Re: Debian 9.1 amd64 Xfce panel clock broken

[David Christensen]

On 08/09/17 21:47, Charlie Kravetz wrote:


It almost sounds like the panel is too long for the monitor. The clock
is disappearing off the end of the panel. Is the clock the last thing
in panel? Try moving it to the other of the panel, and see if it still
disappears.


Clock is neither the first nor last item in the panel.


Clock works fine on Xfce on Debian Wheezy, Debian Jesse, FreeBSD 11.0, 
and possibly others.



I'm looking for an error message from Xfce panel, or a way to obtain 
error/ debug messages.



David

Re: Kernel development cycle

[solitone]

On Tuesday, 1 August 2017 14:15:52 CEST solitone wrote:
> Let's consider a practical example, the history of patch
> "drm/i915/execlists: Reset RING registers upon resume". This patch was
> committed 641 commits after version 4.8-rc2:
> 
> $ git describe bafb2f7d4755bf1571bd5e9a03b97f3fc4fe69ae
> v4.8-rc2-641-gbafb2f7d4755
> 
> So I would expect to find it in version 4.8, which is the stable, final
> release of v4.8, following all the release canditates.
> 
> However, if I search for the tag that follows (and hence contains) that
> commit, I do not find version 4.8, nor version 4.9, but 4.10:
> 
> $ git describe --contains bafb2f7d4755bf1571bd5e9a03b97f3fc4fe69ae
> v4.10-rc1~154^2~44^2~178
> 
> Why? Why not v4.8-rc3? This means that the patch has been included neither
> in v4.8 nor in v4.9, but only in version 4.10-rc1, right? Why so much time
> was needed, considering it was the 621st commit on top ov v4.8-rc2?

Could you please point me out some doc that might help me understand this? I'm 
still thinking about it!

Thank you!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁Sent from my brain using neurons fueled by glucose.
⢿⡄⠘⠷⠚⠋⠀ 
⠈⠳⣄

Re: How to change default umask in Stretch?

[Reco]

Hi.

An update for the archives.

On Wed, 9 Aug 2017 08:09:16 -0400
Greg Wooledge  wrote:

> On Tue, Aug 08, 2017 at 01:27:02PM +0300, Reco wrote:
> > Or find gnome-session (or gnome-shell - I don't recall who exactly
> > spawns user applications in GNOME) process pid, execute something like
> > this on login:
> > 
> > gdb -p $(pidof gnome-session) -ex 'p umask(0077)' --batch
> > 
> > You'll need gdb to be installed, of course.
> 
> It's beginning to sound like GNOME applications aren't even launched
> by GNOME at all, but rather by systemd/dbus.  Somehow.

Couple of experiments later, which involved strace, ltrace *and*
auditctl I confirm that GNOME applications are launched by dbus-daemon
indeed. Not 'system' one, but 'session' dbus-daemon.
If you do it via gnome-shell anyway.


> I'd be interested in hearing the results of your gdb experiment being
> performed on the user session dbus daemon process, by someone using
> GNOME.  I have no idea whether it would actually work, but if it does,
> that would help us understand how this... desktop... is put together.

So, once I pinpointed spawning process, I poked it with gdb and it
changed the umask. So, correct hack for the umask in GNOME (as of
stretch) is:

gdb -p $(pgrep -U $(id -u) -f '/usr/bin/dbus-daemon --fork') \
-ex 'p umask(0077)' --batch

Reco

Re: Debian 9.1 amd64 Xfce panel clock broken

[Charlie Kravetz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 9 Aug 2017 17:13:55 -0700
David Christensen  wrote:

>debian-user:
>
>I have a Dell Inspiron E1505 laptop with an Intel Core Duo T7400 CPU, 2 
>GB RAM, 16 GB SSD, and a fresh install of 
>debian-9.1.0-amd64-xfce-CD-1.iso, with all updates and upgrades as of now:
>
>2017-08-09 16:59:07 root@tinkywinky ~
># cat /etc/debian_version
>9.1
>
>2017-08-09 16:59:18 root@tinkywinky ~
># uname -a
>Linux tinkywinky 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 
>(2017-08-06) x86_64 GNU/Linux
>
>2017-08-09 16:59:22 root@tinkywinky ~
># dpkg-query --show xfce4
>xfce4  4.12.3
>
>
>I would like to use the Xfce panel "clock" item.  Unfortunately, it is 
>broken:
>
>- If I right-click on the Xfce panel and choose "Panel Preferences...", 
>the "Panel" dialog appears.
>
>- Selecting Panel -> Items tab, "Clock" appears in the list of panel items.
>
>- If I select Panel -> Items -> Clock and click the "Edit the currently 
>selected item" button, the "Clock" dialog appears.
>
>- I then configure Clock as follows:
>
> Time Settings
>   TimezonePST8PDT
> Appearance
>   Layout  Digital
>   Tooltip format  Wednesday 09 August 2017
> Clock Options
>   Format  05:04:55 PM
>
>Once I have made the above settings, but before choosing "Close", the 
>current time is displayed at the proper location in the Xfce panel. 
>This is what I want.
>
>- But when I click "Close", the current time disappears from the panel 
>-- e.g. Clock breaks.
>
>
>Looking in /var/log and dmesg, I don't see any clues.
>
>
>Any suggestions for figuring out why Clock is broken and how to fix it?
>
>
>David
>

It almost sounds like the panel is too long for the monitor. The clock
is disappearing off the end of the panel. Is the clock the last thing
in panel? Try moving it to the other of the panel, and see if it still
disappears.

- -- 
Charlie Kravetz
Linux Registered User Number 425914
[http://linuxcounter.net/user/425914.html]
Never let anyone steal your DREAM.   [http://keepingdreams.com]
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEG5QK93YKrQMH22ZTiq6LjqbJ0IAFAlmL5WUACgkQiq6LjqbJ
0IDebAf/UDM+FUUFMDHiu9qkqaIq7fMSNr/KghoKRHcM62V3AmAa0Pad0UeNz9/d
h7in3Y5hJ87tybWufZn6YkU6+so4d7Nyz7VxIA16ELAHFPzvlmVLAGMkMEVKG0y2
3cl/ynWx3wjaA5TXn3nQRdVbcIo03ftcO7E9lFOB8auToAJex7CxBoGaH3Ikjnrn
TsoRHWSJLR1x00vX958gFcyIpd39dQGmQ9HvijqtlBO4m/17DWmIiotGhjHhuMpm
TL5vCsoZVx7k5IOZZGjxBzIz6AR+GgtUuPYgc6780LPme2cNwB/k7xYk2q8oBpkG
v05M+WlNytS5pSY7hv+ZeXAVJVnqjg==
=BpKy
-END PGP SIGNATURE-

Re: Btrs vs ext4. Which one is more reliable?

[David Niklas]

On Sat, 29 Jul 2017 04:59:40 +
Andy Smith  wrote:

> > My understanding is that the only thing that prevents silent
> > corruption in ext4 is the hard drive CRC (Cyclic Redundancy Check
> > Error). Is that enough for a server?  
> 
> No, not with multi-terabyte devices. CRC doesn't detect well enough,
> also errors can happen at different places that CRC can't always
> detect.

I use RAID5 and reiserfs the only problem I've had so far is RAM
corruption (Ugh!). reierfs is very reliable, does not loose data in the
presence of being unmounted unsuccessfully, WHICH XFS DOES REALLY
BADLY(I think I even saw a video in which an fs dev said that xfs does
this on purpose so that an sensitive data does not remain on the drive).
I also tried fat32, but in the presence of being unmounted incorrectly
you'll get some data loss, but not corruption, that is to say that fat32
seems to behave like an atomic fs; either the data is on the drive or not.
Same with ext4 except that I have gotten many corruptions if it's not
properly unmounted. Nilfs2 seems to have a bug someplace in the kernel
(4.9), but I've not yet narrowed it down. I don't know anything about
others then those listed above.

Yes, I've been really busy trying to find a good FS.

> The worst I've seen on the zfsonlinux list in the last couple of
> years is people reporting abnormally low performance in their
> configuration.
> 
> Cheers,
> Andy
> 

Actually, I've read that zfs can only mount on a *totally* empty
directory.


Also, my use case is at home where the power can and *does* fail. I also
find myself using the latest kernel and oftentimes an experimental driver
for my AMD graphics card, hence my need for a *very* stable fs over
sudden unmount.


Sincerely,
David

Re: Laser Printer recommendation...

[David Niklas]

On Tue, 8 Aug 2017 20:00:29 +0100
Brian  wrote:
> On Tue 08 Aug 2017 at 13:01:30 -0500, Doug wrote:
> 
> > It always amazes me that people who get a driver made specifically
> > for a device, a driver that has significantly more capability than
> > one that came with their Linux os,
> > would refuse to use it. It hasn't cost them anything, just as the
> > Linux os hasn't cost them anything, so it is FREE. (Don't tell me
> > they paid for it with the printer--they
> > couldn't have bought the printer without subsidizing the driver, so
> > essentially it is free.)  Same goes for video drivers. It's like
> > trying to swim with one hand tied behind your back.  
> 
> It's strange, isn't it, that some people do not want to knuckle under
> and do what they are told is best for them. The same people want some
> control over the goods they own and the services they use. Wierdos.
> 
> Ignore them and join the hive.
> 

Well, on top of being able to use a pretested and know good
non-proprietary driver there are other reasons

https://www.eff.org/deeplinks/2017/06/printer-tracking-dots-back-news

Not to mention that some people think that proprietary drivers utilize
more ink than their FLOSS counterparts, and if Amazon reviews is any
indication, then manufacturers *do* want you to use more ink and newer
printers *do* use more ink. The question is, do manufacturers use
drivers, firmware, or both to achieve this end?

Sincerely,
David

Re: Background will not change.

[Jape Person]

On 08/09/2017 10:28 PM, Default User wrote:



Thanks, Jape!

That's a lot of information to digest, but I'll give it a try.  I wish 
there was an automated tool that could go through the system, to find 
and report any missing or invalid or circular dependencies, etc., and 
fix it or at least say "here's what you need to do to fix it".  Maybe 
someday.




Well, actually, that's what debsums does. At least the finding part. And 
fixing with apt isn't really hard at all. Once you found the missing 
bits and the packages they belong to, using apt or apt-get with the 
appropriate parameters generally fixes problem pretty easily.


Aptitude's textual user interface (Just execute aptitude in a terminal.) 
has the ability to find broken packages where entire dependent packages 
are missing, but I don't think it works as well as debsums coupled with 
apt or apt-get does when problems are caused by partially installed 
packages or missing/corrupted individual member files of a package.


If you haven't used these particular tools because you use something 
like Synaptic (which I know almost nothing about) or an autoupdater 
(which I know so little about that I don't even know its name), then 
getting used to these command line or TUI tools might take a bit of time 
and study.


They do allow you to see what changes a command will make to the system 
before you actually commit to it, so they're not quite as scary as they 
might look at first. The man pages can be pretty useful.


At any rate, running

# debsums -acs

in a terminal, then copying and pasting the terminal outlet into a reply 
to this thread may give us enough information to start with. It may 
prove that I'm all wet about this, and your problems with background 
changing are caused by a bug in whatever got updated.


Give it a shot! The debsums -acs command won't do anything to change 
your system, so there's no risk.


And, of course, if you have questions about how these utilities are 
working, you can just ask for help. One step at a time. Being unable to 
change the background isn't a problem that has to be fixed right of way, 
so you can take it slowly.


JP

Re: Acesso remoto com interface gráfica

[Sinval Júnior]

Por que não usam linha de comando? Ou uma interface web?

use ssh user@server -XC
Depois o comando virt-manager
Isto ira funcionar apenas no Linux, ou OSX. Para funcinar no Windows - se é
para administrar manda o cara se virar e instalar Linux - pode user
o Xming. Mais fica lento.

Ao encaminhar esta mensagem, por favor:
1 - Apague meu endereço eletrônico;
2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
Dificulte assim a disseminação de vírus, spams e banners.

#=+
#!/usr/bin/env python
nome = 'Sinval Júnior'
email = 'sinvalju arroba gmail ponto com'
print nome
print email
#==+

Em 9 de agosto de 2017 23:01, Leonardo S. S. da Rocha  escreveu:

> Legal gente, obrigado. O meu problema é que eu teria que montar um
> cenário pra que outros usuários possam acessar tem necessidade de
> conhecimento destes programas. Eu uso o virt-manager com KVM-Qemu no
> meu notebook. Não sabia que eu conseguia acessar uma máquina virtual
> remota com o virt-manager usando o SSH. Vou dar uma olhada na
> documentação. Obrigado Sérgio.
>
>
> 2017-08-09 18:23 GMT-03:00 Sérgio Abrantes Junior <
> sergioabran...@gmail.com>:
>  Olá,
> 
>  Eu uso KVM nos hospedeiros sem nenhuma interface instalada (Gnome,
> XFCE,
>  etc).
>  Contudo, gerencio remotamente com interface gráfica do virt-manager.
>  Acesso via ssh -X e depois de logar, executo ele (virt-manager) e me
> abre
>  uma tela onde consigo fazer tudo.
>  Ele funciona com KVM, XEN e LXC. Da uma olhada no projeto
>  (https://virt-manager.org). Os repositórios do Debian possui tudo que
>  precisa.
>  Se for usar o KVM, na wiki do Debian possui uma documentação leval
>  (https://wiki.debian.org/KVM).
> 
>  Até!
> 
>  Sérgio Abrantes
> 
>  Em 9 de agosto de 2017 13:07, Rodolfo  escreveu:
> 
>  Eu usava o remmina, achei prático.
> 
>  Em 9 de agosto de 2017 11:42, Wiliam Freitas <
> wilia...@yahoo.com.br>
>  escreveu:
> 
>  Com TeamViewer vc consegue acessar seu server como se
> fosse um desktop
>  remoto, mas usar interface em um server pode criar
> brechas de segurança.
> 
>  O ideal seria usar apenas o CLI no seu server e acessá-lo
> via SSH. Nesse
>  caso, na hora do acesso, usando os parâmetros '-XY',
> talvez consiga fazer o
>  que precisa (dispensando interface):
> 
>  -X: Enables X11 forwarding.  This can also be specified
> on a per-host
>  basis in a configuration file.
> 
>  -Y: Enables trusted X11 forwarding.  Trusted X11
> forwardings are not
>  subjected to the X11 SECURITY extension controls.
> 
>  Abraços.
> 
>  Wiliam Freitas (@wili4m), http://blogporta80.com.br
> 
>  On 08/09/2017 12:29 PM, Leandro Guimarães Faria Corcete
> DUTRA wrote:
> 
>  Le lundi 07 août 2017 à 22:27 -0300, Leonardo S. S.
> da Rocha a écrit :
> 
>  Qual é a recomendação ? No Debian seria o
> vinagre? Caso eu tenha que
>  configurar o acesso a outra pessoa que usa
> windows ele integraria com
>  Putty por exemplo?
> 
>  O Putty, se não me falha a memória, te dará apenas
> acesso SSH.  Para o
>  gráfico, precisarás do equivalente do Vino: ou um
> servidor X11 para MS
>  Windows, ou um cliente VNC, ou algum outro
> equivalente que não me
>  ocorre no momento.
> 
> 
>  -- skype:leandro.gfc.dutra?chat  Yahoo!:
> ymsgr:sendIM?lgcdutra +55
>  (61) 3546 7191  gTalk:
> xmpp:leand...@jabber.org +55 (61) 9302
>  2691ICQ/AIM: aim:GoIM?screenname=61287803
> BRAZIL GMT−3  MSN:
>  msnim:chat?contact=lean...@dutra.fastmail.fm
> 
> 
> 
> 
>
>
>
> --
> Atenciosamente,
> (Best regards),
>
>
> Leonardo Rocha
> about.me/leonardo.rocha
>
> 
>
>

Re: Background will not change.

[Default User]

Thanks, Jape!

That's a lot of information to digest, but I'll give it a try.  I wish
there was an automated tool that could go through the system, to find and
report any missing or invalid or circular dependencies, etc., and fix it or
at least say "here's what you need to do to fix it".  Maybe someday.

Re: Acesso remoto com interface gráfica

[Leonardo S. S. da Rocha]

Legal gente, obrigado. O meu problema é que eu teria que montar um
cenário pra que outros usuários possam acessar tem necessidade de
conhecimento destes programas. Eu uso o virt-manager com KVM-Qemu no
meu notebook. Não sabia que eu conseguia acessar uma máquina virtual
remota com o virt-manager usando o SSH. Vou dar uma olhada na
documentação. Obrigado Sérgio.


2017-08-09 18:23 GMT-03:00 Sérgio Abrantes Junior :
 Olá,

 Eu uso KVM nos hospedeiros sem nenhuma interface instalada (Gnome, XFCE,
 etc).
 Contudo, gerencio remotamente com interface gráfica do virt-manager.
 Acesso via ssh -X e depois de logar, executo ele (virt-manager) e me abre
 uma tela onde consigo fazer tudo.
 Ele funciona com KVM, XEN e LXC. Da uma olhada no projeto
 (https://virt-manager.org). Os repositórios do Debian possui tudo que
 precisa.
 Se for usar o KVM, na wiki do Debian possui uma documentação leval
 (https://wiki.debian.org/KVM).

 Até!

 Sérgio Abrantes

 Em 9 de agosto de 2017 13:07, Rodolfo  escreveu:

 Eu usava o remmina, achei prático.

 Em 9 de agosto de 2017 11:42, Wiliam Freitas 
 escreveu:

 Com TeamViewer vc consegue acessar seu server como se
fosse um desktop
 remoto, mas usar interface em um server pode criar
brechas de segurança.

 O ideal seria usar apenas o CLI no seu server e acessá-lo
via SSH. Nesse
 caso, na hora do acesso, usando os parâmetros '-XY',
talvez consiga fazer o
 que precisa (dispensando interface):

 -X: Enables X11 forwarding.  This can also be specified
on a per-host
 basis in a configuration file.

 -Y: Enables trusted X11 forwarding.  Trusted X11
forwardings are not
 subjected to the X11 SECURITY extension controls.

 Abraços.

 Wiliam Freitas (@wili4m), http://blogporta80.com.br

 On 08/09/2017 12:29 PM, Leandro Guimarães Faria Corcete
DUTRA wrote:

 Le lundi 07 août 2017 à 22:27 -0300, Leonardo S. S.
da Rocha a écrit :

 Qual é a recomendação ? No Debian seria o
vinagre? Caso eu tenha que
 configurar o acesso a outra pessoa que usa
windows ele integraria com
 Putty por exemplo?

 O Putty, se não me falha a memória, te dará apenas
acesso SSH.  Para o
 gráfico, precisarás do equivalente do Vino: ou um
servidor X11 para MS
 Windows, ou um cliente VNC, ou algum outro
equivalente que não me
 ocorre no momento.


 -- skype:leandro.gfc.dutra?chat  Yahoo!:
ymsgr:sendIM?lgcdutra +55
 (61) 3546 7191  gTalk:
xmpp:leand...@jabber.org +55 (61) 9302
 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN:
 msnim:chat?contact=lean...@dutra.fastmail.fm







-- 
Atenciosamente,
(Best regards),


Leonardo Rocha
about.me/leonardo.rocha

Re: Background will not change.

[Jape Person]

On 08/09/2017 02:31 PM, Default User wrote:
...


Hi tomas.

Cinnamon DE I think borrows it's background settings utility from
Gnome 3.

I had the background (wallpaper) set to show an image from the 
"Pictures" directory.  Upon reboot, the background displayed instead

was the "softwaves" wallpaper installed by default by Debian 9
Stable.

To change it, I right clicked on the desktop to bring up the desktop
 menu.  From that I left clicked "Change Desktop Background".  That 
brings up a window showing preview images of the full images

available in (in this case) the Pictures directory.

From this window, I left clicked any image preview. The preview image
 in the window then has a blue highlight around it. But then nothing
else happens.

Previously, when selecting any image preview, the desktop background
 behind the window would change to the full version of the image 
selected. Now, the desktop does not change at all.


This acts the same for for any other directory added to the menu on
the left side of window in question.

-

 Note: in the menu on the left side of  the window mentioned, the
icons next to the choices above the "Pictures" directory all show as
the "broken icon" placeholder symbol.  "Pictures and below show a
folder icon, as expected. Also, the choices in this left hand menu of
the window can not be reliably selected, sometimes clicking them does
 nothing.  And the Adwaita choice appears to have no images
associated with it.

This behavior (after "Note") has existed since the original install
of Debian 9 Stable.  I guess I just got used to it.

-

 Fun fact: if the screen saver activates, then the user wants to
unlock it, the password entry box appears. Behind it is a
translucent, faded display of the full background image the user
wanted and had selected. But when the screen is unlocked, the
user-chosen image has disappeared and the "softwaves" image has
become the background again.




No expert here, but I do use the Cinnamon DE on my testing systems. I'll 
tell you what I'm thinking from my end user level.


Your story sounds very much like there may be some missing dependencies 
in the DE. Obviously, the data is there, but parts of the DE are having 
trouble using it. Since you're running unstable / sid and updated 
recently, the method of upgrade used may have something to do with the 
symptoms.


Aptitude, apt, apt-get (subset of apt?) and synaptic can have slightly 
different behaviors from each other during upgrades depending upon their 
configurations and any options you pass when using them.


If the upgrade removed some packages during the upgrade, it may have 
removed a dependency or two that are needed for full function of the 
desktop background feature. I'd check /var/log/apt/history.log to see 
just what was upgraded and what (if any) was removed.


If nothing was removed, I guess it's possible that something was 
upgraded to a new version but a dependency was left at an earlier 
version that doesn't support the parts of the upgraded stuff. I'd think 
you'd have got some feedback on that during the upgrade process, but 
things maybe don't always go as intended during upgrades -- especially 
in unstable.


You can use the aptitude TIA to look at the details for any package 
names that were removed to see if any dependencies for the DE (or more 
specifically the background selector) were broken.


Another useful utility is debsums. Running "debsums -acs" as root on a 
system will show you every missing or altered file in the system 
locations. It also lists parenthetically which packages have those 
missing files as dependencies.


This being unstable, you might be able to fix the issue by downgrading 
the DE, or portions of it, to the testing version. (I think I'd keep it 
all the same version.)


If the missing files got removed or corrupted in some other way, it's 
possible you can reinstall the broken package(s) with something like


# apt install [package] --reinstall

I've done lots of experimentation on our testing systems -- especially 
with respect to changing DEs. My preferred method of doing this is to 
completely remove task-desktop-whatever and task-desktop. It's more 
time-consuming and sometimes breaks a few things. But fixing the broken 
stuff using apt and debsums is very easy and results in a system that's 
identical in file complement and configuration (barring manual 
configuration changes) to a fresh netinstall with that same DE on 
another system. That means to me that Debian's package management really 
works well and is able to break anything the unsuspecting user breaks 
through misdirection or inattention. (Of course, that method wouldn't be 
great for someone with low bandwidth.)


Anyway, I hope some of my meandering may be helpful.

Best,
JP

Oprechte excuses.

[dieter horemans]

Hallo,

Ik heb uw mail nog maar enkele dagen geleden kunnen lezen doordat ik 
onbeschikbaar was wegens een ongeval.
Ik bied u alvast mijn excuses aan en in de toekomst kan u mij ook steeds 
telefonisch bereiken op het nummer 0465/21.20.67
vanaf komende Zaterdag,12/08
na 13:00 uur beschikbaar.

Alvast bedankt voor uw begrip en vertrouwen.Bij onze eerste ontmoeting mag u 
kleine attentie verwachten.
Nogmaals mijn excuses.

Met vriendelijke groeten,
Patrick D.C.

Re: When did Debian decide to enable PIE by default?

[Gene Heskett]

On Wednesday 09 August 2017 12:43:14 Thomas Schmitt wrote:

> Hi,
>
> Gene Heskett wrote:
> > > what the heck is PIE?
>
> Dan Ritter and others wrote:
> > https://en.wikipedia.org/wiki/Position-independent_code
>
> It seems to have caused only moderate trouble.
> Insofar it did not cause such a spectacular echo as other novelties
> and strategic decisions.
>
> 慕 冬亮  wrote:
> > why does Debian enable PIE by default, other
> > than stack protector and FORTIFY_SOURCE that are already enabled by
> > default in the Ubuntu distribution?
>
> All i know is what i learned during research for the question a few
> days ago, why Debian 9 was slower than Debian 8:
>   https://lists.debian.org/debian-user/2017/08/msg00051.html
> (It would be nice to learn if any new insight came to Alexandru
> Iancu.)
>
> If there remain particular technical questions after following all
> links and some sub-links of
>   https://wiki.debian.org/Hardening/PIEByDefaultTransition
> i would possibly ask on debian-devel mailing list, whether there is
> more info available about the motivation and constraints of Debian's
> decision.
>
It is NOT a new invention by any means. Motorola's micro-processor in the 
first TRS-80 Color Computer, the MC6809E in the early 1980's was built 
with that in mind.  And I've been writing assembly code that used it 
ever since.

So its only new to the wintel scene. :)  I assume moto's patents had to 
expire before anybody else could use it.  Although, moto did allow 
Hitachi to "clone it' in cmos, but Hitachi had to promise to never, ever 
admit it was anything but a clone. But Hitachi had some pretty clever 
people, so the various nooks and cranny's in the instruction map that 
were blank in the motorola version, were filled in, making it 
considerably more orthogonal, and despite having an 8 bit data bus, 
actually has some 32 bit operations, like a 16 bit into 32 bit divide in 
39 clocks maximum.  Or a 16x16 bit mull in 25 clocks.  Taking full 
advantage of all that, the formerly called os9 operating system, now 
community maintained as Nitros9, is about 150% faster at the same clock 
speed as that same socket was driven at in the 1983 or 84 time frame. I 
had a hand in converting one of its code modules myself.

> Have a nice day :)
>
> Thomas


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: When did Debian decide to enable PIE by default?

[Gene Heskett]

On Wednesday 09 August 2017 10:52:26 慕 冬亮 wrote:

> On 08/09/2017 10:48 AM, Gene Heskett wrote:
> > On Wednesday 09 August 2017 10:31:48 Thomas Schmitt wrote:
> >> Hi,
> >>
> >> 慕 冬亮  wrote:
> >>> When does Debian Team, or Security Team decide to enable PIE by
> >>> default?
> >>
> >> I guess it was one year ago. At least that's the dates one can see
> >> on https://wiki.debian.org/Hardening/PIEByDefaultTransition
> >
> > Interesting Thomas, but what the heck is PIE?  I know about PAE, but
> > PIE? Whats it do?  Searching the above wiki returned only this
> > thread.
>
> Please take a look at the following URL:
>
> https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2Fg.2
>B-.2B-_-fPIE_-pie.29
>
Aha, another name for PIC, which I've only been writing code that uses it 
for 32 years. Also known as PCR, for Program Counter Relative.  Such 
code can be loaded into memory and executed without any patching.

> It is a security feature which combines with ASLR to do full address
> space randomization.
>
> > Thanks, you too.
> >
> >> Have a nice day :)
> >>
> >> Thomas
> >
> > Cheers, Gene Heskett


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Debian 9.1 amd64 Xfce panel clock broken

[David Christensen]

debian-user:

I have a Dell Inspiron E1505 laptop with an Intel Core Duo T7400 CPU, 2 
GB RAM, 16 GB SSD, and a fresh install of 
debian-9.1.0-amd64-xfce-CD-1.iso, with all updates and upgrades as of now:


2017-08-09 16:59:07 root@tinkywinky ~
# cat /etc/debian_version
9.1

2017-08-09 16:59:18 root@tinkywinky ~
# uname -a
Linux tinkywinky 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 
(2017-08-06) x86_64 GNU/Linux


2017-08-09 16:59:22 root@tinkywinky ~
# dpkg-query --show xfce4
xfce4   4.12.3


I would like to use the Xfce panel "clock" item.  Unfortunately, it is 
broken:


- If I right-click on the Xfce panel and choose "Panel Preferences...", 
the "Panel" dialog appears.


- Selecting Panel -> Items tab, "Clock" appears in the list of panel items.

- If I select Panel -> Items -> Clock and click the "Edit the currently 
selected item" button, the "Clock" dialog appears.


- I then configure Clock as follows:

Time Settings
  Timezone  PST8PDT
Appearance
  LayoutDigital
  Tooltip formatWednesday 09 August 2017
Clock Options
  Format05:04:55 PM

Once I have made the above settings, but before choosing "Close", the 
current time is displayed at the proper location in the Xfce panel. 
This is what I want.


- But when I click "Close", the current time disappears from the panel 
-- e.g. Clock breaks.



Looking in /var/log and dmesg, I don't see any clues.


Any suggestions for figuring out why Clock is broken and how to fix it?


David

Re: Sudden death of bluetooth headphone connectivity

[Mark Fletcher]

On Wed, Aug 09, 2017 at 08:18:02PM +0200, deloptes wrote:
> But when I try $ pactl load-module module-bluetooth-discover
> Failure: Module initialization failed
> 
> is it loaded or fails loading?
> 
> pulseaudio -k
> pulseaudio --start
> pactl load-module module-bluetooth-discover
> 20
> pactl load-module module-bluetooth-discover
> Failure: Module initialization failed
> 

A, you're kidding!!!??

pactl load-module module-bluetooth-discover

returned, in my case, "26".

Then, connecting as normal worked!

So somehow the module, which was previously loading automatically, isn't 
any more. I just have to figure out how to make that automatic and I'm 
off to the races again.

I also noticed that once again I have 2 copies of pulse running, one as 
user "Debian-" (the full name is elided in ps -ef) and one as 
my normal user. That is presumably an artifact of the upgrade from 
Jessie to Stretch -- I had previously removed the system one to fix an 
earlier problem but it seems I can connect and use the headphones 
without doing so now, if I manually load the module.

Thanks a lot for everyone's help with this one. 

Mark

Re: Lenovo Ideapad 110 algún truco?

[Felix Perez]

El 9 de agosto de 2017, 12:39, AlexLikeRock  escribió:
>
>
>> Sólo para documentación y por si alguna vez se encontrara una salida
>> instalé la imagen iso desde este repositorio unofficial escogiendo la que
>> viene con kde.

Porqué no te bajas la ISO desde un repo oficial y pruebas.

Pregunta muy vaga y parece que para otra distro.


>> Al hacerlo terminó la instalación y al probarlo instalado se cuelga y no
>> funciona en lo absoluto. Inicialmente podría decir que debian no es
>> compatible con lenovo ideapad 110. Si alguien ha tenido tiempo de hacer
>> otras pruebas y puede indicar lo contrario estaré feliz de saberlo.
>>
>
> en caso de "CUEGUES"  no uses  escritorios pesados que exigen mucho
> rendimiento de GRAFICOS y PROCESADOR , como GNOME3  y KDE.
> trata de instalar escritorios alternativos , como;
> OPENBOX   (latamente recomendado para estas situaciones)
> MATE  (ligero y completo  ,   )
> TWM
> FLUXBOX
> etc etc
>
> inclusive , puedes instalar  DEBIAN  sin escritorio,
> asi te daras  cuenta  que  LA DISTRIBUCION  DEBIAN  SI FUNCIONA, lo que no
> funciona son los escritorios como la mayoria de veces :-P
>
> e ir instalando escritorio , uno  por uno para que vayas biendo el
> comportamiento de cada uno,
> por cierto  , puedes tener instalados  todos los escritorios al mismo
> tiempo, y alternarlos , cuando inicies secion, cosa que windows no puedes
> hacer ;-)
>
>> De momento mantengo el laptop con linux mint 18.2 y funciona de las mil
>> maravillas.
>>
> si no quieres profundisar en la configuracion, me parece buena idea que te
> quedes en otra  distro que no tengas problemas,
>  ya que te cientas con animos  puedes regresar a debian ;-)
>
> saludos amigo
>



-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[Ph. Gras]

Salut,

> 

l'hiver, ils nous emmerdent avec la grippe et l'été avec les virus 
informatiques.

Je hais la modernité.

Bonne nuit quand même,

Ph. Gras

Re: Acesso remoto com interface gráfica

[Sérgio Abrantes Junior]

Olá,

Eu uso KVM nos hospedeiros sem nenhuma interface instalada (Gnome, XFCE,
etc).
Contudo, gerencio remotamente com interface gráfica do virt-manager.
Acesso via ssh -X e depois de logar, executo ele (virt-manager) e me abre
uma tela onde consigo fazer tudo.
Ele funciona com KVM, XEN e LXC. Da uma olhada no projeto (
https://virt-manager.org). Os repositórios do Debian possui tudo que
precisa.
Se for usar o KVM, na wiki do Debian possui uma documentação leval (
https://wiki.debian.org/KVM).

Até!

Sérgio Abrantes

Em 9 de agosto de 2017 13:07, Rodolfo  escreveu:

> Eu usava o remmina, achei prático.
>
> Em 9 de agosto de 2017 11:42, Wiliam Freitas 
> escreveu:
>
>> Com TeamViewer vc consegue acessar seu server como se fosse um desktop
>> remoto, mas usar interface em um server pode criar brechas de segurança.
>>
>> O ideal seria usar apenas o CLI no seu server e acessá-lo via SSH. Nesse
>> caso, na hora do acesso, usando os parâmetros '-XY', talvez consiga fazer o
>> que precisa (dispensando interface):
>>
>> -X: Enables X11 forwarding.  This can also be specified on a per-host
>> basis in a configuration file.
>>
>> -Y: Enables trusted X11 forwarding.  Trusted X11 forwardings are not
>> subjected to the X11 SECURITY extension controls.
>>
>> Abraços.
>>
>> Wiliam Freitas (@wili4m), http://blogporta80.com.br
>>
>> On 08/09/2017 12:29 PM, Leandro Guimarães Faria Corcete DUTRA wrote:
>>
>>> Le lundi 07 août 2017 à 22:27 -0300, Leonardo S. S. da Rocha a écrit :
>>>
 Qual é a recomendação ? No Debian seria o vinagre? Caso eu tenha que
 configurar o acesso a outra pessoa que usa windows ele integraria com
 Putty por exemplo?

>>> O Putty, se não me falha a memória, te dará apenas acesso SSH.  Para o
>>> gráfico, precisarás do equivalente do Vino: ou um servidor X11 para MS
>>> Windows, ou um cliente VNC, ou algum outro equivalente que não me
>>> ocorre no momento.
>>>
>>>
>>> -- skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra +55
>>> (61) 3546 7191  gTalk: xmpp:leand...@jabber.org +55 (61)
>>> 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL GMT−3
>>> MSN: msnim:chat?contact=lean...@dutra.fastmail.fm
>>>
>>>
>>
>

Re: When did Debian decide to enable PIE by default?

[慕 冬亮]

On 08/09/2017 10:31 AM, Thomas Schmitt wrote:
> Hi,
>
> 慕 冬亮  wrote:
>> When does Debian Team, or Security Team decide to enable PIE by default?
> I guess it was one year ago. At least that's the dates one can see on
>https://wiki.debian.org/Hardening/PIEByDefaultTransition
Such a good news for me, a student learning information security. 
However, I have a doubt, why does Debian enable PIE by default, other 
than stack protector and FORTIFY_SOURCE that are already enabled by 
default in the Ubuntu distribution?

I think stack protector(FORTIFY_SOURCE) has less overhead than PIE.

>
> Have a nice day :)
>
> Thomas
>

-- 

---
My best regards to you.

  No System Is Safe!
  Dongliang Mu

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[Jonathan bartoua Schneider]

SELinux est quand même super contraignant, c'est facile quand on fait du
Apache ou un soft packagé les règles viennent avec. Quand tu mets en prod
ton application tu passes du temps au premier setup et à chaque montée de
version. Généralement on le met pas sur les équipements backend (ie. qui ne
sont pas exposés en direct).

On a suffisamment de couches de sécurité entre le monde extérieur et ces
machines (firewall, WAF, IPS, ...)

Cordialement,
Jonathan

Le 9 août 2017 10:50 PM, "maderios"  a écrit :

> On 08/09/2017 09:10 PM, Gaëtan Perrier wrote:
>
>> Bonjour,
>>
>> J'ai essayé l'extension clamav pour Firefox mais le gros problème c'est
>> que pendant l'analyse ça bloque Firefox complètement.
>>
>> Bonjour
> Je ne vois pas en quoi Debian / Linux est concerné par les virus de
> Windows. La seule raison d'exister de Clamav, c'est le système nativement
> vérolé vendu à prix d'or par la multinationale Microsoft: Windows.
> Si l'on veut augmenter la sécurité sur Linux sans se prendre la tête (une
> fois configuré!), il faut par exemple installer Selinux (d'ailleurs
> installé par défaut sur Fedora). Un système protégé par Selinux est
> quasiment impossible à rooter. J'ai tout essayé sur un Android Lollipop > 5
> tournant sur une tablette, aucun espoir, ni pour moi ni pour les autres
> utilisateurs qui ont tenté l'opération.
> Je ne comprends pas pourquoi Selinux n'est pas nativement intégré à Debian
> et ce, d'autant plus que Debian est orienté serveurs.
>
> --
> Maderios
>
>

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[maderios]

On 08/09/2017 09:10 PM, Gaëtan Perrier wrote:

Bonjour,

J'ai essayé l'extension clamav pour Firefox mais le gros problème c'est que 
pendant l'analyse ça bloque Firefox complètement.


Bonjour
Je ne vois pas en quoi Debian / Linux est concerné par les virus de 
Windows. La seule raison d'exister de Clamav, c'est le système 
nativement vérolé vendu à prix d'or par la multinationale Microsoft: 
Windows.
Si l'on veut augmenter la sécurité sur Linux sans se prendre la tête 
(une fois configuré!), il faut par exemple installer Selinux (d'ailleurs 
installé par défaut sur Fedora). Un système protégé par Selinux est 
quasiment impossible à rooter. J'ai tout essayé sur un Android Lollipop 
> 5 tournant sur une tablette, aucun espoir, ni pour moi ni pour les 
autres utilisateurs qui ont tenté l'opération.
Je ne comprends pas pourquoi Selinux n'est pas nativement intégré à 
Debian et ce, d'autant plus que Debian est orienté serveurs.


--
Maderios

Re: Help with USB audio card

[Rodolfo Medina]

deloptes  writes:

> Rodolfo Medina wrote:
>
>> I unmuted it from within alsamixer menu: F6 and went into the USB card
>> table. Then I gave the command...
>
> perhaps there is also a volume control to set the volume


Yes, but volume is loud...

Rodolfo

Re: modifying debian installer image

[Brian]

On Wed 09 Aug 2017 at 08:49:46 +0200, Fourhundred Thecat wrote:

> I have downloaded debian netinstaller:
> 
> wget
> http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz
> 
> I have unpacked the image, and I was looking around to try to understand
> how it works. I assumed, there was some config file with a list of all
> the packages that are going to be installed.
> 
> I would like to modify that list, and replace systemd with sysvinit-core.
> 
> I don't see any such package list in the installer, and I could not find
> much information on how the installer works.
> 
> Could somebody please help me understand, where the installer gets the
> list of packages it installs ? And how I can change that list?
> 
> PS: I know I can remove systemd and install sysvinit-core *after* the
> installation. But I am trying to avoid installing systemd and then
> removing it. I would like to install sysvinit-core right away.
> 
> I am also using preseeding for installation, but as far as I know, this
> cannot be achieved with preseeding alone.

Doesn't the wiki have advice about remastering the installer?

Not quite an answer to your question, but you could explore the
suggestion in

 https://lists.debian.org/debian-user/2017/07/msg00321.html

  If you want something more complicated, like not installing systemd at
  all, you'll have to pass --include and --exclude options to debootstrap
  using the base-installer/includes and base-installer/excludes preseed
  options; something like:

  base-installer/includes=sysvinit-core base-installer/excludes=systemd-sysv

  but that's totally untested.

I think this can be preseeded.

-- 
Brian.

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[Gaëtan Perrier]

Bonjour,

J'ai essayé l'extension clamav pour Firefox mais le gros problème c'est que 
pendant l'analyse ça bloque Firefox complètement.

À+

Gaëtan

Le 9 août 2017 12:39:06 GMT+02:00, Randy11  a écrit :
>On 18/07/2017 13:23, andre_deb...@numericable.fr wrote:
>> Que pensez vous de cet article ?
>> 
>> selon la société WatchGuard qui a tout intérêt à vendre ses
>antivirus... :
>> 
>>
>http://www.infodsi.com/articles/169919/cyber-menaces-basculent-vers-linux-serveurs-web.html?key=6433cdc950c99165
>> 
>> Les dernières cyberattaques étaient dûes à des virus venant et pour
>> MS-Windows, maintenant on met GNU/Linux en cause.
>> 
>> L'article ne cite acune source d'attaques précises sur Linux,
>alors...
>> 
>> André
>> 
>> 
>Bonjour,
>
>Cas plus sérieux :
>- 
>https://security.web.cern.ch/security/advisories/busywinman/BusyWinman.shtml
>- 
>https://www.securityartwork.es/2017/07/21/linux-bew-backdoor-minado-bitcoin/
>
>Personnellement, j'utilise Firefox et NoScript. NoScript est configurer
>
>pour tout
>bloquer. Je vais aussi installer ClamAV et le faire tourner de temps en
>
>temps.
>
>Pour le partage des ressources entre Windows et Linux, cela a coûté un 
>week-end
>à des admins Linux à cause des fichiers infectés sous Windows utilisés 
>sous Linux,
>les filesytems étaient partagé.
>
>Bonne journée.
>
>Randy11
>
>P.S. : Il semble que je n'arrive plus à poster sur cette liste, merci
>de 
>me faire
>savoir si vous avez déjà reçu ce message.

-- 
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

signature.asc
Description: PGP signature

Re: Don’t hesitate to start a conversation with me Janice

[Ron Bouvier]

Janice idon,tknow who you are I need more info. 

On Monday, August 7, 2017 3:46 PM, Janice Chomsangjun  
wrote:
 

 

I do not bite. Well, only if you ask, I could…  
http://bitly.com/2uipIDJ

   

Re: no non-free firmware on lapton, no Ethernet, related?

[Dejan Jocic]

On 09-08-17, Emanuel Berg wrote:
> Dejan Jocic wrote:
> 
> > Well, you should have write down what was
> > missing during installation, those messages
> > you get for reason. Also, when you have
> > firmware and you get note that it is missing,
> > it is best to abort installation and download
> > needed firmware and put in USB you can insert
> > during installation.
> 
> Well, I can redo the installation!
> 
> Actually I just tried that, and what is missing
> is b43/ucode13.fw .
> 
> I downloaded this archive [1] and copied the
> files (the archive as well as all the files,
> unpacked) onto a USB stick.
> 
> However inserting it didn't help because after
> a short while of "looking" (?) the same error
> message came up again.
> 
> [1] 
> http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/jessie/current/firmware.zip
> 
> --
> underground experts united
> http://user.it.uu.se/~embe8573
> 

Did you check among those files if there is firmware that you need?
Also, if you have another USB stick, just to be sure, try with it too?
>From quick search in debian packages, these are all related to b43:

https://packages.debian.org/jessie/firmware-b43-installer

https://packages.debian.org/jessie/b43-fwcutter

https://packages.debian.org/jessie/firmware-b43legacy-installer

So check if your hardware is related to any of those. Also, once, for
reason unknown to me, firmware from usb did not work, but installer with
firmware on it did. Could be that it was USB fault, though not sure
about it. Was using that USB without problem after that.

Re: I want to rejoice like a queen. Emma

[Okpowe Eve Edirin]

Thanks

On Aug 6, 2017 11:08 PM, Emma Tapaszto  wrote:
>
>
>
> Would you be my king?  
> http://bitly.com/2vDxYln 

Re: disable orange progress running apt

[Brian]

On Wed 09 Aug 2017 at 13:20:26 -0400, Greg Wooledge wrote:

> On Wed, Aug 09, 2017 at 06:12:31PM +0100, Brian wrote:
> > On Tue 08 Aug 2017 at 14:05:10 -0400, Felix Miata wrote:
> > > >From what documentation did Curt and you determine Apt::Color was the 
> > > >solution?
> > > Google turns up "Apt::Color "false";" or "Apt::Color 0" nowhere except in 
> > > this
> > > thread's archive.
> > 
> > For me - configure-index.gz.
> 
> It's not there in stretch.
> 
> wooledg:~$ cat /etc/debian_version 
> 9.1
> wooledg:~$ zgrep -i color /usr/share/doc/apt/examples/configure-index.gz 
> apt::moo::color "";
> apt::color::highlight "";
> apt::color::neutral "";

I did what Debian users are renowned for - used my initiative and
guessed. A more competent person would have read the source code.

-- 
Brian.

Re: Background will not change.

[Default User]

On Wed, Aug 9, 2017 at 4:31 AM,  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Aug 08, 2017 at 01:12:46PM -0400, Default User wrote:
> > Hi.
> >
> > - Debian Unstable.
> > - Cinnamon desktop environment.
> > - Updated 2017-08-07, then shut down.
> > - On 2017-08-08, booted up.
> >
> > Now, background is the Debian 9 default "Flipper" image.  Background can
> > not be changed.
>
> Can you describe this "background can not be changed" a bit more? How have
> you tried to change your background? What was the effect?
>
> Cheers
> - -- tomás
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEYEARECAAYFAlmKyFUACgkQBcgs9XrR2kaoHgCfdh9CfSJ6OVDzq+ThWJsrXFdH
> 2VEAniM2ndc1Rt3CJE+AIZjZPiiXE1jc
> =oWTm
> -END PGP SIGNATURE-
>
>

Hi tomas.

Cinnamon DE I think borrows it's background settings utility from Gnome 3.

I had the background (wallpaper) set to show an image from the "Pictures"
directory.  Upon reboot, the background displayed instead was the
"softwaves" wallpaper installed by default by Debian 9 Stable.

To change it, I right clicked on the desktop to bring up the desktop menu.
>From that I left clicked "Change Desktop Background".  That brings up a
window showing preview images of the full images available in (in this
case) the Pictures directory.

>From this window, I left clicked any image preview. The preview image in
the window then has a blue highlight around it. But then nothing else
happens.

Previously, when selecting any image preview, the desktop background behind
the window would change to the full version of the image selected. Now, the
desktop does not change at all.

This acts the same for for any other directory added to the menu on the
left side of window in question.

-

Note: in the menu on the left side of  the window mentioned, the icons next
to the choices above the "Pictures" directory all show as the "broken icon"
placeholder symbol.  "Pictures and below show a folder icon, as expected.
Also, the choices in this left hand menu of the window can not be reliably
selected, sometimes clicking them does nothing.  And the Adwaita choice
appears to have no images associated with it.

This behavior (after "Note") has existed since the original install of
Debian 9 Stable.  I guess I just got used to it.

-

Fun fact: if the screen saver activates, then the user wants to unlock it,
the password entry box appears. Behind it is a translucent, faded display
of the full background image the user wanted and had selected. But when the
screen is unlocked, the user-chosen image has disappeared and the
"softwaves" image has become the background again.

Re: no non-free firmware on lapton, no Ethernet, related?

[Emanuel Berg]

Dejan Jocic wrote:

> Well, you should have write down what was
> missing during installation, those messages
> you get for reason. Also, when you have
> firmware and you get note that it is missing,
> it is best to abort installation and download
> needed firmware and put in USB you can insert
> during installation.

Well, I can redo the installation!

Actually I just tried that, and what is missing
is b43/ucode13.fw .

I downloaded this archive [1] and copied the
files (the archive as well as all the files,
unpacked) onto a USB stick.

However inserting it didn't help because after
a short while of "looking" (?) the same error
message came up again.

[1] 
http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/jessie/current/firmware.zip

--
underground experts united
http://user.it.uu.se/~embe8573

Re: Help with USB audio card

[deloptes]

Rodolfo Medina wrote:

> I unmuted it from within alsamixer menu: F6 and went into the USB card
> table. Then I gave the command...

perhaps there is also a volume control to set the volume

regards

Re: Sudden death of bluetooth headphone connectivity

[deloptes]

Mark Fletcher wrote:

> Failed to connect: org.bluez.Error.Failed

Mark Fletcher wrote:

> Failed to connect: org.bluez.Error.Failed

I am not an expert in BT headphones. I had enough experience with phones.
However the process to connect is the same

[bluetooth]# default-agent
No agent is registered
[bluetooth]# agent on
Agent registered
[bluetooth]# default-agent
Default agent request successful
[bluetooth]# pair 40:98:4E:90:56:E3
Attempting to pair with 40:98:4E:90:56:E3
Failed to pair: org.bluez.Error.AlreadyExists
[bluetooth]# trust 40:98:4E:90:56:E3
[CHG] Device 40:98:4E:90:56:E3 Trusted: yes
Changing 40:98:4E:90:56:E3 trust succeeded
[bluetooth]# connect 40:98:4E:90:56:E3
Attempting to connect to 40:98:4E:90:56:E3
[CHG] Device 40:98:4E:90:56:E3 Connected: yes
Connection successful
[CHG] Device 40:98:4E:90:56:E3 ServicesResolved: yes

On my new stretch I also do not see an option to use the audio services on
the phone and in jessie I can in fact connect and use them.

So I found this here
https://unix.stackexchange.com/questions/258074/error-when-trying-to-connect-to-bluetooth-speaker-org-bluez-error-failed

But when I try $ pactl load-module module-bluetooth-discover
Failure: Module initialization failed

is it loaded or fails loading?

pulseaudio -k
pulseaudio --start
pactl load-module module-bluetooth-discover
20
pactl load-module module-bluetooth-discover
Failure: Module initialization failed

So it looks it was loaded anyway.

Now I open the blueman-applet and run bluetooth devices. There I select
audio source and it works. Unfortunately I do not have a BT headphones to
test with

I hope you get there as well

regards

Re: When did Debian decide to enable PIE by default?

[Pascal Hambourg]

Le 09/08/2017 à 17:05, Dan Ritter a écrit :

On Wed, Aug 09, 2017 at 10:48:24AM -0400, Gene Heskett wrote:


Interesting Thomas, but what the heck is PIE?


It is explained in the link posted by Thomas.


It's a security measure.


No, PIE is not a security measure per se. It just allows to map an run 
the executable code anywhere in the address space instead of at a fixed 
location, which is useful for shared libraries for example. This feature 
is also used by Address Space Layout Randomization, which is a security 
measure.

Re: Thunderbird 52.2.1 and Enigmail

[D. R. Evans]

D. R. Evans wrote on 08/07/2017 10:45 AM:
> Daniel Bareiro wrote on 08/07/2017 09:36 AM:
> 
>>>
>>> BUT enigmail won't run because it seems that the current update requires a
>>> version of gnupg that is more recent than the official version that is part 
>>> of
>>> the repositories :-(
>>
>> I don't remember having this issue. I think I just did "aptitude install
>> enigmail" and it installed only that package. So I assume that the
>> dependencies would already be satisfied with the other packages I had
>> installed.
>>
>> root@orion:~# aptitude show gnupg | grep Versión
>> Versión: 1.4.18-7+deb8u3
>>
> 
> Very strange. That's the same version I have installed, but after the official
> update of thunderbird and enigmail this morning, enigmail immediately
> complained on start-up that it needed a later version of gnupg. Idiotically, I
> didn't write down the number, but I think it was 1.5.something.
> 

OK, I just went through the process again. I brought jessie completely up to
date, including the thunderbird and enigmail apps, then tried to run 
thunderbird.

At that point, enigmail pops up a box that says that it requires gnupg 2.0.7
or newer (which is obviously later than the 1.4.18 offered by the official
repository). See image at:
  https://www.dropbox.com/s/6s3z6jy5ns3z9qd/gnupg1.png?dl=0

I then downgraded using the same sequence as before, which is how I am able to
send this e-mail.

  Doc

-- 
Web:  http://enginehousebooks.com/drevans



signature.asc
Description: OpenPGP digital signature

Re: disable orange progress running apt

[Greg Wooledge]

On Wed, Aug 09, 2017 at 06:12:31PM +0100, Brian wrote:
> On Tue 08 Aug 2017 at 14:05:10 -0400, Felix Miata wrote:
> > >From what documentation did Curt and you determine Apt::Color was the 
> > >solution?
> > Google turns up "Apt::Color "false";" or "Apt::Color 0" nowhere except in 
> > this
> > thread's archive.
> 
> For me - configure-index.gz.

It's not there in stretch.

wooledg:~$ cat /etc/debian_version 
9.1
wooledg:~$ zgrep -i color /usr/share/doc/apt/examples/configure-index.gz 
apt::moo::color "";
apt::color::highlight "";
apt::color::neutral "";

Re: disable orange progress running apt

[Brian]

On Tue 08 Aug 2017 at 14:05:10 -0400, Felix Miata wrote:

> Brian composed on 2017-08-08 13:49 (UTC+0100):
> 
> > Apologies. I missed off a ";" when translating the changelog entry to
> > be used in your 99mono file. Also Progress-Fancy turns out to be not
> > what you want.
> 
> > "-o Apt::Color=0" works for me not to see the orange colour in stable
> > and unstable. In a file it works on stable but not on unstable. There
> > seems to be a bug here.
> 
> Success in Stretch using
> 
>   Apt::Color "false";
> 
> :-D
> 
> >From what documentation did Curt and you determine Apt::Color was the 
> >solution?
> Google turns up "Apt::Color "false";" or "Apt::Color 0" nowhere except in this
> thread's archive.

For me - configure-index.gz.

-- 
Brian.

Re: Why debian put ~/bin beginning of $PATH

[David Wright]

On Wed 09 Aug 2017 at 18:04:56 (+0200), Gian Uberto Lauri wrote:

> Having ~/bin before /bin and /usr/bin (and /usr/local/bin) is of no
> harm at all if your account is safe enough.
> 
> If and only if someone can log on with your account, she can put a
> malicious copy/wrapper of a system command (ls to name one) in your
> bin and you could trigger it thinking to use the system version.
> 
> What *is* dangerous is having . before system directories, especially
> on multi-user machines.
> 
> In this scenario, user A, who has . in the path before /bin, goes in a
> directory of user B and does an 'ls'.
> 
> That directory contains an executable called ls that is smart enough
> to hide itself. But bastard enough to do something nasty, a Trojan
> horse. And user A just brought it within the walls...

While putting . _anywhere_ in PATH would be stupid, there is a more
insidious trap for the unaware, namely mistaking : for a delimiter
instead of a separator.

An extra colon (anywhere) will yield a null entry.

A null entry in PATH is treated as the current directory.

Examples:   foo:bar:   foo::bar   :foo:bar   and obviously   :foo:bar:

Cheers,
David.

Re: When did Debian decide to enable PIE by default?

[Thomas Schmitt]

Hi,

Gene Heskett wrote:
> > what the heck is PIE?

Dan Ritter and others wrote:
> https://en.wikipedia.org/wiki/Position-independent_code

It seems to have caused only moderate trouble.
Insofar it did not cause such a spectacular echo as other novelties and
strategic decisions.


慕 冬亮  wrote:
> why does Debian enable PIE by default, other 
> than stack protector and FORTIFY_SOURCE that are already enabled by 
> default in the Ubuntu distribution?

All i know is what i learned during research for the question a few days
ago, why Debian 9 was slower than Debian 8:
  https://lists.debian.org/debian-user/2017/08/msg00051.html
(It would be nice to learn if any new insight came to Alexandru Iancu.)

If there remain particular technical questions after following all links
and some sub-links of
  https://wiki.debian.org/Hardening/PIEByDefaultTransition
i would possibly ask on debian-devel mailing list, whether there is more
info available about the motivation and constraints of Debian's decision.


Have a nice day :)

Thomas

Re: Lenovo Ideapad 110 algún truco?

[AlexLikeRock]

Sólo para documentación y por si alguna vez se encontrara una salida 
instalé la imagen iso desde este repositorio unofficial escogiendo la 
que viene con kde.
Al hacerlo terminó la instalación y al probarlo instalado se cuelga y 
no funciona en lo absoluto. Inicialmente podría decir que debian no es 
compatible con lenovo ideapad 110. Si alguien ha tenido tiempo de 
hacer otras pruebas y puede indicar lo contrario estaré feliz de saberlo.




en caso de "CUEGUES"  no uses  escritorios pesados que exigen mucho  
rendimiento de GRAFICOS y PROCESADOR , como GNOME3  y KDE.

trata de instalar escritorios alternativos , como;
OPENBOX   (latamente recomendado para estas situaciones)
MATE  (ligero y completo  ,   )
TWM
FLUXBOX
etc etc

inclusive , puedes instalar  DEBIAN  sin escritorio,
asi te daras  cuenta  que  LA DISTRIBUCION  DEBIAN  SI FUNCIONA, lo que 
no funciona son los escritorios como la mayoria de veces :-P


e ir instalando escritorio , uno  por uno para que vayas biendo el 
comportamiento de cada uno,
por cierto  , puedes tener instalados  todos los escritorios al mismo 
tiempo, y alternarlos , cuando inicies secion, cosa que windows no 
puedes hacer ;-)


De momento mantengo el laptop con linux mint 18.2 y funciona de las 
mil maravillas.


si no quieres profundisar en la configuracion, me parece buena idea que 
te quedes en otra  distro que no tengas problemas,

 ya que te cientas con animos  puedes regresar a debian ;-)

saludos amigo

Re: LibreOffice - middle click paste does not work.

[Kamil Jońca]

kjo...@poczta.onet.pl (Kamil Jońca) writes:

>
> it was upgrade frrom 5.3.5~rc1 to 5.4.0-1
>
>
>> Can you give a repeatable sequence of steps that others can also try to
>> reproduce what you're seeing?
> 1. Open Writer or Calc window 
> 2. Open emacs or xterm  window,  write some random text.
> 3.Select this text (but DON'T use Ctrl-Insert or sth)
> 4. change focus to Calc or Writer window
> 5. push middle mouse button
> So far this makes paste selected text into Calc window.
>

After downgrading to 1:5.2.7-1 middle click work as expected.


> KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Philadelphia is not dull -- it just seems so because it is next to
exciting Camden, New Jersey.

Re: Why debian put ~/bin beginning of $PATH

[Gian Uberto Lauri]

> "慕冬" == 慕 冬亮  writes:

慕冬> User's command is usually stored in "/usr/local/bin". It should
慕冬> be placed before "/bin" in the $PATH.

/usr/local is a directory hierarchy for binaries typical of the local
installation and being, by default, owned by root, it is not a
directory for user commands.

Having ~/bin before /bin and /usr/bin (and /usr/local/bin) is of no
harm at all if your account is safe enough.

If and only if someone can log on with your account, she can put a
malicious copy/wrapper of a system command (ls to name one) in your
bin and you could trigger it thinking to use the system version.

What *is* dangerous is having . before system directories, especially
on multi-user machines.

In this scenario, user A, who has . in the path before /bin, goes in a
directory of user B and does an 'ls'.

That directory contains an executable called ls that is smart enough
to hide itself. But bastard enough to do something nasty, a Trojan
horse. And user A just brought it within the walls...

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO

Re: Acesso remoto com interface gráfica

[Rodolfo]

Eu usava o remmina, achei prático.

Em 9 de agosto de 2017 11:42, Wiliam Freitas 
escreveu:

> Com TeamViewer vc consegue acessar seu server como se fosse um desktop
> remoto, mas usar interface em um server pode criar brechas de segurança.
>
> O ideal seria usar apenas o CLI no seu server e acessá-lo via SSH. Nesse
> caso, na hora do acesso, usando os parâmetros '-XY', talvez consiga fazer o
> que precisa (dispensando interface):
>
> -X: Enables X11 forwarding.  This can also be specified on a per-host
> basis in a configuration file.
>
> -Y: Enables trusted X11 forwarding.  Trusted X11 forwardings are not
> subjected to the X11 SECURITY extension controls.
>
> Abraços.
>
> Wiliam Freitas (@wili4m), http://blogporta80.com.br
>
> On 08/09/2017 12:29 PM, Leandro Guimarães Faria Corcete DUTRA wrote:
>
>> Le lundi 07 août 2017 à 22:27 -0300, Leonardo S. S. da Rocha a écrit :
>>
>>> Qual é a recomendação ? No Debian seria o vinagre? Caso eu tenha que
>>> configurar o acesso a outra pessoa que usa windows ele integraria com
>>> Putty por exemplo?
>>>
>> O Putty, se não me falha a memória, te dará apenas acesso SSH.  Para o
>> gráfico, precisarás do equivalente do Vino: ou um servidor X11 para MS
>> Windows, ou um cliente VNC, ou algum outro equivalente que não me
>> ocorre no momento.
>>
>>
>> -- skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra +55
>> (61) 3546 7191  gTalk: xmpp:leand...@jabber.org +55 (61)
>> 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL GMT−3
>> MSN: msnim:chat?contact=lean...@dutra.fastmail.fm
>>
>>
>

Re: Acesso remoto com interface gráfica

[Leandro Guimarães Faria Corcete DUTRA]

Le mercredi 09 août 2017 à 12:42 -0300, Wiliam Freitas a écrit :
> Com TeamViewer vc consegue acessar seu server

Proprietaríssimo.  Fuja.  Há muitas alternativas livres, gráficas ou
não, como já disse em mensagem anterior.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Why debian put ~/bin beginning of $PATH

[慕 冬亮]

On 08/08/2017 04:56 PM, spp mg wrote:
> 2017-08-09 4:04 GMT+08:00 Michael Lange :
>> Hi,
>>
>> On Wed, 9 Aug 2017 03:11:48 +0800
>> spp mg  wrote:
>>
>>> Hi all
>>>
>>> In the ~/.profile has below default setting:
>>>
>>> --
>>> # set PATH so it includes user's private bin if it exists
>>> if [ -d "$HOME/bin" ] ; then
>>>  PATH="$HOME/bin:$PATH"
>>> fi
>>> --
>>>
>>> Why put ~/bin beginning ? Is that dangerous ?
>> like other people already pointed out there shouldn't be anything
>> dangerous about this.
>> One possible use case is for example that you could put there a
>> minimal script that temporarily overrides some environment variable, like
>> one I have here which reads:
>>
>> #!/bin/bash
>> GTK_IM_MODULE=gtk /usr/bin/poedit $@
>> exit $?
>>
>> This way I can conveniently call "poedit " with the desired
>> setting of GTK_IM_MODULE without either having to type the whole thing
>> each time or else having to permanently change GTK_IM_MODULE's setting
>> (the default value of which I modified for other reasons).
>>
>> Best regards
>>
>> Michael
>>
>> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.
>>
>> Fascinating, a totally parochial attitude.
>>  -- Spock, "Metamorphosis", stardate 3219.8
>>
> Thinks to reply (very fast :D)
>
> I think it's may dangerous because generally system command should be
> highter older then user's command.
User's command is usually stored in "/usr/local/bin". It should be 
placed before "/bin" in the $PATH.

And it does in my Debian Stretch.

echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

> For example , some guy put a "rm" but named "ls" to ~/bin . This "ls"
> can be virus or ransomware , user may not know it's not which he
> want("ls").
If someone replace "ls" with "rm", you cannot prevent this by trying to 
put "/bin" at the end of $PATH.

$PATH is used to search executable file. At the head of $PATH is with 
high priority.

If there are two "ls" in different places(one /bin, one /usr/bin) of 
$PATH. It causes different effects(which ls will be executed) whether or 
not you put "/bin" at the end of $PATH
> So I think put ~/bin to tail of $PATH has better security for normal user.
>
> For me, I will avoid use same name with exist command, and for user
> who want use same name , I believe he know or will learn how to modify
> $PATH.
>
>
> I mean , put ~/bin in tail of $PATH will batter for default setting,
> so does developer has another reason to put to beginning ?
>

-- 

---
My best regards to you.

  No System Is Safe!
  Dongliang Mu

Re: Acesso remoto com interface gráfica

[Wiliam Freitas]

Com TeamViewer vc consegue acessar seu server como se fosse um desktop 
remoto, mas usar interface em um server pode criar brechas de segurança.


O ideal seria usar apenas o CLI no seu server e acessá-lo via SSH. Nesse 
caso, na hora do acesso, usando os parâmetros '-XY', talvez consiga 
fazer o que precisa (dispensando interface):


-X: Enables X11 forwarding.  This can also be specified on a per-host 
basis in a configuration file.


-Y: Enables trusted X11 forwarding.  Trusted X11 forwardings are not 
subjected to the X11 SECURITY extension controls.


Abraços.

Wiliam Freitas (@wili4m), http://blogporta80.com.br

On 08/09/2017 12:29 PM, Leandro Guimarães Faria Corcete DUTRA wrote:

Le lundi 07 août 2017 à 22:27 -0300, Leonardo S. S. da Rocha a écrit :

Qual é a recomendação ? No Debian seria o vinagre? Caso eu tenha que
configurar o acesso a outra pessoa que usa windows ele integraria com
Putty por exemplo?

O Putty, se não me falha a memória, te dará apenas acesso SSH.  Para o
gráfico, precisarás do equivalente do Vino: ou um servidor X11 para MS
Windows, ou um cliente VNC, ou algum outro equivalente que não me
ocorre no momento.


-- skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra +55 
(61) 3546 7191  gTalk: xmpp:leand...@jabber.org +55 (61) 
9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL 
GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Acesso remoto com interface gráfica

[Leandro Guimarães Faria Corcete DUTRA]

Le lundi 07 août 2017 à 22:27 -0300, Leonardo S. S. da Rocha a écrit :
> 
> Qual é a recomendação ? No Debian seria o vinagre? Caso eu tenha que
> configurar o acesso a outra pessoa que usa windows ele integraria com
> Putty por exemplo?

O Putty, se não me falha a memória, te dará apenas acesso SSH.  Para o
gráfico, precisarás do equivalente do Vino: ou um servidor X11 para MS
Windows, ou um cliente VNC, ou algum outro equivalente que não me
ocorre no momento.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: When did Debian decide to enable PIE by default?

[Tony van der Hoff]

On 09/08/17 15:48, Gene Heskett wrote:
> Interesting Thomas, but what the heck is PIE?  I know about PAE, but PIE?  
> Whats it do?  Searching the above wiki returned only this thread.
>
> Thanks, you too.
>> Have a nice day :)
>>
>> Thomas
>
> Cheers, Gene Heskett

Position-independent executable:

https://en.wikipedia.org/wiki/Position-independent_code

Re: When did Debian decide to enable PIE by default?

[Dan Ritter]

On Wed, Aug 09, 2017 at 10:48:24AM -0400, Gene Heskett wrote:
> On Wednesday 09 August 2017 10:31:48 Thomas Schmitt wrote:
> 
> > Hi,
> >
> > 慕 冬亮  wrote:
> > > When does Debian Team, or Security Team decide to enable PIE by
> > > default?
> >
> > I guess it was one year ago. At least that's the dates one can see on
> >   https://wiki.debian.org/Hardening/PIEByDefaultTransition
> >
> Interesting Thomas, but what the heck is PIE?  I know about PAE, but PIE?  
> Whats it do?  Searching the above wiki returned only this thread.
> 

https://en.wikipedia.org/wiki/Position-independent_code

It's a security measure.

-dsr-

Re: When did Debian decide to enable PIE by default?

[Gene Heskett]

On Wednesday 09 August 2017 10:31:48 Thomas Schmitt wrote:

> Hi,
>
> 慕 冬亮  wrote:
> > When does Debian Team, or Security Team decide to enable PIE by
> > default?
>
> I guess it was one year ago. At least that's the dates one can see on
>   https://wiki.debian.org/Hardening/PIEByDefaultTransition
>
Interesting Thomas, but what the heck is PIE?  I know about PAE, but PIE?  
Whats it do?  Searching the above wiki returned only this thread.

Thanks, you too.
>
> Have a nice day :)
>
> Thomas


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: When did Debian decide to enable PIE by default?

[Thomas Schmitt]

Hi,

慕 冬亮  wrote:
> When does Debian Team, or Security Team decide to enable PIE by default?

I guess it was one year ago. At least that's the dates one can see on
  https://wiki.debian.org/Hardening/PIEByDefaultTransition


Have a nice day :)

Thomas

Re: no non-free firmware on lapton, no Ethernet, related?

[Dejan Jocic]

On 09-08-17, Emanuel Berg wrote:
> I installed a 32-bit Debian on an HP laptop the
> other day, and during installation it said
> non-free components were not installed as not
> on the disc, for political reasons I suppose,
> and then the network couldn't be set up
> correctly despite the cable in place.
> 
> When done, I couldn't get Internet to work
> despite doing as superuser 'dhclient eth0'
> which is all it takes on my other Debian, which
> I also installed from a DVD.
> 
> So I wonder, are the Ethernet problems related
> to the missing firmware?
> 
> And if not, what seems to be the problem?
> 
> TIA
> 
> -- 
> underground experts united
> http://user.it.uu.se/~embe8573
> 

Well, you should have write down what was missing during installation,
those messages you get for reason. Also, when you have firmware and you
get note that it is missing, it is best to abort installation and
download needed firmware and put in USB you can insert during
installation. Or, to use one of the "unnofficial" images with firmware
on it:

https://cdimage.debian.org/cdimage/unofficial/non-free/

That said, now first step would be to check your network cards and what
drivers are in use. As regular user do:

lspci -v | grep -A10 -i net

If you type that as root change A10 to A15.

no non-free firmware on lapton, no Ethernet, related?

[Emanuel Berg]

I installed a 32-bit Debian on an HP laptop the
other day, and during installation it said
non-free components were not installed as not
on the disc, for political reasons I suppose,
and then the network couldn't be set up
correctly despite the cable in place.

When done, I couldn't get Internet to work
despite doing as superuser 'dhclient eth0'
which is all it takes on my other Debian, which
I also installed from a DVD.

So I wonder, are the Ethernet problems related
to the missing firmware?

And if not, what seems to be the problem?

TIA

-- 
underground experts united
http://user.it.uu.se/~embe8573

When did Debian decide to enable PIE by default?

[慕 冬亮]

Hello all,

I upgraded to Stretch several days ago. When I traced the instruction or 
debuged program,
I found the program compiled by default is enabled PIE. When does Debian Team, 
or
  Security Team decide to enable PIE by default?

  ---
My best regards to you.

  No System Is Safe!
  Dongliang Mu

Re: ipv6 - nom de domaine sur site mutualisé inaccessible - comment contourner avec linux unbound - google dns - opendns - configuration

[G2PC]

Le 09/08/2017 à 10:17, Pierre L. a écrit :
> Humm, je n'ai pas suivi tout le fil... peut-être la question a-t-elle
> déjà été posée...
>
> Un autre ordi branché sur ton même réseau LAN de chez toi fait-il
> exactement la même chose ?
> Ton éventuel smartphone ou autre tablette... un NAS où tu aurais une
> console pour faire un traceroute ?
>
> Sinon étant chez un fournisseur concurrent, mon traceroute vers cette IP
> me répond correctement aussi.
>
>
>
> Le 08/08/2017 à 12:11, G2PC a écrit :
>> Ce qui ne m'étonne pas, une idée pour démontrer ce filtrage volontaire
>> de mes données ?
>
Oui, mes 3 pc + téléphone n'ont pas accès.

C'est pour cela que je pense à un filtrage volontaire.

Re: ipv6 - nom de domaine sur site mutualisé inaccessible - comment contourner avec linux unbound - google dns - opendns - configuration

[G2PC]

Le 09/08/2017 à 07:43, Pascal Hambourg a écrit :
> Le 08/08/2017 à 12:11, G2PC a écrit :
>>
>> Le 07/08/2017 à 23:49, Pascal Hambourg a écrit :
>>>
>>> Apparemment il n'y a pas de problème de connectivité entre Orange et
>>> l'hébergeur. Donc a priori soit il y a un blocage au niveau du
>>> réseau/box de G2PC, soit il y a un filtrage spécifique de son adresse
>>> IP publique quelque part en chemin.
>>
>> Ce qui ne m'étonne pas, une idée pour démontrer ce filtrage volontaire
>> de mes données ?
>
> As-tu redémarré ta box pour éliminer un dysfonctionnement transitoire
> ? D'autre part, cela te fera peut-être changer d'adresse IP publique.
>
> As-tu contacté le support de l'hébergeur en lui exposant la situation
> avec les différents résultats de traceroute ?
>
Oui, j'ai redémarré la box.

Non, je n'ai pas contacté l'hébergeur, je n'ai pas les codes
identifiants, et, le dialogue familial est rompu, je ne peux pas
travailler normalement.

Re: Why debian put ~/bin beginning of $PATH

[Greg Wooledge]

On Tue, Aug 08, 2017 at 10:04:32PM +0200, Michael Lange wrote:
> #!/bin/bash
> GTK_IM_MODULE=gtk /usr/bin/poedit $@
> exit $?

Should be:

#!/bin/bash
GTK_IM_MODULE=gtk exec /usr/bin/poedit "$@"

You could also use #!/bin/sh, since this doesn't use any bash extensions.

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[Thierry Bugier Pineau]

Le mercredi 09 août 2017 à 12:39 +0200, Randy11 a écrit :
> P.S. : Il semble que je n'arrive plus à poster sur cette liste, merci
> de 
> me faire
> savoir si vous avez déjà reçu ce message.

Bonjour

Oui, les messages sont bien arrivés, j'ai d'ailleurs partagé :)

Re: Help with USB audio card

[Curt]

On 2017-08-09, Rodolfo Medina  wrote:
> Curt  writes:
>
>> On 2017-08-09, Rodolfo Medina  wrote:
>>>
>>> I had done so...  no output.
>>
>> Have you tried opening up pavucontrol and selecting your usb audio
>> gadget as input device?
>
>
> It is regularly listed within pavucontrol among all input devices...

That's good and encouraging news. Wasn't the question I asked,
but you can't have everything.

My little mixer widget has a slider to adjust the input volume on the selected
device, as well as a gauge indicating the input level.

Testing, one, two, three.

>
> Rodolfo
>
>


-- 
“Certitude is not the test of certainty.”
--Oliver Wendell Holmes, Jr.

Re: How to change default umask in Stretch?

[Garrett R.]

Found this. Reuben Thomas reported this earlier in the year. Lot of guys 
tracked down PIDs.

https://bugzilla.gnome.org/show_bug.cgi?id=780622


- Original Message -
From: "Reco" 
To: debian-user@lists.debian.org
Sent: Tuesday, August 8, 2017 6:27:02 AM
Subject: Re: How to change default umask in Stretch?

Or find gnome-session (or gnome-shell - I don't recall who exactly
spawns user applications in GNOME) process pid, execute something like
this on login:

gdb -p $(pidof gnome-session) -ex 'p umask(0077)' --batch

On Mon, Aug 07, 2017 at 03:47:48PM -0500, David Wright wrote:
> On Mon 07 Aug 2017 at 20:00:10 (+), Garrett R. wrote:
> > Does anybody know, this gnome/systemd bug of umask, it this something that 
> > I will have to wait for Debian 10 before it is fixed? Or will Debian 9 
> > implement a fix when/if gnome/systemd issues a fix?
> > 
> > I was hoping to be able to move to Stretch, but it's looking unlikely now.
> 
> My suggestion is simple, but would be tedious to implement. I use it
> to run a program as a different user, overriding their default umask.
> 
> /home/other/bin/my-program.sh contains
> 
> #!/bin/bash
> umask u=rwx,go=
> /usr/bin/real-program "$@"
> 
> But it's tedious to have to replace real-program by 
> /home/other/bin/my-program.sh
> in all the places it/they might get called from. I only have to do
> this once (in .bashrc) because I'm a bash/xterm/fvwm guy using
> bash functions.

Or find gnome-session (or gnome-shell - I don't recall who exactly
spawns user applications in GNOME) process pid, execute something like
this on login:

gdb -p $(pidof gnome-session) -ex 'p umask(0077)' --batch

You'll need gdb to be installed, of course.

Reco

Re: Sudden death of bluetooth headphone connectivity

[Mark Fletcher]

On Sat, Aug 05, 2017 at 05:27:49PM +0200, deloptes wrote:
> 
> Can you try bluetoothctl and see if it connects properly.
> you can also post the output of "info "
> 

bluetoothctl
[NEW] Controller 00:1B:DC:04:DB:FA kazuki [default]
[NEW] Device 8C:8E:F2:C2:BD:93 iPhone
[NEW] Device 00:09:A7:09:BE:22 BeoPlay H8
[NEW] Device F0:CB:A1:89:68:61 Mark's Phone
[NEW] Device 4C:A5:6D:7E:0E:FC Mark's tablet
[NEW] Device A0:E9:DB:09:A0:2D Anker SoundCore
[bluetooth]# connect 00:09:A7:09:BE:22
Attempting to connect to 00:09:A7:09:BE:22
Failed to connect: org.bluez.Error.Failed
[bluetooth]# info 00:09:A7:09:BE:22
Device 00:09:A7:09:BE:22
Name: BeoPlay H8
Alias: BeoPlay H8
Class: 0x240418
Icon: audio-card
Paired: yes
Trusted: yes
Blocked: no
Connected: no
LegacyPairing: no
UUID: Headset   (1108--1000-8000-00805f9b34fb)
UUID: Audio Sink(110b--1000-8000-00805f9b34fb)
UUID: A/V Remote Control Target (110c--1000-8000-00805f9b34fb)
UUID: A/V Remote Control(110e--1000-8000-00805f9b34fb)
UUID: Handsfree (111e--1000-8000-00805f9b34fb)
UUID: PnP Information   (1200--1000-8000-00805f9b34fb)
Modalias: bluetooth:v0103p4000d0802
[bluetooth]# 

That's what I get when I try to connect -- a less than helpful error 
message. The same error message as quoted before appeared in the systemd 
journal when I make the connection attempt.

And the output of info  is quoted above as well. I am wondering if 
among the UUIDs listed should be a2dp-sink, and since we are not getting 
it it is getting booted. But as we know from the journal entry, 
a2dp-sink protocol is "not available" -- and I think that remains the 
issue to fix to get this working.

Overall I am inclined to think something is misconfigured / broken / 
missing in the _computer_'s bluetooth setup, not the headphones -- as 
the headphones work fine with other devices eg my iPhone, and for anyone 
coming late into the conversation they also worked with this computer 
too until about 2 weeks ago now.

Mark

Re: Laser Printer recommendation...

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Aug 09, 2017 at 07:13:03AM -0400, Jape Person wrote:

> [...] Ah, ASCII art pinups put up by a "naughty" SYSOP printed
> out on tractor feed! Those were the days!

Oh, yeah. And lawn, and that :-)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmK/qMACgkQBcgs9XrR2kbgAwCfcFVvEDti0lyqWfB5FyE5QC1F
PLsAoICl1uOBZUa5pp2Pa+h4y62KrDDT
=/7qv
-END PGP SIGNATURE-

Re: How to change default umask in Stretch?

[Greg Wooledge]

On Tue, Aug 08, 2017 at 01:27:02PM +0300, Reco wrote:
> Or find gnome-session (or gnome-shell - I don't recall who exactly
> spawns user applications in GNOME) process pid, execute something like
> this on login:
> 
> gdb -p $(pidof gnome-session) -ex 'p umask(0077)' --batch
> 
> You'll need gdb to be installed, of course.

It's beginning to sound like GNOME applications aren't even launched
by GNOME at all, but rather by systemd/dbus.  Somehow.

I'd be interested in hearing the results of your gdb experiment being
performed on the user session dbus daemon process, by someone using
GNOME.  I have no idea whether it would actually work, but if it does,
that would help us understand how this... desktop... is put together.

Re: Help with USB audio card

[Rodolfo Medina]

Curt  writes:

> On 2017-08-09, Rodolfo Medina  wrote:
>>
>> I had done so...  no output.
>
> Have you tried opening up pavucontrol and selecting your usb audio
> gadget as input device?


It is regularly listed within pavucontrol among all input devices...

Thanks,

Rodolfo

Re: Laser Printer recommendation...

[Jape Person]

On 08/09/2017 04:29 AM, to...@tuxteam.de wrote:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1

On Tue, Aug 08, 2017 at 01:01:30PM -0500, Doug wrote:

[...]

It always amazes me that people who get a driver made specifically 
for a device [...]


Thanks, Brian and Jape. You've put it more eloquently than I could
:)

Let me add that to a fish, that yummy bait up there seems free too: 
the little app, the Android OS coming with your smartphone, the

shiny Chrome browser...

The bait is free. Then you get caught in the 'net.

Those old enough among us will remember Microsoft's failed attempt at
reigning in the Internet which somehow, by sheer luck, seemed to have
escaped their grip: "Best viewed with IE6", wit ActiveX and all
that.

We are there again. Best viewed with Chrome.

Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG
v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmKx+MACgkQBcgs9XrR2kYh2ACfSUICRKQBUxkLWs0UtEwJt/5f 
4/cAn1hp75JqnstWp9hpEjy3r4eDIFqR =xZ6z -END PGP SIGNATURE-





Best viewed with...

One of my favorite online experiences over time has been the sites that 
announce that they won't work without Internet Explorer or Firefox or 
whatever, and they don't. And then you have your browser *tell* them 
that it's Internet Explorer or Firefox or whatever, and suddenly 
everything works.


And then there's Flash. Web sites that insist that you use the "latest 
Flash" for security reasons are a laugh riot. If they gave a goat's 
carcass about security they wouldn't be using Flash in the first place. 
I'm still doing my happy dance over Adobe's announcement that they are 
ending support for that abomination.


Life was so much fun with BBS and FidoNet and my 110 baud modem. That 
thing was bigger than all of my current computing equipment combined, 
and it ran hot enough to supplement our heating system in the winter. 
Ah, ASCII art pinups put up by a "naughty" SYSOP printed out on tractor 
feed! Those were the days!


JP

Re: Connexion console KVM devenue impossible : résolue mais...

[andre_debian]

On Monday 07 August 2017 23:19:00 andre_deb...@numericable.fr wrote:
> Sans doute depuis un upgrade de jessie,
> je ne peux plus me connecter à la console KVM
> de mon serveur chez Online.
> Je reçois ce message :
> "une appli non signée demande un accès illimité au système.
> La ressource est signée avec un algorithme de signature RSA
> faible et est traitée comme non signée"
> Voir la copie écran jointe.
> La console se lance avec l'application "javaws",
> suivie du nom du fichier.jnlp téléchargé avant.
> Comment se fait-il que maintenant Java exige un certificat ?

Résolu mais, en installant Java version 6 (la dernière étant la 8).

Depuis la version 7, Java a durcit les connexions à certificat.

Ça devient la dictature :-)

André

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[Randy11]

On 18/07/2017 13:23, andre_deb...@numericable.fr wrote:

Que pensez vous de cet article ?

selon la société WatchGuard qui a tout intérêt à vendre ses antivirus... :

http://www.infodsi.com/articles/169919/cyber-menaces-basculent-vers-linux-serveurs-web.html?key=6433cdc950c99165

Les dernières cyberattaques étaient dûes à des virus venant et pour
MS-Windows, maintenant on met GNU/Linux en cause.

L'article ne cite acune source d'attaques précises sur Linux, alors...

André



Bonjour,

Cas plus sérieux :
- 
https://security.web.cern.ch/security/advisories/busywinman/BusyWinman.shtml
- 
https://www.securityartwork.es/2017/07/21/linux-bew-backdoor-minado-bitcoin/


Personnellement, j'utilise Firefox et NoScript. NoScript est configurer 
pour tout
bloquer. Je vais aussi installer ClamAV et le faire tourner de temps en 
temps.


Pour le partage des ressources entre Windows et Linux, cela a coûté un 
week-end
à des admins Linux à cause des fichiers infectés sous Windows utilisés 
sous Linux,

les filesytems étaient partagé.

Bonne journée.

Randy11

P.S. : Il semble que je n'arrive plus à poster sur cette liste, merci de 
me faire

savoir si vous avez déjà reçu ce message.

screenlock lock trops bien - stretch-

[Gabriel Santonja]

Bonjour,
Je viens de migrer sur stretch a partir de jessie.
Je tourne sur LXDE et quand je locke le pc avec  screenlock impossible de
sortir de l'ecran noir
le seul moyen de revenir sur la session est de repasser sur tty1 (ctrl -
alt - f1) qui est maintenant l ecran de login gdm3.

Auriez vous une idée je seche ...
Merci

Re: formater un texte avec un retour à la ligne

[bernard . schoenacker]

- Mail original -
> De: "Alexandre Hoïde" 
> À: debian-user-french@lists.debian.org
> Envoyé: Mercredi 9 Août 2017 10:44:53
> Objet: Re: formater un texte avec un retour à la ligne
> 
> On Wed, Aug 09, 2017 at 03:59:17AM +0200, Francois Lafont wrote:
> > Bonjour,
> > 
> > On 08/09/2017 03:41 AM, bernard.schoenac...@free.fr wrote:
> > 
> > > je recherche la commande qui me permet de faire un
> > > retour à la ligne sur un texte écrit trop large, et
> > > qui permet le retour après 72 caractères ...
> > > 
> > > elle est dans les manpages
> > Je pense que c'est la commande "fold" que tu cherches.
> > Soit dit en passant, je ne connaissais pas cette commande
> > mais on la trouve immédiatement en tapant les bons mots
> > clés (en anglais) dans son moteur de recherche préféré,
> > comme par exemple "linux wrap text". ;)
> 
>   Pas sûr de comprendre « elle est dans les manpages » mais, en plus
>   de
> « fold » proposé par François, il existe aussi « $ apt show par ».
> Plus
> sophistiqué que fold; permet également la justification; d'avantage
> de
> lecture de doc pour bien le comprendre.
> 
>  \o/
>  Alexandre
> 
> --
>  ___
> | $ post_tenebras ↲ | waouh!
> | GNU\ /|\
> |  -- * --  | o
> | $ who ↲/ \|_-- ~_|
> | Alexandre Hoïde   |  _/| |
>  ---
> 
> 
bonjour,

en consultant la page de "par" ( apt show par ) j'ai retrouvé
fmt ...

https://en.wikipedia.org/wiki/Fmt_(Unix)
https://linux.die.net/man/1/fmt

merci, maintenant j'ai 3 solutions ...

slt
bernard

Re: Help with USB audio card

[Curt]

On 2017-08-09, Rodolfo Medina  wrote:
>
> I had done so...  no output.

Have you tried opening up pavucontrol and selecting your usb audio
gadget as input device?

> Thanks
> Rodolfo
>
>


-- 
“Certitude is not the test of certainty.”
--Oliver Wendell Holmes, Jr.

Re: formater un texte avec un retour à la ligne

[Alexandre Hoïde]

On Wed, Aug 09, 2017 at 03:59:17AM +0200, Francois Lafont wrote:
> Bonjour,
> 
> On 08/09/2017 03:41 AM, bernard.schoenac...@free.fr wrote:
> 
> > je recherche la commande qui me permet de faire un 
> > retour à la ligne sur un texte écrit trop large, et
> > qui permet le retour après 72 caractères ...
> > 
> > elle est dans les manpages  
> Je pense que c'est la commande "fold" que tu cherches.
> Soit dit en passant, je ne connaissais pas cette commande
> mais on la trouve immédiatement en tapant les bons mots
> clés (en anglais) dans son moteur de recherche préféré,
> comme par exemple "linux wrap text". ;)

  Pas sûr de comprendre « elle est dans les manpages » mais, en plus de
« fold » proposé par François, il existe aussi « $ apt show par ». Plus
sophistiqué que fold; permet également la justification; d'avantage de
lecture de doc pour bien le comprendre.

 \o/
 Alexandre

-- 
 ___
| $ post_tenebras ↲ | waouh!
| GNU\ /|\
|  -- * --  | o
| $ who ↲/ \|_-- ~_|
| Alexandre Hoïde   |  _/| |
 ---

Re: Jeg skulle aldrig have opdateret til Stretch ...

[Flem]

Nåh, ja-ja. Usbstick-problemet løstes ved at installere pmount, og
problemet med ikke at kunne åbne links fra thunderbird i firefox løstes
ved afstallere thunderbird og installere det igen.

Så det eneste seriøse problem der er tilbage, er kde. Jeg kan ikke
engang få dolphin til at køre fra xfce4. Hvad angår Gnome, ved jeg ikke
rigtig hvor slemme problemerne er. Men nu kører xfce4 så vidt jeg kan se
OK. ... Bortset fra jeg ikke kunne vække dyret fra dvale eller hvile.
Men nu har jeg slået begge dele fra.

Nåeh, men jeg må vel lave en bug report om kde.

flem


On 08-08-2017 18:28, Flem wrote:
> Hvad angår konfigurationsfiler i hjemmemappe, har jeg forsøgt at oprette
> ny bruger for at se om kde så ville køre ... hjalp ikke. Jeg har chekket
> opgraderingsvejledningen.
>
> Det er da glædeligt at nogle har bedre oplevelser. Jeg var nu også
> virkelig godt tilfreds med Jessie. Det kan da også godt være at jeg
> skulle have ventet ½ års tid til de værste bugs var luget ud af stretch.
> Men nu overvejer jeg faktisk en netinstall af kubuntu 16.04. på en anden
> partition (så kan jeg jo altid vende tilbage for se om stretch
> fungerer). For jeg orker ikke at fluekneppe stretch for få at alle
> mulige vigtige småting til at fungere.
>
> Jeg har da også oplevet problemer med ubuntu, men ikke med opdatering af
> LTS-udgaverne. Jeg har heller ikke tid til at opdatere hvert halve år
> ... så LTS passer mig fint, og det gør debians opdatering af stable også
> ...
>
> Flem
>
>
> On 08-08-2017 17:36, Geert Heldager Nielsen wrote:
>> Når man opgraderer fra en udgivelse til den næste,
>> er der altid risiko for, at gamle konfigurations-filer 
>> i hjemmemappen kan give problemer. En anden ting man kan 
>> gøre, er at læse installerings-vejledningen, hvor der er 
>> tips til hvad der kan gå galt, og hvordan det løses.
>>

Re: Background will not change.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Aug 08, 2017 at 01:12:46PM -0400, Default User wrote:
> Hi.
> 
> - Debian Unstable.
> - Cinnamon desktop environment.
> - Updated 2017-08-07, then shut down.
> - On 2017-08-08, booted up.
> 
> Now, background is the Debian 9 default "Flipper" image.  Background can
> not be changed.

Can you describe this "background can not be changed" a bit more? How have
you tried to change your background? What was the effect?

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmKyFUACgkQBcgs9XrR2kaoHgCfdh9CfSJ6OVDzq+ThWJsrXFdH
2VEAniM2ndc1Rt3CJE+AIZjZPiiXE1jc
=oWTm
-END PGP SIGNATURE-

Re: Laser Printer recommendation...

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Aug 08, 2017 at 01:01:30PM -0500, Doug wrote:

[...]

> It always amazes me that people who get a driver made specifically
> for a device [...]

Thanks, Brian and Jape. You've put it more eloquently than I could :)

Let me add that to a fish, that yummy bait up there seems free too:
the little app, the Android OS coming with your smartphone, the shiny
Chrome browser...

The bait is free. Then you get caught in the 'net.

Those old enough among us will remember Microsoft's failed attempt
at reigning in the Internet which somehow, by sheer luck, seemed to
have escaped their grip: "Best viewed with IE6", wit ActiveX and
all that.

We are there again. Best viewed with Chrome.

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmKx+MACgkQBcgs9XrR2kYh2ACfSUICRKQBUxkLWs0UtEwJt/5f
4/cAn1hp75JqnstWp9hpEjy3r4eDIFqR
=xZ6z
-END PGP SIGNATURE-

Re: ipv6 - nom de domaine sur site mutualisé inaccessible - comment contourner avec linux unbound - google dns - opendns - configuration

[Pierre L.]

Humm, je n'ai pas suivi tout le fil... peut-être la question a-t-elle
déjà été posée...

Un autre ordi branché sur ton même réseau LAN de chez toi fait-il
exactement la même chose ?
Ton éventuel smartphone ou autre tablette... un NAS où tu aurais une
console pour faire un traceroute ?

Sinon étant chez un fournisseur concurrent, mon traceroute vers cette IP
me répond correctement aussi.



Le 08/08/2017 à 12:11, G2PC a écrit :
> Ce qui ne m'étonne pas, une idée pour démontrer ce filtrage volontaire
> de mes données ?




signature.asc
Description: OpenPGP digital signature

Re: Cette fois ci je me sens pleine d’énergie Audrey

[Jacquot Jérôme]

STOP 

Envoyé de mon iPad

> Le 7 août 2017 à 09:30, Audrey Niyingenga  a écrit :
> 
> 
> 
> Si tu étais là, je ne sais pas ce que je pourrai te faire… 
> http://bit.ly/2vExDz5

modifying debian installer image

[Fourhundred Thecat]

I have downloaded debian netinstaller:

wget
http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz

I have unpacked the image, and I was looking around to try to understand
how it works. I assumed, there was some config file with a list of all
the packages that are going to be installed.

I would like to modify that list, and replace systemd with sysvinit-core.

I don't see any such package list in the installer, and I could not find
much information on how the installer works.

Could somebody please help me understand, where the installer gets the
list of packages it installs ? And how I can change that list?

PS: I know I can remove systemd and install sysvinit-core *after* the
installation. But I am trying to avoid installing systemd and then
removing it. I would like to install sysvinit-core right away.

I am also using preseeding for installation, but as far as I know, this
cannot be achieved with preseeding alone.

thanks,

Re: Help with USB audio card

[Rodolfo Medina]

David Christensen  writes:

> On 08/08/17 00:38, Rodolfo Medina wrote:
>>
>> $ cat /etc/debian_version
>> buster/sid
>
> Have you tried the USB audio interface with the stable version of Debian?
>
>
>> $ uname -a
>> Linux lenovo 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2 (2017-06-12) x86_64
>> GNU/Linux
>
> Okay.
>
>
>> `dmesg | grep -i cm108 -A 10 -B 10' produced no output at all...
>
> Try running the command after you plug in the USB audio interface.


I had done so...  no output.

Thanks
Rodolfo