickens County, Georgia, USA
> 
> * runs with duct tape *
> 

What it touch is /etc/kernel/postinst.d/apt-auto-removal that generates
/etc/apt/apt.conf.d/01autoremove-kernels file. Those decide what kernels
to keep. And, in case of /etc/kernel/postinst.d/apt-auto-removal it is
clearly stated:

# Mark as not-for-autoremoval those kernel packages that are: - the
# currently booted version - the kernel version we've been called for -
# the latest kernel version (as determined by debian version number) -
# the second-latest kernel version
#
# In the common case this results in two kernels saved (booted into the
# second-latest kernel, we install the latest kernel in an upgrade), but
# can save up to four. Kernel refers here to a distinct release, which
# can potentially be installed in multiple flavours counting as one
# kernel.

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 25-07-17, Greg Wooledge wrote:
> On Tue, Jul 25, 2017 at 09:41:24AM +0200, Dejan Jocic wrote:
> > When you upgrade to Jessie, it will install new kernel automatically.
> > However, it should not remove your Wheezy kernel, because upgrading
> > kernels always leaves one old one there, in case that you can not boot
> > into your new kernel for some reason. You can then mark that kernel via
> > grub options as one you would like to boot in. You can do it during boot
> > in grub, or by setting it as default in /etc/default/grub.
> 
> All true.
> 
> > You will also
> > have to use apt-mark to put that kernel on hold, to prevent removing it
> > on future updates, or to do some apt pinning.
> 
> False.  The kernel will simply sit there forever, unless you take some
> explicit action to remove it.  No holds or pinning or other wrestling
> required.
> 

That is not true, if you use autoremove. Only 2 last kernels will be
kept. This is upgrade from Jessie here. I have 4.9.0.2 and 4.9.0.3
kernels. Jessie kernel is long gone with autoremove.

Re: how to make sure that gnome check available updates to system

[Dejan Jocic]

On 25-07-17, iqwue Wabv wrote:
> Thank you Dejan.  I will check these logs.
> 
> Additionally I've noticed an empty file
> /var/log/unattended-upgrades/unattended-upgrades-shutdown.log
> What is it used for?
> Regards, Karol Szkudlarek
> 

Never used it, but my guess is that it is used for some options that you
can set in /etc/apt/apt.conf.d/50unattended-upgrades and that involves
shut down, or reboot.

Re: memory.limit_in_bytes: systemd vs lxc

[Dejan Jocic]

On 25-07-17, Harald Dunkel wrote:
> Hi Dejan,
> 
> On Mon, 24 Jul 2017 09:43:30 +0200
> Dejan Jocic <jode...@gmail.com> wrote:
> 
> > On 24-07-17, Harald Dunkel wrote:
> > > 
> > > Apparently systemd ignores the restricted memory. How can I tell 
> > > systemd to keep the limits?
> > > 
> > > 
> > > Every helpful comment is highly appreciated
> > > Harri
> > >   
> > 
> > Never did it myself, but perhaps this can help you:
> > 
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#LimitCPU=
> > 
> > 
> Thanx for the pointer, but I think this is a misunderstanding.
> I want systemd to keep(!) the limits, not have another local 
> config file. Systemd should not be allowed to extend the limits 
> bound to the container, no matter what.
> 
> 
> Regards
> Harri

Well, I agree with you, it should not. But other solution would be to
file bug against systemd. Hopefully, you will get answer other then "it
is feature, not bug" :P

Re: Need to upgrade to jessie need help

[Dejan Jocic]

On 25-07-17, VigneshDhanraj G wrote:
> Hi Team,
> 
> I am using kernel 3.2.x, i know that support from wheezy will be stopped
> soon. can i upgrade to jessie with same kernel version.
> 
> Is that correct way of handling?
> 
> Regards,
> VigneshDhanraj G

When you upgrade to Jessie, it will install new kernel automatically.
However, it should not remove your Wheezy kernel, because upgrading
kernels always leaves one old one there, in case that you can not boot
into your new kernel for some reason. You can then mark that kernel via
grub options as one you would like to boot in. You can do it during boot
in grub, or by setting it as default in /etc/default/grub. You will also
have to use apt-mark to put that kernel on hold, to prevent removing it
on future updates, or to do some apt pinning. But, since Wheezy will be
out of support soon, doubt that you will be able to expect security
updates for that kernel. It would be wise to check if newer kernel works
for you, and if it does to move to it completely and forget about Wheezy
kernel.

Re: memory.limit_in_bytes: systemd vs lxc

[Dejan Jocic]

On 24-07-17, Harald Dunkel wrote:
> Hi folks,
> 
> I have to restrict memory.limit_in_bytes to 16GByte for my LXC
> containers. Problem: The containers based on Stretch and systemd 
> show 
> 
> % for i in $(find /sys/fs/cgroup/memory/lxc/lxc1 -name 
> memory.limit_in_bytes); do \
>   echo $i $(cat $i) \
> done | column -t
> /sys/fs/cgroup/memory/lxc/lxc1/memory.limit_in_bytes   17179869184
> /sys/fs/cgroup/memory/lxc/lxc1/user.slice/memory.limit_in_bytes
> 9223372036854771712
> /sys/fs/cgroup/memory/lxc/lxc1/init.scope/memory.limit_in_bytes
> 9223372036854771712
> /sys/fs/cgroup/memory/lxc/lxc1/system.slice/memory.limit_in_bytes  
> 9223372036854771712
> 
> Apparently systemd ignores the restricted memory. How can I tell 
> systemd to keep the limits?
> 
> 
> Every helpful comment is highly appreciated
> Harri
> 

Never did it myself, but perhaps this can help you:

https://www.freedesktop.org/software/systemd/man/systemd.exec.html#LimitCPU=

Re: how to make sure that gnome check available updates to system

[Dejan Jocic]

On 23-07-17, Karol Szkudlarek wrote:
> Hello,
> I am using GNOME and Debian 9 on my laptop and in the software-properties-gtk 
> program I selected daily updates and display message immediately.
> Laptop is used dual boot mode and I would like to be sure (for security 
> reasons) that Gnome checks automatic available updates properly.
> Is it some log file to verify if checking was performed and when?
> I would like to not to perform manual apt-get update. I have not installed 
> cron-apt.
> Regards,
> 
> Karol Szkudlarek

If you want those updates to be automatic, you should change that
display message immediately to download and install automatically.
As for checking logs, you can check under these:

/var/log/unattended-upgrades/unattended-upgrades.log

/var/log/dpkg.log

With automatic updates enabled, all actions performed will end up there.
Well, in /var/log/dpkg.log other actions, like manually installing
packages will be recorded too, but you will be able to see performed
actions. If you would like to be informed about automatic upgrades with
mail, you will have to edit file:

/etc/apt/apt.conf.d/50unattended-upgrades

and find and uncomment line //Unattended-Upgrade::Mail "root";

Hope that this helps.

Re: Apt-get Upgrade Problem in Stretch?

[Dejan Jocic]

On 20-07-17, Patrick Bartek wrote:
> On Thu, 20 Jul 2017 08:48:17 +0200 Dejan Jocic <jode...@gmail.com>
> wrote:
> 
> > 
> > If you have minimal install, why do you suspect that something is
> > wrong, rather to suppose that all is fine and that simply there was
> > no security updates for your install? It is stable now, and as far as
> > i can remember, all those security updates we did have of lately were
> > somehow tied for graphical part, plus apache and ngninx. Apart for
> > security updates, tough luck of getting some other updates on stable.
> > And "everything worked fine" on your install of Stretch RC2 because
> > it was still testing and there was much more updates then?
> 
> That was my first thought.  And as I used a Stable net-install disk
> for my first tests of Stable, the system would have been up-to-date
> after the install. But it's been two weeks since that time.  I've added
> X, a window manager, utilities, apps, etc.  Based on my past
> experience, historically, there should have been some fixes.  I've
> never come across any such new release -- Debian or others -- that
> didn't need a plethora of fixes in those few days to a month after.  Or
> perhaps Stretch is bug free.  Or as I said in another post: Maybe the
> maintainers are taking a vacation.
> 
> As far as RC2:  I dist-upgraded it to Stable in the course of my tests.
> And as soon as it hit stable, apt-get upgrades ceased producing
> anything for a week.  So, I downloaded the Stable net-install CD for a
> new install to see if there was any differences.
> 
> B
> 

Yes, but did you really check if security updates debian stable had
during those 2 weeks included packages that you have installed, or not?
Your past experience is past, this is another install. Just take look at
security updates and compare, there is no much philosophy there:

https://www.debian.org/security/

Look under recent advisories.

Re: Apt-get Upgrade Problem in Stretch?

[Dejan Jocic]

On 19-07-17, Patrick Bartek wrote:
> On Wed, 19 Jul 2017 13:47:27 -0700 Jimmy Johnson
> <field.engin...@gmail.com> wrote:
> 
> > On 07/19/2017 01:35 PM, Patrick Bartek wrote:
> > > On Wed, 19 Jul 2017 20:14:28 +0200 Dejan Jocic <jode...@gmail.com>
> > > wrote:
> > > 
> > >> On 19-07-17, Patrick Bartek wrote:
> > >>> Getting no results from apt-get upgrade after a week.  Can install
> > >>> apps, etc., but get no security or stretch-update "fixes," etc.  I
> > >>> find this unusual.  Did a mail list archive search for this, but
> > >>> didn't find anything specific. Or did I miss the solution?
> > >>>
> > >>> My Test Setup:
> > >>>
> > >>> Stretch Stable 64-bit from net-install disk in Virtualbox 5.1 on a
> > >>> Wheezy host.  Basic terminal install (no GUI), converted to
> > >>> sysvinit (did not do anything to systemd files. Kept as
> > >>> dependencies) and then added xorg, openbox window manager, etc.
> > >>>
> > >>> Thanks for any feedback.
> > >>>
> > >>> B
> > >>>
> > >>
> > >> dpkg -s unattended-upgrades
> > > 
> > > Not installed either by me or the installer
> > > 
> > >> If it is installed, it did your updates and security upgrades for
> > >> you. If you do not like it and want to do manual updates/upgrades,
> > >> do with root privs:
> > > 
> > > I have always done this manually since I first started using Debian
> > > (Sarge).  And always will.  This is my personal machine.
> > > 
> > >> sed -i 's/1/0/g' /etc/apt/apt.conf.d/20auto-upgrades
> > >>
> > >> For further reading and understanding:
> > >>
> > >> https://wiki.debian.org/UnattendedUpgrades
> > > 
> > > Thanks for the reference.  I've been aware of this for a long time,
> > > but chose not to use it.
> > > 
> > > My problem must be something else.
> > 
> > You also have packagekit and discover to deal with and who knows what 
> > else. Stopping auto-install is not that difficult, but stopping 
> > auto-update is a problem.
> 
> I think you've assumed some things incorrectly.  I did a basic terminal
> only install with only basic system utilties, the last option on the
> list.  No Desktop of any kind. No xserver.  Packagekit is not
> installed.  Discover was as a dependency, but I didn't install it
> explicitly. No auto-install or auto-update either. I converted to
> sysvinit, but left systemd stuff as dependencies.  Later will install
> xorg and openbox, etc. for my GUI. This is the same way I installed
> Wheezy 5 years ago. And it works (and always has) fine.
> 
> FWIW, a few months ago, I installed Stretch RC2 the same way to test it
> and everything worked including apt-get update, upgrade, etc.
> 
> So, something is wrong.  And I won't install it for real until I
> discover what.
> 
> B
> 

If you have minimal install, why do you suspect that something is wrong,
rather to suppose that all is fine and that simply there was no security
updates for your install? It is stable now, and as far as i can
remember, all those security updates we did have of lately were somehow
tied for graphical part, plus apache and ngninx. Apart for security
updates, tough luck of getting some other updates on stable. And
"everything worked fine" on your install of Stretch RC2 because it was
still testing and there was much more updates then?

Re: Apt-get Upgrade Problem in Stretch?

[Dejan Jocic]

On 19-07-17, Felix Miata wrote:
> Patrick Bartek composed on 2017-07-19 10:29 (UTC-0700):
> 
> > Getting no results from apt-get upgrade after a week.  Can install apps,
> > etc., but get no security or stretch-update "fixes," etc.  I find
> > this unusual.  Did a mail list archive search for this, but didn't find
> > anything specific. Or did I miss the solution?
> 
> > My Test Setup:
> 
> > Stretch Stable 64-bit from net-install disk in Virtualbox 5.1 on a
> > Wheezy host.  Basic terminal install (no GUI), converted to sysvinit
> > (did not do anything to systemd files. Kept as dependencies) and then
> > added xorg, openbox window manager, etc.
> 
> > Thanks for any feedback.
> 
> Did you miss that in Stretch apt is preferred to apt-get?
> -- 
> "The wise are known for their understanding, and pleasant
> words are persuasive." Proverbs 16:21 (New Living Translation)
> 
>  Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
> 
> Felix Miata  ***  http://fm.no-ip.com/
> 

What does it have to do with his problem? It does not matter which tool
he is using, apt-get, aptitude or apt. And apt-get is far from
obsolete/depreciated tool and is still preferred and well proven tool of
many.

Re: Apt-get Upgrade Problem in Stretch?

[Dejan Jocic]

On 19-07-17, Patrick Bartek wrote:
> Getting no results from apt-get upgrade after a week.  Can install apps,
> etc., but get no security or stretch-update "fixes," etc.  I find
> this unusual.  Did a mail list archive search for this, but didn't find
> anything specific. Or did I miss the solution?
> 
> My Test Setup:
> 
> Stretch Stable 64-bit from net-install disk in Virtualbox 5.1 on a
> Wheezy host.  Basic terminal install (no GUI), converted to sysvinit
> (did not do anything to systemd files. Kept as dependencies) and then
> added xorg, openbox window manager, etc.
> 
> Thanks for any feedback.
> 
> B  
> 

dpkg -s unattended-upgrades

If it is installed, it did your updates and security upgrades for you.
If you do not like it and want to do manual updates/upgrades, do with
root privs:

sed -i 's/1/0/g' /etc/apt/apt.conf.d/20auto-upgrades

For further reading and understanding:

https://wiki.debian.org/UnattendedUpgrades

Re: Can debian-live-9.0.1-i386-lxde be made to install from USB?

[Dejan Jocic]

On 18-07-17, Jason Wittlin-Cohen wrote:
> That's not exactly what I'm seeing.  I began seeding the Debian 9.0
> installer image on 6/17 and the Live image on 6/20, when the 9.0.1 released.
> 
> debian-9.0.0-amd64-DVD-1.iso  171.36 GB
> debian-live-9.0.1-amd64-gnome.iso 157.90 GB
> debian-live-9.0.1-amd64-cinnamon.iso  107.85 GB
> debian-9.0.0-amd64-netinst.iso  3.50 GB
> 
> The net install doesn't really count since the Debian site has a direct
> link to download it, and people are unlikely to bother with such a small
> download over Bittorrent.
> 
> Note:  Dejan, sorry for the direct email. Meant to email the list.
> 

No worries, happens. As for those numbers you've got, you do realise
that just those 2 live images you seed are more popular than regular
install iso? And that there are 4 more DE in torrent live images that
are about as popular as Cinammon is? Now, calculate how many pissed
people that was, because those live images failed to install? And there
was some trashing of Debian in some reviews because of those live
images. Not that I care much about those reviews personally, I know why
I use Debian and why it is my favorite OS. But on the long run, more
happy users equals better Debian for us all.

Re: Can debian-live-9.0.1-i386-lxde be made to install from USB?

[Dejan Jocic]

On 18-07-17, Jason Wittlin-Cohen wrote:
> Many people have had issues installing with the Live installer on this
> mailing list.  The question is why Debian even offers the option if there
> is no interest in testing it to make it work.  The initial live installer
> images (9.0, before 9.0.1) were completely broken and could not even begin
> the install[1].  Clearly, this resulted from a complete lack of testing as
> it would have been easily caught given that it is a deterministic error
> that to applied to ALL the live ISOs.  I think it's unfair to blame users
> for using the Live media as an installer.  Either test the live images to
> make sure it can be used for installation on a wide variety of hardware, or
> don't provide the option at all.  It appears that the debian-devel mailing
> list HAS called for more testing due to this situation with the explicit
> threat that live images will cease to be produced if nobody wants to test
> them [2].  With that said, users should always use the regular d-i
> installer images to do an actual install.  The live images are useful for
> testing to see if your hardware is supported and also for recovery.
> 
> Takeaway:  If you want to install Debian, either use the network installer
> (small installation image) or use one of the DVD images (large installation
> images), NOT the live disks.  You can download either here:
> https://www.debian.org/distrib/.  Only use the Live ISOs to test out Debian
> and to ensure hardware support.  If you have a need for non-free firmware
> to complete the install (e.g. non-free network firmware for wifi devices),
> use the images here
> https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/9.0.0+nonfree/amd64/bt-dvd/
> .
> 
> [1]https://cdimage.debian.org/debian-cd/9.0.1-live/amd64/iso-hybrid/
> [2] https://lists.debian.org/debian-devel/2017/06/msg00335.html
> 

Trouble is that live images are, judging by my torrents, most popular
media of choice. Just debian-live-9.0.1-amd64-gnome.iso was uploaded for
23 GB, while debian-9.0.0-amd64-DVD-1.iso is on 14.68 GB and
debian-9.0.0-amd64-netinst.iso is on 463 MB. So, something in big red
letters should be there on Debian site as a warning for people not to
download live for install. At least till we get 9.0.2 live iso.

Re: Connessione wifi

[Dejan Jocic]

On 18-07-17, Gabriele Cossetti wrote:
> Ascoli Piceno - Italia - 18/07/2017
> 
> Ho appena installato la versione Debian 9.0, ho una connessione WI-FI su 
> PC IBM .386 che usa una porta USB del seguente produttore:
> 
> WI-FI USB Sitecom adapter N150
> 
> e dopo l'installazione non risulta funzionante.
> 
> Cosa devo fare per renderla funzionante?
> 
> Cordiali saluti
> Gabriele Cosssetti
> 

Since this is mailing list on English language, if you would feel more
comfortable asking for help on Italian, you could try on Italian
speaking debian users list here:

debian-ital...@lists.debian.org

or web page here:

https://lists.debian.org/debian-italian/

Re: Can debian-live-9.0.1-i386-lxde be made to install from USB?

[Dejan Jocic]

On 18-07-17, Erik Christiansen wrote:
> On 18.07.17 08:46, Thomas Schmitt wrote:
> > Afaik, unetbootin unpacks the ISO and replaces the boot loader software.
> > Debian discourages its use with live and installation ISOs.
> > 
> > The Debian ISOs for i386 are ready to be simply copied onto the device
> > file of the overall USB stick (i.e. to /dev/sdX not to /dev/sdX1).
> 
> Ah, they're what's described as a .img on other sites, then. I chose
> unetbootin in lieu of a dd copy, based on the .iso suffix.
> 
> > After ensuring that /dev/sdd really is the device address of the USB
> > stick, you just do
> > 
> >   dd if=debian-live-9.0.1-i386-lxde.iso bs=4M of=/dev/sdd ; sync
> > 
> > See
> >   https://www.debian.org/CD/faq/#write-usb
> 
> The dd copied the image fine, the Udoo X86 booted on it, and I
> began the install. Sadly, it barfed at the same stage - after setting
> geographic location and keyboard, the debian 9 install process threw up
> a "Detect and mount CD-ROM" screen, insisting on a CD with suitable
> install content. It seemed quite unaware that it is installing from USB.
> 
> Performing a "continue" and a "skip" returns to the "Debian installer
> main menu", with the cursor on "Detect and mount CD-ROM". The dufus
> thing is still obsessing about CDs, despite the web page promising that
> it can do a USB install.
> 
> Are we just up against false advertising? The USB holds ten times what a
> CD can, so there's no rational reason for last-century media to be
> involved.
> 
> I'll wrassle ten years of cabling pile-up on the back half of the desk,
> move the Udoo to the near end of the coffee table, and string an
> ethernet cable over. Maybe a net install will work.
> 
> Erik
> 


This release of Debian came with buggy live images. It was fixed with
9.0.1 live images, or at least it seemed so. Perhaps you discovered bug
in it that should be reported. Unfortunately, debian live images do not
get much needed love and because of that are not really preferred method
of installing. You should be fine with net install image, or with
regular dvd-1 iso image, be it from usb, or from dvd.

Re: alt ctrl T - terminal not opening

[Dejan Jocic]

On 17-07-17, to...@tuxteam.de wrote:
> On Mon, Jul 17, 2017 at 08:39:25AM +0100, kelsang sherab wrote:
> > Using Stretch with GNOME 3
> > I am unable to add shortcut to open terminal.
> > suggestions are welcomed.
> 
> Sorry to hear that. To help people help you, you might want to provide
> more details:
> 
>   - what is your desktop environment (e.g.: are you using Gnome? KDE?
> Mate? -- there are more)... or no desktop environment at all?
> 
>   - what have you tried to add your shortcut? In which way did it fail
> to work?
> 
> Regards
> -- tomás
> 

He already stated that it is Gnome 3. In Gnome 3, go to settings ( top
right corner where those icons are click, buton with key and screwdriver
), then go to keyboard. Scroll all down to bottom, you will find + sign.
Click it and you will be able to assign custom shortcut.

Re: SAMBA problems on Debian 8.8

[Dejan Jocic]

On 15-07-17, Hans Kraus wrote:
> Hi,
> 
> yesterday, 14. July, about 9:30 pm my SAMBA shares on Debian simply
> stopped working. I did not do anything on the system.
> 
> When I now try to connect to them from Windows 8.1 I do not see them
> in the "Connect Network Drive" window.
> 
> When I enter the address manually I get the error "The connection isn't
> accepted from the remote device ...".
> 
> All texts are my translations from German, so the will be only
> approximately correct.
> 
> Any advice for me and what debug info shall I supply?
> 
> Kind regards,
> Hans
> 

Samba had 2 security updates, first one had messed up dependencies and
second one solved that. Perhaps you just updated first one and need to
do update/upgrade again to catch up second one?

Re: Debain 9 dhclient or network problem

[Dejan Jocic]

On 11-07-17, Franz Angeli wrote:
> Hi,
> 
> i have a problem with dhclient:
> 
> for example interface name eno52 (tg3, Broadcom Limited NetXtreme
> BCM5719 Gigabit Ethernet PCIe (rev 01) :
> 
> root@:~# dhclient eno52 -v
> Internet Systems Consortium DHCP Client 4.3.5
> Copyright 2004-2016 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> 
> Listening on LPF/eno52/3c:a8:2a:e7:87:bf
> Sending on   LPF/eno52/3c:a8:2a:e7:87:bf
> Sending on   Socket/fallback
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 4
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 10
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 7
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 9
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 15
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 16
> No DHCPOFFERS received.
> No working leases in persistent database - sleeping.
> 
> tcpdump during dhclient doesn't show anything?!?
> 
> root@*:~# tcpdump -i eno52
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eno52, link-type EN10MB (Ethernet), capture size 262144 bytes
> 
> 
> root@***:~# ip addr show eno52
> 9: eno52:  mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether 3c:a8:2a:e7:87:bf brd ff:ff:ff:ff:ff:ff
> 
> interface eno52 seems to be disconnected but cable is plugged and
> working (i tried with other pc)
> 
> obviously ethernet cable is connected...
> Debian 8 works fine with this hw
> Debian 9 doesn't work
> 
> Server is ProLiant DL380 Gen9 (719064-B21)
> 
> root@***:~# lspci -v | grep -A10 Ethernet
> 02:00.0 Ethernet controller: Broadcom Limited NetXtreme BCM5719
> Gigabit Ethernet PCIe (rev 01)
> Subsystem: Hewlett-Packard Company Ethernet 1Gb 4-port 331i Adapter
> Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0
> Memory at 92c9 (64-bit, prefetchable) [size=64K]
> Memory at 92ca (64-bit, prefetchable) [size=64K]
> Memory at 92cb (64-bit, prefetchable) [size=64K]
> [virtual] Expansion ROM at 9310 [disabled] [size=256K]
> Capabilities: [48] Power Management version 3
> Capabilities: [50] Vital Product Data
> Capabilities: [58] MSI: Enable- Count=1/8 Maskable- 64bit+
> Capabilities: [a0] MSI-X: Enable+ Count=17 Masked-
> Capabilities: [ac] Express Endpoint, MSI 00
> --
> 02:00.1 Ethernet controller: Broadcom Limited NetXtreme BCM5719
> Gigabit Ethernet PCIe (rev 01)
> Subsystem: Hewlett-Packard Company Ethernet 1Gb 4-port 331i Adapter
> Flags: bus master, fast devsel, latency 0, IRQ 17, NUMA node 0
> Memory at 92c6 (64-bit, prefetchable) [size=64K]
> Memory at 92c7 (64-bit, prefetchable) [size=64K]
> Memory at 92c8 (64-bit, prefetchable) [size=64K]
> [virtual] Expansion ROM at 9314 [disabled] [size=256K]
> Capabilities: [48] Power Management version 3
> Capabilities: [50] Vital Product Data
> Capabilities: [58] MSI: Enable- Count=1/8 Maskable- 64bit+
> Capabilities: [a0] MSI-X: Enable- Count=17 Masked-
> Capabilities: [ac] Express Endpoint, MSI 00
> --
> 02:00.2 Ethernet controller: Broadcom Limited NetXtreme BCM5719
> Gigabit Ethernet PCIe (rev 01)
> Subsystem: Hewlett-Packard Company Ethernet 1Gb 4-port 331i Adapter
> Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0
> Memory at 92c3 (64-bit, prefetchable) [size=64K]
> Memory at 92c4 (64-bit, prefetchable) [size=64K]
> Memory at 92c5 (64-bit, prefetchable) [size=64K]
> [virtual] Expansion ROM at 9318 [disabled] [size=256K]
> Capabilities: [48] Power Management version 3
> Capabilities: [50] Vital Product Data
> Capabilities: [58] MSI: Enable- Count=1/8 Maskable- 64bit+
> Capabilities: [a0] MSI-X: Enable- Count=17 Masked-
> Capabilities: [ac] Express Endpoint, MSI 00
> --
> 02:00.3 Ethernet controller: Broadcom Limited NetXtreme BCM5719
> Gigabit Ethernet PCIe (rev 01)
> Subsystem: Hewlett-Packard Company Ethernet 1Gb 4-port 331i Adapter
> Flags: bus master, fast devsel, latency 0, IRQ 17, NUMA node 0
> Memory at 92c0 (64-bit, prefetchable) [size=64K]
> Memory at 92c1 (64-bit, prefetchable) [size=64K]
> Memory at 92c2 (64-bit, prefetchable) [size=64K]
> [virtual] Expansion ROM at 931c [disabled] [size=256K]
> Capabilities: [48] Power Management version 3
> Capabilities: [50] Vital Product Data
> Capabilities: [58] MSI: Enable- Count=1/8 Maskable- 64bit+
> Capabilities: [a0] MSI-X: Enable- Count=17 Masked-
> Capabilities: [ac] Express Endpoint, MSI 00
> --
> 04:00.0 Ethernet controller: Broadcom Limited NetXtreme BCM5719
> Gigabit Ethernet PCIe (rev 01)
> Subsystem: Hewlett-Packard Company Ethernet 1Gb 4-port 331FLR Adapter
> Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0
> Memory at 92b9 (64-bit, prefetchable) [size=64K]
> Memory at 92ba (64-bit, prefetchable) [size=64K]
> Memory at 92bb (64-bit, prefetchable) 

Re: dhclient or network problem

[Dejan Jocic]

On 10-07-17, Franz Angeli wrote:
> Hi,
> 
> i have a problem with dhclient:
> 
> for example interface name eno52 (tg3, Broadcom Limited NetXtreme
> BCM5719 Gigabit Ethernet PCIe (rev 01) :
> 
> root@:~# dhclient eno52 -v
> Internet Systems Consortium DHCP Client 4.3.5
> Copyright 2004-2016 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> 
> Listening on LPF/eno52/3c:a8:2a:e7:87:bf
> Sending on   LPF/eno52/3c:a8:2a:e7:87:bf
> Sending on   Socket/fallback
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 4
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 10
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 7
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 9
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 15
> DHCPDISCOVER on eno52 to 255.255.255.255 port 67 interval 16
> No DHCPOFFERS received.
> No working leases in persistent database - sleeping.
> 
> tcpdump during dhclient doesn't show anything?!?
> 
> root@*:~# tcpdump -i eno52
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eno52, link-type EN10MB (Ethernet), capture size 262144 bytes
> 
> 
> root@***:~# ip addr show eno52
> 9: eno52:  mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether 3c:a8:2a:e7:87:bf brd ff:ff:ff:ff:ff:ff
> 
> 
> if i use the same ethernet cable on my laptop all works fine...

Don't you think that you have enough of a clue there :P That eno52 is,
as you can see ethernet card, of course it will work when you connect it
with ethernet cable. If you want it to work with wifi, that is another
story. What is your wifi card, do you have something starting with w in
the output of ip addr show? What is the output of the lspci -v | grep -i
-A6 net?
> 
> i don't know if is a module problem...or?
> 
> Can you help me?
> 
> BR
> 

Re: How to gain control over the system?

[Dejan Jocic]

On 10-07-17, Kaj Persson wrote:
> Hi Jimmy,
> Well, I did not follow your suggestion exactly, but as people has said, the
> root account is already and always  there, even it has not been assigned a
> password. So, against my real whish, not to activate the root account, I
> gave the command sudo passwd root, and entered a password. And now I suppose
> I have burned my ships and have no way back...
> 
> But! Nothing has changed. I can still not enter program icons to the panel,
> and not define keyboard shortcuts. If I sort the icons on the desktop they
> still, after a cold start, come back in a completely other order, dispite I
> had marked "Keep ajusted" (right click on desktop).
> 
> So...?
> /Kaj
> 

What are you talking about, there are several ways to lock your root
account? Not sure why you would like to though. You can lock it with
sudo, like this:

sudo passwd -l root

But that is not really necessary. Better would be to learn how to
strengthen your root account. Depending on what you really want to
achieve, you can set it up so only way to access it would be to use su,
or sudo from trusted accounts. If you are interested in that, further
reading you can find here:

https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-wstation-privileges-noroot.html

Re: pop-up windows all the time in Firefox, Stretch

[Dejan Jocic]

On 09-07-17, Anil Duggirala wrote:
> hello,
> Ever since I moved to Stretch I have had pop-up windows popping up all
> the time (clicking on various items on various types of pages). I am
> posting here, since this is only happening in my Debian installation.
> Was anything changed in the default configuration of Firefox. It feels
> like Windows with all of these pop-ups, this is the first time I
> experience anything like this in a linux installation.
> thanks,
> 

In firefox you have option to block pop-up windows. Go to preferences,
it is under content. And install some add blocker. For me, best is :

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

You can also install script blocker, like this one:

https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss

With all that on, you will be pretty safe against pop-ups.

Re: How to gain control over the system? [a security-side-note]

[Dejan Jocic]

On 09-07-17, Eike Lantzsch wrote:
> On Sunday, 9 July 2017 14:54:02 -04 Kaj Persson wrote:
> > 
> > * Configuring sudo? No I have not done that explicitly, not more than
> > what the install program did itself. I have looked at /etc/sudoers and
> > what I think the important lines are:
> > 
> >  # User privilege specification
> >  rootALL=(ALL:ALL) ALL
> > 
> >  # Allow members of group sudo to execute any command
> >  %sudo   ALL=(ALL:ALL) ALL
> There the "security" went out of the building ...
> Please have a look here:
> https://blather.michaelwlucas.com/archives/2266

It does not matter really ( though it is really nice lecture about sudo
), because it is personal machine. Settings like that on personal
machine are really fine. 

> > 
> >  #includedir /etc/sudoers.d
> > 
> > In /etc/sudoers.d there are no more files than README.
> > 

Re: How to gain control over the system?

[Dejan Jocic]

On 09-07-17, Anders Andersson wrote:
> On Sun, Jul 9, 2017 at 12:51 AM, Fungi4All  wrote:
> 
> > On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote:
> >
> > > But now I discovered an issue, I cannot manage my desktop. I have
> > > always at the previous installations, and they are quite many now, been
> > > advised to, for security reason, leave the root password unset, which
> > causes
> > > the root account go passive, and for all tasks where I need root
> > > authority I  go via su/sudo.
> >
> >
> > It is a bad idea despite of what security gurus may advise.  You may lose
> > your system
> > and never get it back.
> >
> 
> 
> It's an even worse idea to listen to people on the internet who ignore
> "security gurus" based on rumours. You can easily restore or change the
> root password if it's lost or unset.

Leaving root password unassigned for "security" reasons is silly.
Heaving, or not heaving root account assigned does not make your system
any more secure. For some things you do need root account. Those systems
that use sudo only approach ( read Ubuntu and derivates ) have sulogin
patched to allow single user mode, for example. And it is made so on
Ubuntu out of fear that new users attracted to Linux will mess up things
more if they have access to root account. Not that it stopped people to
be people and to mess things up equally successful with sudo account. As
for those "security gurus", who are they? Real gurus? Or just people
repeating what they've read somewhere with little to no understanding
what they've read?

Re: Advice on Debian installation

[Dejan Jocic]

On 08-07-17, Fungi4All wrote:
> From: sebastian.luna.val...@gmail.com
> 
> > Great, many thanks for your quick replies!
> > Will try that, fingers crossed!
> 
> Don't listen to those ubuntu haters, nothing will happen.
> Leave it as is. When debian installs its version of grub
> on /dev/sda it will be in control and provide you boot entries
> for win7, ubuntu, and Debian. If you log back to Ubuntu
> and $sudo grub-install /dev/sda
> $sudo update-grub it will gain back control and create
> the same boot entries for all three but ubuntu will be
> first choice. At least this way you will not have to look
> at the ugly green debian snail screen when you wake
> up in the morning! :)
> As long as you are not including an Arch/Manjaro
> installation you will be fine with either grub. I have had
> up to seven of them (it only takes a few kb of space).
> Delete the ubuntu partition and you will be OK!
> Tell this to the ausie guy that installed stretch from scratch and
> lost all networking! 3-4 days ago. At least this man can download
> all the gpg stuff and the deb files that were needed from ubuntu
> and pass them to the half broken isolated debian installation.
> Just keep your fingers crossed and debian might even work
> first time around.

Do you even bother to read other people posts? He wants to install
Debian where Ubuntu install is. He wants to replace it.

Re: Replace systemd

[Dejan Jocic]

On 06-07-17, David Griffith wrote:
> 
> I'm aware of that technique.  What I was talking about is a menu option that
> pops up when the install is running that explicitly asks the person
> installing which init to use.
> 
> 
> -- 
> David Griffith
> d...@661.org
> 
> A: Because it fouls the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?


There was no such option when SysVinit was default. Why would it exist
now? There are also no options to choose default browser, editor, video
player, music player and so on. But everyone is free to install and set
as default whatever they like. Including init system.

Re: [Stretch] apt-get has no updates?

[Dejan Jocic]

On 05-07-17, RavenLX wrote:
> On 06/30/2017 12:34 PM, Dejan Jocic wrote:
> > On 30-06-17, RavenLX wrote:
> > > 
> > > > If you have unattended-upgrades package installed and it is configured
> > > > to fetch and install security updates only ( which is default ), that is
> > > > place to look for upgraded packages. You can also configure
> > > > unattended-upgrades to mail you where there was updates/upgrades and all
> > > > that jazz.
> > > 
> > > How do I go about upgrading then? I don't know of how to do it any other 
> > > way
> > > than via apt-get. Also I don't want to have it email me anything. I 
> > > usually
> > > go to the command line, do a series of commands and upgrade the system. I
> > > would like to continue to do things that way. I do this once a week 
> > > (usually
> > > Thurs. but now I'm switching to Fridays).
> > > 
> > 
> > Well, as you could see from your log, unattended-upgrades did it job and
> > upgraded security packages. If you want to keep those auto
> > updates/upgrades for security packages ( not that you will get much more
> > updates than those now that stretch is stable ), you do not have to do
> > anything. Security updates will be done automatically.
> 
> I saw another security update and went and checked to see what version I had
> installed. It looks like it did in fact automatically install the update.
> 
> While it might be hard to get used to at first, I think I'll leave it as-is
> since this would ensure that my system is automatically up to date on
> security issues.
> 
> Maybe it's a good thing after all and time for me to make a little change in
> my routine? :)
> 
> Would this affect other updates (ie. bug-fix) of packages or is this only
> for the security repo? Should I still do the apt-get routine weekly just in
> case? I would surmise that we probably won't get any 'normal' but fix
> updates for a long time since Stretch was just released?
> 

As explained before, settings for unattended-upgrades are in the
/etc/apt/apt.conf.d/50unattended-upgrades. You can set it to download
and install just security updates, which is default. Or, you can set it
to download and install all updates, if you uncomment certain lines, or
add new ones. Think that you can also set it from apper, or
plasma-discover, whatever kde uses these days. Or
software-properties-kde, if it is similar to software-properties-gtk.

Re: Problems with apt in a clean stretch install.

[Dejan Jocic]

On 05-07-17, Wayne Hartell wrote:
> 
> Fungi4All wrote:
> > And this for the OP:
> > 1  But if there is such a basic problem with installation what is
> > so different that the rest of the new stretch installers did not
> > face?
> >
> 
> That's a good question. I'm not 100% sure what the problem with the
> installer is in your minds? Do you mean whatever causes the problem that
> occurs when /etc/apt/trusted.gpg is *present*?
> 
> > 2  What filesystem did you use while partitioning?  
> >

I doubt that filesystem has anything to do with your experience.


> Being a novice I didn't make any changes from the defaults (did the guided
> partitioning with everything in one** partition), except on one laptop,
> where I used LVM/encryption, but with no partitioning differences other than
> those created by using LVM.
> 
> **I note that even though the installer says "one" partition, it still seems
> to create a separate swap partition (I read, I think that on some distros
> the swap partition is now optional; it can be a file instead). So the file
> system is (for 3/4 of the systems):
> /dev/sda1 bootable Ext4 341GB
> /dev/sda2 extended 2.1GB
> /dev/sda5 swap 2.1GB
> 
> > 3  Is there any kind of raid?

Even if you do, do not see how it is relevant for this case.

> 
> No raid on any of the systems.
> 
> > 4  Is autoupdate/unattended-update enabled?  And is there a log of it?
> 
> Only if it was enabled by default. "System Upgrade" in Synaptic is set to
> "Smart Upgrade" if that's what you are talking about. I don't know what this
> is and after yesterday haven't got enough time to research what this is and
> where/how to find logs for now. Let me know if a proper answer to this
> question is important,  and I will dig into it further.
> 
> Kind Regards,
> Wayne.
> > 

For start, it is not unattended-update, it is unattended-upgrades
package. It also does not have anything to do with your problem. In
stretch, it comes in by default on at least gnome and kde tasks. And, by
default, it is set to get your security upgrades and install them for
you. To check if it is installed:

dpkg -s unattended-upgrades

To check if it is enabled:

cat /etc/apt/apt.conf.d/20auto-upgrades

If output is:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

then it is enabled. If you want to disable it change those "1" to "0".
You can do it with your favorite editor or in one line:

sudo sed -i 's/1/0/g' /etc/apt/apt.conf.d/20auto-upgrades

If you want to use unattended-upgrades, would suggest checking its
config file that is here:

/etc/apt/apt.conf.d/50unattended-upgrades

and debian wiki entry here:

https://wiki.debian.org/UnattendedUpgrades

As a side note, in gnome you can enable/disable auto updates in gnome
software & updates ( software-properties-gtk ) and in kde apper or
whatever kde uses these days.