Re: yaboot: How to load Debian8 netboot installation images directly from the boot: prompt?

[clarkw]

On Tue, May 26, 2015 at 2:09 PM, Petter Adsen  wrote:

> On Tue, 26 May 2015 13:16:04 +0800
> Clark Wang  wrote:
>
> > On Tue, May 26, 2015 at 1:10 PM, Herminio Hernandez Jr <
> > herminio.hernande...@gmail.com> wrote:
> >
> > > On Tue, 2015-05-26 at 10:22 +0800, Clark Wang wrote:
> > > > I have an `iBook G4` and have `Debian 8 (Jessie)` installed on it.
> > > > Yesterday I did something stupid (messed up `yaboot.conf` and ran
> > > > `ybin`) and now the system cannot boot up.
> > > >
> > > > The old Debian 8 was installed on a single partition (`/dev/sda3`,
> > > > `ext4`). I ever put the Debian 8 netboot installation images
> > > > (downloaded from here) under `/boot/deb/`:
> > > >
> > > > /boot/deb/initrd.gz
> > > > /boot/deb/vmlinux
> > > > /boot/deb/yaboot
> > > > /boot/deb/yaboot.conf
> > > >
> > > > So how can I boot the netboot installation images from the `boot:`
> > > > prompt and reinstall Debian 8?
> > > >
> > > > I tried `boot: hd:3,/boot/deb/vmlinux root=/dev/ram read-only
> > > > initrd=/boot/deb/initrd.gz initrd-size=300` but it did not
> > > > work. (The screenshot taken with my phone.)
> > > >
> > > >
> > > > Thanks.
> > > >
> > > >
> > > >
> > > > -clark
> > > >
> > > You can use the netinst cd as a recovery cd by doing the following.
> > >
> >
> > I forgot to mention that my iBook's CD drive is broken. :)
> >
> > >
> > > 1. boot into the cd and at boot type recovery
> > >
> >
> > Or can I boot the netboot installation images (under /boot/deb/) from
> > the Open Firmware prompt?
>
> Can the machine boot from a USB flash drive? Or over the network? One
> of these approaches might be easier for you.
>

I'm trying to find out how to boot form USB. Boot from network also sounds
good. I'll investigate how to setup a DHCP and TFTP server on my OS X
(Yosemite) and how to boot iBook from network.

>
> Other than that, I'm afraid I can't help you - I know nothing about
> yaboot.
>

I never know about yaboot and Open Firmware when I was using Mac OS X on
the iBook. They're all mysterious to me. Still learning. :)

Thanks.

-clark

>
> Petter
>
> --
> "I'm ionized"
> "Are you sure?"
> "I'm positive."
>

Re: Systemd for dummies

[Petter Adsen]

On Mon, 25 May 2015 19:07:07 -0700
Gary Roach  wrote:

> I upgraded to Jessie recently and lost my BackupPC setup and my
> rsyncd setup. I found that both succumbed to the change over from
> inet.d to Systemd. None of the documentation mentions anything about
> systemd setup. I found some script for rsync to write rsyincd.socket
> and rsyncd.service and put them in /lib/systemd/system directory. No
> mention was made of the soft link that had to be put in the proper 
> /etc/systemd/system subdirectory. Rsync doesn't seem to be working. 
> Further there is no documentation for setting up BackupPC for
> systemd. I am totally awash. Most of the documentation that I have
> found goes right over my head. Writers should give their
> documentation to their secretary / wife /husband to use and see what
> happens. (ugly) Is there any documentation out there that is readable
> that would give me a road map for setting up systemd. All suggestions
> will be sincerely appreciated.

It depends on what you are looking for.

https://wiki.archlinux.org/index.php/Systemd

Is quite good, I recommend it.

http://0pointer.de/blog/projects/the-new-configuration-files.html

Has some good stuff. It's part of a "systemd for admins" series, but I
couldn't find the index right now. It is more of a
tutorial/introduction, though.

Then there are of course the man pages, which I've actually found to be
quite good. See systemd.index(7) for an overview. The man pages and
these two links are the ones I usually refer to when there is
something I need to know.

Ubuntu has a page listing all the systemd equivalents of upstart
commands:

https://wiki.ubuntu.com/SystemdForUpstartUsers

There is also some stuff on the freedesktop.org site, which is where
systemd lives, but mostly just the man pages and implementation
details. I'd check these other links first.

Does any of this help you? On the Debian wiki I could unfortunately only
find things relating to The Great Debate, which aren't really all that
helpful.

Good luck, and let us know if you need more.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgp4ALLD7gaXm.pgp
Description: OpenPGP digital signature

Re: HELP- very slow download speeds

[Petter Adsen]

On Mon, 25 May 2015 18:53:42 -0700
Gary Roach  wrote:

> On 05/24/2015 12:49 AM, Petter Adsen wrote:
> > On Sun, 24 May 2015 00:27:02 -0700
> > Gary Roach  wrote:
> >
> >> On 05/22/2015 01:19 PM, Bob Proulx wrote:
> >>> Darac Marjal wrote:
>  Gary Roach wrote:
> > When I start a download, it starts at 50M for the first few
> > seconds and then drops to 500K to 100K range.
>  Finally, don't rule out the possibility that your ISP is
>  throttling you. While you may be synced at 50M and may be able
>  to transfer at that for short periods (and thus, the ISP can
>  rightly claim that you have a 50M connection), they could
>  conceivably throttle your connection in the longer term.
> >>> I think this is quite the most likely possibility.  I have only
> >>> anecdotal reports from friends but what I hear is that often ISPs
> >>> allow a full speed burst but then throttle for long term steady
> >>> state data transfer.  That matches your reported behavior exactly.
> >>> This allows customers to run a speed test and have it report full
> >>> speed but prevent them from getting that speed for a long download
> >>> such as a full system upgrade or a large install ISO image
> >>> download.  Are you sure your ISP isn't throttling you?
> >>>
> >>> Bob
> >> I wouldn't put anything past those jackasses but am still
> >> attempting to gather information. Would wireshark be a good tool
> >> to do an in depth diagnosis of the problem? I've gotten a little
> >> side tracked with another problem but plan to get back to this  in
> >> the next couple of days. Any comments will be appreciated.
> > If you have shell access to a box somewhere, you can run "iperf" to
> > get an idea of the performance of the link between you. Obviously,
> > the closer to you, the better. Take a look at the "--interval"
> > parameter, so you can see how/if performance degrades over time.
> > "--dualtest" might also be helpful. There are probably guides out
> > there on how to get the best results from it, the man page doesn't
> > really do much except list all the options.
> >
> > There may be better ways, but this is the one I typically use.
> > Wireshark would be more suited to analyze the actual traffic, if
> > you suspect something may be wrong there.
> >
> > Petter
> >
> Thanks for the tips. Don't go away. As you will find in the newest 
> listings, I have a bigger problem at the moment. I will be back to
> this one soon.

Seen and replied to :)

> Comment on speed testers. The mostly use UDP packets which will never 
> detect trashed packets. God I hate big business in this country. What 
> ever happened to the antitrust laws I grew up with.

iperf will use either TCP or UDP. :)

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpEI57MJPc9Z.pgp
Description: OpenPGP digital signature

Re: yaboot: How to load Debian8 netboot installation images directly from the boot: prompt?

[Petter Adsen]

On Tue, 26 May 2015 13:16:04 +0800
Clark Wang  wrote:

> On Tue, May 26, 2015 at 1:10 PM, Herminio Hernandez Jr <
> herminio.hernande...@gmail.com> wrote:
> 
> > On Tue, 2015-05-26 at 10:22 +0800, Clark Wang wrote:
> > > I have an `iBook G4` and have `Debian 8 (Jessie)` installed on it.
> > > Yesterday I did something stupid (messed up `yaboot.conf` and ran
> > > `ybin`) and now the system cannot boot up.
> > >
> > > The old Debian 8 was installed on a single partition (`/dev/sda3`,
> > > `ext4`). I ever put the Debian 8 netboot installation images
> > > (downloaded from here) under `/boot/deb/`:
> > >
> > > /boot/deb/initrd.gz
> > > /boot/deb/vmlinux
> > > /boot/deb/yaboot
> > > /boot/deb/yaboot.conf
> > >
> > > So how can I boot the netboot installation images from the `boot:`
> > > prompt and reinstall Debian 8?
> > >
> > > I tried `boot: hd:3,/boot/deb/vmlinux root=/dev/ram read-only
> > > initrd=/boot/deb/initrd.gz initrd-size=300` but it did not
> > > work. (The screenshot taken with my phone.)
> > >
> > >
> > > Thanks.
> > >
> > >
> > >
> > > -clark
> > >
> > You can use the netinst cd as a recovery cd by doing the following.
> >
> 
> I forgot to mention that my iBook's CD drive is broken. :)
> 
> >
> > 1. boot into the cd and at boot type recovery
> >
> 
> Or can I boot the netboot installation images (under /boot/deb/) from
> the Open Firmware prompt?

Can the machine boot from a USB flash drive? Or over the network? One
of these approaches might be easier for you.

Other than that, I'm afraid I can't help you - I know nothing about
yaboot.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpQ4Pw9W0dMy.pgp
Description: OpenPGP digital signature

Re: Laptops, UEFI, Secure Boot and Debian

[Petter Adsen]

On Tue, 26 May 2015 12:23:25 +0800
Bret Busby  wrote:

> On 26/05/2015, Stuart Longland  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On 24/05/15 19:03, Petter Adsen wrote:
> >> If both Wheezy and Trusty are installed in legacy mode the
> >> bootloader should see all of them. Dependent on your needs, an
> >> easier way might be to just spin up a VM or three with the systems
> >> you use the least. KVM is a wonderful thing.
> >
> > Better yet, for some of these is LXC.  I run several instances of
> > Debian managed by libvirt on a Gentoo host, with much less overheads
> > than you get from a VM.
> >
> > apt-get install virt-manager bridge-utils libvirt-bin lxc
> > debootstrap
> >
> > will probably get you started.  Use debootstrap to create the
> > Debian/Ubuntu instances, creating the root filesystems in
> > /var/lib/libvirt/images, then use virt-manager to set them up in
> > LXC.
> >
> > https://wiki.debian.org/LXC
> > - --
> > Stuart Longland (aka Redhatter, VK4MSL)
> >
> > I haven't lost my mind...
> >   ...it's backed up on a tape somewhere.
> 
> 
> I should probably have been more explicit, in my stating of the
> question.
> 
> What I wanted to know, was, given that, in Legacy mode, with GRUB,
> both Ubuntu 14.04 LTS and Debian 7, are installed on the particular
> computer, and, I can select to boot either one of those, can I simply
> also install Debian 6 LTS on that system, to have it concurrently
> installed with Debian 7, and, to be able, using GRUB, to select to
> boot into one of those operating systems (Ubuntu 14.04 LTS, Debian 7,
> or, Debian 6 LTS), without any interference from the installations of
> the other operating systems?

Bret, I answered that above.

"If both Wheezy and Trusty are installed in legacy mode the bootloader
should see all of them."

That means "yes, you can".

> It has taken me about 18 months, to get Debian 7 installed and
> running, in the state that it now can be run, and so I want to be able
> to get Debian 6 LTS, installed and running, "with a minimum of fuss".

This should not be a problem, if you have available space on the drive.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpCTxm8Yfpk2.pgp
Description: OpenPGP digital signature

Re: yaboot: How to load Debian8 netboot installation images directly from the boot: prompt?

[Herminio Hernandez Jr]

On Tue, 2015-05-26 at 10:22 +0800, Clark Wang wrote:
> I have an `iBook G4` and have `Debian 8 (Jessie)` installed on it.
> Yesterday I did something stupid (messed up `yaboot.conf` and ran
> `ybin`) and now the system cannot boot up.
> 
> The old Debian 8 was installed on a single partition (`/dev/sda3`,
> `ext4`). I ever put the Debian 8 netboot installation images
> (downloaded from here) under `/boot/deb/`:
> 
> /boot/deb/initrd.gz
> /boot/deb/vmlinux
> /boot/deb/yaboot
> /boot/deb/yaboot.conf
> 
> So how can I boot the netboot installation images from the `boot:`
> prompt and reinstall Debian 8?
> 
> I tried `boot: hd:3,/boot/deb/vmlinux root=/dev/ram read-only
> initrd=/boot/deb/initrd.gz initrd-size=300` but it did not work.
> (The screenshot taken with my phone.)
> 
> 
> Thanks.
> 
> 
> 
> -clark
> 
You can use the netinst cd as a recovery cd by doing the following.

1. boot into the cd and at boot type recovery
2. the cd will go through the initial install process, when you get to
the part that it is setting up dhcp there should be either a 'cancell'
or 'go back' option on the bottom left. Select it
3. it should take you to a list of options one of which is recovery
mode. select that and from there you should be able to get to a bash
prompt and fix yaboot.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1432617003.16711.3.ca...@gmail.com

Re: yaboot: How to load Debian8 netboot installation images directly from the boot: prompt?

[Clark Wang]

On Tue, May 26, 2015 at 1:10 PM, Herminio Hernandez Jr <
herminio.hernande...@gmail.com> wrote:

> On Tue, 2015-05-26 at 10:22 +0800, Clark Wang wrote:
> > I have an `iBook G4` and have `Debian 8 (Jessie)` installed on it.
> > Yesterday I did something stupid (messed up `yaboot.conf` and ran
> > `ybin`) and now the system cannot boot up.
> >
> > The old Debian 8 was installed on a single partition (`/dev/sda3`,
> > `ext4`). I ever put the Debian 8 netboot installation images
> > (downloaded from here) under `/boot/deb/`:
> >
> > /boot/deb/initrd.gz
> > /boot/deb/vmlinux
> > /boot/deb/yaboot
> > /boot/deb/yaboot.conf
> >
> > So how can I boot the netboot installation images from the `boot:`
> > prompt and reinstall Debian 8?
> >
> > I tried `boot: hd:3,/boot/deb/vmlinux root=/dev/ram read-only
> > initrd=/boot/deb/initrd.gz initrd-size=300` but it did not work.
> > (The screenshot taken with my phone.)
> >
> >
> > Thanks.
> >
> >
> >
> > -clark
> >
> You can use the netinst cd as a recovery cd by doing the following.
>

I forgot to mention that my iBook's CD drive is broken. :)

>
> 1. boot into the cd and at boot type recovery
>

Or can I boot the netboot installation images (under /boot/deb/) from the
Open Firmware prompt?

-clark


> 2. the cd will go through the initial install process, when you get to
> the part that it is setting up dhcp there should be either a 'cancell'
> or 'go back' option on the bottom left. Select it
> 3. it should take you to a list of options one of which is recovery
> mode. select that and from there you should be able to get to a bash
> prompt and fix yaboot.
>
>

Re: Laptops, UEFI, Secure Boot and Debian

[Bret Busby]

On 26/05/2015, Stuart Longland  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 24/05/15 19:03, Petter Adsen wrote:
>> If both Wheezy and Trusty are installed in legacy mode the
>> bootloader should see all of them. Dependent on your needs, an
>> easier way might be to just spin up a VM or three with the systems
>> you use the least. KVM is a wonderful thing.
>
> Better yet, for some of these is LXC.  I run several instances of
> Debian managed by libvirt on a Gentoo host, with much less overheads
> than you get from a VM.
>
> apt-get install virt-manager bridge-utils libvirt-bin lxc debootstrap
>
> will probably get you started.  Use debootstrap to create the
> Debian/Ubuntu instances, creating the root filesystems in
> /var/lib/libvirt/images, then use virt-manager to set them up in LXC.
>
> https://wiki.debian.org/LXC
> - --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
>   ...it's backed up on a tape somewhere.


I should probably have been more explicit, in my stating of the question.

What I wanted to know, was, given that, in Legacy mode, with GRUB,
both Ubuntu 14.04 LTS and Debian 7, are installed on the particular
computer, and, I can select to boot either one of those, can I simply
also install Debian 6 LTS on that system, to have it concurrently
installed with Debian 7, and, to be able, using GRUB, to select to
boot into one of those operating systems (Ubuntu 14.04 LTS, Debian 7,
or, Debian 6 LTS), without any interference from the installations of
the other operating systems?

It has taken me about 18 months, to get Debian 7 installed and
running, in the state that it now can be run, and so I want to be able
to get Debian 6 LTS, installed and running, "with a minimum of fuss".

-- 
Bret Busby
Armadale
West Australia
..

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cacx6j8nxwmyxej4acvsnjfb1jfbqdsxvfyuluhcpwvpu72q...@mail.gmail.com

Re: Laptops, UEFI, Secure Boot and Debian

[Bret Busby]

On 26/05/2015, Lisi Reisz  wrote:
> On Monday 25 May 2015 20:56:58 Bret Busby wrote:
>> On 26/05/2015, Sven Arvidsson  wrote:
>> > On Tue, 2015-05-26 at 00:59 +0800, Bret Busby wrote:
>> >> But, in going to the company web site, I found the web site to be one
>> >> of those malicious web sites, that crash web browsers (the web browser
>> >> starts displaying the home page of the web site, and then crashes,
>> >> while downloading the home page of the web site, and, I have tried to
>> >> access that web site, a number of times, and, each time, it crashed
>> >> the web browser), and so, I have no confidence in that company. Its
>> >> software is defective, and, its web site is malicious.
>> >> "
>> >
>> > Works fine here. Pretty sure that's a bug in your browser ;)
>>
>> The matter was explained in a response in the pertinent thread, to the
>> message of which I posted a copy in this thread.
>>
>> Apparently, the crashing of the web browser, was due to some malicious
>> flash file that Inshite had on their web site home page.
>  [snip rant]
>> So, it can be a problem with the exception handling methodologies that
>> are taught and implemented, apart from the designing of web sites that
>> are malicious, and, the two combined, cause instability.
>
> I am tempted to descend to your level of vulgarity.  That website works
> perfectly in all three of the browsers I have installed, even when denied
> cookies.
>


So, does the web site that you see, involve a flash thing?

Or, have they removed it?

Also, have you tried accessing the web site with the web browsers
Arora and Rekonq?

And, if so, are you running those two browsers on Debian 6 LTS, in
their status for that version of Debian Linux?

And, have you viewed the response in the thread to which I had
referred, that indicated the lilkely cause of the particular problem?

Since you seem to want to turn this into a personal affront against
me, perhaps it would be better, if you tried to find whether other
people had encountered the same or a similar, problem, with that web
site, before indicating that it is all my fault.

-- 
Bret Busby
Armadale
West Australia
..

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CACX6j8N=jyroy1ntlcnon_-aahfssvkm3gvz9gwe6o9eovx...@mail.gmail.com

mount says an existing file system does not exist (was Re: strange booting behavior)

[gofloss gofloss]

hi arno,

thank you for your explanation.

i don't understand why i cannot mount the root partition.

when it does not boot, it comes up with initrd busybox shell.

i do cryptsetup luksOpen /dev/disk/by-uuid/[uuid] toshiba-root.  this works.

blkid shows that /dev/mapper/toshiba-root is there and is
ext4.

then i do mount /dev/mapper/toshiba-root /root.  it says no
such file or directory.  (i also tried -o ro.)

ls shows that /root is there.

so the filesystem exists and the mountpoint exists.  why is
it saying no such file or directory?

anybody have an idea here?


On 5/20/15, Arno Schuring  wrote:
> Hi,
>
>
>> On 5/19/15, Arno Schuring  wrote:
>> >
>> > Note that you can add break=premount to the kernel cmdline
>> > to force an initramfs shell, then use sh -x /scripts/$phase/$script
>> > to manually step through the initramfs procedure.
>> >
>> > You can use "grep maybe_break /usr/share/initramfs-tools/init" to
>> > check the valid break= values, and their order.
>>
>> stepping sounds like a great way to debug, but i'm out of my depth.  i
>> don't know what premount is (is that a phase?  a script?  something
>> else?), or what initrd does (all i know is it's a ramdisk and has a
>> fake root fs for some reason).  i will of course be happy to try this,
>> but i won't know what scripts to run, in what order, or what the
>> results will mean.
>>
>
> premount is just one of the breakpoints in the initramfs where you can
> break out and get a shell. The init procedure is completely shell-based,
> you may try reading /init lines 208-238 to get a feel for it. Basically,
> every phase is represented as a directory in /scripts, and the order in
> which the scripts are run is determined by a /scripts/$phase/ORDER file
> in each directory.
>
> /scripts/local-top/cryptroot is probably the most interesting script for
> you to run, and I don't think it has many dependencies since you're
> not using lvm. But ORDER is itself a shell script as well :)
>
> Beyond that, I don't think I can be of much help. I only know about this
> because I'm using a custom unlock procedure for my rootfs. I can't tell
> you about the design of the initramfs, nor do I know if what I'm
> advising here is the easiest way.
>
>>
>> > Also, can you verify that /conf/conf.d/cryptroot exists
>> > in the initramfs and contains the correct line?
>>
>> instead of rebooting to determine this and trying to transcribe it, is
>> it ok to extract the initrd as it is on disk?  i did so and got this:
>> "target=toshiba-root,source=UUID="...",key=none,rootdev" (where "..."
>> is the correct uuid according to blkid for /dev/sda3, which is the
>> partition on which encrypted root resides).
>>
>> does that seem correct?
>
> yes, that should be correct.
>
>>
>> >> in fact, in the initrd busybox shell, i can do cryptsetup
>> >> luksOpen /dev/sda3 toshiba-root.  i do not know how or where
>> >> to mount it, however.  mounting it on / not work.
>> >
>> > You need to mount it (readonly) on /root. Then exit the initramfs shell
>> > and the boot should continue normally.
>>
>> on /root, as in the superuser's home dir for dot files etc.?
>
> Yes. There is no home dir in the initramfs. It's a bit counterintuitive,
> but
> it does make sense to mount the real root filesystem on /root. It's just a
> shame that 'root' has more than one meaning.
>
>
> Regards,
> Arno
>
>   


-- 
I rarely can send email, and cannot be counted on to read email, but
please feel free to reply.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cadyyg0mjftcjcp8hfqhrf4-m0kxqgr55iezw7y4zeyanhmx...@mail.gmail.com

Systemd for dummies

[Gary Roach]

I upgraded to Jessie recently and lost my BackupPC setup and my rsyncd 
setup. I found that both succumbed to the change over from inet.d to 
Systemd. None of the documentation mentions anything about systemd 
setup. I found some script for rsync to write rsyincd.socket and 
rsyncd.service and put them in /lib/systemd/system directory. No mention 
was made of the soft link that had to be put in the proper 
/etc/systemd/system subdirectory. Rsync doesn't seem to be working. 
Further there is no documentation for setting up BackupPC for systemd. I 
am totally awash. Most of the documentation that I have found goes right 
over my head. Writers should give their documentation to their secretary 
/ wife /husband to use and see what happens. (ugly) Is there any 
documentation out there that is readable that would give me a road map 
for setting up systemd. All suggestions will be sincerely appreciated.


Gary R


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5563d54b.7080...@verizon.net

yaboot: How to load Debian8 netboot installation images directly from the boot: prompt?

[Clark Wang]

I have an `iBook G4` and have `Debian 8 (Jessie)` installed on it.
Yesterday I did something stupid (messed up `yaboot.conf` and ran `ybin`)
and now the system cannot boot up.

The old Debian 8 was installed on a single partition (`/dev/sda3`, `ext4`).
I ever put the Debian 8 netboot installation images (downloaded from here
)
under `/boot/deb/`:

/boot/deb/initrd.gz
/boot/deb/vmlinux
/boot/deb/yaboot
/boot/deb/yaboot.conf

So how can I boot the netboot installation images from the `boot:` prompt
and reinstall Debian 8?

I tried `boot: hd:3,/boot/deb/vmlinux root=/dev/ram read-only
initrd=/boot/deb/initrd.gz initrd-size=300` but it did not work. (The
screenshot taken with my phone. )

Thanks.

-clark

Re: HELP- very slow download speeds

[Gary Roach]

On 05/24/2015 12:49 AM, Petter Adsen wrote:

On Sun, 24 May 2015 00:27:02 -0700
Gary Roach  wrote:


On 05/22/2015 01:19 PM, Bob Proulx wrote:

Darac Marjal wrote:

Gary Roach wrote:

When I start a download, it starts at 50M for the first few
seconds and then drops to 500K to 100K range.

Finally, don't rule out the possibility that your ISP is throttling
you. While you may be synced at 50M and may be able to transfer at
that for short periods (and thus, the ISP can rightly claim that
you have a 50M connection), they could conceivably throttle your
connection in the longer term.

I think this is quite the most likely possibility.  I have only
anecdotal reports from friends but what I hear is that often ISPs
allow a full speed burst but then throttle for long term steady
state data transfer.  That matches your reported behavior exactly.
This allows customers to run a speed test and have it report full
speed but prevent them from getting that speed for a long download
such as a full system upgrade or a large install ISO image
download.  Are you sure your ISP isn't throttling you?

Bob

I wouldn't put anything past those jackasses but am still attempting
to gather information. Would wireshark be a good tool to do an in
depth diagnosis of the problem? I've gotten a little side tracked
with another problem but plan to get back to this  in the next couple
of days. Any comments will be appreciated.

If you have shell access to a box somewhere, you can run "iperf" to get
an idea of the performance of the link between you. Obviously, the
closer to you, the better. Take a look at the "--interval" parameter,
so you can see how/if performance degrades over time. "--dualtest"
might also be helpful. There are probably guides out there on how to
get the best results from it, the man page doesn't really do much
except list all the options.

There may be better ways, but this is the one I typically use. Wireshark
would be more suited to analyze the actual traffic, if you suspect
something may be wrong there.

Petter

Thanks for the tips. Don't go away. As you will find in the newest 
listings, I have a bigger problem at the moment. I will be back to this 
one soon.


Comment on speed testers. The mostly use UDP packets which will never 
detect trashed packets. God I hate big business in this country. What 
ever happened to the antitrust laws I grew up with.


Gary R



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5563d226.2040...@verizon.net

Re: Perl scripts: line by line parsing vs accumulating (was: the correct way to read a big directory? Mutt?)

[David Wright]

Quoting Vincent Lefevre (vinc...@vinc17.net):
> On 2015-05-22 21:01:01 -0500, David Wright wrote:
> > However, in https://lists.debian.org/debian-user/2015/04/msg01265.html
> > I was perhaps less ambiguous (point 2):
> > 
> > "In which case, if you want to know how come mutt is so fast, take a
> >  look at the source. Just to mention one optimisation I would consider:
> >  slurp the directory and sort the entries by inode. Open the files in
> >  inode order.
> >  And another: it's probably faster to slurp bigger chunks of each file
> >  (with an intelligent guess of the best buffer size) and use a fast
> >  search for \nMessage-ID rather than reading and checking line by line.
> > "
> 
> This may be interesting with mmap. Otherwise, one may do unnecessary
> copies.
> 
> > > Then I don't think that in the particular case of header validation,
> > > there is much gain applying regexp's on the full header at once; the
> > > reason is that my regexp's use the end of line as a separator (things
> > > like /\n[^:\s]+\s/ and /^Message-ID:.../im). So, when I read the file
> > > line by line, I already do a part of the job of regexp matching.
> > 
> > But I would assume that regexp in languages like Perl/Python has code
> > far more optimised than reading files line by line.
> 
> This is not clear. All my regexp's are anchored on a newline.
> Reading files line by line allows one to do some factoring.
> 
> > So you would search for \nmessage-id:.*?\n (where .*? is
> > non-greedy).
> 
> One can do better. The code I used in the second test was:
> 
> $header =~ /^\S+:/ || $header =~ /^From / or die;
> $header =~ /\n[^:\s]+\s/ and die;
> $header =~ /^Message-ID:.*^Message-ID:/ims and die;
> $header =~ /^Message-ID:\s+(<\S+>)( \(added by .*\))?$/im or die;
> 
> where $header is the full header.
> 
> > > And finally, for each test, the header has to be read several times.
> > 
> > I'm not sure why, without knowing the tests to apply (or did I miss
> > seeing them?).
> 
> See above.
> 
> > > In my case, I don't need to deal with folded headers, except validating
> > > the format, which is very easy with a line-by-line parsing.
> > 
> > You did mention validating message-id and other headers and checking
> > for missing ones, but do your scripts throw all this work away and,
> > if so, why? For example, if you add your own distinctive Message-ID
> > header to any file that doesn't have one, then that's one test you
> > never have to repeat.
> 
> I don't understand.

Well, the discussion in these threads has ranged widely over trying to
speed up the reading of directories and large numbers of files. Every
so often, I think about what you're doing with that huge directory of
emails, all 145k of them.

AIUI, and correct me if I'm wrong, you have to be able to read them
with a mail client (mutt). You have to check that (all) the header
lines are correctly formed and that each email has a single unique
message-id.

Every so often (quite frequently) you run Perl scripts (like those
posted) over them and modify the header lines (or flags) of some of
them, then restart mutt so it picks up the modifications.

Not being conversant with the maildir format, I took a look at
http://wiki2.dovecot.org/MailboxFormat/Maildir to see how filenames
are used, and how flags are implemented. I see one also might have to
be careful about preserving timestamps.

Anyway, the questions that pop into my head are things like:

If an email doesn't have a message-id, why not give it one with a
X-header that you recognise as your own? (You could process duplicates
similarly.)

Why not put your X-header as the first line in the file? (In most
cases, it would be a copy of the original message-id.) Then you only
have to read one line to get at your X-header/message-id on every
subsequent occasion that you process the files.

If a header line is malformed, why not fix it up straight away as best
you can (rather than die), perhaps flagging the fact.

Why not do all these things just the once? Process all the existing
messages in however long it takes. Do it when you're not running mutt,
not renaming files etc, so that the directory is static. Then keep
track of a mtime "tidemark" so that you can recognise new messages,
which need their X-header to be added and to be checked over.

Now when you do all your message filtering/flagging, you don't have to
faff around with variable numbers of header lines yet again.


BTW I couldn't help being amused by this paragraph in the dovecot wiki:
"Issues with the specification

 Locking

 Although maildir was designed to be lockless, Dovecot locks the
 maildir while doing modifications to it or while looking for new
 messages in it. This is required because otherwise Dovecot might
 temporarily see mails incorrectly deleted, which would cause
 trouble. Basically the problem is that if one process modifies the
 maildir (eg. a rename() to change a message's flag), another process
 in the middle of listing fil

Re: Laptops, UEFI, Secure Boot and Debian

[Stuart Longland]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 24/05/15 19:03, Petter Adsen wrote:
> If both Wheezy and Trusty are installed in legacy mode the
> bootloader should see all of them. Dependent on your needs, an
> easier way might be to just spin up a VM or three with the systems
> you use the least. KVM is a wonderful thing.

Better yet, for some of these is LXC.  I run several instances of
Debian managed by libvirt on a Gentoo host, with much less overheads
than you get from a VM.

apt-get install virt-manager bridge-utils libvirt-bin lxc debootstrap

will probably get you started.  Use debootstrap to create the
Debian/Ubuntu instances, creating the root filesystems in
/var/lib/libvirt/images, then use virt-manager to set them up in LXC.

https://wiki.debian.org/LXC
- -- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iJ4EARMKAAYFAlVjqd4ACgkQoCQEvFhlDPmnEAH/Uv0xFzQc1Vq0bv+O6VzKN9ay
89PJi+wJpvZP5CbPAbIiT5qVQ0sbibwnngz2QHJYVWvqrYmiwiVmpOCk+xIG1AH/
bjH5lJxLH62YsBlBhRTWLe96+WlXl6h3CIOfTVeE4VwSRJF6vBxqEuEUdh8HMPos
V1y8MufYObbqNTueibnSGQ==
=HSwB
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5563a9e2.7070...@longlandclan.yi.org

Re: Running Debian with only 213MB Ram?

[Stuart Longland]

On 24/05/15 00:47, Rodolfo Medina wrote:
> Hi all.
> 
> On my old laptop I chose Openobex as window manager because Gnome is too heavy
> for it.  I get though:
> 
> $ free -m
>  total   used   free sharedbuffers cached
> Mem:   213207  5  4 23111
> -/+ buffers/cache: 73140
> Swap:  952  0952
> 
> with just Openobex and Emacs and a couple of terminal emulators running, not
> else.  Do you think that is too little?  Then maybe I should gave up hoping to
> use Debian on that machine, and look for - if any exists - other systems?

My advice: don't try running Firefox (aka Iceweasel) on it.  I have an
old Pentium II 300MHz machine with 160MB RAM that I once used to use as
a main workhorse at uni (in the era of Windows Vista, so old even then).

Back then it was a usable workhorse.  The only thing it struggled with
was YouTube, and thankfully there was youtube-dl: mplayer could play the
videos just fine, just Adobe Flash struggled.  It was never a speed
demon, but it was tolerable with some patience.

This was running Gentoo Linux as the OS.  Initially I ran KDE as the
window environment, then found that got too heavy and switched to FVWM.

Recently I resurrected the machine, put on a newer release of Gentoo and
got it going monitoring AX.25 packet radio.  It works fine for that, and
can run Xastir for an APRS digipeater without issue.

I tried putting Firefox 35 on.  Big mistake.

It runs, but until you do some low memory tweaks, it'll thrash the swap
and get nowhere.  Even after tweaks, it's slower than a 5-day Ashes
test.  I had thought it'd be useful for checking on the weather radar
before I began my commute to work of a morning, but have since given up
on the idea.

I'm not sure if Chromium performs better on low RAM, but modern
applications seem to assume at least 512MB RAM these days.

Regards,
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/556395d8.90...@longlandclan.yi.org

Re: KVM switch: DVI-D, DVI-I or vga?

[Stuart Longland]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 24/05/15 01:56, Petter Adsen wrote:
> AFAIK, a DVI-D connector/cable can be plugged into both DVI-D and 
> DVI-I ports, but a DVI-I cable carries extra (analog) signals, so
> it has extra pins that won't fit in a DVI-D port.
> 
> A DVI-I KVM will carry both the digital and the analog signal, so
> you can use a DVI-D cable to connect it to a DVI-D screen - it just
> won't carry the analog signal, which you wouldn't need or be able
> to use anyway.

Just relating to this… we've got a situation at the office here were
we have a rack full of servers.  In the beginning it was VGA and PS/2,
for which KVMs are widely available and cheap.

We're now starting to get more and more machines that are
HDMI/DisplayPort machines, with the annoying artefact of not being
compatible with a VGA KVM.  (I've tried various HDMI→VGA and
DisplayPort→VGA adaptors with no luck.)

We've since bought a DVI-I KVM, which works great.  HOWEVER.  The
monitor is DVI-D/VGA.  The KVM does no translation, and so when we
switch over to one of the older VGA servers, we have to swap inputs on
the monitor too.

Unfortunately it seems monitors that have a true DVI-I input have been
discontinued.  We tried one splitter that supposedly brought a DVI-I
cable out to DVI-D and VGA, but that seemingly missed some critical
signals, so we got no picture on one of the ports.

We also tried a DVI-I splitter box, meant to drive two monitors from
the same source.  We found it worked, if you reset the device before
switching from an analogue to a digital source or vice versa.  It
assumed that the nature of the DVI signal (analogue or digital) never
changed.

Searching for these things online is an outright nightmare, because as
far as Google and sellers is concerned, "DVI-D" == "DVI-A" == "DVI-I"
== "DVI".  They do not differentiate.

A box that took DVI-I (in either form) and converted to DVI-D could
work here, I've not seen such a device though.  Heck, converting DVI-D
to VGA would also work.

Has anyone successfully used a KVM with a heterogeneous DVI-D/VGA
environment?
- -- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iJ4EARMKAAYFAlVjkjMACgkQoCQEvFhlDPk6AAIAmQmfBe5y7xUHGM+a7MnRugPw
VezgG97LKY9NKBIOAIiKs+dfne06NS0Jld0WsiEDAVFlk8b6Yb3JnzmCNaCAxwIA
nyKFzD2sACUkMyMY2SFVz56QhX5hIS9AT/CZ655IpwGM4GB9hTimplSGu6g6OYfL
2XPrCnxOWCegPFaAdfhB3g==
=cx3e
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/55639239.7000...@longlandclan.yi.org

Re: Laptops, UEFI, Secure Boot and Debian

[Lisi Reisz]

On Monday 25 May 2015 20:56:58 Bret Busby wrote:
> On 26/05/2015, Sven Arvidsson  wrote:
> > On Tue, 2015-05-26 at 00:59 +0800, Bret Busby wrote:
> >> But, in going to the company web site, I found the web site to be one
> >> of those malicious web sites, that crash web browsers (the web browser
> >> starts displaying the home page of the web site, and then crashes,
> >> while downloading the home page of the web site, and, I have tried to
> >> access that web site, a number of times, and, each time, it crashed
> >> the web browser), and so, I have no confidence in that company. Its
> >> software is defective, and, its web site is malicious.
> >> "
> >
> > Works fine here. Pretty sure that's a bug in your browser ;)
>
> The matter was explained in a response in the pertinent thread, to the
> message of which I posted a copy in this thread.
>
> Apparently, the crashing of the web browser, was due to some malicious
> flash file that Inshite had on their web site home page.
 [snip rant] 
> So, it can be a problem with the exception handling methodologies that
> are taught and implemented, apart from the designing of web sites that
> are malicious, and, the two combined, cause instability.

I am tempted to descend to your level of vulgarity.  That website works 
perfectly in all three of the browsers I have installed, even when denied 
cookies.

Incidentally the word shite, you so pleasantly use, may perhaps be an 
existant, though vulgar, word (though my spell-checker doesn't know it).  
Microshite and Inshite, in your sense, are most definitely not.

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201505252204.19111.lisi.re...@gmail.com

Re: Laptops, UEFI, Secure Boot and Debian

[Bret Busby]

On 26/05/2015, Sven Arvidsson  wrote:
> On Tue, 2015-05-26 at 00:59 +0800, Bret Busby wrote:
>> But, in going to the company web site, I found the web site to be one
>> of those malicious web sites, that crash web browsers (the web browser
>> starts displaying the home page of the web site, and then crashes,
>> while downloading the home page of the web site, and, I have tried to
>> access that web site, a number of times, and, each time, it crashed
>> the web browser), and so, I have no confidence in that company. Its
>> software is defective, and, its web site is malicious.
>> "
>
> Works fine here. Pretty sure that's a bug in your browser ;)
>


The matter was explained in a response in the pertinent thread, to the
message of which I posted a copy in this thread.

Apparently, the crashing of the web browser, was due to some malicious
flash file that Inshite had on their web site home page. Various other
malicious web sites, have and cause, similar problems. Different web
browsers deal with vexatious issues, differently, some involving less
disruption than others.

Unfortunately, as the particular web browser  is ( a number of web
browsers that come with Debian, are) unsupported, so problems such as
crashing due to malicious web sites, are not usually fixed by the
people who were responsible for the web browsers development.

Unfortunately, also, different programming methodologies have
different standards of dealing with problems, and I believe that the
teachings of some tertiary level academic institutions, leave much to
be desired, in what they teach. Some institutions that I attended,
taught people to trap and contain problems, and one institution taught
people to crash software upon experiencing problems - that
institiution taught that the way to implemenmt exception handling, was
to crash the software, when an exception occurred.

So, it can be a problem with the exception handling methodologies that
are taught and implemented, apart from the designing of web sites that
are malicious, and, the two combined, cause instability.

-- 
Bret Busby
Armadale
West Australia
..

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CACX6j8MQrDF=snbsOp8ibBpc7Ett8MS5nYB7nCE=nrnx1c6...@mail.gmail.com

Re: logitech z515 wireless speaker not working

[Pierre Frenkiel]

On Mon, 25 May 2015, Pierre Frenkiel wrote:


. . .
 snd-usb-audio 7-1:1.0: cannot find the slot for index 2 (range 0-2), error: 
. . .


  as an additional information, I found that the output in syslog like the
  above line is still present if I remove the /etc/modprobe.d
  and /etc/modules-load.d directories.
  It would then be useful to find where the config for snd-usb-audio comes from.

best regards,
--
Pierre Frenkiel


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.11.1505252107410.10...@pfr2.frenkiel-hure.net

logitech z515 wireless speaker not working

[Pierre Frenkiel]

hi,
still an other sound problem, this time with a Logitech Z515 wireless speaker.
It worked on my desktop on wheezy, and no more after the upgrade to Jessie.
It works On my wheezy laptop: the Z515 appears in /proc/asound/cards immediatly 
after plugging the usb dongle.

It also works with the Jessie live cd, but with the installed OS, I get in the 
syslog:

  new full-speed USB device number 3 using uhci_hcd
  New USB device found, idVendor=046d, idProduct=ba10
  New USB device strings: Mfr=1, Product=2, SerialNumber=3
  Product: Logitech Wireless Speaker Z515
  Manufacturer: Logitech
  SerialNumber: 000d4493d340
  snd-usb-audio 7-1:1.0: cannot find the slot for index 2 (range 0-2), error: 
-16
  cannot create card instance 0
  snd-usb-audio: probe of 7-1:1.0 failed with error -5

  and in /proc/asound/cards, the other cards are seen, but not the X515.

 I become really tired to spend so much time fighting against this OS

 Has anybody an idea  on where to look at?

best regards,
--
Pierre Frenkiel


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.11.1505252008500.23...@pfr2.frenkiel-hure.net

Re: Laptops, UEFI, Secure Boot and Debian

[Sven Arvidsson]

On Tue, 2015-05-26 at 00:59 +0800, Bret Busby wrote:
> But, in going to the company web site, I found the web site to be one
> of those malicious web sites, that crash web browsers (the web browser
> starts displaying the home page of the web site, and then crashes,
> while downloading the home page of the web site, and, I have tried to
> access that web site, a number of times, and, each time, it crashed
> the web browser), and so, I have no confidence in that company. Its
> software is defective, and, its web site is malicious.
> "

Works fine here. Pretty sure that's a bug in your browser ;)

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5




signature.asc
Description: This is a digitally signed message part

Re: Laptops, UEFI, Secure Boot and Debian

[Bret Busby]

On 25/05/2015, Lisi Reisz  wrote:
> On Monday 25 May 2015 08:35:40 Bret Busby wrote:
>> On 25/05/2015, Patrick Bartek  wrote:
>> > On Sun, 24 May 2015, Paul E Condon wrote:
>>
>> 
>
>> With UEFI and the forced Security Boot that is part of UEFI, with
>> toxic waste Setup Utilities like Inshite, which fraudulently
>> misrepresents that it implements Dual Mode, Inshite being the Setup
>> Utility that comes with Acer laptops, all that is needed to be done,
>> is that the boot method gets switched using the system Setup Utility,
>> between UEFI to boot into Microshite Windows 8.x, and Legacy Mode to
>> install and boot into a proper operating system, like Linux.
> [snip]
>> boot into Microshite Windows, until the people responsible for UEFI
>> and its implementations, get their act together, and acknowledge that
>> operating systems other than Microshite Windows, exist, and are used.
>
> Brett,
> I understand that you are angry with Microsoft, but could oyu please post in
>
> English?  This is, after all, the English language list.
>

Actually, I picked up the term "shite", from television programs from
England, so, the use of the term, on this English language list,
especially in the context that I use it, appears appropriate...
;)

> I know that Microshite is Microsoft, but what on earth is Inshite?  I don't
>
> _think_ you mean this:
> http://www.urbandictionary.com/define.php?term=inshite
> At least, it doesn't make sense.
>
> Lisi
>


In the message posted by me, in the thread "Debian 7 and UEFI/GPT",
with the timestamp "13 March 2015 at 03:31" (WST; =UTC+8.00), is the
following;

"
> Okay.
>
> In thinking about this further, I remembered that, due to the
> malicious nature of MS Win8, it is installed with the nasty
> UEFI->Secure Boot mode, which maliciously disables the installation of
> any additional operating systems.
>
> And, I remember that the only way to amend that, to enable additional
> operating systems to be installed, is to bypass the Secure Boot mode.
>
> So, I decided to check, using Boot->  to find the boot mode.
>
> That shows the Boot Mode, as "Legacy".
>
> So, I switched the Boot Mode to UEFI, and "Secure Boot" is shown as
> "Enabled.
>
> So, I shifted the active position, to try to toggle the "Secure Mode"
> setting, to "Disabled".
>
> But, the active position by passes the "Secure Boot" field, thus
> indicating, to me, that, with the UEFI Boot Mode, the Secure Boot can
> not be disabled, so, in UEFI, it appears to be MS Win8, or nothing.
>
> Now, to the right of the frame, in which those settings may be altered
> (where they can be altered), is, under "Item Specific Help",
> "Select boot type to Dual type, Legacy type or UEFI type"
>
> Down the bottom of the screen, is "F5/F6 Change values"
>
> But, in toggling through the Boot Mode values, using each of  and
> , the "Dual option is not available - not "greyed out" as being
> not selectable - simply not displayed as an option.
>
> So, the only Boot Mode options, are "UEFI" -> "Secure Boot Mode"
> "Enabled", and "Legacy.
>
> In booting into the UEFI Boot Mode, (after a while) MS Win8 boots.
>
> I can not (at this stage) do anything with it - I have forgotten the
> login password (I have to find whether I can reset that, and, if so,
> how).
>
> In then rebooting, into the  Setup Utility, and selecting Legacy,
> as the Boot Mode value, I get the Ubuntu GRUB menu, allowing me to
> boot into either Debian or Ubuntu Linux.
>
> The  Setup Utility displays, in the Title Bar, "InsydeH20 Setup
> Utility Rev. 3.7".
>
> The solution, at this stage, appears to be to use the  Setup, to
> change between UEFI and Legacy BIOS boot modes, thence to select which
> operating system, I want to boot.
>
> I believe that, unless and until the "InsydeH20 Setup Utility" is
> upgraded, to allow the UEFI -> Secure Boot Mode to be turned off,
> and/or, the Boot modes to include provision of the stated "Dual type"
> Boot Mode, the solution that I have described, is the only available
> solution, to allow me to boot into any one of the three installed
> operating systems mentioned above.
>


I note that, after visiting the web page at
http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface
to which I have been referred, in another message posted in this
thread, I found
"while Insyde Software offers InsydeH2O, its own implementation of Tiano."
which contains a link to the wikipedia web page about that company, at
http://en.wikipedia.org/wiki/Insyde_Software
which contains a link, toward the bottom of that web page, to the web
site for the company, at
http://www.insydesw.com/

So I thought that it would be a good idea to go to the company web
site, and find a contact email address for the company, and send them
an email, stating that the software that is the
"InsydeH20 Setup Utility Rev. 3.7" for the particular computer, is
defective, as described above, and ask when the company intends to fix
the defect, and supply the corrected software.

But, in going 

Re: mixer.app ; how do i use it after installing it with aptitude?

[Carl Johnson]

Seeker  writes:

> On 5/24/2015 1:46 PM, Paul E Condon wrote:
>> I found a .deb package, named 'mixer.app' by accident in aptitude
>> interactive mode. My current sound mixer is the one installed by xfce,
>> which uses much to much area on my display screen for my taste. (about
>> 20%)
>>
>> I think I need to learn how to create a 'launcher', which is something
>> I have never done. Where can I find instructions for creating a
>> launcher specific to xfce?
>>   
> It's been a long time since I messed around with dockapps outside of
> WindowMaker.
>
...
>
> There used to be some docks that provided support for dockapps, but
> I'm not finding that info at the moment.

There is the xfce4-wmdock-plugin which creates a dock position in a
panel to hold all dockapps.  I use it and it works well for me.

-- 
Carl Johnsonca...@peak.org


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87lhgcekch.fsf@elk.localnet

Re: install ati open source driver , but have no effect!

[mudongliang]

On 05/25/2015 09:52 PM, Sven Arvidsson wrote:

On Mon, 2015-05-25 at 21:22 +0800, mudongliang wrote:

5. I use "glxgears -info" to test the performance. However ,the
performance is so bad ! It seems no ati driver at all!
375 frames in 5.0 seconds = 74.986 FPS
300 frames in 5.0 seconds = 59.857 FPS
300 frames in 5.0 seconds = 59.855 FPS
300 frames in 5.0 seconds = 59.854 FPS

A, glxgears is not a benchmark! :)

B, It is probably working, but vsync'ed by default. Try setting the
environment variable vblank_mode=0 before running glxgears. Or configure
this in ~/.drirc

I tried with the setting of vblank_mode = 0
mdl@114-212-83-40:~$ vblank_mode=0 glxgears
ATTENTION: default value of option vblank_mode overridden by environment.
ATTENTION: default value of option vblank_mode overridden by environment.
21924 frames in 5.0 seconds = 4384.718 FPS
23961 frames in 5.0 seconds = 4792.086 FPS

This test is very good !But the gnome animation is still slow, so I 
think maybe my computer's hardware(especially my Card) is out of date!

What do you think of this result ?
Is this kind of testing a benchmark?
mudongliang


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/blu437-smtp5256203252dbc021e20772bc...@phx.gbl

Re: install ati open source driver , but have no effect!

[Sven Arvidsson]

On Mon, 2015-05-25 at 21:22 +0800, mudongliang wrote:
> 5. I use "glxgears -info" to test the performance. However ,the 
> performance is so bad ! It seems no ati driver at all!
> 375 frames in 5.0 seconds = 74.986 FPS
> 300 frames in 5.0 seconds = 59.857 FPS
> 300 frames in 5.0 seconds = 59.855 FPS
> 300 frames in 5.0 seconds = 59.854 FPS

A, glxgears is not a benchmark! :)

B, It is probably working, but vsync'ed by default. Try setting the
environment variable vblank_mode=0 before running glxgears. Or configure
this in ~/.drirc 

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5




signature.asc
Description: This is a digitally signed message part

Re: test if fan is working

[Anil Duggirala]

Ok, well, I have tested that the fan is working, because Ive heard it
working now, and the temps appear to be in a good range, my BIOS did not
show me anything in regards to fans though,
thanks,

On Sun, May 24, 2015, at 10:22 PM, bri...@aracnet.com wrote:
> On Sat, 23 May 2015 13:01:54 -0700
> Anil Duggirala  wrote:
> 
> > hello,
> > How can I test if my fan is working in Debian?, thanks,
> > 
> > 
> 
> you might want to try booting into the bios (F2 or DEL or something on
> boot).
> 
> often the bios will have an rpm reading on any fans present.
> 
> Brian
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive:
> https://lists.debian.org/2015052440.75c2f...@cedar.deldotd.com
> 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/1432561346.1560668.277502537.41c60...@webmail.messagingengine.com

install ati open source driver , but have no effect!

[mudongliang]

1. My ati Card version
00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd 
Generation Core Processor Family Integrated Graphics Controller 
[8086:0116] (rev 09)
01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. 
[AMD/ATI] Robson CE [Radeon HD 6370M/7370M] [1002:68e4] (rev ff)


2. the installation comes from  https://wiki.debian.org/AtiHowTo
Installation
The following procedure will install the open source display driver 
packages, DRI modules (for 3D acceleration) and driver firmware/microcode:
1)Add "contrib" and "non-free" components to /etc/apt/sources.list, 
for example:

# Debian 8 "Jessie"
deb http://http.debian.net/debian/ jessie main contrib non-free
2)Update the list of available packages:
# apt-get update
3)Install the firmware-linux-nonfree, libgl1-mesa-dri and 
xserver-xorg-video-ati packages:
# apt-get install firmware-linux-nonfree libgl1-mesa-dri 
xserver-xorg-video-ati

4)Restart your system to load GPU device firmware.

3. check the output, it successes!
dmesg | grep -E 'drm|radeon' | grep -iE 'firmware|microcode'
mdl@114-212-83-40:~$  dmesg | grep -E 'drm|radeon' | grep -iE 
'firmware|microcode'

[   11.968450] [drm] Loading CEDAR Microcode
[   11.999768] radeon :01:00.0: firmware: direct-loading firmware 
radeon/CEDAR_pfp.bin
[   12.031284] radeon :01:00.0: firmware: direct-loading firmware 
radeon/CEDAR_me.bin
[   12.031598] radeon :01:00.0: firmware: direct-loading firmware 
radeon/CEDAR_rlc.bin
[   12.033820] radeon :01:00.0: firmware: direct-loading firmware 
radeon/CEDAR_smc.bin
[   12.051580] radeon :01:00.0: firmware: direct-loading firmware 
radeon/CYPRESS_uvd.bin


4. 3D Acceleration
glxinfo  | grep rendering
direct rendering: Yes

5. I use "glxgears -info" to test the performance. However ,the 
performance is so bad ! It seems no ati driver at all!

375 frames in 5.0 seconds = 74.986 FPS
300 frames in 5.0 seconds = 59.857 FPS
300 frames in 5.0 seconds = 59.855 FPS
300 frames in 5.0 seconds = 59.854 FPS

6. besides, I found some output I don't understand!
"dmesg | grep VGA" show a Firmware Bug , what's meaning of this output?
[0.00] Console: colour VGA+ 80x25
[8.779667] VGA switcheroo: detected switching method 
\_SB_.PCI0.GFX0.ATPX handle

[   12.465267] [drm] Replacing VGA console driver
[   13.440434] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.
[   13.440443] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.
[   13.440450] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.
[   13.440458] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.
[   13.440464] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.
[   13.440470] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.
[   13.440477] [Firmware Bug]: Duplicate ACPI video bus devices for the 
same VGA controller, please try module parameter 
"video.allow_duplicates=1"if the current driver doesn't work.


mudongliang

Re: Need SAS HBA for Debian Jessie

[Håkon Alstadheim]

On 23. mai 2015 03:19, Leslie Rhorer wrote:
> Oh, you're right, although I had many of the same issues in that area,
> as well. That said, I still have not definitively pinpointed the
> source of the problems. The LSI controller on the Squeeze system is
> working without a hard failure, however. A couple of the drives still
> suffer timeouts with that controller, but it doesn't barf when they
> do. It just resets the drive. I would happily buy another of these LSI
> controllers, but they don't have support for the management utility
> under Jessie (or Wheezy, for that matter). They work with the kernel,
> but without using the management software to tweak the controller
> parameters (especially the write-through cache), performance is truly
> dismal. I mean really, really bad.
>> Here I agree with you. OTOH, if this had been for a "enterprise"
>> setting, a suggestion to check out RH - with their level of commercial
>> support - would not necessarily be a bad one.
>

I'm using LSI stuff myself. If you want plug and play, you will need to
go with a supported distro.

To spell it out: the choices if you go with LSI are either a) insanity
or b) a supported distro. Myself i picked the insanity route.

I have been using the LSI command-line utitilities under debian (wheezy
and jessie) and now gentoo (slightly more plug and play). They run just
fine once you get them unpacked. I have made some script wrappers around
MegaCli, and after a couple of years my mind is so warped that MegaCli
almost makes sense. StorCli is actually slightly less insane to work
with, but supports a different set of LSI hardware. The worst mindf*ck
is the inconsistency in naming and concepts, an the resulting muddled
grouping of the commands/options. Remember, case is irrelevant and the
'-' in front of options is optional.

One script wrapper I use is :
-/usr/local/bin/megacli
#!/bin/sh
echo
/apub/hakon/lsi/8.07.14_MegaCLI/Linux/opt/MegaRAID/MegaCli/MegaCli64
"$@" a0 nolog:
exec
/apub/hakon/lsi/8.07.14_MegaCLI/Linux/opt/MegaRAID/MegaCli/MegaCli64
"$@" a0 nolog
-
Another one I call "megahelp", and is a fancy way to grep the built-in
help in the megacli. The source started out with the output from
"/apub/hakon/lsi/8.07.14_MegaCLI/Linux/opt/MegaRAID/MegaCli/MegaCli64
help". I am currently running my raid on a gentoo box, and the script
you find here:  is sort-of-ported
and halfway improved from what I used to run on my jessie box. I
discovered that "megacli help " gives a different output from
just "megacli help", so I swithced megahelp to use the former where
appropriate, without removing the old code.

Once you get something like this going, you add liberal use of grep on
the output of megacli commands to pick out the relevant information you
are after, and maintenance of LSI raid under debian is OK. Logging is
weird though.

P.S: Having a bios that allows you to tweak the settings before booting
is quite nice, on my newest rig that actually works. Take a look in the
bios screens, you might be pleasantly surprised.
--
Regards, Håkon


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/556310bf.8060...@alstadheim.priv.no

[HITB-Announce] REMINDER: Call for Papers for HITB GSEC

[Hafez Kamal]

REMINDER: The Call for Papers for the inaugural Hack In The Box GSEC
conference in Singapore is closing on the 31st of May.

Call for Papers: http://gsec.hitb.org/call-for-papers/
Event Website: http://gsec.hitb.org/sg2015/

HITB GSEC is a three-day security conference limited to 111 attendees
who vote on the final agenda of talks. Attendees can also opt to be
introduced to speakers and each other based on the votes they cast.

Held at the Sheraton Towers in Singapore from October 12th till the
16th, we'll start off with 2 days of hands-on intensive training classes
followed by a 3-day conference featuring keynotes by Kristin Lovejoy, GM
of IBM's Security Services Division and security thought leader, Winn
Schwartau.

We are looking for 60-minute, offensive focused deep-knowledge
presentations. Research that is new, novel and preferably material
that has not been presented elsewhere prior.

Submission Process:

1.) Register for an account at http://gsec.hitb.org/cfp/

2.) Send us the following:

- Presentation abstract (1000 - 1500 words)
- White paper (3500 - 5000 words)
- Supporting material (poc code, slides, video etc)
- A recent photograph

3.) When CFP closes, audience voting begins. Each registered delegate
gets 3 votes to cast against any presentations they like.

4.) When a presentation receives 8 votes it is removed from voting. You
then receive an email introduction to voters which allows you to further
fine tune your presentation to suit the audience profile.

Important Dates:


May 31st 2015 - Call for Papers closes
June 1st - July 31st - Voting period
1st week of August - Final agenda announced



Each accepted submission will entitle speaker(s) to:

- Accommodation for 3 nights / 4 days

- Travel expense reimbursement up to USD1500.00 per slot for
non-resident speakers

- A USD1500 honorarium per slot

Topics of interest include, but are not limited to the following:

   SAP Security
   Cloud Security
   File System Security
   3G/4G/WIMAX Security
   SS7/GSM/VoIP Security
   Security of Medical Devices
   Critical Infrastructure Security
   Smartphone / Mobile Security
   Smart Card and Physical Security
   Network Protocols, Analysis and Attacks
   Applications of Cryptographic Techniques
   Side Channel Analysis of Hardware Devices
   Analysis of Malicious Code / Viruses / Malware
   Data Recovery, Forensics and Incident Response
   Hardware based attacks and reverse engineering
   Windows / Linux / OS X / *NIX Security Vulnerabilities
   Next Generation Exploit and Exploit Mitigation Techniques
   NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security

As always, we do not accept product or vendor related pitches.

HITB GSEC 2015 Singapore: http://gsec.hitb.org/sg2015/

Regards,
Hafez Kamal
Hack in The Box (M) Sdn. Bhd
36th Floor, Menara Maxis
Kuala Lumpur City Centre
50088 Kuala Lumpur, Malaysia
Tel: +603-26157299
Fax: +603-26150088


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/dsij3r14-qbm-7i46-d7k-cvm1nf...@hackinthebox.org

Re: (should be) simple bind problem

[Glenn English]

On May 25, 2015, at 1:00 AM, Bob Proulx  wrote:

> Glenn English wrote:
>> root@srv:~# ps -ef | grep named
>> bind  2098 1  0 May10 ?00:00:36 /usr/sbin/named -u bind
>> root 10498 1  0 May10 ?00:00:50 /usr/sbin/named -c 
>> /etc/bind/named.conf
> 
> There are two of them running?  That doesn't seem right.  The first
> one looks okay but the second one does not.
> 
> I would be inclined to kill both of them.  Then start it up again and
> check all over again.

Just tried that. They were still 2 of them there. I stopped Bind9 with the 
init.d script, but the second (root) was still there. So I killed it and 
started Bind again (init script doesn't 'killall named' I guess??). Now it 
looks right.

FWIW, the one started by root was dated yesterday. I started today's Bind a few 
minutes ago, and root hasn't started another one yet.

I'll look through the logs and look at the rest of your message later. 

-- 
Glenn English




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/9f04045a-3398-42e1-9b61-08e3d04c0...@slsware.net

Re: Laptops, UEFI, Secure Boot and Debian

[Lisi Reisz]

On Monday 25 May 2015 08:35:40 Bret Busby wrote:
> On 25/05/2015, Patrick Bartek  wrote:
> > On Sun, 24 May 2015, Paul E Condon wrote:
>
> 

> With UEFI and the forced Security Boot that is part of UEFI, with
> toxic waste Setup Utilities like Inshite, which fraudulently
> misrepresents that it implements Dual Mode, Inshite being the Setup
> Utility that comes with Acer laptops, all that is needed to be done,
> is that the boot method gets switched using the system Setup Utility,
> between UEFI to boot into Microshite Windows 8.x, and Legacy Mode to
> install and boot into a proper operating system, like Linux.
[snip]
> boot into Microshite Windows, until the people responsible for UEFI
> and its implementations, get their act together, and acknowledge that
> operating systems other than Microshite Windows, exist, and are used.

Brett,
I understand that you are angry with Microsoft, but could oyu please post in 
English?  This is, after all, the English language list.  

I know that Microshite is Microsoft, but what on earth is Inshite?  I don't 
_think_ you mean this:
http://www.urbandictionary.com/define.php?term=inshite
At least, it doesn't make sense.

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201505251029.26628.lisi.re...@gmail.com

Re: mixer.app ; how do i use it after installing it with aptitude?

[Siard]

Petter Adsen:
> Do you really need a mixer, or do you just need a way to control
> volume/mute?
> 
> If the latter, you could bind some keys to the XF86_Volume*-keys
> (and mute) if you don't have multimedia keys on your keyboard, Xfce
> recognizes those and adjusts the volume accordingly.
> 
> There are probably command line tools that will adjust the volume by a
> certain number of steps that you could use for this, also, although I
> don't know of any.

I use xbindkeys, and with the aid of xbindkeys-config I set
'Ctrl+Up'   to execute "/usr/bin/amixer set Master 5%+" (volume up) and
'Ctrl+Down' to execute "/usr/bin/amixer set Master 5%-" (volume down).


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150525112323.e8618f7b.shiems...@kpnplanet.nl

Re: mixer.app ; how do i use it after installing it with aptitude?

[Petter Adsen]

On Sun, 24 May 2015 14:46:34 -0600
Paul E Condon  wrote:

> I found a .deb package, named 'mixer.app' by accident in aptitude
> interactive mode. My current sound mixer is the one installed by xfce,
> which uses much to much area on my display screen for my taste. (about
> 20%) 
> 
> I think I need to learn how to create a 'launcher', which is something
> I have never done. Where can I find instructions for creating a
> launcher specific to xfce?

If you want the launcher to only display in Xfce then set this in
your .desktop file:

OnlyShowIn=Xfce

> I've already found a way of mouse clicking that pops up a small window
> with small text entry boxes in it, but I have no idea what to type
> into the boxes. And, for all I know, my mouse clicking is not at all
> any part of getting the mixer.app .deb to play nicely with xfce.
> 
> Also, mixer.app may not be the best solution for my screen real estate
> problem. Alternatives for a smaller area mixer graphic will be happily
> entertained.

Do you really need a mixer, or do you just need a way to control
volume/mute?

If the latter, you could bind some keys to the XF86_Volume*-keys
(and mute) if you don't have multimedia keys on your keyboard, Xfce
recognizes those and adjusts the volume accordingly.

There are probably command line tools that will adjust the volume by a
certain number of steps that you could use for this, also, although I
don't know of any.

If you want a graphical mixer, I found wmmixer - is that the same as
the one you are talking about?

Just a thought. :)

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpJJGNT593m_.pgp
Description: OpenPGP digital signature

Re: Laptops, UEFI, Secure Boot and Debian

[Bret Busby]

On 25/05/2015, Patrick Bartek  wrote:
> On Sun, 24 May 2015, Paul E Condon wrote:
>



> UEFI isn't the problem.  Most all Linux distros support and can use
> it.  It's Secure Boot which requires a Microsoft key that's the
> problem.  If you can't turn it off, you can't install another OS.
> And if you want to dual or multi-boot with Windows 8.x, and
> presumably W10, a royal PIA to set up, if you can get it to work at all.

I have previously posted messages about this.

With UEFI and the forced Security Boot that is part of UEFI, with
toxic waste Setup Utilities like Inshite, which fraudulently
misrepresents that it implements Dual Mode, Inshite being the Setup
Utility that comes with Acer laptops, all that is needed to be done,
is that the boot method gets switched using the system Setup Utility,
between UEFI to boot into Microshite Windows 8.x, and Legacy Mode to
install and boot into a proper operating system, like Linux.

Having UEFI and the forced Security Boot (I wonder that the European
and USA regulatory authorities have not acted to stop the monopolistic
trade practice - maybe they are getting bored with trying to make
Microshite do the right thing), it is a fairly simple procedure, to
switch between booting into Microshite Windows 8.x and real operating
systems.

Users simply need to turn of UEFI, and switch on Legacy Mode, to boot
into Linux, and switch on UEFI (should it be renamed UE-FU (?) ), to
boot into Microshite Windows, until the people responsible for UEFI
and its implementations, get their act together, and acknowledge that
operating systems other than Microshite Windows, exist, and are used.

-- 
Bret Busby
Armadale
West Australia
..

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CACX6j8N7RgVerB4_1N2Y_jBwy8RLZgXhdoZ7f+xgNLctps59=g...@mail.gmail.com

Definitely straying: Was: Re: Danger of stray : in PATH, Re: Problem Running Application with Alias

[Petter Adsen]

On Sun, 24 May 2015 21:03:38 -0600
Bob Proulx  wrote:

> David Wright wrote:
> > Quoting Petter Adsen:
> > > PS: What _are_ the security implications of having a PATH set to
> > > "/foo/bar:"?
> >...
> > $ cd /home/evilperson/malicious-programs/
> > $ emaca  (oops, I mistyped emacs. Funny, why are my files
> > disappearing?) (oh dear, their file "emaca" contains rm -f ~/*)
> > 
> > or, if the colon is at the start of PATH:
> > 
> > $ date   (Funny, why...?)
> >  (oh dear, their file "date" is a symlink to emaca)
> > 
> > $ ls -1 /home/evilperson/malicious-programs/
> > date
> > emaca
> 
> You aren't thinking maliciously enough!  :-)
> 



> And it isn't just other local users.  Let's go long.  Web sites such
> as Wordpress have a long history of being cracked.  In their preferred
> installation mode they want to be able to update themselves.  Meaning
> they can write to their own files.  Meaning that if they to get
> exploited an attacker can write files to the local file system.  This
> is often used for cracking the web site but could also be used for
> leaving files such as a compomised 'ls' around too.  Just by itself
> maybe they could only drop some files onto the file system owned by a
> non-priviledged www-data user causing web site defacement.  But then
> later if the user or worse root had the current working directory in
> PATH and is tricked into running a compromised ls then the remote
> compromise attack succeeds.  With LD_PRELOAD_PATH is almost as good
> and has all of the same dangers.  This could potentially through a
> sequence of missteps become a remote root compromise to the system.

OK, this is veering off-topic - apologies in advance. From what I
understand, LD_LIBRARY_PATH contains additional places to look for
libraries that aren't in ld.so.conf.

From ld.so(8):

   LD_LIBRARY_PATH
  A colon-separated list of directories in which to search for ELF
  libraries at execution-time.  Similar to  the  PATH  environment
  variable.  Ignored in set-user-ID and set-group-ID programs.

But what order is this information parsed in? Does LD_LIBRARY_PATH
override ld.so.conf? Ie, could I place a modified version of a library
somewhere, point LD_LIBRARY_PATH at it, and every binary that is linked
toward the original library will run functions from the modified one,
or would I also need to remove the original library, so that only the
modified one is found?

The danger would be much clearer if it overrides, since if it doesn't
you will probably notice that the original library has been disabled.

Am I even on the right track, here?

> Some of us would say it is unlikely to happen to *us* but we might all
> agree that it could happen to someone else.  A potential if unlikely
> exploit.

Yes, "it would never happen to me". Dangerous attitude when it comes to
security.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgp4Y9MLfbnnu.pgp
Description: OpenPGP digital signature

Re: Laptops, UEFI, Secure Boot and Debian

[Petter Adsen]

On Sun, 24 May 2015 20:31:40 -0700
Patrick Bartek  wrote:

> On Sun, 24 May 2015, Paul E Condon wrote:
> 
> > > [BIG snip]
> > Two comments:
> > 
> > 1) I saw a few days ago, an NewEgg.com advert. for a specialized
> > HD/SSD combo. from Western Digital. It is a drop-in replacement for
> > a SATA HD that combines in the same SATA physical outline, a 120GB
> > SSD and a 1TB backing store on HD. This for just over $100 on
> > Memorial Day sale. They must have figured out how to deal with
> > UEFI. If they can figure it out, surely open/libre people can copy
> > the WD approach.
> 
> I've seen similar hybrid drives on laptops as the default drives.
> Don't know how they are configured, but I'm assuming that the SSD
> holds the OS and apps for fast response times, and the spinning drive
> holds all data and/or backup and recovery partitions.

Sort of. From what I understand, the SSD is a sort of cache for the
spinning drive. You only "see" the spinning drive, but things that are
frequently accessed go through the SSD.

There is software that sets up something similar for Linux, but I can't
remember what it's called - I'm using my SSDs as / and /home, and that
gives me performance where and when I want it.

> > 2) Who among us would be willing to download and install software
> > from the NSA that says it will protect you from Microsoft? Who
> > doubts that NSA has the technology to break Microsoft's UEFI?
> 
> A lot of people already use NSA software:  SELinux.  I'm not one.  For
> servers, it's great for security; but for a user system, it's a waste
> of CPU cycles.  I always turned it off when I ran Fedora.  It was
> impossible to uninstall or seemed so.
>
> UEFI isn't the problem.  Most all Linux distros support and can use
> it.  It's Secure Boot which requires a Microsoft key that's the
> problem.  If you can't turn it off, you can't install another OS.

For now. As mentioned earlier, there are approaches underway to solve
this. See my other mail on this.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."


pgpKXicmBvJPX.pgp
Description: OpenPGP digital signature

Re: Laptops, UEFI, Secure Boot and Debian

[Petter Adsen]

On Sun, 24 May 2015 17:39:08 -0700
Patrick Bartek  wrote:

> On Sun, 24 May 2015, Petter Adsen wrote:
> 
> > On Sat, 23 May 2015 12:46:10 -0700
> > Patrick Bartek  wrote:
> > 
> > > On Sat, 23 May 2015, Petter Adsen wrote:
> > > 
> > > > On Sat, 23 May 2015 09:04:55 -0700
> > > > Patrick Bartek  wrote:
> > > > > I've read about that, but right now until W10 in its final
> > > > > form is release, nobody really knows for sure.
> > > > 
> > > > Well, yes and no. We *do* know that the status has changed from
> > > > "mandatory" to "optional", but whether hardware manufacturers
> > > > will actually remove the ability to turn Secure Boot off
> > > > remains to be seen.
> > > 
> > > Yes.  I read that.  Wonder what Microsoft has up its sleeve?
> > 
> > If I were to guess, this is in preparation for at some point in the
> > future requiring Secure Boot to be used, without the ability to turn
> > it off.
> 
> My guess as well.  Anything to make Windows more convenient to use
> than installing another OS.  But you gotta think like a Microsoft
> lawyer here:  "But, your Honor, you CAN install Linux on the machine.
> Just follow these simple 389 steps.  No problem." ;-)
> 
> > You know, "think of the children!".
> > 
> > > Maybe, this is indicative of W10 being even more insecure than
> > > previous Windows' OSes.
> > 
> > Secure Boot itself is not actually such a bad idea, in some
> > circumstances it might be nice to have a fully signed chain. IMHO.
> 
> But it seems that Microsoft has co-opted it for their own use.
> They're the only ones making and selling the signing keys aren't they?
> Shouldn't those security keys come from an independent, unbiased
> provider? One that Microsoft has to get their signing keys from, too.

From what I understand, basically anyone can put their signing keys in
the firmware. Part of the criticism is that Microsofts keys are already
in it, making it difficult for anyone else, and without installing your
own keys, you must use keys that have been derived from theirs. I may
be wrong on this, I don't fully understand it.

Canonical will also enforce Secure Boot in the future, they claim, and
they are trying to get vendors to include their keys.

I am more worried about distributions like Debian. Fedora has the
backing of RedHat, so they will get keys (if they haven't already),
SUSE has cash, but I have no idea about Debian. At some point Canonical
would probably have helped them out, but I think that time has passed.
They are mostly looking out for themselves these days. With Snappy, I
don't even know if they will be based on Debian for much longer.

And what about all the other distributions? Slackware, Gentoo, etc?
There is no way all of them will be able to obtain keys.

I agree; an independent signing authority would be the best, but I'd
also like to see the ability to implant your own keys in the firmware.
And even better, to remove them, so that I could delete the MSFT key.
As mentioned, the Linux Foundation is looking into obtaining a key that
can be used to sign for distributions. The problem is that MS is able
to revoke keys at any time, and that would revoke all the Linux
distributions at once. Eggs - basket.

> > Hardware manufacturers will have to take into account the fact that
> > there are a large number of people and organizations that run their
> > machines without Windows, so I don't think there will be a lack of
> > machines that can turn Secure Boot off in the near future.
> 
> Have you forgotten about Asus and its $99 EeePC of a few years ago?
> It only ran Linux.  To keep the cost down.  No OS license needed. It
> sold very well, but was only a small part of Asus' Windows PC market.
> Microsoft still threw a hissy fit and threatened to revoke Asus'
> Windows license, if they didn't cnange the EeePC so it could run
> Windows XP.  Production on the EeePC ceased, and a year later a new
> EeePC debuted running a stripped down version of XP. But now it cost
> $199 not $99 whether it ran XP or Linux.  And the consumer got
> screwed.  MS didn't care.  They got their unit license fee.

Ah, the MS tax.

> Microsoft holds that Windows license over manufacturers like a battle
> axe.  If manufacturers don't go along, off with their heads!
> Microsoft can (and does) get almost anything it wants, and they've
> got a legal department that enables them to get away with it. 

I really, really wish Apple would release OS X for commodity hardware.
That could probably give MS a (little) run for its money in the home
market. Because let's face it - Linux isn't going to compete with them
for the ordinary user anytime soon. Neither are the BSDs, or HURD, or
Haiku, or...

(Yes, I know Apple will never do that.)

> > But will it become something to watch out for when buying new
> > hardware? Most certainly, at least for a period of time. I have a
> > sneaking suspicion that it might become a bigger problem for laptop
> > users than for desktop users, although I'm unable to back that up.
>

Re: (should be) simple bind problem

[Bob Proulx]

Glenn English wrote:
> root@srv:~# ps -ef | grep named
> bind  2098 1  0 May10 ?00:00:36 /usr/sbin/named -u bind
> root 10498 1  0 May10 ?00:00:50 /usr/sbin/named -c 
> /etc/bind/named.conf

There are two of them running?  That doesn't seem right.  The first
one looks okay but the second one does not.

I would be inclined to kill both of them.  Then start it up again and
check all over again.

  service bind9 stop
  ps -ef | grep named
  kill 10498
  ps -ef | grep named

Make sure none are running.  Then start it up again and check.

  service bind9 start

Did you by any chance configure bind9 to run in a chroot?

> > If it isn't that then I would suspect selinux has become enabled but
> > not fully configured.
> 
> I'm game. How do I find out/configure it?

If you haven't heard of it then it isn't enabled.  I wouldn't suggest
enabling it.  If you haven't heard of it then I think it is not likely
to be the problem.

> root@srv:~# ps aux | egrep -i selinux
> root 13013  0.0  0.0   7828   900 pts/0S+   15:48   0:00 egrep -i 
> selinux
> 
> If it's running, it doesn't have a pid. I don't really know what
> SELinux is. I've heard it's a collection of patches to the kernel,
> but that's all I know.

selinux stands for security-enhanced-linux and is a policy layer where
everything is controlled by access control lists.  It completely
changes the traditional security system.  It isn't a daemon.

> I grepped the /etc/default files for selinux. Nothing.
> 
> I grepped the /etc/init.d startup files. I found 'selinux-enabled' in the 
> checkroot.sh file (if selinux-enabled ...). selinux-enabled is a small 
> function in /lib/lsb/init-functions.sh:
> 
> selinux_enabled () {
>which selinuxenabled >/dev/null 2>&1 && selinuxenabled
> }
>
> 'which selinuxenabled' says there's no such file here. So does
> 'root@srv:/boot# find / -iname "*selinuxenabled*""

That command is in the selinux-utils package.  You don't have it.
Making it unlikely that you would have selinux blocking you.  (No need
to install it.)

The next thing I would wonder is if the 'immutable' bit were set on
the file system.  Again from my system.

  $ lsattr -d /var/cache/bind
   /var/cache/bind

(You can read about it in the 'man chattr' man page.)

> This is happening on Dell, Supermicro, and RaspberryPi boxes, all
> running Wheezy with default, and updated, kernels, FWIW. The lone
> Lenny server doesn't seem to have troubles.

It happens on multiple systems?  Oh my that is a problem.  I am afraid
I am running out of ideas.  If it isn't normal user permissions, isn't
selinux, isn't ext immutable then I don't know what it would be.  It
isn't normal.  I am running bind9 on similar random architectures and
systems and I have not run into any problems caching files there.

If all else fails I would be inclined to try an experiment.  I would
open up the permissions on /var/cache/bind to be drwxrwxrwx and then
start bind9 and see what files it produces there.  The owner and group
of the files produced should be a clue.  They should be "bind" but if
they were something else that would explain the permission denied
message and be a clue as to the problem.

  service bind9 stop
  chmod a+rwx /var/cache/bind
  service bind9 start
  ls -la /var/cache/bind

Bob


signature.asc
Description: Digital signature