Installing Debian on SSD
Dear Sir/Madam First thanks for your time. I have an Acer laptop (Aspire E1, x64, amd i7, ram 16, vga 2). My base tasks are using virtual machines. I use dual boot for Win10 & Debian 8.6 & the type of Bios boot is “Legacy”. I gonna change my HDD to SSD & install just Debian 9.8 (so need at least two primary partitions). My mainboard supports both legacy & uefi mode. I know uefi mode just run on GPT not MBR. Please consult, Are you agree to install debian on uefi mode? If yes, Is it enough to change Bios type to “uefi” & then start installation? Deeply thanks for your help. Peyvand {My system specification is: System Model: Aspire E1-572PG - x64 BIOS Version/Date: Insyde Corp. V2.17, 02-Sep-14 Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz, 2401 Mhz, 2 Core(s), 4 Logical Processor(s) BIOS Mode now: Legacy}
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
On 3/10/19 3:53 PM, Brian wrote: On Sun 10 Mar 2019 at 13:18:54 -0400, deb wrote: Crumogeon tip: It is no longer 1972. If you have nothing nice or at least helpful to say on a USER list, say nothing at all. All the responses were helpful. You just have to fit them into your World View and accomodate them Thanks Brian for introducing some sanity to the issue. Ric
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
> OP has a point though. The real world happens to have a huge amount of > heterogeneous networks, and asking for tools to keep those systems safe > is legitimate. I did not perceive the OP's request to be about the case where you administer lots of machines and you want to use a Debian machine as a virus-filter for all those other machines running Windows or whatnot. So I assumed he meant "I do want to run A/V" to mean that he wants to run an A/V just like all random Windows users feel the need to run some A/V software on their machine to feel safer. Stefan
Re: GNU economics
On Mon 11 Mar 2019 at 20:30:55 +0100, Marek Mosiewicz wrote: > Hello, > > Debian webpage states about greedy of IT corporations. In my opinion it Citation, please. [Snip] > What do you think about this ? Nothing to do with Debian. -- Brian.
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
Curt wrote: > I don't believe he did, actually. I believe that's what Reco wrote. but there is no secure OS, as soon as you get connected to the network, and if you have a server with multiple users ... well. We used to put sensitive servers in DMZ aside of the user network - for a good reason. regards
Re: GNU economics
On Mon, 11 Mar 2019 20:30:55 +0100 Marek Mosiewicz wrote: > Hello, > > Debian webpage states about greedy of IT corporations. In my opinion > it is not so easy to state it. Of course current cloud offer of MS > Office for $12 per month would means one tryllion a year if 7 billion > people would subscribe. That would be insane. But in fact if 100 > million would subscribe they would probably be lucky. > > That in economics is called elasticy. For one dollar we could probably > have 1 billion subscribes. If one entity would have to pay for Office > production it would not be created. > > Price 0 for bugless software means freedom for users. For software > industry problem seems somewhat more complicated for me. Cost of > creating all debian packages is probably calculated in hundreds of > billions dollar. There are serious donations of code from corporations > just to mention openjdk, chromium, X server etc. > > Cost of one hundred billion (maybe it is way to much) would mean that > one billion users would have to donate $100 dollar totally to pay off > Debian code. > > What do you think about this ? > > Good start to a thesis. What you now have to do is work out an objective means of determining what benefit people have obtained from Debian, to the nearest dollar. Then deduct the cost in time for the care and feeding that Debian requires, and also time spent on bug reports. Then assign a real meaning to the number you have left... OK, if you've got that far, here's a more difficult one: I've written today about the difference in ethos between a paid-for OS and a free-as-in-beer one, in the difference in attitudes of the vendors in the two environments. E.g. Microsoft and other Windows software vendors appear to believe that they own your computer, and can do what they like with it. That makes a difference to the user. Your mission, Jim, if you choose to accept it, is to determine how much that difference is worth to the user in dollar terms. As a datum, it's the main reason I prefer to use free software, in the long term the price difference is negligible. -- Joe
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
Stefan Monnier writes: >> re: apt solving all? I understand it recently had a long-time vulnerability >> itself... >> Linux will get hit more as it gets more popular. > > My point is not that APT and/or Debian is bullet-proof (I live under no > delusion in this respect). Just that instead of keeping your A/V > up-to-date, the GNU/Linux approach to protecting oneself from attacks is > to keep your OS up-to-date. > > > Stefan > > > PS: I guess that means I should have pointed to `unattended-upgrades` > rather than to `apt` as the solution that corresponds to an anti-virus. OP has a point though. The real world happens to have a huge amount of heterogeneous networks, and asking for tools to keep those systems safe is legitimate. Acting like purity ponies and basically going "Here's a nickel kid, buy yourself a real OS" is immature at best. I share OP's disappointment in the level of the replies they got. Mart -- "We will need a longer wall when the revolution comes." --- AJS, quoting an uncertain source.
GNU economics
Hello, Debian webpage states about greedy of IT corporations. In my opinion it is not so easy to state it. Of course current cloud offer of MS Office for $12 per month would means one tryllion a year if 7 billion people would subscribe. That would be insane. But in fact if 100 million would subscribe they would probably be lucky. That in economics is called elasticy. For one dollar we could probably have 1 billion subscribes. If one entity would have to pay for Office production it would not be created. Price 0 for bugless software means freedom for users. For software industry problem seems somewhat more complicated for me. Cost of creating all debian packages is probably calculated in hundreds of billions dollar. There are serious donations of code from corporations just to mention openjdk, chromium, X server etc. Cost of one hundred billion (maybe it is way to much) would mean that one billion users would have to donate $100 dollar totally to pay off Debian code. What do you think about this ? -- Marek Mosiewicz
Re: Tangentially: on Canonical being a great company?
On 03/11/2019 03:45 PM, Brian wrote: NULL set
Re: Tangentially: on Canonical being a great company?
On Mon 11 Mar 2019 at 13:48:04 -0400, deb wrote: > > re: Canonical being a great company as postured by one here: > > > * They have already been caught selling search results to Amazon. > > * the board let go ALL non-corporate members - the People's voice. > > * they sleep with Microsoft of E-E-E fame. > > * The owner is hell bent on getting to IPO level. > > So, like Redhat, thousands of volunteers working the code for years, > will see nothing when canonical is sold. > > * I have more :-) > > > Ubuntu would be one of the last distributions > > I would ever recommend. This is brought to you for your consideration by Agendas R Us. Please direct all your comments to /dev/null. -- Brian.
Re: Joe - Re: WRITING to NTFS drives
On Mon, 11 Mar 2019 14:59:25 -0400 deb wrote: > On 3/11/19 2:47 PM, Joe wrote: > > On Mon, 11 Mar 2019 14:13:38 -0400 > > deb wrote: > > > >> I saw this question come up > >> > >> and it set off bells. > >> > >> > >> Someone asked what the status of WRITING to NTFS drives was. > >> > >> That it was not yet supported (?) . > >> > > I don't think that has been true for several years, though it > > certainly was at one time. > > > >> > >> *MY* Assumptions: > >> > >> * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted). > >> > >> * many portable 1-5TB drives making the rounds, formatted with > >> NTFS. > >> > >> * data loss is unacceptable [to the highest degree that is > >> possible]. > >> > >> > >> > >> I know that I can read (and verify) files just fine from NTFS on > >> Debian 9.8 > >> > >> but [if you have direct experience with this] > >> > >> is writing to these drives from debian actually safe? > >> > >> > >> [if you have direct experience with this] > >> > >> what process/tool(s) do you use to validate the writes? > >> > > Yes, that is my current belief. If I need media that supports larger > > files than FAT provides for, between OSes, I have no hesitation in > > using NTFS. > > > > BUT... if I have the means easily available, and I usually do, I > > would initially format the media in Windows. I don't suppose its > > actually necessary, but in the past I've seen Windows complain > > about the formatting of media carried out under Linux, though never > > to the point of losing data. I have a couple of USB sticks in > > current use that Windows always complains about and offers to fix > > (though it never does). It costs me nothing to be sure. > > > > Similarly, there are programs running on Windows that can deal with > > various extN filesystems, but I would never use such a program for > > an initial formatting if I also had a Linux machine available. Why > > take a chance? > > > > Joe: > > > a. Whew! > > b. Understood on NTFS drives should be formatted on Windows machines. > > > The very last thing that I want to do is to have systematic data > corruption on Windowsy drives traced back to Linux-anything. > I have no evidence that there is any problem at all, I just try to avoid the easily-avoidable risks. -- Joe
Re: WRITING to NTFS drives
On Mon, 2019-03-11 at 14:13 -0400, deb wrote: > I saw this question come up > > and it set off bells. > > > Someone asked what the status of WRITING to NTFS drives was. > > That it was not yet supported (?) . > > > > *MY* Assumptions: > > * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted). > > * many portable 1-5TB drives making the rounds, formatted with NTFS. > > * data loss is unacceptable [to the highest degree that is > possible]. > > > > I know that I can read (and verify) files just fine from NTFS on > Debian 9.8 > > but [if you have direct experience with this] > > is writing to these drives from debian actually safe? > > > [if you have direct experience with this] > > what process/tool(s) do you use to validate the writes? > One data point, clearly in need of additional support (or refutation). I will lay claim to having, in a small number of cases, written to NTFS file systems using recent (jessie, stretch, buster) Debian versions. Validation was that the files subsequently were readable, modifiable, and rewritable by Windows 10 or Windows 7 applications. Some of them later were readable, modifiable, and rewritable on the originating Linux system. This is a somewhat weak claim, since it involved only a small (but double digit) number of files, and only a few applications (mostly OpenOffice or LibreOffice Calc and MS-Office Excel). On one occasion I managed, largely by trial and error, to repair an NTFS file system using tools available on Debian (buster, I think, but maybe stretch). Tom Dial > > What are other places to ask this? > > > Thank you!
Re: WRITING to NTFS drives
On 11.03.2019 23:13, deb wrote: > > > I saw this question come up > > and it set off bells. > > > Someone asked what the status of WRITING to NTFS drives was. > > That it was not yet supported (?) . > > > > *MY* Assumptions: > > * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted). > > * many portable 1-5TB drives making the rounds, formatted with NTFS. > > * data loss is unacceptable [to the highest degree that is possible]. > > > > I know that I can read (and verify) files just fine from NTFS on > Debian 9.8 > > but [if you have direct experience with this] > > is writing to these drives from debian actually safe? > Short answer: Yes, it is safe. Long answer: Yes, but it depends, because NTFS is not just a bunch of files, it has hidden metadata sections, journal, substream files, junctions, windows-style ACLs and permissions, file compression, disk quotas, file audit, probably more (hidden) features. You've probably read my answer to that previous question about NTFS, so I just want to add to that. Writing data\files to NTFS is fine as long as you take into account that some of the features could be not fully supported. So you should be careful with writing\deleting\moving files on a system partition (with installed windows os), but if you use NTFS with Portable USB Storage devices it should be fine, as long as you(your users) don't unplug USB connector as soon as progress bar of file transfer process has reached 100%. > > [if you have direct experience with this] > > what process/tool(s) do you use to validate the writes? Take into account that USB storage devices are quick to send data into memory buffer, but much slower to actually write data to drive. So "sync" command is useful to ensure data is fully written, before you send command to unmount\eject the device and physically disconnect it from USB port, otherwise data loss or filesystem corruption will occur. > > > What are other places to ask this? You can go to homepage of "ntfs-3g" driver [1] and its support forums. [2] > > Thank you! > > > > [1] https://www.tuxera.com/community/ntfs-3g-advanced/ [2] https://forum.tuxera.com/ -- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄
Re: Caja's file search --- BUG or Feature?
On Sun 10 Mar 2019 at 09:21:37 (-0500), Richard Owlett wrote: > I'm running Stretch with MATE desktop. > > If I submit a sub-string of a filename to "MATE Search Tool", *ANY* > hit reports the full path to the target. That is *GOOD*! > > HOWEVER, if I'm exploring a specific directory with Caja and then > search for the *IDENTICAL* sub-string I get a "hit" with ABSOLUTELY no > indication of the file's location :{ > > My test case: > I created a test file at > /home/richard/Downloads/tk8.6.9/tests/ttk/owltstmarch9 . > I hope that is arbitrary enough ;} > > Using 'march' as test string when using: > 1. "MATE Search Tool" yields exact location. > 2, Caja admits file exists *SOMEWHERE* > > As an end USER: > 1. "MATE Search Tool" gives expected result - i.e. giving > full path to target. > 2. Caja's search otherwise: > A. The first time I used it, I expected to get hits *ONLY* >in the current sub-directory. > B. However it reports hits for *ANY* sub-directory at or >below the current one. This can be very useful. >*HOWEVER* it's usefulness is reduced by not reporting the >full path to the target. > > Comments? By full path, I take it that you mean an absolute path. The Mate search is presumably made across the whole system, so a hit would be fairly meaningless without the absolute path, like the city of Springfield, USA. OTOH it's quite normal for running programs to have little idea of where they are located in the file system beyond the current directory and its parent. So it doesn't surprise me that you don't get any information about what directories are above you. As for those below, I'm now guessing. (Installing caja to try it out would involve 42 packages: no thanks.) When the hits are presented, it is just a "dead" text list, or are the names clickable? If the latter, have you tried right-clicking on them? I would expect a menu including "Properties" which might reveal something. I thought this was the bread and butter of using a DE, and the reason for installing all those packages. Cheers, David.
Joe - Re: WRITING to NTFS drives
On 3/11/19 2:47 PM, Joe wrote: On Mon, 11 Mar 2019 14:13:38 -0400 deb wrote: I saw this question come up and it set off bells. Someone asked what the status of WRITING to NTFS drives was. That it was not yet supported (?) . I don't think that has been true for several years, though it certainly was at one time. *MY* Assumptions: * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted). * many portable 1-5TB drives making the rounds, formatted with NTFS. * data loss is unacceptable [to the highest degree that is possible]. I know that I can read (and verify) files just fine from NTFS on Debian 9.8 but [if you have direct experience with this] is writing to these drives from debian actually safe? [if you have direct experience with this] what process/tool(s) do you use to validate the writes? Yes, that is my current belief. If I need media that supports larger files than FAT provides for, between OSes, I have no hesitation in using NTFS. BUT... if I have the means easily available, and I usually do, I would initially format the media in Windows. I don't suppose its actually necessary, but in the past I've seen Windows complain about the formatting of media carried out under Linux, though never to the point of losing data. I have a couple of USB sticks in current use that Windows always complains about and offers to fix (though it never does). It costs me nothing to be sure. Similarly, there are programs running on Windows that can deal with various extN filesystems, but I would never use such a program for an initial formatting if I also had a Linux machine available. Why take a chance? Joe: a. Whew! b. Understood on NTFS drives should be formatted on Windows machines. The very last thing that I want to do is to have systematic data corruption on Windowsy drives traced back to Linux-anything. Thank you!
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
> There is a spectrum of Windows software than runs between evil malware > and legitimate programs, it isn't just black and white, and many Agreed, but I doubt A/V software will know where to draw the line. Stefan
Re: WRITING to NTFS drives
On Mon, 11 Mar 2019 14:13:38 -0400 deb wrote: > I saw this question come up > > and it set off bells. > > > Someone asked what the status of WRITING to NTFS drives was. > > That it was not yet supported (?) . > I don't think that has been true for several years, though it certainly was at one time. > > > *MY* Assumptions: > > * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted). > > * many portable 1-5TB drives making the rounds, formatted with NTFS. > > * data loss is unacceptable [to the highest degree that is > possible]. > > > > I know that I can read (and verify) files just fine from NTFS on > Debian 9.8 > > but [if you have direct experience with this] > > is writing to these drives from debian actually safe? > > > [if you have direct experience with this] > > what process/tool(s) do you use to validate the writes? > Yes, that is my current belief. If I need media that supports larger files than FAT provides for, between OSes, I have no hesitation in using NTFS. BUT... if I have the means easily available, and I usually do, I would initially format the media in Windows. I don't suppose its actually necessary, but in the past I've seen Windows complain about the formatting of media carried out under Linux, though never to the point of losing data. I have a couple of USB sticks in current use that Windows always complains about and offers to fix (though it never does). It costs me nothing to be sure. Similarly, there are programs running on Windows that can deal with various extN filesystems, but I would never use such a program for an initial formatting if I also had a Linux machine available. Why take a chance? -- Joe
Re: User rw Permissions on New Hard Drive
On Sat 09 Mar 2019 at 20:31:36 (+0100), Pascal Hambourg wrote: > Le 08/03/2019 à 04:15, David Wright a écrit : > > On Thu 07 Mar 2019 at 23:12:29 (+0100), Pascal Hambourg wrote: > > > Le 07/03/2019 à 20:23, David Wright a écrit : > > > > > > > > A filesystem > > > > that has a label, has that label regardless of any OS. > > > > > > Have you ever used UDF ? > > > > Yes. As far as my experience goes, there's not a lot of difference. > > I've had no occasion to *write* DVDs on a computer system, so I can > > only speak of reading them. > > I did not mean using UDF on opticals discs but on regular drives, just > as any other general purpose filesystem. I once considered using it > for file sharing between Windows and Linux instead of the usual FAT > and NTFS. Indeed UDF is natively supported as a read-write filesystem > by both Linux and Windows, natively supports POSIX permissions and > does not suffer from FAT file size limitations. And I was surprised to > discover that the label set by Windows was not the label read by Linux > and vice versa. Without reading a review of how it performs, I'd worry about using it as a general purpose filesystem. It sounds as if it's designed mainly for handling specific issues raised by particular devices. I might be happier if it were integrated into the kernel rather than just a user application. I might try it on a caddy or stick sometime. > > > It has a set of identifiers, and I observed > > > that Windows and blkid did not use the same identifier as the label. > > > > I've made no claim about what Windows and blkid do and do not use. > > You wrote that the filesystem label was independent of any OS. No, I wrote "A filesystem that has a label, has that label regardless of any OS." In other words, if you hold a filesystem (on a device) in your hands, the label is still present, as a property of the filesystem, written there as a sequence of characters. This is in contrast to the string /dev/disk/by-label/LABEL which is effectively an artefact of the operating system, dependant on the device being connected to a particular type of OS, and not written anywhere on the device itself. > I just > gave an example of a filesystem for which two different OSes use two > different identifiers as the label. I try to avoid ambiguity by using "LABEL" to refer to a string that's used as the value of mount -L or fstab's LABEL=, and by using plain "label" elsewhere. That's why I wrote "I'm not clear about which other sort of label might be referenced by LABEL=" at the end of that same posting you quoted from. The OP said they didn't have any other sort in mind either. So thank you for the example of UDF. I take it the set of identifiers is the following: --lvid=logical-volume-ident Specify the logical volume identifier. --vid=volume-ident Specify the volume identifier. --vsid=volume-set-ident Specify the volume set identifier. --fsid=file-set-ident Specify the file set identifier. It would appear that mkudffs tries to circumvent the problem by encouraging lvid and vid to be set to the same value. That said, I have no idea which of these two identifiers was reacting to the LABELs I read and gave to mount -L in the example from my DVDs. Would the "set identifiers" have something to do with the fact that the maximum file size is several millions of times bigger than the maximum volume size? Not a phenomenon I'm used to. Cheers, David.
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
On Mon, 11 Mar 2019 13:53:39 -0400 Stefan Monnier wrote: > > re: apt solving all? I understand it recently had a long-time > > vulnerability itself... > > Linux will get hit more as it gets more popular. > > My point is not that APT and/or Debian is bullet-proof (I live under > no delusion in this respect). Just that instead of keeping your A/V > up-to-date, the GNU/Linux approach to protecting oneself from attacks > is to keep your OS up-to-date. > Yes, but malware (that does not necessarily exploit a bug) can be installed on a completely secure (and imaginary!) OS by an incautious user running as root. There is a spectrum of Windows software than runs between evil malware and legitimate programs, it isn't just black and white, and many legitimate programs are supplied free but with grey semi-malware (adware, spyware) bundled in to provide revenue. A laptop manufacturer who shall be nameless once (allegedly unknowingly) bundled an https-breaker among the pre-installed junk. It doesn't have to be about exploiting unfixed bugs. A lot of it is in the whole ethos of the OS and its hardware and software vendors. That's where free-as-in-beer makes a huge difference. -- Joe
WRITING to NTFS drives
I saw this question come up and it set off bells. Someone asked what the status of WRITING to NTFS drives was. That it was not yet supported (?) . *MY* Assumptions: * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted). * many portable 1-5TB drives making the rounds, formatted with NTFS. * data loss is unacceptable [to the highest degree that is possible]. I know that I can read (and verify) files just fine from NTFS on Debian 9.8 but [if you have direct experience with this] is writing to these drives from debian actually safe? [if you have direct experience with this] what process/tool(s) do you use to validate the writes? What are other places to ask this? Thank you!
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
On Mon, 11 Mar 2019 11:45:28 -0400 Stefan Monnier wrote: > > I think the premises of your syllogism might lead some to another > > conclusion---that the livelihood of the AV software houses depends > > upon the innate insecurity of the Windows OS. > > Hmm... they don't actually need that: they only need people to > think that they're vulnerable (regardless if their Windows is actually > secure or not, and regardless is Windows is more or less secure than > other OSes). > > But yes, this is made easier if Windows is actually insecure. > To a large extent, it is Windows users who are insecure. Even today (or at least, three months ago) the first-time user of Windows 10 is set up as an administrator, and no advice is offered about changing this. I used to help out on Windows Small Business Server newsgroup, where many administrators/installers admitted to making all their users administrators to reduce service calls... it was actually *necessary* for the user of MS Office to be an administrator for the first run of each of the components (not just the installation), or else various files and permissions didn't get written correctly. -- Joe
Re: systemd mdadm spamming my syslog
Bob Weber writes: > On 3/10/19 5:20 PM, Joe Pfeiffer wrote: > > Since a recent update, my /var/log/syslog is getting spammed with huge > numbers of messages of the form > > Mar 10 14:02:25 snowball systemd-udevd[18681]: Process '/sbin/mdadm > --incremental --export /dev/sda3 --offroot > /dev/disk/by-id/ata-ST3000DM001-1ER166_Z501MTQ3-part3 > /dev/disk/by-partuuid/ad6f31ee-1866-400c-84f8-2c54da6abd2e > /dev/disk/by-path/pci-:00:11.0-ata-1-part3 > /dev/disk/by-id/wwn-0x5000c50086c86ae8-part3' failed with exit code 1. > > When I run the command by hand, I get > > root@snowball:~# /sbin/mdadm --incremental --export /dev/sda3 --offroot > /dev/disk/by-id/ata-ST3000DM001-1ER166_Z501MTQ3-part3 > /dev/disk/by-partuuid/ad6f31ee-1866-400c-84f8-2c54da6abd2e > /dev/disk/by-path/pci-:00:11.0-ata-1-part3 > /dev/disk/by-id/wwn-0x5000c50086c86ae8-part3 > mdadm: cannot reopen /dev/sda3: Device or resource busy. > > Which at least gives me a small clue, but really not much of one. > > I'm not even really clear on whther this is a systemd or mdadm bug. > > So, some questions: > > 1) what is this command trying to do? I do understand a little about mdadm, > and am running a RAID 1 array on this machine. But this is using an > option (--offroot) that doesn't even appear in the man page, and I've > got no idea what it's trying to accomplish. > > 2) how can I make it stop? > > I also have these kind of messages for my 3 raid1 arrays. The messages > started after an update to testing done on 2/26/18 and have continued up to > 3/11/18 > (today). I looked at the terminal logs and I was running udev (240-6) > (installed 2/22) and mdadm (4.1-1) (installed 2/6). My udev is now at 241-1 > and mdadm is still > at 4.1-1. I'm seeing it at those versions, also. > Since the arrays are started correctly as shown by "cat /proc/mdstat" I > haven't paid much attention to these messages. They only occur at boot. The arrays are started correctly, but I'm getting bursts of these messages every five minutes so it's annoying. > My system is running testing and I do an upgrade just about every day. Same here.
Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
> re: apt solving all? I understand it recently had a long-time vulnerability > itself... > Linux will get hit more as it gets more popular. My point is not that APT and/or Debian is bullet-proof (I live under no delusion in this respect). Just that instead of keeping your A/V up-to-date, the GNU/Linux approach to protecting oneself from attacks is to keep your OS up-to-date. Stefan PS: I guess that means I should have pointed to `unattended-upgrades` rather than to `apt` as the solution that corresponds to an anti-virus.
Tangentially: on Canonical being a great company?
re: Canonical being a great company as postured by one here: * They have already been caught selling search results to Amazon. * the board let go ALL non-corporate members - the People's voice. * they sleep with Microsoft of E-E-E fame. * The owner is hell bent on getting to IPO level. So, like Redhat, thousands of volunteers working the code for years, will see nothing when canonical is sold. * I have more :-) Ubuntu would be one of the last distributions I would ever recommend.
Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools
On 3/10/19 1:33 PM, Mart van de Wege wrote: deb writes: Starting assumption: I do want to run A/V. * I get that it may actually INCREASE attack surface. * But I have Windows & Mac stuff going back and forth to Debian 9.8 and just want to check. When you say going back and forth, do you mean over the network? On Linux the best solution right now is clamav, which is not 100%. Is it an option for you to run a network based solution, like an IDS? Mart Yes Mart. Over the network. 4 files were found being passed by just one Windows machine, which was running a paid A/'V (actually 3 different A/Vs!). 2 were in emails. I will push along the ClamAV path. It has worked. I have to figure out if it really does real-time detection [it says it does]. That would allow it to beat out Malwarebytes. * I will be using ClamAV. It *seems* little shaky, but it worked. * I will ask elsewhere if there are better options. * Companies I push #debian into will be doing at least ClamAV [ [IF] they have or will have networked Windows/Mac machines, or receive email. (and probably anyway). * I'm not interested in cloud-based solutions, where "suspect" files are sent to the "cloud". That, to me, seems the worst answer. I'm not interested in listening to noise from Brian (defines curmudgeon), trying to guess what evil agenda I am backing; and all of that other posturing about just compile your own code; review every line first, and all all is well. People pass crap around on mixed networks. They do. I *ALREADY* caught it. re: apt solving all? I understand it recently had a long-time vulnerability itself... Linux will get hit more as it gets more popular. I want to be ahead of that however possible. So thank you for a real answer Mart. What a pile of chest-thumping on this. Sheesh.
Re: systemd mdadm spamming my syslog
On 3/10/19 5:20 PM, Joe Pfeiffer wrote: Since a recent update, my /var/log/syslog is getting spammed with huge numbers of messages of the form Mar 10 14:02:25 snowball systemd-udevd[18681]: Process '/sbin/mdadm --incremental --export /dev/sda3 --offroot /dev/disk/by-id/ata-ST3000DM001-1ER166_Z501MTQ3-part3 /dev/disk/by-partuuid/ad6f31ee-1866-400c-84f8-2c54da6abd2e /dev/disk/by-path/pci-:00:11.0-ata-1-part3 /dev/disk/by-id/wwn-0x5000c50086c86ae8-part3' failed with exit code 1. When I run the command by hand, I get root@snowball:~# /sbin/mdadm --incremental --export /dev/sda3 --offroot /dev/disk/by-id/ata-ST3000DM001-1ER166_Z501MTQ3-part3 /dev/disk/by-partuuid/ad6f31ee-1866-400c-84f8-2c54da6abd2e /dev/disk/by-path/pci-:00:11.0-ata-1-part3 /dev/disk/by-id/wwn-0x5000c50086c86ae8-part3 mdadm: cannot reopen /dev/sda3: Device or resource busy. Which at least gives me a small clue, but really not much of one. I'm not even really clear on whther this is a systemd or mdadm bug. So, some questions: 1) what is this command trying to do? I do understand a little about mdadm, and am running a RAID 1 array on this machine. But this is using an option (--offroot) that doesn't even appear in the man page, and I've got no idea what it's trying to accomplish. 2) how can I make it stop? I also have these kind of messages for my 3 raid1 arrays. The messages started after an update to testing done on 2/26/18 and have continued up to 3/11/18 (today). I looked at the terminal logs and I was running udev (240-6) (installed 2/22) and mdadm (4.1-1) (installed 2/6). My udev is now at 241-1 and mdadm is still at 4.1-1. Since the arrays are started correctly as shown by "cat /proc/mdstat" I haven't paid much attention to these messages. They only occur at boot. My system is running testing and I do an upgrade just about every day. -- *...Bob*
Re: sorry for off-topic, i really curious some picture that have [Brian May] <- Queen?!
On Sun, Mar 10, 2019, 7:54 AM 황병희 wrote: > Dear Brad, > > On Sun, Mar 10 2019, Brad Rogers wrote: > > [...snip...] > >>Who is it? Really is him Queen's guitarist?! > > > > Debian's Brian appears to have the middle initial A, whereas Queen's > > guitarist has H (for Harold) as his middle initial. Thus making it > > unlikely they're the same person. > > Ah yes!~ i got it now, though Debian's Brian also rocks to me^^^ > Thanks for quick comment!!! > But: Has debian's Brian May been using the same computer since birth? Like Queen's Brian May has been customising that same guitar since the beginning (his father as well). Sincerely, Byung-Hee. > > -- > ^고맙습니다 _地平天成_ 감사합니다_^))// > >
Re: Caja's file search --- BUG or Feature?
On 3/10/19, Richard Owlett wrote: > I'm running Stretch with MATE desktop. > > If I submit a sub-string of a filename to "MATE Search Tool", *ANY* hit > reports the full path to the target. That is *GOOD*! > > HOWEVER, if I'm exploring a specific directory with Caja and then search > for the *IDENTICAL* sub-string I get a "hit" with ABSOLUTELY no > indication of the file's location :{ > > My test case: > I created a test file at > /home/richard/Downloads/tk8.6.9/tests/ttk/owltstmarch9 . > I hope that is arbitrary enough ;} > > Using 'march' as test string when using: > 1. "MATE Search Tool" yields exact location. > 2, Caja admits file exists *SOMEWHERE* > > As an end USER: > 1. "MATE Search Tool" gives expected result - i.e. giving > full path to target. > 2. Caja's search otherwise: > A. The first time I used it, I expected to get hits *ONLY* > in the current sub-directory. > B. However it reports hits for *ANY* sub-directory at or > below the current one. This can be very useful. > *HOWEVER* it's usefulness is reduced by not reporting the > full path to the target. > > Comments? #GlassHalfFull: Thank goodness it only grabs from the bottom shelves and doesn't also reach up over its head into higher parent directories for those inquires. A developer type file name such as /readme.md or /make comes to mind as an example there. Since *your experience* is that Caja does only reach deeper into [child] directories and not back up overhead, is there maybe something explicitly expressed in their documentation that covers that feature? If no documentation on the topic can be found AND so a bug report is to be filed, a user could state that the current behavior inhibit's the user's perception of full usability. The user could then offer a bug report disclaimer stating that the user understands that the current behavior may be by conscious design so maybe this is a wishlist bug report item, instead. A wishlist bug report could suggest that it would be nice to be offered a toggle-able, e.g. radio button or checkbox type, option that either: * Only searches deeper into the file hierarchy thus still honoring the maintainers' conscious current intended status quo.. OR... * Searches the entire file hierarchy then provides query results that include easily cull-able, usability-friendly full file paths. It is a curious feature for which I can't immediately think of a usage case. All that means is I've simply never encountered a situation that mandated just such a search. *I think* the MANY searches I've done over the years have been with the intention of needing that full file path to accomplish whatever related task had instigated each search. Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with birdseed *
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
> I think the premises of your syllogism might lead some to another > conclusion---that the livelihood of the AV software houses depends upon > the innate insecurity of the Windows OS. Hmm... they don't actually need that: they only need people to think that they're vulnerable (regardless if their Windows is actually secure or not, and regardless is Windows is more or less secure than other OSes). But yes, this is made easier if Windows is actually insecure. Stefan
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
On 2019-03-11, Stefan Monnier wrote: >> Not that I'm aware of. The thing is - instead of taking an insecure OS >> and building assorted kludges (in the form of anti-virus) around it, >> it's considered wise here to use a secure OS from the beginning. > > This is misleading: all OSes are somewhat insecure, in practice. > The question is what to do when a security hole is found: plug the hole > right away, or try to recognize potential attacks via some anti-virus > software? > > Of course, AV software houses can't really plug security holes in > Windows (only Microsoft can), so their livelihood depends on making > people believe that an AV is a good supplement. > I think the premises of your syllogism might lead some to another conclusion---that the livelihood of the AV software houses depends upon the innate insecurity of the Windows OS. This kind of gentleman's agreement seems to be one of the fundamental cogs in the great Wheel of capitalism to which most of us are tied. Having said that, the Windows 10 on my hubby's laptop has native virus- detection software and the OS is patched frequently via the net (at times to inadvertent ill effect, though not here, at least not yet). > Stefan > > -- “Let us again pretend that life is a solid substance, shaped like a globe, which we turn about in our fingers. Let us pretend that we can make out a plain and logical story, so that when one matter is despatched--love for instance-- we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves
RE: Group thoughts on: Anti-virus tools
I use clamav along with clamav-unofficial-sigs, Sanesecurity and Securiteinfo (which I pay for) Secondly, I use “Bitdefender Security for Mail Servers – Linux”, again which I pay for. I use clamav-milter and the bdmilterd to scan mail using clamav and Bit Defender. I must say that it was pretty difficult to convince someone to actually sell me Bit Defender for Linux! It’s like a totally hidden product of theirs, but it does work and is effective.
Re: systemd error
On Mon, Mar 11, 2019, 03:45 Sven Hartge wrote: > Default User wrote: > > > I will just have to either ignore the problem and pretend it doesn't > > exist, or just purge the minissdpd package completely, and hope > > nothing really needs it. Decisions, decisions . . . > > "Nothing really needs it." is the answer here. It speeds up some > operations in some contexts, but nothing noticable for the average user > in general. > > Grüße, > Sven. > > -- > Sigmentation fault. Core dumped. > Okay. Thank you, Sven.
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
> Not that I'm aware of. The thing is - instead of taking an insecure OS > and building assorted kludges (in the form of anti-virus) around it, > it's considered wise here to use a secure OS from the beginning. This is misleading: all OSes are somewhat insecure, in practice. The question is what to do when a security hole is found: plug the hole right away, or try to recognize potential attacks via some anti-virus software? Of course, AV software houses can't really plug security holes in Windows (only Microsoft can), so their livelihood depends on making people believe that an AV is a good supplement. Stefan
Fwd: Envoi facture n # GB-9993743MS janvier 2019
Bonjour, Nous vous prions de trouver en pièce jointe votre facture. Nous restons à votre disposition pour tout renseignement complémentaire. Bien cordialement Yoann Mallet Garanti sans virus. www.avast.com N'attendez plus, cela ne prend que quelques secondes !https://omegaenergysystems.com/commerce/facture-prestation-GB-9993743MS
Re: Group thoughts on: Anti-virus tools
On 2019-03-11, Paul Sutton wrote: > > On 10/03/2019 15:04, Sven Hartge wrote: >> deb wrote: >> >>> a. What does the group suggest running on debian beyond >>> - chkrootkit >> Useless. >> >>> - rkhunter >> Crap, unmaintained. >> >> Both tools produce more false positives than finding anything, just >> creating a false sense of security while providing no security benefit >> whatsoever. >> >> Grüße, >> Sven. >> > > Not just a false sense of security, but for anyone who is new or > inexperienced a false positive creates extra worry as you are unsure if > it real or otherwise. They actually create a false sense of insecurity, which is the basis of many neuroses. > Paul > -- “Let us again pretend that life is a solid substance, shaped like a globe, which we turn about in our fingers. Let us pretend that we can make out a plain and logical story, so that when one matter is despatched--love for instance-- we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves
Re: Group thoughts on: Anti-virus tools
On 10/03/2019 15:04, Sven Hartge wrote: > deb wrote: > >> a. What does the group suggest running on debian beyond >> - chkrootkit > Useless. > >> - rkhunter > Crap, unmaintained. > > Both tools produce more false positives than finding anything, just > creating a false sense of security while providing no security benefit > whatsoever. > > Grüße, > Sven. > Not just a false sense of security, but for anyone who is new or inexperienced a false positive creates extra worry as you are unsure if it real or otherwise. Paul -- Paul Sutton http://www.zleap.net https://www.linkedin.com/in/zleap/ gnupg : 7D6D B682 F351 8D08 1893 1E16 F086 5537 D066 302D
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
On 2019-03-11, deloptes wrote: > deb wrote: I don't believe he did, actually. I believe that's what Reco wrote. >> Not that I'm aware of. The thing is - instead of taking an insecure OS >> and building assorted kludges (in the form of anti-virus) around it, >> it's considered wise here to use a secure OS from the beginning. > > If you have windows users in your network, the best is to pay for a server > license for linux and integrate it into clamav. I think most of the popular > anti virus software companies have their products running on linux and able > to integrate in clamav. You have to pay but it pays off, if you have > employes or simply people using windows in your network. > > The security of course is not only the antivirus, but also the firewall, VPN > and similar - 1. reduce the risk of intrusion and 2. increase the chance of > detection. Anti virus software is only part of it all. > > regards > > -- “Let us again pretend that life is a solid substance, shaped like a globe, which we turn about in our fingers. Let us pretend that we can make out a plain and logical story, so that when one matter is despatched--love for instance-- we go on, in an orderly manner, to the next.” - Virginia Woolf, The Waves
Re: systemd error
Default User wrote: > I will just have to either ignore the problem and pretend it doesn't > exist, or just purge the minissdpd package completely, and hope > nothing really needs it. Decisions, decisions . . . "Nothing really needs it." is the answer here. It speeds up some operations in some contexts, but nothing noticable for the average user in general. Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: And now, from the Nice people? Re: Group thoughts on: Anti-virus tools
deb wrote: > Not that I'm aware of. The thing is - instead of taking an insecure OS > and building assorted kludges (in the form of anti-virus) around it, > it's considered wise here to use a secure OS from the beginning. If you have windows users in your network, the best is to pay for a server license for linux and integrate it into clamav. I think most of the popular anti virus software companies have their products running on linux and able to integrate in clamav. You have to pay but it pays off, if you have employes or simply people using windows in your network. The security of course is not only the antivirus, but also the firewall, VPN and similar - 1. reduce the risk of intrusion and 2. increase the chance of detection. Anti virus software is only part of it all. regards
Re: Group thoughts on: Anti-virus tools
deb wrote: > ClamAV I recall 15y ago we integrated kasperky into ClamAV. Easy to integrate and easy to use. Worked great. I left this company couple of years later, but it will not surprise me if they are still using the same setup.