Re: Certificats SSL

2016-07-21 Thread Vincent Bernat 
 ❦ 21 juillet 2016 19:40 CEST, "Ph. Gras"  :

> il faut que je crée un certificat sur un serveur hébergé chez Gandi :
> https://wiki.gandi.net/fr/ssl/csr
>
> La commande que je dois exécuter est indiquée dans la page HTML :
>  openssl req -nodes -newkey rsa:2048 -sha256 -keyout monserveur.key -out 
> serveur.csr
>
> Ma question est quand j'exécute cette commande, est-ce que le fichier du 
> certificat va se
> placer dans /etc/ssl/certs où que je l'exécute, et la clé dans
> /etc/ssl/private ?

Les deux fichiers mentionnés dans la commande se retrouveront dans le
répertoire en cours. Il n'y a pas encore de certificat à cette étape
(c'est Gandi qui le fournira après leur avoir donné le CSR).
-- 
Clothes make the man.  Naked people have little or no influence on society.
-- Mark Twain


signature.asc
Description: PGP signature

Re: boot times out after dist-upgrade on Stretch

2016-07-21 Thread Borden Rhodes 
During the 90 second wait before my boot times out, I dropped into a
debug-shell and ran `systemctl list-units`. This was the output:
http://paste.debian.net/783995/ (good for 3 days). Of curiosity is
that the other dev-mapper-LVG... devices show that they're inactive
except for dev-mapper-LVG\x2droot.device, which makes sense since this
is given a pass of 1 in /etc/fstab. What sorts of operations would be
running on dev-mapper-LVG\x2droot.device so I can isolate which one
might be hanging up? Also note in the dump that -.mount is both active
and successfully mounted, which may explain why, even after the
dev-mapper-LVG... processes time out that the debug-shell still shows
a properly-mounted filesystem.

I suspected it might be fsck but disabling it both from fstab (pass=0)
and the kernel command line (fsck.mode=skip) didn't work. What else
can I check?

On 19 July 2016 at 02:54, Borden Rhodes  wrote:
> Thank you for your message, Michael, and please forgive the delay in 
> responding.
>
> I tried booting with the 4.5 kernel after 4.6 failed to boot. It
> seems, by then, that the damage had been done as I got identical
> symptoms on both boots. I agree with you that the cryptsetup/LVM is to
> blame (although I'd blame LVM more).
>
> The hypothesis to test multi-user.wants came from being able to boot
> into single user mode without incident and isolate default.target once
> I'm in single user mode. I can also isolate default.target from the
> early debug shell.
>
> I tried to follow your advice. It seems that my box could accurately
> identify the partitions from `ls`-ing through the /dev directory and
> seeing everything set up correctly. fstab and crypttab also seem to be
> intact during the hangup.
>
> I ran `udevadm info` on everything I could find in /sys/class/block/
> the settings you told me to check are as follows:
> ./dm-0 (mapper/sda5_crypt): SYSTEMD_READY=1; TAGS=:systemd:
> ./dm-1 (mapper/LVG-root): TAGS=:systemd: (SYSTEMD_READY is not present)
> ./dm-2 (mapper/LVG-var): TAGS=:systemd: (SYSTEMD_READY is not present)
> ./dm-3 (mapper/LVG-tmp): TAGS=:systemd: (SYSTEMD_READY is not present)
> ./dm-4 (mapper/LVG-home): TAGS=:systemd: (SYSTEMD_READY is not present)
> ./sda: TAGS=:systemd: (SYSTEMD_READY is not present)
> ./sda1 (/boot): TAGS=:systemd: (SYSTEMD_READY is not present)
> ./sda5 (crypttab/LVM partition): TAGS=:systemd: (SYSTEMD_READY is not present)
>
> I hope that's legible. I can pastebin the full output for each of
> those commands if it helps.
>
> For kicks and giggles, I ran `sudo lvmconfig --type diff` which yielded
> devices {
> cache_dir="/run/lvm"
> }
> I'm grasping at straws so I don't know if this is relevant or not.
>
> With thanks,
>
> By-the-by, since it's been a while since I've been able to tackle
> this, here's the rest of the e-mail thread for context:
> https://lists.debian.org/debian-user/2016/06/msg00670.html

Re: Debian 8. keine Ahnung....

2016-07-21 Thread Johann Klammer 
On 07/21/2016 03:50 PM, D.G. Falk wrote:
> moin moin   ...   oder   Guten Tag
> 
> Ich habe mich an Ihren Debian DVD's versucht ... nach 2 Wochen und
> ca. 5 Installationen pro Tag (sorry Versuche) läuft es nun
> etwas.. Bei der Installation bleibt die Soft doch des
> öfteren stecken... niemals ein Disk ins Laufwerk stecken
> ... grrr   und bei Fehlern immer alles neu formatieren und neu
> anfangen - sonst wird es nie was.. getestet!!.   Ach was war doch
> die alte DLD toll - installieren und alles funktionierte. Na ja
> . Das scheinbar nicht lösbare Problem ist aber Icedove. Einmal
> beim Passwort vertan und gespeichert scheint das nicht mehr
> änderbar Das nenne ich "Mist in Tüten"!!! Wenn das pwd schon
> nicht änderbar ist - dann sollte das Konto wenigstens löschbar sein -
> ist das vorgesehen? -> next try  :o( Das Exportieren der Konten (usw)
> ist scheinbar nicht vorgesehen (ich hab nichts gefunden). Ist es
> somit zwingend den ganzen 'Kram' zu deinstallieren und neu zu
> beginnen? - äh   nützt das überhaupt etwas? Warum kann ich
> das pgm nicht allen Nutzern (incl Inhalten) nutzbar machen? Währe für
> mich super sinnvoll
> 
Ich glaube die profile sind unter ~/.mozilla/firefox
Versuchen Sie die zu loeschen. 

> Also ich habe zu uralten Zeiten das bnos unter old dos gebastelt -
> ich hätte mich nicht getraut so ein System als Relaise rauszugeben.
> Max als erster Entwurf - aber das scheint bei allen Dist- von dem
> System der Fall zu sein. Ach was währe eine richtige alternative zu
> Win doch schön..und toll.   davon träume ich
> schon über 30 Jahre :o(((
Ja, das ist ganz normal mit Linux. 

> 
> Vielleicht haben Sie ja Ideen wer das mal in die Gänge bekommt - oder
> wenigstens die Programme Nur der Kernel läuft meistens immer
> weiter.
> 
> Ach ja    Ich habe den Screensaver deaktiviert - nur das er immer
> noch zuschlägt - nicht mal das funktioniert.
> 
xset -dpms s off
(in einem xterm eingeben)
Eines is der stromspar modus, das andere bildschirmschoner. 
Als Faustregel scheint zu gelten, das die grafischen
konfigurationsmenues der div. Desktopumgebungen ungeeignet sind 
um systemeinstellungen zu aendern. Das wichtige Zeugs geht meist nur 
ueber files in /etc oder die konsole. 
vielleicht die manpages lesen und das zeug in /usr/share/doc...(nicht alles)

> Sorry - soll nicht unbedingt Meckern sein - aber schon ein Aufschrei
> nach einem funktionierenden und bedienbarem System. Bitte entwickelt
> doch mal bis zum Ende und macht dann erst eine neue Version draus.
> (zu Ende: Alle Funktionen machen was sie sollen!) Und guckt mal über
> den Tellerrand! Neues gibt es dann immer wieder.
Das wird nie passieren. 
Es ist ja nicht so, dass die Software von Debian entwickelt wird. 
Das tun meist Akademiker und Hobbyisten. 
Wenn Sie was aendern wollen, sollten Sie Bug Reports schreiben. 
Sind E-mail basiert 

> 
> Grüße D. G. Falk
> 
> Ich erwarte nicht unbedingt eine Antwort.
Pech gehabt...

Re: Squid + Squidguard + FTP

2016-07-21 Thread Julio 

O Certo é liberar o destino ao invés de liberar a porta para todos.

Em 21-07-2016 16:37, Gabriel Ricardo escreveu:

Essa sequencia de linhas deve ajudar:

#MODULOS FTP
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

#LIBERA TUDO QUE FOI RELACIONADO/ESTABELICIDO
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#FTP SEM PASSAR PELO PROXY
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
iptables -t nat-A POSTROUTING -p tcp --dport 21 -j MASQUERADE




Atenciosamente,
*Gabriel Ricardo*
Fone: +55 41 88817828
Skype: gabriel.nerdworkti


Em 21 de julho de 2016 14:40, Fagner Patricio 
> escreveu:


Olá Gabriel, obrigado pela dica, essa regra que você postou do
IPTABLES é a regra para liberar o acesso ao FTP sem passar pelo squid?

Em qua, 20 de jul de 2016 às 16:19, Gabriel Ricardo
> escreveu:

Existem ftps que utilizam o modo passivo e utilizam outras
portas para comunicação...

Explicação básica:
http://wiki.locaweb.com.br/pt-br/FTP_Passivo_(PasvMode)_vs_FTP_Ativo



Pode ser esse motivo que não consegue estabelecer conexões.

No meu caso eu não utilizo proxy para protocolo FTP, faco nat
direto e também libero conexões relacionadas para tal caso.


http://explainshell.com/explain?cmd=iptables+-A+INPUT+-m+state+--state+ESTABLISHED%2CRELATED+-j+ACCEPT

Atenciosamente,
*Gabriel Ricardo*
Fone: +55 41 88817828 
Skype: gabriel.nerdworkti


Em 20 de julho de 2016 14:55, Fagner Patricio
>
escreveu:

Pessoal, não estou conseguindo fazer o protocolo FTP
funcionar com minha configuração do squid + squidguard,
alguém pode me ajudar?

Estou mandando em anexo meu squid.conf e meu squidguard.conf

Não vou colocar meu squidguard.conf no corpo do e-mail
porquê ele é bem grande mas meu squid.conf está assim:

##
#
#Configuracao criada por Fagner Zelo de Almeida Patrício
#Data de aplicação no cliente: 08/03/2013
#Versão do script: 0.9
#Data da ultima alteração: 08/03/2013
#Script projetado para o sistema de proxy implantado na(o)
cliente (-MPPB-)
#Versão Squid: 3.1.x
#
http_port 3128
connect_timeout 40 seconds

#
# Hostname da máquina
#
visible_hostname firewall

#
# Servidor DNS que o Proxy ira utilizar
#
dns_nameservers 10.128.0.20 10.128.0.12 177.200.39.2

#
# Configuração para o Squid usar primeiro o DNS IPV4
#
dns_v4_first on

#
#Tamanho da memória cache em RAM
#
cache_mem 128 MB

#
#Configuracoes a serem explicadas
#
memory_pools off
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
logfile_rotate 10
memory_replacement_policy heap GDSF
shutdown_lifetime 1 second

#
#Metodo de expurgo do cache
#
cache_replacement_policy heap LFUDA

#
#Tamanho máximo de arquivos na cache da RAM
#
maximum_object_size_in_memory 64 KB

#
#Diretório da cache em disco, tamanho da cache (12000MB),
número máximo de pastas no diretório rais (16) e número
máximo de subdiretórios (256)
#
cache_dir aufs /var/spool/squid3 12000 16 256

#
#Diretório de log de acesso do squid
#
cache_access_log /var/log/squid3/access.log

#
#Diretório de log do cache do squid
#
cache_log /var/log/squid3/cache.log

#
#   Configuração a descrever
#
cache_store_log none

#
#Opção sem discrição ainda
#
cache_mgr di...@mp.pb.gov.br 

#
#Tamanho máximo e mínimos de arquivos na cache do disco
#
maximum_object_size 1 MB
minimum_object_size 0 KB

#
#Percentagem máxima de ocupação da cache (95%) em que o
squid descarta os arquivos mais antigos até atingir o
valor defino em

Re: pinning et apt-cache policy

2016-07-21 Thread Vincent Bernat 
 ❦ 21 juillet 2016 11:00 CEST, Daniel Caillibaud  :

> - dans /etc/apt/apt.conf.d/
>
> APT::Default-Release "jessie";

À retirer, cela monte la priorité de jessie à 990. Utile uniquement si
on mélange des releases et qu'on ne veut pas jouer avec les préférences.

> - dans /etc/apt/preferences.d/00default
>
> Package: *
> Pin: release o=Debian,n=jessie,l=Debian-Security
> Pin-Priority: 980
>
> Package: *
> Pin: release o=Debian,a=stable-updates,l=Debian
> Pin-Priority: 520
>
> Package: *
> Pin: release o=Debian,a=proposed-updates,l=Debian
> Pin-Priority: 510
>
> Package: *
> Pin: release n=jessie
> Pin-Priority: 500

Tout ça est inutile. Toutes ces suites sont compatibles entre elles et
le numéro de version suffit à lui seul.

> Package: *
> Pin: release n=jessie-backports
> Pin-Priority: 300
>
> Package: *
> Pin: release o=nginx
> Pin-Priority: 200

OK.

> - dans /etc/apt/preferences.d/20_nginx
>
> Package: nginx*
> #Pin: origin "nginx.org" # => Type d'épinglage origin "nginx.org" inconnu
> Pin: release o=nginx
> Pin-Priority: 800

À noter que si tu conserves 980 pour Debian-Security, il ne t'est plus
possible d'installer nginx depuis ce dépôt. Raison de plus de ne pas
traiter security différemment.

> [1] Pourquoi http://nginx.org/packages/debian/ se retrouve en 990 ? Ils 
> publient
> avec du "l=Debian-Security" ?

Tous les n=jessie en raison du Default-Release.

> [2] - pourquoi ils sont tous en 990 ?
> - que signifie le 800 de "1.10.1-1~jessie 800"

C'est la priorité calculée. Les autres priorités sont celles des
dépôts. Si tu épinges des paquets comme ici, les deux sont différentes.
-- 
Extreme fear can neither fight nor fly.
-- William Shakespeare, "The Rape of Lucrece"


signature.asc
Description: PGP signature

Re: Squid + Squidguard + FTP

2016-07-21 Thread Gabriel Ricardo 
Essa sequencia de linhas deve ajudar:

#MODULOS FTP
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

#LIBERA TUDO QUE FOI RELACIONADO/ESTABELICIDO
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#FTP SEM PASSAR PELO PROXY
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
iptables -t nat-A POSTROUTING -p tcp --dport 21 -j MASQUERADE




Atenciosamente,
*Gabriel Ricardo*
Fone: +55 41 88817828
Skype: gabriel.nerdworkti


Em 21 de julho de 2016 14:40, Fagner Patricio 
escreveu:

> Olá Gabriel, obrigado pela dica, essa regra que você postou do IPTABLES é
> a regra para liberar o acesso ao FTP sem passar pelo squid?
>
> Em qua, 20 de jul de 2016 às 16:19, Gabriel Ricardo 
> escreveu:
>
>> Existem ftps que utilizam o modo passivo e utilizam outras portas para
>> comunicação...
>>
>> Explicação básica:
>> http://wiki.locaweb.com.br/pt-br/FTP_Passivo_(PasvMode)_vs_FTP_Ativo
>>
>> Pode ser esse motivo que não consegue estabelecer conexões.
>>
>> No meu caso eu não utilizo proxy para protocolo FTP, faco nat direto e
>> também libero conexões relacionadas para tal caso.
>>
>>
>> http://explainshell.com/explain?cmd=iptables+-A+INPUT+-m+state+--state+ESTABLISHED%2CRELATED+-j+ACCEPT
>>
>> Atenciosamente,
>> *Gabriel Ricardo*
>> Fone: +55 41 88817828
>> Skype: gabriel.nerdworkti
>>
>>
>> Em 20 de julho de 2016 14:55, Fagner Patricio 
>> escreveu:
>>
>>> Pessoal, não estou conseguindo fazer o protocolo FTP funcionar com minha
>>> configuração do squid + squidguard, alguém pode me ajudar?
>>>
>>> Estou mandando em anexo meu squid.conf e meu squidguard.conf
>>>
>>> Não vou colocar meu squidguard.conf no corpo do e-mail porquê ele é bem
>>> grande mas meu squid.conf está assim:
>>>
>>> ##
>>> #
>>> # Configuracao criada por Fagner Zelo de Almeida Patrício
>>> # Data de aplicação no cliente: 08/03/2013
>>> # Versão do script: 0.9
>>> # Data da ultima alteração: 08/03/2013
>>> # Script projetado para o sistema de proxy implantado na(o) cliente
>>> (-MPPB-)
>>> # Versão Squid: 3.1.x
>>> #
>>> http_port 3128
>>> connect_timeout 40 seconds
>>>
>>> #
>>> # Hostname da máquina
>>> #
>>> visible_hostname firewall
>>>
>>> #
>>> # Servidor DNS que o Proxy ira utilizar
>>> #
>>> dns_nameservers 10.128.0.20 10.128.0.12 177.200.39.2
>>>
>>> #
>>> # Configuração para o Squid usar primeiro o DNS IPV4
>>> #
>>> dns_v4_first on
>>>
>>> #
>>> # Tamanho da memória cache em RAM
>>> #
>>> cache_mem 128 MB
>>>
>>> #
>>> # Configuracoes a serem explicadas
>>> #
>>> memory_pools off
>>> quick_abort_min 0 KB
>>> quick_abort_max 0 KB
>>> log_icp_queries off
>>> client_db off
>>> buffered_logs on
>>> half_closed_clients off
>>> logfile_rotate 10
>>> memory_replacement_policy heap GDSF
>>> shutdown_lifetime 1 second
>>>
>>> #
>>> # Metodo de expurgo do cache
>>> #
>>> cache_replacement_policy heap LFUDA
>>>
>>> #
>>> # Tamanho máximo de arquivos na cache da RAM
>>> #
>>> maximum_object_size_in_memory 64 KB
>>>
>>> #
>>> # Diretório da cache em disco, tamanho da cache (12000MB), número
>>> máximo de pastas no diretório rais (16) e número máximo de subdiretórios
>>> (256)
>>> #
>>> cache_dir aufs /var/spool/squid3 12000 16 256
>>>
>>> #
>>> # Diretório de log de acesso do squid
>>> #
>>> cache_access_log /var/log/squid3/access.log
>>>
>>> #
>>> # Diretório de log do cache do squid
>>> #
>>> cache_log /var/log/squid3/cache.log
>>>
>>> #
>>> #   Configuração a descrever
>>> #
>>> cache_store_log none
>>>
>>> #
>>> # Opção sem discrição ainda
>>> #
>>> cache_mgr di...@mp.pb.gov.br
>>>
>>> #
>>> # Tamanho máximo e mínimos de arquivos na cache do disco
>>> #
>>> maximum_object_size 1 MB
>>> minimum_object_size 0 KB
>>>
>>> #
>>> # Percentagem máxima de ocupação da cache (95%) em que o squid descarta
>>> os arquivos mais antigos até atingir o valor defino em cache_swap_low (90%)
>>> #
>>> cache_swap_low 90
>>> cache_swap_high 95
>>>
>>> #
>>> # Diretório onde se localizam as mensagens de erros
>>> #
>>> error_directory /usr/share/squid3/errors/pt-br
>>>
>>> #
>>> # Padrão de atualização do cache.
>>> #
>>> refresh_pattern ^ftp: 1440 20% 10080
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern . 0 20% 4320
>>>
>>> hierarchy_stoplist cgi-bin ?
>>> acl QUERY urlpath_regex cgi-bin \?
>>> cache deny QUERY
>>>
>>> #
>>> # Referencias a algumas portas
>>> #
>>> acl REDE_MPPB src 10.128.0.0/21
>>> acl REDE_MPPB src 10.128.8.0/21
>>> acl REDE_MPPB src 10.128.16.0/21
>>> acl REDE_MPPB src 10.128.24.0/23
>>> acl REDE_MPPB src 10.128.60.0/22
>>> acl REDE_MPPB src 10.128.64.0/19
>>> acl REDE_MPPB src 10.129.0.0/16
>>> acl REDE_MPPB src 177.200.39.0/26
>>> acl to_localhost dst 127.0.0.0/8
>>>
>>> #
>>> #
>>> #
>>> #acl ips_liberados src 64.95.97.19 #WebRadio
>>> #acl ips_liberados src 10.128.64.3 #WebRadio
>>> #acl ips_liberados src 10.128.4.1
>>> #acl sites_liberados url_regex sca.mp.pb.gov.br #SCA
>>>
>>>

Re: Mimetypes e íconos.

2016-07-21 Thread alparkom 



El 21/07/16 a las 09:07, Camaleón escribió:

El Wed, 20 Jul 2016 18:11:39 -0400, alparkom escribió:


Buenas. Paso a contar:

Resulta que abrí un editor de texto con Wine y ahora todos los archivos
con cierta extensión (ejemplo: archivo.exp) tienen el ícono de Wine y el
tipo en "application/x-wine-extension-exp".

Me gustaría que aparecieran con el ícono que yo quisiera.

La mayoría de entornos gráficos (gnome, kde, xfce...) te permiten hacer
eso gráficamente desde el explorador de archivos. Como no dices qué
entorno usas no puedo darte información más específica.

Uso Gnome, lo que me permite este entorno es cambiar el programa con el 
que se abre la aplicación, no el ícono de esos tipos de archivos.
Por otro lado, los archivos tienen de tipo "application/x-wine-...", 
osea que estan influenciados por Wine.

Tengo entendido que debo crear un nuevo MimeType en "/etc/mime.types" y
asociarlo a un ícono copiándolo en
"/usr/share/icons/gnome/scalable/mimetypes".

No necesariamente, ya digo que dependiendo del entorno gráfico podrás
hacerlo desde alguna utilidad. Y de todas formas, el manual de
"mime.types" apunta a un archivo relacionado con CUPS y no a lo que
tienes en mente :-)
De hecho los coloqué en "/usr/share/icons/gnome/32x32" y recargué la 
base de datos de íconos y funcionó. El tema es que lo hice con el tipo 
de archivos "application/x-wine..." y realmente debería ser 
"application/extension".

El problema esta en que el MimeType que creé es del tipo "text/exp" y
los archivos (todos los .exp de mi computadora) se configuraron con el
tipo de Wine.

Alguna solución? Estaba buscando como cambiarle el MimeType a los
archivos pero no encontré mucho.

Pues creo que en la wiki de Archlinux encontrarás la solución porque
tocan varios frentes (mira también los "artículos relacionados" donde
hablan de los iconos específicamente) pero si te atoras en algún punto lo
dices:

Default applications
https://wiki.archlinux.org/index.php/default_applications

Saludos,

Re: Squid + Squidguard + FTP

2016-07-21 Thread Fagner Patricio 
Olá Gabriel, obrigado pela dica, essa regra que você postou do IPTABLES é a
regra para liberar o acesso ao FTP sem passar pelo squid?

Em qua, 20 de jul de 2016 às 16:19, Gabriel Ricardo 
escreveu:

> Existem ftps que utilizam o modo passivo e utilizam outras portas para
> comunicação...
>
> Explicação básica:
> http://wiki.locaweb.com.br/pt-br/FTP_Passivo_(PasvMode)_vs_FTP_Ativo
>
> Pode ser esse motivo que não consegue estabelecer conexões.
>
> No meu caso eu não utilizo proxy para protocolo FTP, faco nat direto e
> também libero conexões relacionadas para tal caso.
>
>
> http://explainshell.com/explain?cmd=iptables+-A+INPUT+-m+state+--state+ESTABLISHED%2CRELATED+-j+ACCEPT
>
> Atenciosamente,
> *Gabriel Ricardo*
> Fone: +55 41 88817828
> Skype: gabriel.nerdworkti
>
>
> Em 20 de julho de 2016 14:55, Fagner Patricio 
> escreveu:
>
>> Pessoal, não estou conseguindo fazer o protocolo FTP funcionar com minha
>> configuração do squid + squidguard, alguém pode me ajudar?
>>
>> Estou mandando em anexo meu squid.conf e meu squidguard.conf
>>
>> Não vou colocar meu squidguard.conf no corpo do e-mail porquê ele é bem
>> grande mas meu squid.conf está assim:
>>
>> ##
>> #
>> # Configuracao criada por Fagner Zelo de Almeida Patrício
>> # Data de aplicação no cliente: 08/03/2013
>> # Versão do script: 0.9
>> # Data da ultima alteração: 08/03/2013
>> # Script projetado para o sistema de proxy implantado na(o) cliente
>> (-MPPB-)
>> # Versão Squid: 3.1.x
>> #
>> http_port 3128
>> connect_timeout 40 seconds
>>
>> #
>> # Hostname da máquina
>> #
>> visible_hostname firewall
>>
>> #
>> # Servidor DNS que o Proxy ira utilizar
>> #
>> dns_nameservers 10.128.0.20 10.128.0.12 177.200.39.2
>>
>> #
>> # Configuração para o Squid usar primeiro o DNS IPV4
>> #
>> dns_v4_first on
>>
>> #
>> # Tamanho da memória cache em RAM
>> #
>> cache_mem 128 MB
>>
>> #
>> # Configuracoes a serem explicadas
>> #
>> memory_pools off
>> quick_abort_min 0 KB
>> quick_abort_max 0 KB
>> log_icp_queries off
>> client_db off
>> buffered_logs on
>> half_closed_clients off
>> logfile_rotate 10
>> memory_replacement_policy heap GDSF
>> shutdown_lifetime 1 second
>>
>> #
>> # Metodo de expurgo do cache
>> #
>> cache_replacement_policy heap LFUDA
>>
>> #
>> # Tamanho máximo de arquivos na cache da RAM
>> #
>> maximum_object_size_in_memory 64 KB
>>
>> #
>> # Diretório da cache em disco, tamanho da cache (12000MB), número máximo
>> de pastas no diretório rais (16) e número máximo de subdiretórios (256)
>> #
>> cache_dir aufs /var/spool/squid3 12000 16 256
>>
>> #
>> # Diretório de log de acesso do squid
>> #
>> cache_access_log /var/log/squid3/access.log
>>
>> #
>> # Diretório de log do cache do squid
>> #
>> cache_log /var/log/squid3/cache.log
>>
>> #
>> #   Configuração a descrever
>> #
>> cache_store_log none
>>
>> #
>> # Opção sem discrição ainda
>> #
>> cache_mgr di...@mp.pb.gov.br
>>
>> #
>> # Tamanho máximo e mínimos de arquivos na cache do disco
>> #
>> maximum_object_size 1 MB
>> minimum_object_size 0 KB
>>
>> #
>> # Percentagem máxima de ocupação da cache (95%) em que o squid descarta
>> os arquivos mais antigos até atingir o valor defino em cache_swap_low (90%)
>> #
>> cache_swap_low 90
>> cache_swap_high 95
>>
>> #
>> # Diretório onde se localizam as mensagens de erros
>> #
>> error_directory /usr/share/squid3/errors/pt-br
>>
>> #
>> # Padrão de atualização do cache.
>> #
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 20% 4320
>>
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> cache deny QUERY
>>
>> #
>> # Referencias a algumas portas
>> #
>> acl REDE_MPPB src 10.128.0.0/21
>> acl REDE_MPPB src 10.128.8.0/21
>> acl REDE_MPPB src 10.128.16.0/21
>> acl REDE_MPPB src 10.128.24.0/23
>> acl REDE_MPPB src 10.128.60.0/22
>> acl REDE_MPPB src 10.128.64.0/19
>> acl REDE_MPPB src 10.129.0.0/16
>> acl REDE_MPPB src 177.200.39.0/26
>> acl to_localhost dst 127.0.0.0/8
>>
>> #
>> #
>> #
>> #acl ips_liberados src 64.95.97.19 #WebRadio
>> #acl ips_liberados src 10.128.64.3 #WebRadio
>> #acl ips_liberados src 10.128.4.1
>> #acl sites_liberados url_regex sca.mp.pb.gov.br #SCA
>>
>> #
>> # ACL's padrão e obrigatórias do squid
>> #
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl SSL_ports port 443 21 # https
>> acl SSL_ports port 8443 # E-jus TJ
>> acl SSL_ports port 9443 # MPVirtual Treinamento
>> acl SSL_ports port 563 # snews
>> acl SSL_ports port 873 # rsync
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>>

Certificats SSL

2016-07-21 Thread Ph. Gras 
Bonsoir,

il faut que je crée un certificat sur un serveur hébergé chez Gandi :
https://wiki.gandi.net/fr/ssl/csr

La commande que je dois exécuter est indiquée dans la page HTML :
 openssl req -nodes -newkey rsa:2048 -sha256 -keyout monserveur.key -out 
serveur.csr

Ma question est quand j'exécute cette commande, est-ce que le fichier du 
certificat va se
placer dans /etc/ssl/certs où que je l'exécute, et la clé dans /etc/ssl/private 
?

Ça ne m'arrangerait pas, dans la mesure où il existe déjà un autre certificat 
en cours que
je ne souhaiterais pas écraser.

Mon idée était de créer un dossier ssl2 et de commencer la procédure dedans 
afin de ne
pas subir de rupture de service…

Qu'en pensez-vous ?

Ph. Gras

Re: Blocking 445 IP port

2016-07-21 Thread Joe 
On Thu, 21 Jul 2016 12:37:57 + (UTC)
Thiago Zoroastro  wrote:

> Hi
> I just installed samba to begin learning him. But I realized that I
> don't need it in my personal system. My Debian systems are installed
> in pendrives and boot them in any computer, so I can study them when
> I want. If I decide leaving 445 IP port opened, so I prefer
> uninstalling Samba when not needed. Thank y'all. 
> 

The full samba installation ('samba' package) including the smbd and
nmbd daemons is only necessary for operation as a Samba server i.e. if
the computer hosts shares or if it participates in a Windows domain.

To access shares elsewhere, only Samba clients are needed. The smbclient
client package is command-line, but useful in learning options,
cifs-utils is used to mount remote SMB/CIFS shares into the local
filesystem, and various other samba utilities exist. Nautilus file
manager and Konqueror web browser can both browse remote SMB shares.

-- 
Joe

Re: No sound on youtube

2016-07-21 Thread Dan Ritter 
On Wed, Jul 20, 2016 at 02:42:06PM -0400, Jesse Stephen wrote:
> I seem to have no sound on youtube for some reason.


Did it work previously? When did it stop?

Does it work with different browsers?

Does any sound work? 

Does 'speaker-test -C2' make noises for you?

You'll need to supply more information.

-dsr-

Re: aptitude again

2016-07-21 Thread Vincent Lefevre 
On 2016-06-30 18:47:27 +0200, Sven Joachim wrote:
> On 2016-06-30 17:34 +0100, Lisi Reisz wrote:
> > aptitude upgrade is now removing things.  I ought, of course, to have
> > typed safe-upgrade, but I thought only full-upgrade was supposed to
> > remove anything.
> 
> It removes packages which are marked as automatically installed and are
> unused (i.e. not depended upon, recommended or suggested by any
> manually installed package).  This has been the default behavior for
> many years (IIRC, since the safe-upgrade command has been implemented).

It can actually remove more (e.g. packages that are temporarily
out-of-date, which is bad).

On 2016-06-30 14:18:16 -0400, Jude DaShiell wrote:
> Doesn't aptitude have a --keep-all flag to cover situations like this?

No. Adding "removals" to Aptitude::ProblemResolver::SolutionCost
in /etc/apt/apt.conf.d/10aptitude helps, but doesn't prevent all
removals. :(

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: Debian 8. keine Ahnung....

2016-07-21 Thread Francesco Ariis 
Moin moin! Try here for support in german, as debian-user is english
only:
https://lists.debian.org/debian-user-german/

On Thu, Jul 21, 2016 at 03:15:25PM +0200, D.G. Falk wrote:
> moin moin   ...   oder   Guten Tag
> 
> Ich habe mich an Ihren Debian DVD's versucht ... nach 2 Wochen und ca. 5
> Installationen pro Tag (sorry Versuche) läuft es nun etwas..
> Bei der Installation bleibt die Soft doch des öfteren stecken...
> niemals ein Disk ins Laufwerk stecken... grrr   und bei Fehlern immer
> alles neu formatieren und neu anfangen - sonst wird es nie was..
> getestet!!.   Ach was war doch die alte DLD toll - installieren und alles
> funktionierte.
> Na ja .
> Das scheinbar nicht lösbare Problem ist aber Icedove.
> Einmal beim Passwort vertan und gespeichert scheint das nicht mehr
> änderbar Das nenne ich "Mist in Tüten"!!!
> Wenn das pwd schon nicht änderbar ist - dann sollte das Konto wenigstens
> löschbar sein - ist das vorgesehen? -> next try  :o(
> Das Exportieren der Konten (usw) ist scheinbar nicht vorgesehen (ich hab
> nichts gefunden).
> Ist es somit zwingend den ganzen 'Kram' zu deinstallieren und neu zu
> beginnen? - äh   nützt das überhaupt etwas?
> Warum kann ich das pgm nicht allen Nutzern (incl Inhalten) nutzbar machen?
> Währe für mich super sinnvoll
> 
> Also ich habe zu uralten Zeiten das bnos unter old dos gebastelt - ich hätte
> mich nicht getraut so ein System als Relaise rauszugeben. Max als erster
> Entwurf - aber das scheint bei allen Dist- von dem System der Fall zu sein.
> Ach was währe eine richtige alternative zu Win doch schön..und
> toll.   davon träume ich schon über 30 Jahre :o(((
> 
> Vielleicht haben Sie ja Ideen wer das mal in die Gänge bekommt - oder
> wenigstens die Programme Nur der Kernel läuft meistens immer weiter.
> 
> Ach ja    Ich habe den Screensaver deaktiviert - nur das er immer noch
> zuschlägt - nicht mal das funktioniert.
> 
> Sorry - soll nicht unbedingt Meckern sein - aber schon ein Aufschrei nach
> einem funktionierenden und bedienbarem System. Bitte entwickelt doch mal bis
> zum Ende und macht dann erst eine neue Version draus. (zu Ende: Alle
> Funktionen machen was sie sollen!) Und guckt mal über den Tellerrand! Neues
> gibt es dann immer wieder.
> 
> Grüße
> D. G. Falk
> 
> Ich erwarte nicht unbedingt eine Antwort.
>

Re: Debian 8. keine Ahnung....

2016-07-21 Thread Michael Fothergill 
2016-07-21 14:15 GMT+01:00 D.G. Falk :

> moin moin   ...   oder   Guten Tag
>
> Ich habe mich an Ihren Debian DVD's versucht ... nach 2 Wochen und ca. 5
> Installationen pro Tag (sorry Versuche) läuft es nun etwas..
> Bei der Installation bleibt die Soft doch des öfteren stecken...
> niemals ein Disk ins Laufwerk stecken... grrr   und bei Fehlern immer
> alles neu formatieren und neu anfangen - sonst wird es nie was..
> getestet!!.   Ach was war doch die alte DLD toll - installieren und alles
> funktionierte.
> Na ja .
> Das scheinbar nicht lösbare Problem ist aber Icedove.
> Einmal beim Passwort vertan und gespeichert scheint das nicht mehr
> änderbar Das nenne ich "Mist in Tüten"!!!
> Wenn das pwd schon nicht änderbar ist - dann sollte das Konto wenigstens
> löschbar sein - ist das vorgesehen? -> next try  :o(
> Das Exportieren der Konten (usw) ist scheinbar nicht vorgesehen (ich hab
> nichts gefunden).
> Ist es somit zwingend den ganzen 'Kram' zu deinstallieren und neu zu
> beginnen? - äh   nützt das überhaupt etwas?
> Warum kann ich das pgm nicht allen Nutzern (incl Inhalten) nutzbar machen?
> Währe für mich super sinnvoll
>
> Also ich habe zu uralten Zeiten das bnos unter old dos gebastelt - ich
> hätte mich nicht getraut so ein System als Relaise rauszugeben. Max als
> erster Entwurf - aber das scheint bei allen Dist- von dem System der Fall
> zu sein. Ach was währe eine richtige alternative zu Win doch
> schön..und toll.   davon träume ich schon über 30 Jahre
> :o(((
>
> Vielleicht haben Sie ja Ideen wer das mal in die Gänge bekommt - oder
> wenigstens die Programme Nur der Kernel läuft meistens immer weiter.
>
> Ach ja    Ich habe den Screensaver deaktiviert - nur das er immer noch
> zuschlägt - nicht mal das funktioniert.
>
> Sorry - soll nicht unbedingt Meckern sein - aber schon ein Aufschrei nach
> einem funktionierenden und bedienbarem System. Bitte entwickelt doch mal
> bis zum Ende und macht dann erst eine neue Version draus. (zu Ende: Alle
> Funktionen machen was sie sollen!) Und guckt mal über den Tellerrand! Neues
> gibt es dann immer wieder.
>
> Grüße
> D. G. Falk
>
> Ich erwarte nicht unbedingt eine Antwort.
>
> ​Dear Sir​


​You need to post in English on this list;

ie
Zieht den Bayern die Lederhosen aus
​!​
​
= Disrobe the Bayern Munich Football Team's Leather Breeches!

You get the idea...

Regards
​
​Michael Fothergill​

Debian 8. keine Ahnung....

2016-07-21 Thread D.G. Falk 

moin moin   ...   oder   Guten Tag

Ich habe mich an Ihren Debian DVD's versucht ... nach 2 Wochen und ca. 5 
Installationen pro Tag (sorry Versuche) läuft es nun etwas..
Bei der Installation bleibt die Soft doch des öfteren stecken... 
niemals ein Disk ins Laufwerk stecken... grrr   und bei Fehlern immer 
alles neu formatieren und neu anfangen - sonst wird es nie was.. 
getestet!!.   Ach was war doch die alte DLD toll - installieren und alles 
funktionierte.

Na ja .
Das scheinbar nicht lösbare Problem ist aber Icedove.
Einmal beim Passwort vertan und gespeichert scheint das nicht mehr 
änderbar Das nenne ich "Mist in Tüten"!!!
Wenn das pwd schon nicht änderbar ist - dann sollte das Konto wenigstens 
löschbar sein - ist das vorgesehen? -> next try  :o(
Das Exportieren der Konten (usw) ist scheinbar nicht vorgesehen (ich hab 
nichts gefunden).
Ist es somit zwingend den ganzen 'Kram' zu deinstallieren und neu zu 
beginnen? - äh   nützt das überhaupt etwas?
Warum kann ich das pgm nicht allen Nutzern (incl Inhalten) nutzbar machen? 
Währe für mich super sinnvoll


Also ich habe zu uralten Zeiten das bnos unter old dos gebastelt - ich hätte 
mich nicht getraut so ein System als Relaise rauszugeben. Max als erster 
Entwurf - aber das scheint bei allen Dist- von dem System der Fall zu sein. 
Ach was währe eine richtige alternative zu Win doch schön..und 
toll.   davon träume ich schon über 30 Jahre :o(((


Vielleicht haben Sie ja Ideen wer das mal in die Gänge bekommt - oder 
wenigstens die Programme Nur der Kernel läuft meistens immer weiter.


Ach ja    Ich habe den Screensaver deaktiviert - nur das er immer noch 
zuschlägt - nicht mal das funktioniert.


Sorry - soll nicht unbedingt Meckern sein - aber schon ein Aufschrei nach 
einem funktionierenden und bedienbarem System. Bitte entwickelt doch mal bis 
zum Ende und macht dann erst eine neue Version draus. (zu Ende: Alle 
Funktionen machen was sie sollen!) Und guckt mal über den Tellerrand! Neues 
gibt es dann immer wieder.


Grüße
D. G. Falk

Ich erwarte nicht unbedingt eine Antwort.

Quick Query

2016-07-21 Thread Joe Thomas 
Hey,

I have just come across kangry.com

I was wondering if you might be interested in me writing an article for you to 
post on your website? I thought it would be an interesting idea to discuss the 
possible implications of Brexit on cybercrime and how one might go about being 
prepared for these changes? I think it would be of great interest to your 
readers.

This would be a complementary article, so there would be no cost. Would this 
interest you at all? If you are, let me know and I’ll write something up for 
you to consider.

 

Looking forward to your response,

Joe Thomas

 

 

 

All Green PR Limited

Kemp House

 152 City Road London

EC1V 2NX

Remove from my adress book

Re: Assista e baixe palestras do FISL17

2016-07-21 Thread Thiago Canuto Ferreira 
Excelente palestras! Obrigado!

Thiago Canuto

Em Qua, 2016-07-20 às 23:28 -0300, Dausacker escreveu:
> 
> Socializando:
> 
> Assista e baixe palestras do FISL17:
> 
> https://dausacker.wordpress.com/2016/07/20/assista-e-baixe-palestras-do-fisl17/
>

Re: Mimetypes e íconos.

2016-07-21 Thread Camaleón 
El Wed, 20 Jul 2016 18:11:39 -0400, alparkom escribió:

> Buenas. Paso a contar:
> 
> Resulta que abrí un editor de texto con Wine y ahora todos los archivos
> con cierta extensión (ejemplo: archivo.exp) tienen el ícono de Wine y el
> tipo en "application/x-wine-extension-exp".
>
> Me gustaría que aparecieran con el ícono que yo quisiera. 
La mayoría de entornos gráficos (gnome, kde, xfce...) te permiten hacer 
eso gráficamente desde el explorador de archivos. Como no dices qué 
entorno usas no puedo darte información más específica.

> Tengo entendido que debo crear un nuevo MimeType en "/etc/mime.types" y
> asociarlo a un ícono copiándolo en
> "/usr/share/icons/gnome/scalable/mimetypes".

No necesariamente, ya digo que dependiendo del entorno gráfico podrás 
hacerlo desde alguna utilidad. Y de todas formas, el manual de 
"mime.types" apunta a un archivo relacionado con CUPS y no a lo que 
tienes en mente :-)

> El problema esta en que el MimeType que creé es del tipo "text/exp" y
> los archivos (todos los .exp de mi computadora) se configuraron con el
> tipo de Wine.
> 
> Alguna solución? Estaba buscando como cambiarle el MimeType a los
> archivos pero no encontré mucho.

Pues creo que en la wiki de Archlinux encontrarás la solución porque 
tocan varios frentes (mira también los "artículos relacionados" donde 
hablan de los iconos específicamente) pero si te atoras en algún punto lo 
dices:

Default applications
https://wiki.archlinux.org/index.php/default_applications

Saludos,

-- 
Camaleón

Re: Undelivered Mail Returned to Sender

2016-07-21 Thread Jesse Stephen 
I do not have on any youtube video's and hulu has quit working altogether,
telling me to try clearing the cache wich I have done. I have also tried
installing the latest version of adobe and has not worked.

On Thu, Jul 21, 2016 at 7:56 AM, Mail Delivery System <
mailer-dae...@mdfmta002.tch.inty.net> wrote:

> This is the mail system at host mdfmta002.tch.inty.net.
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to postmaster.
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
>The mail system
>
> : host
> esmtp.demonmail.co.uk[91.221.168.149] said: 550 5.7.1 Unable to relay
> (in
> reply to RCPT TO command)
>
> Final-Recipient: rfc822; administra...@cityscape.demon.co.uk
> Original-Recipient: rfc822;administra...@cityscape.demon.co.uk
> Action: failed
> Status: 5.7.1
> Remote-MTA: dns; esmtp.demonmail.co.uk
> Diagnostic-Code: smtp; 550 5.7.1 Unable to relay
>
>
> -- Forwarded message --
> From: Jesse Stephen 
> To: Brian 
> Cc:
> Date: Thu, 21 Jul 2016 07:55:59 -0400
> Subject: Re: No sound on youtube
> I do not have sound on any youtube video's and hulu has  quit showing
> altogether, I have tried downloading adobe be flash player but that has not
> done anything.
>
> On Wed, Jul 20, 2016 at 3:28 PM, Brian  wrote:
>
>> On Wed 20 Jul 2016 at 14:42:06 -0400, Jesse Stephen wrote:
>>
>> > I seem to have no sound on youtube for some reason.
>>
>> We can swap experiences; I do have sound.
>>
>> Like you, I have no intention of giving any detail, so both of us have
>> nothing to contribute.
>>
>>
>
>

Re: Blocking 445 IP port

2016-07-21 Thread Thiago Zoroastro 
Hi
I just installed samba to begin learning him. But I realized that I don't need 
it in my personal system. My Debian systems are installed in pendrives and boot 
them in any computer, so I can study them when I want. If I decide leaving 445 
IP port opened, so I prefer uninstalling Samba when not needed.
Thank y'all.
 

Em Quinta-feira, 21 de Julho de 2016 3:55, Reco  
escreveu:
 

     Hi.

On Thu, 21 Jul 2016 01:09:36 + (UTC)
Thiago Zoroastro  wrote:

> Hi there, I would like you sorry me if I wrote the English wrong in some 
> place.
> 
> I realized that my Debian systems are with 445's IP ports opened. How I could 
> to block permanently this and any other IP port when I wish?
> I've blocked with an Iptables command but I would like a way to block 
> forever. I wish to keep 445 IP port closed since when my Debian system is 
> started.
> 
> Could I to know what the package that's installed and opening this IP port 
> opened?

"ss -lnp | grep 445" as root should show you whatever process is
listening on 445 and whatever protocol is used. Chances are, it's smbd
and tcp.

"dpkg -S " should show you what package offending binary
belongs to. Chances are, it's samba.

To block it (but why would you want to do so? Just remove the offending
package) you'll need to:

iptables -I INPUT ! -i lo -p tcp --dport 445 -j DROP
ip6tables -I INPUT ! -i lo -p tcp --dport 445 -j DROP

Reco

Re: systemd and plymouth not caching LUKS passphrase

2016-07-21 Thread Ramon Diaz-Uriarte 



On Tue, 28-06-2016, at 12:30, Jonathan Dowland  wrote:
> On Wed, Jun 22, 2016 at 08:57:19PM +0200, Ramon Diaz-Uriarte wrote:
>> Thanks, but it does not seem to work.
>
> I'm sorry to hear that. I will have a go at reproducing this but it will take
> me a little time to set up some VMs.

OK, I guess it must not be a big deal for most people anyway. I am a
getting used to typing the password twice :-)


-- 
Ramon Diaz-Uriarte
Department of Biochemistry, Lab B-25
Facultad de Medicina
Universidad Autónoma de Madrid 
Arzobispo Morcillo, 4
28029 Madrid
Spain

Phone: +34-91-497-2412

Email: rdia...@gmail.com
   ramon.d...@iib.uam.es

http://ligarto.org/rdiaz

A Proposal For Your Business Website to rank on Google

2016-07-21 Thread rajendra 



Hello,


I am Rajendra bsending you a proposal regarding the optimization of your
business website in Google.

 Hence I would like to offer my strategy and plan of action designed to
rank your website on 1st page when ever searched by someone from your area..

1. Keywords Analysis & Research
2. 90 Article Submissions (1 Article Submit in 30 Top Directories)
3. 10 Press Release Distributions (1 Press Release submit in 10 Sites)
4. 5 Web2.0/Blog postings (Using pre-written articles)
5. 30 Social Bookmarking Submissions
6. 5 Classified Submissions
7. 3 Unique Article writing (400+ words)
8. 1 Press Release writing (350+ words)
9. Forum posting
10. Keywords Mapping
11. New Pages Suggestions
12. Keywords Research
13. Competitor Analysis
14. Title Tags Changes Suggestions
15. Meta Tags Changes Suggestions
16. Alt Tag Changes Suggestions
17. HTML Site Map
18. XML Site Map Setup
19. Anchor text optimization
20. Google webmaster setup
21. Google analytics setup
22. Weekly Work Report
23. Monthly Ranking Report

But to be very honest your website has all the capability and the capacity
in which you can bring your website into the first page of Google.com which
ultimately gives you the better revenues in your sales.

I have been working as an SEO experts, I will be glad if my knowledge and
experience would help your website to rank well in Google.com. Just let me
know your thought regarding the Optimization of your website and to know
more about us .

I am confident enough that I can do best for your website and meet your
expectation within a period of 5-6 months once we start the work over your
website.I will send you the Keyword Analysis of your website after getting
your reply.

*I am waiting for your reply then I will send you my proposal ..*

Warmest Regards,
*Rajendra*
Inbound Marketing Certified Professional
 +91-8984-315-274

Re: freezing gnome

2016-07-21 Thread Pavel Kosina 
As for pastebin logs: I try to cut only times when it happens: it was 
about 04:05:07.


Pavel Kosina napsal(a) dne 21.7.2016 v 11:13:



Johann Spies napsal(a) dne 21.7.2016 v 10:10:
Check your logs (dmesg, syslog and messages) for possible indications 
on why this happens.

well I can see nothing

debug: http://pastebin.com/ZGrWvCky
messages: http://pastebin.com/WX7HKdnm
syslog: http://pastebin.com/vhpyQKdD



If you suspect high temperature as the main culprit, there are 
applets to monitor temperatures of different parts of the system.  
Install it.
I have one, but it doesnt not log anything. As I say, now it happens 
even if the temperature is 45degreess.




Also, have you tried to do a Ctrl-F3 (to go to the console) when 
Gnome becomes unresponsive?  Or if you have another computer on the 
same network segment, try to ssh to your computer and see what is 
going on (dmesg, the logs etc.)

Nothing works, even ssh, even CTRL-F3.

Thank you
Pavel

Re: freezing gnome

2016-07-21 Thread Pavel Kosina 



Johann Spies napsal(a) dne 21.7.2016 v 10:10:
Check your logs (dmesg, syslog and messages) for possible indications 
on why this happens.

well I can see nothing

debug: http://pastebin.com/ZGrWvCky
messages: http://pastebin.com/WX7HKdnm
syslog: http://pastebin.com/vhpyQKdD



If you suspect high temperature as the main culprit, there are applets 
to monitor temperatures of different parts of the system.  Install it.
I have one, but it doesnt not log anything. As I say, now it happens 
even if the temperature is 45degreess.




Also, have you tried to do a Ctrl-F3 (to go to the console) when Gnome 
becomes unresponsive?  Or if you have another computer on the same 
network segment, try to ssh to your computer and see what is going on 
(dmesg, the logs etc.)

Nothing works, even ssh, even CTRL-F3.

Thank you
Pavel

pinning et apt-cache policy

2016-07-21 Thread Daniel Caillibaud 
Bonjour,

Sur une jessie, j'utilise les dépôts standards avec également jessie-backport 
et nginx.org
(pour avoir une version récente avec http/2)

J'ai lu man apt_preferences, https://debian-facile.org/doc:systeme:apt:pinning 
et
https://wiki.debian.org/AptPreferences#A.2Fetc.2Fapt.2Fpreferences mais pas 
trouvé comment
prioriser les paquets nginx dans ce dépôt

J'ai 

- dans /etc/apt/apt.conf.d/

APT::Default-Release "jessie";


- dans /etc/apt/preferences.d/00default

Package: *
Pin: release o=Debian,n=jessie,l=Debian-Security
Pin-Priority: 980

Package: *
Pin: release o=Debian,a=stable-updates,l=Debian
Pin-Priority: 520

Package: *
Pin: release o=Debian,a=proposed-updates,l=Debian
Pin-Priority: 510

Package: *
Pin: release n=jessie
Pin-Priority: 500

Package: *
Pin: release n=jessie-backports
Pin-Priority: 300

Package: *
Pin: release o=nginx
Pin-Priority: 200


- dans /etc/apt/preferences.d/20_nginx

Package: nginx*
#Pin: origin "nginx.org" # => Type d'épinglage origin "nginx.org" inconnu
Pin: release o=nginx
Pin-Priority: 800

Et je comprends pas la sortie de [1]

apt-cache policy

Fichiers du paquet :
 100 /var/lib/dpkg/status
 release a=now
 990 http://nginx.org/packages/debian/ jessie/nginx amd64 Packages
 release v=8.0,o=nginx,a=stable,n=jessie,l=nginx,c=nginx
 origin nginx.org
 500 file:/var/cache/apt-build/repository/ apt-build/main amd64 Packages
 release o=apt-build,a=apt-build,l=apt-build,c=main
 500 http://http.debian.net/debian/ jessie/main Translation-fr
 500 http://http.debian.net/debian/ jessie/main Translation-en
 990 http://http.debian.net/debian/ jessie/main amd64 Packages
 release v=8.5,o=Debian,a=stable,n=jessie,l=Debian,c=main
 origin http.debian.net
Paquets épinglés :
 nginx-extras -> (non trouvé)
 nginx-doc -> (non trouvé)
 nginx-module-image-filter -> 1.10.1-1~jessie
 nginx-extras-dbg -> (non trouvé)
 nginx-debug -> 1.8.0-1~jessie
 nginx-full-dbg -> (non trouvé)
 nginx-module-geoip -> 1.10.1-1~jessie
 nginx-light-dbg -> (non trouvé)
 nginx-nr-agent -> 2.0.0-8
 nginx-module-njs -> 1.10.1.0.0.20160414.1c50334fbea6-1~jessie
 nginx-module-perl -> 1.10.1-1~jessie
 nginx-common -> (non trouvé)
 nginx -> 1.10.1-1~jessie
 nginx-dbg -> 1.10.1-1~jessie
 nginx-light -> (non trouvé)
 nginx-full -> (non trouvé)
 nginx-module-xslt -> 1.10.1-1~jessie

ni apt-cache policy nginx [2]
nginx:
  Installé : 1.6.2-5+deb8u1
  Candidat : 1.10.1-1~jessie
  Épinglage de paquet : 1.10.1-1~jessie
 Table de version :
 1.10.1-1~jessie 800
990 http://nginx.org/packages/debian/ jessie/nginx amd64 Packages
 1.10.0-1~jessie 800
990 http://nginx.org/packages/debian/ jessie/nginx amd64 Packages
 1.8.1-1~jessie 800
990 http://nginx.org/packages/debian/ jessie/nginx amd64 Packages
 1.8.0-1~jessie 800
990 http://nginx.org/packages/debian/ jessie/nginx amd64 Packages
 *** 1.6.2-5+deb8u1 800
990 http://http.debian.net/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status


[1] Pourquoi http://nginx.org/packages/debian/ se retrouve en 990 ? Ils publient
avec du "l=Debian-Security" ?

[2] - pourquoi ils sont tous en 990 ?
- que signifie le 800 de "1.10.1-1~jessie 800"

Merci

-- 
Daniel

L'argent aide a supporter la pauvreté.
Alphonse Allais

Re: freezing gnome

2016-07-21 Thread Pavel Kosina 


Thomas Schmitt napsal(a) dne 21.7.2016 v 10:03:


Proposals for investigation:

Does this only happen when you put workload on the system ?

no


Does it happen if you use a different desktop than Gnome ?

yes

Do you have an extra graphics board and could switch to mainboard graphics ?
(Does it still freeze then ?)

no, i dont


Does it happen if you boot some Live CD/DVD system with different kernel ?
(E.g. an older Debian Live ?)


not yet tried, i can try...


Is any passive radiator on the mainboard or graphics board loose ?


no, it is not.

Well, my suspicion is on-board-power-supply which might be heating too 
much, quite new technology I think. I have another similar powerboard, 
without this on-board-power-supply and there are these freezing not. 
Well, it might be of course another cause.


Pavel

Re: After a few days, strange inter-process communication bugs in up-to-date Jessie GNOME

2016-07-21 Thread David Guyot 
Le mardi 19 juillet 2016 à 15:04 +0200, Michael Biebl a écrit :
> Am 19.07.2016 um 14:42 schrieb David Guyot:
> 
> Have you tried running the applications from a console so you get the
> output from stdout/stderr? Do you have any specific error messages?
> 
> Does journalctl list any errors?

Well, maybe the problems are not related after all: the SSH agent is
currently unreachable, but URL clicks are still functional. After
checking, I've 2 SSH agents: the official one, and the GPG agent running
as the SSH one. I think this is a remainder of several tries I did to
circumvent the Gnome keyring bug regarding the ECDSA keys
(https://bugzilla.gnome.org/show_bug.cgi?id=641082): I had to try
several agents before having one functional, but there seems to be
disrupting remainders.

I should try to disable the GPG SSH agent and let the official one do
the job, but I can't find how it activated:
penegal@Aethelthryth ~ {⌗0/⬓52}[0]> grep -ri ssh .gnupg/
Fichier binaire .gnupg/pubring.gpg~ correspondant
Fichier
binaire .gnupg/private-keys-v1.d/DEFF567497D9CEE0B6739CE796A1657810FC4422.key 
correspondant
Fichier
binaire .gnupg/private-keys-v1.d/094ACDE0C1EC2CF724C7DD4D5E21ACF66CEBACB6.key 
correspondant
.gnupg/sshcontrol:# List of allowed ssh keys.  Only keys present in this
file are used
.gnupg/sshcontrol:# in the SSH protocol.  The ssh-add tool may add new
entries to this
Fichier binaire .gnupg/pubring.gpg correspondant

I was under the impression that the SSH agent mode was to be activated
in one of these files, but it doesn't seem to be the case. Where can it
be enabled?

Awaiting your answers,

Regards.

-- 
David Guyot
Administrateur système, réseau et télécom / Sysadmin
Europe Camions Interactive / Stockway
Moulin Collot
F-88500 Ambacourt
03 29 30 47 85


signature.asc
Description: This is a digitally signed message part

Re: freezing gnome

2016-07-21 Thread Johann Spies 
Check your logs (dmesg, syslog and messages) for possible indications on
why this happens.

If you suspect high temperature as the main culprit, there are applets to
monitor temperatures of different parts of the system.  Install it.

Also, have you tried to do a Ctrl-F3 (to go to the console) when Gnome
becomes unresponsive?  Or if you have another computer on the same network
segment, try to ssh to your computer and see what is going on (dmesg, the
logs etc.)

Regards
Johann


-- 
Because experiencing your loyal love is better than life itself,
my lips will praise you.  (Psalm 63:3)

Re: freezing gnome

2016-07-21 Thread Thomas Schmitt 
Hi,

Pavel Kosina wrote:
> Found, that it is more often, when cpu
> temperature over 50degrees so I add another fan. Now it less frequently,

> anyone can help?

If this observation is statistcally significant, then there is obviously
a hardware related problem.

Proposals for investigation:

Does this only happen when you put workload on the system ?

Does it happen if you use a different desktop than Gnome ?

Do you have an extra graphics board and could switch to mainboard graphics ?
(Does it still freeze then ?)

Does it happen if you boot some Live CD/DVD system with different kernel ?
(E.g. an older Debian Live ?)

Is any passive radiator on the mainboard or graphics board loose ?


Have a nice day :)

Thomas

Re: freezing gnome

2016-07-21 Thread Pavel Kosina 

anyone can help?
Thank you


peekaa napsal(a) dne 19.7.2016 v 20:11:

Hello,

I got quite new comp, Debian testing/sid with Gnome and this is 
sometimes freezing so that only 5s pressing power button helps. Not 
sure if its about hw or sw, not sure, how to find, what to test.


hw: http://pastebin.com/H9YyJBsb
sw: Linux chief 4.6.0-1-amd64 #1 SMP Debian 4.6.3-1 (2016-07-04) 
x86_64 GNU/Linux with GNOME Shell 3.20.3, fully updated and upgraded.



I can provide more info, if needed. Found, that it is more often, when 
cpu temperature over 50degrees so I add another fan. Now it less 
frequently, but still, once/twice a week, mostly a few minutes after 
login to gnome.


Thank you
Pavel

Re: Blocking 445 IP port

2016-07-21 Thread Reco 
Hi.

On Thu, 21 Jul 2016 01:09:36 + (UTC)
Thiago Zoroastro  wrote:

> Hi there, I would like you sorry me if I wrote the English wrong in some 
> place.
> 
> I realized that my Debian systems are with 445's IP ports opened. How I could 
> to block permanently this and any other IP port when I wish?
> I've blocked with an Iptables command but I would like a way to block 
> forever. I wish to keep 445 IP port closed since when my Debian system is 
> started.
> 
> Could I to know what the package that's installed and opening this IP port 
> opened?

"ss -lnp | grep 445" as root should show you whatever process is
listening on 445 and whatever protocol is used. Chances are, it's smbd
and tcp.

"dpkg -S " should show you what package offending binary
belongs to. Chances are, it's samba.

To block it (but why would you want to do so? Just remove the offending
package) you'll need to:

iptables -I INPUT ! -i lo -p tcp --dport 445 -j DROP
ip6tables -I INPUT ! -i lo -p tcp --dport 445 -j DROP

Reco