Re: Wow, I’d never expect to say to a guy I like him from the 1st sight. Nancy

[rama]

fuck off black prick




From: Nancy Kingofvirgo To: 
"debian-user@lists.debian.org" Sent: Monday, 
August 28, 2017, 2:18:42 AM GMT+8Subject: Wow, I’d never expect to say to a guy 
I like him from the 1st sight. Nancy
You have changed this assurance in me. 
   
   
  http://bitly.com/2wTl9E8  
 
  

Re: problema con script apt

[Juan Lavieri]

  
  
Hola.
  


El 27-08-2017 a las 04:07 p.m.,
juan carlos escribió:
  
buenas
gente desde hace una semana para aca llevo recibiendo este error
  
  y no encuentro como resolverlo o si esto ocasiona algun
fallo en los
  
  repos o si apesar del error puedo usar el sistema sin
preocupaciones el
  
  error es
  
  
  
  Problem executing scripts
APT::Update::Post-Invoke-Success 'if
  
  /usr/bin/test -w /var/cache/app-info -a -e
/usr/bin/appstreamcli; then
  
  appstreamcli refresh > /dev/null; fi', E:Sub-process
returned an error code
  
  
  
  eso pasa al hacer apt-get update alguien mas le pasa?
gracias
  
  
  
  


Parece que eso se resuelve removiendo el paquete
  libappstream3 

#apt-get remove libappstream3

Según lo comentan aquí: 
https://askubuntu.com/questions/942895/e-problem-executing-scripts-aptupdatepost-invoke-success/943018

Otra solución la consigues aqui: 
http://trastetes.blogspot.com/2016/02/solucion-al-error-e-then-appstreamcli.html 
  Te sugiero que revises esta primero a ver si te convence el
  argumento.

Saludos.



-- 
Juan M Lavieri

Errar es de humanos, pero es mas humano culpar a los demás.
  

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Zenaan Harkness]

On Fri, Aug 25, 2017 at 05:45:17PM +0200, Sven Hartge wrote:
> Tom Browder  wrote:
> > On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
> >> Tom Browder  wrote:

> >> > So how does one do the same thing with "modern" tools?
> >>
> >> I don't understand the question. Do you mean "systemd-networkd"?
> 
> > I'm indirectly referencing a long-running thread on this list about
> > using ifconfig versus "modern" tools for viewing the current
> > interfaces setup.
> 
> When using /e/n/interfaces and ifupdown you don't really come in contact
> with "ip" or "ifconfig" directly.
> 
> > And just how does one restart the new interfaces with systemctl?
> 
> You don't. Commands like "service networking restart" have been
> deprecated and partially non-functioning since at least Wheezy, because
> of the internal limit of ifupdown itself.

So to do text-config based networking, what's
"The Recommended Way (TM)(R)(C)"?

Create virtual ethernet devices on Debian 9 stretch ?

[Zenaan Harkness]

Riffing on the recent thread, here's the one I thought that was, and
wanted it to be. Alas, twas not so, and thus the inordinately
difficult and challanging task of creating a new thread is weighty
upon my shoulders.  So this is it :)


Have done quite a bit of research over the last couple months,
there's a -lot- of tech, plenty of it "fairly new" too.

Some years back, I ran openvpn to connect a few computers "securely"
(for wild "I hope this works as I cross my fingers" values of
"securely").  I have some vague recollection of creating tap and tun
devices.


"Right now" my aim is to run virt-manager or qemu, with kvm
underneath, with a host-only virtual network to which I shall connect
two virtual machines, and the host machine, and run some nfs or samba
thing to share folders between all 3.


My requisite is to have a sense of full control over my virtual
networking - this means setup and tear down primarily via
/etc/network/interfaces unless some other mechanism were more highly
recommended
- this means not relying on say the virt-manager gui

However, I'd also like to learn how to use the virt-manager gui to
create a single "host-only virtual network" instance for a virtual
machine (or two :)


The reason I want to learn how to do this virtual host-only network
with virt-manager gui, is so I can teach others, most of whom are
really only comfortable with a gui.

The reason I must learn how to do this virtual host-only network via
/e/n/i is for skills transfer - so that when I must manage a remote
host or VM in the future, I can readily do what I need to do via an
SSH cmd line (i.e. text only) interface.



Here are the examples/ snippets I've gleaned in the last few months:

## temporary ssh vpn:
iface tun0 inet static
   pre-up sleep 3
   address 10.3.3.1
   netmask 255.255.255.255
   pointopoint 10.3.3.3
   #up arp -sD 10.3.3.3 eth0 pub # perhaps just do NAT, eg, on
   server:
   up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   up echo "1" /proc/sys/net/ipv4/ip_forward
   down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
   down echo "0" /proc/sys/net/ipv4/ip_forward
# alternative routing:
   #up ip route add 10.3.3.0/24 dev tun0 # this happens
   automatically
   up ip route add 10.1.1.0/24 dev tun0
   up ip route add 10.1.2.0/24 dev tun0
   down ip route del 10.1.1.0/24
   down ip route del 10.1.2.0/24


# Simple case; man bridge-utils-interfaces(5)
# Bridge interface to make VMs bridge to specific networks
auto br0
iface br0 inet dhcp
   bridge-ports eth0
   bridge-ports ve0
   bridge-ports all # WARNING, bridges all ethernet interfaces!


# Not so simple; virtual switch with host as gateway
# See http://debian-handbook.info/browse/stable/sect.virtualization.html
# Virtual interface
auto tap0
iface tap0 inet manual
  vde2-switch -t tap0


# Bridge for containers
auto br0
iface br0 inet static
  bridge-ports tap0
  address 10.0.0.1
  netmask 255.255.255.0


# See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
auto br0
iface br0 inet dhcp
   pre-up ip tuntap add dev tap0 mode tap user 
   pre-up ip link set tap0 up
   bridge_ports all tap0
   bridge_stp off
   bridge_maxwait 0
   bridge_fd  0
   post-down ip link set tap0 down
   post-down ip tuntap del dev tap0 mode tap


# qemu/kvm host only or private/ internal network:
#  - it's a form of "bridge" network - apt-get install bridge-utils
#  - ho0 is the (random) name chosen for this bridge device,
#e.g. "hostonly0" might be a better memory jog
#  - 10.13.13.1 is the (random) host address for this network
auto ho0
iface ho0 inet static
   address 10.13.13.1
   netmask 255.255.255.0
   pre-up  brctl addbr ho0
   post-down   brctl delbr ho0



See also attached snippets file, with links and my initial notes
regarding differences of different virt networking systems.

AIUI I don't need any exotic networking to try to extract the last
few cycles of CPU performance, just functional, flexible, cmd-line/
text config style virtual networking to link a few virtual machines,
with an eye to remote admin of a host and/ or a few VMs.

Given so many options, and so many variations, I feel completely lost
at this point in time :(

Any suggestions as to which pathway/ program etc would be a
reasonably balanced pathway to follow, would be greatly appreciated.

TIA,
Zenaan

see:
   http://baturin.org/docs/iproute2/ -- ip cheat sheet
   e.g.: "Link is another name for network interface" (in ip command, e.g. ip 
link add ...)

see:
   http://doger.io/ - comparison of virtual eth options !!!

   https://en.wikibooks.org/wiki/QEMU/Networking
   
http://linux-blog.anracom.com/2016/02/02/fun-with-veth-devices-linux-virtual-bridges-kvm-vmware-attach-the-host-and-connect-bridges-via-veth/
   google openvswitch vde comparison

   
https://unix.stackexchange.com/questions/272850/how-to-determine-the-logical-type-of-a-linux-network-device
   http://virt.kernelnewbies.org/
   http://blog.bofh.it/debian/id_379 - ip program 

XFCE wm deadlocks on (other) console logout

[Zenaan Harkness]

I consistently get a deadlock of the XFCE window manager, immediately
after I logout of say Linux console 2, when e.g. XFCE is running on
console 1.

Procedure to replicate:

1. login to console 1

2. start xfce

3. switch to console 2 (e.g. CTRL+ALT+F2)

4. loging to console 2

5. logout of console 2 (e.g. CTRL+D)


Notably, when I'm on console 2, either logged in or not, I can safely
use ALT+Left to go to console 1 and appears my XFCE desktop.

Similarly using Ctrl+Alt+F1

So I'm guessing some sort of unhandled race condition, but I'm at a
loss as to how to debug this.

Installer un serveur mail complet sous Debian 9 Stretch

[G2PC]

Bonjour,

Je cherche un tutoriel pour installer un serveur mail complet sous
Debian Stretch.

J'ai trouvé celui-ci :
https://blog.tetsumaki.net/articles/2017/08/installation-dune-solution-mail-complete-sous-debian-9-stretch.html

Si vous avez un support correct, complet, accessible, pour Debian
Stretch, en complément, ou, en remplacement, merci de vos retours.

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[davidson]

On Sun, 27 Aug 2017, Mario Castelán Castro wrote:


On 26/08/17 13:06, david...@freevolt.org wrote:

On Sat, 26 Aug 2017, Mario Castelán Castro wrote:

Whatever you find in Tails, is there because of a Tails developer
put it there.


I am perpelexed by this last statement, since the uri in the error
message reported by the Tails user[1]


..which a Tails developer has there, like I said.


LOL!

All right, my friend. That is indeed a conceivable interpretation of
what you said.

Thank you for bikeshedding with me. Hopefully we can do it again
sometime.

--

@InternetHippo 22 Jul 2017 |

Life before the internet was awful. Your friend would be wrong about a
trivial issue during dinner and you just had to let it go

%% twitter.com/InternetHippo/status/888750986252226560

lp printing doesn't work

[Gary Roach]

Hi all

Debian Stretch
KDE Desktop
HP Officejet Pro 8600 printer
Wireless connection

For some reason, my lp print command doesn't work. My lpoptions file in 
/etc/cups/lpoptions is:



Default Officejet_Pro_8600_N911a media=DRAFT  page-bottom=54 page-left=54 
page-right=54 page-top=54



If I run lpoptions on the command line I get:

  copies=1 device-uri=socket://192.168.1.5:9100 finishings=3 
fitplot=true job-cancel-after=10800 job-hold-until=no-hold 
job-priority=50 job-sheets=none,none marker-change-time=0 media=DRAFT 
number-up=1 page-bottom=54 page-left=54 page-right=54 page-top=54 
printer-commands=AutoConfigure,Clean,PrintSelfTestPage printer-info='HP 
Officejet Pro 8600' printer-is-accepting-jobs=true 
printer-is-shared=false printer-location='Local Printer' 
printer-make-and-model='HP Officejet Pro 8600, hpcups 3.16.11' 
printer-state=3 printer-state-change-time=1503877259 
printer-state-reasons=none printer-type=10522652 
printer-uri-supported=ipp://localhost/printers/Officejet_Pro_8600_N911a


A you can see, my printer is specifically called out. But if I run lp 
 I get:


lp: Error - no default destination available.

I've tried to reinstall cups_client but that didn't help.

I have an almost identical system that is setup the same way and is not 
having the problem.


Anyone have an idea what's causing this.

Gary R.

Re: Resign me from your lists

[rhkramer]

On Sunday, August 27, 2017 07:15:23 PM Ben Finney wrote:
> Mario Castelán Castro  writes:
> > I assumed originally that this was a person who subscribed then
> > realized he did not want to be subscribed and decided to complain to
> > the list about that.
> 
> Even on that assumption, there is no call to insult the person. No-one
> is born knowing how to operate a mailing list subscription, please allow
> people to learn without implying they are inferior.

+1, thank you!

Re: Paquetes retenidos y aplicaciones rotas tras actualizar a Debian 9

[Iván]

On 04/07/17 06:22, José María wrote:





Buenas,



Hola Iván, intenta no hacer top-posting ni escribir en HTML por favor, 
son normas de la lista [1]


(Te corrijo el top-posting)




On 27/06/17 22:53, José María wrote:

El 26/06/17 a las 13:42, JAP escribió:

El 26/06/17 a las 05:57, Iván Hernández Cazorla escribió:

Buenas,
Creo que no es la primera vez que me suscribo a esta lista de correo,
pero nunca está de más agradecer a todos aquellos que atienden los
correos de antemano. Gracias. Bueno, les comento mi problema.

Últimamente ando un poco desactualizado de las novedades de todo,
inclusive de Debian. Fue ayer cuando me enteré de que el 17 de 
junio de

2017 se lanzó Debian 9 Stretch
. Con la emoción fui un 
poco
a la desesperada y busqué rápidamente "how to upgrade debian 8 to 
9" y

me encontré con este tutorial
. 



Lo seguí al pie de la letra. Pero, cuando el ordenador se reinició 
tras
ejecutar *shutdown -r now*, comprobé que algo no había ido bien 
por dos

razones:

 1. Al ejecutar *lsb_release -a *me mostraba (y sigue mostrando este
mensaje):
No LSB modules are available.
Distributor ID:Debian
Description:Debian GNU/Linux 9.0 (n/a)
Release:9.0
Codename:n/a
Donde debería indicar el codename "Stretch", no indica nada, 
solo n/a.

 2. Hay programas que se han roto. Por ej. el navegador de archivos
"nemo" y VLC.

Como no atinaba con que podía ser la razón de este fallo, ejecuté un
*apt-get update *y luego un *upgrade* para comprobar que todos los
paquetes se habían actualizado. Sin embargo, para mi sorpresa, a 
estas

horas de la mañana que he vuelto a intentarlo, me dice que:

1 actualizados, 0 nuevos se instalarán, 0 para eliminar y 748 no
actualizados.

Al revisar los 748 paquetes no actualizados por encima, me 
encuentro con
la sorpresa de que VLC y sus dependencias, de la misma manera que 
muchos

otros, no se han actualizado, razón por la que creo que en estos
momentos no funciona.

Quitando esto, creo además que el comportamiento del cargador ha
comenzado a hacer cosas extrañas, pero esto ya es otra cuestión 
que iré

analizando con el tiempo de uso de Stretch.

Les adjunto una imagen con la información del sistema por si fuese de
alguna utilidad.

Muchas gracias de antemano.

Saludos, Iván



El cambio de nombre en cada equipo, siempre es algo que a veces, 
tarda.

Por ejemplo, yo estoy en "testing", y aún sigue como Debian 9 Stretch.

Recomendación: luego de

# apt-get upgrade

haz un

# apt-get dist-upgrade

Probablemente tengas paquetes que se estén reteniendo.

Esto va a hacer una actualización más completa y va a solucionar 
cosas que una actualización normal no hace, por tema de seguridad 
del sistema.


dist-upgrade in addition to performing the function of upgrade, 
also intelligently handles changing dependencies with new versions 
of packages; apt-get has a "smart" conflict resolution system, and 
it will attempt to upgrade the most important packages at the 
expense of less important ones if necessary. The dist-upgrade 
command may therefore remove some packages. The 
/etc/apt/sources.list file contains a list of locations from which 
to retrieve desired package files. See also apt_preferences(5) for 
a mechanism for overriding the general settings for individual 
packages.


JAP




Y también las "Notas de publicación", punto 4 completo.

https://www.debian.org/releases/stable/releasenotes




Primero, darles las gracias a cada uno de los que me han respondido. 
Les comento:


  * *JAP*. Cuando actualicé realicé el apt-get dist-upgrade después del
apt-get upgrade, pero cuando se reinició el ordenador apareció el
problema comentado. Volví a intentar hacer el apt-get dist-upgrade y
muestra cómo lo hace pero cómo que nunca termina de actualizarse.
  * *José María*. Gracias por las notas de publicación, debí haberles
echado un vistazo antes de actualizar. Fallo mío. Lo tendré en
cuenta para la próxima.

¿Hay alguna forma de restaurar Debian 8.8 para luego intentar 
realizar la actualización y comprobar si funciona correctamente?




Uff!.. Es complicado responderte a esa pregunta, depende de lo que 
hayas hecho con tu sistema.


Según lo que pone en el enlace que aportaste y lo que te ha dicho JAP 
sería suficiente para actualizar tu Debian, pero si has hecho algo de 
lo que pone aquí [2], ni lo intentaba.


Personalmente reinstalaba Debian para no tener dolores de cabeza.


[1] https://wiki.debian.org/es/NormasLista
[2] https://wiki.debian.org/es/DontBreakDebian



Buenas José María,
Por una parte, agradecerte que hayas corregido el top-posting. Las 
listas en las que he participado siempre sea respondido por encima. Me 
lo apunto para que no se me escape más.


Por otra parte, siento haber respondido tras más de un mes de tu 
mensaje. No quiero que pienses que lo vi, me funcionó 

Re: problema con script apt

[juan carlos]

El 27/08/17 a las 22:57, TheFox escribió:
No, pero podrías usar el siguiente comando: dpkg --configure -a. Éste 
comando lo que hará es reconfigurar cualquier paquete que pueda estar 
dañado y que te pueda estar dando el problema.


Santiago.

El 27 ago. 2017 22:55, "juan carlos" > escribió:




El 27/08/17 a las 20:32, TheFox escribió:

A mí me ha pasado con paquetes rotos o mal instalados. No has
puesto el número de código de error. ¿Cuál es?

Santiago.

El 27 ago. 2017 22:07, "juan carlos" > escribió:

buenas gente desde hace una semana para aca llevo recibiendo
este error
y no encuentro como resolverlo o si esto ocasiona algun fallo
en los
repos o si apesar del error puedo usar el sistema sin
preocupaciones el
error es

Problem executing scripts APT::Update::Post-Invoke-Success 'if
/usr/bin/test -w /var/cache/app-info -a -e
/usr/bin/appstreamcli; then
appstreamcli refresh > /dev/null; fi', E:Sub-process returned
an error code

eso pasa al hacer apt-get update alguien mas le pasa? gracias


hola no aparece codigo de error el mensaje que aparece lo copie
tal cual, y no pueden ser rotos porque es un live desde donde lo
hago por lo tanto si e rompe el paquete no podria modificarlo o si?


ese comando rompio el sistema del todo, cuando lo hice volvi a hacer 
update y no resuelve no descarga si lo intento por el gestor de paquetes 
me dice fallo al descargar de repositorio compruebe la red

Re: Resign me from your lists

[Ben Finney]

Mario Castelán Castro  writes:

> I assumed originally that this was a person who subscribed then
> realized he did not want to be subscribed and decided to complain to
> the list about that.

Even on that assumption, there is no call to insult the person. No-one
is born knowing how to operate a mailing list subscription, please allow
people to learn without implying they are inferior.

-- 
 \ “I went over to the neighbor's and asked to borrow a cup of |
  `\   salt. ‘What are you making?’ ‘A salt lick.’” —Steven Wright |
_o__)  |
Ben Finney

Wie ben jij

[Steven Spenen]

Steven Soenen

Re: problema con script apt

[TheFox]

No, pero podrías usar el siguiente comando: dpkg --configure -a. Éste
comando lo que hará es reconfigurar cualquier paquete que pueda estar
dañado y que te pueda estar dando el problema.

Santiago.

El 27 ago. 2017 22:55, "juan carlos"  escribió:



El 27/08/17 a las 20:32, TheFox escribió:

A mí me ha pasado con paquetes rotos o mal instalados. No has puesto el
número de código de error. ¿Cuál es?

Santiago.

El 27 ago. 2017 22:07, "juan carlos"  escribió:

> buenas gente desde hace una semana para aca llevo recibiendo este error
> y no encuentro como resolverlo o si esto ocasiona algun fallo en los
> repos o si apesar del error puedo usar el sistema sin preocupaciones el
> error es
>
> Problem executing scripts APT::Update::Post-Invoke-Success 'if
> /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then
> appstreamcli refresh > /dev/null; fi', E:Sub-process returned an error code
>
> eso pasa al hacer apt-get update alguien mas le pasa? gracias
>
> hola no aparece codigo de error el mensaje que aparece lo copie tal cual,
y no pueden ser rotos porque es un live desde donde lo hago por lo tanto si
e rompe el paquete no podria modificarlo o si?

Re: Unable to change mouse acceleration and threshold in Stretch

[Mario Castelán Castro]

On 27/08/17 13:57, Илья Валеев wrote:
> 21.08.2017 01:00, Mario Castelán Castro wrote:
>> I use LXDE and I can adjust the acceleration and speed through the program
>> accessible in LXDE menu. It is called “mouse and keyboard preferences“ or
>> something like that. However, even setting the speed at minimum, it is
>> still too high. What I have done is to use this command:
>>
>> “xinput --set-prop
>> "Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.28 0 0 0
>> 0.28 0 0 0 1”
>>
>> Replace 0.28 by your preferred multiplier (1 = no change; 1.123 = 12.3%
>> increase, et cetera) This ought to work regardless of desktop environment.
>> In lightdm, you can put this in “$HOME/.xsessionrc“ to run it
>> automatically at each log-in.
>>
> 
> Seems like bug is unique for me, but your method works.
> Solved.

It does not seem to be a bug. As mentioned in a previous message
 what
happens is that in Debian 9, mouse acceleration parameters are handled
by libinput by default (I think that one can disable libinput by
replacing the package “xserver-xorg-input-libinput” with
“xserver-xorg-input-evdev”, but I beware that I have *NOT* tried it)

Apparently, libinput uses its own parameters and ignores the parameters
that “xset” alters.

> Thanks!

Пожалуйста.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: security issues

[Gene Heskett]

On Sunday 27 August 2017 12:22:30 Mike McClain wrote:

> On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote:
> > I have had the ultimate revenge on those who were enemies at one
> > time, I've outlived the turkeys without doing anything to hasten
> > their demise. ;-)
>
> I thought that was worthy of being a tagline.
> Hope you don't mind.
> Mike

Help yourself Mike. But I am far from the first to say that in print. :)
> --
> You can't say that civilization don't advance,
>   for in every war they kill you in a new way.
> - Will Rogers


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Resign me from your lists

[Gene Heskett]

On Sunday 27 August 2017 11:56:58 Paul Farou wrote:

> I am receiving unwanted mail from you please get me off these lists!
>
> Paul FAROU

If you look at the headers of this message, it will contain 
a "List-Unsubscribe" url, which if fed to your browser, will take you to 
the list unsubscribe page. Follow its instructions, including replying 
to the 'are you sure' email that will generate.

All done.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 14:03, Reco wrote:
> On Sun, 27 Aug 2017 11:17:09 -0500
> Mario Castelán Castro  wrote:
>> Then why did you subscribe to this mailing list in the first place?
> 
> He did not (e-mail headers show that clearly). He's probably yet another
> victim of this month spam attack which fakes From header to be
> 'debian-user@lists.debian.org'.

I have to admit that I do not know what specific header you are talking
about.

I was not aware that this mailing list was used in “From:” spoofing.

>> Are you stupid?
> 
> To paraphrase your signature, do not insult technically illiterate,
> respect them as you respect people.

Fair enough.

I assumed originally that this was a person who subscribed then realized
he did not want to be subscribed and decided to complain to the list
about that.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: One-line password generator

[Andy Smith]

Hello,

On Sun, Aug 27, 2017 at 09:05:41PM +0200, Thomas Schmitt wrote:
> Curt wrote:
> > So this is wrong:
> > https://www.2uo.de/myths-about-urandom/
> 
> Dunno. I took my info from the man page.

The article at 2uo.de is correct. The relevant Linux man pages were
recently updated to clarify that once seeded, /dev/urandom is
sufficient for any use and that /dev/random is a legacy interface
for callers that may require it during early boot before the pool is
initialised. The non-legacy interface for such callers is proper use
of getrandom() which will block until the pool is initialised.

https://bugzilla.kernel.org/show_bug.cgi?id=71211

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Re: I need help to determine package name for a bug report.

[Zoltán Herman]

No, but since every one works in memory, one of its segments may be
defective.
Memtest writes and reads ... but not concurrent.

2017-08-27 23:16 GMT+02:00 Fungi4All :

>
> From: zoltan...@gmail.com
> To: Debian User 
>
> I would try to exchange the memories by swapping...
>
> 2017-08-27 16:36 GMT+02:00 Alexander V. Makartsev :
>
>> Package: linux-image-4.9.0-3-amd64
>> Version: 4.9.30-2+deb9u3
>> Maintainer: Debian Kernel Team 
>>
>> I've already checked memory with memtest86+ and found no errors. My
>> hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
>> Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
>> page table at address", so I doubt it is hardware problem.
>>
>> On 27.08.2017 15:35, Zoltán Herman wrote:
>> > kernel team
>> > linux-image-
>> >
>> > May be a memory error?
>> >
>>
>
> Do sound cards have memory chips on them?  How can we tell?  If they do
> could this be a source of the above problem that memtest doesn't test?
>
>

Re: Re: I need help to determine package name for a bug report.

[Fungi4All]

> From: zoltan...@gmail.com
> To: Debian User 
>
> I would try to exchange the memories by swapping...
>
> 2017-08-27 16:36 GMT+02:00 Alexander V. Makartsev :
>
>> Package: linux-image-4.9.0-3-amd64
>> Version: 4.9.30-2+deb9u3
>> Maintainer: Debian Kernel Team 
>>
>> I've already checked memory with memtest86+ and found no errors. My
>> hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
>> Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
>> page table at address", so I doubt it is hardware problem.
>>
>> On [27.08.2017 15](tel:27.08.2017%2015):35, Zoltán Herman wrote:
>>> kernel team
>>> linux-image-
>>>
>>> May be a memory error?
>>>

Do sound cards have memory chips on them?  How can we tell?  If they do
could this be a source of the above problem that memtest doesn't test?

Re: Re: I need help to determine package name for a bug report.

[Zoltán Herman]

I would try to exchange the memories by swapping...

2017-08-27 16:36 GMT+02:00 Alexander V. Makartsev :

> Package: linux-image-4.9.0-3-amd64
> Version: 4.9.30-2+deb9u3
> Maintainer: Debian Kernel Team 
>
> I've already checked memory with memtest86+ and found no errors. My
> hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
> Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
> page table at address", so I doubt it is hardware problem.
>
> On 27.08.2017 15:35, Zoltán Herman wrote:
> > kernel team
> > linux-image-
> >
> > May be a memory error?
> >
>
>

Re: problema con script apt

[juan carlos]

El 27/08/17 a las 20:32, TheFox escribió:
A mí me ha pasado con paquetes rotos o mal instalados. No has puesto 
el número de código de error. ¿Cuál es?


Santiago.

El 27 ago. 2017 22:07, "juan carlos" > escribió:


buenas gente desde hace una semana para aca llevo recibiendo este
error
y no encuentro como resolverlo o si esto ocasiona algun fallo en los
repos o si apesar del error puedo usar el sistema sin
preocupaciones el
error es

Problem executing scripts APT::Update::Post-Invoke-Success 'if
/usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then
appstreamcli refresh > /dev/null; fi', E:Sub-process returned an
error code

eso pasa al hacer apt-get update alguien mas le pasa? gracias

hola no aparece codigo de error el mensaje que aparece lo copie tal 
cual, y no pueden ser rotos porque es un live desde donde lo hago por lo 
tanto si e rompe el paquete no podria modificarlo o si?

[no subject]

[teddy sangnier]

Veuillez supprimer mes donné personnelle de votre liste afin de ne plus être 
importuner par vos mails envahissant.
Merci de faire le nécessaire au plus vite.
Cordialement

Re: problema con script apt

[TheFox]

A mí me ha pasado con paquetes rotos o mal instalados. No has puesto el
número de código de error. ¿Cuál es?

Santiago.

El 27 ago. 2017 22:07, "juan carlos"  escribió:

> buenas gente desde hace una semana para aca llevo recibiendo este error
> y no encuentro como resolverlo o si esto ocasiona algun fallo en los
> repos o si apesar del error puedo usar el sistema sin preocupaciones el
> error es
>
> Problem executing scripts APT::Update::Post-Invoke-Success 'if
> /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then
> appstreamcli refresh > /dev/null; fi', E:Sub-process returned an error code
>
> eso pasa al hacer apt-get update alguien mas le pasa? gracias
>
>

Re: Debian v9 it's a stretch

[Liam O'Toole]

On 2017-08-27, Mario Castelán Castro  wrote:
> On 26/08/17 20:36, Liam O'Toole wrote:
>> On 2017-08-25, Borden Rhodes  wrote:
>>> I encourage everyone to check out "How to Irritate People salesmen" on=
>
>>> your favourite community video streaming site. That's how I've found
>>> FOSS support: "Best software in the world. No problems at all. But if
>>> you find a problem, file a bug and we'll fix it." "Well I have filed a=
>
>>> bug, and you haven't fixed it." "Nope, no problems with this software
>>> at all..."
>>=20
>> And you have never encountered that attitude with proprietary software
>> vendors? Ever?
>>=20
>> The difference with FLOSS is that you can fix any problems yourself. Or=
>
>> persuade or pay someone else to do it for you. The choice is yours.
>
> There are plenty of sites where asking stupid question about free
> software programs is the norm, and you are not allowed to admonish users
> for not knowing what they must already know (very often it has a section
> in the manual about it). The most popular one is probably stackexchange.
>
> For example, I mean questions like: =E2=80=9CI am the manager of a nuclea=
> r power
> plant. The engineers are telling me that we are having a loss of coolant
> and core meltdown, what does that mean? Is it dangerous?=E2=80=9D
>
> If you want to go spoonfeed, then go to one of those sites.

Thanks for the suggestion. I hope you won't be offended as I blithely
ignore it.

-- 

Liam

problema con script apt

[juan carlos]

buenas gente desde hace una semana para aca llevo recibiendo este error
y no encuentro como resolverlo o si esto ocasiona algun fallo en los
repos o si apesar del error puedo usar el sistema sin preocupaciones el
error es

Problem executing scripts APT::Update::Post-Invoke-Success 'if
/usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then
appstreamcli refresh > /dev/null; fi', E:Sub-process returned an error code

eso pasa al hacer apt-get update alguien mas le pasa? gracias

Re: Resign me from your lists

[Curt]

On 2017-08-27, Reco  wrote:
> On Sun, 27 Aug 2017 11:17:09 -0500
> Mario Castelán Castro  wrote:
>
>> On 27/08/17 10:56, Paul Farou wrote:
>> > I am receiving unwanted mail from you please get me off these lists!
>> 
>> Then why did you subscribe to this mailing list in the first place?
>
> He did not (e-mail headers show that clearly). He's probably yet another
> victim of this month spam attack which fakes From header to be
> 'debian-user@lists.debian.org'.
>
>
>> Are you stupid?
>
> To paraphrase your signature, do not insult technically illiterate,
> respect them as you respect people.

Don't eat people. They're animals too.

What she lacks in generosity she makes up in vegetables; but it takes
all kinds, I guess.

> Reco
>
>


-- 
"The purpose of art is to lay bare the questions that have been hidden by the 
answers."
— James Baldwin

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 27/08/2017 à 19:54, herve.thib...@free.fr a écrit :


systemd-resolve --status

avant et après l'établissement du VPN.

Avant
herve@herve-W54-55SU1-SUW:~$ systemd-resolve --status:
systemd-resolve: unrecognized option '--status:'


Tu n'as pas vu que tu avais fait une erreur de frappe, ":" en trop ?


herve@herve-W54-55SU1-SUW:~$

Après
herve@herve-W54-55SU1-SUW:~$ systemd-resolve --status

(coupe)

Link 15 (tun0)
   Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
   DNSSEC setting: no
 DNSSEC supported: no


Le VPN n'a pas configuré de DNS.


Link 2 (enp3s0f1)
   Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
   DNSSEC setting: no
 DNSSEC supported: no
  DNS Servers: 212.27.40.241
   212.27.40.240


Ce sont les DNS du FAI reçus par l'interface ethernet. Or les DNS d'un 
FAI sont généralement inaccessibles seulement depuis une adresse IP 
appartenant au FAI. Les DNS de Free sont inaccessibles depuis l'adresse 
IP du VPS appartenant à OVH.


Il faut que le serveur VPN fournisse les adresses de DNS qui sont 
indiquées dans son propre /etc/resolv.conf.

Re: One-line password generator

[Thomas Schmitt]

Hi,

Brian wrote:
> I do not have to run faster than the bear, just faster than anyone else.

According to the article about the successful cracking, it is not so much
about how fast you are. The bear will not stop when it is done with eating
those behind you.

It is rather about not to walk the paths which all the tasty others walk.
The first found meal tells the bear that there is more food in the same
direction.


Have a nice day :)

Thomas

Re: One-line password generator

[Thomas Schmitt]

Hi,

Curt wrote:
> So this is wrong:
> https://www.2uo.de/myths-about-urandom/

Dunno. I took my info from the man page.

This article is, at least at its beginnings, very affirmative and fewly
equipped with supporting facts. Mainly "Believe Me !".
The author is a proselyte of urandom, as he confesses openly.

Of course, if you are lucky, urandom gives you 8 bit entropy per byte read.
But as all diagrams in the article say: Entropy can be lower and urandom will
still hand out the bytes. The whole article is about why this shall not
be of concern.
Why is the potentially missing stuff considered to be entropy then ?

Verifying the statements about the way how random and urandom correspond
in the Linux kernel would last a few weeks. Why was it changed so often ?
Further i'd need to wrap my head around the topic whether this really yields
the properties claimed by the author.


Compared to that, what is the penalty if i do not join the urandom church ?
I might be doomed to wait a few seconds before my password is generated.
Maybe a mass generator of random numbers, which relies on /dev/random against
the advise of the man page, will have to wait too. Serves him right.

If i get bored, i can speed it up by doing things on mouse and keyboard.
But it's not necessary for me. I just read 5 times 16 bytes. No waiting,
no lightning strike from heaven.

Am i stupid to go any risk and reject the offer of the kernel to test my
random bytes before i get them ?
Just because people with undisclosed interests tell me ?
The term for this is "social engineering".


Have a nice day :)

Thomas

Re: Unable to change mouse acceleration and threshold in Stretch

[Илья Валеев]

21.08.2017 01:00, Mario Castelán Castro wrote:
> On 2017-08-21 00:26 +0500 Илья Валеев  wrote:
>> It seems to work, thank you!
>>
>> Is there any way to configure it via GUI or another way without restart?
>> The way described in Arch Wiki does not do anything.
>> If not, will it be added in future Debian (or DE?) releases?
> 
> Hello.
> 
> I do not know what is the context of this message, so apologies if my
> reply is out of place.
> 
> I use LXDE and I can adjust the acceleration and speed through the program
> accessible in LXDE menu. It is called “mouse and keyboard preferences“ or
> something like that. However, even setting the speed at minimum, it is
> still too high. What I have done is to use this command:
> 
> “xinput --set-prop
> "Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.28 0 0 0
> 0.28 0 0 0 1”
> 
> Replace 0.28 by your preferred multiplier (1 = no change; 1.123 = 12.3%
> increase, et cetera) This ought to work regardless of desktop environment.
> In lightdm, you can put this in “$HOME/.xsessionrc“ to run it
> automatically at each log-in.
> 

Seems like bug is unique for me, but your method works.
Solved.
Thanks!

Re: Resign me from your lists

[Reco]

On Sun, 27 Aug 2017 11:17:09 -0500
Mario Castelán Castro  wrote:

> On 27/08/17 10:56, Paul Farou wrote:
> > I am receiving unwanted mail from you please get me off these lists!
> 
> Then why did you subscribe to this mailing list in the first place?

He did not (e-mail headers show that clearly). He's probably yet another
victim of this month spam attack which fakes From header to be
'debian-user@lists.debian.org'.


> Are you stupid?

To paraphrase your signature, do not insult technically illiterate,
respect them as you respect people.

Reco

Re: Wow, I’d never expect to say to a guy I like him from the 1st sight. Elsie

[David Skinner]

STOP WRITING ME

On Aug 27, 2017 2:23 PM, "Elsie Leangsiripraseart" <1sof...@orange.fr>
wrote:

> You have changed this assurance in me.
>
> http://bitly.com/2wT6lFA
>

Re: Wow, I’d never expect to say to a guy I like him from the 1st sight. Cindy

[David Skinner]

STOP WRITING ME

On Aug 27, 2017 2:20 PM, "Cindy Maulaboksh" 
wrote:

> You have changed this assurance in me.
>
> http://bitly.com/2vty9N7
>

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 10:56, Paul Farou wrote:
> I am receiving unwanted mail from you please get me off these lists!

Then why did you subscribe to this mailing list in the first place? Are
you stupid?

To unsubscribe, send an e-mail to debian-user-requ...@lists.debian.org
with subject “unsubscribe”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 27/08/2017 à 19:44, Pascal Hambourg a écrit :
Ne tiens pas compte de ma réponse précédente, nos messages se sont 
croisés.


Le 27/08/2017 à 19:19, herve.thib...@free.fr a écrit :


avant ou après la connexion
herve@herve-W54-55SU1-SUW:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
resolvconf(8)

# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual 
nameservers.


nameserver 127.0.0.53


Et zut, c'est ce que je craignais, un résolveur local. Suivons donc le 
jeu de piste avec la commande aimablement indiquée dans le fichier :


systemd-resolve --status

avant et après l'établissement du VPN.

Avant
herve@herve-W54-55SU1-SUW:~$ systemd-resolve --status:
systemd-resolve: unrecognized option '--status:'
herve@herve-W54-55SU1-SUW:~$

Après
herve@herve-W54-55SU1-SUW:~$ systemd-resolve --status
Global
  DNSSEC NTA: 10.in-addr.arpa
  16.172.in-addr.arpa
  168.192.in-addr.arpa
  17.172.in-addr.arpa
  18.172.in-addr.arpa
  19.172.in-addr.arpa
  20.172.in-addr.arpa
  21.172.in-addr.arpa
  22.172.in-addr.arpa
  23.172.in-addr.arpa
  24.172.in-addr.arpa
  25.172.in-addr.arpa
  26.172.in-addr.arpa
  27.172.in-addr.arpa
  28.172.in-addr.arpa
  29.172.in-addr.arpa
  30.172.in-addr.arpa
  31.172.in-addr.arpa
  corp
  d.f.ip6.arpa
  home
  internal
  intranet
  lan
  local
  private
  test

Link 15 (tun0)
  Current Scopes: none
   LLMNR setting: yes
MulticastDNS setting: no
  DNSSEC setting: no
DNSSEC supported: no

Link 3 (wlp2s0)
  Current Scopes: none
   LLMNR setting: yes
MulticastDNS setting: no
  DNSSEC setting: no
DNSSEC supported: no

Link 2 (enp3s0f1)
  Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
   LLMNR setting: yes
MulticastDNS setting: no
  DNSSEC setting: no
DNSSEC supported: no
 DNS Servers: 212.27.40.241
  212.27.40.240






herve@herve-W54-55SU1-SUW:~$ host nic.fr
;; connection timed out; no servers could be reached


Donc pas de résolution DNS avec le VPN.


Common NameReal AddressVPN AddressBytes Sent Received

openvpn 88.174.36.83:58208172.27.232.35282.52KB 485.01KB
Connection Duration
2:46:41

donc l'adresse VPN est 172.27.232.35


C'est encore l'adresse locale de ton PC, aucun intérêt. On n'en est 
plus là de toute façon.

LXC ACL FS No Soportada

[Edward Villarroel (EDD)]

Buenos días

Revisando tengo la siguiente inquietud desconozco del tema.

si tengo una VPS que tiene / en un punto de montura.

cat /proc/self/mountinfo
3973 3974 0:482 /rootfs / rw,relatime master:593 - zfs lxd/containers/x
rw,xattr,noacl

Como puedo modificar para tener soporte a acl

de debe hacer desde el host del contenedor o lo puedo hacer desde el
contenedor?

De antemano gracias por la ayuda.



Edward Villarroel:  @Agentedd

coucou on pourait ce voir bisous

[deleuil . raymond]

‌

Re: One-line password generator

[Brian]

On Sun 27 Aug 2017 at 17:08:16 +0200, Thomas Schmitt wrote:

> Hi,
> 
> i wrote:
> > > Quite hard
> > > to guess would be if you replace sha256sum by an encryption program with
> > > a key which you successfully keep secret.
> 
> Brian wrote:
> > Increasing difficulty in this way looks good to me. Thanks. I would most
> > certainly hope I could keep the key secret.
> 
> Now you would have a human memorizable password in your mind and a strong
> encryption key which you hopefully can keep secret on a storage device.
> (The key is not strong if you can memorize it in your wetware.)
> 
> The password known to the remote service would be generated by the script
> which combines the secrets from your brain and the storage device to one
> that is supposed to be very hard to crack.
> 
> You would best avoid to store this remote password permanently on your
> computer. I.e. let the machine forget it as early as possible. Just in case
> you get unfriendly visitors.
> 
> If your encryption key gets stolen, then your brain stored password will
> still impose some obstacle, which could give you some time to react.
> If you notice the breach, that is, and if your password is already quite
> hard to guess.
> 
> Each password should have its own encryption key, so that one stolen and
> cracked password does not weaken the encryption of other passwords.

Nothing significant to argue with here.
 
> If your password is not that strong, then you are probably better off with
> Mario Castelán Castro's approach modified by use of /dev/random instead of
> /dev/urandom.
>   https://lists.debian.org/debian-user/2017/08/msg01260.html
> 
>   head -c 16 /dev/random | base64 | head -c 22
> 
> Reading 16 bytes of good random yields up to 128 bit of secret information.

/dev/random versus /dev/urandom appears to be one of those Holy Wars
topics. I'll stay as a bystander.

> Making it printable by base64 does not change the information content.
> Cutting off the last two characters of the base 64 result does not reduce
> the secret, because any run of
> 
>   head -c 16 some_file | base64
> 
> yields "==" at these positions. It's a consequence of base64 converting
> groups of 3 bytes to groups of 4 bytes. See
>   https://en.wikipedia.org/wiki/Base64#Output_padding

Ah! That's the origin of the 3/4 I've seen in entropy calculations.
 
> This password would have to be stored entirely on a storage device because
> it is not human memorizable.

Yep.
 
> > > If you stay with sha512sum: [Duh ... that should have been 256]

Thanks for the correction.

> > > ...
> > > It would be better to convert sha512sum output from hex to binary before
> > > applying base64 to make it printable.
> 
> > Ok, I think I've got the idea here. xxd looks a useful utility for the
> > conversion.
> 
> I had no success with looking for such a thing.

It is in stretch, buster and sid.

> But be aware that the combination of a human memorizable password and
> an easy to guess hashing algorithm is much weaker than the two methods
> mentioned above.
> There is few chance that your brain can hide a secret from a bunch of
> high end processors, if they have a final goal to which they can compare
> the results of their tries.
> 
> That final goal would be the stolen list of usernames and password hashes
> and the stolen info how the hashes get generated by the service from your
> remote password.
> 
> -
> 
> This all is theory. In practice, you can fall victim to small loopholes
> in the way you use or store the highly armored passwords.
> 
> For real security concerns, consider to look for a password management
> system from people who have experience with real attacks.

I am trying to avoid password management schemes (wallets etc). Also, I
am still firm in my view that passwords for online logins can be very
safe and memorable. It is the leaking of databases and offline cracking
which has my attention now (but I am not losing any sleep over it).

To some extent, I'm with David Wright

 https://lists.debian.org/debian-user/2017/08/msg01417.html

I do not have to run faster than the bear, just faster than anyone else.

-- 
Brian.

Re: One-line password generator

[Curt]

On 2017-08-27, Thomas Schmitt  wrote:
>
>
> If your password is not that strong, then you are probably better off with
> Mario Castelán Castro's approach modified by use of /dev/random instead of
> /dev/urandom.
>   https://lists.debian.org/debian-user/2017/08/msg01260.html
>
>   head -c 16 /dev/random | base64 | head -c 22
>

So this is wrong:

https://www.2uo.de/myths-about-urandom/

(Not a rhetorical question).

-- 
"The purpose of art is to lay bare the questions that have been hidden by the 
answers."
— James Baldwin

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 27/08/2017 à 19:38, Pascal Hambourg a écrit :

Le 27/08/2017 à 18:23, herve.thib...@free.fr a écrit :

(coupé)
Pas grand-chose de nouveau, on dirait une copie de ton précédent 
message en réponse à mon avant-dernier message.
Si tu veux qu'on avance, il vaudrait mieux répondre aux questions de 
mon dernier message (suspect : DNS).



?

j'ai répondu à ta demande

nameserver 127.0.0.5 et host nic.fr

leaving the hibernate state

[Pierre Frenkiel]

hi,
I installed pm-hibernate on my laptop, and it seemed to work,
i.e. I got a black screen 10 to 15 seconds after issuing the 
pm-hibernate command, but I was unable to wake-up the laptop.

Looking on Internet I found tons of documentation about suspend and
hibernate, but amazingly, not a single line about the way to leave these 
states. 
Of course, I tried almost all the keyboard keys, without success, and 
all I could do was to  hold down the power button, which gave the normal

startup, with a "recovering journal".
My laptop is a Lenovo ideapad 110, running Stretch
Should I configure something to use pm-hibernate?
I have in syslog lines like:

Hibernation image not present or could not be loaded.

but I didn't find how to  fix that.(adding resume=/dev/disk/by-uuid/...
in /etc/default/grub changed nothing)

best regards,
--
Pierre Frenkiel

Re: How to Keep Track of Changes to the System

[Mario Castelán Castro]

On 25/08/17 22:14, ray wrote:
> I would like to find a way to keep track of changes I make to my system.  It 
> seem that I may learn from others on how they keep track of changes they make 
> to their systems.

I have a plain-text file of notes, which I keep under Mercurial version
control. I make a note here whenever I make any big change.

For manually installed packages, I install them under a directory in
“~/local/stow”. For example “~/local/stow/emacs”. Since there is a
one-to-one correspondence between packages and directories under the
“stow” directory, obtaining a list of what packages I have installed is
as easy as “ls ~/local/stow”.

The search path for executables is “~/local/bin”. I use GNU Stow to
automatically make symbolic links from here to the corresponding
directory under “~/local/stow”.

I can recommend GNU Stow to have better control over *manually*
installed packages. A common problem is that ones does “make install”
and then when one wants to delete the package, one does not know what
files one should delete, and ones does not realize if something is being
overwritten. GNU Stow solves that.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Ne tiens pas compte de ma réponse précédente, nos messages se sont croisés.

Le 27/08/2017 à 19:19, herve.thib...@free.fr a écrit :


avant ou après la connexion
herve@herve-W54-55SU1-SUW:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
resolvconf(8)

# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual 
nameservers.


nameserver 127.0.0.53


Et zut, c'est ce que je craignais, un résolveur local. Suivons donc le 
jeu de piste avec la commande aimablement indiquée dans le fichier :


systemd-resolve --status

avant et après l'établissement du VPN.


herve@herve-W54-55SU1-SUW:~$ host nic.fr
;; connection timed out; no servers could be reached


Donc pas de résolution DNS avec le VPN.


Common NameReal AddressVPN AddressBytes Sent Received

openvpn 88.174.36.83:58208172.27.232.35282.52KB 485.01KB
Connection Duration
2:46:41

donc l'adresse VPN est 172.27.232.35


C'est encore l'adresse locale de ton PC, aucun intérêt. On n'en est plus 
là de toute façon.

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[Mario Castelán Castro]

On 26/08/17 13:06, david...@freevolt.org wrote:
> On Sat, 26 Aug 2017, Mario Castelán Castro wrote:
>> Whatever you find in Tails, is there because of a Tails developer
>> put it there.
> 
> I am perpelexed by this last statement, since the uri in the error
> message reported by the Tails user[1]

..which a Tails developer has there, like I said.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 27/08/2017 à 18:23, herve.thib...@free.fr a écrit :

(coupé)
Pas grand-chose de nouveau, on dirait une copie de ton précédent message 
en réponse à mon avant-dernier message.
Si tu veux qu'on avance, il vaudrait mieux répondre aux questions de mon 
dernier message (suspect : DNS).

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 27/08/2017 à 15:17, Pascal Hambourg a écrit :

Le 27/08/2017 à 14:36, herve.thib...@free.fr a écrit :

lors de la connexion vpn j'ai
Sun Aug 27 13:44:01 2017 TUN/TAP device tun0 opened
Sun Aug 27 13:44:01 2017 TUN/TAP TX queue length set to 100
Sun Aug 27 13:44:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug 27 13:44:01 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Aug 27 13:44:01 2017 /sbin/ip addr add dev tun0 172.27.232.33/21 
broadcast 172.27.239.255


A quoi correspondent les adresses 172.27.232.29 et 172.27.232.1 ?
En tout cas, il y quelque chose à l'autre bout du VPN qui répond 
avec l'adresse 172.27.232.1.
je ne sais pas pourquoi j'ai tapé 29 alors que sans doute je devrais 
taper 33


Non, ça c'est l'adresse de l'interface VPN (tun0) sur ta propre 
machine cliente.



donc
traceroute to 172.27.232.33 (172.27.232.33), 64 hops max
   1   172.27.232.33  0,006ms  0,002ms  0,001ms

et la route est trouvée immédiatement


Forcément puisque c'est la machine cliente. On peut le voir à au temps 
quasi-nul.



herve@herve-W54-55SU1-SUW:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=35.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=35.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=36.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=36.2 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=36.1 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=55 time=35.2 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=55 time=35.6 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=55 time=34.7 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=55 time=36.6 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=55 time=36.1 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9012ms
rtt min/avg/max/mdev = 34.705/35.770/36.615/0.619 ms

Mais le navigateur web est très rapidement inutilisable avec la 
connexion


Ah, le navigateur web ! Mais ce n'est pas "internet", ça ne prouve pas 
que "la connexion se bloque".


La connectivité IP semble bonne. Il faut regarder la résolution DNS.
Que contient le fichier /etc/resolv.conf avec et sans VPN ?


(dans le dernier message envoyé j'avais modifié la fin avec d'autres 
informations)


avant ou après la connexion
herve@herve-W54-55SU1-SUW:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
resolvconf(8)

# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual 
nameservers.


nameserver 127.0.0.53


Qu'affiche

host nic.fr

herve@herve-W54-55SU1-SUW:~$ host nic.fr
;; connection timed out; no servers could be reached

même si je reactive la connexion pour faire immédiatement un host nic.fr



sans VPN, avec VPN quand le navigateur fonctionne et avec VPN quand le 
navigateur ne fonctionne plus ?


pourquoi aussi pour connecter je suis obligé de le faire comme root 
par sudo?


Parce que ça modifie la configuration réseau (création d'interface, 
configuration d'adresse IP, modification des routes...), ce qui 
requiert les privilèges administrateur.



ci dessous ce que j'avais ajouté à ma réponse

voilà ce ce que me donne

Current VPN Users

Common NameReal AddressVPN AddressBytes Sent Received

openvpn 88.174.36.83:58208172.27.232.35282.52KB 485.01KB
Connection Duration
2:46:41

donc l'adresse VPN est 172.27.232.35


herve@herve-W54-55SU1-SUW:~$ ping 172.27.232.35
PING 172.27.232.35 (172.27.232.35) 56(84) bytes of data.
64 bytes from 172.27.232.35: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 172.27.232.35: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=4 ttl=64 time=0.045 ms
64 bytes from 172.27.232.35: icmp_seq=5 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=6 ttl=64 time=0.045 ms
64 bytes from 172.27.232.35: icmp_seq=7 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=8 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=9 ttl=64 time=0.048 ms
64 bytes from 172.27.232.35: icmp_seq=10 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=11 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=12 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=13 ttl=64 time=0.049 ms
^C
--- 172.27.232.35 ping statistics ---
13 packets transmitted, 13 received, 0% packet loss, time 12295ms
rtt min/avg/max/mdev = 0.038/0.045/0.049/0.009 ms

Re: How to Keep Track of Changes to the System

[Mario Castelán Castro]

On 26/08/17 16:10, Joe wrote:
>> Thank you for the list of solutions.  It is interesting that SVN can
>> be used with etckeeper.  It looks like I should learn git.  I have
>> used SVN for other things, but I am easily pulled from my comfort
>> zone for value.  
> 
> Git is very widely used, and on important projects, so it is being
> vigorously maintained. It's probably the right choice for new projects.
New project should use Mercurial. Existing project should switch to
Mercurial.

Although Git can do anything that can be needed (and so can Mercurial),
the difference is that Git has an horrendously designed interface and
the concepts it is based on are many times irrational.

For example, consider the “git reset” command. This one deserves an
award for the most irrationally designed command in all of GNU/Linux.

If you want to change what commit the current branch points to, you must
use “git reset”, and you must memorize the meanings of “--soft”,
“--mixed”, “--hard” and “--keep”. If you do it wrong (e.g.: “keep”
instead of “--mixed”, you lose data).

But surprisingly, git reset does not always change what commit the
current branch points to. Sometimes it just moves files from a commit to
the index (“staging area”). (“git reset  -- .”).

So “git reset” does 4 things with little relation: Sometimes it moves
what commit the current branch points to and *maybe* changes the working
directory and staging area. Sometimes it just de-stages your staged
changes (“git reset”). Sometimes it cancels a failed merge. Sometimes it
copies files from an older commit to the staging area. These tasks are
group into a single command for no logical reason.

Now, this is no problem *after* you have learned how to use Git. You may
even think that well, it ought to be difficult to learn how to use it,
but that is incorrect. It is difficult only because the interface and
the concepts behind it are irrationally designed.

By contrast, Mercurial interface is very clean. Every command always
does one simple thing. This does not mean that it is less powerful.
Although in a previous time (years ago) when one could not do powerful
history modification as in Git, that era is now history.

Imagine how many man-hours are wasted learning how to use Git, which
would otherwise be used to do actual programming.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: security issues

[Mike McClain]

On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote:
>
> I have had the ultimate revenge on those who were enemies at one time,
> I've outlived the turkeys without doing anything to hasten their
> demise. ;-)
>

I thought that was worthy of being a tagline.
Hope you don't mind.
Mike
--
You can't say that civilization don't advance,
  for in every war they kill you in a new way.
- Will Rogers

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 27/08/2017 à 13:57, Pascal Hambourg a écrit :

Le 27/08/2017 à 13:22, herve.thib...@free.fr a écrit :

mais rapidement alors que la connexion n'est pas interrompue


Qu'entends-tu par "rapidement" et "pas interrompue" ?


herve@herve-W54-55SU1-SUW:~$ traceroute 172.27.232.29
traceroute to 172.27.232.29 (172.27.232.29), 64 hops max
   1   172.27.232.1  29,875ms  30,224ms  30,131ms
   2   *  *  *
   3   *  *  *
   4   *  *  *
   5   *  *  *

lors de la connexion vpn j'ai
Sun Aug 27 13:44:01 2017 TUN/TAP device tun0 opened
Sun Aug 27 13:44:01 2017 TUN/TAP TX queue length set to 100
Sun Aug 27 13:44:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug 27 13:44:01 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Aug 27 13:44:01 2017 /sbin/ip addr add dev tun0 172.27.232.33/21 
broadcast 172.27.239.255





A quoi correspondent les adresses 172.27.232.29 et 172.27.232.1 ?
En tout cas, il y quelque chose à l'autre bout du VPN qui répond avec 
l'adresse 172.27.232.1.
je ne sais pas pourquoi j'ai tapé 29 alors que sans doute je devrais 
taper 33

donc
traceroute to 172.27.232.33 (172.27.232.33), 64 hops max
  1   172.27.232.33  0,006ms  0,002ms  0,001ms

et la route est trouvée immédiatement



Que donne un traceroute vers 8.8.8.8 par exemple ?


herve@herve-W54-55SU1-SUW:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=35.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=35.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=36.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=36.2 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=36.1 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=55 time=35.2 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=55 time=35.6 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=55 time=34.7 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=55 time=36.6 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=55 time=36.1 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9012ms
rtt min/avg/max/mdev = 34.705/35.770/36.615/0.619 ms

Mais le navigateur web est très rapidement inutilisable avec la connexion

if config.ovh ne r plus

voilà ce ce que me donne

Current VPN Users

Common Name	Real Address	VPN Address	Bytes Sent Received openvpn	 
88.174.36.83:58208	172.27.232.35	282.52KB 485.01KB	

Connection Duration
2:46:41 


herve@herve-W54-55SU1-SUW:~$ ping 172.27.232.35
PING 172.27.232.35 (172.27.232.35) 56(84) bytes of data.
64 bytes from 172.27.232.35: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 172.27.232.35: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=4 ttl=64 time=0.045 ms
64 bytes from 172.27.232.35: icmp_seq=5 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=6 ttl=64 time=0.045 ms
64 bytes from 172.27.232.35: icmp_seq=7 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=8 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=9 ttl=64 time=0.048 ms
64 bytes from 172.27.232.35: icmp_seq=10 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=11 ttl=64 time=0.047 ms
64 bytes from 172.27.232.35: icmp_seq=12 ttl=64 time=0.046 ms
64 bytes from 172.27.232.35: icmp_seq=13 ttl=64 time=0.049 ms
^C
--- 172.27.232.35 ping statistics ---
13 packets transmitted, 13 received, 0% packet loss, time 12295ms
rtt min/avg/max/mdev = 0.038/0.045/0.049/0.009 ms



pourquoi aussi pour connecter je suis obligé de le faire comme root par 
sudo?


 sudo openvpn --config client.ovpn

la connexion est censée être active

Re: One-line password generator

[Mario Castelán Castro]

On 27/08/17 08:55, Brian wrote:
> Thank you for the detailed explanation. I had already come to some of
> the conclusions in your account but it is good to have them firmly and
> succinctly laid out.

You are welcome.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wow, ik verwacht nooit tegen een man te zeggen dat ik hem leuk vindt op het eerste gezicht. Elli

[Willy Geerts]

Gelieve mijn emailadres te verwijderen. Geen interesse
> Op 27 aug. 2017, om 17:47 heeft Elli Zhayo  het 
> volgende geschreven:
> 
> Je hebt dit verandert in me. 
> 
> http://bit.ly/2wS4TDA  

Resign me from your lists

[Paul Farou]

I am receiving unwanted mail from you please get me off these lists!

Paul FAROU

Re: One-line password generator

[Thomas Schmitt]

Hi,

i wrote:
> > Quite hard
> > to guess would be if you replace sha256sum by an encryption program with
> > a key which you successfully keep secret.

Brian wrote:
> Increasing difficulty in this way looks good to me. Thanks. I would most
> certainly hope I could keep the key secret.

Now you would have a human memorizable password in your mind and a strong
encryption key which you hopefully can keep secret on a storage device.
(The key is not strong if you can memorize it in your wetware.)

The password known to the remote service would be generated by the script
which combines the secrets from your brain and the storage device to one
that is supposed to be very hard to crack.

You would best avoid to store this remote password permanently on your
computer. I.e. let the machine forget it as early as possible. Just in case
you get unfriendly visitors.

If your encryption key gets stolen, then your brain stored password will
still impose some obstacle, which could give you some time to react.
If you notice the breach, that is, and if your password is already quite
hard to guess.

Each password should have its own encryption key, so that one stolen and
cracked password does not weaken the encryption of other passwords.


If your password is not that strong, then you are probably better off with
Mario Castelán Castro's approach modified by use of /dev/random instead of
/dev/urandom.
  https://lists.debian.org/debian-user/2017/08/msg01260.html

  head -c 16 /dev/random | base64 | head -c 22

Reading 16 bytes of good random yields up to 128 bit of secret information.
Making it printable by base64 does not change the information content.
Cutting off the last two characters of the base 64 result does not reduce
the secret, because any run of

  head -c 16 some_file | base64

yields "==" at these positions. It's a consequence of base64 converting
groups of 3 bytes to groups of 4 bytes. See
  https://en.wikipedia.org/wiki/Base64#Output_padding

This password would have to be stored entirely on a storage device because
it is not human memorizable.


> > If you stay with sha512sum: [Duh ... that should have been 256]
> > ...
> > It would be better to convert sha512sum output from hex to binary before
> > applying base64 to make it printable.

> Ok, I think I've got the idea here. xxd looks a useful utility for the
> conversion.

I had no success with looking for such a thing.

But be aware that the combination of a human memorizable password and
an easy to guess hashing algorithm is much weaker than the two methods
mentioned above.
There is few chance that your brain can hide a secret from a bunch of
high end processors, if they have a final goal to which they can compare
the results of their tries.

That final goal would be the stolen list of usernames and password hashes
and the stolen info how the hashes get generated by the service from your
remote password.

-

This all is theory. In practice, you can fall victim to small loopholes
in the way you use or store the highly armored passwords.

For real security concerns, consider to look for a password management
system from people who have experience with real attacks.


Have a nice day :)

Thomas

Re: SQL Server no Debian

[Leonardo Rocha]

Olá Sérgio, agradeço. Vou tentar esse primeiro link. O segundo, do portal GSTI 
não funciona com o Debian 9. Segundo consta no site foi testado com a versão 
8.7. tentei com máquina virtual e realmente apresenta problema.


⁣Enviado por BlueMail ​

Em 27 de ago de 2017 08:32, em 08:32, "Sérgio Abrantes Junior" 
 escreveu:
>Olá,
>
>Achei alguma coisa sobre:
>
>https://linux-tips.com/t/installing-microsoft-sql-server-on-debian-linux/476
>
>https://www.portalgsti.com.br/2017/01/instalando-o-sql-server-no-debian-em-17-passos.html
>
>Até!
>
>Sérgio Abrantes
>
>Em 27 de agosto de 2017 03:35, Rodolfo  escreveu:
>
>> Precisa ser o SQL Server? Porque sei que tem o MariaDB(mysql) e
>PostgreSQL.
>>
>> Em 26 de agosto de 2017 20:09, Leonardo S. S. da Rocha <
>> leonardo...@gmail.com> escreveu:
>>
>>> Pessoal, boa noite! alguém já instalou o SQL Server no Debian 9?
>>> Encontrei um artigo falando sobre essa instalação na versão 8.7 mas
>nada
>>> ainda sobre a instalação na versão 9. Estou com um cenário na
>universidade
>>> precisando dessas ferramentas. Na verdade hoje está rodando sobre
>Ubuntu
>>> 16.04 mas quero tirar o Ubuntu e colocar o Debian. Alguém pode
>sugerir algo?
>>>
>>> --
>>> Atenciosamente,
>>> (Best regards),
>>>
>>>
>>> Leonardo Rocha
>>> about.me/leonardo.rocha
>>>
>>>
>>>
>>>
>>>  Enviado com Mailtrack
>>>
>
>>>
>>
>>

Re: Re: I need help to determine package name for a bug report.

[Alexander V. Makartsev]

Package: linux-image-4.9.0-3-amd64
Version: 4.9.30-2+deb9u3
Maintainer: Debian Kernel Team 

I've already checked memory with memtest86+ and found no errors. My
hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
page table at address", so I doubt it is hardware problem.

On 27.08.2017 15:35, Zoltán Herman wrote:
> kernel team
> linux-image-
>
> May be a memory error?
>

Re: How to Keep Track of Changes to the System

[rhkramer]

On Friday, August 25, 2017 11:14:52 PM ray wrote:
> I would like to find a way to keep track of changes I make to my system. 
> It seem that I may learn from others on how they keep track of changes
> they make to their systems.
> 
> When I make changes, I don't remember where I made changes or why.
> 
> It would be great to have a log of what changes I've made, where they were
> made, how they were made (direct edit, scripted, etc.), why I made them,
> references that I used to determine the change, and what was the outcome.
> 
> Right now, I get lost in my documentation.  I research solutions, make
> notes in Onenote on a Windows machine, record configurations files that I
> will test.  But It is difficult to record results such as syslogs or
> console transactions.  More challenging is that I have different notebook
> tabs for different objectives.  So when I want to see what I changed, I
> have to go through many different objectives because I don't know what
> object I was shooting for when I made the change.
> 
> I would really like to hear how others track their changes or suggestions
> how I may tack changes.
> 
> I store all the changes on a different computer because I screw up the
> installation on my machine under test and rebuild the OS.  The laptop I am
> building to run Xen is on its 28th build.
> 
> I would appreciate any suggestions.

In general, I have similar problems, and, I don't have a good general solution 
or suggestion at this time, but I do have one suggestion to address one 
specific part of the problem.

I would suggest that you create a separate partition on the "subject" computer 
(the one on which you rebuild the OS when you have a (significant) problem with 
the OS.  Then:
   * mount that partition each (or almost each) time you rebuild the OS 
   * never reformat or delete that partition
   * when you mount the partition, create a mounting point outside the FHS 
hierarchy (i.e., not in /home)--I typically create several such partitions 
(for different reasons) using my initials or similar, for instance, I have 
rhk01, rhk02, ..., back01, back02 and such
   * keep the change log (whatever form it takes on such a partition--with 
luck they will always be available, and, it is easier to c to a file on the 
computer in question rather than "transcribe" stuff to a different computer.

Of course, a similar result could be obtained by mounting a partion on some 
other computer over the network (using, for example, NFS or Samba), or using 
SSL to write notes on the subject computer but store them on a "safer" 
computer.

Of course, in any case, the files on that separate partition should be backed 
up regulalrly, just in case (and, particularly, just before you start an OS 
rebuild).



With respect to an actual general change log (as opposed to where to keep it), 
I keep my notes in some specially formatted files for which I've created some 
"programming" (e.g., macros, and similar)  to create something that I call (at 
various times): my askSam workalike, my offline wiki-like thing, and some other 
similar names that I don't recall at the moment.  (Oh, I also consider it a 
"mashup" as it (each iteration) uses a variety of programs to provide all the 
features I want to have (for example, recoll for full text indexed search).

I've gone through several iterations, each using an editor with special macros 
to make things more convenient, but I don't currently have any features that 
do anything like monitor all of the files in /etc (and/or /var/log or similar 
locations) and record any changes, the date, and prompt me to enter a reason 
for the change.

That would be nice!

(Previous iterations have been based on nedit as the editor, then kate as the 
editor (with a different feature set, partially based on the capabilties of the 
editor), and have also included a full text indexed search system (using 
recoll).  My current focus (which I've been "working on" sporadically over the 
last 12 years or so, will be based on scintilla, which because scintilla is 
used as the editing "widgit" for quite a few editors, would open the door to 
letting me choose from a variety of editors.  (And then, maybe (not something 
I really considered before today), might include something like monitoring 
/home, etc. for changes (as mentioned somewhere above) (using things like--
well, I can't remember the name, but there are tools that monitor files for 
changes, and scintilla-based editors have a pretty powerful scripting language 
in Lua.

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 21:14:35 -0500, Mario Castelán Castro wrote:

> On 26/08/17 13:25, Brian wrote:
> > How does this
> > 
> >  echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1
> > 
> > compare with your recommendation?
> 
> I do not see the point in this post-processing.
> 
> It seems that you have a very wrong impression of what makes a password
> generation scheme be a good password generation scheme.

I'd be prepared to accept lacking :). But that's inevitable when dealing
with the innards of an unfamiliar topic. I'm getting better, though.

> For any probability distribution fixed in advanced, the *expected* (in
> the sense used in probability theory) entropy of a password generated
> with my scheme is well defined and at least 132 bits (I wanted 128 bits,
> but using Base64 the choice is between 132 bits and 126 bits because 132
> is not a multiple of 6). In other words, if you take a probability
> distribution and keep if fixed while generating a big amount of
> passwords with my scheme, the average entropy under that probability
> distribution will be at least (within sampling error) 132 bits.
> 
> This property is achieved *because* there is a source of randomness
> (that we can assume, has uniform distribution and thus maximal entropy
> per byte) in my generation scheme, not because of Base64. Base64 is
> there just to turn the random bytes into a *short* human-readable
> string. One could turn the random bytes instead into a list of words (as
> long as the mapping is one-to-one) and the same property about expected
> entropy would hold, but then the password would be *much* longer.
> 
> Length is the *only* reason to use Base64 here instead of using the
> random bytes to choose words at random.
> 
> By contrast, your “scheme” has no systematic source of randomness. It
> requires that one has already decided for a “randompassword”, and then
> post-process it. If the attacker knows the post-processing, guessing
> this password is at least as easy than guessing the input to the
> post-processing step (plus computing the hash and encoding, but this is
> negligible). Moreover, your post-processing stage loses information, as
> another user has already noted. If the attacker knows your
> post-processing method, he can speed the search by avoid trying the
> passwords that could not be possibly generated with your method because
> of this loss of information.
> 
> For example, your method will never generate a string of '...'
> because the input to Base64 are hex digits in ASCII, which never have
> the byte value 0 (0 is unprintable).
> 
> If the attacker does not know the post-processing stage, then maybe he
> will eventually begin to guess that your password is an human-generated
> password ran through a post-processing stage. Then very possibly your
> post-processing adds security (because the attacker has to guess the
> post-processing method too), but how much? *It is not well defined*. We
> already talked about non-well-defined probabilities, so I will not
> repeat that fragment.

Thank you for the detailed explanation. I had already come to some of
the conclusions in your account but it is good to have them firmly and
succinctly laid out.

-- 
Brian.

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 21:15:37 +0200, Thomas Schmitt wrote:

> Hi,
> 
> Brian wrote:
> > echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1
> 
> The quality criterion is the ease or difficulty to guess the 'secretpassword'
> by a skilled enumerator and the fact whether your attacker knows the rest
> of your processing pipeline.
> 
> If your secretpassword itself is enumerated late, then the attacker needs
> a lot of tries.
> 
> If you keep the further processing secret, then the attacker will have to
> try several hash algorithms with each enumerated input string. Quite hard
> to guess would be if you replace sha256sum by an encryption program with
> a key which you successfully keep secret.

Increasing difficulty in this way looks good to me. Thanks. I would most
certainly hope I could keep the key secret.

> If you stay with sha512sum:
> The combination of sha256sum and base64 inflates the string length before
> it gets cut to 30 characters length. So you actually throw away good bits
> which would elsewise fit into the 30 characters.
> It would be better to convert sha512sum output from hex to binary before
> applying base64 to make it printable. This brings a maximum of sha256sum
> bits into the 30 character result.

Ok, I think I've got the idea here. xxd looks a useful utility for the
conversion.

-- 
Brian.

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 20:07:34 +0100, Brian wrote:

> On Sat 26 Aug 2017 at 20:37:01 +0200, Nicolas George wrote:
> 
> > Le nonidi 9 fructidor, an CCXXV, Brian a écrit :
> > >  echo 'secretpassword' |
> > 
> > echo 'secretpassword site-name'
> > 
> > >  sha256sum - | base64
> > 
> > Very bad: since sha256sum outputs its result in hexadecimal, it only has
> > half the entropy it seems to have. The same thing with Perl's
> > Digest::b64digest would be much better.
> 
> Thanks. That is the sort of analysis I was after, (Although I will have
> to work out why hexadecimal matters).
> 
> May I impose and ask how Digest::b64digest would be used in a command
> line string of commands?

The libdigest-sha-perl package appears to be what I want. I've avoided
any serious contact with Perl for many, many years.

-- 
Brian.

Re: utilisation open.vpn chez OVH

[David Pinson]

Le 27/08/2017 à 14:52, maderios a écrit :
> On 08/27/2017 12:17 PM, Pascal Hambourg wrote:
>
>> Justement, bien souvent ceux qui suivent un tutoriels, on ne leur a
>> pas enseigné la théorie.
>>
> Salut
> Effectivement, les tutoriels donnent des "trucs" pour réussir une
> opération mais, malheureusement, n'expliquent rien. Il est beaucoup
> plus facile d'agir quand on comprend le pourquoi de ce que l'on fait.
> Certains tutoriels incluent un minimum de théorie, ce sont
> (paradoxalement) les plus simples à utiliser.
>
Je profite de ce message pour lancer une citation célèbre :

"La théorie, c’est quand on sait tout et que rien ne fonctionne.
La pratique, c’est quand tout fonctionne et que personne ne sait pourquoi.
Ici, nous avons réuni théorie et pratique :
Rien ne fonctionne… et personne ne sait pourquoi !*"
*(Albert Einstein)

Re: utilisation open.vpn chez OVH

[David Pinson]

Le 27/08/2017 à 12:17, Pascal Hambourg a écrit :
> Le 27/08/2017 à 10:32, David Pinson a écrit :
>>
>> L'avantage des tutos est de comprendre par la pratique le pourquoi du
>> comment faire.
>
> Les tutoriels décrivent le comment, mais plus rarement le pourquoi.
> Parfois ce serait juste impossible, les explications théoriques
> dépasseraient en volume les instructions pratiques et ce ne serait
> plus vraiment un tutoriel.
>
> Je pense qu'il est impératif de comprendre la motivation et les effets
> de chaque action décrite dans un tutoriel. C'est nécessaire pour
> savoir quand ne pas suivre à la lettre un tutoriel parce qu'on est
> dans un cas particulier qui demande un ajustement.
>
>> On nous enseigne souvent la théorie avant la pratique et on a toujours
>> besoin d'un repère dans l'espace auquel appartient le sujet de la
>> théorie.
>
> Justement, bien souvent ceux qui suivent un tutoriels, on ne leur a
> pas enseigné la théorie.
>
>Salut
>Effectivement, les tutoriels donnent des "trucs" pour réussir une
opération mais, malheureusement,
>n'expliquent rien. Il est beaucoup plus facile d'agir quand on comprend
le pourquoi de ce que l'on fait. Certains
>tutoriels incluent un minimum de théorie, ce sont (paradoxalement) les
plus simples à utiliser.

Ce n'est pas faux ce que tu écris,
je pense qu'il serait très intéressant de distinguer les utilisateurs
qui utilisent les tutos.

Un exemple pour mon cas: je suis technicien supérieur et j'utilise cette
méthode pour mieux appréhender les théories et les explications issues
de la commande 'man'.
Libre à vous d'adapter vos avis, il y aura toujours le pour et le contre.

Librement,
David

"... La connaissance s’acquiert par l’expérience, tout le reste n’est
que de l’information..." *– Albert Einstein*

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 27/08/2017 à 14:36, herve.thib...@free.fr a écrit :

lors de la connexion vpn j'ai
Sun Aug 27 13:44:01 2017 TUN/TAP device tun0 opened
Sun Aug 27 13:44:01 2017 TUN/TAP TX queue length set to 100
Sun Aug 27 13:44:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug 27 13:44:01 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Aug 27 13:44:01 2017 /sbin/ip addr add dev tun0 172.27.232.33/21 
broadcast 172.27.239.255


A quoi correspondent les adresses 172.27.232.29 et 172.27.232.1 ?
En tout cas, il y quelque chose à l'autre bout du VPN qui répond avec 
l'adresse 172.27.232.1.
je ne sais pas pourquoi j'ai tapé 29 alors que sans doute je devrais 
taper 33


Non, ça c'est l'adresse de l'interface VPN (tun0) sur ta propre machine 
cliente.



donc
traceroute to 172.27.232.33 (172.27.232.33), 64 hops max
   1   172.27.232.33  0,006ms  0,002ms  0,001ms

et la route est trouvée immédiatement


Forcément puisque c'est la machine cliente. On peut le voir à au temps 
quasi-nul.



herve@herve-W54-55SU1-SUW:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=35.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=35.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=36.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=36.2 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=36.1 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=55 time=35.2 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=55 time=35.6 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=55 time=34.7 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=55 time=36.6 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=55 time=36.1 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9012ms
rtt min/avg/max/mdev = 34.705/35.770/36.615/0.619 ms

Mais le navigateur web est très rapidement inutilisable avec la connexion


Ah, le navigateur web ! Mais ce n'est pas "internet", ça ne prouve pas 
que "la connexion se bloque".


La connectivité IP semble bonne. Il faut regarder la résolution DNS.
Que contient le fichier /etc/resolv.conf avec et sans VPN ?
Qu'affiche

host nic.fr

sans VPN, avec VPN quand le navigateur fonctionne et avec VPN quand le 
navigateur ne fonctionne plus ?


pourquoi aussi pour connecter je suis obligé de le faire comme root par 
sudo?


Parce que ça modifie la configuration réseau (création d'interface, 
configuration d'adresse IP, modification des routes...), ce qui requiert 
les privilèges administrateur.

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 27/08/2017 à 13:57, Pascal Hambourg a écrit :

Le 27/08/2017 à 13:22, herve.thib...@free.fr a écrit :

mais rapidement alors que la connexion n'est pas interrompue


Qu'entends-tu par "rapidement" et "pas interrompue" ?


herve@herve-W54-55SU1-SUW:~$ traceroute 172.27.232.29
traceroute to 172.27.232.29 (172.27.232.29), 64 hops max
   1   172.27.232.1  29,875ms  30,224ms  30,131ms
   2   *  *  *
   3   *  *  *
   4   *  *  *
   5   *  *  *

lors de la connexion vpn j'ai
Sun Aug 27 13:44:01 2017 TUN/TAP device tun0 opened
Sun Aug 27 13:44:01 2017 TUN/TAP TX queue length set to 100
Sun Aug 27 13:44:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug 27 13:44:01 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Aug 27 13:44:01 2017 /sbin/ip addr add dev tun0 172.27.232.33/21 
broadcast 172.27.239.255





A quoi correspondent les adresses 172.27.232.29 et 172.27.232.1 ?
En tout cas, il y quelque chose à l'autre bout du VPN qui répond avec 
l'adresse 172.27.232.1.
je ne sais pas pourquoi j'ai tapé 29 alors que sans doute je devrais 
taper 33

donc
traceroute to 172.27.232.33 (172.27.232.33), 64 hops max
  1   172.27.232.33  0,006ms  0,002ms  0,001ms

et la route est trouvée immédiatement



Que donne un traceroute vers 8.8.8.8 par exemple ?


herve@herve-W54-55SU1-SUW:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=35.4 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=35.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=36.4 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=36.2 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=36.1 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=55 time=35.2 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=55 time=35.6 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=55 time=34.7 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=55 time=36.6 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=55 time=36.1 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9012ms
rtt min/avg/max/mdev = 34.705/35.770/36.615/0.619 ms

Mais le navigateur web est très rapidement inutilisable avec la connexion

pourquoi aussi pour connecter je suis obligé de le faire comme root par 
sudo?


 sudo openvpn --config client.ovpn

Re: utilisation open.vpn chez OVH

[maderios]

On 08/27/2017 12:17 PM, Pascal Hambourg wrote:

Justement, bien souvent ceux qui suivent un tutoriels, on ne leur a pas 
enseigné la théorie.



Salut
Effectivement, les tutoriels donnent des "trucs" pour réussir une 
opération mais, malheureusement, n'expliquent rien. Il est beaucoup plus 
facile d'agir quand on comprend le pourquoi de ce que l'on fait. 
Certains tutoriels incluent un minimum de théorie, ce sont 
(paradoxalement) les plus simples à utiliser.


--
Maderios

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 27/08/2017 à 13:22, herve.thib...@free.fr a écrit :

mais rapidement alors que la connexion n'est pas interrompue


Qu'entends-tu par "rapidement" et "pas interrompue" ?


herve@herve-W54-55SU1-SUW:~$ traceroute 172.27.232.29
traceroute to 172.27.232.29 (172.27.232.29), 64 hops max
   1   172.27.232.1  29,875ms  30,224ms  30,131ms
   2   *  *  *
   3   *  *  *
   4   *  *  *
   5   *  *  *


A quoi correspondent les adresses 172.27.232.29 et 172.27.232.1 ?
En tout cas, il y quelque chose à l'autre bout du VPN qui répond avec 
l'adresse 172.27.232.1.


Que donne un traceroute vers 8.8.8.8 par exemple ?

Re: How to Keep Track of Changes to the System

[hdv@gmail]

On 2017-08-26 05:14, ray wrote:
> I would like to find a way to keep track of changes I make to my system.  It
> seem that I may learn from others on how they keep track of changes they make
> to their systems.
> 
> When I make changes, I don't remember where I made changes or why.
> 
> It would be great to have a log of what changes I've made, where they were
> made, how they were made (direct edit, scripted, etc.), why I made them,
> references that I used to determine the change, and what was the outcome.
> 
> Right now, I get lost in my documentation.  I research solutions, make notes
> in Onenote on a Windows machine, record configurations files that I will
> test.  But It is difficult to record results such as syslogs or console
> transactions.  More challenging is that I have different notebook tabs for
> different objectives.  So when I want to see what I changed, I have to go
> through many different objectives because I don't know what object I was
> shooting for when I made the change.
> 
> I would really like to hear how others track their changes or suggestions how
> I may tack changes.
> 
> I store all the changes on a different computer because I screw up the
> installation on my machine under test and rebuild the OS.  The laptop I am
> building to run Xen is on its 28th build.
> 
> I would appreciate any suggestions.
> 
> Ray
> 

Hi Ray,

I just returned from a short holiday, so I am a bit late to the party, but... if
you don't want to set up a full versioning system I might have something else
for you. About 10 years ago I had the same need as you. What I did was write a
perl-script that automatically makes a timestamped backup of each file you edit
to a directory you define yourself (in that directory the full path of the
original is preserved). You use it like visudo, you just call it like this:

vicf 

All the rest happens automagically.

Of course this will only help for plain-text files and it doesn't provide for
the annotations you mentioned. But if you are interested I
can mail it to you.

Grx HdV

P.S. Here's the output of the help so you can decide if this is what you need:

vicf --help

Usage:
vicf [options] 

List of options:

[-h|--help|-?] [--manual] [-V|--version] [-r|--root ]
[-d|--datetime ] [-n|--sequencenr ]
[-a|--append_sequencenr] [-p|--permissions] [-o|--owner] [-g|--group]
[-t|--times] [-b|--backup] [-x|--x_editor]

Options:
--help
Print a brief help message.

--manual
Print the full manual.

--version
Print version and copyright information.

--root
The directory under which a dated copy of the original file should
be stored.

--datetime
A format string suitable for strftime(). Together with the local
time this parameter will used as input for strftime(). The result
will be appended to the name of the target file. See man 3 strftime
for more details.

--sequencenr
A format string suitable for sprintf(). This will be used to
generate a sequence number, which will be append to the filename if
the target file already exists.

--append_sequencenr
Append a sequence number to the filename, even if it does not exist.
Used to start sequences at 1 instead of 2.

--permissions
Preserve the access permissions of the original file.

--owner
Preserve the owner of the original file.

--group
Preserve the group of the original file.

--times
Preserve the access and modification times of the original file.

--backup
Instruct the editor to make a backup of the original file. This is a
convenience option that has nothing to do with the dated copy of the
original file.

--x_editor
Start the editor in graphical mode instead of console mode.

At the top of the code there is a section named 'User-definable
defaults' where defaults appropriate for the current environment can be
set. Doing so alleviates the need to specify options on every invocation
of the program.

Arguments:
This program accepts only one argument, which is the path to the file to
be edited.

Re: SQL Server no Debian

[Leonardo Rocha]

Olá Rodolfo, pois é, o pior é que sim. Como é um servidor de um 
laboratório de pesquisa, instalo estes recursos pra alunos que estão 
desenvolvendo algum projeto. Este em específico o guri só sabe mexer com 
Sql Server. Usuário Windows.



On 27-08-2017 03:35, Rodolfo wrote:
Precisa ser o SQL Server? Porque sei que tem o MariaDB(mysql) e 
PostgreSQL.


Em 26 de agosto de 2017 20:09, Leonardo S. S. da Rocha 
> escreveu:


Pessoal, boa noite! alguém já instalou o SQL Server no Debian 9?
Encontrei um artigo falando sobre essa instalação na versão 8.7
mas nada ainda sobre a instalação na versão 9. Estou com um
cenário na universidade precisando dessas ferramentas. Na verdade
hoje está rodando sobre Ubuntu 16.04 mas quero tirar o Ubuntu e
colocar o Debian. Alguém pode sugerir algo?

-- 
Atenciosamente,

(Best regards),


Leonardo Rocha
about.me/leonardo.rocha 




 Enviado com Mailtrack

Re: utilisation open.vpn chez OVH

[herve.thib...@free.fr]

Le 26/08/2017 à 22:33, Pascal Hambourg a écrit :

Le 26/08/2017 à 16:39, hervé thibaud a écrit :


Package tout installé pour vous montrer mes capacités en infomatique


Qu'est-ce c'est censé nous dire de tes capacités ?


tes questions sur adresse publique et interne IP ne m'inspire pas


Je n'ai pas posé de questions, j'ai juste suggéré des tests.

L'adresse IP publique, c'est celle que tu mets dans la configuration 
de ton client VPN pour se connecter au serveur. Quand tu fais un ping 
ou traceroute vers cette adresse, ça ne passe pas dans le VPN mais ça 
prend le même chemin que lui.


L'adresse IP interne, c'est celle qui est configurée sur l'interface 
tun ou tap matérialisant le VPN sur le serveur. Quand tu fais un ping 
ou traceroute vers cette adresse, ça passe dans le VPN.


car à ma connaissance je n'ai qu'une ip qui m'a été fournie et l'état 
de l'interface VPN ne me parle pas beaucoup


ifconfig -a
ip addr

j'ai suivi le tuto pour installer le client sur mon linux ubuntu 
17.04 et android sur un mon smartphone galaxy s5


Je soupçonne que le "syndrome du tuto" a encore frappé : on suit des 
instructions bêtement sans rien y comprendre.



ping et traceroute vers adresse du VPS

herve@herve-W54-55SU1-SUW:~$ ping 37.59.122.236
PING 37.59.122.236 (37.59.122.236) 56(84) bytes of data.
64 bytes from 37.59.122.236: icmp_seq=1 ttl=51 time=30.1 ms
64 bytes from 37.59.122.236: icmp_seq=2 ttl=51 time=29.4 ms
64 bytes from 37.59.122.236: icmp_seq=3 ttl=51 time=28.8 ms
64 bytes from 37.59.122.236: icmp_seq=4 ttl=51 time=29.3 ms
64 bytes from 37.59.122.236: icmp_seq=5 ttl=51 time=29.0 ms
64 bytes from 37.59.122.236: icmp_seq=6 ttl=51 time=30.0 ms
64 bytes from 37.59.122.236: icmp_seq=7 ttl=51 time=30.0 ms
64 bytes from 37.59.122.236: icmp_seq=8 ttl=51 time=29.3 ms
^C
--- 37.59.122.236 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7010ms
rtt min/avg/max/mdev = 28.817/29.547/30.189/0.479 ms

herve@herve-W54-55SU1-SUW:~$ traceroute 37.59.122.236
traceroute to 37.59.122.236 (37.59.122.236), 64 hops max
  1   192.168.0.254  0,697ms  0,591ms  0,579ms
  2   88.174.36.254  16,800ms  18,146ms  18,201ms
  3   213.228.11.254  18,541ms  17,733ms  17,937ms
  4   194.149.161.177  18,963ms  19,585ms  19,872ms
  5   194.149.162.109  26,845ms  23,755ms  31,956ms
  6   194.149.163.170  26,182ms  24,217ms  24,945ms
  7   213.186.32.237  26,220ms  24,187ms  24,608ms
  8   *  *  *
  9   *  *  *
 10   37.187.232.75  30,111ms  29,353ms  29,320ms
 11   *  *  *
 12   51.255.246.234  30,537ms  28,498ms  28,361ms
 13   *  *  *
 14   37.59.122.236  30,058ms  29,441ms  29,552ms

ifconfig -a
enp3s0f1: flags=4163  mtu 1500
inet 192.168.0.13  netmask 255.255.255.0  broadcast 192.168.0.255
inet6 fe80::5507:f86b:a9c7:861b  prefixlen 64  scopeid 0x20
ether 80:fa:5b:22:80:0d  txqueuelen 1000  (Ethernet)
RX packets 20125  bytes 12536818 (12.5 MB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 18703  bytes 2659753 (2.6 MB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1000  (Boucle locale)
RX packets 1113  bytes 82953 (82.9 KB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 1113  bytes 82953 (82.9 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305 mtu 1500
inet 172.27.232.31  netmask 255.255.248.0  destination 
172.27.232.31

inet6 fe80::8d1d:6d3e:afef:fcd  prefixlen 64  scopeid 0x20
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
txqueuelen 100  (UNSPEC)

RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 7  bytes 352 (352.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp2s0: flags=4098  mtu 1500
ether 1e:16:20:60:1c:1c  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp3s0f1:  mtu 1500 qdisc pfifo_fast 
state UP group default qlen 1000

link/ether 80:fa:5b:22:80:0d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.13/24 brd 192.168.0.255 scope global dynamic enp3s0f1
   valid_lft 849460sec preferred_lft 849460sec
inet6 fe80::5507:f86b:a9c7:861b/64 scope link
   

Re: SQL Server no Debian

[Sérgio Abrantes Junior]

Olá,

Achei alguma coisa sobre:

https://linux-tips.com/t/installing-microsoft-sql-server-on-debian-linux/476

https://www.portalgsti.com.br/2017/01/instalando-o-sql-server-no-debian-em-17-passos.html

Até!

Sérgio Abrantes

Em 27 de agosto de 2017 03:35, Rodolfo  escreveu:

> Precisa ser o SQL Server? Porque sei que tem o MariaDB(mysql) e PostgreSQL.
>
> Em 26 de agosto de 2017 20:09, Leonardo S. S. da Rocha <
> leonardo...@gmail.com> escreveu:
>
>> Pessoal, boa noite! alguém já instalou o SQL Server no Debian 9?
>> Encontrei um artigo falando sobre essa instalação na versão 8.7 mas nada
>> ainda sobre a instalação na versão 9. Estou com um cenário na universidade
>> precisando dessas ferramentas. Na verdade hoje está rodando sobre Ubuntu
>> 16.04 mas quero tirar o Ubuntu e colocar o Debian. Alguém pode sugerir algo?
>>
>> --
>> Atenciosamente,
>> (Best regards),
>>
>>
>> Leonardo Rocha
>> about.me/leonardo.rocha
>>
>>
>>
>>
>>  Enviado com Mailtrack
>> 
>>
>
>

VAT Consultants - Level Financials

[Omar Kamal]

If you are unable to view this email properly Click here





You are receiving this email because you have subscribed to our email 
newsletters services or are registered with one of our Partner or affiliate 
sites.

If you no longer to wish to receive emails please Click Here

Re: I need help to determine package name for a bug report.

[Zoltán Herman]

kernel team
linux-image-

May be a memory error?

2017. aug. 27. 12:13 ezt írta ("Alexander V. Makartsev" ):

Hello.

On rare occasion, I have these strange system lockups that seems to be
tied to "ALC88" sound driver\kernel module.
I am unable to determine package name to file a bug report.
All information I have is this syslog from previous boot. Got it with
"journalctl -b -1"
>From what I can tell it could be alsa, or pulseaudio, or kernel, or one
of its modules.
 cut 
авг 25 20:45:59 fortune kernel: alsa-sink-ALC88: Corrupted page table at
address 7f018fe0
авг 25 20:45:59 fortune kernel: PGD 442eb9067
авг 25 20:45:59 fortune kernel: PUD 423196067
авг 25 20:45:59 fortune kernel: PMD 80045fae08e7
 cut 
авг 25 20:45:59 fortune kernel: sched: RT throttling activated
авг 25 20:45:59 fortune kernel: BUG: unable to handle kernel paging
request at fffeffa0005f
авг 25 20:45:59 fortune kernel: IP: [] 0xfffeee19a725
авг 25 20:45:59 fortune kernel: PGD 346a0a067
авг 25 20:45:59 fortune kernel: PUD 0
авг 25 20:45:59 fortune kernel:
авг 25 20:45:59 fortune kernel: Oops:  [#2] SMP
 cut 
авг 25 20:46:33 fortune kernel: kernel BUG at
/build/linux-me40Ry/linux-4.9.30/mm/slab.c:2981!
авг 25 20:46:33 fortune kernel: invalid opcode:  [#3] SMP
 cut 
авг 25 20:46:33 fortune kernel: NMI watchdog: BUG: soft lockup - CPU#2
stuck for 22s! [psensor:1185]

 cut 

Re: utilisation open.vpn chez OVH

[Pascal Hambourg]

Le 27/08/2017 à 10:32, David Pinson a écrit :


L'avantage des tutos est de comprendre par la pratique le pourquoi du
comment faire.


Les tutoriels décrivent le comment, mais plus rarement le pourquoi.
Parfois ce serait juste impossible, les explications théoriques 
dépasseraient en volume les instructions pratiques et ce ne serait plus 
vraiment un tutoriel.


Je pense qu'il est impératif de comprendre la motivation et les effets 
de chaque action décrite dans un tutoriel. C'est nécessaire pour savoir 
quand ne pas suivre à la lettre un tutoriel parce qu'on est dans un cas 
particulier qui demande un ajustement.



On nous enseigne souvent la théorie avant la pratique et on a toujours
besoin d'un repère dans l'espace auquel appartient le sujet de la théorie.


Justement, bien souvent ceux qui suivent un tutoriels, on ne leur a pas 
enseigné la théorie.

I need help to determine package name for a bug report.

[Alexander V. Makartsev]

Hello.

On rare occasion, I have these strange system lockups that seems to be
tied to "ALC88" sound driver\kernel module.
I am unable to determine package name to file a bug report.
All information I have is this syslog from previous boot. Got it with
"journalctl -b -1"
>From what I can tell it could be alsa, or pulseaudio, or kernel, or one
of its modules.
 cut 
авг 25 20:45:59 fortune kernel: alsa-sink-ALC88: Corrupted page table at
address 7f018fe0
авг 25 20:45:59 fortune kernel: PGD 442eb9067
авг 25 20:45:59 fortune kernel: PUD 423196067
авг 25 20:45:59 fortune kernel: PMD 80045fae08e7
 cut 
авг 25 20:45:59 fortune kernel: sched: RT throttling activated
авг 25 20:45:59 fortune kernel: BUG: unable to handle kernel paging
request at fffeffa0005f
авг 25 20:45:59 fortune kernel: IP: [] 0xfffeee19a725
авг 25 20:45:59 fortune kernel: PGD 346a0a067
авг 25 20:45:59 fortune kernel: PUD 0
авг 25 20:45:59 fortune kernel:
авг 25 20:45:59 fortune kernel: Oops:  [#2] SMP
 cut 
авг 25 20:46:33 fortune kernel: kernel BUG at
/build/linux-me40Ry/linux-4.9.30/mm/slab.c:2981!
авг 25 20:46:33 fortune kernel: invalid opcode:  [#3] SMP
 cut 
авг 25 20:46:33 fortune kernel: NMI watchdog: BUG: soft lockup - CPU#2
stuck for 22s! [psensor:1185]

 cut 

Re: utilisation open.vpn chez OVH

[David Pinson]

Le 27/08/2017 à 00:02, Pierre L. a écrit :
> Bon faut avouer aussi que bien souvent, le "tuto" n'apporte pas les
> infos nécessaires à comprendre les commandes qu'on balance dans un
> terminal ;)
> Parfois c'est très bien documenté, avec chaque argument bien détaillé,
> un bonheur !
>
> Sinon il se trouve où le tuto que tu as suivi ? Il y a peut-être une
> coquille dedans ? Les experts dans l'ombre pourront zieuter au cas où...
>
>
>
> Le 26/08/2017 à 22:33, Pascal Hambourg a écrit :
>> Je soupçonne que le "syndrome du tuto" a encore frappé : on suit des
>> instructions bêtement sans rien y comprendre.
Bonjour,

L'avantage des tutos est de comprendre par la pratique le pourquoi du
comment faire.

On nous enseigne souvent la théorie avant la pratique et on a toujours
besoin d'un repère
dans l'espace auquel appartient le sujet de la théorie.
Me tromperai-je ?

Librement vôtre,
David

Re: Package postgresql-9.6 is not configured yet

[Marco DE BOOIJ]

The script stops at: invoke-rc.d postgresql start $VERSION # 
systemd: argument ignored, starts all versions


This is the last step in the configure_version() function. Is this 
really necessary when you use systemctl? Can I comment it safely just to 
finish the configuration?


The server has already started a few times so I am sure that postgresql 
restarts. Here is information on the postgresql service:


root:~# systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
   Loaded: loaded (/lib/systemd/system/postgresql.service; enabled)
   Active: active (exited) since Fri 2017-08-25 08:08:22 CEST; 2 days ago
 Main PID: 1269 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/postgresql.service

Aug 25 08:08:22 jessie systemd[1]: Started PostgreSQL RDBMS.
root:~#


Op 23-08-17 om 19:13 schreef Greg Wooledge:

On Wed, Aug 23, 2017 at 11:28:14AM -0400, Cindy-Sue Causey wrote:

On 8/23/17, Marco DE BOOIJ  wrote:

root:~# dpkg --configure postgresql-9.6
Setting up postgresql-9.6 (9.6.4-1.pgdg80+1) ...
dpkg: error processing package postgresql-9.6 (--configure):
   subprocess installed post-installation script returned error exit
status 102
Errors were encountered while processing:
   postgresql-9.6

A search attempt on the Net landed me the possibility that I'm thinking of:

dpkg --configure -a

Yes, that's probably the first thing to try.  But if that fails (again),
then the problem appears to be in the postinst script itself, or more
precisely whatever command the postinst script executes.

I don't have a stretch box with postgresql-9.6 installed at the moment,
but looking at a jessie box with -9.4, the postinst is simply this:

=
#!/bin/sh

set -e

VERSION=9.4

if [ "$1" = configure ]; then
 . /usr/share/postgresql-common/maintscripts-functions

 configure_version $VERSION "$2"
fi
=

Following the trail, the configure_version function is defined in
/usr/share/postgresql-common/maintscripts-functions and looks like:

=
configure_version() {
 VERSION="$1"

 # Create a main cluster for given version ($1) if no cluster already exists
 # for that version and we are installing from scratch.
 [ "$VERSION" ] || { echo "Error: configure_version: need version parameter" 
>&2; exit 1; }
 if [ ! -d "/etc/postgresql/$VERSION" ] || [ -z "$(ls 
/etc/postgresql/$VERSION)" ] || \
[ -z "$(ls /etc/postgresql/$VERSION/*/postgresql.conf 2>/dev/null)" ]; 
then
 # skip creating the main cluster when this is not the first install, or
 # when explicitely disabled ($create is 1/0/"")
 create=$(perl -I/usr/share/postgresql-common -mPgCommon -e 'print 
PgCommon::config_bool(PgCommon::get_conf_value 0, 0, "createcluster.conf", 
"create_main_cluster")')
 if [ -z "$2" ] && [ "$create" != "0" ]; then
 set_system_locale
 /usr/bin/pg_createcluster -u postgres $VERSION main ||
 echo "Error: could not create default cluster. Please create 
it manually with

   pg_createcluster $VERSION main --start

or a similar command (see 'man pg_createcluster')." >&2
 fi
 fi

 _link_manpages "$VERSION" postmaster.1.gz "postgresql-$1" 
"postgresql-contrib-$1"

 if [ -x /etc/init.d/postgresql ] && [ ! -x /etc/init.d/postgresql-$VERSION 
]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
 invoke-rc.d postgresql start $VERSION || exit $?
 else
 /etc/init.d/postgresql start $VERSION || exit $?
 fi

 fi
}
=

Of course the stretch version may be different.  Assuming Marco is
even running stretch; he didn't say.

So, to figure out what's breaking, what I would do is put "set -x" at the
start of the configure_version function, and "set +x" at the end of it.
Then try dpkg --configure -a once again.  That should give you a shell
trace of the commands being executed in that function, so you can see
which one breaks.

Assuming Marco's versions of these scripts look basically like jessie's.

Re: SQL Server no Debian

[Rodolfo]

Precisa ser o SQL Server? Porque sei que tem o MariaDB(mysql) e PostgreSQL.

Em 26 de agosto de 2017 20:09, Leonardo S. S. da Rocha <
leonardo...@gmail.com> escreveu:

> Pessoal, boa noite! alguém já instalou o SQL Server no Debian 9? Encontrei
> um artigo falando sobre essa instalação na versão 8.7 mas nada ainda sobre
> a instalação na versão 9. Estou com um cenário na universidade precisando
> dessas ferramentas. Na verdade hoje está rodando sobre Ubuntu 16.04 mas
> quero tirar o Ubuntu e colocar o Debian. Alguém pode sugerir algo?
>
> --
> Atenciosamente,
> (Best regards),
>
>
> Leonardo Rocha
> about.me/leonardo.rocha
>
>
>
>
>  Enviado com Mailtrack
> 
>