Re: Re : Faille de sécurité dans le GNU libc avec les requêtes DNS

[Fabien R]

On 17/02/2016 22:58, merkeda...@vmail.me wrote:
> "Pour information, la mise à jour est passée dans Debian stable et sid.
De manière plus générale, les alertes sont ici:
https://www.debian.org/security/2016

--
Fabien

development business services -18-feb-16

[Winslet]

 

 

Dear customer,

 

A raise is important, since you have to beat your competitor and 

 

improve the rank of your website.

 

Then how do you boost your website without paying big ?

 

There are six ways .  

 

Our expert need  your web url , please send it now .

Office number: .:+ 911147049554, Mobile :+919312639156

Contact us on skype : raj30jan

Kind Regards 

Ellie Winslet

 

 

 

 

Re: bash-completion, tab and ambiguous globs

[The Wanderer]

On 2016-02-17 at 12:43, Lisi Reisz wrote:

> On Wednesday 17 February 2016 16:54:15 John L. Ries wrote:
> 
>>> Seriously, when does bash-completion actually help someone on
>>> the command line? The only time I notice it is when a pattern is
>>> buggy and doesn't let me complete a filename even when it's
>>> completely valid.
>> 
>> It apparently doesn't do anything for you or me (but I'm a Korn
>> shell user), but I have to assume that at least a few people find
>> it useful, otherwise we would not be having this discussion.
> 
> I love it.  I am a lousy typist (the list may have noticed).  Bash
> completion won't complete if I have already made an error, and when
> it completes, completes the rest without an error.  It is an absolute
> godsend.

I'm not sure I understand. How is this different from basic tab
completion, as opposed to the programmable completion which is provided
via the bash-completion package and is being discussed in this thread?

I wouldn't want to get by without tab completion either, but
programmable completion as I've seen it implemented in packages provided
by Debian seems to break some behaviors in the built-in tab completion
on which I had come to rely, so I always turn it off on my machines.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: I need help

[David Wright]

On Wed 17 Feb 2016 at 18:09:03 (-0600), Richard Owlett wrote:
> On 2/17/2016 5:34 PM, David Wright wrote:
> >On Wed 17 Feb 2016 at 14:07:30 (-0600), Richard Owlett wrote:
> >>[snip]
> >>>Depends on what you consider to be 'fast'. Is 120K/s fast?
> >
> >This laptop has 2255 packages on it, the total download size of which
> >is about 3GB. At a throughput of 120KB/s, that'd be about 7 hours.
> >The base system is nothing like that size of course, and you can build
> >up the system gradually. Just make sure to keep/backup the .deb files.
> >
> >>Compared to what?
> >>I recall loading the OS from paper tape. We *DID* have a high speed
> >>reader after all 
> >
> >That'd be about 1KB/s with 9-track perhaps.
> 
> Did you notice I said PAPER tap, not magnetic ;>

Sorry about the typo; my fingers have had a decade of typing 9-track
(for magnetic) since their decade of typing 8-track (for punched
paper) tape.

We were reading 8-track punched paper tape at 1000cps through the
1970s on an ocean-going IBM 1130. The readers were very compact and
worked by capacitance. They were much slower than Colossus's readers
in WW2, but had an impressive ability to stop the tape dead instantly.

I don't know what sort of high speed your reader could achieve.

> >>More seriously use https://www.debian.org/CD/vendors/ to select an
> >>appropriate vendor. I originally did that because all the
> >>connectivity I had was a 56k dial-up line.
> >
> >That's bits/s of course, and not even a throughput either.
> 
> Your point?

Dropping from 120,000 bytes/s to perhaps 20x slower on dial-up
makes purchasing the entire distribution on DVDs very sensible.
An installation started at bedtime and finished by morning on
broadband would become longer than the working week on dial-up.

So my point was that while netinst and downloading were quite
impractical in your former situation, 120K/s could well be
sufficient for some people to rely on.

Cheers,
David.

Re: pam_smbpass.so

[Joe Pfeiffer]

Sven Hartge  writes:

> Joe Pfeiffer  wrote:
>
>> I'm seeing a large number of entries in my /var/log/syslog that look
>> like this:
>
>> Feb 16 09:07:31 snowball auth: PAM unable to dlopen(pam_smbpass.so):
>> /lib/security/pam_smbpass.so: cannot open shared object file: No
>> such file or directory
>> Feb 16 09:07:31 snowball auth: PAM adding faulty module: pam_smbpass.so
>
>> So...  any idea what's going on here, and more importantly how to fix
>> it?  I also see consistently that this is a harmless message, but it
>> bugs me...
>
> Do a 
>
>   rgrep smbpass /etc/pam.d
>
> and see, if you have an old config file there which references
> pam_smbpass.so via absolute path. This can cause this error.

snowball:606$ rgrep smbpass /etc/pam.d
/etc/pam.d/common-password:password optional
pam_smbpass.so nullok use_authtok use_first_pass
/etc/pam.d/common-auth:auth optionalpam_smbpass.so 
migrate

> Odds are, you can just remove the old config file and purge the package
> you installed, because you don't need it.

Re: pam_smbpass.so

[Joe Pfeiffer]

Christian Seiler  writes:

> Hi,
>
> On 02/17/2016 05:11 PM, Joe Pfeiffer wrote:
>> Christian Seiler writes:
>>> [Suggesting journalctl -o verbose to debug this]
>> I'm running a current Debian testing installation, and journal is
>> enabled.
>> 
>> It turns out it's only coming from /usr/lib/dovecot/auth.  What's
>> weird is in /etc/pam.d/, the only files using the module are
>> common-auth and common-password, so I'd expect to see the error coming
>> either every time someone authenticates through anything, or any time
>> someone changes their password, and I'm not seeing either of those
>> cases -- just dovecot.
>
> Just a hunch: do you run dovecot chroot'ed? If so, then it is most
> likely the case that the specific PAM module is not available within
> the chroot and that's why it produces that message.

No, it isn't chrooted -- if it were, I'd expect the other pam modules to
give the same issues (for that matter, I'd expect it to not be able to
find pam.d!).

> If that's not the case: what's the contents of /etc/pam.d/dovecot?
> And /etc/pam.d/common-auth?

/etc/pam.d/dovecot:
#%PAM-1.0

@include common-auth
@include common-account
@include common-session

/etc/pam.d/common-auth:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
authrequiredpam_abl.so 
config=/etc/security/pam_abl.conf
auth[success=1 default=ignore]  pam_unix.so nullok_secure try_first_pass
# here's the fallback if no module succeeds
authrequisite   pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
authrequiredpam_permit.so
# and here are more per-package modules (the "Additional" block)
authoptionalpam_mount.so
authoptionalpam_smbpass.so migrate
authoptionalpam_cap.so
# end of pam-auth-update config

(note the line
authoptionalpam_smbpass.so migrate
is added when libpam-smbpass is installed)

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 4:02 PM, Jeremy T. Bouse
 wrote:
> On 2/17/2016 3:31 PM, Tom Browder wrote:
>> On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse
>>  wrote:
...
>>> I do agree locking the root password isn't advisable. As I use
>>> configuration management/automation to handle my servers I simply set the
>>> root password to generated password that only I know the algorithm to
>>> reproduce it when I need to,
>> Can you give more details on the process (at least generally)?
...

Thanks so much, Jeremy!

-Tom

Re: I need help

[Richard Owlett]

On 2/17/2016 5:34 PM, David Wright wrote:

On Wed 17 Feb 2016 at 14:07:30 (-0600), Richard Owlett wrote:

[snip]

Depends on what you consider to be 'fast'. Is 120K/s fast?


This laptop has 2255 packages on it, the total download size of which
is about 3GB. At a throughput of 120KB/s, that'd be about 7 hours.
The base system is nothing like that size of course, and you can build
up the system gradually. Just make sure to keep/backup the .deb files.


Compared to what?
I recall loading the OS from paper tape. We *DID* have a high speed
reader after all 


That'd be about 1KB/s with 9-track perhaps.


Did you notice I said PAPER tap, not magnetic ;>



More seriously use https://www.debian.org/CD/vendors/ to select an
appropriate vendor. I originally did that because all the
connectivity I had was a 56k dial-up line.


That's bits/s of course, and not even a throughput either.


Your point? 


Cheers,
David.

Re: I need help

[David Wright]

On Wed 17 Feb 2016 at 14:07:30 (-0600), Richard Owlett wrote:
> On 2/17/2016 7:37 AM, Adam Wilson wrote:
> >On Wed, 17 Feb 2016 15:51:58 +0800 Gener Badenas
> > wrote:
> >
> >>On Thu, Feb 11, 2016 at 8:01 AM, Ghaith Etaiwi
> >> wrote:
> >>
> >>>Hello, I'm starting in linux I used Ubuntu and didn't like it and I
> >>>have read that many people that used Debian had a better
> >>>experience, I have a MacBook Pro 4GB ram/ 500HDD/Intel HD 3000/ i5
> >>>2nd generation, can it run Debian?. Also, I want to know what
> >>>version of Debian to download, I saw something about DVD1, DVD2...
> >>>
> >>
> >>You can always choose net install so it is minimal.  Then you can
> >>download everything else.  I assume internet is fast in your location.
> >
> >Depends on what you consider to be 'fast'. Is 120K/s fast?

This laptop has 2255 packages on it, the total download size of which
is about 3GB. At a throughput of 120KB/s, that'd be about 7 hours.
The base system is nothing like that size of course, and you can build
up the system gradually. Just make sure to keep/backup the .deb files.

> Compared to what?
> I recall loading the OS from paper tape. We *DID* have a high speed
> reader after all 

That'd be about 1KB/s with 9-track perhaps.

> More seriously use https://www.debian.org/CD/vendors/ to select an
> appropriate vendor. I originally did that because all the
> connectivity I had was a 56k dial-up line.

That's bits/s of course, and not even a throughput either.

Cheers,
David.

Re : Faille de sécurité dans le GNU libc avec les requêtes DNS

[merkedanke]

"Pour information, la mise à jour est passée dans Debian stable et sid. 
Les versions de la glibc qui contiennent la correction de bug, et donc 
qui ne sont pas affectées par la vulnérabilité sont les suivantes:


Stable: 2.19-18+deb8u3
Sid: 2.21-8

Vous pouvez utiliser dpkg -l libc-bin pour vérifier quelle version 
tourne sur votre système. Pensez également à relancer les 
serveurs/services qui utilisent la libc"


PATCHÉ

*les commentaires sont cinglants et instructifs.

Re: Crear imagen del sistema y restaurarlo en una PC Virtual

[del tonos]

*Hola
**El comando recomendado era dc3dd

Se me olvidaba una ultima cosa, no he probado a hacer un redimensionado del
tamaño del HD (fué mi problema en ese caso).
Lo que hice, es una vez que hice la imagen de la particion:

1) Cree una maquina virtual y cree un disco con el nuevo tamaño deseado
2) Arranque esa maquina con una ISO en modo live
3) Desde el USB externo, volqué la imagen raw con dc3dd , al no tener las
virtualbox extensions se llevó restaurar desde USB un buen rato.
4) Una vez creada la imagen, inicio la maquina virtual para ver que todo OK
5) Vuelvo a reiniciar la maquina virtual, otra vez con el livecd, y
mediante qtparted redimensiono la particion y listo

Espero te ayude, saludos

El 17 de febrero de 2016, 16:07, del tonos escribió:

> ola.
> Yo lo hice bastante tiempo, debes arrancar desde un cd con una Linux Live,
> conectar un disco USB externo y utilizar DD (te recomiendo dd3c, viene en
> la backtrack si mal no recuerdo y la ventaja que tienes que te va mostrando
> el progreso). Haces la imagen en tu HD externo. Con esto tienes una imagen
> tipo RAW
>
> Arrancas nuevamente tu sistema a migrar, te recomiendo que tenga
> virtualbox instalado. Ahora conviertes de RAW a VDI
>
>
> https://blog.sleeplessbeastie.eu/2012/04/29/virtualbox-convert-raw-image-to-vdi-and-otherwise/
> (Por si no te carga la web, aqui va resumido:
>
> VirtualBox  command-line interface
> (VBoxManage) provides an easy way to convert raw disk image to the VDI/VMDK
> format and otherwise.
>
> Let's assume that we have raw image of the *sdb* device:
>
> $ sudo dd if=/dev/sdb of=./sdb.raw
>
> To use it with VirtualBox we need to convert it to the VDI format:
>
> $ VBoxManage convertdd sdb.raw sdb.vdi --format VDI
> )
>
>
> Ahora ya tienes tu imagen de HD convertida a VDI, ya puedes en virtualbox
> crear una maquina nueva y decirle que vas a usar una unidad de disco ya
> creada.
>
> Saludos
>
> El 17 de febrero de 2016, 15:44, Ismael L. Donis Garcia<
> sli...@citricos.co.cu> escribió:
>
>> Es posible crear una imagen del sistema y restaurarla en una maquina
>> virtual con virtualbox dentro del mismo sistema?
>>
>> De ser posible que debo hacer?
>>
>> Gracias y disculpen por las preguntas talvez tan simples para ustedes.
>> 
>> | ISMAEL |
>> 
>>
>>
>>
>

Re: Crear imagen del sistema y restaurarlo en una PC Virtual

[del tonos]

ola.
Yo lo hice bastante tiempo, debes arrancar desde un cd con una Linux Live,
conectar un disco USB externo y utilizar DD (te recomiendo dd3c, viene en
la backtrack si mal no recuerdo y la ventaja que tienes que te va mostrando
el progreso). Haces la imagen en tu HD externo. Con esto tienes una imagen
tipo RAW

Arrancas nuevamente tu sistema a migrar, te recomiendo que tenga virtualbox
instalado. Ahora conviertes de RAW a VDI

https://blog.sleeplessbeastie.eu/2012/04/29/virtualbox-convert-raw-image-to-vdi-and-otherwise/
(Por si no te carga la web, aqui va resumido:

VirtualBox  command-line interface (VBoxManage)
provides an easy way to convert raw disk image to the VDI/VMDK format and
otherwise.

Let's assume that we have raw image of the *sdb* device:

$ sudo dd if=/dev/sdb of=./sdb.raw

To use it with VirtualBox we need to convert it to the VDI format:

$ VBoxManage convertdd sdb.raw sdb.vdi --format VDI
)


Ahora ya tienes tu imagen de HD convertida a VDI, ya puedes en virtualbox
crear una maquina nueva y decirle que vas a usar una unidad de disco ya
creada.

Saludos

El 17 de febrero de 2016, 15:44, Ismael L. Donis Garcia<
sli...@citricos.co.cu> escribió:

> Es posible crear una imagen del sistema y restaurarla en una maquina
> virtual con virtualbox dentro del mismo sistema?
>
> De ser posible que debo hacer?
>
> Gracias y disculpen por las preguntas talvez tan simples para ustedes.
> 
> | ISMAEL |
> 
>
>
>

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jeremy T. Bouse]

On 2/17/2016 3:31 PM, Tom Browder wrote:
> On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse
>  wrote:
>> Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good
>> starts... I'd also check that "ChallengeResponseAuthentication no" is set as
>> well as some PAM modules will utilize it and be able to get around passwords
>> being entered as well as "UsePAM no"
> Okay.
>
>> I do agree locking the root password isn't advisable. As I use
>> configuration management/automation to handle my servers I simply set the
>> root password to generated password that only I know the algorithm to
>> reproduce it when I need to,
> Can you give more details on the process (at least generally)?
It's a technique I picked up from a past job... We took several pieces
of information we'd know about a machine and concatenated it together
with a delimiter character, then hashed it and cut it to length then
used that as the password. So it was then encrypted with the appropriate
password crypt routine for the host. If we needed the root password we
could regenerate it from the information but rarely needed it outside of
a DR situation.
>> but enable sudoers for all other 'root' access.
> Can one use that method and restrict use of "sudo su?"
You can restrict which commands can be executed and limit sudo to only
running certain commands at all. I don't use 'sudo su' as it's quite
redundant. When I do want a root shell I just do 'sudo -i' which I'm not
certain that can be restricted or not I'd have the RTFM on sudo to
investigate. Another thing I do on certain accounts is enable full input
and output logging so I can actually replay their sudo session in it's
entirety. I've had to do this before where we've been forced to give
sudo access to dev admins on a dev box and then they break things and
ask us to help them fix it. We grew tired of hearing "nothing" in
response to asking them what they changed, so we enabled the logging. We
use the same sudoers file site-wide as it's pushed out to all boxes.

>> I also go further by utilizing Duo Security as a MFA for SSH logins to
>> my servers for accounts authorized to log in.
> Hm, so you do allow some accounts password access?
Actually none of the user accounts have password access... All
access is via SSH identity keys that are pushed out via the config
management/automation process. Users can later add keys but the keys
managed via conf mgmt/automation are controlled exclusively from there
so they can be revoked and enforced.
> Thanks, Jeremy!
>
> Best,
>
> -Tom
>




smime.p7s
Description: S/MIME Cryptographic Signature

Re: 5000 Folders in a directory

[David Christensen]

On 02/17/2016 11:13 AM, Chris wrote:

is it possible to save 5000 folders in the same directory (ext4 FS)
without any performance issues?

It's a Maildir structure with a .-separator, e.g.

/var/vmail/public/folder1
/var/vmail/public/folder1.subfolder1a
/var/vmail/public/folder1.subfolder1b
...

Would it be better to use "real" subfolders with / as separator?


The Wikipedia ext4 article indicates that 5,000 subdirectories should be 
possible:


https://en.wikipedia.org/wiki/Ext4

Increasing the 32,000 subdirectory limit

In ext3 a directory can have at most 32,000 subdirectories.
Ext4 allows an unlimited number of subdirectories.[16] To allow for
larger directories and continued performance, ext4 turns on HTree
indexes (a specialized version of a B-tree) by default. ...


As for performance, my WAG is that file system directory accesses are a 
tiny fraction of the overall workload for normal mail server operations, 
so you could pick either directory structure and performance will be 
essentially the same.  If you need to quantify performance, then you'll 
have to find or devise meaningful benchmarks.



David

Crear imagen del sistema y restaurarlo en una PC Virtual

[Ismael L. Donis Garcia]

Es posible crear una imagen del sistema y restaurarla en una maquina virtual 
con virtualbox dentro del mismo sistema?


De ser posible que debo hacer?

Gracias y disculpen por las preguntas talvez tan simples para ustedes.

| ISMAEL |

Re: [OT] Dynatrace agent en unico vhost apache

[Maykel Franco]

El día 11 de febrero de 2016, 17:13, Camaleón  escribió:
> El Thu, 11 Feb 2016 16:49:37 +0100, Maykel Franco escribió:
>
>> Buenas, me ha tocado una tarea de estas que te pide el cliente y que
>> consume recursos de las máquinas en producción pero bueno...
>
> (...)
>
>> He metido esa linea de LoadModule, en un vhost y la carga pero mi
>> pregunta es, mandará estadísticas de apache de solo ese vhost o en
>> general de todos los vhost?
>
> (...)
>
> Lo poco que he leído de ese Dynatrace (no lo conozco) me da a entender
> que monitoriza servicios/procesos (servidor web, correo, estado del
> equipo, gestión de recursos, etc...) por lo que entiendo que te dará
> estadísticas de consumo de todo lo que pase por Apache.
>
> Ahora bien, no sería muy útil que esos datos no se pudieran filtrar o
> configurar para no incluir información sensible (salvo que simplemente se
> trate de datos genéricos de consumo/rendimiento) o adecuarlos al tipo de
> información que te interese. Supongo que tendrá alguna opción para
> definir el tipo de informe que quieres que genere, no te va a dar el
> chorro de datos en bruto y ya :-)
>
> Web Server Monitoring
> https://community.dynatrace.com/community/display/DOCDT62/Web+Server+Monitoring
>
> Saludos,
>
> --
> Camaleón
>

Gracias por el enlace y aclaración, voy a mirar a ver.

Re: 5000 Folders in a directory

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Feb 17, 2016 at 08:13:23PM +0100, Chris wrote:
> Dear All,
> 
> is it possible to save 5000 folders in the same directory (ext4 FS)
> without any performance issues?

I think ext3/ext4 should take that without problems. This is on my
netbook, not particularly  fast disk (LUKS encrypted):

  tomas@rasputin:~$ mkdir foo
  tomas@rasputin:~$ cd foo
  tomas@rasputin:~/foo$ time ( for i in $(seq 0 4999) ; do touch $i ; done )
  
  real0m21.767s
  user0m5.324s
  sys 0m3.824s
  tomas@rasputin:~/foo$ time touch bar
  
  real0m0.006s
  user0m0.000s
  sys 0m0.000s
  tomas@rasputin:~/foo$ time ls 3795
  3795
  
  real0m0.007s
  user0m0.004s
  sys 0m0.004s
  tomas@rasputin:~/foo$ 
  tomas@rasputin:~/foo$ cd ..
  tomas@rasputin:~$ time rm -Rf foo

  real0m0.122s
  user0m0.000s
  sys 0m0.116s

The creation time averages to 4.35 ms, btw.

Such big directories were a problem before dirhashes were introduced in
ext3, if memory serves.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbE37QACgkQBcgs9XrR2kZSRQCdHMN30g1CDhsbuXUBvWb19IYt
TYMAnjSCN/pzZFJcSq51rsVvn7lsrGVR
=uFXj
-END PGP SIGNATURE-

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse
 wrote:
> Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good
> starts... I'd also check that "ChallengeResponseAuthentication no" is set as
> well as some PAM modules will utilize it and be able to get around passwords
> being entered as well as "UsePAM no"

Okay.

> I do agree locking the root password isn't advisable. As I use
> configuration management/automation to handle my servers I simply set the
> root password to generated password that only I know the algorithm to
> reproduce it when I need to,

Can you give more details on the process (at least generally)?

> but enable sudoers for all other 'root' access.

Can one use that method and restrict use of "sudo su?"

> I also go further by utilizing Duo Security as a MFA for SSH logins to
> my servers for accounts authorized to log in.

Hm, so you do allow some accounts password access?

Thanks, Jeremy!

Best,

-Tom

Re: tomcat

[Jean-Michel OLTRA]

Bonjour,


Le mardi 16 février 2016, sechanb...@free.fr a écrit...


> ok, j'ai déposé le fichier à l'endroit indiqué, après j'imagine qu'il
> faut changer quelque chose à la configuration pour que le server y
> accède ? 

Ça devrait suffire pour permettre le "déploiement" de l'archive .war.
Possible qu'il faille également un fichier de contexte
/var/lib/tomcat8/conf/Catalina/localhost/bimserver.xml (le nom importe
peu). Tout dépend des besoins spécifiques de l'application.

-- 
jm

Re: I need help

[Richard Owlett]

On 2/17/2016 7:37 AM, Adam Wilson wrote:

On Wed, 17 Feb 2016 15:51:58 +0800 Gener Badenas
 wrote:


On Thu, Feb 11, 2016 at 8:01 AM, Ghaith Etaiwi
 wrote:


Hello, I'm starting in linux I used Ubuntu and didn't like it and I
have read that many people that used Debian had a better
experience, I have a MacBook Pro 4GB ram/ 500HDD/Intel HD 3000/ i5
2nd generation, can it run Debian?. Also, I want to know what
version of Debian to download, I saw something about DVD1, DVD2...



You can always choose net install so it is minimal.  Then you can
download everything else.  I assume internet is fast in your location.


Depends on what you consider to be 'fast'. Is 120K/s fast?


Compared to what?
I recall loading the OS from paper tape. We *DID* have a high 
speed reader after all 


More seriously use https://www.debian.org/CD/vendors/ to select 
an appropriate vendor. I originally did that because all the 
connectivity I had was a 56k dial-up line. I'm now have selected 
a cell network based service with low data cap. For my peculiar 
personal usage I find it reasonable to pay for the convenience of 
a complete set of DVD's once per major release (will order Jessie 
soon ;)

Re: 5000 Folders in a directory

[rlharris]

On Wed, February 17, 2016 1:13 pm, Chris wrote:
> is it possible to save 5000 folders in the same directory (ext4 FS)
> without any performance issues?
>
> It's a Maildir structure with a .-separator, e.g.
>
> /var/vmail/public/folder1
> /var/vmail/public/folder1.subfolder1a
> /var/vmail/public/folder1.subfolder1b

A few months ago, I cleaned out an old POP3 by downloading several hundred
thousand email messages to a single maildir structure, in a marathon which
lasted several days.

RH

Re: [HS]: Installation Debian - mise à jour Bios

[Denis Fertin]

Bonjour,

Cela fait des années que j'utilise et bidouille linux a un petit, petit
niveau. J'ai jamais compris pourquoi certaines personnes ecrivent sur linux
sur leur blog ou wiki et pas sur le wiki de la distribution.
Du coup, Je me permets une suggestion: si tu te decided a ecrire oourquoi
ne pad le faire sur le wiki debian! (Ou grub?)
Le 17 févr. 2016 20:38, "Gilles Mocellin" 
a écrit :

> Le 17/02/2016 10:52, Marc a écrit :
>
>>
>>
>> Le 14/02/2016 20:03, Gilles Mocellin a écrit :
>>
>>> Le 14/02/2016 17:23, Marc a écrit :
>>>
 Bonjour ! Je me permets de rebondir avec un petit cavalier hors sujet

 Est-il possible de créer une entrée grub qui lance un bon vieux DOS ?
 Qui charge par exemple un fichier disquette.img placé dans une partition du
 disque dur (ou désarchivé dans une mini-partition FAT ou une clé usb). Pour
 mise à jour du bios et autres utilitaires pour carte mère du siècle 
 passé...

 Et quelle image lancer, qui soit aussi générique que possible et pas
 trop suspecte ? Freedos ?

 D'avance merci

 Marc

 Le 14/02/2016 13:36, Jean-Marc a écrit :

> Je pense qu'une mise à niveau du BIOS serait judicieuse.
>


>>> Regarde le paquet grub-imageboot, ça permet de créer automatiquement des
>>> entrées GRUB pour des images placées dans /boot/images.
>>> Je m'en sers pour les images bootables permettant la MAJ des firmware de
>>> mes SSD.
>>> Tu dois pouvoir faire des images avec FreeDOS comprenant tes programmes
>>> DOS.
>>>
>>
>> Parfait ! Fonctionne du premier coup et sera plus général et plus durable
>> que les bricolages "à la main" que j'utilisais
>>
>> La question est : pourquoi je n'ai pas trouvé l'information plus tôt
>> ailleurs ? Et ce petit échange risque de ne pas être bien indexé par les
>> moteurs de recherche, puisque cavalier mal placé...
>>
>> Merci !
>>
>>
> Et oui, je me dis souvent que je devrais faire des articles sur un blog ou
> un wiki...
> Mais je passe trop de temps à lire (rapidement) ces mailing-lists et flux
> RSS.
>
>

Server terminated with error (1)

[gerard ROBIN]

Hello,
I am using a laptop clevo W950JU with intel i5-6200U processor.

If I run jessie with the kernel 4.2.0-0.bpo.1-amd64  it works fine, 
but when I use the kernel 4.3.0-0.bpo.1-amd64  X11 fails :

---8<---
[   209.705] (--) controlling tty is VT number 2, auto-enabling KeepTty
[   209.706] (WW) Falling back to old probe method for modesetting
[   209.706] (WW) Falling back to old probe method for fbdev
[   209.706] (II) Loading sub module "fbdevhw"
[   209.706] (II) LoadModule: "fbdevhw"
[   209.706] (II) Loading /usr/lib/xorg/modules/libfbdevhw.so
[   209.706] (II) Module fbdevhw: vendor="X.Org Foundation"
[   209.706]compiled for 1.16.4, module version = 0.0.2
[   209.706]ABI class: X.Org Video Driver, version 18.0
[   209.706] (WW) Falling back to old probe method for vesa
[   209.707] (II) intel(0): Creating default Display subsection in Screen 
section
"Default Screen Section" for depth/fbbpp 24/32
[   209.707] (==) intel(0): Depth 24, (--) framebuffer bpp 32
[   209.707] (==) intel(0): RGB weight 888
[   209.707] (==) intel(0): Default visual is TrueColor
[   209.707] (WW) intel(0): Unknown chipset
[   209.707] (II) UnloadModule: "intel"
[   209.707] (EE) Screen(s) found, but none have a usable configuration.
[   209.707] (EE) 
Fatal server error:
[   209.707] (EE) no screens found(EE) 
[   209.707] (EE) 
Please consult the The X.Org Foundation support 
 at http://wiki.x.org
 for help. 
[   209.707] (EE) Please also check the log file at "/var/log/Xorg.0.log" for 
additional information.
[   209.707] (EE) 
[   209.710] (EE) Server terminated with error (1). Closing log file.


lspci -v | grep VGA
 VGA compatible controller: Intel Corporation Device 1916 (rev 07) (prog-if 00 
[VGA controller])

I have not found anything on google that has to do with this problem.
anyone know how to solve the problem ?

TIA
-- 
Gerard
___
***
*  Created with "mutt 1.5.23" *
*  under Debian Linux JESSIE version 8.3  *
*  Registered Linux User #388243  *
*  https://Linuxcounter.net   *
***

Re: De la nécessité d'utiliser Sid et non Testing

[Sebastien CHAVAUX]

Comme je le dit plus tot, tout est dit et son contraire aussi. C'est un 
peu comme apt et aptitude, un jour ça va etre l'un et puis un autre 
jour, ça sera l'autre. Ce que je vois, et ce qui est dit c'est que sous 
testing a cause des dependance et de la qualité, a tout moment un paquet 
peut migrer sans ses depandances, ou simplement etre retiré... Sous sid 
je n'ai pas de soucis comme ça. J'en ai d'autre mais listbugs dépanne bien.


Ceci depend des personnes, on aura pas tous le meme son de cloche.


Le 16/02/2016 23:57, François TOURDE a écrit :

Le 16847ième jour après Epoch,
mader...@gmail.com écrivait:


D'après mon expérience d'utilisateur, on peut utiliser "Testing" pour
tester mais certainement pas dans le cadre d'une utilisation "normale"
et sécurisée.

En fait, c'est ça qui me gêne le plus. Tu assènes un sujet parlant de la
"nécessité" d'utiliser Sid, puis tu parles de ta propre expérience
d'utilisateur, en mélangeant sécurité, stabilité, et utilisation
"normale".

Je pense qu'il serait préférable de définir davantage ce que tu entends
par "normale", puis la notion de "tester".

Sid est une version qui, comme stable, corrige assez rapidement les
problèmes de sécurité et de vulnérabilité, mais ne garantit pas
forcément la notion de stabilité ou de cohérence.

Voir Releases[1], Qu'est-ce que testing[2] et [3], et la sécurité sur
testing [4].

Charge aux gens en connaissance de cause d'utiliser telle ou telle
distrib, mais je te souhaite de ne jamais être confronté à un souci tel
qu'il a eu lieu dans Sid il y a plus de 7 ans sur l'incompatibilité de
PAM[5] avec le reste du système...


Au contraire, Sid malgré les risques de bugs, est
utilisable au quotidien et s'avère bien plus fiable qu'on ne le
dit.

"On" ne dit rien, c'est Debian qui le dit ici:
https://www.debian.org/releases/sid/


[1] https://www.debian.org/releases/
[2] https://www.debian.org/doc/manuals/debian-faq/ch-ftparchives#s-testing
[3] https://www.debian.org/devel/testing
[4] https://www.debian.org/security/faq#testing
[5] 
https://www.debian.org/doc/manuals/debian-reference/ch04.fr.html#_pam_and_nss

Re: [HS]: Installation Debian - mise à jour Bios

[Gilles Mocellin]

Le 17/02/2016 10:52, Marc a écrit :



Le 14/02/2016 20:03, Gilles Mocellin a écrit :

Le 14/02/2016 17:23, Marc a écrit :

Bonjour ! Je me permets de rebondir avec un petit cavalier hors sujet

Est-il possible de créer une entrée grub qui lance un bon vieux DOS 
? Qui charge par exemple un fichier disquette.img placé dans une 
partition du disque dur (ou désarchivé dans une mini-partition FAT 
ou une clé usb). Pour mise à jour du bios et autres utilitaires pour 
carte mère du siècle passé...


Et quelle image lancer, qui soit aussi générique que possible et pas 
trop suspecte ? Freedos ?


D'avance merci

Marc

Le 14/02/2016 13:36, Jean-Marc a écrit :

Je pense qu'une mise à niveau du BIOS serait judicieuse.




Regarde le paquet grub-imageboot, ça permet de créer automatiquement 
des entrées GRUB pour des images placées dans /boot/images.
Je m'en sers pour les images bootables permettant la MAJ des firmware 
de mes SSD.
Tu dois pouvoir faire des images avec FreeDOS comprenant tes 
programmes DOS.


Parfait ! Fonctionne du premier coup et sera plus général et plus 
durable que les bricolages "à la main" que j'utilisais


La question est : pourquoi je n'ai pas trouvé l'information plus tôt 
ailleurs ? Et ce petit échange risque de ne pas être bien indexé par 
les moteurs de recherche, puisque cavalier mal placé...


Merci !



Et oui, je me dis souvent que je devrais faire des articles sur un blog 
ou un wiki...
Mais je passe trop de temps à lire (rapidement) ces mailing-lists et 
flux RSS.

Re: apt-get vim-tiny

[Mark Aldrich]

On Sun, 14 Feb 2016 20:48:30 +0100
"Thomas Schmitt scdbackup-at-gmx.net |Debian/Computer|"
 wrote:

> Hi,
> 
> OS wrote:
> > Any time I do anything with apt-get, it ends with an error code
> > (1). It seems to have something to do with vim-tiny
> 
> You did not show such an "anything" attempt. So it is hard to
> tell whether vim.tiny really is to blame.
> 
> 
> > mark@FrogBreath:~$ sudo apt-get remove vim.tiny
> > ...
> > update-alternatives: error: unable to read link
> > `/etc/alternatives/vi':
> 
> There is supposed to be a symbolic link with that name, which
> points to one of the various /usr/bin/vim.* programs.
> On my Debian 8:
> 
>   /etc/alternatives/vi -> /usr/bin/vim.basic
> 
> choosing between
> 
>   /usr/bin/vim.basic
>   /usr/bin/vim.tiny
> 
> 
> I'd check what kind of file is behind that path
> 
>   ls -ld /etc/alternatives/vi
> 
> If it is missing indeed, i'd check which /usr/bin/vim.* are present
> 
>   ls -ld /usr/bin/vim.*
> 
> and then create a link to one of them
> 
>   sudo ln -s /usr/bin/vim.basic /etc/alternatives/vi
> 
> If /etc/alternatives/vi exists, the further action depends on what
> file type it is. Normally one would remove or rename it and then
> create a link by ln -s as described above.
> 
> 
> Then i would test whether the "do anything" problems still occur.
> The proper existence or non-existence of vim-tiny should not interfere
> with unrelated apt-get operations.
> 
> 
> Have a nice day :)
> 
> Thomas
> 

Thank you Thomas.

As far as "do anything" is concerned, I will try to supply more complete
examples in the future.

It turns out that "/etc/alternatives/vi" was an executable and
"/usr/bin/vim.*" revealed only vim.tiny and vim.tutor. I moved vi to
vi.bak and created a link as you suggested to vim.tiny. I ran

sudo apt-get update

and any my problem "seemed" to have disappeared. I have
since run

sudo apt-get upgrade vim

and did not get the error message. Yea! Instead I now have vim.tiny and
vim.basic and the link previously discussed now points to vim.basic.

Again, I thank you for your assistance.

Re: bash-completion, tab and ambiguous globs

[Lisi Reisz]

On Wednesday 17 February 2016 16:54:15 John L. Ries wrote:
> > Seriously, when does bash-completion actually help someone on the
> > command line? The only time I notice it is when a pattern is buggy and
> > doesn't let me complete a filename even when it's completely valid.
>
> It apparently doesn't do anything for you or me (but I'm a Korn shell
> user), but I have to assume that at least a few people find it useful,
> otherwise we would not be having this discussion.

I love it.  I am a lousy typist (the list may have noticed).  Bash completion 
won't complete if I have already made an error, and when it completes, 
completes the rest without an error.  It is an absolute godsend.

Lisi
> --|
> John L. Ries  |
> Salford Systems   |
> Phone: (619)543-8880 x107 |
> or (435)867-8885  |
> --|
>
> On Wednesday 2016-02-17 01:57, Anders Andersson wrote:
> >Date: Wed, 17 Feb 2016 01:57:30
> >From: Anders Andersson 
> >To: Debian users mailing list 
> >Subject: Re: bash-completion, tab and ambiguous globs
> >
> > On Tue, Feb 16, 2016 at 11:15 AM, Jean-Baptiste Thomas
> >
> >  wrote:
> >> In bash, typing, say, "ls x*y" then tab lists all the possible
> >> expansions of "x*y" on the next line, then prints the command
> >> line anew with "x*y" replaced by longest common stem.
> >>
> >> With bash-completion installed, "x*y" is summarily replaced by
> >> its first match.
> >
> > Thank you! I just pondered this today, and I remember that it used to
> > work much better. Now I at least know the culprit.
> >
> > Seriously, when does bash-completion actually help someone on the
> > command line? The only time I notice it is when a pattern is buggy and
> > doesn't let me complete a filename even when it's completely valid.

Re: bash-completion, tab and ambiguous globs

[John L. Ries]

Seriously, when does bash-completion actually help someone on the
command line? The only time I notice it is when a pattern is buggy and
doesn't let me complete a filename even when it's completely valid.


It apparently doesn't do anything for you or me (but I'm a Korn shell 
user), but I have to assume that at least a few people find it useful, 
otherwise we would not be having this discussion.


--|
John L. Ries  |
Salford Systems   |
Phone: (619)543-8880 x107 |
or (435)867-8885  |
--|


On Wednesday 2016-02-17 01:57, Anders Andersson wrote:


Date: Wed, 17 Feb 2016 01:57:30
From: Anders Andersson 
To: Debian users mailing list 
Subject: Re: bash-completion, tab and ambiguous globs

On Tue, Feb 16, 2016 at 11:15 AM, Jean-Baptiste Thomas
 wrote:

In bash, typing, say, "ls x*y" then tab lists all the possible
expansions of "x*y" on the next line, then prints the command
line anew with "x*y" replaced by longest common stem.

With bash-completion installed, "x*y" is summarily replaced by
its first match.


Thank you! I just pondered this today, and I remember that it used to
work much better. Now I at least know the culprit.

Seriously, when does bash-completion actually help someone on the
command line? The only time I notice it is when a pattern is buggy and
doesn't let me complete a filename even when it's completely valid.

Re: pam_smbpass.so

[Christian Seiler]

Hi,

On 02/17/2016 05:11 PM, Joe Pfeiffer wrote:
> Christian Seiler writes:
>> [Suggesting journalctl -o verbose to debug this]
> I'm running a current Debian testing installation, and journal is
> enabled.
> 
> It turns out it's only coming from /usr/lib/dovecot/auth.  What's
> weird is in /etc/pam.d/, the only files using the module are
> common-auth and common-password, so I'd expect to see the error coming
> either every time someone authenticates through anything, or any time
> someone changes their password, and I'm not seeing either of those
> cases -- just dovecot.

Just a hunch: do you run dovecot chroot'ed? If so, then it is most
likely the case that the specific PAM module is not available within
the chroot and that's why it produces that message.

If that's not the case: what's the contents of /etc/pam.d/dovecot?
And /etc/pam.d/common-auth?

Regards,
Christian



signature.asc
Description: OpenPGP digital signature

Re: pam_smbpass.so

[Sven Hartge]

Joe Pfeiffer  wrote:

> I'm seeing a large number of entries in my /var/log/syslog that look
> like this:

> Feb 16 09:07:31 snowball auth: PAM unable to dlopen(pam_smbpass.so): 
> /lib/security/pam_smbpass.so: cannot open shared object file: No such file or 
> directory
> Feb 16 09:07:31 snowball auth: PAM adding faulty module: pam_smbpass.so

> So...  any idea what's going on here, and more importantly how to fix
> it?  I also see consistently that this is a harmless message, but it
> bugs me...

Do a 

  rgrep smbpass /etc/pam.d

and see, if you have an old config file there which references
pam_smbpass.so via absolute path. This can cause this error.

Odds are, you can just remove the old config file and purge the package
you installed, because you don't need it.

Grüße,
S°

-- 
Sigmentation fault. Core dumped.

Re: De la nécessité d'utiliser Sid et non Testing

[Eric Degenetais]

Le 17 février 2016 à 14:49, maderios  a écrit :
>
> normale= courante, toute utilisation sauf le serveur.
> tester= rien que tester...

bonjour,
et dans ce contexte où placeriez vous un poste de travail individuel?
Certes les pertes de fonctionnalités sur serveur amènent à des
violations de SLA et autres dommages de production, mais quid de
dysfonctionnements aléatoires survenant sur d'autres types de machines
utilisées pour travailler? J'aurais personnellement tendance à
réserver les distributions fonctionnellement instables (même si bien
patchées en terme de sécurité, ce qui n'est d'ailleurs pas évident en
lisant la page de politique Debian pointée par le lien de François
TOURDE) à des *joujoux*...

my 2 cents,

bonne fin de journée
__
Éric Dégenètais
Henix



http://www.henix.com
http://www.squashtest.org

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jeremy T. Bouse]

Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good
starts... I'd also check that "ChallengeResponseAuthentication no" is
set as well as some PAM modules will utilize it and be able to get
around passwords being entered as well as "UsePAM no"

I do agree locking the root password isn't advisable. As I use
configuration management/automation to handle my servers I simply set
the root password to generated password that only I know the algorithm
to reproduce it when I need to, but enable sudoers for all other 'root'
access.

I also go further by utilizing Duo Security as a MFA for SSH logins
to my servers for accounts authorized to log in.

On 2/17/2016 10:26 AM, Peter Ludikovsky wrote:
> More or less. What I wouldn't agree with is locking the root account
> completely, because, like Thomas said, you'll be locked out should you
> ever be dropped to a rescue shell due to an hardware error.
>
> Regards,
> /peter
>
> Am 17.02.2016 um 15:56 schrieb Tom Browder:
> > On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky
> >  wrote:
> >> -BEGIN PGP SIGNED MESSAGE-
> > ...
>
> > Thanks, Peter.  Do you agree with Darac's solution?
>
> > Best,
>
> > -Tom
>
>




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Disarmed] debian8 - nfs

[Camaleón]

El Tue, 16 Feb 2016 21:36:40 -0500, Alberto Cabrejas Pérez escribió:

(ese formato...)

> tengo un servidor nfs en una pc funcional, estoy configurando un
> servidor con debian8 y al intentar utilizarlo como cliente nfs me
> devuelve: */mount.nfs: No such device/*, el servidor nfs funciona bien,
> tengo instalado nfs-common, intento montarlo de la forma: */mount -t nfs
> /**/*/192.168/*.8:/mnt/FTP/ /var/storage/FTP/* , */mount.nfs
> /**/*/192.168/*.1.8:/mnt/FTP/ /var/storage/FTP, /**/mount.nfs4
> 192.168.1.8:/mnt/FTP/ /var/storage/FTP/*

Si buscas en Google verás que ese mensaje de error es bastante común, por 
ejemplo, puedes empezar por lo más sencillo:

***
https://help.ubuntu.com/community/NFSv4Howto

For the error message:
mount.nfs4: No such device

You will have to load the nfs module with the command
modprobe nfs
***

Revisa el registro del sistema (syslog) por si vieras más información 
pero seguramente se deba a una actualización del kernel.

Saludos,

-- 
Camaleón

Re: conexión a la red

[Camaleón]

El Tue, 16 Feb 2016 20:31:22 +0100, Luis Garcia Martin escribió:

Hola Luis, acuérdate de mandar los correos a la lista en formato texto en 
lugar de html.

> Tengo un PC Medion i7, con GeForce GTX 760 y un adaptador USB TP-Link
> (que me funciona perfectamente con Kubuntu 15.10).
> Mi primera pregunta es como puedo conectarme a la red, he seguido las
> indicaciones del instalador Debian 8.3 CD de 540 MG.

Para configurar el adaptador de red hay varios pasos a seguir:

1/ Si lo ha detectado el kernel y ha cagado los drivers automáticamente 
sólo tienes que configurarlo mediante alguna aplicación gráfica o 
manualmente. Tienes los pasos aquí:

https://wiki.debian.org/WiFi/HowToUse

2/ Si el kernel ha detectado el adaptador pero no ha podido instalar el 
driver tendrás que hacerlo tú mismo sabiendo el chipset del aparato. Si 
no sabes cómo hacerlo ejecuta "lsusb -v" como root y manda la salida.

> La segunda pregunta es que una vez instalado solo sale en texto y no
> forma gráfica, yo he marcado en 64 bit graphical install.
> Espero que solucionados estos dos problemas el sistema funcione bien.

Si has instalado un entorno gráfico ejecuta "startx" y dinos qué sucede.

Saludos,

-- 
Camaleón

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Feb 17, 2016 at 04:26:28PM +0100, Peter Ludikovsky wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> More or less. What I wouldn't agree with is locking the root account
> completely, because, like Thomas said, you'll be locked out should you
> ever be dropped to a rescue shell due to an hardware error.

There are ways around it. For example, you can specify /bin/sh (or bash)
as init. Or you can boot from a rescue system on another medium.

My point was: you *should* know that (and perhaps have given it a dry
run) before disabling root login. When trouble hits it's too late,
because you don't know how to deal with init=/bin/sh or you haven't that
rescue medium conveniently around :-)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEitcACgkQBcgs9XrR2kbTaACeKVNQ1Zk/Pv89pIomKF7G39yJ
uc0AnAigC8J7Fougjj8IEZXx1YpcRf7t
=DDfS
-END PGP SIGNATURE-

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Peter Ludikovsky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

More or less. What I wouldn't agree with is locking the root account
completely, because, like Thomas said, you'll be locked out should you
ever be dropped to a rescue shell due to an hardware error.

Regards,
/peter

Am 17.02.2016 um 15:56 schrieb Tom Browder:
> On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky
>  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
> ...
> 
> Thanks, Peter.  Do you agree with Darac's solution?
> 
> Best,
> 
> -Tom
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWxJEkAAoJEM+6Ng5pbtyZgCAP/2a9hxEmLEFwaMTdR4+EwTso
ZAMjRtrVGGMg/scVy5OFit5VLgsyAlv3bOvG2xoyOCN2C7b8TGQ0I5KIC4ycA3fI
hK1tKCiifm3hsJHjhFAy0QghlykxKuaBqY1/k2cDC4ZtfOdFlvPe15ngaL5JqCP2
PEbCgYU5hDeG0IdMw+t979DizWmPb/YtrJwB7r5o6cDUdxcApANVgLle5sI+FdUs
+kVy7OELKT+vNFwXupwL8AvuIT/igE2irHm8OvChHXg8BUQ3tbmVqGGIaU6KjZuE
UYEK2R75X4XgrewF4PpQPMy+WbKzjBi7ezOp6bXzZ3U0JN8VdIuZ9WSMTE7kTdQB
gMHVCQzch/VsRHbZ4DvHtL/rOhPl0JC40xDwcci8I+ua1jcoRJ1doyRNxu5nzdlV
itA1qcojPpj/50RsLELzsL140pg6y9Ne1KCV2jw+bJ9WrXZm2Ak7aJ8oYa5UcRUS
YJGW85SiKINmFq3Y05AHkQYU/fSqb2EkGkJBUKwVTchZe57h2vkggH3HlpS63cMr
zUKQEo2JfrenvvvkJdXKuA2MOks9xITlSbApKV/vkhgdjx6xPYv6+OuRvhZg/QhJ
8cuCSukwOpAKVhElXEIpRs5/yZFxyZ/B07yWRmjBT0PEpBFtfkH4FnSc5m6X78SQ
F9zUUMtJ/QWehfi6l3p8
=i2K+
-END PGP SIGNATURE-

Faille de sécurité dans le GNU libc avec les requêtes DNS

[Bernard Schoenacker]

bonjour,

voici la nouvelle rédigée par un co-listier :

https://linuxfr.org/users/bortzmeyer/journaux/faille-de-securite-dans-le-gnu-libc-avec-les-requetes-dns

bonne lecture

slt
bernard

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 8:24 AM, Darac Marjal  wrote:
> On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote:
>>
>> I have several remote Debian 7 servers and would like to secure it in
>> the following manner:
...

I can follow that!  Thanks so much, Darac.

Best,

-Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky  wrote:
> -BEGIN PGP SIGNED MESSAGE-
...

Thanks, Peter.  Do you agree with Darac's solution?

Best,

-Tom

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Feb 17, 2016 at 02:24:02PM +, Darac Marjal wrote:
> On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote:
> >I have several remote Debian 7 servers and would like to secure it in
> >the following manner:
> >
> >1. root will not be allowed any external access (access is only via a
> >user becoming root while logged in)
> 
> Ensure all users who may be allowed super-user access are in
> /etc/sudoers. Then run "sudo passwd -l". This will LOCK the password
> for root (that is, set the encrypted password to a value which
> cannot be matched. Additionally, the locked password may not be
> changed).
>
> In this manner, root cannot be logged into directly, but users can
> still elevate to root by using sudo.

And what do you do when the system drops you into single user mode
(because, for example, the root partition is in trouble) and asks
you for the root password?

(Yeah, there are ways around it -- but you should tell people about
them *before* you send them this route :-)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEf9oACgkQBcgs9XrR2kaZlQCfXvfgeqzdlXPEG46T1YXMNVhh
ZpMAnRObltaxMIV0Unnbo3rnj2pJ81UM
=KEGO
-END PGP SIGNATURE-

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Peter Ludikovsky]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

The first requirement is simple. Add the line
  PermitRootLogin no
or change it accordingly, and reload the SSH daemon.

For the second: do you want to disallow any logins via passwords, or
are the to be allowed once to set up the keys? The first is easy, with
the line
  PasswordAuthentication no
The latter isn't possible, as far as I know, with the vanilla OpenSSH
daemon.

Regards,
/peter

Am 17.02.2016 um 15:08 schrieb Tom Browder:
> I have several remote Debian 7 servers and would like to secure it
> in the following manner:
> 
> 1. root will not be allowed any external access (access is only via
> a user becoming root while logged in)
> 
> 2. after initial setup, no ssh access will be allowed via a
> password
> 
> I have seen much documentation on securing such a host, but I
> don't want to be an expert--I just need a recipe.
> 
> Many thanks.
> 
> Best regards,
> 
> -Tom
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWxIJrAAoJEM+6Ng5pbtyZc1gP/jjPfucXz7DvaGuAOmiSeKof
rBcS+oTU4znY57+whr0cNW+douaH/f7d7Vwcun5b3IUA1EUFHC9G74/CR4bU3XbD
aEKeBGIF6eUVw6jE0Sh5aFs6D+AoFePZKurs173azjfgFcveynYv3eSbzWk/e60U
KgRwtoSRLQu3wKZLJh/lR4/Ukx+spEvGzGvtc3PdkioT79u3OxdSw/FFm8r0N4qH
ifcX2R6hE4HsoVM3QMbEIxhiwbs63+j8Mu0ASfagLsPi1MqKBfLg5Iy1JeV5d1ND
plrDFaSRrzfJqNqO8nxwtUxji9ruQ1XkBo3DvdmXc/ZwOiJzNSCM/wvHuTupCq1x
gn3WfCEKryAZEmUx092CYFtbTLZ2Bu3A0vOHeFdiC2qGNqB85dicmhpMoouAnzq4
NaWDLJHXB8zdkvUL+zRIkoqACH8sBohogrqbnQAXCtJ+9LRqANdlvKs+F2Dp0eGE
GNIU3cscy6RtXYUDVFRFFgwp4oLOx3fE7Lv8EEV8o38KE7v712aNqzsCn8VuirWq
KHSoeUPTtD9o/0z4EOXRbMtwEPDgQjsUOHNPR73YNO/EJluNRA7JJ6E2aIkNTF8f
RwoWD9GhSi1CKzATn9GuaikejrpVGIFfSvdirVDgTOcuW82wfPiL1yyBhw6Kr2Y4
alA2W8K9y7InpEC1I/Ik
=S5IF
-END PGP SIGNATURE-

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Darac Marjal]

On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote:

I have several remote Debian 7 servers and would like to secure it in
the following manner:

1. root will not be allowed any external access (access is only via a
user becoming root while logged in)


Ensure all users who may be allowed super-user access are in 
/etc/sudoers. Then run "sudo passwd -l". This will LOCK the password for 
root (that is, set the encrypted password to a value which cannot be 
matched. Additionally, the locked password may not be changed).


In this manner, root cannot be logged into directly, but users can still 
elevate to root by using sudo.




2. after initial setup, no ssh access will be allowed via a password


$ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config
$ sudo service ssh restart



I have seen much documentation on securing such a host, but I don't
want to be an expert--I just need a recipe.

Many thanks.

Best regards,

-Tom



--
For more information, please reread.


signature.asc
Description: PGP signature

Debian security: need recipe for blocking root ssh access AND all ssh password access

[Tom Browder]

I have several remote Debian 7 servers and would like to secure it in
the following manner:

1. root will not be allowed any external access (access is only via a
user becoming root while logged in)

2. after initial setup, no ssh access will be allowed via a password

I have seen much documentation on securing such a host, but I don't
want to be an expert--I just need a recipe.

Many thanks.

Best regards,

-Tom

Re: [Disarmed] debian8 - nfs

[Alfredo]

Ante todo este cliente es físico o virtual ???

El 17/02/16 a las 08:23, fernando sainz escribió:

El 17 de febrero de 2016, 3:36, Alberto Cabrejas Pérez
 escribió:

tengo un servidor nfs en una pc funcional, estoy configurando un servidor con 
debian8 y al intentar utilizarlo como cliente nfs me devuelve: mount.nfs: No 
such device, el servidor nfs funciona bien, tengo instalado nfs-common, intento 
montarlo de la forma: mount -t nfs 192.168.8:/mnt/FTP/ /var/storage/FTP , 
mount.nfs 192.168.1.8:/mnt/FTP/ /var/storage/FTP, mount.nfs4 
192.168.1.8:/mnt/FTP/ /var/storage/FTP
--

Saludos, Alberto Cabrejas Pérez


Client-side issues

mount.nfs4: No such device

Check that you have loaded the nfs module

lsmod | grep nfs

and if previous returns empty or only nfsd-stuff, do

# modprobe nfs


https://wiki.archlinux.org/index.php/NFS/Troubleshooting

S2.





--
Este mensaje le ha llegado mediante el servicio de correo electronico que 
ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema 
Nacional de Salud. La persona que envia este correo asume el compromiso de usar 
el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/

Re: De la nécessité d'utiliser Sid et non Testing

[maderios]

On 02/16/2016 11:57 PM, François TOURDE wrote:

Le 16847ième jour après Epoch,
mader...@gmail.com écrivait:


D'après mon expérience d'utilisateur, on peut utiliser "Testing" pour
tester mais certainement pas dans le cadre d'une utilisation "normale"
et sécurisée.


En fait, c'est ça qui me gêne le plus. Tu assènes un sujet parlant de la
"nécessité" d'utiliser Sid, puis tu parles de ta propre expérience
d'utilisateur, en mélangeant sécurité, stabilité, et utilisation
"normale".


J'émets une opinion personnelle étayée par des faits. Si des gens 
tiennent à testing et ses risques, c'est leur liberté.

Récent exemple de faille de sécurité corrigée seulement dans stable et sid
https://www.debian.org/security/2016/dsa-3481
Je mélange volontairement les termes "fiable, sûr et sécurisé" parce que 
c'est ce qui se passe souvent dans la tête de l'utilisateur lambda.


Je pense qu'il serait préférable de définir davantage ce que tu entends
par "normale", puis la notion de "tester".

normale= courante, toute utilisation sauf le serveur.
tester= rien que tester...
--
Maderios

Re: I need help

[Adam Wilson]

On Wed, 17 Feb 2016 15:51:58 +0800 Gener Badenas
 wrote:

> On Thu, Feb 11, 2016 at 8:01 AM, Ghaith Etaiwi
>  wrote:
> 
> > Hello, I'm starting in linux I used Ubuntu and didn't like it and I
> > have read that many people that used Debian had a better
> > experience, I have a MacBook Pro 4GB ram/ 500HDD/Intel HD 3000/ i5
> > 2nd generation, can it run Debian?. Also, I want to know what
> > version of Debian to download, I saw something about DVD1, DVD2...
> >
> 
> You can always choose net install so it is minimal.  Then you can
> download everything else.  I assume internet is fast in your location.

Depends on what you consider to be 'fast'. Is 120K/s fast?

Re: [Disarmed] debian8 - nfs

[fernando sainz]

El 17 de febrero de 2016, 3:36, Alberto Cabrejas Pérez
 escribió:
>
> tengo un servidor nfs en una pc funcional, estoy configurando un servidor con 
> debian8 y al intentar utilizarlo como cliente nfs me devuelve: mount.nfs: No 
> such device, el servidor nfs funciona bien, tengo instalado nfs-common, 
> intento montarlo de la forma: mount -t nfs 192.168.8:/mnt/FTP/ 
> /var/storage/FTP , mount.nfs 192.168.1.8:/mnt/FTP/ /var/storage/FTP, 
> mount.nfs4 192.168.1.8:/mnt/FTP/ /var/storage/FTP
> --
>
> Saludos, Alberto Cabrejas Pérez


Client-side issues

mount.nfs4: No such device

Check that you have loaded the nfs module

lsmod | grep nfs

and if previous returns empty or only nfsd-stuff, do

# modprobe nfs


https://wiki.archlinux.org/index.php/NFS/Troubleshooting

S2.

Re: [Disarmed] Re: [Disarmed] debian8 - nfs

[Alberto Cabrejas Pérez]

si, pruebo con otra pc con ubuntu por ejemplo y lo monta bien
  El 17/02/16 a las 08:00, Roberto Quiñones escribió:
En el equipo cliente en /mnt tienes montado correctamente el 
FTP//var/storage/FTP pues algo ahí no se ve bien creo yo.


Saludos
--

Roberto Quiñones

Owner - Service Manager and System
ACShell.NET – Internet Services
robe...@acshell.net  - www.acshell.net 


San Martin #311 Santiago – CL (Chile)
+560981361713




--

Saludos, *Alberto Cabrejas Pérez*
Administrador de Redes Informáticas
ARTex S.A. Sucursal Granma
http://www.artexsa.com
http://www.scgra.artex.sa
Linux Usuario Registrado # 31 666
Teléf.+53(023) 48-1912 48-1934 48-1956 Ext 115
Jabber: albe...@scgr.artex.cu
"BE FREE BE LINUX!!!"

Re: [Disarmed] Re: [Disarmed] debian8 - nfs

[Roberto Quiñones]

En el equipo cliente en /mnt tienes montado correctamente el
FTP//var/storage/FTP pues algo ahí no se ve bien creo yo.

Saludos
-- 

Roberto Quiñones

Owner - Service Manager and System
ACShell.NET – Internet Services
robe...@acshell.net - www.acshell.net
San Martin #311 Santiago – CL (Chile)
+560981361713

[Disarmed] Re: [Disarmed] debian8 - nfs

[Alberto Cabrejas Pérez]

El servidor esta bien, el lio es en el cliente

  El 16/02/16 a las 21:39, Carlos Manuel Escalona Villeda escribió:

en el servidor debes tener instalado nfs-kernel-server

El mar., 16 de feb. de 2016 a la(s) 20:38, Alberto Cabrejas Pérez 
> escribió:


tengo un servidor nfs en una pc funcional, estoy configurando un
servidor con debian8 y al intentar utilizarlo como cliente nfs me
devuelve: */mount.nfs: No such device/*, el servidor nfs funciona
bien, tengo instalado nfs-common, intento montarlo de la forma:
*/mount -t nfs /**/*/192.168/*.8:/mnt/FTP/ /var/storage/FTP/* ,
*/mount.nfs /**/*/192.168/*.1.8:/mnt/FTP/ /var/storage/FTP,
/**/mount.nfs4 192.168.1.8:/mnt/FTP/ /var/storage/FTP/*
-- 


Saludos, *Alberto Cabrejas Pérez*
Administrador de Redes Informáticas
ARTex S.A. Sucursal Granma
http://www.artexsa.com
http://www.scgra.artex.sa
Linux Usuario Registrado # 31 666
Teléf.+53(023) 48-1912 48-1934 48-1956 Ext 115
Jabber: albe...@scgr.artex.cu 
"BE FREE BE LINUX!!!"




--

Saludos, *Alberto Cabrejas Pérez*
Administrador de Redes Informáticas
ARTex S.A. Sucursal Granma
http://www.artexsa.com
http://www.scgra.artex.sa
Linux Usuario Registrado # 31 666
Teléf.+53(023) 48-1912 48-1934 48-1956 Ext 115
Jabber: albe...@scgr.artex.cu
"BE FREE BE LINUX!!!"

Re: How to tell the system to load right name for wireless card?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Feb 17, 2016 at 07:02:07AM -0500, Jude DaShiell wrote:
> [...]  In my .bashrc I put ping -c 5
> www.google.com|grep % to test if I have a network connection on
> reboot or power up [...]

Hint: ping tells you with an exit status of 0 that all's dandy, so
perhaps you don't need the grep. Ex.

  
  # 8 sec deadline
  if ping -c 2 -w 4  ; then
echo "yay"
  else
echo "nay"
  fi

Add option -q and others to taste.

Of course, if you are just displaying (and not firing off other scripts)
grep is fine :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEXXkACgkQBcgs9XrR2kaiVgCfSHGgS7BmG7PmdQfSXH1OAVPa
XTIAn27Oyy8/f9C/Gbl2jq4WUWR4Vj6Z
=VT2Z
-END PGP SIGNATURE-

Re: Proxy Pass com GET [Off-Topic]

[Sinval Júnior]

Não é localhost. Essa máquina é ms$ com um aplicativo rodando em IS
proprietário. o http://www estaria em uma máquina apache ou nginx/debian.

Ao encaminhar esta mensagem, por favor:
1 - Apague meu endereço eletrônico;
2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
Dificulte assim a disseminação de vírus, spams e banners.

#=+
#!/usr/bin/env python
nome = 'Sinval Júnior'
email = 'sinvalju arroba gmail ponto com'
print nome
print email
#==+

Em 17 de fevereiro de 2016 09:05, Rodrigo Germano de Paula <
rodrigo.pa...@ifb.edu.br> escreveu:

> mas localhost, na própria máquina tem um sv web? Se sim, acho que o ideal
> era um redirect 403.
>
> *Rodrigo Germano de Paula*
> Técnico em Tecnologia da Informação
> IFB Campus Planaltina
> Contato: (61) 21962601
>
> Em 16 de fevereiro de 2016 22:43, Sinval Júnior 
> escreveu:
>
>> Sim, sempre fixá.
>> Em 16 de fev de 2016 6:18 PM, "Rodolfo"  escreveu:
>>
>>> Essa url que você passou é fixa ? Ou seja, sempre será:
>>>
>>> http://localhost/QvAJAXZfc/opendoc.htm?document=IAS.qvw;
>>> host=QVS%40users=true
>>>
>>> 
>>>
>>> Em 16 de fevereiro de 2016 16:16, Sinval Júnior 
>>> escreveu:
>>>
 Rodolfo,

 A ideia não é que o usuário não precise digitar
 localhost/QvAJAXZfc/opendoc.htm?document=IAS.qvw&
 host=QVS%40users=true

 e sim apenas localhost

 Ou seja http://www deve responder por http://localhost/QvAJAXZfc/
 opendoc.htm?document=IAS.qvw=QVS%40users=true

 Ao encaminhar esta mensagem, por favor:
 1 - Apague meu endereço eletrônico;
 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
 Dificulte assim a disseminação de vírus, spams e banners.

 #=+
 #!/usr/bin/env python
 nome = 'Sinval Júnior'
 email = 'sinvalju arroba gmail ponto com'
 print nome
 print email
 #==+

 Em 16 de fevereiro de 2016 18:10, Rodolfo 
 escreveu:

> Não sabia que dava para esconder os parâmetros da URL por GET, com
> POST isso é normal, mas mesmo assim fica no browser a requisição. Agora da
> pra renomear a URL por GET tornando a leitura mais difícil, desse modo não
> sei, em sistemas Java, PHP entre outros se utlizam frameworks para fazer
> esse serviço.
>
> Em 16 de fevereiro de 2016 16:04, Sinval Júnior 
> escreveu:
>
>> Alguém sabe fazer um proxy pass usando url com parâmetros get.
>> Ex:
>>
>> De:localhost/QvAJAXZfc/opendoc.htm?document=IAS.qvw=QVS%40users=true
>> Para: localhost
>>
>> Na prática esses parâmetros devem ser transparantes.
>> Tentei um rewrite no nginx. no final o html da página aparece no
>> endereço do navegador
>> rewrite ^/(.*)$
>> /Qv/QvAJAXZfc/opendoc.htm?document=IAS.qvw=QVS%40users=true$1
>> last;
>> Se eu substituir  last, por permanent funciona contudo os parâmetros
>> aparecem na barra de endereços.
>>
>> Ao encaminhar esta mensagem, por favor:
>> 1 - Apague meu endereço eletrônico;
>> 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
>> Dificulte assim a disseminação de vírus, spams e banners.
>>
>> #=+
>> #!/usr/bin/env python
>> nome = 'Sinval Júnior'
>> email = 'sinvalju arroba gmail ponto com'
>> print nome
>> print email
>> #==+
>>
>
>

>>>
>

Re: How to tell the system to load right name for wireless card?

[Jude DaShiell]

Hi, this may be a problem on the kernel level having nothing to do with 
debian.  Reason I write this is the computer I use has a ralink adapter 
card attached to it which is wireless and it's talkingarch linux and I 
have situations where sometimes the card gets loaded properly on 
talkingarch and sometimes it does not.  Thanks for the lspci -k info, 
I'll use that when I reboot and the card does not get attached correctly 
next time and see if the system like yours finds no network card when 
that happens.  In my .bashrc I put ping -c 5 www.google.com|grep % to 
test if I have a network connection on reboot or power up because of 
this situation now I'll do a little more testing and report what I find 
here.


On Wed, 17 Feb 2016, German wrote:


Date: Wed, 17 Feb 2016 02:31:45
From: German 
To: debian-user@lists.debian.org
Subject: How to tell the system to load right name for wireless card?
Resent-Date: Wed, 17 Feb 2016 07:32:00 + (UTC)
Resent-From: debian-user@lists.debian.org

Hi list,

A couple of days ago I asked why my pc changes the wireless card name.
It switches between AR9285 ( right) and AR5008 ( wrong). Someone
suggested  that this is because another kernel module is loaded by
mistake. Well, it is not the case. When system identified with AR9285,
it loads ath9k and I can connect to the router. When system identifies
my card as AR5008, no kernel module is present at all ( lspci -k). The
wrong card name occurs only when system rebooted. If I gracefully shut
down the system, it always comes up with a right name for the card
( AR9285). So, how to force the system identify my card right no matter
if I reboot or shut down? Thank you.




--

Re: Proxy Pass com GET [Off-Topic]

[Rodrigo Germano de Paula]

mas localhost, na própria máquina tem um sv web? Se sim, acho que o ideal
era um redirect 403.

*Rodrigo Germano de Paula*
Técnico em Tecnologia da Informação
IFB Campus Planaltina
Contato: (61) 21962601

Em 16 de fevereiro de 2016 22:43, Sinval Júnior 
escreveu:

> Sim, sempre fixá.
> Em 16 de fev de 2016 6:18 PM, "Rodolfo"  escreveu:
>
>> Essa url que você passou é fixa ? Ou seja, sempre será:
>>
>> http://localhost/QvAJAXZfc/opendoc.htm?document=IAS.qvw;
>> host=QVS%40users=true
>>
>> 
>>
>> Em 16 de fevereiro de 2016 16:16, Sinval Júnior 
>> escreveu:
>>
>>> Rodolfo,
>>>
>>> A ideia não é que o usuário não precise digitar
>>> localhost/QvAJAXZfc/opendoc.htm?document=IAS.qvw&
>>> host=QVS%40users=true
>>>
>>> e sim apenas localhost
>>>
>>> Ou seja http://www deve responder por http://localhost/QvAJAXZfc/
>>> opendoc.htm?document=IAS.qvw=QVS%40users=true
>>>
>>> Ao encaminhar esta mensagem, por favor:
>>> 1 - Apague meu endereço eletrônico;
>>> 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
>>> Dificulte assim a disseminação de vírus, spams e banners.
>>>
>>> #=+
>>> #!/usr/bin/env python
>>> nome = 'Sinval Júnior'
>>> email = 'sinvalju arroba gmail ponto com'
>>> print nome
>>> print email
>>> #==+
>>>
>>> Em 16 de fevereiro de 2016 18:10, Rodolfo  escreveu:
>>>
 Não sabia que dava para esconder os parâmetros da URL por GET, com POST
 isso é normal, mas mesmo assim fica no browser a requisição. Agora da pra
 renomear a URL por GET tornando a leitura mais difícil, desse modo não sei,
 em sistemas Java, PHP entre outros se utlizam frameworks para fazer esse
 serviço.

 Em 16 de fevereiro de 2016 16:04, Sinval Júnior 
 escreveu:

> Alguém sabe fazer um proxy pass usando url com parâmetros get.
> Ex:
>
> De:localhost/QvAJAXZfc/opendoc.htm?document=IAS.qvw=QVS%40users=true
> Para: localhost
>
> Na prática esses parâmetros devem ser transparantes.
> Tentei um rewrite no nginx. no final o html da página aparece no
> endereço do navegador
> rewrite ^/(.*)$
> /Qv/QvAJAXZfc/opendoc.htm?document=IAS.qvw=QVS%40users=true$1
> last;
> Se eu substituir  last, por permanent funciona contudo os parâmetros
> aparecem na barra de endereços.
>
> Ao encaminhar esta mensagem, por favor:
> 1 - Apague meu endereço eletrônico;
> 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
> Dificulte assim a disseminação de vírus, spams e banners.
>
> #=+
> #!/usr/bin/env python
> nome = 'Sinval Júnior'
> email = 'sinvalju arroba gmail ponto com'
> print nome
> print email
> #==+
>


>>>
>>

Re: [HS]: Installation Debian - mise à jour Bios

[jdd]

Le 17/02/2016 10:52, Marc a écrit :


La question est : pourquoi je n'ai pas trouvé l'information plus tôt
ailleurs ? Et ce petit échange risque de ne pas être bien indexé par les
moteurs de recherche, puisque cavalier mal placé...


http://dodin.info/wiki/pmwiki.php?n=Doc.LancerDesImagesBootablesAvecGRUB


je mettrai en forme plus tard, c'est toujours un rappel
jdd

Re: 1 not upgraded

[Matijs van Zuijlen]

On 16/02/16 11:40, Richard Lucassen wrote:
> On Tue, 16 Feb 2016 10:53:04 +0100
> Wouter Verhelst  wrote:
> 
>> On Sat, Jan 16, 2016 at 09:51:17PM +0100, Richard Lucassen wrote:
>>> discussies over gevoerd. Debian heeft gekozen voor systemd en
>>> alhoewel je nu nog sysv kunt installeren zal dat niet langer
>>> mogelijk gaan zijn.
>>
>> Waarop baseer je die uitspraak?
> 
> Op het feit dat steeds meer packages geannexeerd worden door systemd.
> 
> R.
> 

En waarop baseer je die uitspraak? :-D

-- 
Matijs



signature.asc
Description: OpenPGP digital signature

Re: [HS]: Installation Debian - mise à jour Bios

[Marc]

Le 14/02/2016 20:03, Gilles Mocellin a écrit :

Le 14/02/2016 17:23, Marc a écrit :

Bonjour ! Je me permets de rebondir avec un petit cavalier hors sujet

Est-il possible de créer une entrée grub qui lance un bon vieux DOS ? 
Qui charge par exemple un fichier disquette.img placé dans une 
partition du disque dur (ou désarchivé dans une mini-partition FAT ou 
une clé usb). Pour mise à jour du bios et autres utilitaires pour 
carte mère du siècle passé...


Et quelle image lancer, qui soit aussi générique que possible et pas 
trop suspecte ? Freedos ?


D'avance merci

Marc

Le 14/02/2016 13:36, Jean-Marc a écrit :

Je pense qu'une mise à niveau du BIOS serait judicieuse.




Regarde le paquet grub-imageboot, ça permet de créer automatiquement 
des entrées GRUB pour des images placées dans /boot/images.
Je m'en sers pour les images bootables permettant la MAJ des firmware 
de mes SSD.
Tu dois pouvoir faire des images avec FreeDOS comprenant tes 
programmes DOS.


Parfait ! Fonctionne du premier coup et sera plus général et plus 
durable que les bricolages "à la main" que j'utilisais


La question est : pourquoi je n'ai pas trouvé l'information plus tôt 
ailleurs ? Et ce petit échange risque de ne pas être bien indexé par les 
moteurs de recherche, puisque cavalier mal placé...


Merci !

Re: bash-completion, tab and ambiguous globs

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Feb 17, 2016 at 10:14:06AM +0100, Nicolas George wrote:
> Le nonidi 29 pluviôse, an CCXXIV, to...@tuxteam.de a écrit :
> > It can be creepily smart, like knowing the branches in your project
> > when you do git checkout bla or things like that. Not bad.
> 
> You mean what zsh already did in its default distribution fifteen years ago?
> And, of course, without breaking the completion of globs.

I don't know why you sound so... vindicative? Might be my ears.

If bash-completions is too "fat" for me, zsh will be doubly so :-)

I know there are zsh fans, and I respect them deeply. It's just not my
planet. But I enjoy meeting them at an intergalactic bar and having
a drink with them (which cannot be said of inhabitants of /any/ planet).

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEM7wACgkQBcgs9XrR2kbl6ACfeF85x0J8Pz88DLVc1XIWO9yA
z34An2k9zykvhilvtNm3SGKHro3Z5o5b
=g0zy
-END PGP SIGNATURE-

Re: bash-completion, tab and ambiguous globs

[Nicolas George]

Le nonidi 29 pluviôse, an CCXXIV, to...@tuxteam.de a écrit :
> It can be creepily smart, like knowing the branches in your project
> when you do git checkout bla or things like that. Not bad.

You mean what zsh already did in its default distribution fifteen years ago?
And, of course, without breaking the completion of globs.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: bash-completion, tab and ambiguous globs

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Feb 17, 2016 at 09:57:30AM +0100, Anders Andersson wrote:
> On Tue, Feb 16, 2016 at 11:15 AM, Jean-Baptiste Thomas
>  wrote:
> > In bash, typing, say, "ls x*y" then tab lists all the possible
> > expansions of "x*y" on the next line, then prints the command
> > line anew with "x*y" replaced by longest common stem.
> >
> > With bash-completion installed, "x*y" is summarily replaced by
> > its first match.
> 
> Thank you! I just pondered this today, and I remember that it used to
> work much better. Now I at least know the culprit.
> 
> Seriously, when does bash-completion actually help someone on the
> command line? The only time I notice it is when a pattern is buggy and
> doesn't let me complete a filename even when it's completely valid.

It can be creepily smart, like knowing the branches in your project
when you do git checkout bla or things like that. Not bad.

That said, it always was a bit on the heavy (or overdone) side for my
taste, so I ended ditching it. But I can well understand someone
liking it.

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEMGsACgkQBcgs9XrR2kb4AgCdFipMv2LE3aoZ3QAEHd5eXxyl
69MAnjf6rg2PMmALYCmBHm0UbKUphG7+
=pmve
-END PGP SIGNATURE-

Re: bash-completion, tab and ambiguous globs

[Anders Andersson]

On Tue, Feb 16, 2016 at 11:15 AM, Jean-Baptiste Thomas
 wrote:
> In bash, typing, say, "ls x*y" then tab lists all the possible
> expansions of "x*y" on the next line, then prints the command
> line anew with "x*y" replaced by longest common stem.
>
> With bash-completion installed, "x*y" is summarily replaced by
> its first match.

Thank you! I just pondered this today, and I remember that it used to
work much better. Now I at least know the culprit.

Seriously, when does bash-completion actually help someone on the
command line? The only time I notice it is when a pattern is buggy and
doesn't let me complete a filename even when it's completely valid.

Re: Remote control ?

[Sven Arvidsson]

On Tue, 2016-02-16 at 10:47 -0300, Renaud OLGIATI wrote:
> In the days I used MS Windows, I had a suite of progs that allowed
> me, when run on both boxes, to see the desktop of one box in a window
> on the other, and mouse and keyboard actions in that window would act
> on the remote box.
> 
> Is there something similar in Debian ?

If you are using GNOME (or I assume, one of the forks) this is built-in 
using Vino and Vinagre.

It's enabled from the Sharing section in the settings.

-- 
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 6FAB5CD5



signature.asc
Description: This is a digitally signed message part

Re: Remote control ?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Feb 16, 2016 at 04:45:16PM -0300, Renaud OLGIATI wrote:
> On Tue, 16 Feb 2016 18:02:52 +
> Joe  wrote:
> 
> > Ron was not completely clear here. Only the 'professional' versions of
> > Windows have the standard RDP server, but all versions since about 2000
> > have had 'remote assistance', which is an RDP connection to the
> > logged-on local user's desktop, with both parties having mouse and
> > keyboard input and both seeing the same desktop. It is used, as implied,
> > for remote assistance with problems the local user is experiencing.
> > 
> > It may be this latter feature which Ron is looking for.
> 
> Thank you, you explained it better than I did.

Then it'll be vnc or something similar.

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlbEKIIACgkQBcgs9XrR2kYrWwCdFgEmQrHPOFt01JCtTKYDWYXx
cZwAnjxLoIsbZ2o0x6quXW5caqEapVM8
=fP9b
-END PGP SIGNATURE-