Re: RECOMMEND: Wireless Home Router with VPN Built-In
On 04/26/2016 03:46 AM, Patrick Bartek wrote: > On Mon, 25 Apr 2016, Lars Noodén wrote:> >> On 04/25/2016 05:01 AM, Patrick Bartek wrote: >> Keep in mind that SSH can do a SOCKS proxy itself and thus you might >> not even want to go to the trouble of setting up OpenVPN on top of >> whatever you have. > > I just want something simple for security when I use public wifi on my > phone or laptop for personal web and email. It doesn't have to be > NSA-proof. ;-) But I'll look into that. It's easy and simple, just use the SSH client the -D option and choose a port and log into your router. If you keep your SSH key in an agent, which many desktop environments have available for your, then you can just re-connect automatically. One addendum, whether you use VPN or SOCKS proxy, is that if you have a dynamic IP address you'll probably want to set up an account at a dynamic DNS service. That way if (when) your IP address changes while you are away you wont have to cause suspicion by scanning your ISP's whole network for your proxy. ddclient, for example, is in the repository. Regards, Lars
Re: OT: what do you know about Linux?
On Mon, 25 Apr 2016 21:46:22 -0400, Felix Miata wrote: > Juan R. de Silva composed on 2016-04-26 01:26 (UTC): > >> On my desktop I still use and old keyboard with PS/2 connector. >> My mouse an USB one, so the mouse PS/2 port on motherboard remains >> free. > >> A couple of days ago I had to reconnect my keyboard to motherboard. I >> was doing it in hurry and in the dark, just to the touch. > > Plugging a PS/2 keyboard connector into a motherboard port while the PC > is powered up is a bad idea. Sometimes doing so can permanently render > the motherboard port useless. > >> A day later while restarting the machine I was surprised by message >> from BIOS:"No keyboard detected." However, when started, Debian had no >> trouble with my keyboard. It was fully functional. > > The Linux driver doesn't care which port the keyboard is plugged into. > The motherboard BIOS does care, hence the warning at boot. Plugged into > the wrong port, you can't use the keyboard to get into BIOS setup or > anything else you might wish to key before the PC boots an OS. > >> Today I had a minute to pull out my desktop tower and found that I >> mistakenly plugged keyboard connector into the mouse PS/2 port. > > Dejavu. There was a long thread almost a month ago here "Changing Boot > Order" > about using the wrong port. > >> I wish to see Windows trying to swallow this. :-) Or I am outdated on >> Windows skills, am I? > > ??? All you comments are correct and my funny experience proofs it. I was certainly lucky not to blow up my motherboard. Praise to ASUS. I've meant to say that as far as I know Windows would not be able to run keyboard connected so wrongly at all. Even if, like in my case, motherboard survived such a bad treatment.
emacs locked file problem
I have just installed jessie (stable) on my laptop. The only user (apart from root) is "ceblair". I think I got emacs from aptitude, but perhaps it was already part of the default installation. Whenever I try to open or save a file, I get a message that the file is locked. I can use the "s" option to steal the file and proceed, but would prefer not to have to do this. Perhaps a symptom is that, during an emacs session, the top of the window says "emacs@debian.c-blair@..." (my e-mail address) instead of "emacs@ceblair". I may have made a mistake during the installation in specifying my host name or something similar. Thanks, as always, for any help.
Re: Portable Debian?
On 04/25/2016 03:21 AM, Steve Matzura wrote: My system that I built late last year/early this year is running great, except for the occasional overrun of inbound ssh from such addresses as 59.*.*.*, 213.*.*.* and others, but that's only because I have not put any blockers in place, either on my home gateway device or my Debian system, but that one's on me. I have no GUI desktops installed, I run completely from CLI and use Speakup for all of it, including and especially Image for Linux for backup and restore, which I use on all my Windows machines.. I'd like to take the installed Debian system as it is, write it to a CD or DVD, and use that as a talking backup/restore disc. Is this possible? Or should I create a new installation and write it to an ISO image, or just what should I do to accomplish the goal of creating a basic talking Debian shell environment that includes a licensed IFL? As always, thanks in advance for any and all suggestions. If your motherboard firmware and Debian version support booting and running from USB, you could clone your existing system drive to a USB drive -- flash drive, HDD, SSD, SSHD. Alternatively, make your own Debian Live images (hybrid ISO -- can put on optical discs or USB drives): https://www.debian.org/devel/debian-live/ On 04/25/2016 11:07 AM, Steve Matzura wrote: So, do I start with the running installation and run something to create the new media, or boot from the distro itself and create the new system on the target USB device? I power-down the computer, connect a USB 3.0 flash drive, boot the Debian 7.10 Xfce CD, partition the flash drive manually, and install onto the flash drive as usual. Upon reboot, I configure the CMOS setup to boot from the USB flash drive. David
Re: Firewall - basic config?
On 04/24/2016 03:56 AM, Reco wrote: On Sun, 24 Apr 2016 00:17:51 -0500 Michael Milliman wrote: Any suggestions/comments would be much appreciated. Thanks very much. Assuming you'd want to keep ufw, you'd need to worry about: Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds There's no reason to accept these unless you're using Samba (either the server or client). However, if you look at the ufw-skip-to-policy-input chain, it simply DROPs everything, so there is no hole here, as far as I can tell. Indeed, this chain specifies all protocols, from anywhere to anywhere, target DROP. So, in the end, all packets to these destination ports (dpt) are DROPed. Good catch. I agree here. Although it would help to see if these rules apply to a certain network interface (see below). ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc So, first they compose a perfectly good rule for DHCP client (ufw-before-input chain), but then they allow udp:68 unconditionally in ufw-after-input chain. I'll assume that something very clever is going on here. Correct me if I'm wrong, however, the ufw-before-input chain concerns me greatly. The first rule here ACCEPTs all packets of all protocols coming from anywhere and going to anywhere. This appears to be an incredibly big hole. The above rule Reco mentions, will never be seen as it is quite a bit further down the chain, after everything has already been ACCEPTed. Surely, I'm reading something wrong?:-\ I believe this to be an artifact of 'iptables -L', and the actual rule refers to lo interface only. For example, on my system this scary rule: # iptables -nL INPUT | head -3 ... ACCEPT all -- 0.0.0.0/00.0.0.0/0 Actually means this: # iptables -nvL INPUT | head -3 ... ACCEPT all -- lo * 0.0.0.0/00.0.0.0/0 Reco Yes, I missed that the iptables -L doesn't give the interface that a particular rule applies to. The iptables -L -v command would be more informative. -- Mike
/etc/resolv.conf documentation
Hello, I come back to a message that just help me with a server: https://lists.debian.org/debian-user/2015/10/msg00370.html * /From/: Pascal Hambourg mailto:pascal%40plouf.fr.eu.org>> * /Date/: Sun, 11 Oct 2015 13:47:57 +0200 >Dominic Hargreaves a écrit : >> >> I did just notice that there is a third state that the file sometimes >> ends up in, as well as the expected one which begins "Generated by >> Network Manager". This is a file which just contains one nameserver >> entry containing the IPv6 resolver. Odd. > > That may be generated from received IPv6 router advertisements (RA) by > rdnssd if installed. In that case, you can remove this package if you > don't need DNS resolution through the IPv6 server. Otherwise, check > whether the package resolvconf is installed. It could be good to have this package, rdnssd, mentionned in this doc: https://wiki.debian.org/NetworkConfiguration#Defining_the_.28DNS.29_Nameservers among the packages that can alter /etc/resolv.conf Indeed, I guess rdnssd was recently added to debian stable, I presume it is not very well known, but it's installed by default. In my case, installing a virtual server in a quite common and tested environnement, just for the first time with debian 8.4, I came up with a server that simply had no DNS resolution, and no way to solve the problem with the classic static /etc/resolv.conf, or debconf parameters in /etc/network/interfaces. I understand it's because the router where this server is connected is partially IPv6 aware (connected to an IPv6 network, but without IPv6 configured). This package detects some kind of IPv6 dns, and starts overwtitting /etc/resolv.conf. But it was quite hard to find the trick. Most documentation about /etc/resolv.conf overwrite problems propose hooks and workarounds. I'm new in this list (it's why I copy/paste the meesage I reference). Sorry if there is a better place for this comment that I missed. Kindly, daniel
Re: OT: what do you know about Linux?
Juan R. de Silva composed on 2016-04-26 01:26 (UTC): On my desktop I still use and old keyboard with PS/2 connector. My mouse an USB one, so the mouse PS/2 port on motherboard remains free. A couple of days ago I had to reconnect my keyboard to motherboard. I was doing it in hurry and in the dark, just to the touch. Plugging a PS/2 keyboard connector into a motherboard port while the PC is powered up is a bad idea. Sometimes doing so can permanently render the motherboard port useless. A day later while restarting the machine I was surprised by message from BIOS:"No keyboard detected." However, when started, Debian had no trouble with my keyboard. It was fully functional. The Linux driver doesn't care which port the keyboard is plugged into. The motherboard BIOS does care, hence the warning at boot. Plugged into the wrong port, you can't use the keyboard to get into BIOS setup or anything else you might wish to key before the PC boots an OS. Today I had a minute to pull out my desktop tower and found that I mistakenly plugged keyboard connector into the mouse PS/2 port. Dejavu. There was a long thread almost a month ago here "Changing Boot Order" about using the wrong port. I wish to see Windows trying to swallow this. :-) Or I am outdated on Windows skills, am I? ??? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
OT: what do you know about Linux?
On my desktop I still use and old keyboard with PS/2 connector. My mouse an USB one, so the mouse PS/2 port on motherboard remains free. A couple of days ago I had to reconnect my keyboard to motherboard. I was doing it in hurry and in the dark, just to the touch. A day later while restarting the machine I was surprised by message from BIOS:"No keyboard detected." However, when started, Debian had no trouble with my keyboard. It was fully functional. Today I had a minute to pull out my desktop tower and found that I mistakenly plugged keyboard connector into the mouse PS/2 port. I wish to see Windows trying to swallow this. :-) Or I am outdated on Windows skills, am I?
Re: RECOMMEND: Wireless Home Router with VPN Built-In
On Mon, 25 Apr 2016, heqami...@runbox.com wrote: > > > On 04/25/2016 04:01 AM, Patrick Bartek wrote: > > What routers would you all recommend? And why? > > > > I reccommend ALIX APU1D4 from PC Engines > http://www.pcengines.ch/apu1d4.htm > > [snip] Never heard of it. But I'm finding in my searches, there are a lot of routers I've never heard of. ;-) Thanks. I'll take a look. B
Re: RECOMMEND: Wireless Home Router with VPN Built-In
On Mon, 25 Apr 2016, Lars Noodén wrote: > On 04/25/2016 05:01 AM, Patrick Bartek wrote: > > Hi! all, > > > > Toying with the idea of setting up a personal, that is, > > non-business, VPN for a device or two for those rare times I use > > public wifi. For improved security, mind you. Want to keep it > > simple, but it must work outside the U.S. (I foresee a change > > coming.) So, figured a new home router with the server built-in > > would be better than a for-charge (or free) VPN service. (After 8 > > years of continuous use, I'm getting nervous about my old router > > anyway, and want to replace it.) > > > > What routers would you all recommend? And why? > > > > Thanks. > > > > B > > > > I'd look at the list of routers that support OpenWRT or DD-WRT and > choose from that subset, if you want an off-the-shelf product. I have been considering that. Just started looking yesterday. Lots of routers out there. That's why I asked for recommendations. To narrow the field. > However, you can build a router with more normal hardware with full > Debian (or Devuan) and add what you like. I have an old Soekris > myself, though others might be more in fashion these days. Did check if I could flash my current router with DD-WRT, but, no, it's not supported. Too old. So that option is mute. Going to get a new router. It's time anyway. The old one is 8 years old! > Keep in mind that SSH can do a SOCKS proxy itself and thus you might > not even want to go to the trouble of setting up OpenVPN on top of > whatever you have. I just want something simple for security when I use public wifi on my phone or laptop for personal web and email. It doesn't have to be NSA-proof. ;-) But I'll look into that. Thanks for your input. B
Re: RECOMMEND: Wireless Home Router with VPN Built-In
Seconded (unless you can't) On Apr 25, 2016 8:29 PM, "Joel Wirāmu Pauling" wrote: > My advise stands. Use a VPN client on the end devices. > > On 26 April 2016 at 12:27, Patrick Bartek wrote: > >> On Mon, 25 Apr 2016, Joel Wirāmu Pauling wrote: >> >> > I don't suggestion running VPN (at least any with decent encryption ) >> > on the Wifi /AP. It will end up being a bottle kneck. i.E my Dual >> > core MIP's 680hz Wireless AC running openwrt can barely push 12mbit >> > through an AES tunnel. >> > >> > Keep the VPN endpoints on the more well endowed endpoints. If you >> > need it as a backup purely for getting into the router, then SSH is >> > fine. >> >> I'll be the only user on the VPN. It's mainly for when I use public >> wifi on my phone or laptop, for security. For Web and email mostly. >> I might use it to access my home machine, too, but that would be rarely. >> So, I'm not going to be moving large amounts of data over the >> connection. >> >> Thanks. >> >> B >> >> > On 25 April 2016 at 14:22, Paul Duncan wrote: >> > >> > > I have a Draytek Vigor 2820vn. Have had it for a few years now. >> > > Seems to be quite reliable. Has three types of WAN connectivity >> > > built-in - ADSL2+, Ethernet (for cable modems), and USB for mobile >> > > broadband dongles. And, as you requested, it does have a built-in >> > > VPN service and very configurable firewall. >> > > >> > > Now, this particular unit will never support IPV6, and I think they >> > > may have stopped making it now. If I was in the market for a router >> > > today, I would go for the Vigor 2830 series. It is IPV6 ready, and >> > > all four of its Ethernet ports are gigabit ports (only one is on >> > > the 2820). >> > > >> > > Anyway, I'm sure you will get *lots* of opinions about favourite >> > > hardware! >> > > >> > > Cheers, >> > > >> > > Paul. >> > > >> > > On Mon, Apr 25, 2016 at 3:01 AM, Patrick Bartek >> > > wrote: >> > > >> > >> Hi! all, >> > >> >> > >> Toying with the idea of setting up a personal, that is, >> > >> non-business, VPN for a device or two for those rare times I use >> > >> public wifi. For improved security, mind you. Want to keep it >> > >> simple, but it must work outside the U.S. (I foresee a change >> > >> coming.) So, figured a new home router with the server built-in >> > >> would be better than a for-charge (or free) VPN service. (After 8 >> > >> years of continuous use, I'm getting nervous about my old router >> > >> anyway, and want to replace it.) >> > >> >> > >> What routers would you all recommend? And why? >> > >> >> > >> Thanks. >> > >> >> > >> B >> >> >
Re: RECOMMEND: Wireless Home Router with VPN Built-In
My advise stands. Use a VPN client on the end devices. On 26 April 2016 at 12:27, Patrick Bartek wrote: > On Mon, 25 Apr 2016, Joel Wirāmu Pauling wrote: > > > I don't suggestion running VPN (at least any with decent encryption ) > > on the Wifi /AP. It will end up being a bottle kneck. i.E my Dual > > core MIP's 680hz Wireless AC running openwrt can barely push 12mbit > > through an AES tunnel. > > > > Keep the VPN endpoints on the more well endowed endpoints. If you > > need it as a backup purely for getting into the router, then SSH is > > fine. > > I'll be the only user on the VPN. It's mainly for when I use public > wifi on my phone or laptop, for security. For Web and email mostly. > I might use it to access my home machine, too, but that would be rarely. > So, I'm not going to be moving large amounts of data over the > connection. > > Thanks. > > B > > > On 25 April 2016 at 14:22, Paul Duncan wrote: > > > > > I have a Draytek Vigor 2820vn. Have had it for a few years now. > > > Seems to be quite reliable. Has three types of WAN connectivity > > > built-in - ADSL2+, Ethernet (for cable modems), and USB for mobile > > > broadband dongles. And, as you requested, it does have a built-in > > > VPN service and very configurable firewall. > > > > > > Now, this particular unit will never support IPV6, and I think they > > > may have stopped making it now. If I was in the market for a router > > > today, I would go for the Vigor 2830 series. It is IPV6 ready, and > > > all four of its Ethernet ports are gigabit ports (only one is on > > > the 2820). > > > > > > Anyway, I'm sure you will get *lots* of opinions about favourite > > > hardware! > > > > > > Cheers, > > > > > > Paul. > > > > > > On Mon, Apr 25, 2016 at 3:01 AM, Patrick Bartek > > > wrote: > > > > > >> Hi! all, > > >> > > >> Toying with the idea of setting up a personal, that is, > > >> non-business, VPN for a device or two for those rare times I use > > >> public wifi. For improved security, mind you. Want to keep it > > >> simple, but it must work outside the U.S. (I foresee a change > > >> coming.) So, figured a new home router with the server built-in > > >> would be better than a for-charge (or free) VPN service. (After 8 > > >> years of continuous use, I'm getting nervous about my old router > > >> anyway, and want to replace it.) > > >> > > >> What routers would you all recommend? And why? > > >> > > >> Thanks. > > >> > > >> B > >
Re: RECOMMEND: Wireless Home Router with VPN Built-In
On Mon, 25 Apr 2016, Joel Wirāmu Pauling wrote: > I don't suggestion running VPN (at least any with decent encryption ) > on the Wifi /AP. It will end up being a bottle kneck. i.E my Dual > core MIP's 680hz Wireless AC running openwrt can barely push 12mbit > through an AES tunnel. > > Keep the VPN endpoints on the more well endowed endpoints. If you > need it as a backup purely for getting into the router, then SSH is > fine. I'll be the only user on the VPN. It's mainly for when I use public wifi on my phone or laptop, for security. For Web and email mostly. I might use it to access my home machine, too, but that would be rarely. So, I'm not going to be moving large amounts of data over the connection. Thanks. B > On 25 April 2016 at 14:22, Paul Duncan wrote: > > > I have a Draytek Vigor 2820vn. Have had it for a few years now. > > Seems to be quite reliable. Has three types of WAN connectivity > > built-in - ADSL2+, Ethernet (for cable modems), and USB for mobile > > broadband dongles. And, as you requested, it does have a built-in > > VPN service and very configurable firewall. > > > > Now, this particular unit will never support IPV6, and I think they > > may have stopped making it now. If I was in the market for a router > > today, I would go for the Vigor 2830 series. It is IPV6 ready, and > > all four of its Ethernet ports are gigabit ports (only one is on > > the 2820). > > > > Anyway, I'm sure you will get *lots* of opinions about favourite > > hardware! > > > > Cheers, > > > > Paul. > > > > On Mon, Apr 25, 2016 at 3:01 AM, Patrick Bartek > > wrote: > > > >> Hi! all, > >> > >> Toying with the idea of setting up a personal, that is, > >> non-business, VPN for a device or two for those rare times I use > >> public wifi. For improved security, mind you. Want to keep it > >> simple, but it must work outside the U.S. (I foresee a change > >> coming.) So, figured a new home router with the server built-in > >> would be better than a for-charge (or free) VPN service. (After 8 > >> years of continuous use, I'm getting nervous about my old router > >> anyway, and want to replace it.) > >> > >> What routers would you all recommend? And why? > >> > >> Thanks. > >> > >> B
Re: Installation of openssh-client stops with error in groupadd
Hi.
On Mon, 25 Apr 2016 22:38:47 +0200
Michael Luecke wrote:
So, it all goes well, until it hits the wall:
> > Please post the output of:
> ...
>
> rename("/etc/group+", "/etc/group") = -1 EBUSY (Device or resource busy)
And this is another thing that could be useful to the future searches
of the archives:
> # mount
...
> /dev/sda3 on / type btrfs (rw,noatime,ssd,space_cache)
> ++
> # dmesg | tail
...
Does not have any scary 'force mounting / read-only', so it should be
all good.
> # lsattr /etc/group
> /etc/group
And no extended attributes (or SELinux, which is confirmed by strace
output) come into play.
So it all boils down to one failing syscall - rename(2). The manpage
does not cover such case - it talks about returning EBUSY if the source
or the target of rename are mountpoints (clearly not the case here).
So, let's start with something simple:
/bin/fuser /etc/group
/usr/bin/lsof /etc/group
Reco
Re: Installation of openssh-client stops with error in groupadd
> Please post the output of:
...
++
# strace /usr/sbin/groupadd -g 117 ssh
execve("/usr/sbin/groupadd", ["/usr/sbin/groupadd", "-g", "117", "ssh"],
[/* 25 vars */]) = 0
brk(0) = 0x7f17b521
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f17b432
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
close(3)= 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=44647, ...}) = 0
mmap(NULL, 44647, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f17b4315000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/x86_64-linux-gnu/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20*\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=113024, ...}) = 0
mmap(NULL, 2249344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f17b3ccd000
mprotect(0x7f17b3ce7000, 2093056, PROT_NONE) = 0
mmap(0x7f17b3ee6000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f17b3ee6000
mmap(0x7f17b3ee9000, 37504, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17b3ee9000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20c\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=142728, ...}) = 0
mmap(NULL, 2246896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f17b3aa8000
mprotect(0x7f17b3ac9000, 2097152, PROT_NONE) = 0
mmap(0x7f17b3cc9000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7f17b3cc9000
mmap(0x7f17b3ccb000, 6384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17b3ccb000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f17b4314000
mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f17b36fd000
mprotect(0x7f17b389f000, 2093056, PROT_NONE) = 0
mmap(0x7f17b3a9e000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7f17b3a9e000
mmap(0x7f17b3aa4000, 14880, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17b3aa4000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\27\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=448440, ...}) = 0
mmap(NULL, 2543976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f17b348f000
mprotect(0x7f17b34fb000, 2097152, PROT_NONE) = 0
mmap(0x7f17b36fb000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6c000) = 0x7f17b36fb000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0
mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f17b328b000
mprotect(0x7f17b328e000, 2093056, PROT_NONE) = 0
mmap(0x7f17b348d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f17b348d000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20o\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137440, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f17b4313000
mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f17b306e000
mprotect(0x7f17b3086000, 2093056, PROT_NONE) = 0
mmap(0x7f17b3285000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f17b3285000
mmap(0x7f17b3287000, 13456, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|M
Re: Installation of openssh-client stops with error in groupadd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Apr 25, 2016 at 09:33:45PM +0200, Michael Luecke wrote: > Hello, > > I have a fresh installation of Debian jessie. As I wanted to install > 'openssh-client' it stops with an error in groupadd [...] [...] > groupadd: failure while writing changes to /etc/group > addgroup: `/usr/sbin/groupadd -g 117 ssh' returned error code 10. Exiting. > dpkg: error processing package openssh-client (--configure): Three things come to mind: - the file system might be mounted read-only (perhaps as a consequence of errors). Mount -a would give the answer - the file(s) might have the immutable attribute set. You can find that out by doing an "lsattr /etc/group*" - some SELinux policy is playing games on you. On this, I must defer to more knowledgeable folks regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlceeJ8ACgkQBcgs9XrR2kbe2QCcD6E4sIBJ+3hetjQ+9QvyWoqb tEcAnApAXFq7ffey4QBiPJahlOyCUZMg =2OUd -END PGP SIGNATURE-
Re: Installation of openssh-client stops with error in groupadd
Hi. On Mon, 25 Apr 2016 21:33:45 +0200 Michael Luecke wrote: > Hello, > > I have a fresh installation of Debian jessie. As I wanted to install > 'openssh-client' it stops with an error in groupadd. It seems that I > cannot add any groups, because I get the error also when I try to add > the group manually. In /etc there are two files, group and group+. Their > difference is the ssh group I and apt tried to add before. ... > groupadd: failure while writing changes to /etc/group > addgroup: `/usr/sbin/groupadd -g 117 ssh' returned error code 10. Exiting. Please post the output of: strace /usr/sbin/groupadd -g 117 ssh mount dmesg | tail lsattr /etc/group Reco
Installation of openssh-client stops with error in groupadd
Hello, I have a fresh installation of Debian jessie. As I wanted to install 'openssh-client' it stops with an error in groupadd. It seems that I cannot add any groups, because I get the error also when I try to add the group manually. In /etc there are two files, group and group+. Their difference is the ssh group I and apt tried to add before. ++ michael@michael-wst:~$ sudo apt-get install openssh-client Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: ssh-askpass libpam-ssh keychain monkeysphere The following NEW packages will be installed: openssh-client 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 691 kB of archives. After this operation, 3,765 kB of additional disk space will be used. Get:1 http://security.debian.org/ jessie/updates/main openssh-client amd64 1:6.7p1-5+deb8u2 [691 kB] Fetched 691 kB in 0s (2,823 kB/s) Selecting previously unselected package openssh-client. (Reading database ... 57582 files and directories currently installed.) Preparing to unpack .../openssh-client_1%3a6.7p1-5+deb8u2_amd64.deb ... Unpacking openssh-client (1:6.7p1-5+deb8u2) ... Processing triggers for man-db (2.7.0.2-5) ... Setting up openssh-client (1:6.7p1-5+deb8u2) ... groupadd: failure while writing changes to /etc/group addgroup: `/usr/sbin/groupadd -g 117 ssh' returned error code 10. Exiting. dpkg: error processing package openssh-client (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: openssh-client E: Sub-process /usr/bin/dpkg returned an error code (1) ++ root@michael-wst:/etc# /usr/sbin/groupadd -g 117 ssh groupadd: failure while writing changes to /etc/group ++ root@michael-wst:/etc# ls -lh group* -rw-r--r-- 1 root root 813 Apr 25 20:45 group -rw--- 1 root root 813 Apr 25 20:45 group- -rw-r--r-- 1 root root 824 Apr 25 21:27 group+ ++ root@michael-wst:/etc# diff group group+ 56a57 > ssh:x:117: ++ //Michael
Re: Portable Debian?
On Mon, 25 Apr 2016 14:07:09 -0400 Steve Matzura wrote: > Joe: > > On Mon, 25 Apr 2016 15:17:08 +0100, you wrote: > > >I run ssh on a non-standard port, and my router redirects to 22 of > >my server, alternatively ssh itself will listen wherever you tell it > >to. > > That's probably what I should be doing. As you say, it keeps the logs > clean and the riff-raff at bay. > > >I have a sid installation on a portable USB [mechanical] hard drive > >which was installed as 32bit with all drivers, and therefore boots > >on just about any PC. I just plugged the drive into a 64bit desktop > >and made a new installation to the drive. > > That's the ticket, yes. I'll get me one of those USB-powered drives > and build an installation on it. > Portable USB SSDs seem to be slow in appearing, but I'm getting the occasional disc error, so I'm heading that way at some point. At the moment, Verbatim 128GB drives seem to be on the edge of affordability. I do use the drive a fair bit, as I couldn't face trying to dual-boot my Win8 laptop, though it was originally made as an exercise in running my netbook a bit faster than its unbelievably slow first-generation SSD could manage. > >You might get away with copying > >your existing installation if you have the right drivers installed > >to suit your target PCs. > > That's a chance I'd prefer not to take. It's easy enough to make > another piece of boot media as you suggest. > > So, do I start with the running installation and run something to > create the new media, or boot from the distro itself and create the > new system on the target USB device? I'd rather the former, as now > that I have everything running correct, I probably answered some basic > configuration questions wrong and corrected them later, so I'd prefer > not to have to go through that mess again unless it's really > necessary. > I've found that a minimal installation, then dpkg --get-selections and --set-selections and a bit of judicious /etc copying, to be a fairly painless way to get a clean near-copy of an existing installation. I migrated a server, I think lenny or squeeze, from 32bit to 64bit hardware that way, and it had years of configurations built up by then, having started life as sarge. I did actually try a straight copy and then an in-place 32bit to 64bit upgrade, but the complexity quickly outran my gumption, and I cheated. -- Joe
Re: Package maintainers, I feel like such an outsider
Wayne Booth wrote: > And, second (to a lesser degree for now) start the ball rolling in getting > my application into the repositories? > > Any help would be greatly appreciated. Interim you could provide a debian style repo for those 2 or more packages. There are many 2rd party repos out there. Just take the easy path until the steep one is complete. regards
Re: Thank heard.
On 25 April 2016 at 18:22, amd amd wrote: > All kernel 4.4.0-1 line was not working . Finally 4/24/2016 working day sid > was released with kernel 4.5.0-1 . 25.04.2016 stepped working week with the > same sid kernel 4.5.0-1 . > Fixed error when installing policykit - this is a breakthrough . > Thank you for the quality software . > > Phew to that! All's well that ends well I guess.. Regards MF
Re: Tip: [Solved] Correct password login fail when CAPS LOCK not on [SOLVED]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Apr 25, 2016 at 11:11:38AM -0500, David Wright wrote: [...] > A solution is to put a line: > > @reboot /sbin/kbdrate -r 2 -d 1000 > > into /root/crontab and then type > > # crontab /root/crontab A minor detail: I tend not to put system-wide things in a user's crontab, but in the system-wide crontabs under /etc/cron.d. For example put (a slightly modified version, see below) this line in a file /etc/cron.d/kbdrate. The /etc/cron* tables have an additional field, which user they are to be run under: @reboot root /sbin/kbdrate -r 2 -d 1000 regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlceYT0ACgkQBcgs9XrR2kZ4HwCdEE3zkgTQm+FWihlXJQR6AS6L EA8An2SoIumD/fqmbFRkfD8OvAhKOjE6 =AGuo -END PGP SIGNATURE-
Thank heard.
All kernel 4.4.0-1 line was not working . Finally 4/24/2016 working day sid was released with kernel 4.5.0-1 . 25.04.2016 stepped working week with the same sid kernel 4.5.0-1 . Fixed error when installing policykit - this is a breakthrough . Thank you for the quality software .
Re: Portable Debian?
Joe: On Mon, 25 Apr 2016 15:17:08 +0100, you wrote: >I run ssh on a non-standard port, and my router redirects to 22 of my >server, alternatively ssh itself will listen wherever you tell it to. That's probably what I should be doing. As you say, it keeps the logs clean and the riff-raff at bay. >I have a sid installation on a portable USB [mechanical] hard drive >which was installed as 32bit with all drivers, and therefore boots on >just about any PC. I just plugged the drive into a 64bit desktop and >made a new installation to the drive. That's the ticket, yes. I'll get me one of those USB-powered drives and build an installation on it. >You might get away with copying >your existing installation if you have the right drivers installed to >suit your target PCs. That's a chance I'd prefer not to take. It's easy enough to make another piece of boot media as you suggest. So, do I start with the running installation and run something to create the new media, or boot from the distro itself and create the new system on the target USB device? I'd rather the former, as now that I have everything running correct, I probably answered some basic configuration questions wrong and corrected them later, so I'd prefer not to have to go through that mess again unless it's really necessary.
Re: Sometimes "time shift" after resuming from suspend
On Mon, 25 Apr 2016 19:02:10 +0200 Michael Biebl wrote: > Fwiw, with recent Windows editions it should be ok to enable UTC. There > is a registry key which needs to be set. > Dunno though, if XP is recent enough. thanks, I didn't know that, seems like it's actually possible with XP, though there still seem to be a few pitfalls left (according to a quick web search). > For how long did the system sleep when this log message occurs? > This probably just means, that your hwclock drifted enough so the clock > needed adjustment. This doesn't seem to matter, the message is there even if I resume after some 20 seconds. Another observation I just made: I tested a simple script that will call ntpdate on resume to correct the broken change to the system time if necessary; for testing I called "date" to temporarily set the time one our backwards. When I the called systemctl hybrid-sleep it looked like the time was set *three* hours forward this time already while the suspend/hibernate was running, so it looks like systemd's suspend (or hibernate?) procedure is the evildoer here, not the resume. I figured that the additional hour in this try might be caused by the contents of /etc/adjtime that might have not been updated by my "date" call?! Anyway, I am still really puzzled how such an odd behavior is possible. Regards Michael .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. I thought my people would grow tired of killing. But you were right, they see it is easier than trading. And it has its pleasures. I feel it myself. Like the hunt, but with richer rewards. -- Apella, "A Private Little War", stardate 4211.8
ACPI message after installation of Debian 8.2.0
Hi, I have intalled Debian 8.2.0 on a Compaq Pressario CQ62. It seems to be working all right. But, there is a messag on startup saying: "ACPI: Expecting a [Package], found tyoe C" I googled on it it but could not find what it is about nor what to do about it. There is nothing in journalctl about this message while I thought journalctl contains all startup messages. Thanks for any help -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com
Re: Sometimes "time shift" after resuming from suspend
Am 25.04.2016 um 17:35 schrieb Michael Lange: > Hi, > > here (Jessie with systemd) occasionally after the system is resumed from > suspend mode the time is shifted forward by what appears to be exactly two > hours. This does not occur always on resume, just sometimes, with no > apparent reason. I have checked the syslog after this happened, but the > only lines I found concerning the change of system time are these: > > Apr 25 02:19:45 localhost systemd[1383]: Time has been changed > Apr 25 02:19:45 localhost systemd-sleep[2090]: System resumed. > > which are also there when the time was set correctly, so I guess they do > not mean anything. > > Now I suspect that the two-hour shift is related to the hardware clock > using local time instead of UTC (because of an existing WinXP Partition), Fwiw, with recent Windows editions it should be ok to enable UTC. There is a registry key which needs to be set. Dunno though, if XP is recent enough. > which is here CEST (UTC + 2hrs.).The timezone is set to Europe/Berlin > in /etc/timezone, in /etc/adjtime the respective line is set to LOCAL, > which I believe should be ok. I also doubt that a general faulty > configuration is responsible for the problem, since it happens only > sometimes, in most cases the system time is handled correctly. > > Anyway, I have no idea what might cause this strange behavior, a web > search did not show up something helpful either. > The command I use to suspend the system is usually > "systemctl hybrid-sleep", I don't think this makes a difference to a > "normal" suspend, though I am not 100% sure. > > Does anyone have an idea what might be the cause for this? For how long did the system sleep when this log message occurs? This probably just means, that your hwclock drifted enough so the clock needed adjustment. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Debian, Webmin, RPis, and browsers
I told this list a horrible lie a few week ago in a conversation about Webmin. A bit OT, but I apologize if some people were misled...I said Webmin was slow on the Raspberry Pi. That's not true. *Iceweasel's* slow on the RPi. Webmin is fine on fine on Raspian's default browser. Unfortunately, that browser doesn't do frames, and Webmin does, so half of Webmin is missing. Most of the lightweight browsers don't, I found out. Except for Evacuation or whatever Gnome is calling it this week. Web? Evince? Evacuation's quite a bit faster than Iceweasel on an RPi3, but installing it brings in an awful lot of Gnome bling. I'm on XFCE to get rid of that stuff.But there's a browser that does frames, starts up quickly, is real fast, and is relatively lightweight: Luakit. It's kind of strange if you aren't a Lua programmer -- a lot of configuring is done by futzing with Lua code files in /etc, and a lot of its commands are CLI from Vim. It feels like a lynx that's been dragged kicking and screaming into the GUI world so it can display pictures.It's supposed to be for people (from the home page) "that have a too much time on their hands." But it does Webmin 1.78 magnificently right out of the box, with Jessie Raspian.I'm using it now just for Webmin, and Iceweasel for pretty things, until I get used to Luakit. It's very cool, but it doesn't have Iceweasel's plug-ins, like adblocker, out of the box (I had no idea what's happened to the web in the last 15 years). That's not a problem running Webmin, and there's likely something in all that code in /etc that will do it, but I don't know enough Lua yet...Anyway. I think Luakit is what you're looking for to run Webmin on the RPi (I haven't tested it for purity at w3c, but it's good enough for Webmin). Gnome's browser will also work, but it brings with it more garbageBits than I care for. None of the other RPi-worthy browsers I looked at will do at all.-- Glenn English
Re: Tip: [Solved] Correct password login fail when CAPS LOCK not on [SOLVED]
On Thu 21 Apr 2016 at 11:44:59 (-0400), Cindy-Sue Causey wrote:
[ ... much snipping ... ]
> My accidental discovery of this particular error fix is BECAUSE I
> personally next do the same, meaning drag my own Fingertips a split
> extra nano-second too long, when I'm then typing in the next *visually
> viewable* command (in tty1). For my personal #Debian use, that command
> is:
>
> startx.
There's a good reason *not* to put startx into your muscle memory:
it'll prevent your accidentally starting X as root. Just alias it to
something easy, like xxx. So, for example, I have it defined as a
bash function:
function xxx {
local TIMESTAMP=$(date +%Y-%m-%d-%H-%M-%S)
# normally we empty the file first...
: >| "$HOME/.xsession-errors"
# ... but write a marker to find each invocation when not emptied
printf '%s\n' "zzzyyyxxx $HOSTNAME $TIMESTAMP" >> "$HOME/.xsession-errors"
/usr/bin/X11/startx >> "$HOME/.xsession-errors" 2>&1 &
}
But that's a side-issue...
> What it's *most likely* about is something to do with the most
> default, universal of settings *potentially* defined at the top of the
> whole login process default order. If it's not consciously defined by
> developers as a default, then it's something innate within our
> systems.
Yes, the kernel AIUI sets the keyboard repeat rate to maximum.
> After we each actually enter our chosen desktop environments, that
> type of user definable custom setting is then found under something
> fairly universal like Applications > Settings > Mouse and Touchpad..
>
> *BUT*those settings do NOT take effect until our individual users
> *successfully* sign in [...]
>
> Occasionally those password fails boil down to minute keyboard click
> drag... and [...] we have a tendency to drop down to the elementary level
> of one finger hunt-and-peck. Our keyboard clicks become a more
> meticulous poke-poke-poke that tends to eliminate the causative
> keyboard drag in the process.
A solution is to put a line:
@reboot /sbin/kbdrate -r 2 -d 1000
into /root/crontab and then type
# crontab /root/crontab
to activate it. When you next boot up, the keyboard repeat rate will
be dead slow. (Tune those numbers to taste.) X will be unaffected.
Note that it can take a second or two after the _first_ login prompt
appears before the new speed kicks in.
# crontab -l
will check that root's crontab file is activated.
Cheers,
David.
Re: Package maintainers, I feel like such an outsider
Hi, debian-ment...@lists.debian.org not debian-ment...@debian.org Have a nice day :) Thomas
Re: Package maintainers, I feel like such an outsider
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Apr 25, 2016 at 02:02:26PM +, Wayne Booth wrote: > Hi all, > > Sorry for this little lost sheep mail, but even after pouring over the > documentation many times, I really cant find a solution to my issue. The Debian Mentors mailing list [1] might be what you're looking for. Be sure to have a look at the corresponding FAQ [2]. Many links there, including an IRC channel for quick questions. HTH [1] https://lists.debian.org/debian-mentors/ [2] https://wiki.debian.org/DebianMentorsFaq - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlcePvQACgkQBcgs9XrR2kbOCACfZOnJ+NCax8WTsKQzaOR+acdS puEAniFK7N02nZ4a2Y5I3+UwI2vf8Dki =280Z -END PGP SIGNATURE-
Re: Package maintainers, I feel like such an outsider
Hi,
> it seems to me that I need to have some
> of relationships with people at Debian, that have access. (?)
People without Debian rank need a sponsor who is Debian Developer.
I was already in contact with DDs when i began my carreer as Uploader.
But actually i found my sponsor here, on debian-user list.
For the general case there is the mailing list
debian-ment...@debian.org
with its RFS bug posting protocol. See for an introduction
http://mentors.debian.net/intro-maintainers
One will expect that you install a Debian Sid ("unstable") system
in VM or on real iron and learn from
https://www.debian.org/doc/manuals/maint-guide/index.en.html
https://www.debian.org/Bugs/Developer
https://www.debian.org/doc/manuals/developers-reference/
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751916
> to get the "pHash" re-included into the repositories?
The first step would be to retrieve the old Debian packaging
equipment and to get it to work with producing .deb packages
on your Debian Sid system.
E.g. from
https://sources.debian.net/src/libphash/0.9.4-1.2/debian/
or from the links like
https://tracker.debian.org/media/packages/libp/libphash/control-0.9.4-1.2
in the "versioned links" section of
https://tracker.debian.org/pkg/libphash
You will also have to counter the first two reasons from the removal
bug report. (I.e. provide a new contemporary upstream version and your
commitment to care for bugs and other external needs.)
> And, second (to a lesser degree for now) start the ball rolling in getting
> my application into the repositories?
You will learn a lot on the way to get the first goal fulfilled.
Hopefully this will enable you to found a new package.
(I myself took over my existing upstream packages last year from its
former maintainer. He handed mailing list and SVN repository to me.
So i never had to start a package from scratch.)
Have a nice day :)
Thomas
Re: Package maintainers, I feel like such an outsider
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 25 Apr 2016 14:02:26 + Wayne Booth wrote: >Hi all, > >Sorry for this little lost sheep mail, but even after pouring over the >documentation many times, I really cant find a solution to my issue. > >I'm a developer of some 3rd party applications, one of which is getting >some traction with a wider audience. For some time I've looked at >documentation and articles about how to get a package into the Debian >repositories. Unfortunately, with no luck - since it seems to me that I >need to have some of relationships with people at Debian, that have access. >(?) > >Recently, I found that one of the libraries I use has just dropped off the >Debian repositories ( >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751916). This kills the >USP for my application. I can provide a .deb to my users for my app, but >cannot for the requisite libraries. > >So, my question is this. Is there anything I can do, as someone with no >special merit or connections at Debian, but with time, technical skill and >the motivation to see this happen, to get the "pHash" re-included into the >repositories? > >And, second (to a lesser degree for now) start the ball rolling in getting >my application into the repositories? > >Any help would be greatly appreciated. > >Regards. > >Wayne Booth. You might have more luck with the Debian Developers instead of the users. Most of us here have nothing to do with getting a new package accepted. Sometimes the devs do look in on us, though. Try one of the developer lists, if possible: https://lists.debian.org/devel.html - -- Charlie Kravetz Linux Registered User Number 425914 [http://linuxcounter.net/user/425914.html] Never let anyone steal your DREAM. [http://keepingdreams.com] -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJXHjWeAAoJEIqui46mydCA9h4H/0aep7pOwjx/wxiThLmK4RG8 P/OVNnPfabEKe2X5PiaO2ohYW9A7qKZgm8OHA9rBftLUF3DRtwfHFbkBV5MsOULU eMTRDjfVPxxpQnXIIC7e+8j1cxBRkrsMwMoSPIYZQt+WnDtt392b4C6npfdqvDbq LFV8i/pcYcNMZGOncd5bJnJibCegwqqW8aUyymw03F6ypqrv8cDX7IXfBadiUFmd jnyy29VBJJwp2yeITVa8shLS+YRREIA2lPtKoAAq7ktCXhJhcb1a2trD32pZWqif mnF0XE3DIH5EUqf22PmMHUhiUkQkKG0evazS3cGzSnbMBVrh5kS1afXSX+2uqz4= =cr5N -END PGP SIGNATURE-
Sometimes "time shift" after resuming from suspend
Hi, here (Jessie with systemd) occasionally after the system is resumed from suspend mode the time is shifted forward by what appears to be exactly two hours. This does not occur always on resume, just sometimes, with no apparent reason. I have checked the syslog after this happened, but the only lines I found concerning the change of system time are these: Apr 25 02:19:45 localhost systemd[1383]: Time has been changed Apr 25 02:19:45 localhost systemd-sleep[2090]: System resumed. which are also there when the time was set correctly, so I guess they do not mean anything. Now I suspect that the two-hour shift is related to the hardware clock using local time instead of UTC (because of an existing WinXP Partition), which is here CEST (UTC + 2hrs.).The timezone is set to Europe/Berlin in /etc/timezone, in /etc/adjtime the respective line is set to LOCAL, which I believe should be ok. I also doubt that a general faulty configuration is responsible for the problem, since it happens only sometimes, in most cases the system time is handled correctly. Anyway, I have no idea what might cause this strange behavior, a web search did not show up something helpful either. The command I use to suspend the system is usually "systemctl hybrid-sleep", I don't think this makes a difference to a "normal" suspend, though I am not 100% sure. Does anyone have an idea what might be the cause for this? Best regards Michael .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. Those who hate and fight must stop themselves -- otherwise it is not stopped. -- Spock, "Day of the Dove", stardate unknown
Package maintainers, I feel like such an outsider
Hi all, Sorry for this little lost sheep mail, but even after pouring over the documentation many times, I really cant find a solution to my issue. I'm a developer of some 3rd party applications, one of which is getting some traction with a wider audience. For some time I've looked at documentation and articles about how to get a package into the Debian repositories. Unfortunately, with no luck - since it seems to me that I need to have some of relationships with people at Debian, that have access. (?) Recently, I found that one of the libraries I use has just dropped off the Debian repositories ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751916). This kills the USP for my application. I can provide a .deb to my users for my app, but cannot for the requisite libraries. So, my question is this. Is there anything I can do, as someone with no special merit or connections at Debian, but with time, technical skill and the motivation to see this happen, to get the "pHash" re-included into the repositories? And, second (to a lesser degree for now) start the ball rolling in getting my application into the repositories? Any help would be greatly appreciated. Regards. Wayne Booth.
Re: Portable Debian?
On 25/04/2016 11:21, Steve Matzura wrote: My system that I built late last year/early this year is running great, except for the occasional overrun of inbound ssh from such addresses as 59.*.*.*, 213.*.*.* and others, but that's only because I have not put any blockers in place, either on my home gateway device or my Debian system, but that one's on me. I run ssh on a non-standard port, and my router redirects to 22 of my server, alternatively ssh itself will listen wherever you tell it to. I'm well aware, before anyone jumps in, that this provides *no* *extra* *security*, but it certainly keeps the logs clean. > I have no GUI desktops installed, I run completely from CLI and use Speakup for all of it, including and especially Image for Linux for backup and restore, which I use on all my Windows machines.. I'd like to take the installed Debian system as it is, write it to a CD or DVD, and use that as a talking backup/restore disc. Is this possible? Or should I create a new installation and write it to an ISO image, or just what should I do to accomplish the goal of creating a basic talking Debian shell environment that includes a licensed IFL? I have a sid installation on a portable USB [mechanical] hard drive which was installed as 32bit with all drivers, and therefore boots on just about any PC. I just plugged the drive into a 64bit desktop and made a new installation to the drive. You might get away with copying your existing installation if you have the right drivers installed to suit your target PCs. I have done it with USB sticks, but they tend to be slow and unreliable, and not bootable everywhere. I've no doubt it could be done with a CD image, but I'd be afraid that such an installation, being non-writable, might have limitations of usage that a drive-based one would not. I'm more comfortable having something that behaves exactly like a desktop installation would, with persistent log files, email cache, etc., and where I can make small configuration changes without rebuilding and burning a new disc. And of course, more PCs are appearing without optical drives, particularly laptops. -- Joe
Re: Firewall - basic config?
On Apr 23, 2016 3:54 PM, "Joe" wrote: > . > > You might also try iptables -S which will list the rules in the form > that you would enter by hand as arguments to the iptables command. It is > a different view, and you may see things that are less obvious in the > -L view. > I'm guessing -S is the same as iptables-save...? If so, then yes that's the way to look at rules and what you want to paste when asking for help. There are two times when I went nL output - when testing and want a delete number (so with the --line-numbers option) and when I think a table is useless and want to call reference count. That's literally it. Otherwise you probably want to see the rules closer to how the kernel does. Also, if you script your restore (I'm guessing ufw handles this... properly) do use a restore file vs looping the iptables command for each rule - besides being proper, it's also a *hell* of a lot faster. > Remember that IPv6 is alive and well in quite a lot of hardware these > days, and there is an ip6tables to deal with it. > Ie, unless you're using it, disable it (both with ip6tables and blacklist modules)
Re: google-chrome-stable - no longer functional
On Mon, Apr 25, 2016 at 08:49:26AM -0400, Kenneth Jacker wrote: > Follow-up question: when "installing the packages that are needed", from > where are they obtained? > > >From the same directory as that containing the ".deb" file, from an > Internet archive or from my local /var/cache/apt/archives or ??? Apt will check to see what the version is in its apt-sources, so that will be an FTP mirror if you've set up apt to use them. If it already had that version in /var/cache/apt/archives I believe it will re-use it.
Re: google-chrome-stable - no longer functional
Follow-up question: when "installing the packages that are needed", from where are they obtained? >From the same directory as that containing the ".deb" file, from an Internet archive or from my local /var/cache/apt/archives or ??? Thanks again, -Kenneth On Mon, Apr 25, 2016 at 8:42 AM, Kenneth Jacker wrote: > Next time try "sudo gdebi google-chrome-stable_49.0.2623.75-1_amd64.deb". >> It should install the packages needed if they are available. >> > > OK, thanks for the "tip"! > > -Kenneth > >
Re: google-chrome-stable - no longer functional
> > Next time try "sudo gdebi google-chrome-stable_49.0.2623.75-1_amd64.deb". > It should install the packages needed if they are available. > OK, thanks for the "tip"! -Kenneth
Re: on-demand mounting of filesystems via Systemd (e.g. /backup)
On Mon, Apr 25, 2016 at 04:11:02AM +1000, Andrew McGlashan wrote: > systemd continues to cause much more trouble than it is worth for so > many people -- I really wish it wasn't so, but it truly is so. :( Since I started this thread, I might as well speak up here: I am very aware of your feelings about systemd, and re-iterating them doesn't help you, me or anyone else. I'd appreciate it if you would not hijack my threads. -- Jonathan Dowland Please do not CC me, I am subscribed to the list.
Portable Debian?
My system that I built late last year/early this year is running great, except for the occasional overrun of inbound ssh from such addresses as 59.*.*.*, 213.*.*.* and others, but that's only because I have not put any blockers in place, either on my home gateway device or my Debian system, but that one's on me. I have no GUI desktops installed, I run completely from CLI and use Speakup for all of it, including and especially Image for Linux for backup and restore, which I use on all my Windows machines.. I'd like to take the installed Debian system as it is, write it to a CD or DVD, and use that as a talking backup/restore disc. Is this possible? Or should I create a new installation and write it to an ISO image, or just what should I do to accomplish the goal of creating a basic talking Debian shell environment that includes a licensed IFL? As always, thanks in advance for any and all suggestions.
Re: Dealing with library dependencies
On Mon, 2016-04-25 at 09:04 +0200, Martin Hanson wrote: > Hi, > > I was thinking about getting the game Alien Isolation, but running a > "strace" at a friends installation showed that the game required > libssl.1.0.0, but I am running Debian Stretch which has libssl.1.0.2. > Also other similar libraries are off on version number. > > How does one handle such an issue? > > Downgrading to jessie is not an option as I have other stuff that > requires newer libraries, hence the original need for stretch. > > Should one simply create a symbolic link from libssl.1.0.2 to > libssl.1.0.0? Would that even work? > > I don't understand why library dependencies doesn't come with the > games themselves in some in-game directory so as to make it more > independent upon Linux distribution etc. > > Anyway, feedback, help, and suggestions would be greatly appreciated. This is a Steam game right? Steam does come with libraries so I doubt it will be a problem. I'm running Steam on sid and haven't had any problems. (Haven't tried that particular game though). I believe you can buy it and if it doesn't work, get a full refund? -- Cheers, Sven Arvidsson http://www.whiz.se PGP Key ID 6FAB5CD5 signature.asc Description: This is a digitally signed message part
Re: Failed installs
On 19 April 2016 at 22:04, pcr1 wrote: > Yes and that works fine. I've ordered a new drive to see if that helps. > PCR > If your current drive works with Ubuntu, why not try installing ubuntu first in one partition and then debian in a second one. This sounds a bit voodoo like but maybe debian will prefer sitting on a different region of the disk - and then work OK. Regards MF > > > On 04/19/2016 05:53 AM, Michael Fothergill wrote: > > > > On 18 April 2016 at 18:12, pcr1 wrote: > >> I have for some time been, and after many attempts remain, unable to >> install Debian, which I previously have used for many years. The failures >> occur during "select and install", about a third of the way through, but >> not always at the same place. My terabyte disk is partitioned with /boot >> of 1gB, / of 500 gB, 16 gB of swap, and the rest as /home, with about 200M >> not used. I have 8 gB of ram. Ubuntu-gnome installs easily and functions >> correctly. >> >> If you can suggest anything I would appreciate it. This is just >> bewildering to me. Thanks, >> >> > Have you tried a live cd with debian on it? > > Regards > > MF > > > > > > > -- Climostat Ltd Rm 5169 The Heath Business & Technical Park The Heath Runcorn Cheshire WA7 4QX Tel. 01 928 515 015
Dealing with library dependencies
Hi, I was thinking about getting the game Alien Isolation, but running a "strace" at a friends installation showed that the game required libssl.1.0.0, but I am running Debian Stretch which has libssl.1.0.2. Also other similar libraries are off on version number. How does one handle such an issue? Downgrading to jessie is not an option as I have other stuff that requires newer libraries, hence the original need for stretch. Should one simply create a symbolic link from libssl.1.0.2 to libssl.1.0.0? Would that even work? I don't understand why library dependencies doesn't come with the games themselves in some in-game directory so as to make it more independent upon Linux distribution etc. Anyway, feedback, help, and suggestions would be greatly appreciated. Kind regards, Martin
Re: Failed installs
On Mon, Apr 18, 2016 at 11:12:12AM -0600, pcr1 wrote: > I have for some time been, and after many attempts remain, unable to install > Debian, which I previously have used for many years. The failures occur > during "select and install", about a third of the way through, but not > always at the same place. My terabyte disk is partitioned with /boot of > 1gB, / of 500 gB, 16 gB of swap, and the rest as /home, with about 200M not > used. I have 8 gB of ram. Ubuntu-gnome installs easily and functions > correctly. > > If you can suggest anything I would appreciate it. This is just bewildering > to me. Thanks, Reminds me of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794410
Automount usb device with systemd (Re: on-demand mounting of filesystems via Systemd (e.g. /backup))
On Wednesday 20 April 2016 15:49:00 Jonathan Dowland wrote: > Anyway, in the past I've read some useful tips for using Systemd on this > list, so here's the blog post should it be of any interest: > > https://jmtd.net/log/mount_on_demand_backups/ Thanks. Here's my small contribution for a similar issue: http://ddumont.wordpress.com/2016/04/24/automount-usb-devices-with-systemd/ Let's hope we'll see more on the subject to help people understand systemd. All the best -- https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/ http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
Re: google-chrome-stable - no longer functional
On 21 April 2016 at 23:45, Kenneth Jacker wrote: > > ># dpkg -i google-chrome-stable_49.0.2623.75-1_amd64.deb > > > Next time try "sudo gdebi google-chrome-stable_49.0.2623.75-1_amd64.deb". It should install the packages needed if they are available. Regards Johann -- Because experiencing your loyal love is better than life itself, my lips will praise you. (Psalm 63:3)
Re: RECOMMEND: Wireless Home Router with VPN Built-In
On 04/25/2016 04:01 AM, Patrick Bartek wrote: > What routers would you all recommend? And why? > I reccommend ALIX APU1D4 from PC Engines http://www.pcengines.ch/apu1d4.htm used the old version for years. WHY? you can choose you own OS. Debian? ipfire? pfsense? openwrt? whatever? you can use openvpn without problem, new version has avery fast cpu to encrypt/decrypt at full speed very durable, flexible bios opensource very low powerconsumption I suggest alix or a desktop pc with at least 2 NIC and 1W-NIC, but alix is the best choice Hope it help
Re: Dealing with library dependencies
Hi. On Mon, Apr 25, 2016 at 09:04:11AM +0200, Martin Hanson wrote: > Hi, > > I was thinking about getting the game Alien Isolation, but running a "strace" > at a friends installation showed that the game required libssl.1.0.0, but I > am running Debian Stretch which has libssl.1.0.2. Also other similar > libraries are off on version number. > > How does one handle such an issue? Rebuilding it from the source usually helps. > Should one simply create a symbolic link from libssl.1.0.2 to libssl.1.0.0? > Would that even work? No. libssl is (in)famous for its unstable API and ABI, and the names are different for this very reason. > I don't understand why library dependencies doesn't come with the games > themselves in some in-game directory so as to make it more independent upon > Linux distribution etc. Security concerns, mostly. Every time one ships a library like that one should take a responsibility of tracking every vulnerability in the library *and* update it accordingly. Else the user of the software is left at the mercy of malware and blackhats :) And if the authors of Alien Isolation really cared about Linux distribution independence - they'd use GNUTLS instead of OpenSSL. Reco
Re: RECOMMEND: Wireless Home Router with VPN Built-In
On Mon, 25 Apr 2016 07:48:50 +0300 Lars Noodén wrote: > > Keep in mind that SSH can do a SOCKS proxy itself and thus you might > not even want to go to the trouble of setting up OpenVPN on top of > whatever you have. > Yes, I use ssh if I only want a couple of TCP protocols into my home network, and OpenVPN for web browsing outside. I think it is the latter which motivates the OP. -- Joe
Re: Dealing with library dependencies
Le septidi 7 floréal, an CCXXIV, Martin Hanson a écrit : > I was thinking about getting the game Alien Isolation, but running a > "strace" at a friends installation showed that the game required > libssl.1.0.0, but I am running Debian Stretch which has libssl.1.0.2. Also > other similar libraries are off on version number. > > How does one handle such an issue? Rebuild from source. The two versions are source-compatible. Regards, -- Nicolas George signature.asc Description: Digital signature
