Re: Fdisk

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Jan 20, 2017 at 02:05:26PM +0300, Gokan Atmaca wrote:
> I did it. I first erased all parts. Without saying "W". Then I called
> the new section and gave default values.
> I've done it the next time I restart. :)
> 
> #resize2fs /dev/sda1

Sorry, I couldn't understand exactly what you mean. But I hope it
worked for you!

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAliB9BgACgkQBcgs9XrR2kbHDACdEdsrLVcmq4nLaLCmv6LAjbRL
ivQAn1K0GbY1qMLYci66Brze0QqGhDh3
=vxZR
-END PGP SIGNATURE-

Re: Fdisk

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Jan 20, 2017 at 11:59:36AM +0200, Georgi Naplatanov wrote:
> On 01/20/2017 11:54 AM, Gokan Atmaca wrote:
> > Hello
> > 
> > Debian is running as a VM on the KVM. I enlarged the disk with QEMU.
> > But the disk is as follows.
> > So he did not grow up.
> > 
> > Pre:
> > root@debian:/home/gokan# fdisk  -l
> > 
> > Disk /dev/sda:[b] 40 GiB[/b], 42949672960 bytes, 83886080 sectors
> > Units: sectors of 1 * 512 = 512 bytes
> > Sector size (logical/physical): 512 bytes / 512 bytes
> > I/O size (minimum/optimal): 512 bytes / 512 bytes
> > Disklabel type: dos
> > Disk identifier: 0x6845f24a
> > 
> > Device BootStart  End  Sectors  Size Id Type
> > /dev/sda1  *2048 80383999 80381952 38.3G 83 Linux
> > /dev/sda2   80386046 83884031  3497986  1.7G  5 Extended
> > /dev/sda5   80386048 83884031  3497984  1.7G 82 Linux swap / Solaris
> > 
> > root@debian:/home/gokan#
> > root@debian:/home/gokan# df -Th
> > Filesystem Type  Size  Used Avail Use% Mounted on
> > /dev/sda1  ext4   38G  908M   35G   3% /
> > udev   devtmpfs   10M 0   10M   0% /dev
> > tmpfs  tmpfs 201M  4.4M  196M   3% /run
> > tmpfs  tmpfs 501M 0  501M   0% /dev/shm
> > tmpfs  tmpfs 5.0M 0  5.0M   0% /run/lock
> > tmpfs  tmpfs 501M 0  501M   0% /sys/fs/cgroup
> > 
> > Post:
> > root@debian:/home/gokan# fdisk -l
> > 
> > Disk /dev/sda:[b] 50 GiB[/b], 53687091200 bytes, 104857600 sectors
> > Units: sectors of 1 * 512 = 512 bytes
> > Sector size (logical/physical): 512 bytes / 512 bytes
> > I/O size (minimum/optimal): 512 bytes / 512 bytes
> > Disklabel type: dos
> > Disk identifier: 0x6845f24a
> > 
> > Device BootStart  End  Sectors  Size Id Type
> > /dev/sda1  *2048 80383999 80381952 38.3G 83 Linux
> > /dev/sda2   80386046 83884031  3497986  1.7G  5 Extended
> > /dev/sda5   80386048 83884031  3497984  1.7G 82 Linux swap / Solaris
> > 
> > root@debian:/home/gokan#
> > root@debian:/home/gokan# df -Th
> > Filesystem Type  Size  Used Avail Use% Mounted on
> > /dev/sda1  ext4   38G  908M   35G   3% /
> > udev   devtmpfs   10M 0   10M   0% /dev
> > tmpfs  tmpfs 201M  4.4M  196M   3% /run
> > tmpfs  tmpfs 501M 0  501M   0% /dev/shm
> > tmpfs  tmpfs 5.0M 0  5.0M   0% /run/lock
> > tmpfs  tmpfs 501M 0  501M   0% /sys/fs/cgroup
> > 
> > How can I grow this disc?
> 
> Hi,
> 
> after enlarging disk or logical volume (in case of LVM), you have to
> enlarge file system.

Exactly. The disk is bigger now, but you have to do something with
this extra space.

 (1) You could make an extra partition (that would go after sda5,
 that is your swap space) and put a file system on it, then
 e.g. mount it

 (2) you could try to add your new space to your existing swap
 partition. Just disable swap (swapoff), enlarge sda5 (fdisk),
 make new swap (mkswap), re-enable swap (swapon).

 (3) you could try to add your new space to your existing root
 partition (sda1). Problem is, the swap is on the way. So
 first disable swap, remove swap partition (as in (2)), delete
 swap partition (fdisk), enlarge sda1 (still fdisk), re-create
 swap at the end (still fdisk). When finished, and all is
 well, then you can resize your file system (resize2fs). Note
 that root can't be mounted read/write for that.

 (4-n) you could use LVM...

I guess you want (3).

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAliB4kcACgkQBcgs9XrR2kb80gCdEYOlD7WNf2PEujXXs6SCC3hP
KLcAn0OcfH+JNlXFth5ftiIPRHJRlVXA
=JUyi
-END PGP SIGNATURE-

Re: A minimalist network

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Aug 19, 2016 at 07:41:56AM -0500, Richard Owlett wrote:

[...]

> As I had said in last paragraph of
> https://lists.debian.org/debian-user/2016/08/msg00609.html :
> "Why would I be interested in ssh as both machines are sitting on my
> desk and _neither_ will be connected to the internet when ethernet
> connection is live?"

Because your newest IOT lightbulb[1] or other gadget[2] is spying on
you?

Of course you may have reasons to "go simple", especially on setup,
and/or under controlled conditions; especially if you're connecting
the two boxes via one cable as has been sugested in this (monster)
thread several times, you're entitled to be somewhat secure.

But dividing the world in "insecure outside, secure inside, and at
the perimeter, the firewall takes care of things" is a pretty
outdated way of thinking. Better use secure protocols inside your
network. You never know what your network printer is doing, there
beneath the desk.

[1] 
[2] 


Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAle3BBQACgkQBcgs9XrR2kZv8QCfUFzUZk2l0qhGrkPULXN9CCTa
YFMAnjBeNw2nif1ObMbC+leiPksJDYXd
=gd2p
-END PGP SIGNATURE-

Re: A minimal relational database in Debian?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Feb 27, 2017 at 07:17:56AM -0600, Richard Owlett wrote:
> The last time I needed a relational database my employer was using
> dBaseII on a MS-DOS machine.

Hm. A strange "relational" database indeed...

> What is a functional equivalent in the Debian repository?
> 
> I looked at at LibreOffice Base. It was unusable as its "help"
> system provided no intrinsic way to increase fonts to a legible
> size.

LibreOffice Base is, AFAIK *not* a relational database, but just
a -possibly graphical- user interface to one. Relational databases,
as I know them, have no "fonts", for example.

Sorry for sounding somewhat snarky, but I'm trying to help you refine
your requirements. What is it exactly what you are looking for?

 - some kind of dBase clone (in a very loose sense), i.e. some
   GUI where you can click together small data-centric GUI apps?
   "Relational", perhaps "concurrent multi-user" not so important?

   I have to defer to others in this one. But perhaps you might
   want to look into gambas (for which you'd need a "real" database
   beneath, see below)

 - a "relational" [1] database with transactions, SQL, perhaps some
   concurrent multi-user capabilities?

   Here, you could do significantly worse than PostgreSQL. Highly
   recommended. Or, if you want to embed it into applications and
   don't care about multi-user (and many other niceties), you
   might want to look into sqlite. Then there is MariaDB (which
   was formerly spelled MySQL, but Oracle). Others will disagree,
   but my take is: don't if you don't have to.

(The first class of applications might contain one of the second
class as embedded data store -- or it might not).

What does you use case look like, approximately?

Regards

[1] Yeah: absolute purists will say most SQL databases out there
   are not relational, and they'd be right

- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli0LQUACgkQBcgs9XrR2kYRqQCfQoF10Q4ZvLzLEP5u2y9dVJPK
uWoAniS+XnG6uKqkKWSwjYieYTgFW9xe
=l5rv
-END PGP SIGNATURE-

Re: Cepstral swift and Debian Stretch

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 28, 2017 at 06:04:24AM -0500, Chuck Hallenbeck wrote:
> 
> On Tue, Feb 28, 2017 at 07:59:01AM -0300, Eduardo M KALINOWSKI wrote:
> > On 27-02-2017 21:03, Chuck Hallenbeck wrote:
> > > Hi everyone, 
> > >
> > > I'm attempting to install a tommercial TTS from Cepstral on my Debian
> > > Stretch system, and get the following when running swift:
> > >
> > > /usr/local/bin/swift: 12: exec: /opt/swift/bin/swift.bin: Exec format
> > > error
> > Show us the output of
> > file /usr/local/bin/swift
> > file /opt/swift/bin/swift.bin
> > 
> > (Especially the latter.)

[took the liberty to fix top-post]

> Here is what file says:
> 
> /opt/swift/bin/swift.bin: ELF 64-bit LSB executable, x86-64, version 1
> (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,
> for GNU/Linux 2.6.9, not stripped

How did this swift.bin arrive to your disk? (I mean: download, unpack,
etc.)

Suspecting some corruption along the way (e.g. line-end transformation
by text mode in ftp, some (un)packer or similar).

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli1X1EACgkQBcgs9XrR2kYwNgCdFOAmT5QCRvXMPenxGgiaU12q
KnYAnA9TNz8nMdriZ2eezW0dD6lWZS/a
=Tw6u
-END PGP SIGNATURE-

Re: Cepstral swift and Debian Stretch

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 28, 2017 at 06:52:56AM -0500, Chuck Hallenbeck wrote:
> My comment below:
> 
> 
> On Tue, Feb 28, 2017 at 12:30:25PM +0100, to...@tuxteam.de wrote:
> > On Tue, Feb 28, 2017 at 06:04:24AM -0500, Chuck Hallenbeck wrote:
> > > 
> > > On Tue, Feb 28, 2017 at 07:59:01AM -0300, Eduardo M KALINOWSKI wrote:
> > > > On 27-02-2017 21:03, Chuck Hallenbeck wrote:
> > > > > Hi everyone, 
> > > > >
> > > > > I'm attempting to install a tommercial TTS from Cepstral on my Debian
> > > > > Stretch system, and get the following when running swift:
> > > > >
> > > > > /usr/local/bin/swift: 12: exec: /opt/swift/bin/swift.bin: Exec format
> > > > > error
> > > > Show us the output of
> > > > file /usr/local/bin/swift
> > > > file /opt/swift/bin/swift.bin
> > > > 
> > > > (Especially the latter.)
> > 
> > [took the liberty to fix top-post]
> > 
> > > Here is what file says:
> > > 
> > > /opt/swift/bin/swift.bin: ELF 64-bit LSB executable, x86-64, version 1
> > > (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,
> > > for GNU/Linux 2.6.9, not stripped
> > 
> > How did this swift.bin arrive to your disk? (I mean: download, unpack,
> > etc.)
> > 
> > Suspecting some corruption along the way (e.g. line-end transformation
> > by text mode in ftp, some (un)packer or similar).
> 
> The Cepstral was obtained from a direct link to www.cepstral.com which
> support gave me, via wget. There was an earlier package that was in
> fact first downloaded to a Windows machine and then moved to Debian,
> but while Windows unzipped it without changing its name, it eventually
> produced the error I am now getting with the directly downloaded
> package. BTW, I failed to show the output of file for the symlink,
> which looks like this:
> 
> /usr/local/bin/swift: symbolic link to /opt/swift/bin/swift
> 
> I notice that it does not point to swift.bin, but to a directory
> containing it. 

Is /opt/swift/bin/swift really a directory? I'd expect it to be
just a shell script invoking swift.bin (after possibly setting
up some environment).

> Either way, it runs under Arch on this box, but not under Debian.

Hmmm. "it" meaning the very same file, i.e. Arch and Debian share a
file system? Or a copy of the file?

If the last is the case, could you compare their checksums, i.e.

  sha1sum /opt/swift/bin/swift.bin

Are they equal?

(No need to do it if the first is the case, of course).

Just a shot in the dark: quoting a previous mail from you

> Here is what file says:
>
> /opt/swift/bin/swift.bin: ELF 64-bit LSB executable, x86-64, version 1
> (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,
> for GNU/Linux 2.6.9, not stripped

Does /lib64/ld-linux-x86-64.so.2 exist on your Debian box? (would be
strange if not, but hey...)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli1becACgkQBcgs9XrR2kYpQwCfb6O4tt1f3V0O1KSI2Bo17n4o
t4AAn05+c0rKtW5TA1E5Gv87tvLgn2ax
=41hy
-END PGP SIGNATURE-

Re: Cepstral swift on Debian and on Arch

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 28, 2017 at 12:28:22PM -0500, Chuck Hallenbeck wrote:
> Okay, I think we're closing in on it. 
> 
> The Cepstral swift package runs fine on archlinux, where using ldd -r
> on the executable lists eleven libraries, all but one of which is
> present on Debian where the Cepstral package fails. On Debian, ldd -r
> on the executable says simply "not a dynamically linked executable."
> 
> The item found on Arch but missing on Debian is:
> 
> /lib64/ld-linux-x86-64.so.2 (0x7fd2b1fd1000)
> 
> Any idea where to go from here? 

Aha. So ignore my previous post. This file above is part of the libc6
package. It *should* be somewhere on your system (your Debian is a
64 bit system, isn't it? What does "uname -a" say?)

Try "ldd" on some working binary on your debian box, so you can see
what ld.so it is using, like so:

  ldd /bin/ls

For good measure do also

  file /bin/ls

to make sure that it actually is a 64 bit executable. My hunch is
that your Debian has its 64 bit libraries still in /lib and not,
as it does these days in /lib64.

A possible solution (untested, at least by me!) would be to symlink
/lib to /lib64 (*if* /lib contains 64 bit libraries!) and then run
ldconfig.

What do others think?

God luck
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli14+QACgkQBcgs9XrR2kabtACeOv2qxyRxcnUgKd2tZukBM9JJ
wRwAnRNgNetAa2/1Ne3j6Nfw0b6tA7v3
=rolZ
-END PGP SIGNATURE-

Re: Recap: Cepstral Swift and Debian Stretch

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 28, 2017 at 08:30:13AM -0500, Chuck Hallenbeck wrote:
> Here is a summary of what we now know:
> 
> The only package in play now is
> Cepstral_William_x86-64-linux_6.2.3.873.tar.gz
> 
> 
> It was downloaded with wget from a link given to me from support at
> cepstral.com. 
> 
> The package was downloaded to Debian Stretch on a dual boot system
> where Arch Linux is the secondary OS. It was installed on Debian, and
> after problems were discovered, was moved to Arch and installed there,
> where it ran without error.
> 
> The output of file for the swift.bin executable was identical on b oth
> systems, and was:
> 
>  ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically
> linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.9,
> not stripped, with debug_info

Since the binary is the same, the difference must be in the environment.
The first stop would be to check what's behind

  /lib64/ld-linux-x86-64.so.2

(background: that's the dynamic linker. Every executable has an
"interpreter" which takes care of running it, e.g. for a shell
executable it might be /bin/sh. For ELF executables, it's ld-linux*.so,
with some variations depending on architecture). There is actually a
man page for it (man 8 ld.so)).

A second approach would be calling the program under strace and see
whether there's some usable info, like so:

  strace -o  -f 

(the f means "follow" across forks: thus you might call the shell wrapper
to let it do its setup).

The output is very verbose, but since the program dies quickly, you can
look at the end of the trace file for hints.

Strace records the system calls and their results.

Just ask away when stuck.

> Sorry about  earlier top-posts, I'm new to the list and have bad
> habits.

No worries. I just re-ordered things as posting styles got too mixed
up :-)

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli138QACgkQBcgs9XrR2kYNJQCeKp4Ny0SP/xBp9LOUhG/7v2L8
ygIAn04KBtt/60arZ2Uex9xqP0pt46p3
=4bcY
-END PGP SIGNATURE-

Re: Cepstral swift and Debian stretch: problem solved.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 28, 2017 at 01:47:15PM -0500, Chuck Hallenbeck wrote:
> My thanks for all the help and suggestions, and my apologies for all
> the floundering. Cepstral support spotted the problem pretty quickly.
> 
> Evidently somehow I managed to install a 32 bit Debian on this 64 bit
> PC, but I was attempting to install a 64 bit package on it. Downloading
> and installing the 32 bit Cepstral package did the trick.
> 
> It's not been my day.

Ah. I see. That explains things :-)

Disregard my other posts, then.

Regards, and glad you found it.
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli15IUACgkQBcgs9XrR2ka03gCeOwvQSzx54JzUl/bI3dN6fbFW
thoAnjd+nqbFqRWhW5WutFJfbEiRgKpj
=dS/Y
-END PGP SIGNATURE-

Re: A minimal relational database in Debian

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Mar 01, 2017 at 09:30:00AM +, GiaThnYgeia wrote:
> Boy Microsoft10 and Office-Access and share all your data with the
> seattle bureau in a cloud and have no annoyance what so ever.

Veering dangerously off-topic. But my $EMPLOYER just did that (just
with the mail/groupware infrastructure).

No annoyance? I'm sure those having taken the decision have no
annoyance: but they don't have to actually *use* the stuff. They
have their secretaries for that. As for the rest of us...

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli2ldYACgkQBcgs9XrR2kbuQQCfTw78CMVKteMymkgbjTbfp2OH
RhYAn0hCcn9u8bWeIdYIXYl50l1eOKlX
=ZJQp
-END PGP SIGNATURE-

Re: A minimal relational database in Debian

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Mar 01, 2017 at 06:33:58AM -0600, Richard Owlett wrote:

[...]

> >How do you increase fontsize on the LibeOffice (writer) toolbar and dropdown
> >meuns?? [closed] - Ask LibreOffice
> >https://ask.libreoffice.org/en/question/31736/how-do-you-increase-fontsize-on-the-libeoffice-writer-toolbar-and-dropdown-meuns/
> 
> Unacceptable. It affects the size of _everything_, not just font size.
> I collided with with a fatal side-effect. I tried a too large factor.
> Now the "accept" button is now off screen and *NOT* accessible.
> Don't see any option short of reinstall to resolve.
> I consider LibreOffice *DOA*

How about filing a bug report? That won't solve your problem
*right now*, but... you know, giving back and that.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli2wJwACgkQBcgs9XrR2kbcjwCeJxzDHNl1SgeCbW1ixIZtKa3o
rEUAnAkarF9xSv8q+6Ovk1Fjh+NGvLdu
=Kni2
-END PGP SIGNATURE-

Contributing [was: A minimal relational database in Debian]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Mar 01, 2017 at 07:48:37AM -0600, Richard Owlett wrote:
> On 03/01/2017 06:37 AM, to...@tuxteam.de wrote:

[...]

> >How about filing a bug report? That won't solve your problem
> >*right now*, but... you know, giving back and that.

> I'm not sure it's a "bug" in the "bug report" sense  [...]

It looks like one, to me. Even a delibeerate design decision may
turn out (20/20 and that) to be... unfortunate.

> If I decide to investigate further, I suspect Felix's post may give
> an adequate workaround. Right now I'm attempting to learn
> debootstrap. I hope to be able to contribute a rewrite of "D.3.
> Installing Debian GNU/Linux from a Unix/Linux System" from _Debian
> GNU/Linux Installation Guide_ aimed at a less experienced audience.
> Even retired, there are just so many hours in a day ;/

Fair enough.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli203IACgkQBcgs9XrR2kb+EwCeNUMXnoECdQFprBMcuIIHcKxO
CAQAn30SpiSXt8QQlf7eJx3ob0KeUGMJ
=HVZ2
-END PGP SIGNATURE-

Re: Security hole in LXDE?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Mar 02, 2017 at 11:40:10AM +0100, Hans wrote:
> Checked my system again. 
> It looks like have allowed the standard user to execute applications like 
> synaptic with root rights. I know, this is going to be asked in KDE, when you 
> start  a higher privileged application as a normal user. You can then decide 
> (as root), if the user is allowed to start this application as normal user in 
> the future.

Hm. I'm not sure I've got that one right. Who has allowed the standard
user to execute applications with root rights? How?

> I also found out, that the user is in group "sudo", but got no entry in /etc/
> sudoers.

Again: who "got no entry in /etc/sudoers"? The user in question? Or the
group "sudo"?

> Also, synaptic starts as synaptic-psexec, what means, that when it is startd 
> this way, it is started with root rights.

Seems so. I'm still confused: I don't know whether the desktop environment
is the one granting you root privileges (I can't help with that; I don't
"do" desktop environments) or whether it is sudo (or whether it is the
DE based on the sudo settings).

The sudo part is pretty easy to find out (no clickety way, sorry). Try,
in a shell those two things:

  sudo ls

  sudo synaptic

What happens in each case? Do you get a password prompt? Is synaptic
started in user mode or in root mode?

> So, my question: How can I get this all back. A graphical solution is 
> preferred, of course I knnow, I can edit /etc/groups and other things 
> manually. But if there is a "clicky"-way, this will be preferred.

Be careful when editing /etc/groups. There are things for that like
adduser and addgroup. To remove your user from group sudo:

  sudo deluser  sudo

Whether that helps or not depends on all of the above, of course :-)

But **first of all** you've got to get clear on what you want:

  - shall the regular user not be able to call synaptic in
"root mode" _at all_?

  - yes, but only after entering root password?

  - yes, but only after entering her password?

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli4AsoACgkQBcgs9XrR2kahgwCfeciMgHKYB6jdF+5ab4K89Mzi
n/0AnjZupEhg+FAvDhnhS4cuyQJCdYSR
=qx8V
-END PGP SIGNATURE-

Re: Security hole in LXDE?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Mar 02, 2017 at 01:19:00PM +0100, Hans wrote:
> Hi Tomas
> > Hm. I'm not sure I've got that one right. Who has allowed the standard
> > user to execute applications with root rights? How?
> It was me, beeing haven asked by of the root password and (of course) gave 
> the 
> correct one, I allowed the user, to start applications with root rights 

OK, to recap: you started synaptics (as regular user), and for the first time
you were asked a password. You gave the root (not the user's) password, and
from then on you could start synaptics as a regular user without having to
enter a password. Is that right?
 
> (besides, I am the user and root, as i is my personal computer)

Yes, I get that. That's (more or less) how most of us do things.

> > > I also found out, that the user is in group "sudo", but got no entry in
> > > /etc/ sudoers.
> > 
> > Again: who "got no entry in /etc/sudoers"? The user in question? Or the
> > group "sudo"?
> 
> It is the user, whom I allowed, to the above.

OK, let me summarize that:

 - there is a file /etc/sudoers
 - the "user" (let's call him "hans") has *no* entry in /etc/sudoers

Is that right?

That would be a typical setup (on my box it is exactly like that). The
group sudo is in the /etc/sudoers, and you give users sudo powers by
adding them to the sudo group. Typically things are set up in a way
that the user has still to enter *her* password. You can easily check
which groups a user is in with the "groups" command. In my box:

  tomas@rasputin:~$ groups tomas
  tomas : tomas cdrom floppy sudo audio dip video plugdev scanner netdev 
bluetooth kvm

With this setup (and supposed /etc/sudoers has this:

  # Allow members of group sudo to execute any command
  %sudo   ALL=(ALL:ALL) ALL

I can use sudo like so:

  tomas@rasputin:~$ sudo ls
  [sudo] password for tomas: 
  33c3  fr   letters [...]

Note that it asked me for a password. My password (not root). You can configure
/etc/sudoers to *not* ask for a password, to do it only for certain commands
and tons of other things (cf. man 5 sudoers). Sudo remembers whithin a session,
and for a limited time (default is 15 minutes) the password given, so next
command won't ask you, if you are quick enough. Can be changed in /etc/sudoers.

> > > Seems so. I'm still confused: I don't know whether the desktop environment
> > is the one granting you root privileges (I can't help with that; I don't
> > "do" desktop environments) or whether it is sudo (or whether it is the
> > DE based on the sudo settings).
> 
> No, no, the desktop just edits the settings, after a correct given root 
> password, to start the special applications with root right sin future times.

You mean: the desktop edits /etc/sudoers? I have had many reasons to kick
DEs out of my box many years ago, but this would be one reason more :-(

Are you sure?

> > The sudo part is pretty easy to find out (no clickety way, sorry). Try,
> > in a shell those two things:
> > 
> >   sudo ls
> > 
> 
> Gives the same als "ls".

Without being asked for *any* password? Sudo supports that (NOPASSWD), but
it's not the default.

OK. Then obviously you have sudoers running, (1) your user (hans) is allowed
sudo (most probably via its group) and (2) either you have a NOPASSWD policy,
or (3) the credentials are cached from a previous successful sudo. If you
opened your shell explicitly for this experiment, that would almost surely
rule out (3).

> >   sudo synaptic
> sudo synaptic
> sudo: Hostname protheus1 kann nicht aufgelöst werden
> No protocol specified
> Unable to init server: Verbindung ist gescheitert:Verbindungsaufbau abgelehnt
> 
> (synaptic:25373): Gtk-WARNING **: cannot open display: :0

That's funny, but hasn't to do with our current problem. Probably sudo, by
stripping the environment, has dropped some vital environment variable
(f. ex. http_proxy or something). Might be fixable by invoking "sudo -E",
but let's forget about that for now, to not get side-tracked.

> > What happens in each case? Do you get a password prompt? Is synaptic
> > started in user mode or in root mode?
> > 
> 
> No, as it is not root's environment, but the users one. However, su -p does 
> the trick.

Heh. So we reach the same conclusion.

> > > So, my question: How can I get this all back. A graphical solution is
> > > preferred, of course I knnow, I can edit /etc/groups and other things
> > > manually. But if there is a "clicky"-way, this will be preferred.
> > 
> > Be careful when editing /etc/groups. There are things for that like
> > adduser and addgroup. To remove your user from gr

Re: The same environment variables everywhere

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Feb 27, 2017 at 09:07:19AM +0100, deloptes wrote:
> Stefan Monnier wrote:
> 
> >>> I would like to hear some ideas on how to set various environment
> >>> variables (PATH, MANPATH, EDITOR etc.) in one place that would make them
> >>> effective everywhere. My "everywhere" means:
> >>> - X session started through lightdm and ~/.xsession script
> >>> - Linux console login (bash)
> >>> - user's systemd services
> >> Put them into /etc/environment.
> > 
> > I haven't re-tried recently, but last time:
> > - It never worked for me.
> > - It can't hold user-specific settings.
> > - It can't *compute* a setting.
> > 
> > 
> > Stefan
> 
> IMO there is a good reason for so many places where you can put variables.
> In fact it is not good to put X related variables in a non X session -
> right?!

There will be some that want to be different. There will be some that
want to be the same. The OP's question was about the latter, right?

> So I do distinguish between  settings for X session and for not X session -
> at least two places for the variables.
> Further more there are global and user specific ... etc

Yes, all of those! But I don't see how that's an answer to the OP's
legitimate question: how to keep things that belong together in one
place, instead of repeating it in every bit of config?

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAliz32wACgkQBcgs9XrR2kbVmgCdHKWfY4folfhcY217hEGmjEdC
19wAnjlZrYwi5lqVCoAvj5bXWHf70qu+
=drZS
-END PGP SIGNATURE-

Re: A cumulative reply [Re: A minimal relational database in Debian?]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Feb 27, 2017 at 10:46:16AM -0600, Richard Owlett wrote:

[...]

> A little research indicates that Tcl/Tk plays well with sqlite. A
> couple of years ago I started learning it for a now abandoned
> project. I'll follow up on that combo.

Funny that you mention that: Sqlite's main author, D. Richard Hipp
has been also involved in Tcl/Tk development and there are many cross-
ties between both projects (Sqlite's (excellent) test suite is written
in Tcl, Tcl's repository is Fossil, written by... D. Richard Hipp,
and so on). They make for a strong team.

Recommended reading:

  
https://www.tcl.tk/community/tcl2004/Presentations/D.RichardHipp/slides/slides-all.html

TclTk is my favoured machinery when I want to crank out small GUIs.
Gets a bit to get the hang of it. Your mentioned wiki.tcl.tk (and the
Usenet (yes!) group comp.lang.tcl) are very good resources.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAli0kBwACgkQBcgs9XrR2kaOcgCfdrP5pJ6brYuSKCHMzsVehpsc
umwAniE8Tc2durVNff95vmg7fhM3IKpe
=Vdnq
-END PGP SIGNATURE-

Re: Problem selecting options for cp command

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Sep 05, 2016 at 08:43:44AM -0400, Patrick Wiseman wrote:
> On Mon, Sep 5, 2016 at 8:29 AM, Richard Owlett  wrote:
> 
> > I attempted to copy contents of one partition to another using
> >cp -R /media/richard/myrepo /media/richard/test
> >
> > /media/richard/myrepo is a hard disk partition
> > /media/richard/test   is a USB flash drive
> >
> 
> I think what you want is the magic tar command:
> 
> $tar cf - [files] | (cd /[dir]; tar xf - )
> 
> It's wise, just to make sure it's going to do what you expect, to do
> 
> $tar cf - [files] | (cd /[dir]; tar tvf - )
> 
> first!

While basically correct, this is antiquated.

It stems from the good ol'days "cp" had no -a option. With the
ubiquity of the Gnu tools (thanks, Gnu!), you have cp -a, which
is what you really want. Or rsync (especially if you expect having
to stop the copy operation mid-way and restart it, or if you have
an old version of the copy to start of, as in backups).

When copying across machine boundaries, use rsync. Much nicer.
As in "by orders of magnitude much nicer".

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfNa8QACgkQBcgs9XrR2kYI+QCfVEyF9/35j6+WLYEjDXqfUiWZ
AdsAn1w35Wxia/I1B6yaos+JF+zl+kaf
=dHpj
-END PGP SIGNATURE-

Re: Problem selecting options for cp command

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Sep 05, 2016 at 09:55:46AM -0300, Henrique de Moraes Holschuh wrote:
> On Mon, 05 Sep 2016, Richard Owlett wrote:
> > I received "illegal operation" error messages as symbolic links were
> > encountered.
> 
> That means the target filesystem does not support symlinks.

Oh, right. Good point -- forgot the most important part.

Luckily someone is reading carefully :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfNbNUACgkQBcgs9XrR2kZigACdHrkKUeZ2v0BEadC/GlOnOWys
lNgAnjil3HPOzEeuoqfG3n8JeG2UNNEe
=DUDz
-END PGP SIGNATURE-

Re: Problem selecting options for cp command

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Sep 05, 2016 at 07:29:52AM -0500, Richard Owlett wrote:
> I attempted to copy contents of one partition to another using
>cp -R /media/richard/myrepo /media/richard/test
> 
> /media/richard/myrepo is a hard disk partition
> /media/richard/test   is a USB flash drive
> 
> I received "illegal operation" error messages as symbolic links were
> encountered.
> "man cp" was too terse to be illuminating.

First: what do you *want*?
  (a) if cp finds a link it should copy it as a (now possibly
dangling) link)
  (b) it should copy (recursively) the contents of the dir
the link points to.

Once you are clear, it's easier to decide

Hint: when doing backup, you almost always want cp -a (*not* -R).
It will copy the links as links. If they point to some place
outside the tree under copy, they are dangling links in the copy.
On backups you almost always want that.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfNamQACgkQBcgs9XrR2kbzmACffqDzwcIiLQ0mUhNFgfHNj3pF
jQEAniafWEURYJx7Q1kDt8E+h+U0U2yJ
=O7Ig
-END PGP SIGNATURE-

Re: Using serial console as a poor mans IP kvm?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 09, 2016 at 09:03:33PM +0300, Jarle Aase wrote:
> Hi,
> 
> I was just about to order some usb2serial hardware when I read this.
[...]
> I'll try it when I get the first server assembled. Thanks a lot!

Hey, glad to help :-)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfTBAQACgkQBcgs9XrR2kb2oQCfXciqNGw+duZSi0+j293y9X26
mFcAnRJFuhTP641mbXmJ9YS0l5VZnd6j
=3unC
-END PGP SIGNATURE-

Re: Tool that says whether IP addresses are routable or reserved

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Sep 10, 2016 at 07:36:11PM +0200, Andre Majorel wrote:
> Is there a tool which would take IPv4 addresses on the command
> line and say whether or not they are regular and routable ?
> 
> host(1) is not very useful for that as it doesn't seem to
> distinguish between an address which happens not to used by a
> domain name at this time (eg 9.9.9.9) and one which could never
> be (eg 192.168.0.1).


- From your question I'm not sure this is the answer you are looking
for, but I'll give it a try. According to RFC 1918 [1], the following
address ranges are reserved for "private use":

 10.0.0.0-   10.255.255.255  (10/8 prefix)
 172.16.0.0  -   172.31.255.255  (172.16/12 prefix)
 192.168.0.0 -   192.168.255.255 (192.168/16 prefix)

Note that this is for IPV4, IPV6 is probably a bit more complex :-)

[1] http://www.faqs.org/rfcs/rfc1918.html

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfUSdoACgkQBcgs9XrR2kYFNQCeKDc9DKiVSrHPQluEAP2Fmu6z
A1MAn01j6i/tgdCEvTLr1b6cGuoC82IF
=RkcO
-END PGP SIGNATURE-

Re: Using serial console as a poor mans IP kvm?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 08, 2016 at 10:26:59PM +0300, Jarle Aase wrote:
> I want to set up a few servers at home. Unfortunately, as I live in
> Bulgaria at the moment, the electric power is gone pretty often for
> longer periods than my UPS'es can deal with. So my servers will have
> to be started at least a few times every quarter.

[...]

> That means that I need to reboot the servers relatively often, and
> provide the luks passwords every time. Some times I am far away when
> this happens [...]

An interesting alternative to the serial console thing is baking
in an SSH server into the initramfs. There are small SSH servers
built for that, like Dropbear.

Upside is that you don't need any additional hardware and it's
pretty well integrated into Debian. Downside is that you need
BIOS, the bootloader and initramfs working (with the serial you
at least get a chance to fix the bootloader remotely).

https://packages.debian.org/sid/dropbear-initramfs
https://wiki.debian.org/RescueInitramfs
https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/

Might be worth a try.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfSZVMACgkQBcgs9XrR2kZGNgCfZhrMlouUceQSVJgzimE+b2YG
GokAn0PpEqnw2lgmFiGTu554OQtpt9Wa
=AKQd
-END PGP SIGNATURE-

Re: Gnome 3.21: how to define compose key?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Sep 13, 2016 at 12:04:53PM +0200, Siard wrote:
> to...@tuxteam.de wrote:
> > I haven't yet seen a complete table (nor have I yet bothered to find out
> > how one configures that in X -- some day I'll do).
> 
> Well, there is a complete listing in /usr/share/X11/locale//Compose.
> You can add or edit your own combinations there.

Hey, thanks -- you just killed my last excuse :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfX0s4ACgkQBcgs9XrR2kaSxQCfV7Ic7EKbwl8gF4peWyAllZh7
jHIAnRKHCarrTflSH7z2TO/yw1sciGEG
=5L0p
-END PGP SIGNATURE-

Re: SMTP relay issue with emails to specific domain

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 09, 2016 at 04:05:28PM -0300, Daniel Bareiro wrote:
> 
> 
> On 09/09/16 15:05, Stephan Beck wrote:

[...]

> H... I do not quite understand this situation. That is, lkeusa.com
> asked to use SMTP authentication, but this would make sense if the email
> client connects directly to lkeusa.com for deliver the email. And this
> is not the case. The client connects to an intermediate server, the
> relay server, which is the one delivering the email to lkeusa.com. Or
> maybe I'm missing something?

What I miss from cursory reading of the other answers: the intermediate
server can also authenticate (playing the role of client) with the next
server. For exim, this is described in exim4_passwd_client(5)

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfTHWIACgkQBcgs9XrR2kYsUgCfd4Mmx/oQgJDKKS22tqOc0wUr
s6cAnArPQ6cqldgmFf0esGcV/N6p2WXA
=NgmA
-END PGP SIGNATURE-

Re: Jessie & Fixed IP Address

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 09, 2016 at 02:10:53PM -0500, Tim McDonough wrote:
> On 9/9/2016 4:26 AM, Cindy-Sue Causey wrote:
> >You know what, though, I did have two entries in there the other day.
> >And I found that tip because I was getting the "RTNETLINK answers:
> >File exists" error that led to that tip (k/t Raspberry Pi @
> >StackExchange). My firsthand experience is that tip leans towards
> >being true because I eliminated ALL my homespun entries and am now no
> >longer receiving *that* particular error message. *grin*
> 
> You typically (most networks) would have only one gateway specified.
> It's the IP address of the router used by your network to access the
> Internet.
> 
> I imagine there are more elaborate schemes with multiple gateways
> and could not offer advice on that, I have no experience.

You can define different gateways depending on target hosts/networks.
The default gateway "takes the rest".

Example:

  ip route add to 192.168.99/24 via 192.168.42.12

sets up host 192.168.42.12 as gateway to the subnet 192.168.99.xxx

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfTHrsACgkQBcgs9XrR2kbGbgCaAxwUHaUbxd45A/uRHlY/fjXU
3G8An1A7UWJS/kHfnjblNycPBPBMCTHH
=3Ya9
-END PGP SIGNATURE-

Re: Gnome 3.21: how to define compose key?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Sep 13, 2016 at 05:07:28AM +, david...@freevolt.org wrote:
> On Mon, 12 Sep 2016, Doug wrote:

[...]

> >And ½, ⅓, ⅜, ©, 75°, µF, 17¢, and others.)
> 
> I see recognisable glyphs for five out of seven of those. My
> environment does not support the other two.

My personal favourite is still ♥ (and of course those omnipresent
☺ and ☹) I chose the (to me otherwise useless) caps lock as compose.
> 
> So I know what they are not, but I don't know what they are. Very
> mysterious. Could be IPA symbols. Could be a happy face next to a
> clover/club symbol. I may never know.

With compose, they tend to be somewhat mnemonic, so you can remember
them once you've seen them once. E.g. '<' + '3' => '♥' and
'.' + ')' => '☺'. You get the idea. I haven't yet seen a complete
table (nor have I yet bothered to find out how one configures that
in X -- some day I'll do).

Regards

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfXpxAACgkQBcgs9XrR2kbOOQCfbVd7Aedwwp21eJSNAlLjhQDV
AcUAn0P5jZK/DtRu/Q+lnvMh6nVhmcrs
=NLsN
-END PGP SIGNATURE-

Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 23, 2016 at 04:41:00PM +, Stephan Beck wrote:
> Thank you very much, Tomás.

glad to help.

[...]

> But once my user's (in your terminology, steph's) public key is in the
> test account's authorized_keys file, user steph can login without
> superpowers, by presenting the private part of the key (well ssh-agent
> does it, if I understand things correctly), can't I?

That's how it's supposed to work (strictly speaking it doesn't present
the private part of the key, but just a *proof* that it is in control
of said private part, which the host account (test) can check).

The ssh-agent is just in charge of keeping unlocked private keys around
so that you only have to unlock them with your passphrase once per
session.

> My great mistake was to think that localhost, although being on the same
> machine, acts as a somewhat separated server and for that reason the
> public keys of all users have to be deposited physically, in a sort of
> directory structure within localhost (not in the user's directory),as it
> is the case on a remote server. But, as Greg made very clear, I'm
> already on the same machine. That was the conceptual mistake I made.

Exactly: the authorized_keys is a per-account thing, meaning "whoever
has the private key corresponding to *this* public key is allowed
to log in as me". Note that you even can restrict what commands are
allowed for each private key -- a "backup" user would only be allowed
to invoke a specific backup script at login, for example.

> > (the chown just in case authorized_keys didn't exist before).

[...]

> >   - creating the user's home directory from a prepared skeleton
> > already containing an "authorized_keys" as you need it
> 
> Ah, that would be fine, but I guess, this time it has to be the hard
> way, by typing, without prepared skeletons.

And it would only make sense if you go "industrial", as in "every user
on this box shall allow the user "backup" to invoke the per-user
backup script" or some such. I haven't needed that. Just a copy (or
an ssh-copy-id, if at he beginning the password access is available).

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfmh/cACgkQBcgs9XrR2ka8lwCdEDbXPQ4Rhr24DmzstfbuzThD
LoIAn1BE33kb23NvEPuidLvc7NxAUnN5
=qpNT
-END PGP SIGNATURE-

Re: system gobbles disk space

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Sep 26, 2016 at 04:38:01PM +0200, Tony van der Hoff wrote:
> On 26/09/16 16:03, to...@tuxteam.de wrote:
> > On Mon, Sep 26, 2016 at 12:54:49PM +0200, Erwan David wrote:
> > 
> >> A possibility is that you have processes writing into deleted files. You 
> >> can see them with lsof +L1 (as root)
> > 
> > Short and sweet. That's even better :-)
> > 
> That's great; thanks Tomas and Erwan (and others who replied).
> 
> So, I'm seeing this:
> 
> root@shell:~# lsof +L1
> COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NLINK   NODE NAME
> mysqld  3164 mysql4u   REG 254,160 0 589839
> /tmp/ibvh7MKT (deleted)
> mysqld  3164 mysql5u   REG 254,160 0 589840
> /tmp/ibT7D133 (deleted)
> mysqld  3164 mysql6u   REG 254,160 0 589845
> /tmp/ibO9pgne (deleted)
> mysqld  3164 mysql7u   REG 254,160 0 589851
> /tmp/ibOgMl6y (deleted)
> mysqld  3164 mysql   11u   REG 254,160 0 589852
> /tmp/ibON9JEJ (deleted)
> 
> My interpretation is that mysql has 5 deleted files of 0 size open which
> are each taking up an inode. ls /tmp is empty.

That's how I read that too.

> I guess, if there were many (how many?) such entries, the disk would
> appear full, if it ran out of  inodes.
> 
> Is that correct?

Yes -- but you'd need a lot of inodes. I'd expect the mysql process to
run into some limit on open files earlier. You can get an idea of the
state of your file system with "tune2fs -l" (I'm assuming ext2/3/4 here).

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfpORYACgkQBcgs9XrR2kZouQCfYP4XLmlzWH5Zes4Nmcj+MoDx
GOkAnRwwlzQD+QoxEuzNQdcZo5sKlzdH
=h5zW
-END PGP SIGNATURE-

Re: url redirected in chrome/chromium, but working fine, according to ping/traceroute, lynx, w3m, iceweasel.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Oct 08, 2016 at 11:35:21AM -0400, Tony Baldwin wrote:

[...]

> >Can you use the chrome developper tools to see what's going on ? (Press
> >the F12 key while chrome is open) Select the network tab, and type the
> >url in your address bar.
> >The network panel should show you what happens
> 
> That doesn't seem to tell me anything traceroute doesn't, except
> trqacerout doesn't get redirect to a Yahoo! search like chrome does,
> but nothing I see there seems ot clarify WHY or HOW it's getting
> redirected, it's just showing me that it IS being led though some
> circolocuitous route to where it should not.

A shot in the dark, but worth a try anyway: IPV4 vs IPV6?

But I'd rather suspect Chrome doing something weird to the URL before
resolving (or -- who knows! having its own built-in resolver).

Perhaps looking at the traffic with tcpdump/wireshark can give you
an idea.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlf5NeoACgkQBcgs9XrR2kZ+PQCeOsGFniEXtN/uNxh7xpHmc5jg
SG0AmgMz751oR58+BwBJEKN5RP60UsGK
=NsR2
-END PGP SIGNATURE-

Re: problem mouse copy/past from PDF

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Sep 21, 2016 at 11:38:41AM +0100, Brian wrote:

[...]

> Although it is a different topic
> 
>  
> http://stackoverflow.com/questions/26066535/ps2pdf-creates-a-very-big-pdf-file-from-paps-created-ps-file
> 
> backs up your "pretty funny" feeling. KenS is a Ghostscript developer.

Thanks for the link.

- From a cursory look at the .ps I had that impression:

  "The problem is the paps file, it doesn't actually contain any text
   at all, in a PostScript sense.

   Each character is stored as a procedure, where a path is drawn and
   then filled. This is NOT stored in a font, just in a dictionary."

so paps basically "paints" the text. 

Yikes. I still hoped to be wrong :-(

> Maybe this new version does not fix mouse copying from a PDF generated
> from paps' PS but it isn't in unstable anyway. (Furthermore, paps isn't
> in testing due to a FTBFS).

Let's hope. In the meantime use a2ps (but I don't know how well that
handles Unicode/UTF-8). Perhaps paps's author had a strong reason to
do it that way.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfisZ4ACgkQBcgs9XrR2kY+MgCfUsaNI7JFPUhwjbks/li+XC6l
VtQAn3gcMYQQ8irb1YuRi1EpyPCfaWOD
=HGZ0
-END PGP SIGNATURE-

Re: Need a tutorial

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Sep 21, 2016 at 10:18:55AM -0400, Gene Heskett wrote:
> Greetings all, Dr Klepp in particular;
> 
> Where can I get a tut on doing the ssh keyfile login, and where can I 
> find a tutorial that is essentialy what Dr. Klepp had me do about a year  
> back that made these 3 commands in my rc.local file Just Work:

Basically:

 1. you need a keypair. Unless you have it already, you generate one
with ssh-keygen. There, you have the choice to let it use the default
file name (typically, ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub or similar,
depending on the key type) and whether you want the private key
protected by a passphrase (recommended, but you have to unlock it
either with ssh-add or whatever mechanism your desktop environment
has for you).

 2. you copy the public part to the ~/.ssh/authorized_keys of the server's
user you want to log into -- there's the handy "ssh-copy-id" for that.
From the client

ssh-add # if not done already
ssh-copy-id user@server # enter for one last time user's password there

This is the bird's view. Ask if you get stuck.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfitEcACgkQBcgs9XrR2kbHtQCcDxCW1tvvn/iO2diu3Ke7efuC
C5gAn0iq813ipmLaxhYbiBvoahFEYQ0v
=0El5
-END PGP SIGNATURE-

Re: Failed to execute child process (no such file or directory), but the script DOES exist in $HOME/bin, openbox users, especially take a look, please.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 23, 2016 at 08:57:18AM +, Curt wrote:

[...]

> Nicolas Georges gave some interesting information once when I said that
> .Xdefaults was "deprecated" concerning what is read by what where and
> why (went over my head, of course).
> 
> Here it is:
> 
> Well, I was gonna give the link but it's short enough to quote:
> 
> (responding to my claim that .Xdefaults is deprecated)
> 
>  It is a bit more complicated than that.
> 
>  ~/.Xresources is loaded into the resources database of the X11 server
>  [...]

>  ~/.Xdefaults and ~/.Xdefaults-$HOSTNAME are read by the X11 libraries
>  directly.
> 
>  It makes a big difference for remote applications, since they will see the
>  .Xresources from the server but the .Xdefaults from the client.

Yes, here is a pretty good overview, with many links:

  http://superuser.com/questions/243914/xresources-or-xdefaults

To grok all that it's important to remember that the program (under X)
doesn't have to run on the same machine as the display (and you sometimes
want to tune the display part depending on the capabilities of the
display, not the machine where the program is running, e.g. imagine
a program showing one window in a low-res colour display (e.g. a GUI) and
another on a hi-res black-and-white (e.g. a hi-res X ray image). You'll
want different fonts on each, for example.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfk9mgACgkQBcgs9XrR2kYuHwCcD3VKBx2ctFZCJE6h54B+uUpP
rE4An1yNBWSVc1zjM+8vfU+T3NxzeXLV
=6T34
-END PGP SIGNATURE-

Re: Failed to execute child process (no such file or directory), but the script DOES exist in $HOME/bin, openbox users, especially take a look, please.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 23, 2016 at 11:31:20AM +0200, to...@tuxteam.de wrote:

[...]

> >  It makes a big difference for remote applications, since they will see the
> >  .Xresources from the server but the .Xdefaults from the client.

Forgot to say that typically, .Xdefaults overrides .Xresources, so if you
want to take advantage of .Xresources, you better avoid .Xdefaults. But in
the widespread one-machine-does-all approach it makes little difference.

You'll notice it in a situation like this: imagine a Raspi back there in
the closet, with a lo-res display (say, 320x240). You'll want pretty small
fonts on that, to fit anything on screen. Now you ssh -X into that from
your workstation (1600x1200). The fonts used in the Raspi will be unreadable.

The graphical app running on the Raspi should "honour" your workstation's
font choice, otherwise you'd need a magnification glass. How? Well, the
X server on your workstation is the one doing the display work anyway,
and has its own set of .Xresources. Had you set an .Xdefaults on the
Raspi, the X library would override that -- most likely not what you
want (but if you choose wisely what to set, you might put that to good
use, perhaps coluring the windows differently to give you a hint of
where the app is running, I don't know).

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfk+NcACgkQBcgs9XrR2kbWeACfZLV80sFo5Bp8BzblWizm/01Q
NGYAniTbQkeNf9QjxKyWvhfZzXm/ap4X
=90Rv
-END PGP SIGNATURE-

Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Sep 23, 2016 at 12:31:00PM +, Stephan Beck wrote:
> Hi
> 
> to...@tuxteam.de:
> > On Thu, Sep 22, 2016 at 03:35:00PM +, Stephan Beck wrote:
> > 
> > 
> >> to...@tuxteam.de:
> > 
> > [mumble]
> > 
> >>> This is the bird's view. Ask if you get stuck.
> > 
> > 
> >> Sorry, Tomas, it's not Gene, it's me who has a special question
> > 
> > No need to be sorry :-)
> 
> Fine! :-)
> > 
> > But I see you found a solution and other chimed in with sage advice.
> > 
> 
> Well, I have another one :-), a question, not a solution yet.
> 
> 
> I have created a new user account with
> adduser --disabled-password
> What do I want to do?
> I'd like to login to this account "test" from my normal user account by
> ssh via pubkey authentication. My (normal) user account has its keys
> generated and properly deposited on localhost. I logged into the account
> "test" via su - test, creating a keypair. Fine.

Hang on: your new account (test( doesn't need a keypair. It's your regular
account which needs one (and has one already). You want to log in *from*
your regular account (let's call it "seph" for now) *to* test, right?

Then it's *steph* who has to have a keypair and *test* who has to have
*steph*'s public key included in its ~/.ssh/authorized_keys:


 *steph* *test*
 .ssh/ .ssh/
   id_rsaauthorized_keys
   id_rsa.pub  ^
   \   |
-- add ---´


The background is that now *steph* can prove to *test* that he has the
right secret key (without disclosing it).

> How do I get this public key onto localhost?
> I mean, I can create an authorized_keys file manually, copying the
> public key into this authorized_keys file, but it's still in the user's
> directory where it has been generated, it needs to be sent (or get
> somehow) to localhost.
> 
> I have tried:
> test@mymachine cat .ssh/id_rsa.pub | ssh localhost 'cat >>
> .ssh/authorized_keys'

You cannot log into test without superpowers, but you have to modify its
~/.ssh/authorized_keys. That means you *need* superpowers. For example

  sudo -s # or similar
  cat ~steph/.ssh/id_rsa.pub >> ~/test/.ssh/authorized_keys
  chown test:test ~/test/.ssh/authorized_keys
  exit

(the chown just in case authorized_keys didn't exist before).

> But it's asking me a password. There is none.
> If I disable Password Authentication in sshd_config, and then try to
> send it to localhost, it fails with something like "denied access
> publickey required". No mystery at all, because this very public key is
> being sent to localhost in this very moment and can't be used in the
> same act for authentication purposes.
> 
> I've been reading a bunch of related docs in the man pages, debian wiki,
> in the exquisite and very readable Debian Administrator's Handbook by
> Raphael Mas and Raphaël Hertzog, and other linux ssh documentation. I
> can't find my specific use case and I'm stuck.

Either you give this new user a password (temporarily) or you have to
be able to write to its .ssh directory by other means. One of those
means is by becoming root (as sketched above). There are others, like

  - adding yourself to this new user's group and making sure
its ~/.ssh/authorized_keys is group writable (feels somewhat
uncomfortable, though)

  - creating the user's home directory from a prepared skeleton
already containing an "authorized_keys" as you need it

But all those methods need you being root at the machine where
*test* is created. You have to be root to create *test* in the
first place, though! So the proposed method above seems the
least intrusive to me.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlflK5QACgkQBcgs9XrR2kb0AACeO1pPTe9vm31zAzvWVhNdH/Wb
EqUAn1Ftz5STEPa2JHhXScrq7nrYbpPa
=cIRd
-END PGP SIGNATURE-

Re: SOLVED Re: mysql broken after jessie upgrade

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 04:02:37PM +0200, Tony van der Hoff wrote:

[...]

> It turns out that the recent upgrade took mysql from 5.5 to 5.6. It
> uninstalled mysql-server-5.5, but failed to install mysql-server-5.6,
> due to an unmet dependency on mysql-server-core-5.6.

Ouch.

> Mysql now starts correctly.

Glad you solved it.

> Thanks for your help,

Wasn't much, but glad if it helped a bit :-)

> tony
> 
> >> Ariège, France |
> > 
> > Wonderful region, btw. I've got warm and sweet memories from summer
> > 2015...
> 
> Very warm and sunny right now. The trees are just starting to change colour.

Berlin here. Usually grey, but we've been treated to an uncommonly warm
and sunny autumn this year. I won't complain :-)

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfj65UACgkQBcgs9XrR2ka39gCePY/TzPQx5eJFIUnJNwBQsXfB
6J4AnRSNEiQ03RiHHJBkrCB4JNS7OXTl
=iRYf
-END PGP SIGNATURE-

Re: Need a tutorial

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 10:44:28AM +0300, Lars Noodén wrote:
> On 09/21/2016 11:39 PM, Gene Heskett wrote:
> > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote:
> ...
> >> man ssh-keygen
> >> http://mywiki.wooledge.org/SshKeys
> > 
> > I knew there was something about generating keys, but not the sticky 
> > details.
> 
> If you have multiple servers or multiple remote accounts, you will end
> up with at least one key pair per account+server.  So you will also need
> a way to keep track of them.  One way it to make use of the -C and -f
> options to add a comment inside the key and to name the key files to
> something mnemonic.

I actually use my default key for most servers. Only especially sensitive
(or especially insecure) servers get a dedicated key.

Of course I'm betting on the impossibility of recovering the secret key
from the public key, which is distributed around and available to anyone
capable of compromising one server.

Then, state-level attackers have much easier avenues than that. As Bruce
Schneier put it once, "NSA is better at breaking knuckles than at breaking
codes" :-/

But yes, it makes sense to think about the security/convenience tradeoffs.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfjmPwACgkQBcgs9XrR2kbs4wCdHtG+7JkudYcnbSP+bViXDRrH
QSwAn3JbimtAVvQsLa1oXQi0zmK2FXAk
=XXY8
-END PGP SIGNATURE-

Google [was: Laserjet p1109w - FIXED] [slightly OT]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 12:20:24PM +0200, deloptes wrote:

[...]

> I still use google and if I type in "debian p1109w", the first 10 results
> cover both threads.
> About 1999 doing a research on search engine algos, we (at the university)
> came to the conclusion google has the best one ... so why would you relay
> on something else?

Privacy?

See, sometimes there are reasons beyond technical ones. At least for me.

(I alternate between DuckDuckGo and searx)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfjuG0ACgkQBcgs9XrR2kZURgCfYHc1o6NCOiT49nEESG25VtbI
uZQAn28HvmZzB+8BxAGsoEEAQ8chkSdJ
=X94E
-END PGP SIGNATURE-

Re: mysql broken after jessie upgrade

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 12:43:18PM +0200, Tony van der Hoff wrote:
> Hi,
> 
> Running Jessie here. Performed apt-get upgrade yesterday, which included
> a new version of mysql.
> 
> I now cannot connect to mysql:
> ERROR 2002 (HY000): Can't connect to local MySQL server through socket
> '/var/run/mysqld/mysqld.sock' (2)
> 
> Any suggestions on how to fix, please?

Is the mysql daemon running? Try "service mysqld status" or however
that's named in the brave new systemd world (I'm still in the messy
old sysv world, mind you ;-)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfjuPEACgkQBcgs9XrR2kaQBgCfaFNu2FMDGtPoplcujHEq0kaZ
8d4AnRqPpIvIj7OFP33/LqdyMoLD3WOx
=U9gc
-END PGP SIGNATURE-

Re: Need a tutorial

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 03:35:00PM +, Stephan Beck wrote:
> 
> 
> to...@tuxteam.de:

[mumble]

> > This is the bird's view. Ask if you get stuck.


> Sorry, Tomas, it's not Gene, it's me who has a special question

No need to be sorry :-)

But I see you found a solution and other chimed in with sage advice.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfkFd0ACgkQBcgs9XrR2kYIzwCcDK3OkCB1HILwCpFkgyrIla2V
OCEAn2MpMIpG4TfpTTcNEqL32QJiAQr9
=WDsS
-END PGP SIGNATURE-

Re: Need a tutorial

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 07:09:53AM -0400, Gene Heskett wrote:
> On Thursday 22 September 2016 03:44:28 Lars Noodén wrote:
> 
> > On 09/21/2016 11:39 PM, Gene Heskett wrote:
> > > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote:
> >
> > ...
> >
> > >> man ssh-keygen
> > >> http://mywiki.wooledge.org/SshKeys
> > >
> > > I knew there was something about generating keys, but not the sticky
> > > details.
> >
> > If you have multiple servers or multiple remote accounts, you will end
> > up with at least one key pair per account+server.  So you will also
> > need a way to keep track of them.  One way it to make use of the -C
> > and -f options to add a comment inside the key and to name the key
> > files to something mnemonic.
> >
> Now that would be very handy.
> > As far as the key choices go, DSA is considered deprecated, at least
> > in the more recent versions:
> >
> > "Support for ssh-dss, ssh-dss-cert-* host and user keys
> > will be run-time disabled by default"
> >  - http://www.openssh.com/txt/release-6.9
> >
> > So that leaves RSA if you have old versions of the OpenSSH server to
> > deal with.  Probably 2048 bits or more is good for a while. 
> > Otherwise, consider Ed25519.
> >
> This I am not familiar with. Is there an explanatory url?

In general:

  
https://debian-administration.org/article/530/SSH_with_authentication_key_instead_of_password

On key choice:

  
http://security.stackexchange.com/questions/23383/ssh-key-type-rsa-dsa-ecdsa-are-there-easy-answers-for-which-to-choose-when

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfjyHAACgkQBcgs9XrR2kY4zACeJoUy04HpVBz14F/jcTeamX75
32oAnjIETAvpmWzE/OSkQ7BOcjpdasY4
=dFdK
-END PGP SIGNATURE-

Re: mysql broken after jessie upgrade

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 01:07:49PM +0200, Tony van der Hoff wrote:
> On 22/09/16 12:56, to...@tuxteam.de wrote:
> > On Thu, Sep 22, 2016 at 12:43:18PM +0200, Tony van der Hoff wrote:
> >> Hi,
> > 
> >> Running Jessie here. Performed apt-get upgrade yesterday, which included
> >> a new version of mysql.
> > 
> >> I now cannot connect to mysql:
> >> ERROR 2002 (HY000): Can't connect to local MySQL server through socket
> >> '/var/run/mysqld/mysqld.sock' (2)
> > 
> >> Any suggestions on how to fix, please?
> > 
> > Is the mysql daemon running? Try "service mysqld status" or however
> > that's named in the brave new systemd world (I'm still in the messy
> > old sysv world, mind you ;-)
> > 
> Thanks tomas;
> 
> No, it's not:
> 13:03:23 tony@tony-fr:~$ sudo service mysqld status
> Failed to dump process list, ignoring: Unit mysqld.service not found.
> ● mysqld.service
>Loaded: not-found (Reason: No such file or directory)
>Active: inactive (dead)
> 
> But:
> 13:03:36 tony@tony-fr:~$ sudo service mysql status
> ● mysql.service - LSB: Start and stop the mysql database server daemon
>Loaded: loaded (/etc/init.d/mysql; generated; vendor preset: enabled)
>Active: active (exited) since Thu 2016-09-22 12:32:43 CEST; 32min ago
>  Docs: man:systemd-sysv-generator(8)
>   Process: 21125 ExecStart=/etc/init.d/mysql start (code=exited,
> status=0/SUCCESS)

Actually that looks good -- that just means that the service is called
'mysql', not 'mysqld'. If I read this systemd runes correctly that means
that systemd is just calling the 'classical' init script for mysql and
that all seems OK.

You might check whether there's a process called (more or less) mysql
around:

  ps wwwaux | grep mysql

you might have a look into wherever mysql places its log files (unless
they've been kidnapped by systemd, in which case I'd have to defer to
smarter people; but I don't believe that). Look somewhere in /var/log/mysql.

Then you might try to invoke (gasp!) "/etc/init.d/mysql start" (as root)
yourself and see whether it spews any error messages giving any clues.

Then you could issue an "netstat -antp" as root, to see whether the
mysql daemon is listening on some other (non-default) port.

> Ariège, France |

Wonderful region, btw. I've got warm and sweet memories from summer
2015...

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfjx58ACgkQBcgs9XrR2kbL2ACbB0ny3LrO79nGkS7lGuNKxjiW
ULoAn3Hi4FQUI5p5k6xLwHWK2cXeMkd4
=Knj1
-END PGP SIGNATURE-

Re: problem mouse copy/past from PDF

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Sep 20, 2016 at 06:30:10PM +0100, Brian wrote:
> On Tue 20 Sep 2016 at 16:12:35 +0100, Lisi Reisz wrote:
> 
> > On Monday 19 September 2016 14:15:03 Celejar wrote:
> > > On Sun, 18 Sep 2016 16:14:37 -0400
> > > Haines Brown  wrote:
> > >
> > > ...
> > >
> > > > Evince apparently does not support selecting text for copying. This does
> > >
> > > My evince (3.14.1, from  3.14.1-2+deb8u1) does support selecting text
> > > for copying.
> > >
> > > Celejar
> > 
> > Mine too.  But then I also have 3.14.1-2+deb8u1.
> 
> Selection of text from a pdf isn't always possible with evince. Example:
> 
>   paps /etc/nssitch.conf > nsswitch.ps
^^^ probably typo
>   ps2pdf nsswitch.ps nsswitch.pdf
> 
> When it is selectable it isn't necessarily capable of being copied.
> 
> Isn't life confusing?

I can confirm that a pdf produced this way has no usable text to
select (tested here with xpdf). If you generate the .ps with a2ps

  a2ps /etc/nsswitch.conf -o nsswitch.ps

then "it works". Thus, it seems to be paps who's doing something
strange (and in fact, looking at the Postscript file yields something
pretty funny. Paps seems to be out-smarting itself.

Note that a Postscript (or a PDF) can render something which *looks*
like text, but for all purposes *isn't* a text (for an extreme case,
think a bitmap image of a text).

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfhiHkACgkQBcgs9XrR2kbeIgCfXjP4EstyiF12pOKrhSRTdfQa
FCkAn1YdHq5nqaeuzmLozFr6OTHsr2HD
=LsXh
-END PGP SIGNATURE-

Re: problem mouse copy/past from PDF

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Sep 20, 2016 at 11:01:09AM -0500, David Wright wrote:

[...]

> Sorry, missed out a step. The paps output is filtered through ps2pdf
> so that could explain a lot. Thanks for reminding me. (The clue is in
> the name!)

See above. I can reproduce that (with xpdf as viewer). If you use a2ps
instead of paps, the text is there. It's paps who's producing a strange
Postscript.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfhiS0ACgkQBcgs9XrR2kbwpgCfe/OOpDcbSAnWS33n9dvBfQi9
WYkAnj80TI1QLQkYlhuM2bp7J2C6A3+P
=sc51
-END PGP SIGNATURE-

Re: Failed to execute child process (no such file or directory), but the script DOES exist in $HOME/bin, openbox users, especially take a look, please.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Sep 22, 2016 at 09:11:53AM -0400, Greg Wooledge wrote:

[...]

> Don't believe me?  I know none of us has lightdm installed, so here is
> a man page, allegedly from Debian wheezy:
> 
> http://www.unix.com/man-page/debian/1/lightdm/
> 
> It takes several tries for me even to find *that*, probably because the
> manual is so ashamed of itself that it runs and hides when the Google
> crawler approaches.  Behold this glorious tome of wisdom:
> 
> NAME
>lightdm - a display manager
> 
> SYNOPSIS
>lightdm [ OPTION ]
> 
> DESCRIPTION
>lightdm is a display manager.
> 
> That's it!  That is the *entire documentation*, apart from a list of
> options (none of which can be modified by an end user, of course),
> and then a list of three configuration files:
> 
> FILES
>/etc/lightdm/lightdm.conf
>   Configuration
> 
>/etc/lightdm/users.conf
>   User list configuration (if not using Accounts Service)
> 
>/etc/lightdm/keys.conf
>   XDMCP keys
> 
> This is what we're dealing with.  "lightdm is a display manager."
> What does that MEAN?  What does it DO?  People type their passwords into
> this thing, and *this* is its official user manual?  Is this a *joke*?
> What happens AFTER you type your username and password?  What files does
> it read AFTER the password, not before!  Who CARES what it does before!
> What PROCESSES does it execute?  When does it switch effective UID from
> root to user?

To be fair, the display manager just hands the ball to the X session
management (which makes sense, because then you can keep your session
setup when changing the DM and remember: in the good ol' times DM
and X proper didn't have to run on the same box). Here's one of those
typical Xsession files (I hacked it to give me, as a user, the power
to configure my environment):

  tomas@rasputin:~$ cat /etc/X11/Xsession.d/80x11xmodmap 
  # 2015-01-10 tomas: why did they steal my xmodmap?
  # Snarfed from <http://forums.debian.net/viewtopic.php?t=77008>
  
  # This file is sourced by Xsession(5), not executed.
  
  SYSMODMAP="/etc/X11/Xmodmap"
  USRMODMAP="$HOME/.Xmodmap"
  
  if [ -x /usr/bin/X11/xmodmap ]; then
  if [ -f "$SYSMODMAP" ]; then
  xmodmap "$SYSMODMAP"
  fi
  
  if [ -f "$USRMODMAP" ]; then
  xmodmap "$USRMODMAP"
  fi
  fi

That's the typical way such things are set up. Then I, as user can edit
my ~/.Xmodmap. Similar things can be done for the environment, for the
SSH agent, and so on.

I'm pretty sure that those things still work with more modern desktop
environments (though I'm happy I haven't to cope with them).

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfj3GEACgkQBcgs9XrR2kZlVgCaArjxZyRl8lB9bha4lhoRWtR/
R4EAn39XVsJVDMA3isWA8vZmVz219sRK
=W/Cx
-END PGP SIGNATURE-

Re: Decrease/increase XFS partitions

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Aug 17, 2016 at 05:49:39PM +1000, Igor Cicimov wrote:
> On 17 Aug 2016 5:43 pm, "ML mail"  wrote:
> >
> > Hello
> >
> > On my Debian 8 machine I have two XFS data partitions on my disk:
> >
> 
> Afaik you cant shrink xfs file systems.

Right. See [1]. There seems to be some ongoing work towards that goal [2].

[1] 
http://xfs.org/index.php/XFS_FAQ#Q:_Is_there_a_way_to_make_a_XFS_filesystem_larger_or_smaller.3F
[2] http://www.xfs.org/index.php/Shrinking_Support

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAle0Gq8ACgkQBcgs9XrR2kai9QCcCzEKzR9sj1l2AXtofc02mkat
vKwAn17GVoU8LQjWvHkXJybDARPpWm4z
=QHs5
-END PGP SIGNATURE-

Re: [Rant] The Endless Search for a Mail Client That Doesn't Suck

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Aug 29, 2016 at 04:59:04AM -0400, brian wrote:
> On Sun, 28 Aug 2016 23:06:16 +0200, you wrote:
> 
> >Hi,
> >
> >So it is 12 years later;
> >
> >has someone found something working?
> >
> 
> This will be a recommendation which most likely nobody else will
> support, but here we go...
> 
> I like having newsgroups and mail in a single program [...]

Gnu Emacs/Gnus. Runs natively on Windows if need be (and of
course on whatever *Linux flavours and BSDs out there).

Configurable and tweakable if there was ever one.

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfD/FcACgkQBcgs9XrR2kYRWwCbBGmcXpHz7X6IKTriSnnFskYp
Ib8An0HJbQ+YTU+47nUz5HhL8tazmKD6
=MYHq
-END PGP SIGNATURE-

Re: [Rant] The Endless Search for a Mail Client That Doesn't Suck

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Aug 29, 2016 at 06:15:23AM -0400, brian wrote:

[Gnus]

> But will it download from multiple newsfeeds *simultaneously*, and
> combine the feeds if you subscribe to the same group from more than
> one source? [...]

TBH I never tried that, because I separate mail handling from my
MUA. Fetching, sorting and classifying is left to fetchmail, exim
and procmail, the "MUA" sees the result locally.

Much better system behaviour when working offline.

Didn't yet integrate news into that, since the newsgroups I am
interested in are disjoint from my mailboxes.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfEFcAACgkQBcgs9XrR2kZBbgCeOMZwWNiyxH2BCHD9eCCiiLlU
tgcAn3Nz7GL4bKigBdbtlZ7FFPRWJFSS
=5+7/
-END PGP SIGNATURE-

Re: WARNING! New Perl/Perl-base upgrade removes 141 Sid/Unstable packages

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Sep 28, 2016 at 05:03:26PM -0400, Miles Fidelman wrote:
> As a general rule, I find that using Debian packaging for perl makes
> absolutely no sense - and often problematic.

It's more complicated than this. There are other (non-Perl, non-CPAN)
Debian packages dependent on Perl modules. Thus such a swaying statement
is almost surely wrong.

> Perl has its own ecosystem (cpan) that does an incredibly good job
> of packaging [...]

As has been stated elsewhere in this thread, Perl is a particularly
happy example of cross-package-system work. Most Perl packages are
co-maintained by the Debian Perl packaging group, are reasonably
up to date and interact well with the odd self-installed package.

> Far better to install perl manually and use cpan to manage updates
> and installs.

Again such an absolute statement. Put this way, that makes no sense.
It depends on *for whom*. If I'm mostly interested in Gnu R, because
I'm a biologist, and just want to have a reasonably working Debian
underneath (perhaps with some odd DBI and DBD::Pg or whatever), then
it'd be nonsense to use CPAN.

FWIW, Perl *is* one of my main languages, and I don't use CPAN on
my Debian box (although I use it regularly on some customer's
Redhat boxes, which tend to be too old). OTOH -- I compile my Emacs,
because I don't like the distro's defaults.

For me, that's exactly the invaluable help of the distro: it lets
me pick my fights and keeps my back clear of fights I don't want
to pick. And those will be different for each person.

Only when upstream is too obnoxious ("always use the latest and
greatest or..." -- Ruby, I'm looking at you!), it becomes difficult
to package properly for a distro. But I tend to avoid those
places. Perl isn't like that.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfs278ACgkQBcgs9XrR2kbn6QCeOK79Upm51aYwindToArEAn1u
aJwAn2MmmacDybOa295E1Qyw3ORHlpY0
=IVht
-END PGP SIGNATURE-

Can't set up network on Debian 8 fresh install [was: Unidentified subject!]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi, Bob.

Welcome.

First, a meta-suggestions

  Try to use a good subject line (I tried to modify it).
  This list is read by many volunteers, and is pretty high
  volume. Nobody reads everything. A good subject line
  will make it more probable that your mail is picked up
  by someone knowledgeable in the subject matter.

Comments interleaved in your main text

On Wed, Sep 28, 2016 at 03:30:04PM -0700, hol...@cox.net wrote:
> Clean install of deb8 (jessie)on my Thinkpad T4220i laptop. went well
> except for the fact that the network configuration
> with DCP failed.

This is probably DHCP. That means that the laptop tries to ask in
the local network for an IP address and gets assigned one by the
(local) DHCP server, which these days typically is the internet
router.

Question: is your Thinkpad connected to the local net via a
network cable? Or via WLAN?

Open a console. What is the output of the command

  /sbin/ifconfig

Could you paste it here?

> I was given 3 options.
> 1) try it again. This was hope over experience.

That means it isn't getting an answer to its DHCP requests. Most
probably it doesn't reach the network, but we can't know for sure
yet.

> 2) configure manually. Great if I had the first inkling how. I'm a
> complete neophyte when it
>comes to networking.
> 3) continue without configuring a network. The only one that would let
> me continue the
>installation.
> 
> I have a functioning desktop pc so I compred some files w/ the laptop.

Perhaps the output of /sbin/ifconfig on the desktop PC would be
interesting here as well.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfs33AACgkQBcgs9XrR2kaSVQCeOMutYMTYLp0r+z9qGZelbKSz
i1AAn0hgP1UAgqGabtTPdDaWHPizpYiI
=2AIL
-END PGP SIGNATURE-

Re: missing subject

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Sep 28, 2016 at 03:34:13PM -0700, Bob Holtzman wrote:
> Sorry. Hit the send key too soon. Subject should have been network
> configuration.

and you already got two proposals for a nicer Subject.

Ain't we a nice bunch ;-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfs39YACgkQBcgs9XrR2kZKrgCcDpASfckZs/lJlUkhEaGhD6pu
9CoAnjvrziL1z+37evSc/UCUwe550dSl
=aJBR
-END PGP SIGNATURE-

Re: Issues with SSH pubkey authentication at remote server

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Sep 28, 2016 at 08:36:00AM +, Stephan Beck wrote:
> Hi Lars,
> 
> Lars Noodén:
> > On 09/27/2016 06:07 PM, Stephan Beck wrote:
> >> Lars Noodén:
> >>> On 09/27/2016 02:02 PM, Stephan Beck wrote:
> >>> Can you tell more about how your login session is started?
> >>
> >> I connect to the "local ssh account" by ssh from my other user account.
> > 
> [...]
> > You need a way for your "local ssh account" to start and use an agent.
> > I'm not sure of the optimal way for you.  Perhaps something in .bashrc?
> > Others here know more about the shells than I.
> 
> Or in .profile. But I am not really sure about the exact syntax to use
> (this if/then "thing"). I still have to get familiar with that.
> 
> I just checked in LX Session Configuration that the ssh-agent is
> configured as -->Core applications but disabled in --> Autostart. So
> there is another program/process/script that has to be launching the
> ssh-agent, because I find it twice in the process list when I login to
> my "normal" user account. I'm shivering :-)

Yes. It depends. If you're typically using X as your environment
(perhaps via some desktop thing: in your case it seems to be LXDE),
then the first go to is your desktop thing's session management.

This way all consoles you start will inherit the "coordinates" of
the agent (in the form of the shell variables SSH_AGEN_PID,
SSH_AUTH_SOCK and perhaps others I forget). With no desktop environ
(plain X), X session management (see /etc/X11/XSession.d for
Debian; there is a 90x11-common_ssh-agent for that). Otherwise
you have to cook up something in your ~/.profile which looks
whether there's an agent around and set it up when no. In a nutshell


  - using a DE: your DE's session management
  - X without DE: X session management
  - naked console: .login, .profile (or .bash_profile, .bash_login)

Have fun
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfrikAACgkQBcgs9XrR2kbyVwCcDqnECoJHdevg6AXn4Va6TcZO
J4YAnR8vi2TEcBsPNJrm9V2S/TVM6hhz
=wPAD
-END PGP SIGNATURE-

Re: system gobbles disk space

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Sep 27, 2016 at 05:53:05PM +0200, Sven Hartge wrote:

[...]

> You should add this _after_ fiddling with the files [...]

Exactly.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfqnz4ACgkQBcgs9XrR2kYOnQCfWlsVClBgkSyDIwUuYTQhKnT1
mo8AnRlsP57NdbZ9MKI+qXosIjiPBjFi
=aVbS
-END PGP SIGNATURE-

Re: Extending file system after enlarging a logical volume

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Oct 03, 2016 at 04:24:42PM -0400, Ken Heard wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> In my jessie box I need to increase the non-encrypted root partition
> (/) size from 14G to 19G.  I was able successfully to increase the
> logical volume (and decrease the space available in the volume group
> accordingly) but am not sure how to do the next step.
> 
> The following command produced the result shown.
> 
> root@BDS:~# fsadm resize /dev/BDS1/root
> resize2fs 1.42.12 (29-Aug-2014)
> Filesystem at /dev/mapper/BDS1-root is mounted on /; on-line resizing
> required

Online resizing means "resizing a mounted file system". This is possible
(for ext*), as long as you are growing, not shrinking. But that's your
case.

> old_desc_blocks = 1, new_desc_blocks = 2
> resize2fs: Read-only file system While checking for on-line resizing
> support
> fsadm: Resize ext4 failed

That's because your / partition is mounted read-only. This might be
because there were some errors at mount, so perhaps running a file
system check (fsck.ext4) might be a good idea.

If you *know* your file system is OK, you could try to remount it
read-write:

  mount -orw,remount /dev/mapper/BDS1-root /

then resizing should work.

> Does the phrase "on-line resizing required" mean that I have to
> unmount /dev/BDS1/root, then run the fsadm command and finally remount
> /dev/BDS1/root?  Is unmounting the basic partition (/) safe while
> presumably some of the files there are being used by the computer?

No, see above. And you can't umount / (you'd get an error stating
that the file system is busy. / is always busy).

> I think I read somewhere that to resize an ext4 partition did not
> require unmounting it.  Perhaps it it is required.

Only for shrinking. In that case you'd have to mount the file system
from "another running system", e.g a rescue system.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfywUwACgkQBcgs9XrR2kZKLgCfZ1RX/83DNwjv7/t2hm6g1DHF
FMkAn3/GwlIUvwkBI5u0sAy9qa1KD56A
=duk4
-END PGP SIGNATURE-

Re: system gobbles disk space

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Sep 26, 2016 at 11:42:41AM +0200, Tony van der Hoff wrote:
> Hi,
> 
> For the last few days, my jessie VM has apparently run out of disk space
> overnight. df shows 100% usage on / but du does not show any enormous files.
> 
> If I reboot, the disk usage goes back to 50% on a 40GB volume.
> 
> How can I determine what is eating the space?

Hm. Tough question. One traditional culprit for that kind of behaviour is
a file which has been deleted (thus having no entry in a directory in the
file system) but which is kept open by some process. One way to find that
would be to look into the /proc file system. Each process there (represented
by a directory named after the PID, the process ID) has a subdirectory called
'fd' containing a symlink to each file the process has open. Look for dangling
symlinks and ask yourself in each case whether the file behind this symlink
migh be responsible for the missing space.

A practical example:

First, I create a process which keeps a file open, writing into it from
time to time:

 | tomas@rasputin:~$ ( while true ; do echo "bip"; sleep 5 ; done ) > 
/tmp/logfile &
 | [1] 3642

This process has the PID 3642. In /proc/3642/fd, I find an entry for this
file:

 | tomas@rasputin:~$ ls -l /proc/3642/fd
 | total 0
 | lrwx-- 1 tomas tomas 64 Sep 26 11:53 0 -> /dev/pts/3
 | l-wx-- 1 tomas tomas 64 Sep 26 11:53 1 -> /tmp/logfile
 | lrwx-- 1 tomas tomas 64 Sep 26 11:53 2 -> /dev/pts/3
 | lrwx-- 1 tomas tomas 64 Sep 26 11:53 255 -> /dev/pts/3

Note that this is linked from the file named '1', which is the process's
standard output, as one would expect from the shell jargon '>' (redirect
stdout).

Now I get nasty and remove /tmp/logfile. Note that this doesn't remove
the file itself -- just that one directory entry (the file might have
more than one: it gets removed whenever nobody needs it). The process
continues running as if nothing happened. The file keeps growing (albeit
slowly in my case) and using up space:

 | tomas@rasputin:~$ rm /tmp/logfile
 | tomas@rasputin:~$ ls -l /proc/3642/fd
 | total 0
 | lrwx-- 1 tomas tomas 64 Sep 26 11:53 0 -> /dev/pts/3
 | l-wx-- 1 tomas tomas 64 Sep 26 11:53 1 -> /tmp/logfile (deleted)
 | lrwx-- 1 tomas tomas 64 Sep 26 11:53 2 -> /dev/pts/3
 | lrwx-- 1 tomas tomas 64 Sep 26 11:53 255 -> /dev/pts/3

See? Link -> is now marked (deleted). In my version of ls and console
it's printed now in a happy red colour. I can end the nonsense by
killing the process:

 | tomas@rasputin:~$ fg
 | ( while true; do
 | echo "bip"; sleep 5;
 | done ) > /tmp/logfile
 | ^C

Of course, you'll have to become root to be able to move around
other process's entrails this way. In my small example I just
created the process, that made it easy.

There are other ways of making "disk space disappear", among others
mounting something over a non-empty directory.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfo8zsACgkQBcgs9XrR2kakRgCfT0BNO3HAjTdYqb17vQXU6o1e
RdQAnimGR73J4lmXH3/4rtYoXDvrkc7u
=n1gG
-END PGP SIGNATURE-

Re: system gobbles disk space

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Sep 26, 2016 at 12:54:49PM +0200, Erwan David wrote:

> A possibility is that you have processes writing into deleted files. You can 
> see them with lsof +L1 (as root)

Short and sweet. That's even better :-)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfpKrUACgkQBcgs9XrR2kaIOACcCKX4tkiK7ngX4yGpq6Wwt/eY
g3cAnicvstprAM3EkEASN+SAPeWKlUUA
=vm+A
-END PGP SIGNATURE-

Re: system gobbles disk space

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Sep 27, 2016 at 10:55:52AM +0200, Tony van der Hoff wrote:
> On 26/09/16 17:04, to...@tuxteam.de wrote:
> > On Mon, Sep 26, 2016 at 04:38:01PM +0200, Tony van der Hoff wrote:
> >> On 26/09/16 16:03, to...@tuxteam.de wrote:
> >>> On Mon, Sep 26, 2016 at 12:54:49PM +0200, Erwan David wrote:
> >>>
>  A possibility is that you have processes writing into deleted files. You 
>  can see them with lsof +L1 (as root)
> >>>
> 
> Thanks again to all who have helped with this.
> 
> After the overnight run, I'm now seeing this:

[...]

Bad Apache, bad :-)

> So, I can see this growing to an impossible size, which is probably
> where my problem lies.
> 
> These files are created by a apache-driven PERL application, and the log
> files are renamed/compressed overnight by a cron job.

Seems this "cron job" is doing logrotate's job (or I am misunderstanding).

> This setup has existed for a number of years unchanged, so what's caused
> it to start misbehaving?
> 
> How to stop it happening?
> Should I be stopping Apache while compressing the logs?

There is a way to tell long-running processes to close their log files
and then re-open them (typically sending a HUP or USR1 signal, this has
established itself as a kind of "standard protocol"). This is usually
part of the logrotate process. You have logrotate to take care of your
log files, have you?

This is an example off logrotate's man page:

   /var/log/messages {
   rotate 5
   weekly
   postrotate
   /usr/bin/killall -HUP syslogd
   endscript
   }

Meaning "take care of log messages in this-and-that way and *after* that
send a HUP signal to syslogd". You should have a similar entry for your
Apache in /etc/logrotate.d or thereabouts.

If your Apache's log files aren't managed by logrotate (someone *is*
moving them around, after all) then go find out what Apache needs to
release its grip on log files and arrange for that to happen after
they have been moved around.

If I read [1] correctly, the Apache folks recommend a graceful restart
of the server after log rotation.

[1] https://httpd.apache.org/docs/2.4/logs.html#rotation

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlfqU20ACgkQBcgs9XrR2kYgiQCeM0oR8IdvvzWce7ey/0LXeTIY
zOMAniQRK/N43LW2sNCp34aiboJToVa8
=4ccB
-END PGP SIGNATURE-

Re: qemu installed but not found

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Oct 26, 2016 at 04:00:08PM +, Matyas A. Sustik wrote:
> I installed qemu with apt-get. However the qemu command is not found. What
> am I missing? Can anyone point me in the right direction?

I'm assuming you installed "plain qemu", i.e. not qemu-kvm. The package qemu
itself has no executable files (cf [1]). But it depends (among others) on
qemu-user, which should thus have been pulled in, and that one *has* binaries
(cf [2]) -- one for each architecture emulated, i.e. /usr/bin/qemu-aarch64,
/usr/bin/qemu-alpha, and so on. So when you call qemu, you'll have to
decide which architecture you want to emulate.

If you want to emulate the same processor your're running on (and if it
supports hardware virtualization via KVM, consider qemu-kvm: much faster.

hth

[1] https://packages.debian.org/jessie/amd64/qemu/filelist
I'm assuming you have amd64 architecture and stable (jessie).
Adjust URL to taste :)

[2] https://packages.debian.org/jessie/amd64/qemu-user/filelist
The same as in [1] applies if you're not "on" Jessie or amd64.

- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgQ390ACgkQBcgs9XrR2kaiHACfUftcSP1GgJk61xI+CQmbSvux
oRwAn1t0EQizdmwxGiEpU8cyfIFOSnYk
=389j
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote:
> On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote:
> 
> > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> > > 
> > > > >>>>>>> *HOWEVER* parted requires root privileges. That is not 
> > > > >>>>>>> acceptable.
> > > > >>>>>>> Suggestions?
> > > > >>>>>>> TIA
> > > > > Futzing with partitions is the admin's job.
> > > > 
> > > > Could be, but it's not (g)parted's job to enforce these kinds of rules:
> > > > that's what Unix permissions (and Linux's capabilities) are for.
> > > > 
> > > > It's OK to add a warning and prompt the user to make sure he really
> > > > means to do that, but there's no point *preventing* the user from
> > > > shooting his own foot with this tool if he can do it with other
> > > > tools anyway.
> > > 
> > > Users here get no opportunity to shoot themselves or anyone else in the
> > > foot. Access to raw disks is over my dead body. So I do not understand
> > > your point.
> > 
> > C'mon. Cut the drama. Dead bodies and that.
> 
> It's a turn of phrase. Sometimes used with a touch of humour.
> 
> > As if "raw disk" were some kind of sacred stuff. In my case they are
> > simple files on disk (disk images). Shall I have to become root every
> > time I have to write a partition table to that? No. I just use fdisk.
> > 
> > It's the job of file (device) permissions to ensure that. Or are you
> > going to patch around bash's redirection operator too, to keep "users"
> > from shooting themselves in the foot by issuing
> > 
> >   echo "mumble" > /dev/sda2
> > 
> > Not really.
> 
> That gives "-bash: /dev/sda2: Permission denied" for me with a fixed
> disk. It's the same for a removable disk. The system came like that.

Hopefully. But that's not because bash checks that (as parted is).
It's because the permissions on the device file are set right!

IOW, it's not the application's job (bash or parted), it's the OS's
job (with the sysadmin's help) to check access permissions.

BTW it's very easy to fool the application itself (and this migh be
a perverse "solution" to Richard's problem). Just run gparted under
fakeroot. It won't convey you read/write permissions you don't have,
but it will fool gparted to think it's running as root:

  tomas@rasputin:~$ whoami
  tomas
  tomas@rasputin:~$ fakeroot whoami
  root
  tomas@rasputin:~$ 

So try running "fakeroot gparted" -- that might help. No need for
elevated permissions :-)

Fakeroot is in the like-named package.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgi+f8ACgkQBcgs9XrR2kbsNgCggZ+IxtEt3EomY0RhA+erYApz
f2UAn3Big3UUWWJ7ZWhAG184NCu7EPvm
=YNug
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Nov 08, 2016 at 02:41:45PM -0500, Stefan Monnier wrote:
> >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> >>> Suggestions?
> >>> TIA
> > Futzing with partitions is the admin's job.
> 
> Could be, but it's not (g)parted's job to enforce these kinds of rules:
> that's what Unix permissions (and Linux's capabilities) are for.
> 
> It's OK to add a warning and prompt the user to make sure he really
> means to do that, but there's no point *preventing* the user from
> shooting his own foot with this tool if he can do it with other
> tools anyway.
> 
> > fdisk also want's root (or
> > sudo). You want some user poking around in the disk(s)?
> 
> BTW, I have a pending bug report around this very same issue:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439409
> 
> Feel free to weight in ;-)

Done. For me "this is the way gparted is designed" sounds so
wrong on many levels that it took me a while to articulate
myself :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgi4EUACgkQBcgs9XrR2kZQIgCcDwa+lVLv8fFUrJhMq8URV4Xq
kzcAnRX6iNYN/fSKCe84iC/xWHkpJ5ZY
=xRqQ
-END PGP SIGNATURE-

Re: upgraded testing and now gpg is not working

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Nov 06, 2016 at 07:42:40AM +0100, Frank wrote:
> Op 06-11-16 om 04:52 schreef H.S.:
> >So, how do I tell gpg to work on std in when on a terminal instead of
> >relying on a graphical session?
> 
> The man page for gpg-agent suggests you can set that with the
> --pinentry-program option. I haven't tried this myself, but adding
> something like
> 
> pinentry-program /usr/bin/pinentry-curses

There's also pinentry-tty, which sounds like the more traditional
behaviour. There are separate packages for that -- just try

  aptitude search pinentry

hth
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlge+7cACgkQBcgs9XrR2kbftQCfWKlUhov82Og1nl8ZxZK1Nnt5
XkMAn2OpvFvzOl/rBxqCedVaDymCYOLl
=m3Sg
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 06:29:32PM +, Brian wrote:

[...]

> Raw disk access to a device the user does not own *is* sacred.

YES! And the OS takes care of that part!

> Access to a device the user does own is up to the user.

Again: wholeheartedly, yes.

> Applications should not prevent that legitimate access taking
> place. Thank you for raising the disk image situation.

Seems we are in violent agreement :-)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjh70ACgkQBcgs9XrR2kYDbACfQXr6xzcSxZDyrEHuyB3hh5mv
kGAAnRFzgDDZkfTQowy+XN4hNhHNsiQF
=O5aX
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 05:38:01PM +, Brian wrote:
> On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote:
> 
> > >> > Futzing with partitions is the admin's job.
> > >> Could be, but it's not (g)parted's job to enforce these kinds of rules:

[...]

> > It costs extra code with at best no benefit.
> 
> A well-made couple of points. But a user being able to shoot himself
> in his own foot with other tools as a way of bolstering the argument
> doesn't bear close scrutiny nowadays.

But this should be taken care of by the device files having appropriate
permissions. An /dev/sda having -rw-rw-rw- is asking for trouble, I
think we all agree on this :-)

>   Perhaps a reason for updating
> the bug record to clarify what the issue is?

Hm. Layering error.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjiIIACgkQBcgs9XrR2kbPQACeOgjjHNwDURiKeeI8id4iNn9i
eMsAn1rAkCgZXl3bL8MkzYwp0L27MeHA
=0fEr
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 08:48:04PM +, Brian wrote:
> On Wed 09 Nov 2016 at 21:35:14 +0100, to...@tuxteam.de wrote:

[...]

> > Hm. Layering error.
> 
> Sorry. I'm unfamiliar with this term ("layering errors")

Sorry. Was meaning to say "layering violation": you design complex systems
in layers and try to take care of each aspect in the relevant layer. In
our case, the OS ("lower layer" of sorts) takes care of access control,
the application takes care of the user. This does away with subtle
irritations (in our case: "but the user *has* access permissions to
the block device, why...?) brought about by conflicting decisions
in different layers ("has explicitly to be UID 0" vs. "has to have
read or read/write access to the block device).

> and was just trying to point out that the basis on which the report was
> submitted is no longer valid and an additional report could make the
> point without relying on outdated ideas.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjkWgACgkQBcgs9XrR2kazcQCdFWjUKAkxdBKKnj8ONpNlJi1h
aRkAnievFzGn6TeACL0LcEC3Rlioc6LR
=Z5Jw
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 10:45:52AM +, Brian wrote:

[...]

> I hope cfdisk is an acceptable alternative to gparted, which is not on
> my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda:
> Permission denied".

We are talking past each other, I think.

The above result is to be expected. I'm perfectly OK with that.
You'd get that wih or without fakeroot (it doesn't convey powers
to you you don't have. That feat would imply a gaping security
hole in Linux. There are some, but the most obvious have been
covered -- hopefully! long ago.

The point Stefan (and me) are trying to make is that *the application
has no business in checking user permissions*, and parted is doing
exactly that ("am I root?"). It's something to be left to the OS
(try to open the device and catch an EACCESS error; translate that
for the user. That's what cfdisk above *is* doing, and I'm fine
with that!

*If* you happen to have read/write access to a device/file [1], then
cfdisk would let you just go ahead (right behaviour), while gparted
would stop you ("nyah nyah you aren' root" -- *wrong*).

[1] Stefan and me have given examples where that would make sense.

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjAfYACgkQBcgs9XrR2kaPIwCeNf0Fb9cP5e4efUT3KoPrnK+V
87kAn0pivYKxpFwnQb0wa7i1rrpZdtsF
=FBNW
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> 
> > >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> > >>> Suggestions?
> > >>> TIA
> > > Futzing with partitions is the admin's job.
> > 
> > Could be, but it's not (g)parted's job to enforce these kinds of rules:
> > that's what Unix permissions (and Linux's capabilities) are for.
> > 
> > It's OK to add a warning and prompt the user to make sure he really
> > means to do that, but there's no point *preventing* the user from
> > shooting his own foot with this tool if he can do it with other
> > tools anyway.
> 
> Users here get no opportunity to shoot themselves or anyone else in the
> foot. Access to raw disks is over my dead body. So I do not understand
> your point.

C'mon. Cut the drama. Dead bodies and that.

As if "raw disk" were some kind of sacred stuff. In my case they are
simple files on disk (disk images). Shall I have to become root every
time I have to write a partition table to that? No. I just use fdisk.

It's the job of file (device) permissions to ensure that. Or are you
going to patch around bash's redirection operator too, to keep "users"
from shooting themselves in the foot by issuing

  echo "mumble" > /dev/sda2

Not really.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgi4sEACgkQBcgs9XrR2kZqqACfdO/MbOeWhqyJHco4uOlI9l35
2FkAn2FsqBIT+AYMWlqrS52IydW5dgU1
=fTKB
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote:
> On Mon, Nov 07, 2016 at 03:27:12PM +0100, to...@tuxteam.de wrote:
> > Two things:

[...]

> I started writing that in my previous message, but then I actually
> tested it on my own system.  Good thing I did, because I got the
> same result as Richard: being in group disk, which has read/write
> access on /dev/sda*, does NOT give you output in the FSTYPE and other
> fields of lsblk -f.  It certainly surprised me.

Indeed. I suspect lsblk is checking the user ID itself instead of
letting the OS do its thing. For whatever reasons I can't fathom.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggmC0ACgkQBcgs9XrR2kaXdgCfTQQDo3j7HF2GlTi5G9oxUhF2
BxsAnA2NxwiZjyEPDAREUeObLuVnwa7l
=MReN
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 08:48:29AM -0600, Richard Owlett wrote:
> On 11/7/2016 7:57 AM, to...@tuxteam.de wrote:
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote:

[...]

> I doubt that were are that far apart in goals. I'm so old fashioned
> that I remember when the "cores" of core memory were visible to the
> naked eye.

I missed that by a couple of years; my first programs were holes
in paper, though :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggmJgACgkQBcgs9XrR2kafwQCeKHrUn8oJeBRCbM5fOMDrrtZG
J5cAn2XcQk6FwyFI3icrgMGDMT4oVI15
=Wn88
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote:
> On 11/7/2016 7:25 AM, Richard Owlett wrote:
> >On 11/7/2016 6:47 AM, to...@tuxteam.de wrote:
> >>-BEGIN PGP SIGNED MESSAGE-
> >>Hash: SHA1
> >>
> >>On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> >>>I need to identify file system on all partitions of my hard drive
> >>>whether mounted or not.
> >>> parted /dev/sda print | grep ext | grep -v exte
> >>>reports the desired information [partitions formatted ext?] in a
> >>>convenient format.
> >>>*HOWEVER* parted requires root privileges. That is not
> >>>acceptable.
> >>>Suggestions?
> >>
> >>It's not parted. It's the partitions themselves (or more
> >>accurately,
> >>the devices via which your operating system makes the partitions
> >>available to user space). By default (and there are some reasons
> >>for it) they're not readable by everyone. They are writable by
> >>even less. On my box, for example:
> >>
> >>   tomas@rasputin:~$ ls -al /dev/sd*
> >>   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
> >>   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
> >>   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
> >>   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5
> >>
> >>So you'd have to be associated to the "disk" group to read those
> >>things and you'd have to *be* root to write.
> >
> >*THAT* sentence may be key to solving multiple problems. All of
> >my installs have implicitly accepted default groups for user(s).
> 
> Evidently not a solution. Added myself to both "disk" and "root"
> groups.

Two things:
 - check that your disk devices are actually readable (and probably
   writable, I botched that, cf. David's mail) by group disk
 - your being added to disk is effective *after* logging in after
   you'd made the change; if you want to bypass it, there is the
   command 'newgrp'; you can check which groups you are "in" by
   issuing the command 'groups': 'disk' should be in there.

> Had no effect when attempting to run either lsblk or parted.

How does "no effect" look like?

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggj0AACgkQBcgs9XrR2kbk/QCaAkM8EhnABt49GQ1g4Kwj7Lbg
4NgAniIeHOs+yyk2L5G8Au3Le+prZM7J
=pUD3
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 09:27:11AM -0500, Greg Wooledge wrote:
> On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote:
> > Evidently not a solution. Added myself to both "disk" and "root" 
> > groups.
> > Had no effect when attempting to run either lsblk or parted.
> 
> Is there a reason you can't use sudo?

This is of course another option. Security-wise it's better than
adding oneself to the relevant group(s), unless...

> You can even configure sudo not to prompt you for a password.

(rationale: if a rogue application tries to get to the disk with
your user ID, you'd notice).

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggkH4ACgkQBcgs9XrR2kbcLQCfZ5um3dyGOwKFiMK0dDv77bqC
3UcAniQ02EBBjB06gRsf8g0AfHbHGWqy
=pdTG
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 08:02:30AM -0600, David Wright wrote:
> On Mon 07 Nov 2016 at 13:47:27 (+0100), to...@tuxteam.de wrote:
> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> > > I need to identify file system on all partitions of my hard drive
> > > whether mounted or not.
> > > parted /dev/sda print | grep ext | grep -v exte
> > > reports the desired information [partitions formatted ext?] in a
> > > convenient format.
> > > *HOWEVER* parted requires root privileges. That is not acceptable.
> > > Suggestions?
> > 
> > It's not parted. It's the partitions themselves (or more accurately,
> > the devices via which your operating system makes the partitions
> > available to user space). By default (and there are some reasons
> > for it) they're not readable by everyone. They are writable by
> > even less. On my box, for example:
> > 
> >   tomas@rasputin:~$ ls -al /dev/sd*
> >   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
> >   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
> >   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
> >   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5
> > 
> > So you'd have to be associated to the "disk" group to read those
> > things and you'd have to *be* root to write.
> 
> Are you sure? I read that as group disk having read *and* write access.

Uh -- yes, you are right, of course.

> Obviously the OP seems unworried about read-access by himself or
> anyone else, so world-readable on pretty much everything might
> be appropriate.
> 
> Reading anything about a filesystem without going through the
> normal access methods would appear to circumvent any file
> protection scheme within it, so it's no surprise to me that
> all the suggestions with lsblk etc have failed.

Exactly.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggif0ACgkQBcgs9XrR2kbJcgCdHYCJJion+5jcdZuULe0HQ/B6
myIAn099gufCMVEbXGrP7ko0ffX9OM8/
=I0Ki
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:25:33AM -0600, Richard Owlett wrote:

[...]

> >>*HOWEVER* parted requires root privileges. That is not acceptable.
> >>Suggestions?

[...]

> >So you'd have to be associated to the "disk" group to read those
> >things and you'd have to *be* root to write.
> 
> *THAT* sentence may be key to solving multiple problems. All of my
> installs have implicitly accepted default groups for user(s).

sudo adduser myself disk

might do that.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggiPoACgkQBcgs9XrR2kbTsgCfV9uzYMV/rMqZAISqyzDB+3Zw
OOEAnjhrRNsRRK94E9+5KZalYhA9p3cN
=iUIM
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:
> On 11/7/2016 6:20 AM, Felipe Salvador wrote:
> >On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> >>*HOWEVER* parted requires root privileges. That is not acceptable.
> >>Suggestions?
> >>TIA
> >
> >lsblk -fr ?
> >
> 
> Debian is perverse ;{

Uh... aren't we all?

> man page suggested good things.
> However when run as other than root, there is a column heading
> "FSTYPE".
> It is blank for all partitions.
> They are present when run as root.

Perhaps it needs read access to the partition's content, which it
only gets as root? (Or as group disk, as the case may be).

Debian is trying to protect you from someone taking over your...
say Apache and exfiltrating your most carefully kept secrets on
your harddisk. Just imagine how embarrassing that will be when
Wikileaks publishes that all!

;-D

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggeOgACgkQBcgs9XrR2kYfuACdHtFYRmuLtAPQ7ShPD8ZIJwB5
+hwAnj0J/pTjTpopjNck+DJ8Xb22K7m6
=qNZ4
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> I need to identify file system on all partitions of my hard drive
> whether mounted or not.
> parted /dev/sda print | grep ext | grep -v exte
> reports the desired information [partitions formatted ext?] in a
> convenient format.
> *HOWEVER* parted requires root privileges. That is not acceptable.
> Suggestions?

It's not parted. It's the partitions themselves (or more accurately,
the devices via which your operating system makes the partitions
available to user space). By default (and there are some reasons
for it) they're not readable by everyone. They are writable by
even less. On my box, for example:

  tomas@rasputin:~$ ls -al /dev/sd*
  brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
  brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
  brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
  brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5

So you'd have to be associated to the "disk" group to read those
things and you'd have to *be* root to write.

Same goes for lsblk (as has been recommended in this thread) or
any other tool you might consider. That said, lsblk seems to be
a better fit for your needs anyway.

Parted has no problems running as a regular user if the (device)
file under question is (readable/writable) by said user. It only
tries to be helpful with some messages when it isn't running under
root *and* encounters permission/owner conflicts. *That* might
cause some confusion.

Regards
- -- tomás

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2
zgCfex3jBX/eggibGeXPZNm+YR7WzP8=
=MMiF
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote:

[...]

> >Debian is trying to protect you from someone taking over your...
> >say Apache [...]
> 
> My Debian machines do not physically have networking capability.
> See my email hearder. Mr. Gates can handle some things ;/

No physical networking capability is needed for surprising things
to happen. Spiritual network access may be enough (say playing a
video file which carries a stack smashing exploit for your video
player).

I seem to discern in you the old DOS attitude which brought about
a Golden Era of Virus (which is returning via the "The Browser is
The Machine", mind you ;-)

(please, don't take the above really seriously: but yes, many
decisions behind all that permissions circus in Unix and children
can be traced back to an effort to separate different things.
If you let that concept sink in, you won't be surprised as often).

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggiFoACgkQBcgs9XrR2kZy7wCfRZaATrhbYIuH7TR0+LpFnPuO
XYAAnivpYOSb36gdDW5LcArlKsW6p1vW
=0lLZ
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:54:23PM +0300, Reco wrote:
>   Hi.
> 
> On Mon, Nov 07, 2016 at 04:05:17PM +0100, to...@tuxteam.de wrote:
> > On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote:
> > > I started writing that in my previous message, but then I actually
> > > tested it on my own system.  Good thing I did, because I got the
> > > same result as Richard: being in group disk, which has read/write
> > > access on /dev/sda*, does NOT give you output in the FSTYPE and other
> > > fields of lsblk -f.  It certainly surprised me.
> > 
> > Indeed. I suspect lsblk is checking the user ID itself instead of
> > letting the OS do its thing. For whatever reasons I can't fathom.

[...]

> The definition of this function contains this little gem (getuid call):

[...]

> /* try libblkid (fallback) */
> if (getuid() != 0)
> return; /* no permissions to read from the device */

[...]

> I.e. insufficient device permissions will return NULL anyway, so there's
> little point of checking whenever the calling user is root or not.

Hey, thanks for actually following through. My dirty imagination was
right, for one time :-)

Actually this is an anti-pattern: trying to do a job in advance before
the "right" architecture layer has a chance at doing a better job.
More complexity, less functionality.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlghmDQACgkQBcgs9XrR2kaAoACfTYpAbwbTnMVeqP6Dldyyo/M1
96sAn1VIzOsjtUpCFhQzuG/rvO2Ja/yA
=LN4U
-END PGP SIGNATURE-

Re: how to turn off backlight in console (without any X server)

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Nov 08, 2016 at 11:49:40AM +0100, Laurent Debian wrote:
> Hi and thanks for your ideas
> 
> Unfortunately there is no directory  /sys/class/backlight on my system.
> After a
> 
> > locate backlight
> >
> I juste had the following files as seemingly relevant.
> 
> > /var/lib/systemd/backlight/pci-:02:00.0:backlight:nv_backlight
> > /var/lib/systemd/backlight/platform-applesmc.768:leds:smc::kbd_backlight
> >
> Which were both at 100 but an echo 0 >   had no effect on the backlight
> (tough it tuned to 0 the value of in the  files )
> Any ideas where I should start to look at ?

Hm Sorry. Are you able to change backlight under X? Perhaps there are clues
to be extracted from that?

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlghzOsACgkQBcgs9XrR2ka24wCdEyqFQGiC9Zs93zdJW1BmeGfb
MocAn0qQrgpo1XOc8IiLI0ZCRhL7uRkt
=qHBJ
-END PGP SIGNATURE-

Re: Problem attempting to use xorriso

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Nov 10, 2016 at 07:40:06AM -0600, Richard Owlett wrote:
> On 11/10/2016 5:20 AM, to...@tuxteam.de wrote:
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >On Thu, Nov 10, 2016 at 04:53:47AM -0600, Richard Owlett wrote:
> >>On 11/9/2016 5:16 PM, Lisi Reisz wrote:
> >>>On Sunday 06 November 2016 16:47:00 Richard Owlett wrote:
> [snip]
> Based on responses to previous posts titled "Trivial script will
> NOT execute" and "Permissions for an entire PARTITION" I have
> multiple problems understanding Linux file systems generally.
> >>>
> >>>I imagine you have seen this lot - especially the top three??
> >>>https://www.google.co.uk/search?q=basic+debian+file+system=basic+debian+file+system=chrome..69i57.7617j0j7=chrome=UTF-8
> >>>
> >>>Lisi
> >>
> >>Yes, but not in the context of a sub-project from last few days.
> >>I suspect what I aiming at might look like - the groups and
> >>permission bits set at time partition created, thus avoiding games
> >>with /etc/fstab .
> >>
> >>richard@jessie-defaults:~$
> >>richard@jessie-defaults:~$ ls -l /dev/sd*
> >>brw-rw 1 root disk 8,  0 Nov 10 03:35 /dev/sda
> >>brw-rw 1 root owl  8,  1 Nov 10 03:35 /dev/sda1
> >>brw-rw-r-- 1 root owl  8,  2 Nov 10 03:35 /dev/sda2
> >>brw-rw 1 root disk 8,  3 Nov 10 03:35 /dev/sda3
> >>brw-rw 1 root disk 8,  5 Nov 10 03:35 /dev/sda5
> >>brw-rw 1 root disk 8, 16 Nov 10 04:43 /dev/sdb
> >>br--rw-r-- 1 root owl  8, 17 Nov 10 04:43 /dev/sdb1
> >
> >Note that with this setting, "you" can thrash whatever is in /dev/sda
> >through /dev/sdb (write access).
> 
> I don't understand.

Hm. Too concise (both of us ;-)

I'll give it a shot. By "you" I meant "user owl, i.e. any program running
under that user". Was that the unclear part?

[...]

> It doesn't "scare" me for a very good reason - the system in
> question has no network capability, let alone internet access. In
> fact the particular laptop had its disk wiped and a fresh install of
> Debian 3 times yesterday.

I know. Just refining some points to keep in mind: not every "malware"
comes "directly" from the Internet. It may be through a malicious
USB stick; it may be that neat Emacs Lisp given to you, it may be
a PostScript file or a PDF, it may be (given suitable vulnerabilities)
a JPEG or a video.

But yeah, I'm all for "keep your eyes open, and whenever you miss
one of your feet, learn from it". I practice that myself :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgkfOsACgkQBcgs9XrR2kYChACeIqPJ6dJcz2JmCosiF4nnPAP4
YwYAnRLlgs0fs3EKdbMLxgelFviXRv4w
=S+f0
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 04:56:36PM -0700, Joe Pfeiffer wrote:
> Brian  writes:

[...]

> >> Hopefully. But that's not because bash checks that (as parted is).
> >> It's because the permissions on the device file are set right!
> >
> > udev doesn't come into the picture for removable disks? It did on
> > pre-Jessie.
> 
> What is the relevance of udev here?  Yes, udev sets the permissions, but
> the issue is whether they're right not who sets them.

Exactly.

That was my take, too. It's udev's job to react to events generated by
the kernel and to set up things in user space (perms, symlinks, whatnot)
according to whatever policy the distro and the sysadmin have set up.

That's why the rules in /lib/udev (distribution) and /etc/udev (sysad,
override the distro's) exist. The kernel is no place to have those
rules, it's just the one enforcing them.

Layering, again :-)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgkN10ACgkQBcgs9XrR2kbR+gCdEXRyxAM6+Wx/mcZ4FSxf4LMl
T1sAn0yMoDTouLMigQyXHLvUFpP+RCbe
=ijKP
-END PGP SIGNATURE-

Re: Problem attempting to use xorriso

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Nov 10, 2016 at 04:53:47AM -0600, Richard Owlett wrote:
> On 11/9/2016 5:16 PM, Lisi Reisz wrote:
> >On Sunday 06 November 2016 16:47:00 Richard Owlett wrote:
> >>[snip]
> >>Based on responses to previous posts titled "Trivial script will
> >>NOT execute" and "Permissions for an entire PARTITION" I have
> >>multiple problems understanding Linux file systems generally.
> >
> >I imagine you have seen this lot - especially the top three??
> >https://www.google.co.uk/search?q=basic+debian+file+system=basic+debian+file+system=chrome..69i57.7617j0j7=chrome=UTF-8
> >
> >Lisi
> 
> Yes, but not in the context of a sub-project from last few days.
> I suspect what I aiming at might look like - the groups and
> permission bits set at time partition created, thus avoiding games
> with /etc/fstab .
> 
> richard@jessie-defaults:~$
> richard@jessie-defaults:~$ ls -l /dev/sd*
> brw-rw 1 root disk 8,  0 Nov 10 03:35 /dev/sda
> brw-rw 1 root owl  8,  1 Nov 10 03:35 /dev/sda1
> brw-rw-r-- 1 root owl  8,  2 Nov 10 03:35 /dev/sda2
> brw-rw 1 root disk 8,  3 Nov 10 03:35 /dev/sda3
> brw-rw 1 root disk 8,  5 Nov 10 03:35 /dev/sda5
> brw-rw 1 root disk 8, 16 Nov 10 04:43 /dev/sdb
> br--rw-r-- 1 root owl  8, 17 Nov 10 04:43 /dev/sdb1

Note that with this setting, "you" can thrash whatever is in /dev/sda
through /dev/sdb (write access). Besides "everyone" can peek into
/dev/sda2 and /dev/sdb1.

And by "you" I'm talking about any program running on your behalf,
i.e. an executable attachment to this mail which your mail reader
might let through, or a LaTeX class c'ed off the Interwebs.

This is not to scare you: just to help you tune your awareness
towards such things.

> >>If retirement isn't for learning, what use is it.

:-)

regards

- -- tomás
   "I'm a signature virus. Go ahead and copy me into your signature"
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlgkV/4ACgkQBcgs9XrR2kZQSQCY+9nfiKPCIxbQ7Q2qedmSt1dS
NgCfYroYPuSLFKLe7SlsLN+vMBe1GH8=
=j2Ks
-END PGP SIGNATURE-

Re: Problem attempting to use xorriso

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Nov 10, 2016 at 08:27:58AM -0600, Richard Owlett wrote:
> On 11/10/2016 7:58 AM, to...@tuxteam.de wrote:

[...]

> >>I don't understand.
> >
> >Hm. Too concise (both of us ;-)
> >
> >I'll give it a shot. By "you" I meant "user owl, i.e. any program running
> >under that user". Was that the unclear part?
> 
> If not, it was likely related. "owl" was not intended to be a user
> ID, but a group ID.
> That's why in my long winded response I changed "owl" to one of
> "proj1", "proj2", or "proj3" and clairified that I am user "richard"
> of group "richard".

I think I got it. Thanks.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgkiEEACgkQBcgs9XrR2kaRwACeJqga5uC/HAUD5aBlEStGhxbC
PrUAnirvzib6abAcQEv1Cigy+QuJGI0Z
=Y/Bu
-END PGP SIGNATURE-

Re: Problem attempting to use xorriso

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Nov 10, 2016 at 02:53:14PM +, Lisi Reisz wrote:
> On Thursday 10 November 2016 10:53:47 Richard Owlett wrote:
> > On 11/9/2016 5:16 PM, Lisi Reisz wrote:
> > > On Sunday 06 November 2016 16:47:00 Richard Owlett wrote:
> > >> [snip]
> > >> Based on responses to previous posts titled "Trivial script will
> > >> NOT execute" and "Permissions for an entire PARTITION" I have
> > >> multiple problems understanding Linux file systems generally.
> > >
> > > I imagine you have seen this lot - especially the top three??
> > > https://www.google.co.uk/search?q=basic+debian+file+system=basic+debia
> > >n+file+system=chrome..69i57.7617j0j7=chrome=UTF-8
> > >
> > > Lisi
> >
> > Yes, but not in the context of a sub-project from last few days.
> > I suspect what I aiming at might look like - the groups and
> > permission bits set at time partition created, thus avoiding
> > games with /etc/fstab .
> >
> > richard@jessie-defaults:~$
> > richard@jessie-defaults:~$ ls -l /dev/sd*
> > brw-rw 1 root disk 8,  0 Nov 10 03:35 /dev/sda
> > brw-rw 1 root owl  8,  1 Nov 10 03:35 /dev/sda1
> > brw-rw-r-- 1 root owl  8,  2 Nov 10 03:35 /dev/sda2
> > brw-rw 1 root disk 8,  3 Nov 10 03:35 /dev/sda3
> > brw-rw 1 root disk 8,  5 Nov 10 03:35 /dev/sda5
> > brw-rw 1 root disk 8, 16 Nov 10 04:43 /dev/sdb
> > br--rw-r-- 1 root owl  8, 17 Nov 10 04:43 /dev/sdb1
> > richard@jessie-defaults:~$
> >
> > >> My current homework is to now re-read ~40 posts and a to be
> > >> determined number of referenced links. Keywords will likely
> > >> include path, working directory, inode and mount ;/
> > >>
> > >> --
> > >> If retirement isn't for learning, what use is it.
> 
> Richard - are you clear that the permissions are not for the partitions but 
> for the directories on the mount points on the filing system on which those 
> partitions have been hung??

Now I'm confused: what Richard shows up there are the permissions of the
*device files* in which (presumably, sometimes) some file system might
reside. Those file systems might (or might not) be mounted on some directory
in the file system tree (which we don't see here).

I think I didn't understand you.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgkjjkACgkQBcgs9XrR2kZc3QCdHwipsWGXye5IS2jXoIuaGfGO
nD0AniRApYYpR0N5yrPLIbrODNIUHbND
=U0+T
-END PGP SIGNATURE-

Re: Increase font size of GRUB menu?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Oct 19, 2016 at 11:37:08AM +0100, Brian wrote:
> On Tue 18 Oct 2016 at 10:22:24 -0500, Richard Owlett wrote:
> 
> > On 10/18/2016 9:20 AM, Darac Marjal wrote:
> > >On Tue, Oct 18, 2016 at 08:51:00AM -0500, Richard Owlett wrote:
> > >>With GRUB2 on Jessie, how do I increase the menu's font _size_ .

[...]

> You presumably want to increase the size of what you *see* on the
> screen. Try
> 
>   GRUB_GFXMODE=640x480
> 
> in /etc/default/grub. 'update-grub' and reboot.

Brilliant. Brian, you were the only who could peer through the the XY
problem's fog [1]. Thanks for that [2].

[1] http://xyproblem.info/
[2] No, I'm not the original poster. I might well be wrong. But the
   evidence is so blazing that I can't hardly see anything else :-)
   Apologies to Richard if I'm wrong.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgHVC0ACgkQBcgs9XrR2kahgACfYNckYcqg0S4y1+46mOsEHNtc
a6UAniw/Vul9ObZHOGdLRvGi8mhi7aFK
=d7fh
-END PGP SIGNATURE-

Re: Increase font size of GRUB menu?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Oct 19, 2016 at 09:22:00AM -0500, Richard Owlett wrote:
> On 10/19/2016 6:08 AM, to...@tuxteam.de wrote:
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >On Wed, Oct 19, 2016 at 11:37:08AM +0100, Brian wrote:
> >>On Tue 18 Oct 2016 at 10:22:24 -0500, Richard Owlett wrote:
> >>
> >>>On 10/18/2016 9:20 AM, Darac Marjal wrote:
> On Tue, Oct 18, 2016 at 08:51:00AM -0500, Richard Owlett wrote:
> >With GRUB2 on Jessie, how do I increase the menu's font _size_ .
> >
> >[...]
> >
> >>You presumably want to increase the size of what you *see* on the
> >>screen. Try
> >>
> >>   GRUB_GFXMODE=640x480
> >>
> >>in /etc/default/grub. 'update-grub' and reboot.
> >
> >Brilliant. Brian, you were the only who could peer through the the XY
> >problem's fog [1]. Thanks for that [2].
> 
> It's not _quite_ an 'XY Problem'. The OP hath declared. 
> It may be its first cousin. There is a not explicitly stated
> solution constraint.

OK, apologies then (see footnote 2 ;-)

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgHhbQACgkQBcgs9XrR2kb3TwCeNZ2xA85TLvrKHnlN62BnHVu4
+UwAn1ZU8W1Ul+A+6tVRJ/x7806vJNIW
=Q3hK
-END PGP SIGNATURE-

Re: WiFi works during install, not after

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 23, 2016 at 05:09:06PM -0400, Carl Fink wrote:
> So I have a ThinkPad Yoga 11s ultrabook.
> 
> If I copy over the firmware-realtek package, Debian can install just
> fine over the WiFi connection. (I don't have wired internet at my
> home.)
> 
> After install, everything is fine, except I can't connect to the
> WiFi. I know it's possible because the installer does it!

Yes, this is an irritating aspect of Debian installation. But, to
be honest, I don't know how one could do better, since the kernel
at installation doesn't need to be the finally installed kernel.

You have to make the firmware available to the installer at install
time in a directory /firmware in some removable media. The installer
usually stops to give you a chance to do that. If I read it correctly,
the installer looks somewhere below /media, where the removable
media is found.

See also [2] and [3] for more background and alternatives.

> The wlan0 interface exists and is up, but "dhclient wlan0" ends up
> assigning 169.169.254.8.192, which is not a routable address. As you
> might expect, attempts to ping/connect to external systems via IP
> address fail with "Destination host unreachable" and of course, DNS
> lookups universally fail.

Yeah (I think there's one 169 too much). This is a link-locak address,
after RFC3927. I try to keep my nets free of those ;-)

> This ultrabook is supposed to have the rtl8723au chipset, which is a
> USB 802.11/Bluetooth chipset that for some reason Lenovo used in the
> laptop, with an inside-the-case-only USB connection.

Sic transit gloria mundi ;-/

regards

[1] https://wiki.debian.org/Firmware#Firmware_during_the_installation
[2] 
https://raphaelhertzog.com/2011/03/14/missing-firmware-in-debian-learn-how-to-deal-with-the-problem/
[3] https://wiki.debian.org/DebianInstaller/NetbootFirmware

- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgNw0wACgkQBcgs9XrR2kZddwCfYY+MiNH1iZYqdRk58LY3Wf5A
Y3EAnAhyB2nUWBEPeNpCiNgArhrD59sz
=HO0l
-END PGP SIGNATURE-

Re: Increase font size of GRUB menu?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Oct 18, 2016 at 10:22:24AM -0500, Richard Owlett wrote:
> On 10/18/2016 9:20 AM, Darac Marjal wrote:

[...]

> >You will need to convert a font of your choice to GRUB's pf2 format:

[...]

> I'm confused. We may be using the term "font" differently. The
> existing font family is acceptable. I just wish to change size of
> existing font.

pf2 fonts are bitmap fonts: it's most probable that "a different size"
for Grub means "a different font". I don't think Grub is in the
business of resizing fonts -- they have to be sized for him before
the fact. Sameness is in the eye of the beholder ;-)

[but take into account that I don't know for sure]

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgGTEYACgkQBcgs9XrR2kZ0VwCferycSGIZG2r6xobMatqfTcZW
JZoAnRXb97JyCrDfcnGXcIwhbJIG0qG8
=grpT
-END PGP SIGNATURE-

Re: bash NEWBIE I/O and I/O redirection problems

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Oct 24, 2016 at 07:58:52AM -0500, Richard Owlett wrote:
> I suspect an appropriate response would be being pointed an
> *atypical* tutorial.
> A Google search for "bash tutorial pipe redirect" [w/o quotes] gave
> results for "normal" users. I have and odd use case. I had assumed
> bash as shell but am open to using another shell if it is more
> appropriate.
> 
> The following, though using bash syntax, should be considered
> *PSEUDO* code.
> 
> # stdout and stderr will be a MATE terminal window
> # this was required to address a problem outside scope of this post
> gsettings set org.mate.media-handling automount false

Others have answered many things. Let me pick a nit:

> while true
>   do
> echo "Insert medium, press Enter key (or Ctrl+C to end)"
> read dummyvar

The builtin 'read' has an option -p (like 'prompt') which makes
this a bit nicer:

  
   read -p "Insert medium, press Enter key (or Ctrl+C to end) " dummyvar

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgPJHgACgkQBcgs9XrR2kZeQgCcDJQ/VI36kzfywE9dXCJzlLL6
v/AAnjZ9VYU1HIeA3D1vk7AnVYhKIhJB
=DWmS
-END PGP SIGNATURE-

Re: Can't set up network on Debian 8 fresh install [was: Unidentified subject!]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 23, 2016 at 03:30:52PM -0700, Bob Holtzman wrote:
> On Thu, Sep 29, 2016 at 11:31:28AM +0200, to...@tuxteam.de wrote:
> 
> My abject apologies for the delay in this reply. just got back in town
> and am just catching up on my email.

No worries. Mail is asyncronous. In my eyes, its biggest asset.

[my whine about missing subject]

> I know but I hit the send key too soon. Sorry.

Happens :-)

[...]

> > > with DCP failed.
> > 
> > This is probably DHCP. That means that the laptop tries to ask in
> > the local network for an IP address [...]

> > Question: is your Thinkpad connected to the local net via a
> > network cable? Or via WLAN?
> 
> Ethernet cable directly to the modem. No router (yet).
> 
> > 
> > Open a console. What is the output of the command
> 
> >   /sbin/ifconfig
> > Could you paste it here?
> 
> root@localhost:/home/holtzm# /sbin/ifconfig
> eth0  Link encap:Ethernet  HWaddr 00:21:cc:b6:06:8f
>   UP BROADCAST MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>   Interrupt:20 Memory:f250-f252

This means that eth0 hasn't an IP address assigned. This is consistent
with DHCP failing. Your laptop sends a DHCP out and expects some answer
(from the "modem" or from the network infrastructure behind it). No
answer came, probably.

> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0

This is the "local" interface. It's always there. It doesn't correspond
to any hardware. For our quest, you can safely ignore that.

> > > I was given 3 options.

[...]

There is no way forward until we sort out how to assign an IP address
to your interface (be it via DHCP or manually).

Can you describe this "modem" a bit more? It may well be that it isn't
talking regular IP but needs PPPoE[1] (PPP over Ethernet) or some such.

Regards

[1] https://en.wikipedia.org/wiki/PPPoE
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgPIwEACgkQBcgs9XrR2kboaACdF9C3QSBHrEvwe8GB5oISsMYk
ec8An2vu8J6veRpFQVhcI27rqdkdKHAq
=iYvt
-END PGP SIGNATURE-

Re: Can't set up network on Debian 8 fresh install [was: Unidentified subject!]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Oct 25, 2016 at 10:59:20AM +0100, Brian wrote:
> On Tue 25 Oct 2016 at 11:16:49 +0200, to...@tuxteam.de wrote:
> 
> > > loLink encap:Local Loopback
> > >   inet addr:127.0.0.1  Mask:255.0.0.0
> > 
> > This is the "local" interface. It's always there. It doesn't correspond
> > to any hardware. For our quest, you can safely ignore that.
> 
> Nothing to do with the OP's issue but people might be interested in
> knowing that this stanza is not a requirement for inclusion in the
> interfaces file. If it is left out you still get a loopback interface.
> 
> >From the changelog:
> 
>   * Add implicit loopback device definition.
> 
>  -- Andrew Shadura   Thu, 11 Apr 2013 21:44:23 +0200

To add some context, this is from ifupdown's (0.7.41) changelog, right?

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgPNZsACgkQBcgs9XrR2kYzUgCfXNbc7vRH3WPYxhInHCg6KxTd
jycAnjjN7gjozG4/pjAqJ3DFTfEcMfRI
=rxp6
-END PGP SIGNATURE-

Re: Can't set up network on Debian 8 fresh install [was: Unidentified subject!]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Oct 25, 2016 at 01:05:54PM +0100, Brian wrote:

[...]

> Uncharacteristically, I did wander a bit off topic, didn't I?

This way I (and perhaps others) learnt something.

> Back on the straight and narrow now. :)

But not too much: everything within measure :)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgPUacACgkQBcgs9XrR2kYFcgCfYZ1LVxuQ83zDTuzgaNAg+E39
wqsAn2wHwTgwT5rFYZsa0GnvJHhpU8TI
=YoDA
-END PGP SIGNATURE-

Re: Can't set up network on Debian 8 fresh install [was: Unidentified subject!]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Oct 25, 2016 at 11:54:27AM +0100, Brian wrote:
> On Tue 25 Oct 2016 at 12:36:11 +0200, to...@tuxteam.de wrote:
> 
> > On Tue, Oct 25, 2016 at 10:59:20AM +0100, Brian wrote:
> > > On Tue 25 Oct 2016 at 11:16:49 +0200, to...@tuxteam.de wrote:
> > > 
> > > > > loLink encap:Local Loopback
> > > > >   inet addr:127.0.0.1  Mask:255.0.0.0

[...]

> Sorry; yes.
> 
> In the final Stretch installer netcfg is quite likely not to put
> loopback in /etc/network/interfaces. So from being "always there"
> it will go to never there.

Thanks for the info, very useful. In our case, for context: the
above output is from '/sbin/ifconfig' (and not from 'cat
/etc/network/interfaces'). So I'd expect lo to be there, anyway.

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgPP9QACgkQBcgs9XrR2kaUcgCggXrYAx3rJaNDDpdhCE2gSrIZ
9poAni4SHS1xT+8UMPoyqFUL7076pLgT
=r/ks
-END PGP SIGNATURE-

Re: Permissions for an entire PARTITION

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Oct 25, 2016 at 11:40:10AM -0400, Greg Wooledge wrote:
> On Tue, Oct 25, 2016 at 10:32:29AM -0500, Richard Owlett wrote:
> > I'm in a multi-boot environment, multiple installs of Debian.
> > I want all install to have read/write/execute permissions.
> > The partition will effectively be serving as a common scratch pad 
> > in order to exchange information. There is organically a single 
> > user, [*ME*] and there is *NO* networking of any sort whatsoever.
> 
> The simplest way would be to synchronize your UID across all your
> installed operating systems.  If your UID is, let's say, 1000 on every
> system, and the files on the partition are owned by user 1000, then
> user 1000 (you) will have ownership of the files whenever you mount
> the partition.
> 
> If that's not an option, then you'll need to use Unix permissions.
> If you can synchronize a *group* GID across all OSes, then you can
> just make the files and directories group-writable by that group.
> 
> Otherwise, you'll have to make everything world-writable.

Well, there's bindfs [1], where you can (via FUSE) mount a directory
somewhere else, and (among other things) map user/group IDs. Never
tried it, but it sounds like hellish fun. I'd prefer synchronizing
the IDs, though. But in a pinch...

There is a like-named Debian package.

[1] http://bindfs.org/docs/bindfs.1.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgPgU0ACgkQBcgs9XrR2kYHfQCdENS+HXbiFqhFEdCNBv6uwNvN
82gAnRcltXzyyF8fr+FJmeV1a26QzTnL
=piYm
-END PGP SIGNATURE-

Re: Time quandry when dual boot with WinXP Pro

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Oct 21, 2016 at 01:17:21PM -0500, Richard Owlett wrote:

[...]

> CONCLUSION
> Can *NOT* blame Microsoft Windows for EVERYTHING ;/

My conclusion too. There's something else acting up. Linux should
pick up the hw clock and *know* it's not in UTC, but in the noted
timezone. Hmmm.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgKaMwACgkQBcgs9XrR2kYfdACfewFmXgPBX2BQKDZ5nVvoWTCr
GuQAn3eAN+ZDtL6Sv8Y30vHRbaXx/5L+
=UMEO
-END PGP SIGNATURE-

Re: Time quandry when dual boot with WinXP Pro

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Oct 21, 2016 at 09:11:07PM +0200, to...@tuxteam.de wrote:
> On Fri, Oct 21, 2016 at 09:21:17AM -0500, Richard Owlett wrote:
> 
> [...]
> 
> > Relavant lines of preseed.cfg are
> > 
> > ### Clock and time zone setup
> > #d-i clock-setup/utc boolean false
> > d-i clock-setup/utc boolean true
> > d-i time/zone string US/Central
> > d-i clock-setup/ntp boolean false
> 
> To me this looks reasonable. At least the installer should have enough
> info to get by.
> 
> Note that I'm not very fluent on the details, so I might be missing
> something.

Here are the relevant pages [1] [2].

In a nutshell, it *should* work. But you lose the automatic DST change --
the OS expects then the HW clock to be "right" wrt local time.

But -- who knows? Perhaps the hwclock is read *before* the d-i settings
can be accounted for; perhaps the time will be right after installation
*and* reboot?

[1] 
https://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html
[2] 
https://www.debian.org/doc/manuals/system-administrator/ch-sysadmin-time.html#s-multiboot-with

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgKa18ACgkQBcgs9XrR2ka/wgCeNe9AumWLYJ3WBIG9eQuB1SLc
fl4An0dEE+FYI91/RXelQQF1tVcXqzO1
=XANW
-END PGP SIGNATURE-

Re: Time quandry when dual boot with WinXP Pro

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Oct 21, 2016 at 09:21:17AM -0500, Richard Owlett wrote:

[...]

> Relavant lines of preseed.cfg are
> 
> ### Clock and time zone setup
> #d-i clock-setup/utc boolean false
> d-i clock-setup/utc boolean true
> d-i time/zone string US/Central
> d-i clock-setup/ntp boolean false

To me this looks reasonable. At least the installer should have enough
info to get by.

Note that I'm not very fluent on the details, so I might be missing
something.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgKaEsACgkQBcgs9XrR2kYisACePF8aAPUqrKh8bauMcYo5knvj
wN4An2XW5A/HGXxUuCP2q5/R4XpqZ3F+
=a9Gh
-END PGP SIGNATURE-

Re: Time quandry when dual boot with WinXP Pro

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Oct 21, 2016 at 03:09:46PM -0500, Richard Owlett wrote:

[...]

If you want to get to the ground of things, on my system (yes, I'm on SysV
init, for systemd you'll have to find out for yourself), the magic happens
in /etc/init.d/hwclock.sh. This happens pretty early at boot.

Now you'd have to find out when the relevant d-i setting takes place.

Let us know :-)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgKe5QACgkQBcgs9XrR2kYAAACbBFdyBLP8NGPXg4OdQCB5Q/Ov
dvMAn0Dr26NUzXBnAmENuIdByIuh69XB
=QW2v
-END PGP SIGNATURE-

Re: Time quandry when dual boot with WinXP Pro

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Oct 21, 2016 at 08:09:38AM -0500, Richard Owlett wrote:
> I'm creating a preseed.cfg file for installing Debian 8.6 in a
> dual-boot enviroment with some version of MS Windows. There are two
> distinct use cases:
>1. Two of my machines with WinXP Pro SP3
>2. A remote (~1000 miles]friend with several machines - some with
> WinXP, others with
>   Windows 10 or later.

Uh, oh. Microsoft and time handling. This won't end well :-/

[...]
>3. Debian 8.6 w MATE installed from DVD 1 of 13 with aid of custom 
> preseed.cfg
>   _displays_ a time 5 hours earlier.
>   The _display_ is independent of whether
>d-i clock-setup/utc boolean true
>*OR*
>d-i clock-setup/utc boolean false

This observation alone suggests strongly that this installation
"thinks" it should use the UTC (or any equivalent) time zone
to fudge back its way from the hardware clock to the UTC.

What is the value of d-i time/zone?

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgKGNkACgkQBcgs9XrR2kbE3wCfazy79csBl1oVWD0IZp5D2nGZ
bUMAnivHeC+RC3CfgBy7LzoAD16wCZaF
=wguH
-END PGP SIGNATURE-

Re: Most compatible way to prepare USB stick

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Oct 21, 2016 at 10:28:34PM +0900, Mark Fletcher wrote:

[...]

> I went with vfat, but I'd like to resolve the question of exfat if 
> possible, out of curiosity.

I was curious too, so I dropped the thing into my favourite search
engine (no, it's _not_ Google).

This is, in a nutshell, what I came out with:

  - vfat is an extension of FAT. It introduces long file names (with
an incredible backward-compatible trick which... oh, well).

  - fat32 is an extension of vfat, with bigger block pointers (i.e.
with a bigger address space: huge floppies, at last :)

  - exfat is a patent encumbered thing by Microsoft (probably to
reaffirm its loosening grip on its sheeple), extending something
(probably fat32). There are FUSE implementations for Linux, and
also a kernel module, which can't be distributed jointly due to
above patent nonsense. I'd stay as clear of this one as possible.

Note that all this is just the result of a cursory search. Feel free
to refine :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgKHIgACgkQBcgs9XrR2kZxnwCfTuFt59b/99mbN0hjoudh3ugF
P+MAn3vk0PRruAgalbeGGM/asDO3mViq
=Rdzv
-END PGP SIGNATURE-

Re: dd - proper use or more suitable program

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Nov 12, 2016 at 01:25:50PM -0600, Richard Owlett wrote:
> On 11/12/2016 12:26 PM, Pascal Hambourg wrote:
> >Le 12/11/2016 à 18:22, Richard Owlett a écrit :
> >>
> ddrescue /dev/sda /mnt/defective_drive.img
> /mnt/defective_drive.log
> >(...)
> >>Can this be run as a user, or are root permissions required.
> >
> >Unless the user has read permission on the raw device, it must be
> >run as root.
> 
> I have a STRONG suspicion that by "raw device" you refer to the
> defective device which is enumerated as /dev/sdc . *ALL*
> documentation and tutorials I found make a *MAJOR POINT* of *NOT*
> mounting the defective device. "Permissions" therefor are a murky
> issue.

In this case, the permissions on /dev/sdc were meant (as opposed
to the permissions on the files whithin the file system in /dev/sdc,
which don't count in this case)

> Point of fact, the specific physical defective object
> predates me having more than casual interest in *nix.

Yes: I remember there's a DOS file system in the disk in question,
so no permissions in there anyway. But as stated above, this doesn't
matter, because you're looking at the container: access to that
is ruled by the permissions on the device file, i.e. /dev/sdc.

> There's a reason I asked for "hand holding" and specifically asked
> for tolerance.
> In a "user to user" support enviroment ther is an expectation of
> querent doing his due diligence. I tried. I failed. M'aidez s'il
> vous plait.

In a nutshell: you mount your *new* disk to a directory of your
choice (let's say /mnt). Possibly your OS is set up to do that
for you: it'll typically end then somewhere in /media/blah (for
some suitable value of "blah"). Let's use /mnt as a placeholder.

Then you insert you defective disk, which (let's say) appears
as /dev/sdc. Make sure the OS doesn't mount it automatically,
otherwise unmount yourself.

Then you do

  dd if=/dev/sdc of=/mnt/my-disk-backup bs=4096 count=100

(this is over-simplified: you'll probably use ddrescue instead
of dd, or at least use the option 'noerror').

An image of your disk will hopefully appear on 'my-disk-backup'.
You need read access to /dev/sdc and write access to the directory
/mnt (either by doing sudo, I'd do that or by other means).

Those steps are a rough sketch. Many details already flew back
and forth in this thread, so I didn't want to bloat the thing
too much. Feel free to ask where things are unclear.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgngikACgkQBcgs9XrR2kYjmACeJyeAvYCCrcfx2UuSglH7Dnvb
eg0An14EEu9c0jwQTcjF5/4bNCm9qHTV
=c2+e
-END PGP SIGNATURE-

Jessie upgrade without systemd [was: Debian *not very good]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Nov 25, 2016 at 03:57:53PM -0800, Patrick Bartek wrote:
> On Fri, 25 Nov 2016 21:26:06 + (UTC) Latincom 
> wrote:
> 
> > On Fri, 25 Nov 2016 16:31:54 +, Brian wrote:
> > 
> > > On Fri 25 Nov 2016 at 15:21:23 +, oldbluebear wrote:
> > > 
> > > [...Lots of disgruntlement snipped...]
> > > 
> > >> How can I at this stage bring this machine back nearer to SySV?
> > > 
> > > You can bring it back in all its glory with
> > > 
> > >   apt-get install sysvinit-core
> > 
> > Is there a step by step guide or How to on line?
> > I have 1 Wheezy without Systemd, and i would like to upgrade it.
> > Thanks.
> 
> If you do a normal dist-upgrade Wheezy to Jessie, sysvinit will be
> replaced with systemd.

Not forcefully.

> And probably screw everything up..

Now this is an unnecessarily loaded statement. Given the smoking holes
the last flame war has left[1], I'd tread carefully if I were you ;-)

> I suggest
> you do what I did: a clean install of a terminal only Jessie system,
> replace systemd with sysvinit, then build the system up from there.
> Just remember GNOME3 has systemd as a dependency.  Other utilities do,
> too. I used LXDE which doesn't to keep things simple.  I usually just
> run a window manager Openbox and a single LXPanel, but that involves a
> lot more configuration.  Too much for an initial test.

While possible, this isn't really necessary. FWIW I managed a clean
Jessie upgrade without touching systemd, by just following the
instructions.

If you want a straight upgrade without systemd, apt-pinning seems
to be the agreed upon way:

  
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#systemd-upgrade-default-init-system

Note that many things (Gnome, I'm looking at you) *require* systemd
these days: it'll be much more difficult to avoid systemd if you
want a "modern" desktop environment.

Myself, I'm on Fvwm. I don't even need DBUS :-D

thanks

[1] Sorry for the somewhat grumpy tone, but I'm pretty tired of people
   whining about systemd and borderline disrupting otherwise functional
   mailing lists with their rage. I strongly dislike systemd, yes, but
   i see no reason to hate systemd proponents let alone to harrass them.
   On the contrary, they are doing free software, FFS!

   If all that energy spent on foaming at the mouth and hatred had been
   spent on keeping viable alternatives to systemd afloat and running,
   we'd be in much better shape these days (and perhaps MikeeeUSA
   would have found other coattails to ride on).

- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlg5T7oACgkQBcgs9XrR2kZ7vACcDEQ6DAqH1YBcKkdTJfv+fBin
PXIAmwQTe2QUPn1tSD8XhjPhaTH/BatB
=8Pqr
-END PGP SIGNATURE-

Re: Jessie upgrade without systemd [was: Debian *not very good]

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Nov 26, 2016 at 10:27:07AM +, Joe wrote:
> On Sat, 26 Nov 2016 10:02:50 +0100
>  wrote:
> 
> > On Fri, Nov 25, 2016 at 03:57:53PM -0800, Patrick Bartek wrote:
> 
> > > 
> > > If you do a normal dist-upgrade Wheezy to Jessie, sysvinit will be
> > > replaced with systemd.  
> > 
> > Not forcefully.
> > 
> > > And probably screw everything up..  
> > 
> > Now this is an unnecessarily loaded statement. Given the smoking holes
> > the last flame war has left[1], I'd tread carefully if I were you ;-)
> > 
> 
> A fair number of wheezy systems will be servers, upgraded many times.
> Mine started out as sarge. What are the odds of such a system making the
> change to systemd without problems?

[...]

> And my server doesn't have X. But I don't expect that to eliminate all
> systemd problems.

I'd say you are in a pretty good shape to choose whatever init system
suits you without big problems, then.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlg5jeMACgkQBcgs9XrR2kaaAwCeLOlri8qYZzoGouk/KtCWFXYC
a0EAnA3o0NsEaTlzzH/3aYj0J99pJq0+
=MAqs
-END PGP SIGNATURE-