Re: making more room in root partition for distribution upgrade

[Charlie S]

On Sat, 19 May 2018 09:16:43 -0500 ntrfug sent:

> More than 20 years ago I began saving personal files to a different
> partition than the OS.
> 
> I've used this system for Windows (when I started) and for more
> flavors of Linux than I can remember. I did this so I could wipe the
> root partition and reinstall without destroying my personal files.
> 
> I call it "files" and mount it on /home/ntrfug/Documents at boot.



After contemplation, my reply is:

I thought that's what everyone did?

Have a root, a home, a usr, a var, a tmp, graphics, etc etc.. partition.

If ever there is a problem with the O/S and in the event it needs
reinstallation. Install what O/S is desired and allow all the other
partitions to be used, but not formatted.

I must admit I thought this was the norm, even with windows?

Though I did read somewhere that if there is a separate /usr partition
that some things, with systemd, like my backlight on the monitor
receives an error message, which mine does?

Once the O/S is installed with all that is used, the configuration
files from home just kick in automagically? Or so it has been for
myself.

Charlie
-- 
Registered Linux User:- 329524
***

A free society is a place where it is safe to be unpopular.
--Adlai Stevenson

***

Debian GNU/Linux - Magic indeed.

-

Re: CD Burning Software

[Charlie Gibbs]

On 19/05/18 11:36 AM, Herb Garcia wrote:

Hey everyone,

I'm running Mate on my laptop. I don't see a CD/DVD burning software
that came with the build. Any suggestions?


I use wodim.  This is a command-line utility; if you're into that, it 
works a treat.


man wodim for details.

--
cgi...@surfnaked.ca (Charlie Gibbs)

Re: Update on my update problem with gnome system.

[Abdullah Ramazanoğlu]

On Sat, 19 May 2018 21:27:42 +0300 Abdullah Ramazanoğlu said:
> On Sat, 19 May 2018 10:37:08 -0400 Matthew Dyer said:

>> root@matt-the-cat:/home/matthew# apt-get update && apt-get dist-upgrade
>> Hit:1 http://security.debian.org/debian-security testing/updates InRelease
>> Hit:2 http://ftp.us.debian.org/debian testing InRelease
>> Reading package lists... Done  
> 
> It seems to be the "apt-get update" part of output, which is curiously terse.
> If update is not working, then upgrade will neither work, naturally. Just to
> be sure that "update" output is not trimmed somehow, could you run the command
> below and attach the generated "update.log" file here?
> 
> # apt-get update 2>&1 | tee update.log
> 
> It would be better if you also attach /etc/apt/sources.list

While it is early yet to speculate, I would also check;

* /etc/apt/sources.list : This file should be same as the one in MATE
  installation.
* /etc/apt/preferences : This file should not exist.
* /etc/apt/preferences.d/ : This directory should be empty.
* /etc/apt/sources.list.d/ : This directory should be empty.
* /etc/apt/apt.conf.d/ : This directory should not have been tampered with.
* /etc/apt/apt.conf.d/99synaptic : This file either should not exist, or should
  be empty.

I would have compared these files and directories to the ones in the MATE
installation.

Regards
-- 
Abdullah Ramazanoğlu

Re: Zona dns

[Dixan Rivas]

https://gist.github.com/guerrerocarlos/5171614

2018-05-19 20:11 GMT+01:00 Dixan Rivas :

> Donde único he visto eso implementado es en en los servidores de
> Cloudflare 1.1.1.1 1.0.0.1 si lo consultas con tipo any te dirá Not
> implemented.
> Amplio un poco más en lo que decia dererk en mensajes anteriores porque
> estoy de acuerdo. me parece algo para hacer menos consultas y usar menos
> ancho de banda que por un tema de privacidad si consultas una zona con any,
> mizona.com te devolverá todos los registros directamente asociados que
> serían casi siempre MX porque estan en la zona @, registros TXT como spf o
> alguna info y la ip del o los dns y en algunos casos también te saldrá la
> ip del MX.  En la consulta any no saldrán por ejemplo registros SRV o DKIM
> porqué para el SRV tendrás que saber el servicio y su protocolo y el DKIM
> tendrás que saber el selector que esta en el contenido del mensaje con la
> ruta en dns de la llave publica, por lo que no veo donde esta la
> privacidad, tendrías un problema de seguridad si se pueden hacer
> transferencias de zonas desde tu dominio porque el esclavo podrá ver todos
> los registros. Los servicios no hacen consultas de registros ANY buscan lo
> que necesitan directamente  (.->NS-A->.com->NS-A->mizona.com->MX-A) por
> lo cual al limitar esto no estan limitando la funcionalidad de servicios
> que usan dns y si estan reduciendo su uso de ancho de banda y de cierta
> forma estan limitando un DDOS a sus dns con millones de consultas tipo ANY
> que serán mucho mas grandes que un registro A o CNAME->A de una web que es
> lo que en realidad necesita el usuario final.
>
> Saludos
>
>
> 2018-05-11 17:55 GMT+01:00 Ricky Gutierrez :
>
>> El día 11 de mayo de 2018, 9:34, Hector Colina 
>> escribió:
>>
>> >
>> > Quizás te refieras a "domain privacy" el cual es un servicio extra que
>> > ofrecen muchos operadores de dns comerciales.
>> >
>> > La teoría es sencilla:
>> >
>> > * Cada vez que se hace una consulta de un fqdn hay un dns autorizado
>> > que responde por dicho dominio. Este dns autorizado almacena
>> > información del titular de dicho dominio (para mayor información
>> > buscar los RFC respectivos)
>> >
>> > * Ya que el estandar define que la información es pública... no puede
>> > haber una consulta que devuelva esos campos vacios.
>> >
>> > Si alguien, entonces, quisiera ocultar sus datos personales, a secas,
>> > no puede hacerlo por lo que se han implementado una serie de medidas
>> > que, en su conjunto, se denominan "domain privacy"
>> >
>> > Estas medidas son múltiples y casi todas, pasan por la existencia de
>> > un "proxy" que es el que muestra la información obligatoria requerida
>> > pero con datos que no son los reales es decir, datos propios.
>> >
>> > Inclusive existen países con normativas propias al respecto, por
>> > ejemplo, los dominios .us deben mostrar públicamente toda la
>> > información necesaria por lo que el domain privacy no puede ser
>> > aplicado en USA.
>> >
>> > En definitiva, puedes preguntar a tu proveedor de dominios si para el
>> > domino que posees aplica el domain privacy.
>> >
>> > Sin más a que hacer referencia.
>>
>>
>> Hector has dando en el tiro , de eso es lo que hablo.
>>
>>
>>
>>
>>
>> --
>> rickygm
>>
>> http://gnuforever.homelinux.com
>>
>>
>

Re: CD Burning Software

[Patrick Bartek]

On Sat, 19 May 2018 11:36:35 -0700 Herb Garcia 
wrote:

> I'm running Mate on my laptop. I don't see a CD/DVD burning software
> that came with the build. Any suggestions?

I use xfburn, the XFCE Desktop utility, but on an Openbox window
manager only system.  No problems installing or using.  And the XFCE
Desktop is not required. Can be used either from the GUI or
commandline IIRC.

B

Re: Update on my update problem with gnome system.

[songbird]

Matthew Dyer wrote:
...

these things come to mind:

  - perhaps you have automatic upgrades set up on
Gnome?

  there should be some record in /var/log/apt or
/var/log/dpkg.log of what is being updated.

  - if you have a fast enough connection it doesn't
hurt to make sure /var/lib/apt/lists files are 
consistent (i have erased them and redownloaded 
at times to get through strange apt-get issues).

  - if you have been messing with apt preferences you
may have messed that up.  dunno what you've been up
to.

  - there aren't any updates to apply at this time.


  songbird

Re: CD Burning Software

[Ben Oliver]

On 18-05-19 22:58:03, Thomas Schmitt wrote:
It is not necessarily intended for an esthetically sensitive audience 
:))

 https://screenshots.debian.net/package/xorriso-tcltk


It's like a magic eye picture. Eventually you work it out. Some never 
do.

Re: filter network traffic of KVM guests.

[Reco]

Hi.

On Sat, May 19, 2018 at 06:35:59AM +0200, Chris wrote:
> On Thu, 17 May 2018 23:11:51 +0300
> Reco wrote:
> 
> > Either ebtables (for a conventional brigde) or macvtap in private mode
> > will do it. Openvswitch will work too, but it's nowhere near in
> > simplicity compared to macvtap.
> 
> Thank you for your quick reply, Reco.
> 
> Unfortunately, I described improperly what I want to achieve.
> 
> I don't want to block all host - guest connections, but allow some with
> iptables, e.g. SSH login from host to guest, but not the other way
> round.
> 
> Do I have to use Open vSwitch then? 

Not your only option (had my share of openvswitch, ditched the thing
recently). I fact, I count four possible ways of doing it (and that's
without the external hardware):

1) Conventional Linux bridge, but with br_netfilter kernel module on top
of it.
You keep your iptables rules (FORWARD chain), they work, but the things
may break once they'll release buster. Or not.

2) Conventional Linux bridge, with ebtables on top.
Should work for the foreseeable future. Or not. Ask Red Hat.

3) macvtap in bridge mode, with host netfilter rules on top.
Very straightforward setup, all host blocking rules go into INPUT (*not*
FORWARD) chain. Also should work for the foreseeable future.

4) Openvswitch.
Writing openvswitch filtering rules is more-or-less straightforward.
Debugging them is a PITA. But, you get NetFlow and LACP for free (*the*
reasons I got into openvswitch).


Personally I said that enough is enough, and switched to macvtap/macvlan
setup.

Reco

Re: CD Burning Software

[Thomas Schmitt]

Hi,

Abdullah Ramazanoğlu wrote:
> > But beware of k3b's KDE dependencies.

Ben Oliver wrote:
> This is a good point, it does bring quite a lot in.

If it's about that, then i can beat them all with

  https://packages.debian.org/sid/utils/xorriso-tcltk

(On older Debians install "tk", "bwidget", "xorriso", and download
 the Tcl/Tk script from
   
https://sources.debian.org/data/main/libi/libisoburn/1.4.6-1/frontend/xorriso-tcltk
)
It is not necessarily intended for an esthetically sensitive audience :))
  https://screenshots.debian.net/package/xorriso-tcltk


Have a nice day :)

Thomas

Re: CD Burning Software

[Phil Dobbin]

On 19/05/18 19:36, Herb Garcia wrote:

> Hey everyone,
> 
> I'm running Mate on my laptop. I don't see a CD/DVD burning software
> that came with the build. Any suggestions?

I'd recommend Etcher. It's never failed me.

Cheers,

  Phil.

-- 
you're all looping infinitely wrong...



signature.asc
Description: OpenPGP digital signature

wd_keepalive, watchdog

[Jordi]

Bones. Des que vaig ficar l'últim debian ja fa temps, quan he d'aturar
l'ordinador, triga molt de temps, uns 5 minuts. Es una mica conyàs ja
que a vegades es necessari que trigui poc. A més també em diu que no
pot desmuntar /home/jordi /home/pepitu /home/pepita, on el pepitu i la
pepita disposen d'una partició cada un per a ells sols.

Al systemd tinc funcionant wd_keepalive i watchdog a l'hora, i, no
estic segur si els dos fan el mateix. Algú em pot dir si és convenient
treure'n un i quin o potser tots dos?

Gracies.

Jordi

Re: CD Burning Software

[Ben Oliver]

On 18-05-19 22:10:04, Abdullah Ramazanoğlu wrote:

On Sat, 19 May 2018 11:36:35 -0700 Herb Garcia said:


I'm running Mate on my laptop. I don't see a CD/DVD burning software
that came with the build. Any suggestions?


But beware of k3b's KDE dependencies.


This is a good point, it does bring quite a lot in. I have a note 
somewhere though that for whatever reason brasero wasn't working where 
k3b was.


YMMV

Re: Securing development environment

[Gene Heskett]

On Saturday 19 May 2018 11:29:25 Andy Smith wrote:

> Hello,
>
> On Sat, May 19, 2018 at 12:03:37PM +0200, Hubert Hauser wrote:
> > On 19/05/18 07:29, Chris wrote:
> > > Make those services listen to localhost and do port forwarding in
> > > your SSH client.
> >
> > It might be a good idea but I am not sure whether fail2ban with
> > nginx basic_auth mechanism is a simplier solution. You have not
> > replied me is it. Should I worry about maximum length of passwords
> > (8 characters)?
>
> If the services are only available in localhost then you don't need
> fail2ban.
>
> Fail2ban is a massive hack (spotting wrongdoing by reading logs of
> it after the fact?) so if there is a way to avoid the issue in the
> first place then to me that is preferable.
>
> Cheers,
> Andy

I've had fail2ban running on my machinery here, for close to 20 years.  
Its never triggered. Portsentry, maybe twice in that same time frame.

I also have dd-wrt between my stuff and the internet. Nothing comes thru 
that unless I clear it. That's a comforting feeling...

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zona dns

[Dixan Rivas]

 Donde único he visto eso implementado es en en los servidores de
Cloudflare 1.1.1.1 1.0.0.1 si lo consultas con tipo any te dirá Not
implemented.
Amplio un poco más en lo que decia dererk en mensajes anteriores porque
estoy de acuerdo. me parece algo para hacer menos consultas y usar menos
ancho de banda que por un tema de privacidad si consultas una zona con any,
mizona.com te devolverá todos los registros directamente asociados que
serían casi siempre MX porque estan en la zona @, registros TXT como spf o
alguna info y la ip del o los dns y en algunos casos también te saldrá la
ip del MX.  En la consulta any no saldrán por ejemplo registros SRV o DKIM
porqué para el SRV tendrás que saber el servicio y su protocolo y el DKIM
tendrás que saber el selector que esta en el contenido del mensaje con la
ruta en dns de la llave publica, por lo que no veo donde esta la
privacidad, tendrías un problema de seguridad si se pueden hacer
transferencias de zonas desde tu dominio porque el esclavo podrá ver todos
los registros. Los servicios no hacen consultas de registros ANY buscan lo
que necesitan directamente  (.->NS-A->.com->NS-A->mizona.com->MX-A) por lo
cual al limitar esto no estan limitando la funcionalidad de servicios que
usan dns y si estan reduciendo su uso de ancho de banda y de cierta forma
estan limitando un DDOS a sus dns con millones de consultas tipo ANY que
serán mucho mas grandes que un registro A o CNAME->A de una web que es lo
que en realidad necesita el usuario final.

Saludos


2018-05-11 17:55 GMT+01:00 Ricky Gutierrez :

> El día 11 de mayo de 2018, 9:34, Hector Colina 
> escribió:
>
> >
> > Quizás te refieras a "domain privacy" el cual es un servicio extra que
> > ofrecen muchos operadores de dns comerciales.
> >
> > La teoría es sencilla:
> >
> > * Cada vez que se hace una consulta de un fqdn hay un dns autorizado
> > que responde por dicho dominio. Este dns autorizado almacena
> > información del titular de dicho dominio (para mayor información
> > buscar los RFC respectivos)
> >
> > * Ya que el estandar define que la información es pública... no puede
> > haber una consulta que devuelva esos campos vacios.
> >
> > Si alguien, entonces, quisiera ocultar sus datos personales, a secas,
> > no puede hacerlo por lo que se han implementado una serie de medidas
> > que, en su conjunto, se denominan "domain privacy"
> >
> > Estas medidas son múltiples y casi todas, pasan por la existencia de
> > un "proxy" que es el que muestra la información obligatoria requerida
> > pero con datos que no son los reales es decir, datos propios.
> >
> > Inclusive existen países con normativas propias al respecto, por
> > ejemplo, los dominios .us deben mostrar públicamente toda la
> > información necesaria por lo que el domain privacy no puede ser
> > aplicado en USA.
> >
> > En definitiva, puedes preguntar a tu proveedor de dominios si para el
> > domino que posees aplica el domain privacy.
> >
> > Sin más a que hacer referencia.
>
>
> Hector has dando en el tiro , de eso es lo que hablo.
>
>
>
>
>
> --
> rickygm
>
> http://gnuforever.homelinux.com
>
>

Re: Update on my update problem with gnome system.

[Hans]

Am Samstag, 19. Mai 2018, 20:26:25 CEST schrieb songbird:

Isn't it today "apt update" and "apt full-upgrade"?

It is also possible, to use "aptitude" (aptitude update && aptittude dist-
upgrade) but be warned: aptitude for upgrading from one release to another is 
no good choice. However, aptitude does a good daily job at an actual and 
upgraded system. 

So, I suggest to try "apt update && apt full-upgrade", but this only works in 
testing.

Good luck!

Hans

Re: CD Burning Software

[Thomas Schmitt]

Hi,

Herb Garcia wrote:
> I'm running Mate on my laptop. I don't see a CD/DVD burning software
> that came with the build. Any suggestions?

The big three with GUI are: K3B, Brasero, Xfburn.
Their Debian package names are "k3b", "brasero", "xfburn".

On the command line there are growisofs, xorriso, wodim, cdrskin.


Have a nice day :)

Thomas

Re: CD Burning Software

[Ben Oliver]

On 18-05-19 11:36:35, Herb Garcia wrote:

I'm running Mate on my laptop. I don't see a CD/DVD burning software
that came with the build. Any suggestions?


Don't do it much anymore but I always used K3b if I'm not using CLI 
tools.

Re: CD Burning Software

[Hans]

Am Samstag, 19. Mai 2018, 20:36:35 CEST schrieb Herb Garcia:
Hi, 

look at "k3b" or "brasero".

Best

Hans
> Hey everyone,
> 
> I'm running Mate on my laptop. I don't see a CD/DVD burning software
> that came with the build. Any suggestions?
> 
> Thanks
> 
> HP Garcia

Montar carpeta compartida automáticamente

[Javier Debian]

Estimados:

El entorno de escritorio que estoy usando es KDE Plasma 5 en la 
computadora de casa.
He instalado otra, que quiero que, para cada usuario, poner en su 
escritorio un ícono o algo, que acceda a la máquina principal, donde 
tienen sus archivos.


Ambos sistemas son Debian, y quiero hacerlo por NFS.

La solución que se me ocurre es modificat en la máquina cliente 
/etc/fstab para montarle a cada uno su carpèta remota.


Pero lo que estoy pensando es que eso no se haga con todos al inicio, si 
no sólo cuando un usuario inicie su sesión, se monte sólo su carpeta remota.

Y se desmonte al cerrar la sesión.

Éso es lo que no se me ocurre.

Si alguno tiene una idea, se agradece.

Gracias en adelanto.

JAP

CD Burning Software

[Herb Garcia]

Hey everyone,

I'm running Mate on my laptop. I don't see a CD/DVD burning software
that came with the build. Any suggestions?

Thanks

HP Garcia

Re: Update on my update problem with gnome system.

[songbird]

Matthew Dyer wrote:
> Mornning all,
>
>
> A few days ago I reported a  problem whare the gnome testing system 
> which I am now using to write this message.  Here is the resault.
>
>
> I did a clean install of the system using the alfa testing image.  I 
> then edited the sources list and changed the lines from buster to 
> testing.  I then did a sudo apt-get update && apt-get dist-upgrade which 
> installed the securety updates it found yesterday.  his morning I did 
> the same command and here is the output from that update.
>
>
> root@matt-the-cat:/home/matthew# apt-get update && apt-get dist-upgrade
> Hit:1 http://security.debian.org/debian-security testing/updates InRelease
> Hit:2 http://ftp.us.debian.org/debian testing InRelease
> Reading package lists... Done
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Calculating upgrade... Done
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> root@matt-the-cat:/home/matthew#
>
> Any ideas on why this is happens?  If any one has any ideas on how to 
> fix this without having to reinstall.
>
>>
>> root@matt-the-cat:/home/matthew# apt-get update && apt-get dist-upgrade
>> Hit:1 http://security.debian.org/debian-security testing/updates InRelease
>> Hit:2 http://ftp.us.debian.org/debian testing InRelease
>> Reading package lists... Done
>> Reading package lists... Done
>> Building dependency tree
>> Reading state information... Done
>> Calculating upgrade... Done
>> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
>> root@matt-the-cat:/home/matthew#
>> n
>   reinstall please let me know as it is really strange.  My mate system 
> does not have this problem.  Thanks.

  it looks like your /etc/apt/sources.list file doesn't
contain all the lines for testing or they are improperly 
formed?


mine look like:

deb http://http.us.debian.org/debian/ testing main contrib non-free 
deb http://security.debian.org/debian-security testing/updates main contrib 
non-free
deb-src http://http.us.debian.org/debian/ testing main contrib non-free 
deb-src http://security.debian.org/debian-security testing/updates main contrib 
non-free


  songbird

Re: Laptop randomly reboots

[Hans]

Hmm, maybe in the past, the laptop was clean and now it is dusty.

However, you can try to force the cpu(s) running at low speed (for testing 
purposes). I am using this, when I do some task at night and my cooler shall 
not start (noisy!), for example when I build a new kali-version.

The application I am using for this, is "cpufreq-set" where I set all cpu(s) 
forcely to use lowest clock.

If you do so, and of course just for testing purposes, it should not reboot.

If it still does, check all the logs, maybe you find some hints in it or even 
the application, which causes the reboot.

Good luck!

Best

Hans 
> I don't think that is the case. Perhaps, something, somewhere might
> think it is getting too hot (an in a software, firmware issue). But I've
> never had it reboot during any times of stressing. I used to use a
> program 'think-fan' to control the fans. With that, it never got above
> 80*c. I removed the program (thinking that perhaps something external
> controlling the fans was causing some embedded controller to freak out
> and restart the machine or something). I've since uninstalled it, and
> with stock control, the temps get to 90*c, but as I've said, doing video
> encoding for hours or any other stress testing has never caused an
> issue. It seems to reboot at surreal times, like I'll be typing and stop
> to take a sip of coffee then boom, screen goes black and then I'm
> watching grub load up.
> 
> Thanks for the tips though.
> --Sam

Re: Laptop randomly reboots

[Sam Smith]

On 05/19/2018 01:56 AM, Hans wrote:

Hi,

looks like the laptop is going too hot. This is a problem at many laptops.
because of the cooler is set with dust.

Take a look at the cooling system, if there is any dust in the way.
Especially, as you told, this is a used one, take care of good cooling.

Sadly you have to open the laptop and take a look.

It might be, that the cooling is enough, when at normal load, but at high load
at some point, the cooling is no more enough and the laptop reboots or is
shutting down.

If this is the reason, there should be a log entry in syslog.

There is also some packages, from which can  the sensors can be watched.
Check lm-sensors or similar.

Hope this helps.

Good luck!

Hans



I don't think that is the case. Perhaps, something, somewhere might 
think it is getting too hot (an in a software, firmware issue). But I've 
never had it reboot during any times of stressing. I used to use a 
program 'think-fan' to control the fans. With that, it never got above 
80*c. I removed the program (thinking that perhaps something external 
controlling the fans was causing some embedded controller to freak out 
and restart the machine or something). I've since uninstalled it, and 
with stock control, the temps get to 90*c, but as I've said, doing video 
encoding for hours or any other stress testing has never caused an 
issue. It seems to reboot at surreal times, like I'll be typing and stop 
to take a sip of coffee then boom, screen goes black and then I'm 
watching grub load up.


Thanks for the tips though.
--Sam

confirmation fermeture thunderbird

[hamster]

Quelqu'un sait il comment faire en sorte que thunderbird demande
confirmation avant de se fermer ? C'est pour quelqu'un qui a la manie de
fermer toutes les fenetres des qu'il a fini de les utiliser, du coup il
se retrouve a devoir retaper son mot de passe plusieurs fois par jour.

Merci.

Re: Securing development environment

[Andy Smith]

Hello,

On Sat, May 19, 2018 at 12:03:37PM +0200, Hubert Hauser wrote:
> On 19/05/18 07:29, Chris wrote:
> > Make those services listen to localhost and do port forwarding in your
> > SSH client.
> 
> It might be a good idea but I am not sure whether fail2ban with nginx
> basic_auth mechanism is a simplier solution. You have not replied me is
> it. Should I worry about maximum length of passwords (8 characters)?

If the services are only available in localhost then you don't need
fail2ban.

Fail2ban is a massive hack (spotting wrongdoing by reading logs of
it after the fact?) so if there is a way to avoid the issue in the
first place then to me that is preferable.

Cheers,
Andy

Re: Securing development environment

[Andy Smith]

Hello,

On Sat, May 19, 2018 at 07:29:28AM +0200, Chris wrote:
> Make those services listen to localhost and do port forwarding in your
> SSH client.

This would be my suggestions also. Have sshd as the only public
service, and require login by public key.

It's basically a VPN but a little bit less hassle. VPN is the best
solution for this but may be overkill for one developer and one
host. Once your setup becomes more complicated, a proper VPN is the
way to go.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Update on my update problem with gnome system.

[Matthew Dyer]

Mornning all,


A few days ago I reported a  problem whare the gnome testing system 
which I am now using to write this message.  Here is the resault.



I did a clean install of the system using the alfa testing image.  I 
then edited the sources list and changed the lines from buster to 
testing.  I then did a sudo apt-get update && apt-get dist-upgrade which 
installed the securety updates it found yesterday.  his morning I did 
the same command and here is the output from that update.



root@matt-the-cat:/home/matthew# apt-get update && apt-get dist-upgrade
Hit:1 http://security.debian.org/debian-security testing/updates InRelease
Hit:2 http://ftp.us.debian.org/debian testing InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@matt-the-cat:/home/matthew#

Any ideas on why this is happens?  If any one has any ideas on how to 
fix this without having to reinstall.




root@matt-the-cat:/home/matthew# apt-get update && apt-get dist-upgrade
Hit:1 http://security.debian.org/debian-security testing/updates InRelease
Hit:2 http://ftp.us.debian.org/debian testing InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@matt-the-cat:/home/matthew#
n
 reinstall please let me know as it is really strange.  My mate system 
does not have this problem.  Thanks.



Matthew

Re: Tester son matériel avant mise en production

[Andre Majorel]

On 2018-05-15 18:54 +0200, FF \__/ FF wrote:
> Le 15 mai 2018 à 16:33, Olivier  a écrit :
>
> > Avez-vous des recommandations (logiels, méthode) pour tester
> > à fond le matériel d'un nouveau serveur avant de le mettre
> > en production ?

Il y a trop de cas de figure possibles pour les inclure tous
dans une procédure de test. Enfonçage de portes ouvertes : la
première chose à faire serait d'utiliser la procédure qui teste
les services que ce serveur doit assurer. Ainsi, les états qui
seront testés seront plus ou moins ceux par lesquels le serveur
passera quand il sera en exploitation.

> Si tu procèdes a l'installation complète du serveur, tu peux
> déjà observé si c'est stable a 100 %,

C'est un bon début mais c'est pas une garantie. Je parle
d'expérience. :->

-- 
André Majorel 
# ln -s reportbug /usr/bin/getspam

Re: Laptop randomly reboots

[Cindy-Sue Causey]

On 5/19/18, Hans  wrote:
> Hi,
>
> looks like the laptop is going too hot. This is a problem at many laptops.
> because of the cooler is set with dust.
>
> Take a look at the cooling system, if there is any dust in the way.
> Especially, as you told, this is a used one, take care of good cooling.
>
> Sadly you have to open the laptop and take a look.
>
> It might be, that the cooling is enough, when at normal load, but at high
> load
> at some point, the cooling is no more enough and the laptop reboots or is
> shutting down.
>
> If this is the reason, there should be a log entry in syslog.
>
> There is also some packages, from which can  the sensors can be watched.
> Check lm-sensors or similar.


There are various types of USB fans that *do* help and fairly
inexpensively. There are laptop cooling pads that sit under the
laptop. Others are personal fans that could be twisted so they hit the
laptop in addition to the Human.

Then there is always the fallback of regular personal office fans..

Additionally, I have an OLD HP that I have propped up at a sturdy
(solid, unwielding) point in the back. It's been like that for maybe
two years. So far, that seems to be all that one needs... in spite of
no air conditioning instead of a fan to help dissipate the heat, for
example. :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: making more room in root partition for distribution upgrade

[ntrfug]

On Thu, 17 May 2018 18:06:46 -0500
Mark Copper  wrote:

> This must be a FAQ. But there appear to be two ways forward.
> 
> 1. Back-up /home, enlarge / partition, copy back-up back to new,
> smaller /home partition (because /home will then start on a different
> cylinder so data will be lost).
> 
> or
> 
> 2. Carve out a new partition for /usr at end of disk which will free
> up over 6 gb.
> 
> What have other people done?
> 
> Thanks.

More than 20 years ago I began saving personal files to a different partition 
than the OS.

I've used this system for Windows (when I started) and for more flavors of 
Linux than I can remember. I did this so I could wipe the root partition and 
reinstall without destroying my personal files.

I call it "files" and mount it on /home/ntrfug/Documents at boot.

I also have a 100 Gb partition for "music", mounted at boot to 
/home/ntrfug/Music.

Everything else goes on single 22 Gb partition, now labeled "Stretch" (49% 
occupied).

I use KDE with a fair but not extensive portfolio of software, but which 
include LyX, which requires LaTeX and TeX (that's a lot of dependency).

I backup the root partition before I reinstall, and after installation move 
settings for individual applications to the new home directory.

For example I started using sylpheed for email when accounts and preferences 
were saved in regular text files. Later it morphed to claws-mail and migrated 
to xml preferences that I could not re-create to save my life. Fortunately I 
just moved the /home/ntrfug/.config/claws-mail directory to my new system and 
it came up with all my preferences and accounts the first time I started. (I 
save my email folders in /home/ntrfug/files/Mail).

I use VirtualBox, and virtual machines live in /home/ntrfug/files/virtualbox.

Re: Securing development environment

[Joe]

On Sat, 19 May 2018 12:03:37 +0200
Hubert Hauser  wrote:

> Hello!
> 
> On 19/05/18 07:29, Chris wrote:
> > Make those services listen to localhost and do port forwarding in
> > your SSH client.  
> 
> It might be a good idea but I am not sure whether fail2ban with nginx
> basic_auth mechanism is a simplier solution. You have not replied me
> is it. Should I worry about maximum length of passwords (8
> characters)?
> 

You might consider using a client-side authentication certificate. Here
are some hints:
https://fardog.io/blog/2017/12/30/client-side-certificate-authentication-with-nginx/

-- 
Joe

Weird ClamAV errors

[Hubert Hauser]

Hello!

Have anyone idea how to fix below errors?

From: Cron Daemon 
Subject: Cron  test -x /usr/sbin/anacron || ( cd / && run-parts 
--report /etc/cron.daily )
To: r...@autisticstory.net

LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, 
got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, 
got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, 
got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, 
got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, 
got 0
LibClamAV Warning: fmap_readpage: pread fail: asked for 4077 bytes @ offset 19, 
got 0
WARNING: Can't open file /sys/module/jbd2/uevent: Permission denied
/etc/cron.daily/clamscan_daily: line 22: mail: command not found
/etc/cron.daily/logrotate:
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
error: error running shared postrotate script for '/var/log/mysql/mysql.log 
/var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log 
/var/log/mysql/error.log '
run-parts: /etc/cron.daily/logrotate exited with return code 1

--
Cheers,
Hubert Hauser.



0x3C7DE8CE56189C2F.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

displayport suspend not working correctly

[Marcel]

Hi all,

I run on Debian testing. I have an Intel NUC with one monitor attached 
via hdmi and the other via displayport. When those monitors should go 
into suspend mode, the one attached to the (mini) display port wakes up 
after about 30 seconds to directly go back into suspend mode. This goes 
on and on, until the monitor cannot even be turned off with its power 
button.


I do not see these effects on the other monitor attached via hdmi nor 
when I attach the one connected via displayport to a computer running 
windows. Any ideas what might be the cause? Or how I could at least 
"debug" it?


Any advice is greatly appreciated ;-)

Thanks for any help

Marcel




smime.p7s
Description: S/MIME Cryptographic Signature

Re: why gdb-doc is in non-free ??!

[Ben Finney]

Alexander Villalba  writes:

> why gdb-doc is in non-free ??!:

Because the GNU FDL does not grant the freedoms necessary for free
software.

> gdb-doc is also GNU

The ‘gdb-doc’ work is released by the Free Software Foundation, and they
intend it to be part of the GNU operating system. But, confusingly, the
FSF do not consider that work to be free software (because they make an
arbitrary and ill-defined distinction between documentation and
software).



For a work to be included in Debian, this distinction is irrelevant: the
work must satisfy the Debian Free Software Guidelines.

Because the license restrictions do not grant the freedoms promised in
the Debian Free Software Guidelines, the ‘gdb-doc’ work cannot be in
Debian.

-- 
 \  “Every valuable human being must be a radical and a rebel, for |
  `\  what he must aim at is to make things better than they are.” |
_o__)  —Niels Bohr |
Ben Finney

Re: Securing development environment

[Hubert Hauser]

Hello!

On 19/05/18 07:29, Chris wrote:
> Make those services listen to localhost and do port forwarding in your
> SSH client.

It might be a good idea but I am not sure whether fail2ban with nginx
basic_auth mechanism is a simplier solution. You have not replied me is
it. Should I worry about maximum length of passwords (8 characters)?

--
Best wishes,
Hubert Hauser.

why gdb-doc is in non-free ??!

[Alexander Villalba]

Dear Friends!:

why gdb-doc is in non-free ??!:
https://packages.debian.org/search?keywords=gdb-doc

gdb-doc is also GNU

Re: need help on using openvpn

[Chris]

On Sat, 19 May 2018 08:05:40 + (UTC)
Long Wind wrote:

> i've bought vpn service
> the provider gives me many .opvn files and the same login/password
> every time i use, i have to enter login/password
> 
> is it possible to specify login/password on openvpn command line or a
> config file?
> 
> openvpn manual is long, i'm unable to find answer, Thanks


auth-user-pass pass.txt

pass.txt in the same directory where the ovpn file is:

p1234567
topsecretpassword

-- 
Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der
Mann, der sich als Stellvertreter Christi ausgibt, von dem er
behauptet, dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über
Wasser gehen und selbiges in Wein verwandeln können, hat vollkommen
recht.

need help on using openvpn

[Long Wind]

i've bought vpn service
the provider gives me many .opvn files and the same login/password
every time i use, i have to enter login/password

is it possible to specify login/password on openvpn command line or a config 
file?

openvpn manual is long, i'm unable to find answer, Thanks

Re: Laptop randomly reboots

[Hans]

Hi,

looks like the laptop is going too hot. This is a problem at many laptops. 
because of the cooler is set with dust.

Take a look at the cooling system, if there is any dust in the way. 
Especially, as you told, this is a used one, take care of good cooling.

Sadly you have to open the laptop and take a look. 

It might be, that the cooling is enough, when at normal load, but at high load 
at some point, the cooling is no more enough and the laptop reboots or is 
shutting down.

If this is the reason, there should be a log entry in syslog.

There is also some packages, from which can  the sensors can be watched.
Check lm-sensors or similar.

Hope this helps.

Good luck!

Hans