Re: Encrypted RAID1 for storage with Debian Stretch

[David Christensen]

On 08/30/17 04:28, commentsab...@riseup.net wrote:
...

Here is a picture of what I'm trying to achieve:
https://imgur.com/a/DAM8D (the "Today" column).

I am trying to build a home backup system. The system (Debian Stretch)
will be on a SSD. For the time being, I only have one pair of HDDs (the
"Today" column in the picture) ; in the future (the "Future" column), I
would like to add other pairs of HDD to store other kind of data.

This backup system will only be turned on when needed, I don't plan on
using it as some sort of server or a NAS.

We are talking about software RAID1.

I would like everything to be encrypted (FDE), from the system (/ and
/swap) to the RAID1 drives.

Debian will be installed via a USB stick.

If possible, I would like to have different encryption keys for the
system and the various RAID1 pairs (in the "Future" column in the
picture, one for the system, one for "work", one for "family", one for
"misc"). So that I can give the system encryption passphrase, "family"
and "misc" ones to my wife and keep the "work" one for myself.

As stated in another mail of the thread, I'm a complete noob when it
comes to this kind of operations so I'm looking for a step by step ELI5
explanation (I have tried to use the Debian graphical installer to
achieve this but have failed because I was just messing around with the
options trying to figure out what to do).

For the sake of the discussion: here is the complete archive of this
thread
https://groups.google.com/forum/#!topic/linux.debian.user/jjdr6LXaOm8

You'll notice that Joshua Schaeffer provided what seems to be a complete
solution but I have no idea how to go from "I have my computer with all
the drives plugged in, Debian installer on USB stick and I launched the
graphical installer" to "enter these commands into a terminal to achieve
what you are trying to do" :
https://groups.google.com/d/msg/linux.debian.user/jjdr6LXaOm8/Pals7djzAAAJ

Note: I am not criticizing Joshua's answer in any way, I am grateful for
it, I am just underlying (once again) the fact that I am a noob on this
topic :)

Thank you in advance for your help :)

CA

PS: at the time of my first mail, Stretch wasn't the "stable" release
yet (I have now updated the title from "Jessie" to "Stretch")


STFW you might find step-by-step instructions for something similar to 
what you want, but this is Linux and the whole point is to learn enough 
to do it yourself.



The most common Linux encryption technology is variously called LUKS and 
dm-crypt.  The command-line administration tool is cryptsetup(8).



There are at least two ways to do software RAID on Linux:

1.  MD arrays -- the administration tool is mdadm(8).

2.  LVM RAID -- the administration tool is lvm(8).


Start by STFW the underlying technologies:

https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

https://en.wikipedia.org/wiki/Mdadm

https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)


Then RTFM the tools:

https://linux.die.net/man/


If you want to combine encryption and RAID 1, you're going to need to 
choose between encrypting one RAID volume or RAID'ing two encrypted 
volumes.  There are trade-off's either way.  A primary consideration 
will be whether or not you have a processor with AES-NI:


https://en.wikipedia.org/wiki/AES_instruction_set


Read up the links above and then post when you're ready.


David

Re: How to Keep Track of Changes to the System

[ray]

On Sunday, August 27, 2017 at 9:00:05 AM UTC-5, rhkr...@gmail.com wrote:
...snip...

Hi RHKR,

Thank you.  This is an interesting way to store the broken system.  It will be 
like a junk yard that I can copy out of.  

Partitioning will be a challenge.  Currently, this is laptop runs LVM.  I have 
two groups.  The system is on one, the other I plan on using for VM storage.  I 
could break the one for VMs into groups for file systems.  I am not sure how to 
use this.  Once I have these different groups, if I want to rebuild, I will 
need to have the new system installed to one of the unused VGs.  I have a  
quandary about this each time I rebuild, I have a challenge with the Debian 
installer on where to put the new system.  It seem like I rebuild the LVM each 
time which means I would wipe out the previous system.

Ray

Ray

Selecting text

[Hugo Vanwoerkom]

Hi,

I usually select pieces of text on the screen running X with the mouse 
by pointing to it and then dragging to where the end is. The piece will 
turn blue. Then cntrl+c will copy the piece to the clipboard and cntrl+v 
will paste it.


I now have a strange situation that on one system running Stretch + Sid 
the piece of text does not turn color when selecting it.


Anybody know what to do in that case?

Hugo

Re: How to Keep Track of Changes to the System

[ray]

On Sunday, August 27, 2017 at 6:50:06 AM UTC-5, hdv@gmail wrote:
> On 2017-08-26 05:14, ray wrote:
> > I would like to find a way to keep track of changes I make to my system.  
> > ...snip
> Hi Ray,
> 
> I just returned from a short holiday, so I am a bit late to the party, but... 
> if
> you don't want to set up a full versioning system I might have something else
> for you. About 10 years ago I had the same need as you. What I did was write a
> perl-script that automatically makes a timestamped backup of each file you 
> edit
> to a directory you define yourself (in that directory the full path of the
> original is preserved). You use it like visudo, you just call it like this:
> 
> vicf 
> 
> All the rest happens automagically.
> 
> Of course this will only help for plain-text files and it doesn't provide for
> the annotations you mentioned. But if you are interested I
> can mail it to you.
> 
> Grx HdV
...snip

Yes, I would like to work with this.  I should be able to modify the perl 
script to also save a tag file to hold the metadata.  So now I have a reason to 
learn some perl.

Thank you.
Ray

Re: Encrypted RAID1 for storage with Debian Jessie

[commentsabout]

(there was a problem with my subscription to the list, I am not sure
that my previous mail went through, copy/pasting it again just in case -
sorry for the spam if you received it twice)

Hello,

On 2017-06-07 06:11, Andy Smith wrote:
> On Wed, May 10, 2017 at 11:41:30PM +, commentsab...@riseup.net wrote:
>> From there on, how should I proceed ?
> 
> What is your goal? Exactly what setup do you have now?
> 
> You are not making it easy for people to help you as your email does
> not thread back to whatever you were discussing before. So I'm
> afraid you'll have to remind us.
> 
> If you're just looking to set up software RAID with encryption, all
> of that can be done from the Debian installer.

Sorry, I'll start again from the beginning :

Here is a picture of what I'm trying to achieve:
https://imgur.com/a/DAM8D (the "Today" column).

I am trying to build a home backup system. The system (Debian Stretch)
will be on a SSD. For the time being, I only have one pair of HDDs (the
"Today" column in the picture) ; in the future (the "Future" column), I
would like to add other pairs of HDD to store other kind of data.

This backup system will only be turned on when needed, I don't plan on
using it as some sort of server or a NAS.

We are talking about software RAID1.

I would like everything to be encrypted (FDE), from the system (/ and
/swap) to the RAID1 drives.

Debian will be installed via a USB stick.

If possible, I would like to have different encryption keys for the
system and the various RAID1 pairs (in the "Future" column in the
picture, one for the system, one for "work", one for "family", one for
"misc"). So that I can give the system encryption passphrase, "family"
and "misc" ones to my wife and keep the "work" one for myself.

As stated in another mail of the thread, I'm a complete noob when it
comes to this kind of operations so I'm looking for a step by step ELI5
explanation (I have tried to use the Debian graphical installer to
achieve this but have failed because I was just messing around with the
options trying to figure out what to do).

For the sake of the discussion: here is the complete archive of this
thread : 
https://groups.google.com/forum/#!topic/linux.debian.user/jjdr6LXaOm8

You'll notice that Joshua Schaeffer provided what seems to be a complete
solution but I have no idea how to go from "I have my computer with all
the drives plugged in, Debian installer on USB stick and I launched the
graphical installer" to "enter these commands into a terminal to achieve
what you are trying to do" :
https://groups.google.com/d/msg/linux.debian.user/jjdr6LXaOm8/Pals7djzAAAJ

Note: I am not criticizing Joshua's answer in any way, I am grateful for
it, I am just underlying (once again) the fact that I am a noob on this
topic :)

Thank you in advance for your help :)

CA

PS: at the time of my first mail, Stretch wasn't the "stable" release
yet (I have now updated the title from "Jessie" to "Stretch")

Re: I just installed "tomcat8" and "tomcat8-admin" on a Debian 8.9 box, via an apt-get

[Nicholas Geovanis]

On Wed, Aug 30, 2017 at 5:51 PM, James H. H. Lampert <
jam...@touchtonecorp.com> wrote:

> I want to put Tomcat 8.5 on the box I've spent the past week configuring.
> What my apt-get got me was Tomcat 8.0.14.
> Can I get Tomcat 8.5 via an apt-get? If so, how?
>

The apt-cache command says that the backports repository has Tomcat 8.5.14.
My mentally-lazy way to get everything I needed to install it looked as
follows:
apt-get install tomcat8=8.5.14-1~bpo8+1 tomcat8-common=8.5.14-1~bpo8+1
libtomcat8-java=8.5.14-1~bpo8+1 libecj-java=3.11.0-5~bpo8+1


> JHHL
>

I just installed "tomcat8" and "tomcat8-admin" on a Debian 8.9 box, via an apt-get

[James H. H. Lampert]

I want to put Tomcat 8.5 on the box I've spent the past week 
configuring. What my apt-get got me was Tomcat 8.0.14.


Can I get Tomcat 8.5 via an apt-get? If so, how?

If not, what's the easiest way to get Tomcat 8.5 up and running as a 
service from an Apache download?


--
JHHL

Re: Xerrada sobre Debian al DLP el 16 de setembre

[julio]

>Si és el tema del Networkmanager "menjant-se" configuracions de DNS en
>la xarxa local  sí, a Debian també fotia la guitza, el m*lparit del
>NM... (amb perdó ;-)
>

A veure si no hi haurà tanta diferència entre Debian i Ubuntu ;D


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

xtel, des motivés ?

[Samuel Thibault]

Bonjour,

Il vient d'être proposé dans #873764 de supprimer xmkmf. Il se
trouve que xtel utilise encore xmkmf. Quelqu'un est-il motivé pour le
convertir à autre chose ?

Merci de garder en Cc, je ne suis pas abonné à d-u-f@.
Samuel

Re: Xerrada sobre Debian al DLP el 16 de setembre

[Josep Lladonosa]

2017-08-30 22:33 GMT+02:00 julio :
> Hola,
> no se si d'aquesta reflexió es pot extreure una xerrada o una un quart i mig
> de xerrada però per si de cas.
>
> Primer de tot em presento. Soc de la secta dels fedorianos, no per
> convicció, només és per calers ;D
> Porto uns 18 anys instal•lant distros gnu/linux. Vaig tenir la meva etapa d
> evangelitzador. No recordo si en aquelles llargues nits disfrutava més
> instal•lant un linux o matant els guindous. Ja fa bastant de temps que m'ho
> prenc d'una altra manera.
> Tot i que he tocat alguna distro minoritària, les que més he utilitzat han
> estat fedora/redhat, ubuntu i debian.
> Però mai he mirat el codi de cap d aquests S.O. De manera que no tinc
> coneixements realment científics de les distros.
> O sigui que només puc parlar com a instal•lador i per observació del
> rendiment de les màquines instal•lades.
>
> Crec que totes són molt interessants i juguen diferents papers. Fedora com a
> conillet d'indies de RedHat i, més actualment de Gnome, massa arriscada, la
> qual cosa ha provocat versions un xic inestables però també interessants
> aportacions al mon linux.
> A Ubuntu el presenta molt be el seu eslogan "the linux for human beings",
> quanta gent deu haver provat gnu/linux gràcies a aquesta distro? Fins i tot
> molts que tenen windows com el seu primer S.O.
>
> Si, ja sé que no existeix una distro única per a tothom (per cert quina
> documentació tan xula fan els de archlinux) però si algú em digués "ho sento
> tio, t'has de mullar, quina distro recomanes segons la teva experiència?
> Només pots dir una."
> Doncs ja fa temps que sempre penso el mateix: Debian. La seva estabilitat
> (imagino que per la seva qualitat) no té color.
> I llavors em pregunto, perquè quan a un casal volem decidir quina distro
> instal•lar s'acaba instal•lant ubuntu? (Fet real i de fa molt poc temps)
> I no ho dic com una crítica per haver escollit Ubuntu, ja que al final tots
> vam estar d'acord.
> Sinò que els que coneixem de la qualitat/estabilitat de Debian no som
> capaços de transmetre-la a la resta. Per exemple, una de les raons per les
> quals es va escollir Ubuntu va ser la gran quantitat de drivers de que
> disposa. D'aquesta manera donaria menys problemes que Debian, es va pensar.
>
> Un cop instal•lada la LTS vam haver de solucionar un misteriós problema del
> DNS googlejant(*) i hackejant un dels fitxers del Network Manager. Dubto que
> això hagués passat amb Debian.

Si és el tema del Networkmanager "menjant-se" configuracions de DNS en
la xarxa local  sí, a Debian també fotia la guitza, el m*lparit del
NM... (amb perdó ;-)

>
> Insisteixo que això no és cap crítica a ningú ni a ubuntu o els ubuntaires,
> que per cert fan una feina acollonant, sinó a lo malament que venem Debian
> els que admirem aquesta distro.
> O potser la qualitat de Debian fa inevitable que es crei una mena d aura de
> distro elitista i difícilment accessible?
>
> (*) No és cert, vam fer servir duck duck go ;D
>
> Vagi be.
> Julio
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.



-- 
--
Salutacions...Josep
--

Re: One-line password generator

[Thomas Schmitt]

Hi,

Brian wrote:
> the crackers would likely not be in possession of a leaked password
> (Uld4dFpYSkdkV1J3ZFdOclpYSUsK) but of a hash of it.

That's why i did not claim to be able to decipher such things but rather
mentioned that the name is celebrity enough to be quickly enumerated.
The next two secrets were: base64 once, which is rather normal, and then
another base64 which would be guessable by a list of obvious obfuscation
opportunities.
Together this would be vulnerable to self-learning attacks which follow
the habits and typical ideas of certain groups of people.


> The password does not contain any memorable words so word lists do not
> look an inviting prospect.

This is not the decisive point. The list with celebrity names is input to
the not extremely unlikely operation of double base64. After this chain
of processing, you have a string that looks garbled, but is still based
only on the thin secrets.


> With the much slower bcrypt the effort to crack anything more might
> have been too much.

More bits and a more complex algorithm make testing slower, indeed.
The mathematical bet is that there are no shortcuts to the slowliness.

A secret salt (or other encryption key) may help if it can be kept
completely separate from the hash list, so that the attacker needs
two separate thefts.
But from
  https://en.wikipedia.org/wiki/Bcrypt
i understand the salt is stored unencrypted in the shadow password.

So only the extra bits of the result and the hopefully reliable
artificial slowliness of the algorithm can be counted as advantage
over MD5.


> Gene Heskett's password does not have all the criteria for being complex
> and completely random, but for now it looks like it would escape
> unscathed from brute force probing.

If the attacker has a bcrypt shadow password then the same number of
enumeration tries is necessary as with MD5. But it lasts linearly longer
to test them.

The linear factor depends on the "cost" parameter of the bcrypted password.
In the wikipedia example it is 1024 times the cost of a single bcrypt
round divided by the cost of a MD5 computation.
I failed up to now with finding an estimation of this fundamental ratio.

bcrypt seems to have indeed a good reputation.
But google finds "Argon2" when i ask for "bcrypt successor".


> Suppose
>  echo "ElmerFudpucker" | base64 | base64
> became
> echo "ElmerFudpucker" |  | base64 | base64

The latter is less secret than

  echo "ElmerFudpucker" | base64 | base64 | 

because as you could see with Gene's challenge, an unobfuscated base64
string is an invitation to run base64 -d.
If the last step in the chain is bcrypt, then i have to guess about
  base64 | base64
  md5sum | base64
  sha512sum | base64
  md5sum | xxd
  ...
  as many as Gene or i can imagine (but not many enough)



Whatever, it seems to me that you can really create extra security on your
local side if you put that slow thing into the enumeration chain.
Even assumed that your attacker knows it, he still has the problem that
bcrypt weights on the enumeration regardless how poor the remote hash
obfuscation is. (It must not be so poor that a collision easily lets him in
although he tried a wrong password.)

A very good property is that the whole bcryptization does not have to
be secret and thus you may store its lengthy parameters in unsecure places.

You will not use more than the hash part of bcrypt as password. No need
to send "cost" or "salt" to the remote service.
Assume that everybody knows them and thus you don't need to tell. :))

But still your brain password needs to be strong enough to become really
strong by the added bits equivalent of bcrypt slowliness. If in the time
of one bcrypt try one could do 4096 MD5s, then this bcrypt is worth 12 bits
of secret, compared to MD5 and in the context of enumeration.
The rest of hard-to-guess bits must be stored in your brain.

I wonder whether one can arbitrarily increase the computation time
by arbitrary high cost value without creating opportunities for a shortcut.
Somehow this smells like information out of deterministic nothing ...
... the 184 bit hash must produce collisions after at most 2 exp 184
tries. So a wrong brain password would yield the right long password.
This is a trivial upper bit count limit for what bcrypt can gain you.
Probably the real systematic limit is lower. Young mathematicians needed.

In any case you would buy a new bit by doubling password computation time
for each time you want to use the password. So there are real world limits
much lower than the bit count of the hash.

The ratio of the attacker's computing power and your computing power matters.
This is a disadvantage compared to other methods which harden against
enumeration.


Disclaimer: This looks quite good to me but might be wrong, nevertheless.
All depends on whether bcrypt really has the properties which
are intended. Not to speak of 

Re: Atril configuration saving

[Mario Castelán Castro]

On 30/08/17 06:27, Haines Brown wrote:
> I find the atril pdf viewer to be the most satisfactory choice for my
> needs. However, a problem is that it does not save my configuration.

Hello.

What do you find good about Atril as compared to Evince (if you have
used the later)?

It is not a rhetorical question. I am genuinely interested.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Xerrada sobre Debian al DLP el 16 de setembre

[julio]

Hola,
no se si d'aquesta reflexió es pot extreure una xerrada o una un quart i mig de 
xerrada però per si de cas.

Primer de tot em presento. Soc de la secta dels fedorianos, no per convicció, 
només és per calers ;D
Porto uns 18 anys instal•lant distros gnu/linux. Vaig tenir la meva etapa d 
evangelitzador. No recordo si en aquelles llargues nits disfrutava més 
instal•lant un linux o matant els guindous. Ja fa bastant de temps que m'ho 
prenc d'una altra manera. 
Tot i que he tocat alguna distro minoritària, les que més he utilitzat han 
estat fedora/redhat, ubuntu i debian.
Però mai he mirat el codi de cap d aquests S.O. De manera que no tinc 
coneixements realment científics de les distros.
O sigui que només puc parlar com a instal•lador i per observació del rendiment 
de les màquines instal•lades.

Crec que totes són molt interessants i juguen diferents papers. Fedora com a 
conillet d'indies de RedHat i, més actualment de Gnome, massa arriscada, la 
qual cosa ha provocat versions un xic inestables però també interessants 
aportacions al mon linux.
A Ubuntu el presenta molt be el seu eslogan "the linux for human beings", 
quanta gent deu haver provat gnu/linux gràcies a aquesta distro? Fins i tot 
molts que tenen windows com el seu primer S.O.

Si, ja sé que no existeix una distro única per a tothom (per cert quina 
documentació tan xula fan els de archlinux) però si algú em digués "ho sento 
tio, t'has de mullar, quina distro recomanes segons la teva experiència? Només 
pots dir una."
Doncs ja fa temps que sempre penso el mateix: Debian. La seva estabilitat 
(imagino que per la seva qualitat) no té color.
I llavors em pregunto, perquè quan a un casal volem decidir quina distro 
instal•lar s'acaba instal•lant ubuntu? (Fet real i de fa molt poc temps)
I no ho dic com una crítica per haver escollit Ubuntu, ja que al final tots vam 
estar d'acord.
Sinò que els que coneixem de la qualitat/estabilitat de Debian no som capaços 
de transmetre-la a la resta. Per exemple, una de les raons per les quals es va 
escollir Ubuntu va ser la gran quantitat de drivers de que disposa. D'aquesta 
manera donaria menys problemes que Debian, es va pensar.

Un cop instal•lada la LTS vam haver de solucionar un misteriós problema del DNS 
googlejant(*) i hackejant un dels fitxers del Network Manager. Dubto que això 
hagués passat amb Debian.

Insisteixo que això no és cap crítica a ningú ni a ubuntu o els ubuntaires, que 
per cert fan una feina acollonant, sinó a lo malament que venem Debian els que 
admirem aquesta distro.
O potser la qualitat de Debian fa inevitable que es crei una mena d aura de 
distro elitista i difícilment accessible?

(*) No és cert, vam fer servir duck duck go ;D

Vagi be.
Julio


On 30 d’agost de 2017 19:21:33 CEST, Alex Muntada  wrote:
>Hola!
>
>A petició d'en Rafael Carreras, el proper dissabte 16 de setembre
>faré una xerrada sobre el desenvolupament a Debian dins el marc
>del Dia de la Llibertat del Programari: http://dlp.caliu.cat/
>
>El que us volia preguntar és de quins temes us agradaria que
>parli concretament. Podeu preguntar-me el que vulgueu (AMA) i
>jo ja triaré el que cregui més interessant per la xerrada.
>
>Així doncs, us agrairé que respongueu aquest correu explicant-me
>què us agradaria saber, sobre què us agradaria aprofundir, què
>voldríeu aprendre, en què us agradaria contribuir, etc. Podeu
>fer-ho en privat, si voleu.
>
>A banda de facilitar-me la feina per la xerrada, crec que pot
>ser una bona oportunitat per conèixer millor els interessos i
>els interrogants d'aquesta comunitat.
>
>Salut i moltes gràcies!
>Alex

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

How to install extra TeX fonts without crud?

[Mario Castelán Castro]

Hello.

I want to install some fonts to use in LaTeX that seem to be available
only in the “texive-fonts-extra” package. The problem, is that
“texive-fonts-extra” depends on a lot of fonts packages that I do not
want. Is there a way to install only the TeX fonts contained in
“texive-fonts-extra” without the other packages?

Thanks.

-- 
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Computer friendly blood pressure?

[Wilko Fokken]

On Tue, Aug 29, 2017 at 07:44:07AM -0500, Richard Owlett wrote:
> For sometime I've been causally looking for a blood pressure cuff with
> communication capability that does NOT require a "smart" phone [be
> it Apple or Android].
> 
> A recent hospital stay prompts me to more actively look.
> 
> I currently have a wrist cuff type with memory but no communication
> capability.
> Preferred solutions would be something that:
>  uses the same removable media as digital cameras.
> or
>  has USB connectivity
> Bluetooth or WiFi connectivity would be acceptable.
> 
> Already written Linux apps a plus.
> 
> Any suggestions/comments?
> 
> Thank you.


Moin,

for my own blood pressure control, I wrote a shell script that serves
me well.

[I get my data through a simple, but fairly precise wrist cuff device
 without capability of saving my data.]

Parallel to measuring my blood pressure, I call up my own shell script
by typing just two letters: 'bl': an alias for my shell script 'blutdruck'
(blood pressure).

When my wrist device shows my data: systolic pressure, diastolic pressure
and my pulse rate, I type these 3 data into my shell script; after that,
my shell script asks for a comment: Here I can add comments to my pressure
results that will fit to a single line.

Finally, my script shows all my data of the actual month, each on a single
line, with my comments (and date+time) added. With a month passing, the
script automatically starts a new file.


(At the end of this script follows an examle of it's output per month;
 comments are free text in any language.

 Check that your system provides parent directories if necessary.

 If you translate certain definitions, be sure to do it in a consistent
 way.

~


#! /bin/bash


#~  Begin Functions  ~

function Get_Date_by_Names  ()  {

#   =$(date +%Y)# year  (2017)
#   mon=$(date +%-m)# month (1..12)
mon=$(date +%m) # month (01..12)
#   MON=$(date +%b) # MONTH (Jan..Dez)
#   dow=$(date +%w) # dow   (0..6)
DOW=$(date +%a) # DOW   (So..Sa)
dom=$(date +%d) # day of month

datum=$(date "+%a, %d.%m.%y  %H.%M")
dmonat=$(date "+%m.%y")

#   (Combined `date`-Data require a single '+' only)
}

function Display () {

clear

echo
echo"   Blutdruck Statistik ${dmonat}"
echo"   -"

echo
tail -n 16 Blutdruck_${dmonat}
echo

exit

}
#  End of Functions  ~

clear

typeset -i ODruck=0 UDruck=0 Puls=0 # 'integer': non-numeric input => '0'


Get_Date_by_Names
#   ~

[ ! -d /home/Desktop/Blutdruck ] && mkdir -p /home/Desktop/Blutdruck
cd /home/Desktop/Blutdruck

sudo touch  Blutdruck_${dmonat}
sudo chown root:staff   Blutdruck_${dmonat}
sudo chmod 0660 Blutdruck_${dmonat}

echo
echo"  Blutdruck Statistik ${dmonat}"
echo"   "

echo
tail -n 14 Blutdruck_${dmonat}
echo

echo -n "   Blutdruck, oberer Wert: ";  read ODruck
[ $ODruck -eq 0 ] && Display
#~~~
echo -n "   Blutdruck, unterer Wert: "; read UDruck
[ $UDruck -eq 0 ] && Display
#~~~
echo -n "   PulsSchläge pro Minute: "; read Puls
[ $UDruck -eq 0 ] && Display
#~~~
echo -n "   + Kommentar ? : "; read Info

echo "  ${datum}  = ${ODruck}/${UDruck} mm Hg // ${Puls}/min[${Info}]" | 
tee -a Blutdruck_${dmonat};
if  [ "${DOW}" = "So" ]; then
echo "  ---">> 
Blutdruck_${dmonat};
echo
>> Blutdruck_${dmonat};
fi

 Display
#~~~

# (End of Prog)

~




Example of this prog's output (august 2017)
–––


Do, 24.08.17  03.32  = 148/83 mm Hg // 65/min   [n.Kr.haus, n.unklaren 
Pillen, mit Verst]
Do, 24.08.17  10.20  = 135/88 mm Hg // 61/min   [(gest: 
Kart+Rapunzel+Feta) n.Pillen, o. Frühstück, mit Verst]
Do, 24.08.17  14.42  = 115/64 mm Hg // 66/min   [(Pillen alle 24h statt 
36h) ohne Verst, Hafermüsli]
Do, 24.08.17  15.51  = 112/67 mm Hg // 63/min   [dito, n.4T.Tee]
Do, 24.08.17  18.32  = 122/72 mm Hg // 68/min   [gerade mit Rad zurück 
von Statenzijl]
Do, 24.08.17  19.34  = 121/71 mm Hg // 63/min   [dito, 1 h danach]
Fr, 25.08.17  07.29  = 134/83 mm Hg // 62/min   [wenig Schlaf; gerade 
aufgestanden]
Fr, 

Re: Jouer ou travailler ? Minecraft ! Serveur et Launcher

[Safranil]

Désolé par avance pour le roman en fin de mail, bonne lecture.
Le 30/08/2017 à 20:37, G2PC a écrit :
> Merci pour vos retours, je vais intégrer cela au wiki ce soir ou
> demain et continuer mes recherches.
> Mais, concernant ce launcher craqué, est ce que vous avez une idée de
> ou je peux me le procurer ?
Aucune idée.
> Qui dit craqué, dit risque de virus ?
Effectivement, comme tout logiciel craqué.
> Si maintenant je voulais partager ce serveur de jeux, sur mon site
> internet, et, mettre à disposition un launcher qui permette de jouer,
> sans payer :
> - Est ce possible ? ( Oui, avec un launcher craqué )
> - Est ce autorisé ?
Tu peux mettre à disposition le serveur gratuitement, tu est libre de le
configurer comme tu le souhaite. En revanche l'utilisation de logiciels
piratés est illégal et fournir un launcher qui distribue une version
craqué du jeu est aussi illégal. Finalement c'est comme craqué la suite
Adobe ou autre, si on le fait, c'est en connaissance de cause.

Si tu veux du tout gratuit (pour les joueurs), oriente toi plutôt sur
Minetest.

Pour information sur LegiFrance, les lois sont :

L'utilisation de logiciel piraté ou sa distribution sont puni, la
définition en tant qu’œuvre de l'esprit (comme la musique, les films,
...) se trouve dans l'article L112-2 du Code de la propriété
intellectuelle :

/Sont considérés notamment comme œuvres de l'esprit au sens du
présent code :/
/[...]/
/13° Les logiciels, y compris le matériel de conception préparatoire ;/
/[...]/

Ensuite les articles L335-2, L335-3 et 122-6 du Code de la propriété
intellectuelle définissent les peines encourues :
Article L335-2 :

/Toute [...] production, imprimée ou gravée en entier ou en partie,
au mépris des lois et règlements relatifs à la propriété des
auteurs, est une contrefaçon et toute contrefaçon est un délit./
/La contrefaçon en France d'ouvrages publiés en France ou à
l'étranger est punie de trois ans d'emprisonnement et de 300 000
euros d'amende./
/[...]/

Article L335-3 :/
/

/Est également un délit de contrefaçon toute reproduction,
représentation ou diffusion, par quelque moyen que ce soit, d'une
œuvre de l'esprit en violation des droits de l'auteur, tels qu'ils
sont définis et réglementés par la loi./
/Est également un délit de contrefaçon la violation de l'un des
droits de l'auteur d'un logiciel définis à l'article L. 122-6./
/[...]/

Article L122-6 :

/Sous réserve des dispositions de l'article L. 122-6-1, le droit
d'exploitation appartenant à l'auteur d'un logiciel comprend le
droit d'effectuer et d'autoriser ://
//1° La reproduction permanente ou provisoire d'un logiciel en tout
ou partie par tout moyen et sous toute forme. Dans la mesure où le
chargement, l'affichage, l'exécution, la transmission ou le stockage
de ce logiciel nécessitent une reproduction, ces actes ne sont
possibles qu'avec l'autorisation de l'auteur ;//
//2° La traduction, l'adaptation, l'arrangement ou toute autre
modification d'un logiciel et la reproduction du logiciel en
résultant ;//
//3° La mise sur le marché à titre onéreux ou gratuit, y compris la
location, du ou des exemplaires d'un logiciel par tout procédé.
Toutefois, la première vente d'un exemplaire d'un logiciel dans le
territoire d'un Etat membre de la Communauté européenne ou d'un Etat
partie à l'accord sur l'Espace économique européen par l'auteur ou
avec son consentement épuise le droit de mise sur le marché de cet
exemplaire dans tous les Etats membres à l'exception du droit
d'autoriser la location ultérieure d'un exemplaire./

Ainsi que l'article 321-1 du code pénal :

/Le recel est le fait de dissimuler, de détenir ou de transmettre
une chose, ou de faire office d'intermédiaire afin de la
transmettre, en sachant que cette chose provient d'un crime ou d'un
délit.
Constitue également un recel le fait, en connaissance de cause, de
bénéficier, par tout moyen, du produit d'un crime ou d'un délit.
Le recel est puni de cinq ans d'emprisonnement et de 375 000 euros
d'amende.
/

/Sources :
Code de la propriété intellectuelle :
    Article L112-2 :
https://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI06278875=LEGITEXT06069414
    Article L122-6 :
https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT06069414=LEGIARTI06278918==cid
    Article L335-2 :
https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT06069414=LEGIARTI06279167==cid
    Article L335-3 :
https://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI20740345=LEGITEXT06069414
Article 321-1 du code pénal :
https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT06070719=LEGIARTI06418233==cid
/



signature.asc
Description: OpenPGP digital signature

CheckPoint Users

[tracey . cook]

style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%">Hi,


Would you be interested in CheckPoint Users contact  
list?


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%"> 


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%">style="color:rgb(31,78,121)">Featuresstyle="color:rgb(31,78,121)">:

•         85% on email, 90% on other Data. 100% opt-in to
receive third party information.
•         Name, Title, Email, Phone Number, Company name,
Web Address, Physical Address, SIC Code, Industry, Company Size (Employee  
and

revenue).
•         Excel or CSV. Format for unlimited usage
•        We can provide you database from North America,
Latin America, EMEA and APAC
•        Verified, validated, accurate and up-to-date
contact details of users, customers and business professionalsstyle="color:rgb(34,34,34)">


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%"> 


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%">We also have other  
technology users like:

· Juniper
· SonicWALL
· Bloxx
· Fortinet
· Symantec
· McAfee
· FireEye
· WatchGuard
· Sophos
· Cisco and many more...style="color:rgb(34,34,34)">


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%"> 


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%">style="color:rgb(31,78,121)">Categoriesstyle="color:rgb(31,78,121)">:
Next Generation Firewalls, Endpoint Security, SIEM, Web Application  
Firewall,

Cloud Access Security, Secure Email Gateway, DDoS Protection, Application
Delivery Controllers, Network Testing, SDN Security Appliance, IP Phone
Systems, Hybrid Virtual Appliance, Cloud computing security, Backup,  
Disaster
Recovery and Virtualization Data Loss Prevention, Mobile security, Wireless  
LAN

Security, Internet security, Information security, Network security, Data
security and many more

style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%"> 


style="margin-bottom:0.0001pt;line-height:normal;background:white none  
repeat scroll 0% 0%">Please review and  
let me know if you are interested in any of

the technology users or different contact list for your campaigns and I will
provide more information for the same.
 
Appreciate your time and look forward to hear from you.

Thanks,
Tracey Cook
Database Coordinator

If you are not the right person, feel free to forward this email to the  
right

person in your organization.

To Opt Out, please respond “Leave Out” in the Subject linestyle="color:rgb(34,34,34)">



powered by GSM. Free mail merge and  
email marketing software for Gmail.

Re: fallos en instalación limpia de debian stretch

[JAP]

El 30/08/17 a las 14:29, José Benito Martínez escribió:

Soy prácticamente novato en debian; si alguien puede ayudarme le estaré
muy agradecido.

Hace algún tiempo instalé debian-9.1 en mi Acer E-15 y por más que lo
he intentado a través de google no encontrado ningún caso similar que
me pudiera ser de ayuda. En resumen, tengo dos fallos:
  
1º)


platform MSFT0101:00 failed to claim resource 1
acpi MSFT0101:00 platform device creation failed: -16
Este problema se llama Microsoft Trusted Platform Module (TPM)

https://www.intel.la/content/www/xl/es/support/boards-and-kits/intel-nuc-boards/07452.html

Tenés que anularlo
https://www.uvm.edu/it/security/encryption/bitlocker/?Page=tpm-troubleshooting.html




2º)

ath10k_pci :02:00.0: firmware: failed to load ath10k/pre-cal-pci-
:02:00.0.bin (-2)

ath10k_pci :02:00.0: Direct firmware load for ath10k/pre-cal-pci-
:02:00.0.bin failed with error -2

ath10k_pci :02:00.0: firmware: failed to load ath10k/cal-pci-
:02:00.0.bin (-2)

ath10k_pci :02:00.0: Direct firmware load for ath10k/cal-pci-
:02:00.0.bin failed with error -2


Esto es la placa wifi.
Recomendación: instala todo con un cable ethernet.
Luego de ello, cuando el sistema funcione, empieza a pelearte con el 
controlador para esa placa, que es el paquete firmware-atheros



Un cordial saludo a todos.



Espero sirva.

JAP

Re: Weird shell script behavior in a cron job

[Greg Wooledge]

On Wed, Aug 30, 2017 at 09:32:37PM +0300, Reco wrote:
> > > #!
> 
> A curious shebang.

> > Why would the behavior be any different? Could it be that cron is running it
> > an entirely different shell, that doesn't understand the "if" statement?
> 
> Presumably your script runs via /bin/bash in interactive mode, and via
> /bin/sh (should be /bin/dash) if run by cron.

Yes, exactly this.  The shebang is malformed, so the kernel cannot
execute the script directly.  When a shell tries to run this script,
the kernel will return ENOEXEC.  The shell sees this, and forks a
child of itself to be the interpreter.

>From an interactive bash shell, therefore, your script would be run by
bash.

>From crontab, each line is executed by /bin/sh, so your script would
end up being run by another instance of /bin/sh.

This is why it's vitally important to put the correct shebnang on every
script you run.  If you don't, you either get direct failures if you're
lucky, or indeterminate behavior if you are not.

Re: Hardware compatible

[Robert Marsellés]

Hola,

El 28/08/17 a les 14:52, Narcis Garcia ha escrit:
> El 28/08/17 a les 14:15, Ernest Adrogué ha escrit:
>> 2017-07-31, 20:03 (+0200); Santi Moreno escriu:
>>
>> Intel pel que tinc entès també té bon suport, però no conec cap llista
>> com la de AMD.  En qualsevol cas jo evitaria Nvidia a qualsevol preu, ja
>> que no són gaire donats a proporcionar informació sobre el seu maquinari
>> perquè es puguin escriure drivers lliures.
>>

Personalment, una Nvidia bastant recent (GeForce GTX 1050Ti) em funciona
sense problemes amb els controladors privats. Abans m'havia preocupat de
fer la recerca a la llista Debian d'usuaris en anglès. Pel que es diu
allí, fa dies que moltes targetes Nvidia, sobretot recents, funcionen
adequadament (suportades) amb els controladors privats.

Un altre tema és que cada peça de "hardware" tingui les seves
particularitats i, els que som únicament usuaris enlloc de fabricants,
no sapiguem trobar-li la configuració adequada. És com quan s'usa un
mòbil nou d'una altra marca que no has tingut mai. Per fàcil que diguin
que sigui, un se l'ha de mirar amb "carinyo" i perdre-hi temps llegint,
rellegint i usant-lo. A això s'hi ha d'afegir que els manuals que un
troba no ajuden gaire si un no té molt clar què nassos necessita
(NvidiaGraphicsDrivers a Debian Wiki).

Per exemple, segons el wiki de ArchLinux hi ha fins a 5 possibles
maneres de configurar el sistema gràfic amb la meva targeta Nvidia. Tot
depèn de la targeta específica que es tingui (particularitats) i com es
vol que treballi (sempre o, per estalviar bateries, només a estones,
i.e. jocs).

La resta del text descriu el meu cas particular que deixo per si a algú
li anés bé. El que volia dir, ja ho he dit.

En el meu cas, primer vaig tenir que aprendre a identificar la meva
targeta per saber-ne les seves característiques ja que els noms
comercials no sempre son els mateixos que apareixen als sistemes de
recerca d'informació Linux. La meva targeta té un sistema per gestionar
el consum elèctric que es diu Nvidia Optimus (això modifica la
configuració i també els paquets a instal·lar).

També vaig tenir que aprendre la interacció amb la resta del portàtil.
La meva BIOS no permet configurar quina de les 2 targetes que tinc
funcioni d'inici. Per defecte sempre funciona la integrada al
processador (Intel).

Després s'ha d'investigar si els "drivers" lliures (noveau) poden
controlar quan s'engega o s'apaga. Si no, no hi ha opció, toca
instal·lar els controladors privats. En cas contrari, si a l'usuari li
interessa que funcioni així, encara hi ha més d'una forma de
configuració segons com les 2 targetes estiguin connectades a la placa
(es diu bus?).

I un cop ho saps tot, s'ha d'identificar els noms dels paquets Debian
que contenen el que necessites (que costa força més del que sembla, des
del meu punt de vista personal).

I això per cada component de la màquina. Tinc sort que m'ho agafo com un
"hobby". Si ho necessités per treballar, potser preferiria pagar com fa
la majoria.

Salut i peles,

robert

Re: Installer un serveur mail complet sous Debian 9 Stretch

[G2PC]

Le 30/08/2017 à 20:30, Étienne Mollier a écrit :
> Je suis tombé sur cette présentation de Benjamin Sonntag il y a
> quelque temps et qui semble rentrer plutôt pas mal en profondeur
> dans les différents éléments constituant un service mail qui
> marche™.  Si vous avez 180 minutes à tuer, ça pourrait valoir le
> coup d'y jeter un œil :
>
>   
> http://www.iletaitunefoisinternet.fr/lemail-par-benjamin-sonntag/index.html
>
> Sinon, pour prêcher pour une autre paroisse, le projet YunoHost
> propose des logiciels et des étapes pas à pas pour déployer tout
> un tas de services, dont le mail.  Vous pouvez consulter sur
> leur site web la documentation d'administration :
>
>   https://yunohost.org/#/admindoc_fr
>
> Seuls petits bémols, ils ne recommandent pas l'usage de leur
> solution pour servir plusieurs utilisateurs (c'est bien à
> l'échelle d'une famille, mais ça ne s'échelonne pas bien pour un
> usage professionnel) et ils manquent de forces vives pour avoir
> déjà un logiciel compatible avec Debian Stretch, donc peut-être
> que ça ne correspondra pas tout à fait votre cahier des charges.
Merci à vous deux pour vos réponses.
Je vais consulter le lien présenté précédement, et, lire également ce
travail de Benjamin.
Si ça vient de Benjamin (Quadrature du net) c'est sûrement du bon travail.

Re: Weird shell script behavior in a cron job

[David Wright]

On Wed 30 Aug 2017 at 11:07:36 (-0700), James H. H. Lampert wrote:
> Can somebody explain this:
> 
> My backup script WILL detect that ExternalHD is not mounted, and
> attempt to mount it, if I run it manually.
> 
> But it WON'T do that if it runs in a cron job.
> 
> I've isolated the relevant code into its own script, added debugging
> output, and set it up to run every minute. Here's the test script:
> >#!
> >date >> ~/test.txt
> >pwd >> ~/test.txt
> >cd /media/ExternalHD/Backups
> >if [ "$?" = "1" ]; then
> >  echo "mounting" >> ~/test.txt
> >  mount /media/ExternalHD >> ~/test.txt
> >  cd /media/ExternalHD/Backups
> >fi
> >pwd >> ~/test.txt
> 
> Here is what I get when the cron job trips, and ExternalHD is not mounted:
> >Wed Aug 30 10:49:01 PDT 2017
> >/root
> >/root
> >Wed Aug 30 10:50:01 PDT 2017
> >/root
> >/root
> . . .
> >Wed Aug 30 10:55:01 PDT 2017
> >/root
> >/root
> 
> and here is what I get when I run the script from a command line:
> >Wed Aug 30 10:55:07 PDT 2017
> >/root
> >mounting
> >/media/ExternalHD/Backups
> 
> Why would the behavior be any different? Could it be that cron is
> running it an entirely different shell, that doesn't understand the
> "if" statement? Here's the crontab line:
> >* * * * *   ~/test.sh

Yes,   man 5 crontab   documents exactly that.

Cheers,
David.

Re: Jouer ou travailler ? Minecraft ! Serveur et Launcher

[G2PC]

Le 30/08/2017 à 14:15, Safranil a écrit :
>
> Bonjour à toi,
>
> Concernant les serveurs vanilla (serveur et clients non moddé), le
> launcher officiel est suffisant pour te connecter à un serveur. Par
> contre, il faut effectivement un compte officiel avec une licence pour
> l'utiliser.
>
> Ayant monté mon propre serveur avec un certain nombre de mods, je suis
> passé par la case développement d'un launcher en Java, si tu le
> souhaite, tu peux regarder les sources ici [1] et la partie de mise à
> jour automatique du launcher ici [2], ces derniers sont sous licences GPL.
>
> Sinon, si tu souhaite juste tester que le serveur est fonctionnel mais
> que tu n'a pas de licence, tu peux mettre `online-mode` à `false` dans
> le fichier `server.properties` et le serveur ne vérifieras pas la
> validité des joueurs qui se connecte mais un launcher dit craqué sera
> nécessaire pour se connecter.
>
> Enfin, comme d'autres l'ont déjà dit, des alternatives libres et open
> source existent comme Minetest par exemple.
>
> [1] https://git.safranil.fr/Miroa/launcher
> [2] https://git.safranil.fr/Miroa/updater
>
> Le 30/08/2017 à 12:20, G2PC a écrit :
>> Bonjour,
>>
>> J'ai repris quelques notes, concernant Minecraft.
>> Je pense avoir compris comment créer facilement un serveur Minecraft, ce
>> que j'ai fais, sous Debian 9 Stretch.
>>
>> Par contre, je n'ai pas encore pu avancer, concernant le launcher, pour
>> accéder au serveur.
>> Si je comprend bien, Minecraft est un jeu payant. Donc, même si je crée
>> un serveur Minecraft, pour y accéder, il me faut avoir un compte
>> utilisateur activé, payé, pour pouvoir rejoindre mon serveur et jouer.
>>
>> On m'a parlé de Launcher craqué, qui permettent de se connecter,
>> gratuitement.
>> Je ne cherche pas spécialement à utiliser un launcher craqué.
>>
>> J'aimerais simplement pouvoir tester mon serveur Minecraft, pour voir si
>> il est fonctionnel.
>>
>> Si vous connaissez Minecraft, ce qui n'est pas mon cas, merci du retour
>> sur expérience.
>>
>> Source de ma recherche :
>> https://www.visionduweb.eu/wiki/index.php?title=Minecraft#Installer_Minecraft_sur_Linux
>
Merci pour vos retours, je vais intégrer cela au wiki ce soir ou demain
et continuer mes recherches.
Mais, concernant ce launcher craqué, est ce que vous avez une idée de ou
je peux me le procurer ?
Qui dit craqué, dit risque de virus ?

Si maintenant je voulais partager ce serveur de jeux, sur mon site
internet, et, mettre à disposition un launcher qui permette de jouer,
sans payer :
- Est ce possible ? ( Oui, avec un launcher craqué )
- Est ce autorisé ?

@ suivre

Re: Weird shell script behavior in a cron job

[James H. H. Lampert]

A few minutes ago, with respect to my backup script attempting to mount 
ExternalHD if run from a command line, but not from cron, I wrote:

Why would the behavior be any different? Could it be that cron is
running it an entirely different shell, that doesn't understand the "if"
statement?


That was it. I added a line to echo $SHELL to my debugging log file, and 
that was it: if I ran it from cron, $SHELL was /bin/sh; if I ran it from 
a command line, $SHELL was /bin/bash.


Changing the shebang from
> #!
to
> #! /bin/bash

did the trick, and when I looked back at the original script, I found a 
shebang of

> #! /bin/sh

which I also changed. High hopes for finding successful test results 
tomorrow morning.


--
JHHL

Re: Weird shell script behavior in a cron job

[Reco]

Hi.

On Wed, Aug 30, 2017 at 11:07:36AM -0700, James H. H. Lampert wrote:
> Can somebody explain this:
> 
> My backup script WILL detect that ExternalHD is not mounted, and attempt to
> mount it, if I run it manually.
> 
> But it WON'T do that if it runs in a cron job.
> 
> I've isolated the relevant code into its own script, added debugging output,
> and set it up to run every minute. Here's the test script:
> > #!

A curious shebang.


> > date >> ~/test.txt
> > pwd >> ~/test.txt
> > cd /media/ExternalHD/Backups
> > if [ "$?" = "1" ]; then
> >   echo "mounting" >> ~/test.txt
> >   mount /media/ExternalHD >> ~/test.txt
> >   cd /media/ExternalHD/Backups
> > fi
> > pwd >> ~/test.txt

What about this approach?

date >> ~/test.txt
pwd >> ~/test.txt
/bin/mountpoint -q /media/ExternalHD/Backups || \
mount /media/ExternalHD && \
cd /media/ExternalHD/Backups
pwd >> ~/test.txt


> Why would the behavior be any different? Could it be that cron is running it
> an entirely different shell, that doesn't understand the "if" statement?

Presumably your script runs via /bin/bash in interactive mode, and via
/bin/sh (should be /bin/dash) if run by cron.

Reco

Re: Installer un serveur mail complet sous Debian 9 Stretch

[Étienne Mollier]

Bonsoir,

On 08/30/2017 02:19 PM, Luc Novales wrote:
> Bonjour,
>
>
> Le 28/08/2017 à 03:09, G2PC a écrit :
>> Bonjour,
>>
>> Je cherche un tutoriel pour installer un serveur mail complet sous
>> Debian Stretch.
>>
>> J'ai trouvé celui-ci :
>> https://blog.tetsumaki.net/articles/2017/08/installation-dune-solution-mail-complete-sous-debian-9-stretch.html
>>
>> Si vous avez un support correct, complet, accessible, pour Debian
>> Stretch, en complément, ou, en remplacement, merci de vos retours.
> Tout dépend de ce que tu entends par "solution mail complète".
> Les docs debian sont de très bonne qualité ;-)
>
> https://www.debian.org/doc/manuals/debian-handbook/network-services.fr.html#sect.smtp-mail-server
>
> Bonne journée,
> Luc.
>

Je suis tombé sur cette présentation de Benjamin Sonntag il y a
quelque temps et qui semble rentrer plutôt pas mal en profondeur
dans les différents éléments constituant un service mail qui
marche™.  Si vous avez 180 minutes à tuer, ça pourrait valoir le
coup d'y jeter un œil :


http://www.iletaitunefoisinternet.fr/lemail-par-benjamin-sonntag/index.html

Sinon, pour prêcher pour une autre paroisse, le projet YunoHost
propose des logiciels et des étapes pas à pas pour déployer tout
un tas de services, dont le mail.  Vous pouvez consulter sur
leur site web la documentation d'administration :

https://yunohost.org/#/admindoc_fr

Seuls petits bémols, ils ne recommandent pas l'usage de leur
solution pour servir plusieurs utilisateurs (c'est bien à
l'échelle d'une famille, mais ça ne s'échelonne pas bien pour un
usage professionnel) et ils manquent de forces vives pour avoir
déjà un logiciel compatible avec Debian Stretch, donc peut-être
que ça ne correspondra pas tout à fait votre cahier des charges.

À plus,
-- 
Étienne Mollier 

Re: Atril configuration saving

[Tixy]

On Wed, 2017-08-30 at 07:27 -0400, Haines Brown wrote:
> I find the atril pdf viewer to be the most satisfactory choice for my
> needs. However, a problem is that it does not save my configuration.
> 
> More specifically, I go to its View menu and set my desired
> configuration. Then I go to Edit, Save Current Settings as Default. It
> has no effect, and atril  opens with other values.
> 
> I should note that I don't run any desktop environment, not Mate or any
> other. None of the files in /usr/bin or in /usr/share/atril appear to
> specify configuration values.  My guess is that atril would look for a
> file such as /usr/share/atril/atril-config.xml or ~/.atril in which
> configuration values are set.

I use LXDE and Atril preference saving works for me. When I do that the
file  ~/.config/dconf/user changes. Searching the web leads to 'dconf is
a low-level configuration system and settings management'

Digging further, one of Atrils dependencies is dconf-gsettings-backend
[1] which at a guess requires dconf-service and dbus running. Perhaps
you don't have those if you don't have any desktop environment
installed?

[1] https://packages.debian.org/stretch/dconf-gsettings-backend

-- 
Tixy

Weird shell script behavior in a cron job

[James H. H. Lampert]

Can somebody explain this:

My backup script WILL detect that ExternalHD is not mounted, and attempt 
to mount it, if I run it manually.


But it WON'T do that if it runs in a cron job.

I've isolated the relevant code into its own script, added debugging 
output, and set it up to run every minute. Here's the test script:

#!
date >> ~/test.txt
pwd >> ~/test.txt
cd /media/ExternalHD/Backups
if [ "$?" = "1" ]; then
  echo "mounting" >> ~/test.txt
  mount /media/ExternalHD >> ~/test.txt
  cd /media/ExternalHD/Backups
fi
pwd >> ~/test.txt


Here is what I get when the cron job trips, and ExternalHD is not mounted:

Wed Aug 30 10:49:01 PDT 2017
/root
/root
Wed Aug 30 10:50:01 PDT 2017
/root
/root

. . .

Wed Aug 30 10:55:01 PDT 2017
/root
/root


and here is what I get when I run the script from a command line:

Wed Aug 30 10:55:07 PDT 2017
/root
mounting
/media/ExternalHD/Backups


Why would the behavior be any different? Could it be that cron is 
running it an entirely different shell, that doesn't understand the "if" 
statement? Here's the crontab line:

* * * * *   ~/test.sh


--
JHHL

Re: One-line password generator

[Gene Heskett]

On Wednesday 30 August 2017 10:25:00 Thomas Schmitt wrote:

> Hi,
>
> i wrote:
> > > The reason why this is still not fully reflected by the man page
> > > is not yet uncovered.
>
> Gene Heskett wrote:
> > Maybe a wee bit of security by obscurity?  There is that I think in
> > everyones thinking on this subject.  They don't want to price the
> > farm so cheap that it will actually sell.
>
> Ah no. The obscurity principle is unpopular in cryptography.
> The widely accepted method is to have the algorithms public, so they
> can be analysed and discussed, and to have the secrets separated in
> keys.
>
> Given that Theodore T'so can probably cause a text change in the man
> page if he really demands it, i rather expect to find a nitpicker like
> me who challenges the flat deprecation of /dev/random by some thin but
> valid argument. Just a gut feeling of mine.
>
>
> For my own decision of /dev/random against /dev/urandom:
> I use either of them very rarely. I have to deal with several old
> kernels of which i do not know how firm the opinions were when those
> kernels were young.
> So i will continue to use the legacy interface as long as it is
> available. But i will not raise objections if some day it becomes
> exactly the same as the /dev/urandom interface.
> This is the decision of the maintainers (Theodore T'so and Neil Horman
> of CRYPTOGRAPHIC RANDOM NUMBER GENERATOR), whom i deem more educated
> on the topic than i am.
>
Theodore T'so opinion IMO, carry's enough weight to more than "balance 
the scales" in most any argument about this...  Theodore was smack in 
the middle of TPTB when I ditched an amiga and built a 400 MHz k6 based 
machine and installed red hat 5.0 on it in late 1997.  So while I did 
have to do the early windows machines at WDTV, my awe of microsoft was 
soured when a network message machine running NT3.51 decided to nuke the 
most important library on the hard drive.  Since the NT license was in 
those days several hundred dollars, I called microsoft and tried to 
explain what had happened and they not only refused to help, they 
accused me of being a pirate.  That was their mistake, and from that day 
on, any specialty built machines never saw a windows install cd on my 
watch. I still think they has a random delay generator that was to 
delete that file when the delay ran out.  Call it a virus, but that 
machine never saw the internet to get a virus, what it got for data was 
transmitted in the networks video streams vertical interval.  If the 
messages received needed a reply, it took the reply and dialed up the 
modem on their machine to post the reply.

In the meantime, an intelligent young man taught himself about that 
stuff, relieving me of that responsibility. He has built several server 
class machines to handle all the programs in digital formats that what 
in now a 2 network, 6 channel tv station needs, capable of moving a 1 
hour program from the receiver machine to the air server, in about 30 
seconds while that air server is airing 6 separate channels.  And now 
backups for both have been built with auto failover, even in mid 
program.  He's good.

The complex (now 6 channels of tv, 1 class C fm radio station) was 
recently sold since the owner died about 2 years back, and the buyers IT 
people wanted to replace all that linux "junk" with windows machines. 
Enthusiasm to convert silently died when they found the terminal room 
would need expanding and almost double the HVAC to support that many 
windows machines like they were using at all their other properties. 
VERY BIG ups powers it all for long enough to get a 125 kw generator up 
to speed, so its on the air 24/7 until its out of fuel. 500 gallon tank, 
so that takes a while to run low. They've got all that at their other 
properties including the winders headaches.  This stuff Just Works, 24/7 
even with 2 HD's sick and dead.

I think its impressing the hell out of the windows crew the new owners 
have been keeping at their other stations. If not, they are dumb like a 
pet rock I once saw that said on one side, "turn me over" and on the 
other side "mmm, that felt good".

> Have a nice day :)

If I can recover from working on the mower deck and re-installing it over 
the last 4 days. Sheet metal close to toasted, had to make a 6" square, 
1/4" thick plate to support the pivot bolt the deck clutch lever turns 
on.  With luck, it may outlast me. An 82 yo body is over worked with all 
that rolling around on the driveway, and I've got aches in most of the 
major muscles today.  But if it needs to be done, I'll figure out a way 
to do it.  Raised in the farm country in Iowa, where it was a 4 hour 
drive to town, one way, with a team of horses in 1940.  Out there, if it 
had to be done, you did it, or it didn't get done.

And my grandfather was good at it, he had built and installed a 32 volt 
delco electric system, and made the Maytag washer into an electric one 
after it kicked back and broke grandmothers ankle 

Re: One-line password generator

[Brian]

On Wed 30 Aug 2017 at 15:47:35 +0200, Thomas Schmitt wrote:

> Gene Heskett wrote:
> > Well, that easy to remember method just went down in flames.  Sigh...
> 
> That's the first diffuse but significant wisdom we found in this thread:
> 
> If you can memorize it without the help of publicly knowable details of
> your life, then it's too easy to enumerate with nowadays' hardware.

But the crackers would likely not be in possession of a leaked password
(Uld4dFpYSkdkV1J3ZFdOclpYSUsK) but of a hash of it. The article Curt
referenced relates how attacking the hashes with brute force for any
password with over six random characters was only looked at selectively.
And that was with MD5 hashes. With the much slower bcrypt the effort to
crack anything more might have been too much.

The example generated password is 28 characters. How random they are I
do not know, but the article indicates it was not put to the test. Maybe
Gene Heskett's password does not have all the criteria for being complex
and completely random, but for now it looks like it would escape
unscathed from brute force probing.

The password does not contain any memorable words so word lists do not
look an inviting prospect. Without the password one cannot begin to
examine how it was created.

Suppose

  echo "ElmerFudpucker" | base64 | base64

became

 echo "ElmerFudpucker" |  | base64 | base64

which is as memorisable as previously,

I am not saying the problem becomes insurmountable for attackers, but
slowing them down considerably cannot be bad. (That's assuming they are
in possession of the hashes and are after *your* Twitter account. You
really don't believe that, do you?)

-- 
Brian.

Re: Required help on local Debain mirror

[David Wright]

On Wed 30 Aug 2017 at 17:27:31 (+0200), Christian Seiler wrote:
> Hi there,
> 
> Am 2017-08-29 11:57, schrieb Kala Techies:
> >I am using (Debian GNU/Linux 6.0.10 (squeeze)) in my environment and I
> >want to update all systems using one local mirror.
> 
> I don't think it's a good idea to setup a real local mirror,
> as that means you'll download the entire archive, which is
> likely going to be a _lot_ more stuff (especially if you
> download all available architectures) than upgrading each
> machine individually.
> 
> What you'll rather want is to setup a local proxy server
> that'll cache the packages. This way you'll only download
> what you actually need, but you'll also only download it
> once.
> 
> I can recommend the apt-cacher-ng package for that.

However, be prepared for problems if you run a version of
apt-cacher-ng as old as squeeze's.

I still run apt-cacher-ng on a wheezy machine and have had to switch
between the backports and backports-sloppy versions, currently the
latter, 0.9.1-1~bpo7+1. The main failures have been (1) expiration of
old packages¹, (2) new compression schemes² for Packages files, (3)
new InRelease files and (4) servicing apt-listbugs³ searches. I use it
for wheezy and jessie, but have made no attempt to use it with
stretch; is that when hashed indexing started?

I don't know how many of these issues will affect a constituency of
totally squeeze PCs; I guess that depends on whether the mirrors
being used have been updating their apt methods, and if there are
squeeze backports.

¹ie the archive grows for ever.
²eg .xz and/or .bz2 files.
³my current command sequence for upgrading is the unwieldy
# apt-get -o Acquire::http::Proxy="http://192.168.1.19:3142/; update
# apt-get -d -o Acquire::http::Proxy="http://192.168.1.19:3142/; upgrade
# apt-get upgrade

Cheers,
David.

Re: media server

[AlexLikeRock]

Tu solución 

KODY

https://kodi.tv/



 Original Message 
From: Ariel Alvarez 
Sent: August 30, 2017 6:36:58 AM GMT-06:00
To: debian-user-spanish 
Subject: media server

Hola lista, he investigado un poco acerca del tema media server, la idea 
es contar con un soporte que contenga video, imagen, audio, y estos 
contenidos sean accedidos tanto por red cableada como por dispositivos 
moviles a travez de algun punto de acceso, ademas de acceder y 
visualizar los contenidos en tiempo real estos pudieran ser descargados, 
se que esto hasta cierto punto con un samba o un apache lo puedo lograr, 
pero me gustaria que los contenidos no parezcan burdamente como 
directorios y ficheros, si no que aparezcan categorizados en una pagina 
web por ejemplo los thumnails de cada elemento existente. Se ademas que 
existen multiples plataformas web con sus plugins o modulos que permiten 
hacer esto, pero el contenido es extenso y seria dedicarle mucho tiempo 
a categorizar elemento por elemento, subirlo a la plataforma con su 
descripcion y demas, lo ideal seria en este aspecto un sistema que 
apunte a un directorio en espesifico y mediante este se genere una bd 
sirviendo esta para su posterior visualizacion en un soporte web. esa es 
la idea a groso modo.

hasta el momento de lo que he encontrado y mas se acerca a lo que 
neceito estan (plex media server, minidlna), pero queria acudir a la 
experiencia que quizas tenga alguno de ustedes respecto a este tema.

gracias de antemano, cualquier ayuda o idea sera bienvenida.

-
Consejo Nacional de Casas de Cultura
http://www.casasdecultura.cult.cu




-- 
Software libre NO significa gratis: RMS

fallos en instalación limpia de debian stretch

[José Benito Martínez]

Soy prácticamente novato en debian; si alguien puede ayudarme le estaré
muy agradecido.

Hace algún tiempo instalé debian-9.1 en mi Acer E-15 y por más que lo
he intentado a través de google no encontrado ningún caso similar que
me pudiera ser de ayuda. En resumen, tengo dos fallos:
 
1º)

platform MSFT0101:00 failed to claim resource 1
acpi MSFT0101:00 platform device creation failed: -16


2º)

ath10k_pci :02:00.0: firmware: failed to load ath10k/pre-cal-pci-
:02:00.0.bin (-2)

ath10k_pci :02:00.0: Direct firmware load for ath10k/pre-cal-pci-
:02:00.0.bin failed with error -2

ath10k_pci :02:00.0: firmware: failed to load ath10k/cal-pci-
:02:00.0.bin (-2)

ath10k_pci :02:00.0: Direct firmware load for ath10k/cal-pci-
:02:00.0.bin failed with error -2

Un cordial saludo a todos.

Xerrada sobre Debian al DLP el 16 de setembre

[Alex Muntada]

Hola!

A petició d'en Rafael Carreras, el proper dissabte 16 de setembre
faré una xerrada sobre el desenvolupament a Debian dins el marc
del Dia de la Llibertat del Programari: http://dlp.caliu.cat/

El que us volia preguntar és de quins temes us agradaria que
parli concretament. Podeu preguntar-me el que vulgueu (AMA) i
jo ja triaré el que cregui més interessant per la xerrada.

Així doncs, us agrairé que respongueu aquest correu explicant-me
què us agradaria saber, sobre què us agradaria aprofundir, què
voldríeu aprendre, en què us agradaria contribuir, etc. Podeu
fer-ho en privat, si voleu.

A banda de facilitar-me la feina per la xerrada, crec que pot
ser una bona oportunitat per conèixer millor els interessos i
els interrogants d'aquesta comunitat.

Salut i moltes gràcies!
Alex



signature.asc
Description: PGP signature

Re: (deb-cat) Permisos amb journalctl

[Alex Muntada]

Narcis Garcia:

> Ara he provat amb una Debian 8, sense Apache però amb una
> bitàcola semblant:
> /var/log/auth.log

El «gestor» d'aquest fitxer és rsyslog, no és el mateix cas que
amb els logs d'apache.

> Jo, com a membre del grup «adm», puc consultar el contingut del
> fitxer, (que conté entrades de sshd), però «journalctl -u ssh»
> no em mostra res a menys que actui com a «root».

El grup adm serveix per fer grep i coses similars. Com ja he dit
abans, el journalctl utilitza un grup diferent per gestionar
l'accés als logs a través seu, però ningú ha dit que journalctl
tingui l'exclusiva d'accés als logs.

> En aquest cas veig que el «postinst» del paquet openssh-server
> no estableix permisos.

Perquè no és responsabilitat d'aquest paquet fer-ho. Hi ha
d'altres serveis que escriuen en aquest fitxer via syslog i
no tindria sentit que tots ells comprovin els permisos i
facin els canvis corresponents.

> També ho he provat amb exim4 (concretament el postinst del
> paquet exim4-base estableix que el grup «adm» pot llegir les
> bitàcoles), i amb el mateix efecte en aquesta Debian: root
> llegeix tot, qualsevol altre no llegeix res amb journalctl.

És el mateix cas d'abans, no hi veig cap problema.

> En definitiva, no crec que els empaquetadors estiguin
> aconseguint establir permisos efectius.

Els empaquetadors només s'han de preocupar pels permisos dels
logs exclusius dels seus serveis (e.g. apache2, exim-base...)
i això fan perquè qualsevol que tingui el grup que toca pugui
utilitzar les odres habituals del shell per llegir-los.

Que journalctl no tingui en compte això és una decisió pròpia
de disseny que no té res a veure amb la feina que fan els
empaquetadors.

Salut,
Alex



signature.asc
Description: PGP signature

Re: (deb-cat) Permisos amb journalctl

[Narcis Garcia]

El 30/08/17 a les 17:54, Alex Muntada ha escrit:
> Narcis Garcia:
> 
>> Com s'administra això amb Systemd una vegada el sistema està
>> instal·lat?
>> ...
>> És que, com a usuari normal, comprovo que journalctl m'ho deixa
>> veure tot.
> 
> Si executo journalctl en un shell amb el meu usuari diu això
> (però no mostra cap missatge de log):
> 
> ```
> Hint: You are currently not seeing messages from other users and the system.
>   Users in the 'systemd-journal' group can see all messages. Pass -q to
>   turn off this notice.
> No journal files were opened due to insufficient permissions.
> ```
> 
>> Com ho fan l'empaquetador i el desenvolupador d'un servei per
>> establir els permisos de cada bitàcola?
> 
> Al fitxer debian/postinst. Per exemple, pots veure com ho fan pel
> paquet d'apache2:
> 
> ```
> dget apache2
> dpkg -e apache2_2.4.25-3+deb9u2_amd64.deb ./debian
> grep chown ./debian/postinst
> ```
> 
> Salut,
> Alex
> 

Ara no estic segur de si m'ho va deixar veure tot un ordinador amb
Ubuntu 16.04 (que ara no tinc a mà). El què ara he provat sembla anar al
revés: més seguretat per defecte;

Ara he provat amb una Debian 8, sense Apache però amb una bitàcola semblant:
/var/log/auth.log
(ja és propietat de root:adm i permisos -rw-r-)
Jo, com a membre del grup «adm», puc consultar el contingut del fitxer,
(que conté entrades de sshd), però «journalctl -u ssh» no em mostra res
a menys que actui com a «root».
En aquest cas veig que el «postinst» del paquet openssh-server no
estableix permisos.

També ho he provat amb exim4 (concretament el postinst del paquet
exim4-base estableix que el grup «adm» pot llegir les bitàcoles), i amb
el mateix efecte en aquesta Debian: root llegeix tot, qualsevol altre no
llegeix res amb journalctl.

En definitiva, no crec que els empaquetadors estiguin aconseguint
establir permisos efectius.

Re: One-line password generator

[Gene Heskett]

On Wednesday 30 August 2017 10:07:09 Greg Wooledge wrote:

> On Wed, Aug 30, 2017 at 09:57:34AM -0400, Gene Heskett wrote:
> > On Wednesday 30 August 2017 09:47:35 Thomas Schmitt wrote:
> > > The reason why this is still not fully reflected by the man page
> > > is not yet uncovered.
> >
> > Maybe a wee bit of security by obscurity?
>
> Or you're not reading the current man pages.  The man page has changed
> in stretch.  The "legacy" wording is not in wheezy's or jessie's.

Which is wheezy's version I am reading.  But you-all know how to fix 
that. :)

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Inconsistent predictable interface names

[David Wright]

On Wed 30 Aug 2017 at 11:01:07 (-0400), Henning Follmann wrote:
> On Wed, Aug 30, 2017 at 04:12:16PM +0300, Reco wrote:
> > Hi.
> > 
> > On Wed, Aug 30, 2017 at 08:39:44AM -0400, Cindy-Sue Causey wrote:
> > > On 8/29/17, Reco  wrote:
> > > 
> > > 
> [...]
> > > I left everything in there in case somehow it already says "yes or
> > > no". Is it possible that's previously declared somewhere, possibly
> > > maybe in user configuration files that would carry over from upgrade
> > > to upgrade?
> > 
> > OP's e-mail says to this:
> > 
> > > > I am experiencing an odd issue with a new install of Stretch.
> > 
> > My e-mails assumed that there was no upgrade.
> > 'udevadm info' should've shown such stray configuration files BTW, hence
> > 'trie on-disk' remark.
> > 
> 
> Yep, this was a new install. Even though I tend to reuse old configurations
> from previous installs, this very much happend with an untouched new
> install (only deviation from a "default" was xfce instead of gnome).
> I disabled the NM but at that time the names were already like they are
> right now. 
> 
> BTW. all those "try on disk" were sent to stderr and I piped only the
> stdout into my previous mail, that's why they were missing.
> 
> 
> > 
> > > Maybe like something manually altered via a network
> > > manager at some point... or something? :)
> > 
> > That's possible. Network Manager's ability to change MAC address of WLAN
> > (for AP scanning), or, say, machanger intervention can lead to funny
> > results if "Predictable" NIC Names are enabled. I haven't seen it
> > manifested in NIC renaming though.
> > 
> 
> That was my initial thought.
> 
> 
> > It should not be possible in this case (all NICs are PCI devices) since
> > "Predictable" NIC Names should set by udev from initrd long before root
> > filesystem is mounted and things like Network Manager have a chance to
> > interfere.
> > 
> 
> Yes, and I see that in dmesg happening for eth0. However that does not
> happen for the wlan0. I can see the firmware being loaded but no name
> changing to predictable pattern.

I see the name changes on these systems (a live stick and an
installation of stretch). What's odd is that the name of the
wireless interface is never reflected when its module is loaded
or reloaded; the first mention is always at the renaming moment.
This contrasts with the wired interface.

[3.930811] r8169 :01:00.0 eth0: RTL8168g/8111g at […]
[3.942793] r8169 :01:00.0 enp1s0: renamed from eth0
[   18.689852] iwlwifi :02:00.0: firmware: direct-loading firmware 
iwlwifi-7260-17.ucode
[   18.691150] iwlwifi :02:00.0: loaded firmware version 17.352738.0 
op_mode iwlmvm
[   19.399207] iwlwifi :02:00.0 wlp2s0: renamed from wlan0

[  111.424281] ipw2200: Intel(R) PRO/Wireless 2200/2915 Network Driver, […]
[  111.439912] tg3 :02:02.0 eth0: Tigon3 [partno(BCM95705A50) rev 3003] […]
[  111.443209] tg3 :02:02.0 enp2s2: renamed from eth0
[  134.994910] ipw2200 :02:04.0 wlp2s4: renamed from eth0

(selected lines only).

Cheers,
David.

Re: On another (but related) note: Zip files

[Mario Castelán Castro]

On 30/08/17 05:14, Darac Marjal wrote:
> So, because gzip has such a market share in the Linux world, it makes
> sense for it to be included in the debian base install (in fact, apt and
> various utilities rely on it, so it needs to be there). Zip files,
> though, are much less common in the Linux world. There is nothing in the
> base install of debian that requires zip files, so therefore the zip
> program is not installed.

*GNU/Linux world*

Also it is worth noting that tar + gzip will do solid compression (it
compresses the archive as a whole), while zip compresses each file
independently. The zip approach gives worse compression, but extracting
a single file is faster, since only that file has to be uncompressed.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: (deb-cat) Permisos amb journalctl

[Alex Muntada]

Narcis Garcia:

> Com s'administra això amb Systemd una vegada el sistema està
> instal·lat?
> ...
> És que, com a usuari normal, comprovo que journalctl m'ho deixa
> veure tot.

Si executo journalctl en un shell amb el meu usuari diu això
(però no mostra cap missatge de log):

```
Hint: You are currently not seeing messages from other users and the system.
  Users in the 'systemd-journal' group can see all messages. Pass -q to
  turn off this notice.
No journal files were opened due to insufficient permissions.
```

> Com ho fan l'empaquetador i el desenvolupador d'un servei per
> establir els permisos de cada bitàcola?

Al fitxer debian/postinst. Per exemple, pots veure com ho fan pel
paquet d'apache2:

```
dget apache2
dpkg -e apache2_2.4.25-3+deb9u2_amd64.deb ./debian
grep chown ./debian/postinst
```

Salut,
Alex



signature.asc
Description: PGP signature

Re: Required help on local Debain mirror

[Christian Seiler]

Hi there,

Am 2017-08-29 11:57, schrieb Kala Techies:

I am using (Debian GNU/Linux 6.0.10 (squeeze)) in my environment and I
want to update all systems using one local mirror.


I don't think it's a good idea to setup a real local mirror,
as that means you'll download the entire archive, which is
likely going to be a _lot_ more stuff (especially if you
download all available architectures) than upgrading each
machine individually.

What you'll rather want is to setup a local proxy server
that'll cache the packages. This way you'll only download
what you actually need, but you'll also only download it
once.

I can recommend the apt-cacher-ng package for that.

Regards,
Christian

Re: Atril configuration saving

[Phil Dobbin]

On 30/08/17 12:27, Haines Brown wrote:

> I find the atril pdf viewer to be the most satisfactory choice for my
> needs. However, a problem is that it does not save my configuration.
> 
> More specifically, I go to its View menu and set my desired
> configuration. Then I go to Edit, Save Current Settings as Default. It
> has no effect, and atril  opens with other values.
> 
> I should note that I don't run any desktop environment, not Mate or any
> other. None of the files in /usr/bin or in /usr/share/atril appear to
> specify configuration values.  My guess is that atril would look for a
> file such as /usr/share/atril/atril-config.xml or ~/.atril in which
> configuration values are set.

Hi Haines.

You'd maybe get a better result filing an issue at Atril's repo on GitHub:



HTH,

 Phil.

-- 
"For 50 years it was like being chained to an idiot"
Kingsley Amis on his loss of libido when he turned fifty



signature.asc
Description: OpenPGP digital signature

Re: Required help on local Debain mirror

[Dan Ritter]

On Tue, Aug 29, 2017 at 03:27:12PM +0530, Kala Techies wrote:
> I am new to Debian and I want some help on Local Debain Mirror.
> 
> 
> 
> I am using (Debian GNU/Linux 6.0.10 (squeeze)) in my environment and I want
> to update all systems using one local mirror.
> 
> I tried to configure local mirror and followed some tutorials to configure
> local mirror :-

First question: why are you using squeeze instead of stretch?

(There are occasionally good reasons.)

The easiest way to get a mirror working is to use the apt-mirror
package.

Install it on a machine with enough disk space, along with a
webserver.

Edit /etc/apt/mirrors.list 

If you really need squeeze, you'll need to get packages from
https://www.debian.org/distrib/archive

-dsr-

Re: Inconsistent predictable interface names

[Henning Follmann]

On Wed, Aug 30, 2017 at 04:12:16PM +0300, Reco wrote:
>   Hi.
> 
> On Wed, Aug 30, 2017 at 08:39:44AM -0400, Cindy-Sue Causey wrote:
> > On 8/29/17, Reco  wrote:
> > 
> > 
[...]
> > I left everything in there in case somehow it already says "yes or
> > no". Is it possible that's previously declared somewhere, possibly
> > maybe in user configuration files that would carry over from upgrade
> > to upgrade?
> 
> OP's e-mail says to this:
> 
> > > I am experiencing an odd issue with a new install of Stretch.
> 
> My e-mails assumed that there was no upgrade.
> 'udevadm info' should've shown such stray configuration files BTW, hence
> 'trie on-disk' remark.
> 

Yep, this was a new install. Even though I tend to reuse old configurations
from previous installs, this very much happend with an untouched new
install (only deviation from a "default" was xfce instead of gnome).
I disabled the NM but at that time the names were already like they are
right now. 

BTW. all those "try on disk" were sent to stderr and I piped only the
stdout into my previous mail, that's why they were missing.


> 
> > Maybe like something manually altered via a network
> > manager at some point... or something? :)
> 
> That's possible. Network Manager's ability to change MAC address of WLAN
> (for AP scanning), or, say, machanger intervention can lead to funny
> results if "Predictable" NIC Names are enabled. I haven't seen it
> manifested in NIC renaming though.
> 

That was my initial thought.


> It should not be possible in this case (all NICs are PCI devices) since
> "Predictable" NIC Names should set by udev from initrd long before root
> filesystem is mounted and things like Network Manager have a chance to
> interfere.
> 

Yes, and I see that in dmesg happening for eth0. However that does not
happen for the wlan0. I can see the firmware being loaded but no name
changing to predictable pattern.

FWIW

-H


-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: One-line password generator

[Thomas Schmitt]

Hi,

i wrote:
> > If you can memorize it without the help of publicly knowable details of
> > your life, then it's too easy to enumerate with nowadays' hardware.

Curt wrote:
> He should've salted it a little.

Sure. I also did not "crack" it by enumeration but by base64 -d after
recognizing the type of redundancy in Gene's challenge.

But the salt must be stored somewhere outside the brain (because it is not
safe if ... yada yada ...).
This brings us to the (still amateurish) idea of having a good encryption
algorithm with a computer stored key and a human memorizable input word.

But as soon as the computer stored secret gets stolen and brought to an
enumaration expert, the protection against skilled attacks is weak again.


> yes, I spoke with Ted over lunch

How annoyed was he by the topic comming up once again ?


> That's because he thinks entropy is a property of the process that
> generates the output

I will have to think about this idea ... (with no expectation to beat
Theodore T'so in such a game) ...


Have a nice day :)

Thomas

Re: One-line password generator

[Curt]

On 2017-08-30, Thomas Schmitt  wrote:
> Hi,
>
> Gene Heskett wrote:
>> Well, that easy to remember method just went down in flames.  Sigh...
>
> That's the first diffuse but significant wisdom we found in this thread:
>
> If you can memorize it without the help of publicly knowable details of
> your life, then it's too easy to enumerate with nowadays' hardware.
>

He should've salted it a little.

> Another wisdom is that Theodore T'so, a well reputed and mindful person
> who is also the kernel maintainer of "RANDOM NUMBER DRIVER", flatly thinks
> that /dev/random is legacy as soon as the system is fully up.

That's because he thinks entropy is a property of the process that
generates the output and not of the output itself (yes, I spoke with Ted
over lunch). Therefore the idea that it can be "depleted" or "used up"
is not right. It's not even wrong (with apologies to Wolfgang Pauli).

-- 
"The world breaks everyone and afterward many are strong in the broken places.
But those that will not break it kills. It kills the very good and the very
gentle and the very brave impartially. If you are none of these you can be sure
it will kill you too but there will be no special hurry." *A Farewell to Arms*

Re: One-line password generator

[Thomas Schmitt]

Hi,

i wrote:
> > The reason why this is still not fully reflected by the man page is
> > not yet uncovered.

Gene Heskett wrote:
> Maybe a wee bit of security by obscurity?  There is that I think in 
> everyones thinking on this subject.  They don't want to price the farm 
> so cheap that it will actually sell.

Ah no. The obscurity principle is unpopular in cryptography.
The widely accepted method is to have the algorithms public, so they can
be analysed and discussed, and to have the secrets separated in keys.

Given that Theodore T'so can probably cause a text change in the man page
if he really demands it, i rather expect to find a nitpicker like me who
challenges the flat deprecation of /dev/random by some thin but valid
argument. Just a gut feeling of mine.


For my own decision of /dev/random against /dev/urandom:
I use either of them very rarely. I have to deal with several old kernels
of which i do not know how firm the opinions were when those kernels were
young.
So i will continue to use the legacy interface as long as it is available.
But i will not raise objections if some day it becomes exactly the same as
the /dev/urandom interface.
This is the decision of the maintainers (Theodore T'so and Neil Horman of
CRYPTOGRAPHIC RANDOM NUMBER GENERATOR), whom i deem more educated on
the topic than i am.


Have a nice day :)

Thomas

Re: One-line password generator

[Greg Wooledge]

On Wed, Aug 30, 2017 at 09:57:34AM -0400, Gene Heskett wrote:
> On Wednesday 30 August 2017 09:47:35 Thomas Schmitt wrote:
> > The reason why this is still not fully reflected by the man page is
> > not yet uncovered.
> 
> Maybe a wee bit of security by obscurity?

Or you're not reading the current man pages.  The man page has changed
in stretch.  The "legacy" wording is not in wheezy's or jessie's.

Re: One-line password generator

[Gene Heskett]

On Wednesday 30 August 2017 09:47:35 Thomas Schmitt wrote:

> Hi,
>
> Gene Heskett wrote:
> > Well, that easy to remember method just went down in flames. 
> > Sigh...
>
> That's the first diffuse but significant wisdom we found in this
> thread:
>
> If you can memorize it without the help of publicly knowable details
> of your life, then it's too easy to enumerate with nowadays' hardware.
>
>
> Another wisdom is that Theodore T'so, a well reputed and mindful
> person who is also the kernel maintainer of "RANDOM NUMBER DRIVER",
> flatly thinks that /dev/random is legacy as soon as the system is
> fully up.
>
> The reason why this is still not fully reflected by the man page is
> not yet uncovered.

Maybe a wee bit of security by obscurity?  There is that I think in 
everyones thinking on this subject.  They don't want to price the farm 
so cheap that it will actually sell.

> It might have its roots in the sloppy mathematical discussion style of
> people like those quoted in
>   https://www.2uo.de/myths-about-urandom/#experts
> except, i'd say, Thomas Pornin who is quoted with
>   "indistinguishable from true randomness, given existing technology."
> Probably the others have moments of more exactness, too. But at least
> in their quotes this is not to see.
>
>
> An important argument is that of the armored safe with cardboard
> backplane.
>
> If you have a really good password and really manage to memorize it in
> your brain alone, then there are other real life methods to get to
> your private stuff.
> Insofar i confess that all my resisting and objecting is more sport
> than real business. My aplogies to all annoyed bystanders. I will do
> it again.
>
Please do.
>
> Have a nice day :)

You too.

> Thomas


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: One-line password generator

[Thomas Schmitt]

Hi,

Gene Heskett wrote:
> Well, that easy to remember method just went down in flames.  Sigh...

That's the first diffuse but significant wisdom we found in this thread:

If you can memorize it without the help of publicly knowable details of
your life, then it's too easy to enumerate with nowadays' hardware.


Another wisdom is that Theodore T'so, a well reputed and mindful person
who is also the kernel maintainer of "RANDOM NUMBER DRIVER", flatly thinks
that /dev/random is legacy as soon as the system is fully up.

The reason why this is still not fully reflected by the man page is not
yet uncovered.
It might have its roots in the sloppy mathematical discussion style of
people like those quoted in
  https://www.2uo.de/myths-about-urandom/#experts
except, i'd say, Thomas Pornin who is quoted with
  "indistinguishable from true randomness, given existing technology."
Probably the others have moments of more exactness, too. But at least
in their quotes this is not to see.


An important argument is that of the armored safe with cardboard backplane.

If you have a really good password and really manage to memorize it in
your brain alone, then there are other real life methods to get to your
private stuff.
Insofar i confess that all my resisting and objecting is more sport than
real business. My aplogies to all annoyed bystanders. I will do it again.


Have a nice day :)

Thomas

Re: lp printing doesn't work

[Curt]

On 2017-08-30, Brian  wrote:
>> 
>> Vary confused.
>
> That makes two of us.
>
> Try setting a per-user default queue, which overrides the system-level
> setting in /etc/cups/lpoptions. The per-user default is stored in
> ~/.cups/lpoptions with 'lpoptions -d'. There is also a PRINTER variable
> (see lp(1)) which can be used instead. It overrides ~/.cups/lpoptions.
>

There's also LPDEST? I was going to say check your PRINTER and LPDEST
environment variables, as they take precedence over whatever is set (if
anything) by the lpoptions and lpadmin commands. However I was unsure
whether the error message corresponded.

lpstat -p gives all spooler destinations.


-- 
"The world breaks everyone and afterward many are strong in the broken places.
But those that will not break it kills. It kills the very good and the very
gentle and the very brave impartially. If you are none of these you can be sure
it will kill you too but there will be no special hurry." *A Farewell to Arms*

Re: One-line password generator

[Gene Heskett]

On Wednesday 30 August 2017 09:09:49 Thomas Schmitt wrote:

> Hi,
>
> > I hereby challenge this group to crack this passwd:
> > Uld4dFpYSkdkV1J3ZFdOclpYSUsK
>
> Without the claim to be able to do this again:
>
> By enumerating the name "Elmer Fudpucker" (obviously known to the
> internet) and applying base64 twice:
>
>   $ echo "ElmerFudpucker" | base64 | base64
>   Uld4dFpYSkdkV1J3ZFdOclpYSUsK
>
>
> Have a nice day :)
>
Well, that easy to remember method just went down in flames.  Sigh...

> Thomas


Cheers Thomas, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Inconsistent predictable interface names

[Reco]

Hi.

On Wed, Aug 30, 2017 at 08:39:44AM -0400, Cindy-Sue Causey wrote:
> On 8/29/17, Reco  wrote:
> >
> > On Tue, Aug 29, 2017 at 01:04:06PM -0400, Henning Follmann wrote:
> >> On Tue, Aug 29, 2017 at 07:45:41PM +0300, Reco wrote:
> >> >
> >> > On Tue, Aug 29, 2017 at 11:01:35AM -0400, Henning Follmann wrote:
> >> > > Hello,
> >> > > I am experiencing an odd issue with a new install of Stretch.
> >> > > I do get the new predictable interface name for my ethernet (enp3s0).
> >> > > However I still have the old name for the wireless network card
> >> > > (wlan0).
> >> > > So I checked /etc/systemd/network if there is any .link file, there
> >> > > isn't.
> >> > > Also grub is configured correctly ("quiet" being the only kernel
> >> > > parameter).
> >> > > Where else might I have to check and which program might be
> >> > > overwriting
> >> > > this?
> >> >
> >> > Please post the output of this (root is needed):
> >> >
> >> > udevadm test /sys/class/net/wlan0
> >>
> >> 
> >> This program is for debugging only, it does not run any program
> >> specified by a RUN key. It may show incorrect results, because
> >> some values may be different, or not available at a simulation run.
> >>
> >> ACTION=add
> >> DEVPATH=/devices/pci:00/:00:15.0/:02:00.0/ssb0:0/net/wlan0
> >> DEVTYPE=wlan
> >> ID_BUS=pci
> >> ID_MM_CANDIDATE=1
> >> ID_MODEL_FROM_DATABASE=BCM4322 802.11a/b/g/n Wireless LAN Controller
> >> (AirPort Extreme)
> >> ID_MODEL_ID=0x432b
> >> ID_NET_DRIVER=b43
> >> ID_NET_LINK_FILE=/lib/systemd/network/99-default.link
> >> ID_NET_NAME_MAC=wlxd8a25e8dabb1
> >> ID_OUI_FROM_DATABASE=Apple, Inc.
> >> ID_PATH=pci-:02:00.0
> >> ID_PATH_TAG=pci-_02_00_0
> >> ID_PCI_CLASS_FROM_DATABASE=Network controller
> >> ID_PCI_SUBCLASS_FROM_DATABASE=Network controller
> >> ID_VENDOR_FROM_DATABASE=Broadcom Limited
> >> ID_VENDOR_ID=0x14e4
> >> IFINDEX=3
> >> INTERFACE=wlan0
> >> SUBSYSTEM=net
> >> SYSTEMD_ALIAS=/sys/subsystem/net/devices/wlan0
> >> TAGS=:systemd:
> >> USEC_INITIALIZED=16526604
> >> run: 'ifupdown-hotplug'
> >> run: '/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/wlan0
> >> --prefix=/net/ipv4/neigh/wlan0 --prefix=/net/ipv6/conf/wlan0
> >> --prefix=/net/ipv6/neigh/wlan0'
> >
> > Hm. This particular output seems to lack 'trie on-disk' blurb that shows
> > exact udev configuration files that could influence its decision, but
> > that's pure cosmetic.
> > The main difference from the hardware I have access to is the lack of
> > ID_NET_NAME and ID_NET_NAME_PATH attributes.
> >
> > Presumably that's because this particular class of PCI devices is not
> > recognised by net_id and net_setup_link udev builtins as a valid NIC.
> > It could be fixed in newer udev, or not.
> >
> > Long story short - you've found a udev bug.
> >
> > A good thing is - it has as easy workaround as creating a .link file
> > like this:
> >
> > [Match]
> > MACAddress=d8:a2:5e:8d:ab:b1
> > [Link]
> > Name=enp2s0
> >
> > Or whatever 'predictable' name you prefer. I believe that in your
> > conditions 'wlan0' is predictable enough ☺.
> 
> 
> I left everything in there in case somehow it already says "yes or
> no". Is it possible that's previously declared somewhere, possibly
> maybe in user configuration files that would carry over from upgrade
> to upgrade?

OP's e-mail says to this:

> > I am experiencing an odd issue with a new install of Stretch.

My e-mails assumed that there was no upgrade.
'udevadm info' should've shown such stray configuration files BTW, hence
'trie on-disk' remark.


> Maybe like something manually altered via a network
> manager at some point... or something? :)

That's possible. Network Manager's ability to change MAC address of WLAN
(for AP scanning), or, say, machanger intervention can lead to funny
results if "Predictable" NIC Names are enabled. I haven't seen it
manifested in NIC renaming though.

It should not be possible in this case (all NICs are PCI devices) since
"Predictable" NIC Names should set by udev from initrd long before root
filesystem is mounted and things like Network Manager have a chance to
interfere.

Reco

Re: One-line password generator

[Thomas Schmitt]

Hi,

> I hereby challenge this group to crack this passwd:
> Uld4dFpYSkdkV1J3ZFdOclpYSUsK

Without the claim to be able to do this again:

By enumerating the name "Elmer Fudpucker" (obviously known to the internet)
and applying base64 twice:

  $ echo "ElmerFudpucker" | base64 | base64
  Uld4dFpYSkdkV1J3ZFdOclpYSUsK


Have a nice day :)

Thomas

Re: Installer un serveur mail complet sous Debian 9 Stretch

[Luc Novales]

Bonjour,


Le 28/08/2017 à 03:09, G2PC a écrit :

Bonjour,

Je cherche un tutoriel pour installer un serveur mail complet sous
Debian Stretch.

J'ai trouvé celui-ci :
https://blog.tetsumaki.net/articles/2017/08/installation-dune-solution-mail-complete-sous-debian-9-stretch.html

Si vous avez un support correct, complet, accessible, pour Debian
Stretch, en complément, ou, en remplacement, merci de vos retours.

Tout dépend de ce que tu entends par "solution mail complète".
Les docs debian sont de très bonne qualité ;-)

https://www.debian.org/doc/manuals/debian-handbook/network-services.fr.html#sect.smtp-mail-server

Bonne journée,
Luc.

Re: One-line password generator

[Gene Heskett]

On Wednesday 30 August 2017 08:11:05 Greg Wooledge wrote:

> On Wed, Aug 30, 2017 at 11:47:24AM +1000, Zenaan Harkness wrote:
> > They don't. You ought not use /dev/urandom for key generation, use
> > /dev/random instead.
>
> The Linux man page disagrees with you.  From Debian 9 urandom(4):
>
>The /dev/random device is a legacy interface which dates back
> to a time where the  cryptographic  primitives  used  in  the 
> implementation  of /dev/urandom were not widely trusted.  It will
> return random bytes only within the estimated number of bits of fresh
> noise in the entropy pool, blocking  if  necessary.  /dev/random is
> suitable for applications that need high quality randomness, and can
> afford indeterminate delays.
>
>[...]
>
>Usage
>The  /dev/random  interface  is  considered  a  legacy 
> interface,  and /dev/urandom is preferred and sufficient in all  use 
> cases,  with  the exception  of  applications  which require
> randomness during early boot time; for  these  applications, 
> getrandom(2)  must  be  used  instead, because it will block until the
> entropy pool is initialized.

I hereby challenge this group to crack this passwd:

Uld4dFpYSkdkV1J3ZFdOclpYSUsK

And tell me how you arrived at the answer.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Inconsistent predictable interface names

[Cindy-Sue Causey]

On 8/29/17, Reco  wrote:
>
> On Tue, Aug 29, 2017 at 01:04:06PM -0400, Henning Follmann wrote:
>> On Tue, Aug 29, 2017 at 07:45:41PM +0300, Reco wrote:
>> >
>> > On Tue, Aug 29, 2017 at 11:01:35AM -0400, Henning Follmann wrote:
>> > > Hello,
>> > > I am experiencing an odd issue with a new install of Stretch.
>> > > I do get the new predictable interface name for my ethernet (enp3s0).
>> > > However I still have the old name for the wireless network card
>> > > (wlan0).
>> > > So I checked /etc/systemd/network if there is any .link file, there
>> > > isn't.
>> > > Also grub is configured correctly ("quiet" being the only kernel
>> > > parameter).
>> > > Where else might I have to check and which program might be
>> > > overwriting
>> > > this?
>> >
>> > Please post the output of this (root is needed):
>> >
>> > udevadm test /sys/class/net/wlan0
>>
>> 
>> This program is for debugging only, it does not run any program
>> specified by a RUN key. It may show incorrect results, because
>> some values may be different, or not available at a simulation run.
>>
>> ACTION=add
>> DEVPATH=/devices/pci:00/:00:15.0/:02:00.0/ssb0:0/net/wlan0
>> DEVTYPE=wlan
>> ID_BUS=pci
>> ID_MM_CANDIDATE=1
>> ID_MODEL_FROM_DATABASE=BCM4322 802.11a/b/g/n Wireless LAN Controller
>> (AirPort Extreme)
>> ID_MODEL_ID=0x432b
>> ID_NET_DRIVER=b43
>> ID_NET_LINK_FILE=/lib/systemd/network/99-default.link
>> ID_NET_NAME_MAC=wlxd8a25e8dabb1
>> ID_OUI_FROM_DATABASE=Apple, Inc.
>> ID_PATH=pci-:02:00.0
>> ID_PATH_TAG=pci-_02_00_0
>> ID_PCI_CLASS_FROM_DATABASE=Network controller
>> ID_PCI_SUBCLASS_FROM_DATABASE=Network controller
>> ID_VENDOR_FROM_DATABASE=Broadcom Limited
>> ID_VENDOR_ID=0x14e4
>> IFINDEX=3
>> INTERFACE=wlan0
>> SUBSYSTEM=net
>> SYSTEMD_ALIAS=/sys/subsystem/net/devices/wlan0
>> TAGS=:systemd:
>> USEC_INITIALIZED=16526604
>> run: 'ifupdown-hotplug'
>> run: '/lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/wlan0
>> --prefix=/net/ipv4/neigh/wlan0 --prefix=/net/ipv6/conf/wlan0
>> --prefix=/net/ipv6/neigh/wlan0'
>
> Hm. This particular output seems to lack 'trie on-disk' blurb that shows
> exact udev configuration files that could influence its decision, but
> that's pure cosmetic.
> The main difference from the hardware I have access to is the lack of
> ID_NET_NAME and ID_NET_NAME_PATH attributes.
>
> Presumably that's because this particular class of PCI devices is not
> recognised by net_id and net_setup_link udev builtins as a valid NIC.
> It could be fixed in newer udev, or not.
>
> Long story short - you've found a udev bug.
>
> A good thing is - it has as easy workaround as creating a .link file
> like this:
>
> [Match]
> MACAddress=d8:a2:5e:8d:ab:b1
> [Link]
> Name=enp2s0
>
> Or whatever 'predictable' name you prefer. I believe that in your
> conditions 'wlan0' is predictable enough ☺.


I left everything in there in case somehow it already says "yes or
no". Is it possible that's previously declared somewhere, possibly
maybe in user configuration files that would carry over from upgrade
to upgrade? Maybe like something manually altered via a network
manager at some point... or something? :)

Just thinking out loud... :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

media server

[Ariel Alvarez]

Hola lista, he investigado un poco acerca del tema media server, la idea 
es contar con un soporte que contenga video, imagen, audio, y estos 
contenidos sean accedidos tanto por red cableada como por dispositivos 
moviles a travez de algun punto de acceso, ademas de acceder y 
visualizar los contenidos en tiempo real estos pudieran ser descargados, 
se que esto hasta cierto punto con un samba o un apache lo puedo lograr, 
pero me gustaria que los contenidos no parezcan burdamente como 
directorios y ficheros, si no que aparezcan categorizados en una pagina 
web por ejemplo los thumnails de cada elemento existente. Se ademas que 
existen multiples plataformas web con sus plugins o modulos que permiten 
hacer esto, pero el contenido es extenso y seria dedicarle mucho tiempo 
a categorizar elemento por elemento, subirlo a la plataforma con su 
descripcion y demas, lo ideal seria en este aspecto un sistema que 
apunte a un directorio en espesifico y mediante este se genere una bd 
sirviendo esta para su posterior visualizacion en un soporte web. esa es 
la idea a groso modo.


hasta el momento de lo que he encontrado y mas se acerca a lo que 
neceito estan (plex media server, minidlna), pero queria acudir a la 
experiencia que quizas tenga alguno de ustedes respecto a este tema.


gracias de antemano, cualquier ayuda o idea sera bienvenida.

-
Consejo Nacional de Casas de Cultura
http://www.casasdecultura.cult.cu

Re: On another (but related) note: Zip files

[Greg Wooledge]

On Wed, Aug 30, 2017 at 11:14:59AM +0100, Darac Marjal wrote:
> I think it's down to the Freeness of the format. When PKZip was first
> released, it was shareware (meaning that the binary is provided free of
> charge, but there would be a "nag" message telling you to buy the product).
> GZip has always been free (probably GPL, but Wikipedia doesn't make that
> clear). Therefore, in the early days of Linux, gzip was the preferred
> format, because the compressor/decompressor was available for free.

Gzip implements the user interface and semantics of the proprietary
Unix compress(1) program, rather than the MS-DOS PKZIP program.
Where compress(1) placed a .Z extension on its compressed files, gzip
places a .gz extension.

Also noteworthy, gzip/gunzip can uncompress Unix .Z files.  It was
intended as a drop-in replacement for compress(1) and uncompress(1).

Your point about licenses is a bit off the mark.  It's about patents,
not software licenses.

compress(1) used the patented LZW compression algorithm (patent expired
in 2003), while gzip used the DEFLATE algorithm, which was also patented
(by PKWARE, no less!), but which can be "implemented readily in a manner
not covered by patents". 

Re: lp printing doesn't work

[Brian]

On Tue 29 Aug 2017 at 14:14:52 -0700, Gary Roach wrote:

> On 08/29/2017 06:02 AM, Brian wrote:
> >On Sun 27 Aug 2017 at 17:19:51 -0700, Gary Roach wrote:

[Snip]

> >>Anyone have an idea what's causing this.
> >
> >Not a clue! I do not experience it myself. What does 'lpstat -t' give?
> >Does 'lp -d Officejet_Pro_8600_N911a ' print? You could compare
> >logs for the "good" and "bad" systems: 'strace lp '. Both systems
> >have the same cupsd.conf and both run cups-browsed?
> >
> Thank you for the response
> 
> lpstat -t gives:
> scheduler is running
> system default destination: Officejet_Pro_8600_N911a

'lpstat -d' gives this line too?

> device for Officejet_Pro_8600_N911a: socket://192.168.1.5:9100
> Officejet_Pro_8600_N911a accepting requests since Mon 28 Aug 2017 05:24:28
> PM PDT
> printer Officejet_Pro_8600_N911a is idle.  enabled since Mon 28 Aug 2017
> 05:24:28 PM PDT
> 
> Yes 'lp -d Officejet_Pro_8600_N911a ' prints.
> Just lp  gives: lp:Error - no default destination aviilable
> 
> running lpoptions print out, lists the proper url and name of the printer.
> 
> I have a virtual machine - also Debian Stretch - that acts the exact same
> way.
> 
> I have another computer with Stretch installed that works fine.
> 
> Vary confused.

That makes two of us.

Try setting a per-user default queue, which overrides the system-level
setting in /etc/cups/lpoptions. The per-user default is stored in
~/.cups/lpoptions with 'lpoptions -d'. There is also a PRINTER variable
(see lp(1)) which can be used instead. It overrides ~/.cups/lpoptions.

-- 
Brian.

Re: Jouer ou travailler ? Minecraft ! Serveur et Launcher

[Safranil]

Bonjour à toi,

Concernant les serveurs vanilla (serveur et clients non moddé), le
launcher officiel est suffisant pour te connecter à un serveur. Par
contre, il faut effectivement un compte officiel avec une licence pour
l'utiliser.

Ayant monté mon propre serveur avec un certain nombre de mods, je suis
passé par la case développement d'un launcher en Java, si tu le
souhaite, tu peux regarder les sources ici [1] et la partie de mise à
jour automatique du launcher ici [2], ces derniers sont sous licences GPL.

Sinon, si tu souhaite juste tester que le serveur est fonctionnel mais
que tu n'a pas de licence, tu peux mettre `online-mode` à `false` dans
le fichier `server.properties` et le serveur ne vérifieras pas la
validité des joueurs qui se connecte mais un launcher dit craqué sera
nécessaire pour se connecter.

Enfin, comme d'autres l'ont déjà dit, des alternatives libres et open
source existent comme Minetest par exemple.

[1] https://git.safranil.fr/Miroa/launcher
[2] https://git.safranil.fr/Miroa/updater

Le 30/08/2017 à 12:20, G2PC a écrit :
> Bonjour,
>
> J'ai repris quelques notes, concernant Minecraft.
> Je pense avoir compris comment créer facilement un serveur Minecraft, ce
> que j'ai fais, sous Debian 9 Stretch.
>
> Par contre, je n'ai pas encore pu avancer, concernant le launcher, pour
> accéder au serveur.
> Si je comprend bien, Minecraft est un jeu payant. Donc, même si je crée
> un serveur Minecraft, pour y accéder, il me faut avoir un compte
> utilisateur activé, payé, pour pouvoir rejoindre mon serveur et jouer.
>
> On m'a parlé de Launcher craqué, qui permettent de se connecter,
> gratuitement.
> Je ne cherche pas spécialement à utiliser un launcher craqué.
>
> J'aimerais simplement pouvoir tester mon serveur Minecraft, pour voir si
> il est fonctionnel.
>
> Si vous connaissez Minecraft, ce qui n'est pas mon cas, merci du retour
> sur expérience.
>
> Source de ma recherche :
> https://www.visionduweb.eu/wiki/index.php?title=Minecraft#Installer_Minecraft_sur_Linux



signature.asc
Description: OpenPGP digital signature

Re: Inconsistent predictable interface names

[Henning Follmann]

On Tue, Aug 29, 2017 at 08:29:05PM +0300, Reco wrote:



[...] 
> Long story short - you've found a udev bug.
> 

So should I file a bugreport?
Against the debian package or upstream?

> A good thing is - it has as easy workaround as creating a .link file
> like this:
> 
> [Match]
> MACAddress=d8:a2:5e:8d:ab:b1
> [Link]
> Name=enp2s0
> 
> Or whatever 'predictable' name you prefer. I believe that in your
> conditions 'wlan0' is predictable enough ☺.
> 

You are absolutely right. I wasn't too concerned to begin with I just
noticed the inconsistency.

I appreciate your help, thanks.

-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: One-line password generator

[Greg Wooledge]

On Wed, Aug 30, 2017 at 11:47:24AM +1000, Zenaan Harkness wrote:
> They don't. You ought not use /dev/urandom for key generation, use
> /dev/random instead.

The Linux man page disagrees with you.  From Debian 9 urandom(4):

   The /dev/random device is a legacy interface which dates back to a time
   where the  cryptographic  primitives  used  in  the  implementation  of
   /dev/urandom were not widely trusted.  It will return random bytes only
   within the estimated number of bits of fresh noise in the entropy pool,
   blocking  if  necessary.  /dev/random is suitable for applications that
   need high quality randomness, and can afford indeterminate delays.

   [...]

   Usage
   The  /dev/random  interface  is  considered  a  legacy  interface,  and
   /dev/urandom is preferred and sufficient in all  use  cases,  with  the
   exception  of  applications  which require randomness during early boot
   time; for  these  applications,  getrandom(2)  must  be  used  instead,
   because it will block until the entropy pool is initialized.

Atril configuration saving

[Haines Brown]

I find the atril pdf viewer to be the most satisfactory choice for my
needs. However, a problem is that it does not save my configuration.

More specifically, I go to its View menu and set my desired
configuration. Then I go to Edit, Save Current Settings as Default. It
has no effect, and atril  opens with other values.

I should note that I don't run any desktop environment, not Mate or any
other. None of the files in /usr/bin or in /usr/share/atril appear to
specify configuration values.  My guess is that atril would look for a
file such as /usr/share/atril/atril-config.xml or ~/.atril in which
configuration values are set.

Haines Brown

Re: Encrypted RAID1 for storage with Debian Stretch

[commentsabout]

Hello,

On 2017-06-07 06:11, Andy Smith wrote:
> On Wed, May 10, 2017 at 11:41:30PM +, commentsab...@riseup.net wrote:
>> From there on, how should I proceed ?
> 
> What is your goal? Exactly what setup do you have now?
> 
> You are not making it easy for people to help you as your email does
> not thread back to whatever you were discussing before. So I'm
> afraid you'll have to remind us.
> 
> If you're just looking to set up software RAID with encryption, all
> of that can be done from the Debian installer.

Sorry, I'll start again from the beginning :

Here is a picture of what I'm trying to achieve:
https://imgur.com/a/DAM8D (the "Today" column).

I am trying to build a home backup system. The system (Debian Stretch)
will be on a SSD. For the time being, I only have one pair of HDDs (the
"Today" column in the picture) ; in the future (the "Future" column), I
would like to add other pairs of HDD to store other kind of data.

This backup system will only be turned on when needed, I don't plan on
using it as some sort of server or a NAS.

We are talking about software RAID1.

I would like everything to be encrypted (FDE), from the system (/ and
/swap) to the RAID1 drives.

Debian will be installed via a USB stick.

If possible, I would like to have different encryption keys for the
system and the various RAID1 pairs (in the "Future" column in the
picture, one for the system, one for "work", one for "family", one for
"misc"). So that I can give the system encryption passphrase, "family"
and "misc" ones to my wife and keep the "work" one for myself.

As stated in another mail of the thread, I'm a complete noob when it
comes to this kind of operations so I'm looking for a step by step ELI5
explanation (I have tried to use the Debian graphical installer to
achieve this but have failed because I was just messing around with the
options trying to figure out what to do).

For the sake of the discussion: here is the complete archive of this
thread
https://groups.google.com/forum/#!topic/linux.debian.user/jjdr6LXaOm8

You'll notice that Joshua Schaeffer provided what seems to be a complete
solution but I have no idea how to go from "I have my computer with all
the drives plugged in, Debian installer on USB stick and I launched the
graphical installer" to "enter these commands into a terminal to achieve
what you are trying to do" :
https://groups.google.com/d/msg/linux.debian.user/jjdr6LXaOm8/Pals7djzAAAJ

Note: I am not criticizing Joshua's answer in any way, I am grateful for
it, I am just underlying (once again) the fact that I am a noob on this
topic :)

Thank you in advance for your help :)

CA

PS: at the time of my first mail, Stretch wasn't the "stable" release
yet (I have now updated the title from "Jessie" to "Stretch")

Re: Jouer ou travailler ? Minecraft ! Serveur et Launcher

[Pierre L.]

Exact, j'avais testé Minetest server installé par Freedombox (Debian) et
ca tournait pénard sur un Raspberry Pi 2. Le client était lui aussi
entièrement gratuit car version non payante de chez Microsoft...



Le 30/08/2017 à 12:32, err...@free.fr a écrit :
> Autant utiliser Minetest qui est libre et dont la map semble ne pas avoir de 
> limite.
> il existe déjà un grand nombre de serveurs, et un grand nombre de 
> contributions et pluggins.
>
> c'est packagé dans la plupart des distributions, y compris Debian.
>
> Si tu as une carte graphique qui supporte OpenGL alors ton expérience 
> utilisateur sera meilleure.
>




signature.asc
Description: OpenPGP digital signature

RE: dhcp restart with bad config

[Bonno Bloksma]

Hello Liam and list,

>> Today I had a small (big?) problem with the DHCP server.
>> When I make any changes I allways do a
>> # service isc-dhcp-server 
>> restart to test the new config. In the past when there was an error in 
>> the config the service would keep running using the previous config.
>> This was achieved by doing a config test before the service stop.
> > On my old Wheezy machine the /etc/init.d/isc-dhcp-server file has the
>> []
>>
>> Is there any way to get the old functionality back?
>
> You could port the script segments you identified to the jessie version of
> the init file. But first I would consult the changelog from the wheezy to 
> the jessie versions (especially with regard to system migration) to see
> if there is a better way.

The funny thing is, the init script is still there, with the correct segments 
but using it has the same result. 
It almost looks like the command gets intercepted by systemd and the script is 
not executed.
There is the strange fact that it seems the config is tested twice but I guess 
systemd will try to start a service twice before giving up. At least I get the 
same behavior when I simply try to start the service with the config error 
after stopping it normally.

Is there any way to have the proper execution of the script back?
If I need to file this as a bug, against which package do I need to file it?

Test results:

12:16 Error created in dhcp config file
Then explicitly calling the init script
  # /etc/init.d/isc-dhcp-server restart
Result onscreen is:
[] Restarting isc-dhcp-server (via systemctl): isc-dhcp-server.serviceJob 
for isc-dhcp-server.service failed. See 'systemctl status 
isc-dhcp-server.service' and 'journalctl -xn' for details.
 failed!

In the SYSLOG
Aug 30 12:16:19 linein dhcpd: DHCPACK on 172.16.214.168 to 8c:f5:a3:50:fa:2e 
(Galaxy-S6) via 172.16.212.1
Aug 30 12:16:34 linein systemd[1]: Stopping LSB: DHCP server...
Aug 30 12:16:34 linein isc-dhcp-server[24040]: Stopping ISC DHCP server: dhcpd.
Aug 30 12:16:34 linein systemd[1]: Starting LSB: DHCP server...
Aug 30 12:16:34 linein dhcpd: /etc/dhcp/dhcpd.conf line 1: semicolon expected.
Aug 30 12:16:34 linein dhcpd: Dit is
Aug 30 12:16:34 linein dhcpd:  ^
Aug 30 12:16:34 linein dhcpd: Configuration file errors encountered -- exiting
Aug 30 12:16:34 linein dhcpd:
Aug 30 12:16:34 linein dhcpd: If you think you have received this message due 
to a bug rather
Aug 30 12:16:34 linein dhcpd: than a configuration issue please read the 
section on submitting
Aug 30 12:16:34 linein dhcpd: bugs on either our web page at www.isc.org or in 
the README file
Aug 30 12:16:34 linein dhcpd: before submitting a bug.  These pages explain the 
proper
Aug 30 12:16:34 linein dhcpd: process and the information we find helpful for 
debugging..
Aug 30 12:16:34 linein dhcpd:
Aug 30 12:16:34 linein dhcpd: exiting.
Aug 30 12:16:34 linein isc-dhcp-server[24047]: dhcpd self-test failed. Please 
fix /etc/dhcp/dhcpd.conf.
Aug 30 12:16:34 linein isc-dhcp-server[24047]: The error was:
Aug 30 12:16:34 linein dhcpd: Internet Systems Consortium DHCP Server 4.3.1
Aug 30 12:16:34 linein isc-dhcp-server[24047]: Internet Systems Consortium DHCP 
Server 4.3.1
Aug 30 12:16:34 linein dhcpd: Copyright 2004-2014 Internet Systems Consortium.
Aug 30 12:16:34 linein isc-dhcp-server[24047]: Copyright 2004-2014 Internet 
Systems Consortium.
Aug 30 12:16:34 linein dhcpd: All rights reserved.
Aug 30 12:16:34 linein isc-dhcp-server[24047]: All rights reserved.
Aug 30 12:16:34 linein dhcpd: For info, please visit 
https://www.isc.org/software/dhcp/
Aug 30 12:16:34 linein isc-dhcp-server[24047]: For info, please visit 
https://www.isc.org/software/dhcp/
Aug 30 12:16:34 linein dhcpd: Config file: /etc/dhcp/dhcpd.conf
Aug 30 12:16:34 linein isc-dhcp-server[24047]: Config file: /etc/dhcp/dhcpd.conf
Aug 30 12:16:34 linein dhcpd: Database file: /var/lib/dhcp/dhcpd.leases
Aug 30 12:16:34 linein dhcpd: PID file: /var/run/dhcpd.pid
Aug 30 12:16:34 linein dhcpd: /etc/dhcp/dhcpd.conf line 1: semicolon expected.
Aug 30 12:16:34 linein dhcpd: Dit is
Aug 30 12:16:34 linein dhcpd:  ^
Aug 30 12:16:34 linein isc-dhcp-server[24047]: Database file: 
/var/lib/dhcp/dhcpd.leases
Aug 30 12:16:34 linein isc-dhcp-server[24047]: PID file: /var/run/dhcpd.pid
Aug 30 12:16:34 linein isc-dhcp-server[24047]: /etc/dhcp/dhcpd.conf line 1: 
semicolon expected.
Aug 30 12:16:34 linein isc-dhcp-server[24047]: Dit is
Aug 30 12:16:34 linein isc-dhcp-server[24047]: ^
Aug 30 12:16:34 linein dhcpd: Configuration file errors encountered -- exiting
Aug 30 12:16:34 linein isc-dhcp-server[24047]: Configuration file errors 
encountered -- exiting
Aug 30 12:16:34 linein dhcpd:
Aug 30 12:16:34 linein dhcpd: If you think you have received this message due 
to a bug rather
Aug 30 12:16:34 linein isc-dhcp-server[24047]: If you think you have received 
this message due to a bug rather
Aug 30 12:16:34 linein dhcpd: than a configuration issue please read the 
section on 

Re: Jouer ou travailler ? Minecraft ! Serveur et Launcher

[G2PC]

Le 30/08/2017 à 12:32, err...@free.fr a écrit :
> Autant utiliser Minetest qui est libre et dont la map semble ne pas avoir de 
> limite.
> il existe déjà un grand nombre de serveurs, et un grand nombre de 
> contributions et pluggins.
>
> c'est packagé dans la plupart des distributions, y compris Debian.
>
> Si tu as une carte graphique qui supporte OpenGL alors ton expérience 
> utilisateur sera meilleure.
Merci, je prend note de vos réponses, et, je vais ajouter ça au wiki.

Re: [debian 10 stretch] solució a usb's wifi de ralink realtek

[Narcis Garcia]

D'això se n'ha estat parlant intensivament a Devuan, i resulta que els
nous noms no són realment «predibles».
Les mesures realment eficaces per estabilitzar els noms de dispositius
de xarxa són:
- Deixar que els noms es desin a persistent-net.rules
- De Debian 3 fins a Debian 9: Ús d'adreça MAC amb el «mactoname»
- A partir de Debian 10: Ús d'adreça MAC amb el «ifupdown»


El 30/08/17 a les 00:57, julio ha escrit:
> 
> 
>> Aprofito per preguntar, per què aquest canvi de nom de tipus enps5 i
>> wnl1? (o algo així)
> 
> https://en.m.wikipedia.org/wiki/Consistent_Network_Device_Naming
> 
> A Fedora, que es llancen a la piscina de seguida, fa uns quants anys que 
> l'utilitzen.
> 
> 

Re: One-line password generator

[Thomas Schmitt]

Hi,

Curt wrote:
> How about TawnyLoveRockefellerIII?

Expect to get mails like:

"Your money account at Blingstergirl.com is empty. Please send 1 million $
 and some swimwear photos of you to prove your identity."


Have a nice day :)

Thomas

Re: Jouer ou travailler ? Minecraft ! Serveur et Launcher

[err404]

Autant utiliser Minetest qui est libre et dont la map semble ne pas avoir de 
limite.
il existe déjà un grand nombre de serveurs, et un grand nombre de contributions 
et pluggins.

c'est packagé dans la plupart des distributions, y compris Debian.

Si tu as une carte graphique qui supporte OpenGL alors ton expérience 
utilisateur sera meilleure.

Re: One-line password generator

[Thomas Schmitt]

Hi,

Zenaan Harkness wrote:
> Once again: QUOTE THE ARTICLE!!!

Ouch my eyes. You shout.

If the article puts one of its key statements into a diagram, then
i cannot quote that directly as text, but only re-narrate it.


> Then, QUOTE ME.
> quote PRECISELY

I did this in many lines. Without shouting and with due dilligence.
You just don't like what i say.
That's ok. But you should not pretend that it is wrong, instead.


> you continue to completely unfairly place
> a ridiculous burden upon your conversational compatriots

You are obviously not a compatriot of mine in an intellectual way.

Mathematics is a very egalitarian science:
A valid proof by a novice student is worth as much as by the dean.
Both have to stand dialectic criticism rather than to succeed by
"Believe Me", "Because I Say So", or "All others believe it's true".

You were so unfriendly to call me "naive". Well, in the context of
math it is naive to give in to unproven statements which smell like
"5 is an even number".

I don't have to present any credentials before i am allowed to bring
a counter example to a statement.


> Learn the art of axiomatic written communication.

If you are willing to accept that the number of molecules in the
universe is only a big one if you count it with your fingers, then
i am willing to learn what you mean with "axiomatic written communication".

The incomplete and suppressed physicist in me cannot keep himself
from saying the following.

Zenaan Harkness wanted to give a really big number:
> find the
> number of molecules in the universe, and then work out roughly how
> many bits (i.e. as a power of two number) are needed to store that,
> and then compare this to the number of bits of entropy Ts'o talked
> about.

I need a box with two distinguishable halves and 384 different gas
molecules to represent said bits by the coarse distinction which
molecule is in which half.

I am sure that i can compose 384 different molecules if i use isotopes
and all my chemistry set. But if i fail, i take 149 numbered dices and
use them as replacement. (384*log(2)/log(6))

2 exp 384 is not a big number compared with a BD-RE medium which has
at least 2 exp 200,000,000,000 valid content states.

So my number is much bigger than yours and i still can hold it by two
fingers.
But this does not help me with doubting the information production by
a deterministicly encrypted stream.

For that we need a proof by contradiction:

Let us assume we can squeeze 1024 bits of entropy from a deterministic
cipher stream with 2 exp 384 distinguishable starting states.
So the possible streams can be enumerated by the natural numbers below
2 exp 384. This establishes a lossless compression algorithm if we replace
the streams by their enumeration numbers.
But entropy is a lower limit for lossless compression. So any existing
lossless compression is an upper limit of entropy.
So we get: 384 >= 1024.
This is obviously wrong (at least in my fork of math) and thus we have
a contradiction derived from our assumption, which therefore must be
wrong, too.


> I'm not here to win

That's trivial. We have no umpire and you can't knock me out physically.


> > > Exactly which part of my sentence above, do you say contradicts what
> > > you say just here?

> > The part that /dev/urandom is equivalent to stemming from /dev/random.

> That i absolutely not what I said.

If you already noted my word "equivalent" then please explain why this
is a misquote of your "treated as though" statement in

  https://www.mail-archive.com/debian-user@lists.debian.org/msg720104.html
> ... > I should have wrote "/dev/random should be treated as though it is
> ... > the input feed to /dev/urandom" (sorry about that).


> you are wanting easy answers to difficult concepts,

No. I am demanding that your fork of math can answer some simple objections.
It's your plight to prove what you state, not mine.
I am in the comfortable position to only have to throw in counter examples.

If the counter examples are simple, then this characterizes your statements,
not my mind.


> You seem to be personally desiring the result of "some external
> authority I can trust"

Actually not. I want to see the proofs of your courageous statements.
But you rather take offense from me not seeing you as authority.


> You cannot rely upon what I say about crypography, so don't even
> think about so relying!

Didn't you just shout at me because you hate my disbelief about your
statements ?
Now you agree ?


> I suggest the only safe approach is being suspicious of anyone
> proclaiming authority,

Are you sure you are alone in your head ?


> You have crossed a line.
> Do not do this again.

... or else ?


I wrote:
> > > > not a strongly obfuscated but still diluted result.

Zenaan Harkness wrote:
> > Yes, your naivety shines through.

> > You tell me
> > that if i read 1024 bytes from a not very secret stream that
> > was encrypted with a secret 384 bit key i get 1024 bytes of entropy ?

> You are now 

Re: Les cyber menaces basculent vers Linux et les serveurs Web

[Stephane Ascoet]

Le 18/07/2017 à 13:23, andre_deb...@numericable.fr a écrit :

Que pensez vous de cet article ?

selon la société WatchGuard qui a tout intérêt à vendre ses antivirus... :

http://www.infodsi.com/articles/169919/cyber-menaces-basculent-vers-linux-serveurs-web.html?key=6433cdc950c99165

Les dernières cyberattaques étaient dûes à des virus venant et pour
MS-Windows, maintenant on met GNU/Linux en cause.

L'article ne cite acune source d'attaques précises sur Linux, alors...

André



Bonjour, le ton de l'article ressemble a celui du journal de TF1 ou a 
celui d'un generateur de texte.

--
Bien cordialement, Stephane Ascoet

Jouer ou travailler ? Minecraft ! Serveur et Launcher

[G2PC]

Bonjour,

J'ai repris quelques notes, concernant Minecraft.
Je pense avoir compris comment créer facilement un serveur Minecraft, ce
que j'ai fais, sous Debian 9 Stretch.

Par contre, je n'ai pas encore pu avancer, concernant le launcher, pour
accéder au serveur.
Si je comprend bien, Minecraft est un jeu payant. Donc, même si je crée
un serveur Minecraft, pour y accéder, il me faut avoir un compte
utilisateur activé, payé, pour pouvoir rejoindre mon serveur et jouer.

On m'a parlé de Launcher craqué, qui permettent de se connecter,
gratuitement.
Je ne cherche pas spécialement à utiliser un launcher craqué.

J'aimerais simplement pouvoir tester mon serveur Minecraft, pour voir si
il est fonctionnel.

Si vous connaissez Minecraft, ce qui n'est pas mon cas, merci du retour
sur expérience.

Source de ma recherche :
https://www.visionduweb.eu/wiki/index.php?title=Minecraft#Installer_Minecraft_sur_Linux

Re: On another (but related) note: Zip files

[Darac Marjal]

On Tue, Aug 29, 2017 at 03:57:52PM -0700, James H. H. Lampert wrote:
I know that the tradition for Linux is GZipped tarballs, but I also 
know that, at least from the Gnome desktop, I can open a 
PKZip-compatible Zip file, and create a (presumably also) 
PKZip-compatible Zip file.


I don't, however, see a way to do so from the command line (or within 
a script) without doing an apt-get to install the zip package (and 
presumably also the unzip package).


Can somebody explain this? It seems a bit puzzling.


I think it's down to the Freeness of the format. When PKZip was first 
released, it was shareware (meaning that the binary is provided free of 
charge, but there would be a "nag" message telling you to buy the 
product). GZip has always been free (probably GPL, but Wikipedia doesn't 
make that clear). Therefore, in the early days of Linux, gzip was the 
preferred format, because the compressor/decompressor was available for 
free.


So, because gzip has such a market share in the Linux world, it makes 
sense for it to be included in the debian base install (in fact, apt and 
various utilities rely on it, so it needs to be there). Zip files, 
though, are much less common in the Linux world. There is nothing in the 
base install of debian that requires zip files, so therefore the zip 
program is not installed.


As you point out, though, there *is* now a zip program which is Free 
(i.e which can be distributed by Debian), so access to zip files is just 
a command away.




--
JHHL



--
For more information, please reread.


signature.asc
Description: PGP signature

Re: dhcp restart with bad config

[Liam O'Toole]

On 2017-08-29, Bonno Bloksma  wrote:
> Hi,
>
> Today I had a small (big?) problem with the DHCP server.
> When I make any changes I allways do a
> # service isc-dhcp-server restart
> to test the new config. In the past when there was an error in the config the 
> service would keep running using the previous config.
> This was achieved by doing a config test before the service stop.
>
> On my old Wheezy machine the /etc/init.d/isc-dhcp-server file has the 
> segment(s)
> [...]
> test_config()
> {
> if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 
> 2>&1; then
> echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
> echo "The error was: "
> /usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
> exit 1
> fi
> }
> [...]
> restart | force-reload)
> test_config
> $0 stop
> sleep 2
> $0 start
> if [ "$?" != "0" ]; then
> exit 1
> fi
> ;;
> Where a failed test_config will result in stopping the restart.
>
> On my Jessie DHCP servers this safeguard no longer seems to be present.
> After a typo in the config my DHCP server stopped and did not come up until I 
> fixed the typo and (re)started the service. Which took a while as I got 
> disturbed and the change was not urgent and I assumed the service was still 
> running :-(
>
> Is there any way to get the old functionality back?
>
> Bonno Bloksma

You could port the script segments you identified to the jessie version
of the init file. But first I would consult the changelog from the
wheezy to the jessie versions (especially with regard to systemd
migration) to see if there is a better way.

-- 

Liam

Re: One-line password generator

[Curt]

On 2017-08-29, Thomas Schmitt  wrote:
>
>> Ok, they have to start somewhere - it might as well be you. :)
>
> Never choose a username that looks like money or sexual exploitability.

How about TawnyLoveRockefellerIII?

-- 
"Time flies like an arrow. Fruit flies like a banana." Groucho.

Re:

[Xavier De Yzaguirre i Maura]

Jo ja l'estic marcant com a spam a la llista de correu:

https://wiki.debian.org/I18n/CatalanSpamClean

Anem una mica endarrerits i cal posar-se al dia.
Salut i acabeu de passar un bon estiu.


*Xavier De Yzaguirre*
xdeyzaguirre(at)gmail(dot)com



2017-08-25 16:35 GMT+02:00 Daniel Salmeron :

> Mr. Vidocq,
>
> S'il vous plaît, veuillez effacer nôtre adresse (debian-user-catalan)
> comme destinataire dans cette chaîne de mail.
>
> Merci beaucoup.
>
> Dani (catalan debian list utilisateur)
>
>
> El 25 ago. 2017 15:21, "max vidocq"  escribió:
>
> Bonjour Angelique
> Un édifice en restauration. Durant la Révolution, la sculpture et le
> mobilier échappent pour l' essentiel à la destruction. En revanche, au
> cours du xlxe siècle, l' architecture souffre du manque d' entretien. Les
> architectes se succèdent mais, faute de moyens, l' état de Notre-Dame reste
> préoccupant. Ce n' est qu' à partir de 1810 que l' état intervient dans le
> financement des travaux. 1849-1874: Viollet-le-Duc dirige la première
> grande campagne de restauration. Les deux guerres mondiales épargnent la
> cathédrale.
> 1. Au-dessus du Beau Dieu d' Amiens, figure centrale du portail du
> Sauveur, les voussures portent un impressionnant cortège d' anges, de
> prétres, de femmes... parfaitement conservé.
> 2. La structure de la façade occidentale répond aux principes de
> clarification de la scolastique médiévale.
> L' harmonie d' une façade harmonique. La façade occidentale de Notre-Dame
> d' Amiens est dite harmonique dans la mesure ou elle annonce l'
> organisation intérieure de la cathédrale. Flanqué de ses deux tours et
> ponctué par quatre puissants contreforts, le frontispice se partage en
> trois travées verticales. Elles coincident avec les trois vaisseaux de la
> nef et des bas-cotés, chacun desservi par un portail ouvert sous des
> voussures d' une profondeur équivalente à la saillie des contreforts. Au
> centre, le portail du Sauveur se déploie à la méme hauteur que les grandes
> arcades internes. Le gable des portails latéraux, plus bas, se présente
> sous des baies enforme de triangle curviligne qui découpent le mur dans la
> lunette des voutes des collatéraux. Une hiérarchie et un équilibre dans les
> proportions caractérisent ainsi le niveau des portails coiffé par une
> galerie qui répond au triforium de la nef.
>  Max
>
>
> Envoyé à partir d’Outlook
>
>
>

Re: [Multiarch] armhf on arm64 is not working

[Adam Cécile]

Right, 1Gb and slow I/O, that's definitely a block for building Java 
stuff...



On 08/29/2017 06:31 PM, Christian Seiler wrote:

Hi there,

On 08/29/2017 06:07 PM, Adam Cecile wrote:

Could be an alternative indeed, but what about the speed compared to
my quad-core i5 with qemu ?

I haven't actually tried that specific comparison, but form my
experience a Pi tends to be a tiny bit faster in pure CPU
performance than qemu on Intel. (But not much.) The RPi3 is
also a quad core, so that is similar. YMMV may vary depending
on the precise workload though.

That said:

  - It has only 1 GiB of RAM. That might be a problem.
  - It doesn't have as much cache as an Intel Core CPU, so if
you have workloads that require a lot of memory access,
that'll probably offset any small advantages in pure CPU
performance.
  - I/O is quite slow. If you compile large things my guess is
that just because of I/O it'll take longer on the Pi than
with qemu.

OTOH, it's cheap, so even if it's not the right thing in the
end you're not going to waste a ton of money. You could also
first buy just the board and power supply and only buy a case
and other accessories once you've verified that it's sufficient
for your use case.

Then again, there are also other ARM boards in a similar price
range out there, which might suit your use case better. But I
really am not an expert here, I've just played around with the
Pi a bit in the past...

Regards,
Christian