Re: USB key and lost space

[Thomas Schmitt]

Hi,

Rodary Jacques wrote:
> dd if=/dev/zero bs=2048 seek=16 count=4 conv=notrunc of=/dev/sde
> dd: impossible d'ouvrir '/dev/sde': Système de fichiers accessible en
> lecture seulement

Please show the outcome of

  ls -l /dev/sdc
  getfacl /dev/sdc

My french suffices to decode the statement and to assume that this
was originally EROFS "Read-only filesystem" before it fell victim
to i18n.

But if i have no write permission when attempting to write by dd, i get
  dd: failed to open ‘/dev/sdc’: Permission denied
which is EPERM, not EROFS.
So aside from the i18n ambiguity, i cannot really reproduce the situation.
But i only have USB sticks, no memory cards.

Can it be that a read-only switch is activated at the card or the
device where you put it in ?


Have a nice day :)

Thomas

Re: ThinkSystem RAID 930-8i driver/module for Debian 9

[John Naggets]

Thanks Dan for suggesting some alternatives. Unfortunately most of
them are not really convenient or simple. What about a 5th alternative
which would be simply to "Install Debian 10 (buster/testing)" ? In
theory as it has a more modern kernel version the module/driver for
this new RAID card should be supported. What do you think except for
the fact that this is a testing release...

On Tue, Jan 30, 2018 at 9:15 PM, Dan Ritter  wrote:
> On Tue, Jan 30, 2018 at 06:49:34PM +0100, John Naggets wrote:
>> Hi,
>>
>> I just got a new Lenovo ThinkSystem SR630 server and I am trying to
>> install Debian 9.3 onto it. Unfortunately at the disk partitioning
>> step it does not find any disks. It looks like Debian 9 does not have
>> the kernel driver/module for its RAID card.
>>
>> The RAID card is a Lenovo ThinkSystem RAID 930-8i which basically is a
>> re-branded LSI card. lspci shows the following output:
>>
>> LSI Logic / Symbios Logic MegaRAID Tri-Mode SAS3508 (rev 01)
>>
>> Any ideas how I could get Debian 9 running on this server with this RAID 
>> card?
>>
>
> Older versions of that card have good support in the kernel under the
> name megaraid_sas, so I would expect that you need a new kernel.
>
> Options:
>
> 1. debian-backports
> 2. unstable
> 3. install on to another disk, then compile a new kernel
> 4. build your own installer with a new kernel
>
> It's not clear to me that it is in the kernel before the very
> latest, 4.15.
>
> -dsr-

Re: troubleshooting Kmail

[deloptes]

Hi,

On Mon, Feb 19, 2018 at 9:52 PM,  wrote:

> On Monday, February 19, 2018 3:16:20 PM EST deloptes wrote:
> > Brad Rogers wrote:
> > > So far, my experience with KDE/QT5 has been good;  Things that were, in
> > > the past, broken, now work again.  I've not found anything wrong at
> all.
> >
> > yes a friend installed it and showed it to me, so the difference was
> there.
> > I also looked at Qt5 and the Sailfish OS project - it is impressive.
> >
> > > That said, I don't now, nor have I ever, used kmail, so can't comment
> > > about the state of play there.
> >
> > but this friend also does not user kmail and I am a heavy kmail user.
> > And even kmail is not the problem but the attitude of the KDE team.
>
> I am a long time kmail user.  I have noticed significant improvment in
> stability and the filtering of incoming mail.  I use the filtering
> extensively.
> Before the last release, at the beginning of a KDE session, filtering was
> OK,
> but it slowed down with use.  In the latest version, it is extremely fast,
> and
> it doesn't get slower with use.  The only "bug" I have found in this
> version
> of kmail (5.5.2) is that an occasional "ghost" message will be in a folder
> and
> can't be removed.  I store emails locally via IMAP--one message per
> file--and
> except for the ghosts, I am extremely pleased.  I currently have over
> 126,000
> messages stored and about 8 "ghost" messages.  I searched through the
> individual files that contain the e-mails and I can't find files for the
> ghost
> messages.


> If the attitude of the KDE folks is the problem, please remember that they
> are
> not full time KDE programmers and customer service is probably not their
> strong suit.
>

Look, either something works or does not work. Those bugs and KDE not
fixing them is not acceptable.
I know that they are not working full time or for profit. This is also not
an excuse. Don't try to cover them and their attitude, please.
It is pointless. When they bring up a working product, I will start using
it and I mean working at acceptable level.
Those problems you or others describe can not qualify the product as stable.
I am willing to do some compromise on my requirements, but there is too
much to compromise on, looking at KDE.
And as I said - the biggest problem is their attitude. The attitude to
release crap in stable and call it stable - call it whatever you want but
not stable!


>
> I don't know if you consider this a valid comparison or not, but:
> In October 2017 (as I recall), my bank (which shall remain nameless)
> announced
> that there would be a new version of the on-line access software coming
> out on
> January 1st.  Then, around January 10th they announced that the upgrade had
> some unresolved issues, and would not be rolled out until February 1st.
> February 1st arrived and passed.  The new software was put in place on the
> 12th.  Since then, I have been unable to login to my account.  No help on
> the
> screen.  When I called last week, they said that they were ware of the
> problem
> and were working very hard to resolve it.  No apology.  They can tell me my
> balance over the phone, but that is about it.  IMO, this is absurd.
>
> Well this is what I am talking about - KDE is exactly the same - absurd!
I have to admit that KDE5 is much better that KDE4, but still - no stable
and with that attitude and mind set, I doubt they will ever bring up
something stable, which is really a pity.

I was involved in couple of discussions with them back in 2007 or 2008
after they released the KDE4 crap. Can you imagine this was 10y ago.

regards

Re: how to offer Internet connection?

[Michelle Konzack]

Hi,

Am 2018-02-19 hackte Long Wind in die Tasten:
> i have a debian pc that is on 2 networks:
> 1) connected to cell phone access point, cell phone offers Internet
> connection
> 2) connected to router, thru ethernet interface
> is it possilble for debian pc to offer Internet connection to other pc
> connected to router?

Sound complicate and   expensive, because your Debian PC must
be equiped with other ethernet interfaces and then you have to
configure your Debian PC as Router...

Better to go to an IT shop of your choise and buy an Ethernet
Switch for 20 Euro...

> Thanks!
> PS: other pc don't have wireless card and can't connect to cell phone

Have a nice day

-- 
Michelle KonzackMiila ITSystems @ TDnet
GNU/Linux Developer 00372-54541400

Re: how to offer Internet connection?

[john doe]

On 2/20/2018 7:30 AM, Long Wind wrote:

i have a debian pc that is on 2 networks:
1) connected to cell phone access point, cell phone offers Internet 
connection2) connected to router, thru ethernet interface
is it possilble for debian pc to offer Internet connection to other pc 
connected to router?
Thanks!
PS: other pc don't have wireless card and can't connect to cell phone



I'm not sure I understand your question:

So you have one Debian box with two internet connections (cellphone AP, 
and wired connection to router)?
If so that Debian box would need to act as a router to share those 
internet connections to the rest of your network.


--
John Doe

how to offer Internet connection?

[Long Wind]

i have a debian pc that is on 2 networks:
1) connected to cell phone access point, cell phone offers Internet 
connection2) connected to router, thru ethernet interface
is it possilble for debian pc to offer Internet connection to other pc 
connected to router?
Thanks!
PS: other pc don't have wireless card and can't connect to cell phone

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Andy Smith]

Hello,

On Mon, Feb 19, 2018 at 09:03:20PM +, Michael Fothergill wrote:
> On 19 February 2018 at 19:10, Michael Lange  wrote:
> > no, I meant to say that you were looking at the wrong place if you wanted
> > to see if the "spectre-2" fix has arrived in debian, for this one you
> > will have to look here:
> >
> > https://security-tracker.debian.org/tracker/CVE-2017-5715
> 
> ​No, we were not looking for it.  I think a joint fix for meltdown and
> spectre 1 would fit the bill at present .

They are different bugs with different fixes. No one is even certain
HOW to fix Spectre variant 1 yet, or if it can be without entirely
new CPUs. Things have only got as far as kicking around ideas on how
to make exploiting it harder.

Your suggestion makes about as much sense as lumping every single
buffer overflow bug into one CVE and then saying almost all software
ever made is vulnerable, until there is one patch that fixes
everything at once.

Your comments along the lines of "I thought it was fixed…", as
Michael Lange pointed out, were about Spectre variant 2 but you are
looking at the security tracker page for Spectre variant 1.
CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere
yet, not even in Linux upstream.

Spectre v2, which you are talking about, is CVE-2017-5715, again as
Michael Lange just pointed out to you. As you can see from the link
that Michael gave you, Spectre v2 is fixed in the kernel package in
sid. Read it again:



That's the retpoline stuff you're talking about.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Andy Smith]

Hello,

> On 19 February 2018 at 13:13, Turritopsis Dohrnii Teo En Ming <
> tdteoenm...@gmail.com> wrote:
> 
> > What are the patches that I can download and install to be protected
> > against the Meltdown and Spectre security vulnerabilities?

The linux-kernel-* packages in Debian stable already have the KPTI
feature which protects you against Meltdown.

For variant 2 of Spectre you need a kernel with the so-called
retpoline feature that was also compiled with a compiler that
supports that feature. At the moment I think that the only packaged
kernel which has this (has feature and is compiled with new enough
gcc) is the one in unstable:



Versions of gcc that have the retpoline feature backported into them
have already hit stable and oldstable (and maybe others; haven't
checked), so another alternative would be to compile your own
upstream kernel package using that gcc. Since Debian stable uses the
4.9.x long term stable kernel releases, you could use the latest
upstream of those. Anything past 4.9.77 has the retpoline feature.

Or just wait a bit longer for a kernel package that is compiled with
a newer gcc to arrive as a stable security update. This is probably
the most reasonable approach for the average user of Debian.

Patches for variant 1 of Spectre are still in development in the
upstream kernel, and in other software. You will also need updated
CPU microcode and possibly a new BIOS.

It is likely that there will be further exploit techniques
discovered in this general area, that will require different fixes.

There are some other considerations if your machine is not running
on bare metal. In that case you should check with your
virtualisation provider about that.

On Mon, Feb 19, 2018 at 01:23:25PM +, Michael Fothergill wrote:
> ​Checkout the debian backports suite (kindly resourcefully suggested by
> Andy Smith)

Please note that I provided these details to Michael Fothergill as
part of Michael's general query about how a user could obtain a
newer kernel package, not as an answer to how to obtain a kernel
that was secured against any particular thing.

Backports is not the correct answer for security purposes. Security
support in the backports suite is done by the package uploaders and
not the security team. Although, updates for the kernel packages do
tend to arrive pretty quickly so I personally would not feel too bad
about short term use of a backports kernel.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: USB key and lost space

[David Wright]

On Tue 20 Feb 2018 at 01:23:01 (+0100), Rodary Jacques wrote:
> "To erase the ISO 9660 superblock of debian-9.3.0-amd64-netinst.iso do
> 
>   umount /dev/sde1
>   dd if=/dev/zero bs=2048 seek=16 count=4 conv=notrunc of=/dev/sde
> 
> But first make sure that /dev/sde is indeed the medium you want to erase."
>  I did that before the result is :
> 
> dd if=/dev/zero bs=2048 seek=16 count=4 conv=notrunc of=/dev/sde 
> 
>  Same answer with fdisk cfdisk ...
> Sorry

You might consider checking out your mail client. What you see above is the
[text/plain, 7bit, iso-8859-1, 0.4K]
version which, I think you'll agree, doesn't make a lot of sense as
the most important line is missing. I could read that only from the
[text/html, quoted, iso-8859-1, 2.7K]
version.

I don't know the type of card reader(s) you're using. My tiny ?µSD cards
either fit in a USB2 device that's not much larger, or into hollow SD-size
cards. All of the latter have a readonly slider. Is each µSD in its own
adaptor, or are you using the same one for all?

Cheers,
David.

Re: My site has become unreachable when I've implemented SSL

[Bob Weber]

On 2/19/18 2:54 PM, Aldo Maggi wrote:

Thank you for your fast answer!

root@Casa-mia-1:~# lsof -i :443
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2  879 root6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  948 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  949 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  950 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  951 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  952 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2 1385 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2 1386 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2 3386 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)

As for ufw, indeed port 443 was not enabled and I had problems in doing
it (bad port), at the end I wrote:
ufw allow https
Rule added
Rule added (v6)

now I have:

root@Casa-mia-1:~# ufw status
Status: active

To Action  From
-- --  
22/tcp ALLOW   Anywhere
CUPS   ALLOW   Anywhere
..
Telnet ALLOW   Anywhere
VNCALLOW   Anywhere
WWWALLOW   Anywhere
Anywhere   ALLOW   192.168.3.100
Anywhere   ALLOW   192.168.3.0/24
/tcp   ALLOW   Anywhere
5900:5910/tcp  ALLOW   Anywhere
2049   ALLOW   192.168.3.100
80/tcp ALLOW   Anywhere
443/tcpALLOW   Anywhere
22/tcp (v6)ALLOW   Anywhere (v6)
CUPS (v6)  ALLOW   Anywhere (v6)
...
WWW (v6)   ALLOW   Anywhere (v6)
/tcp (v6)  ALLOW   Anywhere (v6)
5900:5910/tcp (v6) ALLOW   Anywhere (v6)
80/tcp (v6)ALLOW   Anywhere (v6)
443/tcp (v6)   ALLOW   Anywhere (v6)

root@Casa-mia-1:~# systemctl restart apache2

but ... no avail, still "connection refused"

What else could be the culprit :-D

Thanks for your time!

Aldo :-)

P.S. Furthermore in /apache2/error.log I find:
PHP Warning:  PHP Startup: Unable to load dynamic library
'/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so: cannot
open shared object file: No such file or directory in Unknown on line 0

Il giorno Mon, 19 Feb 2018 12:48:25 -0500
Greg Wooledge  ha scritto:


On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:

Anyway, now if I browse writing my IP I get the Apache default page
(the browser tells me, anyway, that the site is unsecure), if I
write the name of the site I get (traslated from Italian):
Unable to reach the site
Connection denied by mysite.com

"Connection refused" (the correct English translation) means that
either the service is not listening to that port, or the packets
were rejected by a firewall.

You will need to examine both of those possibilities.

Making sure the service is listening on :443 should be fairly easy.
You can use "lsof -i :443" for example, or some ss or netstat command.

Checking whether you have a firewall blocking incoming 443 will be
a bit harder.



Looks like apache is only listening to IPV6 (see above lsof output).  So if the 
domain that you used in the command:


letsencrypt --apache -d mysite.com

resolves to an IPV4 address you need to tell apache to listen to your IPV4 
address.  Your firewall looks like it has opened IPV4 and IPV6.  I also assume 
that you try to access the site with that domain name in the url in your 
browser.  Check the file /etc/apache2/ports.conf.  It might be useful to run the 
command "ip a" to see what addresses are assigned to your ethernet ports so you 
can properly set up the ports.conf file.


--


*...Bob*

Re: Re: BIND and iptables config

[Rodary Jacques]

Because when I did , witen iI just installed Jessie in April 2016, my 
mailbox which is dedicated to debian-user was flooded with useless or even 
stupid posts. Sorry for my fellow countrymen.
Salut. Jacques
 

(solved) Re: where can i find a list of usb wireless card that are supported by linux?

[Long Wind]

Thank Glenn English  and Jude DaShiell !

i find some model of usb wireless card cost only 35 RMB( one USD is about 6.35 
RMB)
i will just buy it and test itit's not worthy checking and searching on 
Internet beforehand
 

 

On Monday, February 19, 2018 10:46 AM, Jude DaShiell  
wrote:
 

 Why not check out https://www.thinkpenguin.com/ and go from there?

I need to buy another wireless card from them but this one will install 
in the computer since all cards they have available on the 5.0 band 
rather than the 2.4 band are internal pci cards.  I have an realtek usb 
adapter I think 8192 but it only runs on the 2.4 band and the 2.4 band 
is going away for internet communications in the United States in the 
not too distant future as a result of an F.C.C. decision.

On Mon, 19 Feb 2018, bw wrote:

> Date: Mon, 19 Feb 2018 04:30:43
> From: bw 
> To: debian-user@lists.debian.org
> Subject: Re: where can i find a list of usb wireless card that are supported
>    by linux?
> Resent-Date: Mon, 19 Feb 2018 09:31:22 + (UTC)
> Resent-From: debian-user@lists.debian.org
> 
>
>
> On Mon, 19 Feb 2018, Long Wind wrote:
>
>> i don't like to install additional driveri wish default linux kernel already 
>> has
>> driver
>> on Chinese market, many cards claim thatit included driver for Windowsi'm not
>> sure if it supports linux
>> i have install linux-docbut can't find useful info
>> Thanks!
>>
>>
>
> You are probably talking about devices that require non-free
> firmware?  Those are described here:
> https://www.debian.org/releases/stable/amd64/ch02s02.html.en
>
> I'm not sure where you could get a list of devices that don't, but it
> would include devices from years ago that are not available anymore.
>
>> From what I understand, almost all wireless usb made in the
> last few years require some kind of firmware to work on linux.
>
> If you are interested in a particular device the debian wiki has a nice
> page about them with a "thumbs up" or little angry faces next to the
> non-free devices.
>
> https://wiki.debian.org/WiFi
>
>

-- 



   

Re: Re: USB key and lost space

[Rodary Jacques]

"To erase the ISO 9660 superblock of debian-9.3.0-amd64-netinst.iso do

  umount /dev/sde1
  dd if=/dev/zero bs=2048 seek=16 count=4 conv=notrunc of=/dev/sde

But first make sure that /dev/sde is indeed the medium you want to erase."
 I did that before the result is :

dd if=/dev/zero bs=2048 seek=16 count=4 conv=notrunc of=/dev/sde 

 Same answer with fdisk cfdisk ...
Sorry

Re: Instalar S.A.F.E Open Source Microfinance Suite

[Felix Perez]

El 19 de febrero de 2018, 20:11, Elvin Rodriguez  escribió:
> Buenas tardes estimados,
>
> alguien por aquí ha instalado el software S.A.F.E Open Source Microfinance
> Suite  y me pueda ayudar por favor.
>

Primero esto es un OT y segundo te envío link a comentarios de su
creador en relación a soporte.
https://sourceforge.net/p/safemicrofin/discussion/837216/thread/2e0332e3/

Prueba escribirle a su autor, así le explicas tu proyecto y si no vas
a cobrar capaz que te de soporte gratis.

Ahora que si tu proyecto es con fines comerciales, vamos también los
desarrolladores tienen que comer, ¿Verdad?

Saludos.

-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: troubleshooting Kmail

[Gene Heskett]

On Monday 19 February 2018 15:52:37 m...@neidorff.com wrote:

> On Monday, February 19, 2018 3:16:20 PM EST deloptes wrote:
> > Brad Rogers wrote:
> > > So far, my experience with KDE/QT5 has been good;  Things that
> > > were, in the past, broken, now work again.  I've not found
> > > anything wrong at all.
> >
> > yes a friend installed it and showed it to me, so the difference was
> > there. I also looked at Qt5 and the Sailfish OS project - it is
> > impressive.
> >
> > > That said, I don't now, nor have I ever, used kmail, so can't
> > > comment about the state of play there.
> >
> > but this friend also does not user kmail and I am a heavy kmail
> > user. And even kmail is not the problem but the attitude of the KDE
> > team.
>
> I am a long time kmail user.  I have noticed significant improvment in
> stability and the filtering of incoming mail.  I use the filtering
> extensively. Before the last release, at the beginning of a KDE
> session, filtering was OK, but it slowed down with use.  In the latest
> version, it is extremely fast, and it doesn't get slower with use. 
> The only "bug" I have found in this version of kmail (5.5.2) is that
> an occasional "ghost" message will be in a folder and can't be
> removed.  I store emails locally via IMAP--one message per file--and
> except for the ghosts, I am extremely pleased.  I currently have over
> 126,000 messages stored and about 8 "ghost" messages.  I searched
> through the individual files that contain the e-mails and I can't find
> files for the ghost messages.
>
> If the attitude of the KDE folks is the problem, please remember that
> they are not full time KDE programmers and customer service is
> probably not their strong suit.
>
> I don't know if you consider this a valid comparison or not, but:
> In October 2017 (as I recall), my bank (which shall remain nameless)
> announced that there would be a new version of the on-line access
> software coming out on January 1st.  Then, around January 10th they
> announced that the upgrade had some unresolved issues, and would not
> be rolled out until February 1st. February 1st arrived and passed. 
> The new software was put in place on the 12th.  Since then, I have
> been unable to login to my account.  No help on the screen.  When I
> called last week, they said that they were ware of the problem and
> were working very hard to resolve it.  No apology.  They can tell me
> my balance over the phone, but that is about it.  IMO, this is absurd.
>
> Mark

That would result in my 5 digit balance being moved. However a phone call 
generally resolves the problem, but the threat is there, and they know 
it.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Instalar S.A.F.E Open Source Microfinance Suite

[Moises Alberto Lindo Gutarra]

http://wiki.opencorebanking.com/doku.php?id=instalacion

El 19 de febrero de 2018, 18:11, Elvin Rodriguez 
escribió:

> Buenas tardes estimados,
>
> alguien por aquí ha instalado el software S.A.F.E Open Source Microfinance
> Suite  y me pueda ayudar por favor.
>
>
> --
>
> *Saludos,*
> *Atte.*
> *Elvin Rodriguez.*
>
>


-- 
Atte.
Moisés Alberto Lindo Gutarra
Asesor - Desarrollador Java / Open Source
Linux Registered User #431131 - http://linuxcounter.net/
Cel: (511) 995081720 - Rpm: *548913
EMail: mli...@gmail.com

Re: wiki

[Rodary Jacques]

Le lundi 19 février 2018, 08:12:57 CET Reco a écrit :
>   Hi.
> 
> On Mon, Feb 19, 2018 at 03:29:50AM +0100, Rodary Jacques wrote:
> > > Even if it did, the firewall have not come into play.
> > > Since the user saw HTTP 403 it means that HTTPS connection was
> > > established successfully, and a front-end (or back-end) webserver gave
> > > 403 code, which was transferred to a user.
> > > 
> > > >  Is it a web browser bug?  Nobody knows!
> > I was using Opera  browser,so quick,  but I just tried with firefox, so 
> > slow, but both mozilla, and the result is the same when google search ( 
> > which I don't use with  Opera)  gives me a lot of choices , all with 403 
> > result. My  public IP, 88.170.1.143 is the one my provider ( 
> > free.fr=proxad.fr)  gave me.
> 
> As I wrote earlier - try Tor.
> It seems that your network subnet was banned at wiki.debian.org.
> 
> Reco
I finally dared to install Tor an it works! So I will use wiki t o 
understand why the  "reply to" link in the list doesn't copy the subject 
'Re.;Re: < suject> in Kmail, as it did in Jessie without any setup by me. 
Thank you all  for your time.
Jacques 

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Gene Heskett]

On Monday 19 February 2018 15:43:16 Greg Wooledge wrote:

> On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote:
> > On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> > > apt-get install spectre-meltdown-checker
> >
> > not available for stretch on arm64, why?
>
> Because this package did not exist at the time stretch was frozen.
> Nor even at the time stretch was released.

Humph!

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: troubleshooting Kmail

[Gene Heskett]

On Monday 19 February 2018 15:33:55 Brian wrote:

> On Mon 19 Feb 2018 at 21:16:20 +0100, deloptes wrote:
> > Brad Rogers wrote:
> > > So far, my experience with KDE/QT5 has been good;  Things that
> > > were, in the past, broken, now work again.  I've not found
> > > anything wrong at all.
> >
> > yes a friend installed it and showed it to me, so the difference was
> > there. I also looked at Qt5 and the Sailfish OS project - it is
> > impressive.
> >
> > > That said, I don't now, nor have I ever, used kmail, so can't
> > > comment about the state of play there.
> >
> > but this friend also does not user kmail and I am a heavy kmail
> > user. And even kmail is not the problem but the attitude of the KDE
> > team.
>
> This is the second time you have ascribed dubious motives to the KDE
> team. Technical criticisms are within the bounds of posting to -user;
> crediting them with some unspecified "attitude" and disregarding
> fixing "broken stuff" isn't.

Even if its true? I have, in the past, been told off by Mr. Ingo Klocker. 
The net result is that I'm useing TDE on my two most powerfull machines. 
And I will continue to promote it as a stable, just works, alternative 
to the high speed blender throwing stuff on the walls that is kde.
Or was at about 4.0. No clue what it is now. The kmail problem that 
resulted in my final msg from Mr. Klocker, has since been more than 
alleviated by offloading its mail fetching duties to fetchmail and 
procmail, coupled to kmail by a bash script I wrote using inotifywait, 
so the 2 minute freeze while it fetches mail from my isp's server, is 
now a fraction of a second while it fetches the mail 
from /var/spool/mail after being told over dbus that mail has arrived.. 

I'm basically a lazy old (83) coot, who handles his incoming mail by 
using the plus key to goto the next unread message, if its something I 
might help with, click on the correct reply format, start typing in the 
composer that appears, when done, ctrl-return sends it and the plus key 
brings up the next msg until there are none left. Or I have to leave and 
take care of my fading (repaired broken hip, late stage COPD) wife.  How 
much simpler can it get?

That bash script? Just ask.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Lange]

On Mon, 19 Feb 2018 15:43:16 -0500
Greg Wooledge  wrote:

> On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote:
> > On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> > > apt-get install spectre-meltdown-checker
> > not available for stretch on arm64, why?
> 
> Because this package did not exist at the time stretch was frozen.
> Nor even at the time stretch was released.
> 
> 

Yes, with Stretch you need the backports.

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

You!  What PLANET is this!
-- McCoy, "The City on the Edge of Forever", stardate
3134.0

Instalar S.A.F.E Open Source Microfinance Suite

[Elvin Rodriguez]

Buenas tardes estimados,

alguien por aquí ha instalado el software S.A.F.E Open Source Microfinance
Suite  y me pueda ayudar por favor.


-- 

*Saludos,*
*Atte.*
*Elvin Rodriguez.*

Re: Actualització BIOS

[Àlex]

Com tu dius, millor no actualitzar firmwares i BIOS si tot et va bé. Si
falla el procés d'actualització et quedes sense equip.

> 1.- El fet que aquesta eina contingui fitxers BAT, EXE, ... significa
> que únicament ho han de fer la gent que té Windows com a sistema
> operatiu en aquest equip?

Malgrat del fitxer que descarregues apareix un o dos fitxers .bin que
contenen el nou firmware, el programa que l'actualitza és per Windows.

No cal que t'instal.lis Windows. Pots arrencar amb un LiveCD de Windows:
el que anomenen WinPE.

> 2.- En cas negatiu, això d'unetbootin, funciona amb Linux? Hi ha alguna
> eina similar per obtenir un USB amb FreeDOS?

Unetbootin i d'altres eines el que fan és posar-te una ISO d'un CD o DVD
a un USB, de tal manera que pots arrencar amb el USB  com arrencaries
amb el CD.

Sí que pots crear un USB amb FreeDOS. El mateix Unetbootin et deixa
escollir FreeDOS com a imatge, el descarrega i l'instal.la a l'USB
d'arrencada.

Però els programes que dius que t'actualitzen el firmware son per
Windows, no per DOS.


> 3.- Relacionat amb el punt 2, m'he de buscar un ordinador Win per fer el
> procés de generar un USB auto-arrencable com ho han ells a la guia [4]?
> A la feina en tinc però ara és curiositat. Hi hauria alguna diferència
> si uses una eina Linux per fer un USB auto-arrencable?

No. Pots generar-lo amb Linux. Cap problema.

Re: SSH session audit

[David Christensen]

On 02/19/18 04:51, m...@risca.eu wrote:

Hi,

I'm co-managing a server with a friend of mine offering ourself some
 basic service (like emails, file sharing, etc). At this time each of
us can freely login on the server via ssh (we trust each others) for
the daily administrative tasks.

I would like to improve the current set up by adding a layer of 
certification and proofing of the ssh session, because if you know

that you are recorded you'll be enforce to behave better. For this
scope I've found many different possible solution, but quite complex
to be implemented (like ssh proxy that records the session [1]), or
too basic (like using /usr/bin/script). So far none of those that
I've found satisfy me.

About that I remember that some time ago (maybe one or two years ago)
I read a post on planet debian about such a method for session audit.
It was suggesting as an easy to run solution for external consultant:
the recording and encrypting of the remote session was performed
without requiring any proxy, letting to store the session data on a
dumb external host. From what I could remember I think that the idea
was something like recording the session with script like utilities 
(launched at session login), then periodically encrypting it with gpg

 and publishing on a local folder or on a remote resource. This way
the owner of the system could reliably access the session log, and
the remote person could always prove what he did at during the ssh
session.


That does not sound secure.  See the Byzantine Generals' Problem:

https://en.wikipedia.org/wiki/Byzantine_fault_tolerance



Do you know about that solution? Or could you suggest something
similar?

Thank you,

risca.

[1] ssh proxy solutions: ssh-bastion, KeyBox



On 02/19/18 08:34, Roberto C. Sánchez wrote:

You might want to consider a whitelist of commands accessible via
sudo. Each access of sudo is logged by the system and if you do not
permit the user modify system logs, then that may meet your
requirements.


+1 for sudo (no comment on the rest).  This book is good:

https://www.michaelwlucas.com/tools/sudo


David

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Fothergill]

On 19 February 2018 at 19:10, Michael Lange  wrote:

> Hi,
>
> On Mon, 19 Feb 2018 18:46:15 +
> Michael Fothergill  wrote:
>
> > Are you saying that this link:
> > ​
> > https://security-tracker.debian.org/tracker/CVE-2017-5753
> >
> > ​which looks like it should be going to a spectre 1 fix is actually a
> > discussion and tables etc
> > of the spectre 2 fixes that are in the pipeline ie it is incorrectly
> > labelled?
>
> no, I meant to say that you were looking at the wrong place if you wanted
> to see if the "spectre-2" fix has arrived in debian, for this one you
> will have to look here:
>
> https://security-tracker.debian.org/tracker/CVE-2017-5715


​No, we were not looking for it.  I think a joint fix for meltdown and
spectre 1 would fit the bill at present .

I think this gcc 4.9 thing is an excellent development for this objective
and I salute it enthusiastically.

Regards

Michael​


>
>
> Regards
>
> Michael
>
> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.
>
> We'll pivot at warp 2 and bring all tubes to bear, Mr. Sulu!
>
>

Re: domain names, was: hostname

[rhkramer]

On Monday, February 19, 2018 03:59:18 PM Roberto C. Sánchez wrote:
> Essentially, you cannot guarantee that any arbirtary second-level or
> lower domain will remain unused. However, there are reserved top-level
> domains guaranteed to not be used in any standards-compliant
> implementation and you can also be somewhat certain that new top-level
> domains will not be introduced willy-nilly. So, if you wanted to use
> .abc123 as a top-level domain on your own network, you are probably
> safe.

I could / should have responded to an earlier post, but...

when, in the past, I needed a domain for my LAN, I used "home".

Since then, I've found that I really have no need of a domain name for my LAN. 

Re: domain names, was: hostname

[Roberto C . Sánchez]

On Mon, Feb 19, 2018 at 08:48:10PM +, Brian wrote:
> 
> .invalid should fit the bill. You don't get much help on this from the
> installer in expert mode though. My point was - how do you know what is
> non-existent? knickersoff.com was a revelation to me!
> 
It is all documented:
https://en.wikipedia.org/wiki/Top-level_domain#Reserved_domains

Essentially, you cannot guarantee that any arbirtary second-level or
lower domain will remain unused. However, there are reserved top-level
domains guaranteed to not be used in any standards-compliant
implementation and you can also be somewhat certain that new top-level
domains will not be introduced willy-nilly. So, if you wanted to use
.abc123 as a top-level domain on your own network, you are probably
safe.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: troubleshooting Kmail

[mark]

On Monday, February 19, 2018 3:16:20 PM EST deloptes wrote:
> Brad Rogers wrote:
> > So far, my experience with KDE/QT5 has been good;  Things that were, in
> > the past, broken, now work again.  I've not found anything wrong at all.
> 
> yes a friend installed it and showed it to me, so the difference was there.
> I also looked at Qt5 and the Sailfish OS project - it is impressive.
> 
> > That said, I don't now, nor have I ever, used kmail, so can't comment
> > about the state of play there.
> 
> but this friend also does not user kmail and I am a heavy kmail user.
> And even kmail is not the problem but the attitude of the KDE team.

I am a long time kmail user.  I have noticed significant improvment in 
stability and the filtering of incoming mail.  I use the filtering extensively. 
Before the last release, at the beginning of a KDE session, filtering was OK, 
but it slowed down with use.  In the latest version, it is extremely fast, and 
it doesn't get slower with use.  The only "bug" I have found in this version 
of kmail (5.5.2) is that an occasional "ghost" message will be in a folder and 
can't be removed.  I store emails locally via IMAP--one message per file--and 
except for the ghosts, I am extremely pleased.  I currently have over 126,000 
messages stored and about 8 "ghost" messages.  I searched through the 
individual files that contain the e-mails and I can't find files for the ghost 
messages.

If the attitude of the KDE folks is the problem, please remember that they are 
not full time KDE programmers and customer service is probably not their 
strong suit.  

I don't know if you consider this a valid comparison or not, but:
In October 2017 (as I recall), my bank (which shall remain nameless) announced 
that there would be a new version of the on-line access software coming out on 
January 1st.  Then, around January 10th they announced that the upgrade had 
some unresolved issues, and would not be rolled out until February 1st.  
February 1st arrived and passed.  The new software was put in place on the 
12th.  Since then, I have been unable to login to my account.  No help on the 
screen.  When I called last week, they said that they were ware of the problem 
and were working very hard to resolve it.  No apology.  They can tell me my 
balance over the phone, but that is about it.  IMO, this is absurd.

Mark

Re: domain names, was: hostname

[Reco]

Hi.

On Mon, Feb 19, 2018 at 08:30:28PM +, Joe wrote:
> On Mon, 19 Feb 2018 19:28:55 +
> Brian  wrote:
> 
> > On Mon 19 Feb 2018 at 19:08:42 +, Brad Rogers wrote:
> > 
> > > On Mon, 19 Feb 2018 18:58:25 +
> > > Brian  wrote:
> > > 
> > > Hello Brian,
> > >   
> > > >Avoiding using any of the examples you give is also recommended
> > > >because you do not own the domain name google.com and have no
> > > >right to use it.  
> > > 
> > > I took that as a given.
> > > 
> > > Still, it's probably as well to point it out because you never know;
> > > some buffoon may think it's clever or (forgive me for this) 'kewl'
> > > to do so.  
> > 
> > Could be inadvertent. ilovecats.com or scratchyouritch.com or
> > deeppockets.com look good and safe when you are installing.
> > microsoft20.com (but not google20.com) is ok until someone
> > registers it. 
> > 
> > The best thing is to leave the domain name field blank unless
> > you *know* you need one. I do not think either the installer
> > or the documentation put it like this.
> > 
> 
> It is somewhat safer to use a non-existent top level domain, though
> less so that it used to be. I would think '.invalid' ought to remain
> safe, but you never can tell what fools will do.

No, it's not safe, according to RFC 6761, chapter 6.4:

   2.  Application software MAY recognize "invalid" names as special or
   MAY pass them to name resolution APIs as they would for other
   domain names.

   3.  Name resolution APIs and libraries SHOULD recognize "invalid"
   names as special and SHOULD always return immediate negative
   responses.  Name resolution APIs SHOULD NOT send queries for
   "invalid" names to their configured caching DNS server(s).

   4.  Caching DNS servers SHOULD recognize "invalid" names as special
   and SHOULD NOT attempt to look up NS records for them, or
   otherwise query authoritative DNS servers in an attempt to
   resolve "invalid" names.  Instead, caching DNS servers SHOULD
   generate immediate NXDOMAIN responses for all such queries.  This
   is to avoid unnecessary load on the root name servers and other
   name servers.

If you need something that's *recognized* by IETF, and won't broke the
way yet another application developer sees fit, you need ".test".

Reco

Re: domain names, was: hostname

[Brian]

On Mon 19 Feb 2018 at 20:30:28 +, Joe wrote:

> On Mon, 19 Feb 2018 19:28:55 +
> Brian  wrote:
> 
> > On Mon 19 Feb 2018 at 19:08:42 +, Brad Rogers wrote:
> > 
> > > On Mon, 19 Feb 2018 18:58:25 +
> > > Brian  wrote:
> > > 
> > > Hello Brian,
> > >   
> > > >Avoiding using any of the examples you give is also recommended
> > > >because you do not own the domain name google.com and have no
> > > >right to use it.  
> > > 
> > > I took that as a given.
> > > 
> > > Still, it's probably as well to point it out because you never know;
> > > some buffoon may think it's clever or (forgive me for this) 'kewl'
> > > to do so.  
> > 
> > Could be inadvertent. ilovecats.com or scratchyouritch.com or
> > deeppockets.com look good and safe when you are installing.
> > microsoft20.com (but not google20.com) is ok until someone
> > registers it. 
> > 
> > The best thing is to leave the domain name field blank unless
> > you *know* you need one. I do not think either the installer
> > or the documentation put it like this.
> > 
> 
> It is somewhat safer to use a non-existent top level domain, though
> less so that it used to be. I would think '.invalid' ought to remain
> safe, but you never can tell what fools will do.

.invalid should fit the bill. You don't get much help on this from the
installer in expert mode though. My point was - how do you know what is
non-existent? knickersoff.com was a revelation to me!

Leave (or make) it blank should be the advice for most users; it is of
no importance and (I suspect) only confuses them.

-- 
Brian.

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Greg Wooledge]

On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote:
> On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> > apt-get install spectre-meltdown-checker
> not available for stretch on arm64, why?

Because this package did not exist at the time stretch was frozen.
Nor even at the time stretch was released.

Re: troubleshooting Kmail

[Brian]

On Mon 19 Feb 2018 at 21:16:20 +0100, deloptes wrote:

> Brad Rogers wrote:
> 
> > So far, my experience with KDE/QT5 has been good;  Things that were, in
> > the past, broken, now work again.  I've not found anything wrong at all.
> > 
> 
> yes a friend installed it and showed it to me, so the difference was there.
> I also looked at Qt5 and the Sailfish OS project - it is impressive.
> 
> > That said, I don't now, nor have I ever, used kmail, so can't comment
> > about the state of play there.
> 
> but this friend also does not user kmail and I am a heavy kmail user.
> And even kmail is not the problem but the attitude of the KDE team.

This is the second time you have ascribed dubious motives to the KDE
team. Technical criticisms are within the bounds of posting to -user;
crediting them with some unspecified "attitude" and disregarding fixing
"broken stuff" isn't.

-- 
Brian.

Re: domain names, was: hostname

[Joe]

On Mon, 19 Feb 2018 19:28:55 +
Brian  wrote:

> On Mon 19 Feb 2018 at 19:08:42 +, Brad Rogers wrote:
> 
> > On Mon, 19 Feb 2018 18:58:25 +
> > Brian  wrote:
> > 
> > Hello Brian,
> >   
> > >Avoiding using any of the examples you give is also recommended
> > >because you do not own the domain name google.com and have no
> > >right to use it.  
> > 
> > I took that as a given.
> > 
> > Still, it's probably as well to point it out because you never know;
> > some buffoon may think it's clever or (forgive me for this) 'kewl'
> > to do so.  
> 
> Could be inadvertent. ilovecats.com or scratchyouritch.com or
> deeppockets.com look good and safe when you are installing.
> microsoft20.com (but not google20.com) is ok until someone
> registers it. 
> 
> The best thing is to leave the domain name field blank unless
> you *know* you need one. I do not think either the installer
> or the documentation put it like this.
> 

It is somewhat safer to use a non-existent top level domain, though
less so that it used to be. I would think '.invalid' ought to remain
safe, but you never can tell what fools will do.

-- 
Joe

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Gene Heskett]

On Monday 19 February 2018 13:31:46 Michael Lange wrote:

> Hi,
>
> On Mon, 19 Feb 2018 14:10:14 +
> Brad Rogers  wrote:
>
> (...)
>
> > If anyone wants to check their (linux) system specifically for the
> > current state of spectre+meltdown mitigation on a given machine then
> > have a look here:
> >
> > https://github.com/speed47/spectre-meltdown-checker
> >
> > Really simple instructions are as follows:
>
> (...)
>
> With debian it is even simpler:
>
> apt-get install spectre-meltdown-checker
not available for stretch on arm64, why?

> sudo spectre-meltdown-checker
>
> Regards
>
> Michael
>
>
> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. .
> .-.
>
> The sight of death frightens them [Earthers].
>   -- Kras the Klingon, "Friday's Child", stardate 3497.2



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: troubleshooting Kmail

[Gene Heskett]

On Monday 19 February 2018 10:38:57 m...@neidorff.com wrote:

> On Sunday, February 18, 2018 4:02:04 PM EST Gene Heskett wrote:
> > On Sunday 18 February 2018 04:11:48 David Baron wrote:
> > > Kmail has been broken for weeks. No action, just excuses. Might
> > > simply have to abandon it after all these years.
> >
> > Then look at TDE, its kde forked at about the 3.5 point, with
> > kajillions of bugs fixed. I'm running it here, works perfect.
>
> Thanks Gene,
>
> I've been searching for the TDE e-mail client that you mention and I
> can't find it.  Can you please point me in the right direction?
>
> Mark

google for Trinity Desktop  Environment. It should point you someplace 
near to pearsoncomputing.net IIRC. 


-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: troubleshooting Kmail

[deloptes]

Brad Rogers wrote:

> So far, my experience with KDE/QT5 has been good;  Things that were, in
> the past, broken, now work again.  I've not found anything wrong at all.
> 

yes a friend installed it and showed it to me, so the difference was there.
I also looked at Qt5 and the Sailfish OS project - it is impressive.

> That said, I don't now, nor have I ever, used kmail, so can't comment
> about the state of play there.

but this friend also does not user kmail and I am a heavy kmail user.
And even kmail is not the problem but the attitude of the KDE team.

Re: where can i find a list of usb wireless card that are supported by linux?

[Glenn English]

On Mon, Feb 19, 2018 at 7:33 AM, Long Wind  wrote:

> i don't like to install additional driver
> i wish default linux kernel already has driver

You might take a look at some of the Raspberry Pi sites. The RPis run
on a variation (recompiled for its non-Winders board) of Debian, and
there are a number of USB WiFi dongles that work with it, without any
added software.

IIRC, the one(s) from Plugable worked nicely.

-- 
Glenn English

Re: My site has become unreachable when I've implemented SSL

[Aldo Maggi]

Thank you for your fast answer!

root@Casa-mia-1:~# lsof -i :443
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2  879 root6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  948 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  949 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  950 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  951 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2  952 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2 1385 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2 1386 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)
apache2 3386 www-data6u  IPv6  20270  0t0  TCP *:https (LISTEN)

As for ufw, indeed port 443 was not enabled and I had problems in doing
it (bad port), at the end I wrote:
ufw allow https
Rule added
Rule added (v6)

now I have:

root@Casa-mia-1:~# ufw status
Status: active

To Action  From
-- --  
22/tcp ALLOW   Anywhere  
CUPS   ALLOW   Anywhere  
..
Telnet ALLOW   Anywhere  
VNCALLOW   Anywhere  
WWWALLOW   Anywhere  
Anywhere   ALLOW   192.168.3.100 
Anywhere   ALLOW   192.168.3.0/24
/tcp   ALLOW   Anywhere  
5900:5910/tcp  ALLOW   Anywhere  
2049   ALLOW   192.168.3.100 
80/tcp ALLOW   Anywhere  
443/tcpALLOW   Anywhere  
22/tcp (v6)ALLOW   Anywhere (v6) 
CUPS (v6)  ALLOW   Anywhere (v6) 
...
WWW (v6)   ALLOW   Anywhere (v6) 
/tcp (v6)  ALLOW   Anywhere (v6) 
5900:5910/tcp (v6) ALLOW   Anywhere (v6) 
80/tcp (v6)ALLOW   Anywhere (v6) 
443/tcp (v6)   ALLOW   Anywhere (v6) 

root@Casa-mia-1:~# systemctl restart apache2

but ... no avail, still "connection refused"

What else could be the culprit :-D

Thanks for your time!

Aldo :-)

P.S. Furthermore in /apache2/error.log I find:
PHP Warning:  PHP Startup: Unable to load dynamic library
'/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so: cannot
open shared object file: No such file or directory in Unknown on line 0

Il giorno Mon, 19 Feb 2018 12:48:25 -0500
Greg Wooledge  ha scritto:

> On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:
> > Anyway, now if I browse writing my IP I get the Apache default page
> > (the browser tells me, anyway, that the site is unsecure), if I
> > write the name of the site I get (traslated from Italian):
> > Unable to reach the site
> > Connection denied by mysite.com  
> 
> "Connection refused" (the correct English translation) means that
> either the service is not listening to that port, or the packets
> were rejected by a firewall.
> 
> You will need to examine both of those possibilities.
> 
> Making sure the service is listening on :443 should be fairly easy.
> You can use "lsof -i :443" for example, or some ss or netstat command.
> 
> Checking whether you have a firewall blocking incoming 443 will be
> a bit harder.
> 

Re: hostname

[bolakim53]

 Re: hostname
to : Greg Wooledge 
https://lists.debian.org/debian-user/2018/02/msg00878.html


i subscribed only for sending you this *public/quick response :
1° https://www.vitals.com/doctors/Dr_Monique_Anawis.html or crtl +
2° take a nap
3° i thank you for your answer
(a) https://lists.debian.org/debian-user/2018/02/msg00642.html
but it is a new topic
(b)https://lists.debian.org/debian-user/2018/02/msg00809.html
related to :
a1 : 
https://lists.debian.org/debian-user/2018/02/msg00801.html
a2 : 
https://lists.debian.org/debian-user/2018/02/msg00803.html
and i do not understand why you stay glue on the first one
(c) https://lists.debian.org/debian-user/2018/02/msg00639.html
which is solved.
(d).https://lists.debian.org/debian-user/2018/02/msg00653.html
4° It appears you mix fud & the freedom of speech (& information that 
you
dislike).
PS: i am maybe wrong but it seems that you answer reading the title
forgetting to follow the discussion ...

Re: domain names, was: hostname

[Brian]

On Mon 19 Feb 2018 at 19:08:42 +, Brad Rogers wrote:

> On Mon, 19 Feb 2018 18:58:25 +
> Brian  wrote:
> 
> Hello Brian,
> 
> >Avoiding using any of the examples you give is also recommended because
> >you do not own the domain name google.com and have no right to use it.
> 
> I took that as a given.
> 
> Still, it's probably as well to point it out because you never know;
> some buffoon may think it's clever or (forgive me for this) 'kewl' to
> do so.

Could be inadvertent. ilovecats.com or scratchyouritch.com or
deeppockets.com look good and safe when you are installing.
microsoft20.com (but not google20.com) is ok until someone
registers it. 

The best thing is to leave the domain name field blank unless
you *know* you need one. I do not think either the installer
or the documentation put it like this.

-- 
Brian. 

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Lange]

Hi,

On Mon, 19 Feb 2018 18:46:15 +
Michael Fothergill  wrote:

> Are you saying that this link:
> ​
> https://security-tracker.debian.org/tracker/CVE-2017-5753
> 
> ​which looks like it should be going to a spectre 1 fix is actually a
> discussion and tables etc
> of the spectre 2 fixes that are in the pipeline ie it is incorrectly
> labelled?

no, I meant to say that you were looking at the wrong place if you wanted
to see if the "spectre-2" fix has arrived in debian, for this one you
will have to look here:

https://security-tracker.debian.org/tracker/CVE-2017-5715

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

We'll pivot at warp 2 and bring all tubes to bear, Mr. Sulu!

Re: troubleshooting Kmail

[Brad Rogers]

On Mon, 19 Feb 2018 19:14:35 +0100
deloptes  wrote:

Hello deloptes,

>was thinking recently to have a look at KDE as they released KDE5 (Qt5)
>and it looked promising, but if they have still same attitude to
>release broken

So far, my experience with KDE/QT5 has been good;  Things that were, in
the past, broken, now work again.  I've not found anything wrong at all.

That said, I don't now, nor have I ever, used kmail, so can't comment
about the state of play there.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
It's becoming an obsession
Teenage Depression - Eddie & The Hot Rods


pgpf3WpYAgcaz.pgp
Description: OpenPGP digital signature

Re: domain names, was: hostname

[Brad Rogers]

On Mon, 19 Feb 2018 18:58:25 +
Brian  wrote:

Hello Brian,

>Avoiding using any of the examples you give is also recommended because
>you do not own the domain name google.com and have no right to use it.

I took that as a given.

Still, it's probably as well to point it out because you never know;
some buffoon may think it's clever or (forgive me for this) 'kewl' to
do so.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Did you do it for fame, did you do it in a fit?
Identity - X-Ray Spex


pgpWODERi8ZqM.pgp
Description: OpenPGP digital signature

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Brad Rogers]

On Mon, 19 Feb 2018 19:31:46 +0100
Michael Lange  wrote:

Hello Michael,

>With debian it is even simpler:
>apt-get install spectre-meltdown-checker
>sudo spectre-meltdown-checker

I hadn't realised it was in the repos.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Hey there, Mr Average, you don't exist, you never did
Persons Unknown - Poison Girls


pgpq0oec1UPLO.pgp
Description: OpenPGP digital signature

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Fothergill]

On 19 February 2018 at 18:24, Michael Lange  wrote:

> Hi,
>
> On Mon, 19 Feb 2018 16:40:19 +
> Michael Fothergill  wrote:
>
> > On 19 February 2018 at 14:10, Greg Wooledge  wrote:
> >
> > > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En
> > > Ming wrote:
> > > > What are the patches that I can download and install to be protected
> > > > against the Meltdown and Spectre security vulnerabilities?
> > >
> > > Meltdown patch went out a month ago.
> > >
> > > Spectre, see here:
> > > https://security-tracker.debian.org/tracker/CVE-2017-5753
> >
> >
> > ​Please excuse my extreme ignorance here, but there is something
> > puzzling me a bit in the spectre web page..
> >
> > For the sid entry, the table says the following:
> >
> > Source PackageReleaseVersionStatus
> > sid 4.15.4-1vulnerable
> >
> > I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> > you compiled it with gcc 7.3 then the spectre fix would then work.
> >
> > Does the status indicator here refer to the spectre problem?
> >
> > If it does why does it say vulnerable?
>
> There seems to be some confusion in this thread.
> The page linked above refers to CVE-2017-5753 a.k.a. "Spectre-1".
>

Are you saying that this link:
​
https://security-tracker.debian.org/tracker/CVE-2017-5753

​which looks like it should be going to a spectre 1 fix is actually a
discussion and tables etc
of the spectre 2 fixes that are in the pipeline ie it is incorrectly
labelled?

Cheers

MF​



> You mean CVE-2017-5715 a.k.a. "Spectre-2".
>
> Regards
>
> Michael
>
> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.
>
> It would be illogical to assume that all conditions remain stable.
> -- Spock, "The Enterprise Incident", stardate 5027.3
>
>

Re: [likely out of luck]

[Thomas Schmitt]

Hi,

Richard Owlet wrote:
> I'm having problems problems with:
>   font and icon sizes

Look in the configuration for "DefaultFont", "WindowFont", "Style.*Font",
"IconFont", "Style.*IconFont".

Icon size might be "Style .* Iconsize". I don't have that one in my
configuration.


Warning:
The default icon of xterm takes input and executes shell commands. Eeek !

I disabled this by giving it a pixmap for the icon:
--
Style "XTerm"   IconOverride
Style "XTerm"   Icon display.xpm
--


>   setting wallpaper/background color

I have in my fvwm2 configuration a block that defines initial actions:
--
AddToFunc InitFunction
 +  "I" Module FvwmBanner
 +  "I" Exec xterm -ls -geometry +150+85
 +  "I" Module FvwmButtons
 +  "I" Exec xli -onroot -fillscreen -border 
/usr/share/X11/fvwm2/pixmaps/slate.gif
 +  "I" Module FvwmCommandS
--

The root window is set by executing program "xli".
Further i get a first xterm window and a few Fvwm-applications.


> I find menu items which should address my preferences.
> Some don't do anything.
> Some don't give wide enough selection, particularly wallpaper

You will have to find where those menus are defined in the configuration.

E.g. i see a mysterious item "Keyboardclicks" which is a menu with three
items.
In .fvwm2rc i have
--
AddToMenu settings_kbdclick_popup "Keyboardclicks"   Title
 + "hard"   Exec xset c 100
 + "Off"Exec xset c off
 + "soft"   Exec xset c on
--
So if i chose "Off", program "xset" is executed with arguments "c" and
"off".

If you want you menu items to do something, then you will tell them
which program or script to start with which options.
(As said, fvwm brings few own applications which are also quite lean.)


For interactive experiments before modifying the configuration:

The module "FvwmCommandS" in my InitFunction enables shell command
"FvwmCommand". Its man page says:
  FvwmCommand lets you monitor fvwm transaction and  issue  fvwm  command
  from  a shell command line or scripts.  FvwmCommand takes each argument
  as a fvwm command. Quotes can be used to send commands including spaces.
FvwmCommand 'FvwmPager 0 1'
 

Have a nice day :)

Thomas

Re: domain names, was: hostname

[Brian]

On Mon 19 Feb 2018 at 17:27:38 +, Brad Rogers wrote:

> On Mon, 19 Feb 2018 12:28:03 +
> Jeremy Nicoll  wrote:
> 
> Hello Jeremy,
> 
> >What, on a home LAN, is that used for?
> 
> Domain name may be used by your MUA for generating Message IDs(1)
> amongst other things.  It doesn't really matter what you select, but I'd
> avoid using something real world - google, facebook, microsoft, etc,
> for example.
> 
> (1) Hostname would be used, too.

Avoiding using any of the examples you give is also recommended because
you do not own the domain name google.com and have no right to use it.
Note that with an MUA like mutt you can generate whatever Message ID
you want.

-- 
Brian.

Re: domain names, was: hostname

[Brian]

On Mon 19 Feb 2018 at 10:23:56 -0600, David Wright wrote:

> On Mon 19 Feb 2018 at 12:28:03 (+), Jeremy Nicoll wrote:
> > On Thu, 15 Feb 2018, at 16:21, Dan Purgert wrote:
> > 
> > > > Later, once you understand how a local network works, you can come
> > > > up with a theme.  Or some convention that lets you identify the
> > > > computer by its name.  The name that you have chosen.
> > 
> > Machine-naming makes sense to me - having done that with a variety
> > of (blush) Windows machines in my LAN.  I've toyed with versions of 
> > Linux, and used a few live-CD ones over the years, and I'm fairly sure
> > that as well as being asked to supply a hostname I've also been asked 
> > to supply a domain value.
> > 
> > What, on a home LAN, is that used for?
> 
> Nothing, with the possible exceptions of:
> 
> . avoiding this message at boot up:
>   Mon Feb 19 04:58:38 2018: [] Starting MTA:hostname --fqdn did not 
> return a fully qualified name,
>   Mon Feb 19 04:58:38 2018: dc_minimaldns will not work. Please fix your 
> /etc/hosts setup.
> 
> . satisfying a broken smarthost¹,
> 
> . causing some discussion here.
> 
> However, even though bug #504427 has never been answered, I don't
> think I'm seeing this message any more except on wheezy (as above).
> So here I have:
> 
> $ cat /etc/mailname 
> alum

Debian's exim4 README says that mailname should be a FQDN. I find that
useful for sending mail to "anotheruser". But mailname has nothing to
do with domain as enquired about by Jeremy Nicoll.

> $ head /etc/hosts
> # /root/hosts-1-local-template
> # List of local hosts.
> # Adjust the two lines for this host when installing.
> # Check the IPv6 lines occasionally because they change them.
> 
> 127.0.0.1   localhost
> 127.0.1.1   alum

alum is the canonical_hostname. It is used by exim to HELO with. Many
mail servers will not accept mail directly from you because it is not a
FQDN.
 
> 192.168.1.1 router
> 192.168.1.2 roku2w
> $ 
> 
> I've sometimes wondered what other people dream up as their
> domainnames; that is, people who don't have a legitimate reason
> to put something like example.com.

Whatever is dreamt up as a domain name is put into /etc/hosts by the
installer as

127.0.1.1   alum.dreamtupalum

-- 
Brian.

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Lange]

Hi,

On Mon, 19 Feb 2018 14:10:14 +
Brad Rogers  wrote:

(...)
> If anyone wants to check their (linux) system specifically for the
> current state of spectre+meltdown mitigation on a given machine then
> have a look here:
> 
> https://github.com/speed47/spectre-meltdown-checker
> 
> Really simple instructions are as follows:
(...)

With debian it is even simpler:

apt-get install spectre-meltdown-checker
sudo spectre-meltdown-checker

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

The sight of death frightens them [Earthers].
-- Kras the Klingon, "Friday's Child", stardate 3497.2

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Lange]

On Mon, 19 Feb 2018 21:00:08 +0300
Reco  wrote:

> On Mon, Feb 19, 2018 at 05:24:18PM +, Michael Fothergill wrote:
> > On 19 February 2018 at 17:03, Reco  wrote:
> > 
> > > Hi.
> > >
> > > On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> > > > I had thought up to now that e.g. kernel 4.15.4-1 was new enough
> > > > that if you compiled it with gcc 7.3 then the spectre fix would
> > > > then work.
> > >
> > > Not unless you apply the retpoline patch to the gcc.
> > >
> > > For instance, just today said patch was applied to the Debian stable
> > > version of gcc, gcc-4.9:
> > >
> > > https://www.debian.org/security/2018/dsa-4117

I believe gcc-4.9 is "oldstable" (Jessie). 

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Totally illogical, there was no chance.
-- Spock, "The Galileo Seven", stardate 2822.3

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Lange]

Hi,

On Mon, 19 Feb 2018 16:40:19 +
Michael Fothergill  wrote:

> On 19 February 2018 at 14:10, Greg Wooledge  wrote:
> 
> > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En
> > Ming wrote:
> > > What are the patches that I can download and install to be protected
> > > against the Meltdown and Spectre security vulnerabilities?
> >
> > Meltdown patch went out a month ago.
> >
> > Spectre, see here:
> > https://security-tracker.debian.org/tracker/CVE-2017-5753
> 
> 
> ​Please excuse my extreme ignorance here, but there is something
> puzzling me a bit in the spectre web page..
> 
> For the sid entry, the table says the following:
> 
> Source PackageReleaseVersionStatus
> sid 4.15.4-1vulnerable
> 
> I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> you compiled it with gcc 7.3 then the spectre fix would then work.
> 
> Does the status indicator here refer to the spectre problem?
> 
> If it does why does it say vulnerable?

There seems to be some confusion in this thread.
The page linked above refers to CVE-2017-5753 a.k.a. "Spectre-1".
You mean CVE-2017-5715 a.k.a. "Spectre-2".

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

It would be illogical to assume that all conditions remain stable.
-- Spock, "The Enterprise Incident", stardate 5027.3

Re: troubleshooting Kmail

[deloptes]

m...@neidorff.com wrote:

> On Sunday, February 18, 2018 4:02:04 PM EST Gene Heskett wrote:
>> On Sunday 18 February 2018 04:11:48 David Baron wrote:
>> > Kmail has been broken for weeks. No action, just excuses. Might simply
>> > have to abandon it after all these years.
>> 
>> Then look at TDE, its kde forked at about the 3.5 point, with kajillions
>> of bugs fixed. I'm running it here, works perfect.
>> 
> 
> Thanks Gene,
> 
> I've been searching for the TDE e-mail client that you mention and I can't
> find
> it.  Can you please point me in the right direction?
> 
> Mark

It has it's own repository and desktop - its called TDE :)
https://trinitydesktop.org/

What Gene suggested is to stop wasting time with KDE and go for TDE [1]. I
was thinking recently to have a look at KDE as they released KDE5 (Qt5) and
it looked promising, but if they have still same attitude to release broken
stuff and jeopardize user experience and confidence - I won't waste time
for now.

regards

[1]
https://wiki.trinitydesktop.org/Category:Documentation#Installing_from_a_Package_Manager

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Reco]

On Mon, Feb 19, 2018 at 05:24:18PM +, Michael Fothergill wrote:
> On 19 February 2018 at 17:03, Reco  wrote:
> 
> > Hi.
> >
> > On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> > > I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> > > you compiled it with gcc 7.3 then the spectre fix would then work.
> >
> > Not unless you apply the retpoline patch to the gcc.
> >
> > For instance, just today said patch was applied to the Debian stable
> > version of gcc, gcc-4.9:
> >
> > https://www.debian.org/security/2018/dsa-4117
> >
> > Reco
> >
> > Doesn't that mean that if you installed this version of gcc 4.9 and one
> of the most recent kernels debian has e.g. 4.15.4-1 above
> then it will be able to correct install the microcode or whatever it is
> called and you don't need a compiler as new as gcc 7.3?
> 
> If so that is excellent news indeed.

I'm unsure of linux-4.15, but it should be possible to use patched
gcc-4.9 to build backported linux-4.14+89. Whenever they applied the
second part of retpoline patch to this kernel remains to seen.

Being lazy I'll just wait while Debian Kernel Team builds a patched
kernel for all of us.

Reco

Re: Issues while installing Debian

[Raju Devidas]

On 02/19/2018 10:14 PM, 啊肥坚lolz wrote:
> Hello Debian Team,
>
> I faced an issue while installing Debian.
> Please Have A Look At My Issue If Can, Thank You.
>
> I'm using non-graphical (text) installer to install Debian, After a
> manual partitioning, The installation started(system installation)
>
> After installing till 7% it say installation step failed, I started
> the installation again(and even formatted the disk), This problem
> still occurred.
>
> This issue many people may happened before.
> So I searched online(google) and didn't found any solution. I even
> looked into the debian installation documentation.
>
> Here are some of my computer specifications for you if you requires:
>
> Intel Core 2 Duo E6400
> 1GB RAM(1014MB)
> Intel Express Chipset Q45
>
> The Installation Images(ISO) I downloaded from debian website is a 
> i386 architecture live image(DVD).
>
> Please Reply If You Need More Information About My Issue.
Use DVD1 from this page.
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/

let us know, if you still face issues later


>
> Thanks For Your Reading.
> Looking Forward For Your Reply.

Re: Thunderbird + ClamAV

[Alex Muntada]

Hola Robert,

> Hi ha una opció a les preferències de Thunderbird que serveix per
> mantenir el corrent de correus-e descarregat de forma individual en un
> directori abans d'enviar-los a la carpeta d'entrada (inbox). D'aquesta
> manera els antivirus puden repassar-los 1 a 1 i saber quin conté el
> "regalet" i poder-hi fer quelcom.
> 
> L'ajuda de Thunderbird [1] diu precisament el que jo he dit al paràgraf
> anterior però, inexplicablement, no diu quin és, ni on és aquest
> directori. Algú podria donar-me un cop de mà?

«With this setting enabled, incoming messages will be stored in a
temporary folder on your computer, before being moved to your
Thunderbird inbox.»

Crec que «temporary» vol dir que el correu acabarà anant on havia
d'anar però abans s'analitzaran tots els seus components per
separat (adjunts, comprimits, etc.) en un directori temporal per
fer l'anàlisi (segurament sigui /tmp o algun de propi dins el
perfil del thunderbird).

Pots provar amb iwatch si localitzes els fitxers que obre el
thunderbird, per confirmar-ho (no ho he provat).

Si el que vols és tenir les carpetes de correu amb el format
maildir (un fitxer per missatge) enlloc del format mbox que ve
per defecte, has d'anar al menú Advanced » General i buscar
«Message Store Type for new accounts» (fixa't que diu que només
s'aplicarà als comptes nous de correu).

Salut,
Alex



signature.asc
Description: PGP signature

Re: My site has become unreachable when I've implemented SSL

[Greg Wooledge]

On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:
> Anyway, now if I browse writing my IP I get the Apache default page
> (the browser tells me, anyway, that the site is unsecure), if I write
> the name of the site I get (traslated from Italian):
> Unable to reach the site
> Connection denied by mysite.com

"Connection refused" (the correct English translation) means that
either the service is not listening to that port, or the packets
were rejected by a firewall.

You will need to examine both of those possibilities.

Making sure the service is listening on :443 should be fairly easy.
You can use "lsof -i :443" for example, or some ss or netstat command.

Checking whether you have a firewall blocking incoming 443 will be
a bit harder.

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Fothergill]

On 19 February 2018 at 17:03, Reco  wrote:

> Hi.
>
> On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> > I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> > you compiled it with gcc 7.3 then the spectre fix would then work.
>
> Not unless you apply the retpoline patch to the gcc.
>
> For instance, just today said patch was applied to the Debian stable
> version of gcc, gcc-4.9:
>
> https://www.debian.org/security/2018/dsa-4117
>
> Reco
>
> ​Doesn't that mean that if you installed this version of gcc 4.9 and one
of the most recent kernels debian has e.g. 4.15.4-1 above
then it will be able to correct install the microcode or whatever it is
called and you don't need a compiler as new as gcc 7.3?

If so that is excellent news indeed.

No chrooting needed there..

Not a sausage of it.

You would have to run the compiler but the kernel source for 4.15.4-1 would
already be in the debian format.

So it should not be that difficult.

Regards

MF











​

My site has become unreachable when I've implemented SSL

[Aldo Maggi]

I had my site on my pc and I didn't use SSL, I've bought a small home
server and have decided to move my site there.
I did everything from the beginning (to be frank, with the help of
Google!)
So, I've installed MariaDb, Apache2 and PHP7.x and got to the point to
see the Apache2 default page both opening the site from the Lan and
from the Wan.
I've started implementing SSL:
a2enmod ssl
a2ensite default-ssl

restarted Apache but this time opening my site the 
program advised that the server was badly configured
I've thought it could be beacause I didn't have a Certificate, so have
created the SSL Certificate with this command:

letsencrypt --apache -d mysite.com (obviously mysite.com replaces the
actual name of my site)

Anyway, now if I browse writing my IP I get the Apache default page
(the browser tells me, anyway, that the site is unsecure), if I write
the name of the site I get (traslated from Italian):
Unable to reach the site
Connection denied by mysite.com

I thank you in advance for any help !

Aldo :-)

Re: [likely out of luck]

[Richard Owlett]

On 02/17/2018 01:46 PM, John Hasler wrote:

See 

and 

The basic difference, though, is that a desktop environment tries to
enforce uniformity and coordinated aesthetics on all applications in the
Microsoft and Apple way while a window manager manages windows.

Look at fvwm-crystal.



I looked
I liked
I loaded-- used Synaptic to install from repository
I launched

I'm having problems problems with:
  font and icon sizes
  setting wallpaper/background color

I find menu items which should address my preferences.
Some don't do anything.
Some don't give wide enough selection, particularly wallpaper

As lvwm was also installed I'll see it will lead me.
I've a collection of lvwm sites to check for hints.
Suggestions?

Thanks

Re: domain names, was: hostname

[Brad Rogers]

On Mon, 19 Feb 2018 12:28:03 +
Jeremy Nicoll  wrote:

Hello Jeremy,

>What, on a home LAN, is that used for?

Domain name may be used by your MUA for generating Message IDs(1)
amongst other things.  It doesn't really matter what you select, but I'd
avoid using something real world - google, facebook, microsoft, etc,
for example.

(1) Hostname would be used, too.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
First night nerves every one night stand
What A Waste - Ian Dury And The Blockheads


pgp6gOjEGldyy.pgp
Description: OpenPGP digital signature

Re: I do not want to install Linux

[Nicholas Geovanis]

And as that page advises, beware the plume:
Studies have shown aerosol droplets are produced by flushing the
toilet, that enter the air of the room. No proven cases of infection
have been found, and the risk is unknown. A Fecal-oral route was
demonstrated for aerosol droplets that are produced by flushing the
toilet. These aerosols are also called "toilet plume".

On Thu, Feb 15, 2018 at 8:08 AM, Michael Fothergill
 wrote:
>
>
> On 15 February 2018 at 13:55, Ken Heard  wrote:
>>
>> On 2018-02-08 15:57, Michael Fothergill wrote:
>>
>> > Actually Kali Linux [1] is pretty cool and definitely worth a look.
>> > And, as a Debian derivative, it is a wonderful illustration of the
>> > things the Debian culture makes possible (another being Ubuntu, of
>> > course).
>> >
>> >> I guess I could give it a try.  I have run Bodhi Linux.  That is quite
>> >> good.
>> >
>> I would rather wait for Brahma and try to avoid Shiva, but I may have to
>> settle for Vishnu.
>>
>> Ken
>
>
> I would be interested in Bramah
> (Joseph) see here:
>  https://en.wikipedia.org/wiki/Flush_toilet
>
> Cheers
>
> MF
>

Re: Stretch net install on EeePC - unable to resolve mirror host address

[Brian]

On Mon 19 Feb 2018 at 09:46:27 -0500, Gene Heskett wrote:

> On Monday 19 February 2018 07:44:04 Brian wrote:
> 
> > On Sun 18 Feb 2018 at 20:21:57 -0500, Gene Heskett wrote:
> > > On Sunday 18 February 2018 18:47:58 Brian wrote:
> > > > On Sun 18 Feb 2018 at 17:51:50 -0500, Gene Heskett wrote:
> > > > > On Sunday 18 February 2018 17:19:48 Roger Price wrote:
> > > >
> > > > [Snipped]
> > > >
> > > > > > It looks as if the network setup in the EeePC is correct, but
> > > > > > wget fails. Any suggestion would be very welcome, Roger
> > > > >
> > > > > Check the list, I think wget was mentioned as a problem child
> > > > > child within the last 2 or 3 weeks. Is the machine fully
> > > > > uptodate?
> > > >
> > > > What significance does "fully uptodate" have when using the
> > > > installer?
> > >
> > > The install media may be dated, so if it will boot at all, the first
> > > thing should be to update it and see if wget is replaced and now
> > > works.
> >
> > Sounds reasonable until one realises the installer uses a busybox
> > version of wget. And busybox hasn't changed during the lifetime of
> > 9.x.x.
> 
> while wget (and curl) has been updated, apparently trying to fix a bug or 
> attack vector, several times in the last 6 weeks or so.
> 
> So this would appear to be a busybox problem from my point of view? Or 

I've been misleading (because I did not check /usr/bin within the
installer). Apologies. The installer actually uses wget 1.18-5+deb9u1,
not the busybox version.

-- 
Brian.

Re: Issues while installing Debian

[Hans]

Am Montag, 19. Februar 2018, 17:44:49 CET schrieb 啊肥坚lolz:
Don't use a live debian dvd. Use the official installer cd/dvd fromn debian's 
site. This is Debian, not Ubuntu!

Good luck

Hans
> Hello Debian Team,
> 
> I faced an issue while installing Debian.
> Please Have A Look At My Issue If Can, Thank You.
> 
> I'm using non-graphical (text) installer to install Debian, After a manual
> partitioning, The installation started(system installation)
> 
> After installing till 7% it say installation step failed, I started the
> installation again(and even formatted the disk), This problem still
> occurred.
> 
> This issue many people may happened before.
> So I searched online(google) and didn't found any solution. I even looked
> into the debian installation documentation.
> 
> Here are some of my computer specifications for you if you requires:
> 
> Intel Core 2 Duo E6400
> 1GB RAM(1014MB)
> Intel Express Chipset Q45
> 
> The Installation Images(ISO) I downloaded from debian website is a  i386
> architecture live image(DVD).
> 
> Please Reply If You Need More Information About My Issue.
> 
> Thanks For Your Reading.
> Looking Forward For Your Reply.

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Reco]

Hi.

On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> you compiled it with gcc 7.3 then the spectre fix would then work.

Not unless you apply the retpoline patch to the gcc.

For instance, just today said patch was applied to the Debian stable
version of gcc, gcc-4.9:

https://www.debian.org/security/2018/dsa-4117

Reco

Re: necesito usar squirrelmail por 443

[Alberto Luaces]

l...@ida.cu writes:

> Buenas a todos listeros
>
> Tengo postfix y squirrelmail en Debian lo tengo funcionando por puerto 80
>
> Que tengo que hacer para que el webmail con el Squirrelmail trabaje por
> puerto 443 ??

Entiendo que lo quieres para usar HTTPS en el servidor.  Para ello, lo
más importante es disponer de un certificado, que puede ser auto-firmado
o bien certificado por una autoridad externa que los navegadores más
comunes acepten.

Para lo segundo, se puede emplear el paquete "certbot", que está en
Debian y registra un certificado gratuitamente.  Además, hace la
configuración del servidor web automáticamente, con lo que los accesos
por el puerto 443 serán cifrados.

-- 
Alberto

Issues while installing Debian

[啊肥坚lolz]

Hello Debian Team,

I faced an issue while installing Debian.
Please Have A Look At My Issue If Can, Thank You.

I'm using non-graphical (text) installer to install Debian, After a manual
partitioning, The installation started(system installation)

After installing till 7% it say installation step failed, I started the
installation again(and even formatted the disk), This problem still
occurred.

This issue many people may happened before.
So I searched online(google) and didn't found any solution. I even looked
into the debian installation documentation.

Here are some of my computer specifications for you if you requires:

Intel Core 2 Duo E6400
1GB RAM(1014MB)
Intel Express Chipset Q45

The Installation Images(ISO) I downloaded from debian website is a  i386
architecture live image(DVD).

Please Reply If You Need More Information About My Issue.

Thanks For Your Reading.
Looking Forward For Your Reply.

Re: hostname

[Reco]

Hi.

On Mon, Feb 19, 2018 at 11:32:46AM -0500, Greg Wooledge wrote:
> On Sun, Feb 18, 2018 at 04:23:53PM -, bolaki...@mail2tor.com wrote:
> > In fact the topic came from an old article about the threat to 
> > be
> > hacked/targeted : backdoor & hostname_nsa tool.
> > Anyway the new equipment/hardware could solve all these 
> > 'confusion' in a
> > near future by simplifying the terminology and perhaps implementing
> > officially backdoors (software too ? on the tor blog someone asked the
> > question - no response). i wonder if the 'independent' dns will be
> > "allowed" but it is another story.
> 
> What on EARTH are you talking about now?
> 
> You appear to be concerned that your hostname contains secret information,
> and that having your hostname "leaked" to the rest of the world will be
> an issue for you?
> 
> If that's the case, try not putting secret information into your
> hostname.  E.g. naming your machine my_mothers_maiden_name_is_johnson
> might be a bad idea.

It is a bad idea regardless of information disclosure as it violates RFC
1123.


> Hope this helps.
> 
> P.S. Your text formatting is quite difficult to read.  Please separate
> your lines from the quoted lines with a blank line, and please do not
> indent your lines.

OP's using SquirrelMail, which is known to produce pure gibberish
instead of coherent text.

Reco

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Fothergill]

On 19 February 2018 at 14:10, Greg Wooledge  wrote:

> On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming
> wrote:
> > What are the patches that I can download and install to be protected
> > against the Meltdown and Spectre security vulnerabilities?
>
> Meltdown patch went out a month ago.
>
> Spectre, see here:
> https://security-tracker.debian.org/tracker/CVE-2017-5753


​Please excuse my extreme ignorance here, but there is something puzzling
me a bit in the spectre web page..

For the sid entry, the table says the following:

Source PackageReleaseVersionStatus
sid 4.15.4-1vulnerable

I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
you compiled it with gcc 7.3 then the spectre fix would then work.

Does the status indicator here refer to the spectre problem?

If it does why does it say vulnerable?

Is there something else causing a problem or barrier here that means you
can't use gcc 7.3 with what seems to be source code for this kernel
(maybe it's not the kernel source, please correct me here) or some other
confounding factor here?

Regards

MF









​

necesito usar squirrelmail por 443

[luis]

Buenas a todos listeros

Tengo postfix y squirrelmail en Debian lo tengo funcionando por puerto 80

Que tengo que hacer para que el webmail con el Squirrelmail trabaje por
puerto 443 ??

Agradezco toda ayuda

Re: SSH session audit

[Eero Volotinen]

Well. It's normal way to stream logs to centralized log server via rsyslog
or ossec..

Eero

19.2.2018 18.25  kirjoitti:

> On 2018-02-19 16:52, john doe wrote:
>
>> Isn't pam enough?:
>> https://linux.die.net/man/8/pam
>>
>> No need to install anything and it's quite versatile.
>>
>
> Yes, this is in line with the other suggested options such as snoopy or
> pam_tty_audit. It could work as audit system, but it seems to me as a
> solution for more structured and corporate environment.
> In the described case I would like a solution that store record the
> session in a safe way, immutable and trustable, therefore encrypting all
> (only the owners have to be able to read it) and hosted on a read only
> resource (the user who logins should not be able to delete it) and provable
> (signed).
> I think that with pam there is the risk that a user with full access right
> could easily delete all the logs. Or that the log could be altered after.
>
>

Re: SSH session audit

[Roberto C . Sánchez]

On Mon, Feb 19, 2018 at 05:21:13PM +0100, m...@risca.eu wrote:
> On 2018-02-19 16:52, john doe wrote:
> > Isn't pam enough?:
> > https://linux.die.net/man/8/pam
> > 
> > No need to install anything and it's quite versatile.
> 
> Yes, this is in line with the other suggested options such as snoopy or
> pam_tty_audit. It could work as audit system, but it seems to me as a
> solution for more structured and corporate environment.

OK.

> In the described case I would like a solution that store record the session
> in a safe way, immutable and trustable, therefore encrypting all (only the
> owners have to be able to read it) and hosted on a read only resource (the
> user who logins should not be able to delete it) and provable (signed).
> I think that with pam there is the risk that a user with full access right
> could easily delete all the logs. Or that the log could be altered after.
> 

You say that the PAM solution sounds too structured and corporate then
go on to describe a highly structured system that would be very
appropriate for a corporate environment.

The truth is that if you try to roll your own solution then you are
likely to make some sort of mistake and introduce a vulnerability. Even
if you think PAM is "too structured" you are better off using that than
making a mistake in your custom implementation and leaving a whole.

Another aspect is that in your initial post you say that you trust your
partner, but everything you have described since is specifically aimed
creating a solution resistant to an *untrusted* party. You seem to be
contradicting yourself on this point.

You might want to consider a whitelist of commands accessible via sudo.
Each access of sudo is logged by the system and if you do not permit the
user modify system logs, then that may meet your requirements.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: hostname

[Greg Wooledge]

On Sun, Feb 18, 2018 at 04:23:53PM -, bolaki...@mail2tor.com wrote:
>   In fact the topic came from an old article about the threat to 
> be
> hacked/targeted : backdoor & hostname_nsa tool.
>   Anyway the new equipment/hardware could solve all these 
> 'confusion' in a
> near future by simplifying the terminology and perhaps implementing
> officially backdoors (software too ? on the tor blog someone asked the
> question - no response). i wonder if the 'independent' dns will be
> "allowed" but it is another story.

What on EARTH are you talking about now?

You appear to be concerned that your hostname contains secret information,
and that having your hostname "leaked" to the rest of the world will be
an issue for you?

If that's the case, try not putting secret information into your
hostname.  E.g. naming your machine my_mothers_maiden_name_is_johnson
might be a bad idea.

Hope this helps.

P.S. Your text formatting is quite difficult to read.  Please separate
your lines from the quoted lines with a blank line, and please do not
indent your lines.

Re: SSH session audit

[me]

On 2018-02-19 16:52, john doe wrote:

Isn't pam enough?:
https://linux.die.net/man/8/pam

No need to install anything and it's quite versatile.


Yes, this is in line with the other suggested options such as snoopy or 
pam_tty_audit. It could work as audit system, but it seems to me as a 
solution for more structured and corporate environment.
In the described case I would like a solution that store record the 
session in a safe way, immutable and trustable, therefore encrypting all 
(only the owners have to be able to read it) and hosted on a read only 
resource (the user who logins should not be able to delete it) and 
provable (signed).
I think that with pam there is the risk that a user with full access 
right could easily delete all the logs. Or that the log could be altered 
after.

Re: domain names, was: hostname

[David Wright]

On Mon 19 Feb 2018 at 12:28:03 (+), Jeremy Nicoll wrote:
> On Thu, 15 Feb 2018, at 16:21, Dan Purgert wrote:
> 
> > > Later, once you understand how a local network works, you can come
> > > up with a theme.  Or some convention that lets you identify the
> > > computer by its name.  The name that you have chosen.
> 
> Machine-naming makes sense to me - having done that with a variety
> of (blush) Windows machines in my LAN.  I've toyed with versions of 
> Linux, and used a few live-CD ones over the years, and I'm fairly sure
> that as well as being asked to supply a hostname I've also been asked 
> to supply a domain value.
> 
> What, on a home LAN, is that used for?

Nothing, with the possible exceptions of:

. avoiding this message at boot up:
  Mon Feb 19 04:58:38 2018: [] Starting MTA:hostname --fqdn did not return 
a fully qualified name,
  Mon Feb 19 04:58:38 2018: dc_minimaldns will not work. Please fix your 
/etc/hosts setup.

. satisfying a broken smarthost¹,

. causing some discussion here.

However, even though bug #504427 has never been answered, I don't
think I'm seeing this message any more except on wheezy (as above).
So here I have:

$ cat /etc/mailname 
alum
$ head /etc/hosts
# /root/hosts-1-local-template
# List of local hosts.
# Adjust the two lines for this host when installing.
# Check the IPv6 lines occasionally because they change them.

127.0.0.1   localhost
127.0.1.1   alum

192.168.1.1 router
192.168.1.2 roku2w
$ 

I've sometimes wondered what other people dream up as their
domainnames; that is, people who don't have a legitimate reason
to put something like example.com.

¹IOW check /var/log/exim4/mainlog that sending an email is successful.

Cheers,
David.

Re: is this a bug of startx?

[Greg Wooledge]

On Sun, Feb 18, 2018 at 03:20:11AM +, Long Wind wrote:
> maybe few users still use startx?

Depends on where you draw your samples from.  If you consider "all
Debian users", then you are probably correct.  The vast majority of
users probably use one of the Display Managers.

If you consider "those who respond to help requests on debian-user",
I think the fraction of those who use startx is significantly higher.

I use startx.

> i can't run startxthen i create .xinitrc:
> xterm &
> twm
> and it solve the problem
> it seems that i must have a local .xinitrc

In the absence of a ~/.xsession or ~/.xinitrc file, startx should
default to running the system's default Xsession, which should try
to run /usr/bin/x-session-manager (if that exists), or else
/usr/bin/x-window-manager (if that exists).

Did installing twm set your /etc/alternatives/x-window-manager symlink
to point to /usr/bin/twm?  If not, then perhaps that's the reason it
failed.

Nevertheless, I think most startx users do end up creating their own
~/.xsession or ~/.xinitrc file, just because they tend to be the type
who like customizing things.

Re: SSH session audit

[john doe]

On 2/19/2018 1:51 PM, m...@risca.eu wrote:

Hi,

I'm co-managing a server with a friend of mine offering ourself some 
basic service (like emails, file sharing, etc). At this time each of us 
can freely login on the server via ssh (we trust each others) for the 
daily administrative tasks.


I would like to improve the current set up by adding a layer of 
certification and proofing of the ssh session, because if you know that 
you are recorded you'll be enforce to behave better. For this scope I've 
found many different possible solution, but quite complex to be 
implemented (like ssh proxy that records the session [1]), or too basic 
(like using /usr/bin/script). So far none of those that I've found 
satisfy me.


About that I remember that some time ago (maybe one or two years ago) I 
read a post on planet debian about such a method for session audit. It 
was suggesting as an easy to run solution for external consultant: the 
recording and encrypting of the remote session was performed without 
requiring any proxy, letting to store the session data on a dumb 
external host. From what I could remember I think that the idea was 
something like recording the session with script like utilities 
(launched at session login), then periodically encrypting it with gpg 
and publishing on a local folder or on a remote resource. This way the 
owner of the system could reliably access the session log, and the 
remote person could always prove what he did at during the ssh session.


Do you know about that solution? Or could you suggest something similar?

Thank you,

risca.

[1] ssh proxy solutions: ssh-bastion, KeyBox



Isn't pam enough?:

https://linux.die.net/man/8/pam

No need to install anything and it's quite versatile.

--
John Doe

Re: where can i find a list of usb wireless card that are supported by linux?

[Jude DaShiell]

Why not check out https://www.thinkpenguin.com/ and go from there?

I need to buy another wireless card from them but this one will install 
in the computer since all cards they have available on the 5.0 band 
rather than the 2.4 band are internal pci cards.  I have an realtek usb 
adapter I think 8192 but it only runs on the 2.4 band and the 2.4 band 
is going away for internet communications in the United States in the 
not too distant future as a result of an F.C.C. decision.


On Mon, 19 Feb 2018, bw wrote:


Date: Mon, 19 Feb 2018 04:30:43
From: bw 
To: debian-user@lists.debian.org
Subject: Re: where can i find a list of usb wireless card that are supported
by linux?
Resent-Date: Mon, 19 Feb 2018 09:31:22 + (UTC)
Resent-From: debian-user@lists.debian.org



On Mon, 19 Feb 2018, Long Wind wrote:


i don't like to install additional driveri wish default linux kernel already has
driver
on Chinese market, many cards claim thatit included driver for Windowsi'm not
sure if it supports linux
i have install linux-docbut can't find useful info
Thanks!




You are probably talking about devices that require non-free
firmware?  Those are described here:
https://www.debian.org/releases/stable/amd64/ch02s02.html.en

I'm not sure where you could get a list of devices that don't, but it
would include devices from years ago that are not available anymore.


From what I understand, almost all wireless usb made in the

last few years require some kind of firmware to work on linux.

If you are interested in a particular device the debian wiki has a nice
page about them with a "thumbs up" or little angry faces next to the
non-free devices.

https://wiki.debian.org/WiFi




--

Re: Synaptic error message -- indicates repository malfunction

[Richard Owlett]

On 02/19/2018 09:20 AM, Brad Rogers wrote:

On Mon, 19 Feb 2018 09:14:41 -0600
Richard Owlett  wrote:

Hello Richard,


I did 'apt-get update' followed by re-launching Synaptic.


What's wrong with Synaptic's "Reload" button?



I believe a wise guru has said:
"The blindingly obvious is never immediately apparent"

IOW Mr. Sánchez had mentioned 'apt-get update' ;/

Re: troubleshooting Kmail

[mark]

On Sunday, February 18, 2018 4:02:04 PM EST Gene Heskett wrote:
> On Sunday 18 February 2018 04:11:48 David Baron wrote:
> > Kmail has been broken for weeks. No action, just excuses. Might simply
> > have to abandon it after all these years.
> 
> Then look at TDE, its kde forked at about the 3.5 point, with kajillions
> of bugs fixed. I'm running it here, works perfect.
> 

Thanks Gene,

I've been searching for the TDE e-mail client that you mention and I can't find 
it.  Can you please point me in the right direction?

Mark

Re: Synaptic error message -- indicates repository malfunction

[Brad Rogers]

On Mon, 19 Feb 2018 09:14:41 -0600
Richard Owlett  wrote:

Hello Richard,

>I did 'apt-get update' followed by re-launching Synaptic.

What's wrong with Synaptic's "Reload" button?

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Buy some love at the five and dime
You Have Placed A Chill In My Heart - Eurythmics


pgpQBBMaiNK9J.pgp
Description: OpenPGP digital signature

Re: Stretch net install on EeePC - unable to resolve mirror host address

[Reco]

 Hi.

On Mon, Feb 19, 2018 at 09:46:27AM -0500, Gene Heskett wrote:
> On Monday 19 February 2018 07:44:04 Brian wrote:
> 
> > On Sun 18 Feb 2018 at 20:21:57 -0500, Gene Heskett wrote:
> > > On Sunday 18 February 2018 18:47:58 Brian wrote:
> > > > On Sun 18 Feb 2018 at 17:51:50 -0500, Gene Heskett wrote:
> > > > > On Sunday 18 February 2018 17:19:48 Roger Price wrote:
> > > >
> > > > [Snipped]
> > > >
> > > > > > It looks as if the network setup in the EeePC is correct, but
> > > > > > wget fails. Any suggestion would be very welcome, Roger
> > > > >
> > > > > Check the list, I think wget was mentioned as a problem child
> > > > > child within the last 2 or 3 weeks. Is the machine fully
> > > > > uptodate?
> > > >
> > > > What significance does "fully uptodate" have when using the
> > > > installer?
> > >
> > > The install media may be dated, so if it will boot at all, the first
> > > thing should be to update it and see if wget is replaced and now
> > > works.
> >
> > Sounds reasonable until one realises the installer uses a busybox
> > version of wget. And busybox hasn't changed during the lifetime of
> > 9.x.x.
> 
> while wget (and curl) has been updated, apparently trying to fix a bug or 
> attack vector, several times in the last 6 weeks or so.
> 
> So this would appear to be a busybox problem from my point of view? Or 
> possibly a broken link as I get that same pair of errors regardless of 
> the machine on my home net that I initiate this query from:
> 
> wget -S --spider https://wiki.debian.org
> 

>   HTTP/1.1 403 FORBIDDEN

> 
> Found 1 broken link.
> 
> https://wiki.debian.org/
> 
> Converted 0 files in 0 seconds.
> 
> So either wget has been banned, or the file does not exist.

It gets better. Force wget to send GET instead of HEAD, and it works:

$ wget -O /dev/null https://wiki.debian.org
--2018-02-19 18:16:48--  https://wiki.debian.org/
Resolving wiki.debian.org (wiki.debian.org)...  
2001:41b8:202:deb:6564:a62:52c3:4b70, 82.195.75.112
Connecting to wiki.debian.org 
(wiki.debian.org)|2001:41b8:202:deb:6564:a62:52c3:4b70|:443...
connected.
HTTP request sent, awaiting response... 200 OK

Busybox's wget fails, of course as https is not implemented there:

$ busybox wget -O /dev/null https://wiki.debian.org
wget: not an http or ftp url: https://wiki.debian.org

Reco

Re: Synaptic error message -- indicates repository malfunction

[Richard Owlett]

On 02/19/2018 08:57 AM, Roberto C. Sánchez wrote:

On Mon, Feb 19, 2018 at 08:44:26AM -0600, Richard Owlett wrote:

I just attempted to install kde-baseapps-bin via Synaptic.
I received a message stating

W: Failed to fetch 
http://security.debian.org/debian-security/pool/updates/main/p/poppler/libpoppler-qt5-1_0.48.0-2+deb9u1_i386.deb
   404  Not Found [*]



* is an IP address, deleted as I didn't know whose it was
Known problem?
Where should it be reported?


There is nothing to report:

$ apt-cache policy libpoppler-qt5-1
libpoppler-qt5-1:
   Installed: (none)
   Candidate: 0.48.0-2+deb9u2

The current version is 0.48.0-2+deb9u2 but your system thinks it is
0.48.0-2+deb9u1. You need to update your package cache (from the command
line it is 'apt-get update', I am not sure about synaptic).

Once the 0.48.0-2+deb9u2 package was uploaded the old version,
0.48.0-2+deb9u1, was not referred to by any Debian release and the
archive software eventually cleaned it out.

Regards,

-Roberto



I did 'apt-get update' followed by re-launching Synaptic.
Synaptic warned of me of a "a broken package", prompting me to fix it.
I did and then clicked "Apply".
Synaptic was now happy.
Thank you.
I'll be able to reboot shortly to see if all OK.

Re: Software libre para cotejo de voces

[Felix Perez]

El 19 de febrero de 2018, 05:55, Alberto Luaces  escribió:
> Felix Perez writes:
>
>> El 18 de febrero de 2018, 22:52, Germán Avendaño Ramírez
>>  escribió:
>>> Cordial saludo lista
>>>
>>> Ando buscando una aplicación libre, que me permita cotejar voces de dos
>>> grabaciones que aparentemente tienen la voz de una misma persona. Quiero
>>> verificar si definitivamente se trata de la misma persona o no. ¿Alguna
>>> sugerencia?
>>>
>>
>> Un archivo con voces es finalmente un archivo de audio, el cual
>> podrías analizar con con algún software de audio como audacity o
>> similares.
>>
>
> Sin ánimo de ofender, eso es como recomendar el "mspaint" para pintar la
> Mona Lisa.
>

Es decir dependes de la herramienta y no del talento.

Si esperas encontrar herramientas tipo CSI no creo que existan, aún.

> Parece que la tecnología es bastante frágil[1], pero hay un par de
> proyectos (sacado de la Wikipedia):
>
> http://mistral.univ-avignon.fr/mediawiki/index.php/Main_Page
> https://pypi.python.org/pypi/bob.bio.spear
>

Creo que es un tipo de análisis pericial. Al realizar un análisis vas
a realizar diferentes pruebas con diferentes herramientas y finalmente
obtendrás una opinión con una cierta validez. Mayor o menor validez va
a ser exigida por el contexto de la solicitud del análisis, tribunal,
investigación, etc.

> Footnotes:
> [1]  El sujeto tiene que colaborar y las condiciones de grabación ser
> conocidas (entre otras condiciones), ver 
> http://mistral.univ-avignon.fr/mediawiki/index.php/Limits_of_voice_authentication
>

Ya que las herramientas existentes no proveen certeza es que se hace
necesario lo que digo, un análisis de tipo pericial.

Saludos.

> --
> Alberto
>



-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: Synaptic error message -- indicates repository malfunction

[Roberto C . Sánchez]

On Mon, Feb 19, 2018 at 08:44:26AM -0600, Richard Owlett wrote:
> I just attempted to install kde-baseapps-bin via Synaptic.
> I received a message stating
> > W: Failed to fetch 
> > http://security.debian.org/debian-security/pool/updates/main/p/poppler/libpoppler-qt5-1_0.48.0-2+deb9u1_i386.deb
> >   404  Not Found [*]
> 
> 
> * is an IP address, deleted as I didn't know whose it was
> Known problem?
> Where should it be reported?
> 
There is nothing to report:

$ apt-cache policy libpoppler-qt5-1
libpoppler-qt5-1:
  Installed: (none)
  Candidate: 0.48.0-2+deb9u2

The current version is 0.48.0-2+deb9u2 but your system thinks it is
0.48.0-2+deb9u1. You need to update your package cache (from the command
line it is 'apt-get update', I am not sure about synaptic).

Once the 0.48.0-2+deb9u2 package was uploaded the old version,
0.48.0-2+deb9u1, was not referred to by any Debian release and the
archive software eventually cleaned it out.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Stretch net install on EeePC - unable to resolve mirror host address

[Gene Heskett]

On Monday 19 February 2018 07:44:04 Brian wrote:

> On Sun 18 Feb 2018 at 20:21:57 -0500, Gene Heskett wrote:
> > On Sunday 18 February 2018 18:47:58 Brian wrote:
> > > On Sun 18 Feb 2018 at 17:51:50 -0500, Gene Heskett wrote:
> > > > On Sunday 18 February 2018 17:19:48 Roger Price wrote:
> > >
> > > [Snipped]
> > >
> > > > > It looks as if the network setup in the EeePC is correct, but
> > > > > wget fails. Any suggestion would be very welcome, Roger
> > > >
> > > > Check the list, I think wget was mentioned as a problem child
> > > > child within the last 2 or 3 weeks. Is the machine fully
> > > > uptodate?
> > >
> > > What significance does "fully uptodate" have when using the
> > > installer?
> >
> > The install media may be dated, so if it will boot at all, the first
> > thing should be to update it and see if wget is replaced and now
> > works.
>
> Sounds reasonable until one realises the installer uses a busybox
> version of wget. And busybox hasn't changed during the lifetime of
> 9.x.x.

while wget (and curl) has been updated, apparently trying to fix a bug or 
attack vector, several times in the last 6 weeks or so.

So this would appear to be a busybox problem from my point of view? Or 
possibly a broken link as I get that same pair of errors regardless of 
the machine on my home net that I initiate this query from:

wget -S --spider https://wiki.debian.org

And this is the response I get from here in WV,USA:
gene@coyote:~/Documents$ wget -S --spider https://wiki.debian.org
Spider mode enabled. Check if remote file exists.
--2018-02-19 09:39:51--  https://wiki.debian.org/
Resolving wiki.debian.org (wiki.debian.org)... 82.195.75.112, 
2001:41b8:202:deb:6564:a62:52c3:4b70
Connecting to wiki.debian.org (wiki.debian.org)|82.195.75.112|:443... 
connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 FORBIDDEN
  Date: Mon, 19 Feb 2018 14:39:42 GMT
  Server: Apache
  X-Content-Type-Options: nosniff
  X-Frame-Options: sameorigin
  Referrer-Policy: no-referrer
  X-Xss-Protection: 1
  Strict-Transport-Security: max-age=15552000
  Public-Key-Pins: 
pin-sha256="yPqY/77C2aLVJIEAYtuMrFy+cX6g4CatH03gcBQbxpo="; 
pin-sha256="TzmD7DK6d5d7RU66/XTJtlENSfv+i0P7x2Xmpl8uFrY="; 
max-age=5184000
  Content-Length: 166
  X-Clacks-Overhead: GNU Terry Pratchett
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html
Remote file does not exist -- broken link!!!

Found 1 broken link.

https://wiki.debian.org/

Converted 0 files in 0 seconds.

So either wget has been banned, or the file does not exist.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Synaptic error message -- indicates repository malfunction

[Richard Owlett]

I just attempted to install kde-baseapps-bin via Synaptic.
I received a message stating

W: Failed to fetch 
http://security.debian.org/debian-security/pool/updates/main/p/poppler/libpoppler-qt5-1_0.48.0-2+deb9u1_i386.deb
  404  Not Found [*]



* is an IP address, deleted as I didn't know whose it was
Known problem?
Where should it be reported?

Re: Stretch net install on EeePC - unable to resolve mirror host address

[Gene Heskett]

On Sunday 18 February 2018 20:33:52 Ólafur Jens Sigurðsson wrote:

> wget -S --spider https://wiki.debian.org

rock64@rock64:~$ wget -S --spider https://wiki.debian.org
Spider mode enabled. Check if remote file exists.
--2018-02-19 14:27:45--  https://wiki.debian.org/
Resolving wiki.debian.org (wiki.debian.org)... 82.195.75.112, 
2001:41b8:202:deb:6564:a62:52c3:4b70
Connecting to wiki.debian.org (wiki.debian.org)|82.195.75.112|:443... 
connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 FORBIDDEN
  Date: Mon, 19 Feb 2018 14:27:45 GMT
  Server: Apache
  X-Content-Type-Options: nosniff
  X-Frame-Options: sameorigin
  Referrer-Policy: no-referrer
  X-Xss-Protection: 1
  Strict-Transport-Security: max-age=15552000
  Public-Key-Pins: 
pin-sha256="yPqY/77C2aLVJIEAYtuMrFy+cX6g4CatH03gcBQbxpo="; 
pin-sha256="TzmD7DK6d5d7RU66/XTJtlENSfv+i0P7x2Xmpl8uFrY="; 
max-age=5184000
  Content-Length: 166
  X-Clacks-Overhead: GNU Terry Pratchett
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html
Remote file does not exist -- broken link!!!



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: sort (-g) [offtopic]

[rhkramer]

On Monday, February 19, 2018 06:23:27 AM Will Mengarini wrote:
> * Ionel Mugurel Ciobica  [18-02/18=Su 16:55 +0100]:
> > [... How can something like
> > "III\nII\nI\nV\nIV\nVII\nVI\nVIII\nX\nIX"
> > [be sorted?  ...]
> 
> See `aptitude show msort`; it probably does what you need.

I'm not the OP, but, wow, thanks--looks like a very capable tool and sounds 
like it will work for some complex sorting that I was not looking forward to.

For kicks, I did call up the msort change log, and found that it does deal 
with Roman numerals:

See: http://www.billposer.org/Software/msort.html:


8.33
Numeric keys are no longer limited to the usual Indo-Arabic number system. 
Integers written in any of the following number systems are now accepted: 
Arabic, Arabic (South Asian), Bengali, Burmese, Chinese, Devanagari, Egyptian 
hieroglyphic, Ethiopic (Amharic and Tigrinya), Gujarati, Gurmukhi (Panjabi), 
Hebrew, Kannada, Klingon, Lao, Malayalam, Nko, Old Italic, Old Persian 
cuneiform, Oriya, Phoenician, Roman numerals, Tamil, Telugu, Tengwar, Thai, 
and Tibetan. The writing system for a key is specified by the -y flag. You may 
require a particular writing system, have msort autodetect the writing system 
but require all records to use the same writing system for that key, or have 
msort autodetect the writing system for each record independently. 
<\quote>

For me, that is not (at all) an important feature, but the feature to sort 
using (retaining) units (records) of arbitrary length (number of lines / 
paragraphs) marked in some way (some sort of delimiter) is probably the key 
feature (along with picking an arbitrary sort field, which will not be in the 
first line of a record.)

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Roberto C . Sánchez]

On Mon, Feb 19, 2018 at 01:23:25PM +, Michael Fothergill wrote:
> 
>​Checkout the debian backports suite (kindly resourcefully suggested by
>Andy Smith)
>Easiest thing to do when requiring a newer kernel would be to check
>the backports suite, so in this case in stretch-backports we find
>linux-image-amd64:
> 
>    <[5]https://packages.debian.org/stretch-backports/linux-image-amd64>
> 
>That's a virtual package that gets you the latest real kernel
>package available in that suite, which right now is
>linux-image-4.14.0-0.bpo.3-amd64:
> 
>    <[6]https://packages.debian.org/stretch-backports/linux-image-amd64>
> 
>>From there, if you look on the right you will see the Debian
>changelog link
>
> <[7]http://ftp-master.metadata.debian.org/changelogs//main/l/linux/linux_4.14.13-1~bpo9+1_changelog>
>which tells us that this corresponds to upstream release 4.14.13.
>The upstream release was made on 10 January and this backports
>package came on 14 January, so that's pretty swift.
> 
>Newer kernels should be there now and there may well be one that deals
>with both the meltdown and spectre vaulbnerabilities jointly.
> 
No!!

That is not at all how the backports repository is intended to be used.
I have been maintaining Debian packages for many years and I have on
occasion uploaded backports of my packages.

The packages in backports are not specifically supported by the security
team. They are supported only by the maintainer of the package (or the
uploader of the backport, as any Debain Developer can technically upload
backports of any package).

Security updates are nearly always handled by the security team,
somtimes with the support of the package maintainer (the kernel is a
good example where the maintainers do much of the heavy lifting). That
said, packages in the backports repository can easily be outdated (both
with respect the to the latest version in testing/unstable and with
respect to security fixes in stable).

Don't get me wrong, backports are immensely useful in some cases. In
particular, for the kernel, backports are quite handy when you need
support for newer hardware than what is available in stable. That said,
users of backports must understand that part of the cost of using
backports is that security fixes may be delayed, or may never arrive in
backports.

I understand what you are trying to advise the OP, but your reasoning is
all wrong. For someone running stable, the most secure configuration is
stable-only. In this particular instance it happens that there is a new
upstream release available in backports that addresses the specific
security vulnerability which concerns the OP. However, this is by far
the case for security vulnerabilities in general.

I would stronly recommend against your approach as a means to obtain
proper security fixes. It will inevitably lead to the mistaken
impression that a system is properly secured when it in fact may have
outstanding security vulnerabilities.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Brad Rogers]

On Mon, 19 Feb 2018 21:13:42 +0800
Turritopsis Dohrnii Teo En Ming  wrote:

Hello Turritopsis,

>What are the patches that I can download and install to be protected
>against the Meltdown and Spectre security vulnerabilities?

First, you might want to check whether your system is vulnerable.

Mr. Meowski, on a local LUG ML pointed out this;

If anyone wants to check their (linux) system specifically for the
current state of spectre+meltdown mitigation on a given machine then
have a look here:

https://github.com/speed47/spectre-meltdown-checker

Really simple instructions are as follows:

cd [to some directory where you want to keep this]

wget meltdown.ovh -O spectre-meltdown-checker.sh
cat spectre-meltdown-checker.sh
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
You're not so safe in the safety of your room
Nasty - The Damned


pgpF8cWuisivS.pgp
Description: OpenPGP digital signature

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Greg Wooledge]

On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming wrote:
> What are the patches that I can download and install to be protected
> against the Meltdown and Spectre security vulnerabilities?

Meltdown patch went out a month ago.

Spectre, see here:
https://security-tracker.debian.org/tracker/CVE-2017-5753

Re: Using MATE's workspaces effectively

[Richard Owlett]

On 02/19/2018 07:06 AM, songbird wrote:

Richard Owlett wrote:

On 02/16/2018 02:51 PM, songbird wrote:

Richard Owlett wrote:
...

What I would like would be to have differing sets of applications
available in each workspace.


i understood you the first time you wrote that.


 and/or 
I beg to differ ;<

In my initial post I attempted to describe what I wanted.
In my last post I gave a concrete {even if contrived} example of goal.

This time I'll borrow from set theory.
*CAVEAT LECTOR* Last time I saw set theory was in  circa 1962.

Currently all workspaces have icons to access *_identical sets_* of
applications.


This may be crux of issue.
I used "set" in the set theory sense.
I said *nothing" about what was open anywhere/anywhen.
IOW
WORKSPACE1's desktop displays only launch icons from SETalpha
WORKSPACE2's desktop displays launch icons from SETbeta and SETgamma
WORKSPACE3's desktop displays only launch icons from the intersection of
SETomicron and SETzeta


   *shrug*

   you want launchers instead of actually running
programs?  in this age of SSDs and plenty of memory
i can tell you that i get done exactly what you want
with groups of programs running in each desired
desktop and it doesn't involve me having to wait
for anything to start or click on when i change
desktops...

   if i don't change anything in most of the open
applications then it doesn't matter if i kill them
off by shutting down from a command line.  next time
i boot the machine they're there waiting for me by
the time i sit down.

   so to me you are making more work for yourself
having to click items open.

   installing a completely different desktop just
because you don't like what is in the panel or on the
desktop (mate tweak will turn off all or some of the
desktop icons) for launchers strikes me as throwing
out the baby with the bathwater.

   another option (of similar sillyness IMO) is to
set up a different user for each group of items you
want in the desktop and panel.  it isn't too bad to
switch users and you can have your most common first
desktop/user logged in automatically when you boot
up.  but, again, oy...


   songbird




Our minds evidently work in different vector spaces ;}
Elsewhere it has been suggested that KDE "activities" matches my goals.
I also been pointed to fvwm and fvwm-crystal.
This morning I've been reading

  and
  

I've just used Synaptic to install fvwm-crystal as optimal for my 
idiosyncratic preferences. Now to reboot and see what happens 

{ I *AM* a "learn by doing" type.}
Thank you.

Re: SSH session audit

[Steve Kemp]

> Do you know about that solution? Or could you suggest something similar?

  You could install "snoopy", which will log all command-executed to
 syslog.  Then configure your syslog to forward logs to a remote host.

  It is not fool-proof, but requires no setup for a user..

Steve
-- 
https://www.steve.org.uk/

Re: ordi impossible a eteindre

[JF Straeten]

Hello,

On Mon, Feb 19, 2018 at 02:25:32PM +0100, hamster wrote:

> Quand je lui fait "eteindre", il s'eteint, puis il se rallume immédiatement.
> Quand je lui fait "mettre en veille", il se met en veille, puis il se
> réveille immédiatement. Avez vous une idée d'ou viens le problème ? C'est un
> lenovo yoga 2 11 modèle 20332

Ça pourrait sentir un driver qui ne freeze pas, à décharger alors
avant la veille...

Que dit un "dmesg -T" avant et pendant ?

A+

-- 

JFS.

Re: domain names, was: hostname

[Dan Purgert]

Jeremy Nicoll wrote:
> On Thu, 15 Feb 2018, at 16:21, Dan Purgert wrote:
>
>> > Later, once you understand how a local network works, you can come
>> > up with a theme.  Or some convention that lets you identify the
>> > computer by its name.  The name that you have chosen.
>
> Machine-naming makes sense to me - having done that with a variety
> of (blush) Windows machines in my LAN.  I've toyed with versions of 
> Linux, and used a few live-CD ones over the years, and I'm fairly sure
> that as well as being asked to supply a hostname I've also been asked 
> to supply a domain value.
>
> What, on a home LAN, is that used for?

In general terms, supplying domain information at setup time adds a
"helper" record to /etc/resolv.conf (or whatever RH, Windows, etc.
uses).  Note that if you use DHCP, this step is usually skipped, as the
DHCP server provides the information.

In short, the "helper" record appends the domain name to a hostname, so
you don't have to type out a FQDN when you're trying to get to a remote
host.

For example, you can use "scp file you@target:/path" instead of "scp
file you@target.somedomain.sometld:/path".

In addition, there is the special TLD ".local", which is reserved for
bonjour / avahi (zeroconf service discovery, apple uses it a lot).

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: SSH session audit

[Eero Volotinen]

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing

pam audit might work, test it :)

--
Eero

On Mon, Feb 19, 2018 at 3:29 PM,  wrote:

> On 2018-02-19 14:11, Eero Volotinen wrote:
>
>> Commercial solution: https://www.ssh.com/products/cryptoauditor/
>>
>
> Thanks for the option and sorry if I hadn't specified in my previous:
> commercial solution are against the TOS of the project. We have the
> requirement, commitment and wish to be 100% free-software.
>
> On 2018-02-19 14:22, Steve Kemp wrote:
>
>> Do you know about that solution? Or could you suggest something similar?
>>>
>>   You could install "snoopy", which will log all command-executed to
>>  syslog.  Then configure your syslog to forward logs to a remote host.
>>   It is not fool-proof, but requires no setup for a user..
>>
>
> Nice to know. It could be improved by moving the logs outside but would
> required additional work (and who will be the one in charge of managing
> it?). I had a quick view of it but probably it has problem with interactive
> programs like editors (I think you'd get only a "vim file.txt").
>
> Anyway, I also remember about the post that I read, that was such a clever
> and easy solution to feel like the obvious way of doing it. It was easy to
> run and very reliable thanks to asymmetric encryption via gpg.
>

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Fothergill]

On 19 February 2018 at 13:13, Turritopsis Dohrnii Teo En Ming <
tdteoenm...@gmail.com> wrote:

> What are the patches that I can download and install to be protected
> against the Meltdown and Spectre security vulnerabilities?
>
> ===BEGIN SIGNATURE===
>
> Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017
>
> [1] https://tdtemcerts.wordpress.com/
>
> [2] http://tdtemcerts.blogspot.sg/
>
> [3] https://www.scribd.com/user/270125049/Teo-En-Ming
>
> ===END SIGNATURE===
>


​Checkout the debian backports suite (kindly resourcefully suggested by
Andy Smith)

Easiest thing to do when requiring a newer kernel would be to check
the backports suite, so in this case in stretch-backports we find
linux-image-amd64:



That's a virtual package that gets you the latest real kernel
package available in that suite, which right now is
linux-image-4.14.0-0.bpo.3-amd64:



>From there, if you look on the right you will see the Debian
changelog link

which tells us that this corresponds to upstream release 4.14.13.
The upstream release was made on 10 January and this backports
package came on 14 January, so that's pretty swift.

Newer kernels should be there now and there may well be one that deals with
both the meltdown and spectre vaulbnerabilities jointly.

Regards

Michael Fothergill

Re: Pulseaudio anyone?

[Curt]

On 2018-02-19, ch...@dunnz.org  wrote:
> I'm running a newly installed Debian Buster and can't get pulseaudio to run.
>
> It is set to start on login by user.
>
> pulseaudio -k yields
>
> Failed to kill daemon: No such file or directory
>
> then pulseaudio --start
>
> seems to be accepted without any message
>
> then ps aux | grep pulse yields
>
> ccc   2771  0.0  0.0  12892   996 pts/0S+   11:14   0:00 grep 
> --color=auto pulse
>
> I really don't know where to start looking for the problem.
>
> Any suggestions?

https://wiki.archlinux.org/index.php/PulseAudio/Troubleshooting#Daemon_startup_failed
https://wiki.archlinux.org/index.php/PulseAudio/Troubleshooting#Outputs_by_PulseAudio_error_status_check_utilities

> Chris Dunn


-- 
New York was no mere city. It was instead an infinitely romantic notion, the
mysterious nexus of all love and money and power, the shining and the
perishable dream itself. To think of 'living' there was to reduce the
miraculous to the mundane; one does not 'live' at Xanadu. --Joan Didion

Re: SSH session audit

[me]

On 2018-02-19 14:11, Eero Volotinen wrote:

Commercial solution: https://www.ssh.com/products/cryptoauditor/


Thanks for the option and sorry if I hadn't specified in my previous: 
commercial solution are against the TOS of the project. We have the 
requirement, commitment and wish to be 100% free-software.


On 2018-02-19 14:22, Steve Kemp wrote:
Do you know about that solution? Or could you suggest something 
similar?

  You could install "snoopy", which will log all command-executed to
 syslog.  Then configure your syslog to forward logs to a remote host.
  It is not fool-proof, but requires no setup for a user..


Nice to know. It could be improved by moving the logs outside but would 
required additional work (and who will be the one in charge of managing 
it?). I had a quick view of it but probably it has problem with 
interactive programs like editors (I think you'd get only a "vim 
file.txt").


Anyway, I also remember about the post that I read, that was such a 
clever and easy solution to feel like the obvious way of doing it. It 
was easy to run and very reliable thanks to asymmetric encryption via 
gpg.

Re: Suggest contacting w...@debian.org - was [Re: wiki]

[Steve McIntyre]

Brian wrote:
>On Mon 19 Feb 2018 at 05:55:54 -0600, Richard Owlett wrote:
>> > 
>> > This usually means your IP address was banned for spam.
>> > 
>> > Please reply to w...@debian.org giving your IP address.
>
>Three days after being informed of the existence of this mail address
>there is no sign that the OP has taken advantage of it. If blocking
>is the cause (using a VPN can be a reason), only the wiki admins can
>sort it out.

Nod. Please let us know via wiki@ and we'll at least have a chance of
working out the problem.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Every time you use Tcl, God kills a kitten." -- Malcolm Ray

ordi impossible a eteindre

[hamster]

Quand je lui fait "eteindre", il s'eteint, puis il se rallume 
immédiatement. Quand je lui fait "mettre en veille", il se met en 
veille, puis il se réveille immédiatement. Avez vous une idée d'ou viens 
le problème ? C'est un lenovo yoga 2 11 modèle 20332