Re: Mettre à jour la libc6

[Basile Starynkevitch]

On 4/8/19 6:09 PM, Nicolas Malgat wrote:

Bonjour,

Je voulais installer php7.3 seulement cela requiert l'installation de 
la libc6 2.29 tandis que j'utilise actuellement la libc6 2.24



La solution serait alors de recompiler PHP7.3 depuis son code source 
distribué.


C'est l'un des avantages du logiciel libre.


Librement

--
Basile STARYNKEVITCH   == http://starynkevitch.net/Basile
opinions are mine only - les opinions sont seulement miennes
Bourg La Reine, France

Re: putty go slow

[lev]

Hey Mick, 


On Mon, Apr 08, 2019 at 11:31:26PM +0100, mick crane wrote:

On 2019-04-08 23:03, l...@levlaz.org wrote:

On Mon, Apr 08, 2019 at 09:38:48PM +0100, mick crane wrote:

This is probably something to do with the network connection.
Any idea to find out what might cause this sluggardly behavior ?
apologies for off topic but I'm unlikely to join a win10 user group.


This very much sounds like a networking problem. Could you share more
about where the sever is located that you are connecting to in relation
to where you are?


the PCs are physically adjacent connected with the RJ45 ( isn't it ) 
cables through what is supposed to be a switch I got in B several 
years ago.

but I think it might be a hub.
Perhaps that is the culprit ?
but then again it might be something to do with windows keyboard 
activity


That is very interesting, I was assuming that you were connecting to a
remote server. In this case you may have a bad cable, or your second
assumption may also be correct. I am not sure how to best debug
something like this. I have no used putty in years, maybe an easy test
to rule out putty would be to use git bash instead?

https://git-scm.com/

There are other ways to get bash and ssh to work in windows, but I find
that installing the git package above is the simplest approach. 


--
Lev Lazinskiy
l...@levlaz.org
https://levlaz.org/about-me

Mettre à jour la libc6

[Nicolas Malgat]

Bonjour,

Je voulais installer php7.3 seulement cela requiert l'installation de la libc6 
2.29 tandis que j'utilise actuellement la libc6 2.24

spikespiegel@debian:~/Documents/projets/demo$ sudo apt upgrade libc6
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
libc6 is already the newest version (2.24-11+deb9u4).
Calcul de la mise à jour... Fait
0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour.


J'ai lu certains échanges sur les forums mais les explications sont un peu 
confuses pour moi.
Quelle serait la méthode à suivre ?

j'ai également cru comprendre que la version de Debian avait une importance.
Je fourni donc ma version:

spikespiegel@debian:~/Documents/projets/demo$  lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.8 (stretch)
Release: 9.8
Codename: stretch

Re: OpenSSH not closing idle sessions.

[Richard Hector]

On 9/04/19 12:14 PM, timothylegg wrote:
> I have two residences and one
> has a port forwarding issue.  I want to make an SSH tunnel to the
> other site.  If I am at one place for multiple weeks, it's asking too
> much for the SSH tunnel to stay live that long (I've seen many
> complaints of SSH connections dropping).  I want to put it on a
> periodic cron job, but if I don't answer into the tunnel within 30
> minutes, it becomes idle and drops off.  Every hour a new tunnel is
> initiated.  The old session must either be closed or expire else I'll
> have multiple SSH sessions live simultaneously.

Have you considered using a VPN instead of SSH tunnelling?

Eg I have OpenVPN set up to my parents' place, so that I can do
(automatic) backups of their system.

I did run into issues with address space conflicts (I can't renumber
either end), so in the end I did it all with IPv6, but you might not
need that.

Richard



signature.asc
Description: OpenPGP digital signature

Re: OpenSSH not closing idle sessions.

[Kushal Kumaran]

timothylegg  writes:

> I'm the only user that will be angry at being disconnected.  There is
> no easy way to explain the reasoning; I've rewritten this paragraph
> three times because it was too long.  I have two residences and one
> has a port forwarding issue.  I want to make an SSH tunnel to the
> other site.  If I am at one place for multiple weeks, it's asking too
> much for the SSH tunnel to stay live that long (I've seen many
> complaints of SSH connections dropping).  I want to put it on a
> periodic cron job, but if I don't answer into the tunnel within 30
> minutes, it becomes idle and drops off.  Every hour a new tunnel is
> initiated.  The old session must either be closed or expire else I'll
> have multiple SSH sessions live simultaneously.  I don't want to
> travel with three laptops and 8 USB hard drives in carry on luggage
> again.
>

Why would you have multiple SSH sessions live simultaneously?  Since
you're forwarding ports, you can set it up so that only one of them can
have successfully setup the forwarding (see ExitOnForwardFailure in the
ssh_config manpage).

Something like this might work:

#!/bin/bash

while :; do
ssh \
-o ServerAliveInterval=30 \
-o ServerAliveCountMax=3 \
-o ControlPath=/tmp/ssh-%h-%p-%r \
-o ControlMaster=auto \
-o ControlPersist=yes \
-o ExitOnForwardFailure=yes \
-L  \
other.site \
sleep 1800
sleep 60
done

This will make sure the tunnel is always around, and gets reconnected
after network hiccups long enough to cause disconnection.  Just set it
up to run at boot on each site.

> My next flight is in May.  I'm doing a simulation with two VMs, but in
> reality, there will be two raspberry PIs doing the gatekeeping for me.
>
> On Mon, Apr 8, 2019 at 12:39 PM Greg Wooledge  wrote:
>>
>> On Mon, Apr 08, 2019 at 12:25:28PM -0500, timothylegg wrote:
>> > I need to have the session expire and the ssh client terminate after
>> > an idle time.
>>
>> Most people want the exact opposite of that.
>>
>> Basically, what you're asking for is directly hostile to any kind of
>> sane operation of a computer.
>>
>> > ClientAliveInterval 5
>> > ClientAliveCountMax 1
>>
>> Those settings are used for two purposes.  The first is to allow ssh or
>> sshd to terminate when the network connection has been lost.  The second
>> is to keep sending "I'm still here" messages through the network connection
>> so that a NAT gateway will not drop the session due to inactivity.
>>
>> So, if you wanted to achieve the exact opposite of your stated goal
>> (assuming a NAT is involved somewhere along the way), you've succeeded.
>>
>> I'm not aware of any "features" to cause ssh to terminate when idle, at
>> the ssh transport level.
>>
>> If all you want to do is terminate the user's shell (and thus their
>> ssh connection, ultimately) when the user is sitting idle at the shell
>> prompt for too long, you could use the shell's TMOUT variable.
>>
>> Of course, that won't disconnect the user's idle vim or mutt command.
>> That would result in data loss.
>>
>> TMOUT only works when idling at a shell prompt, and it requires the user
>> to sign up for this "feature" by setting that variable (or neglecting
>> to unset it, if someone tries to set it in a global shell file like
>> /etc/profile).
>>
>> Perhaps you could reframe your question in a way that makes sense in
>> a universe where the data loss from just arbitrarily killing users'
>> text editors and other stateful applications is a concern.  Start by
>> stating why you're trying to do this, who's making you do this, who's
>> going to handle the angry users, who's going to compensate them for
>> their data loss, etc.
>>

Re: Simple Linux to Linux(Debian) email

[Erik Christiansen]

On 08.04.19 17:43, to...@tuxteam.de wrote:
> On Mon, Apr 08, 2019 at 09:33:03PM +0900, Mark Fletcher wrote:
> > Hello all
> > 
> > As I wrote this I began to consider this is slightly OT for this list; 
> > my apologies for not putting OT in the subject line but mutt won't let 
> > me go back and edit the subject line.

As already mentioned, mutt allows editing of the headers prior to
sending. 's' invokes editing of the Subject.

> Mutt can do that, too. To send via an alternative SMTP server, I do
> roughly:
...

That seems very convenient for a mutterer, yet (out of ancient habit) I
use mailx to fling off a quick short missive constructed on the command
line, here any calendar events looming in the next fortnight:

x=`calendar -l 14 -f ~/Personal/calendar`
( [ -n "$x" ] && echo "$x" | mail -s "$x" erik )

(Yes, popular bash idiom has recently (maybe even this century) morphed
from backquotes to $(...) gumpf. \Whatever/ )

You may want to put something other than the first line of the script
output in the subject line, -s "...".

$ apt-cache search mailx | grep mailx
bsd-mailx - simple mail user agent
heirloom-mailx - feature-rich BSD mail(1)

Even more manual would be to employ netcat or telnet to port 25, and
talk raw SMTP. (Handy when diagnosing a remote mailhost's
peculiarities.)

Erik

Re: Simple Linux to Linux(Debian) email

[Jan Claeys]

On Mon, 2019-04-08 at 21:33 +0900, Mark Fletcher wrote:
> I've created a very simple script that is capable of parsing the
> output of "ip addr" and comparing the returned ip address for the
> relevant interface to a stored ip address, and thus being able to
> tell if the IP address has changed. What I'd like to do now is make a
> means for the LFS box to be able to notify me of the fact that the
> external-facing IP address has changed. 

Why not use a dynamic DNS provider?


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: OpenSSH not closing idle sessions.

[timothylegg]

I'm the only user that will be angry at being disconnected.  There is
no easy way to explain the reasoning; I've rewritten this paragraph
three times because it was too long.  I have two residences and one
has a port forwarding issue.  I want to make an SSH tunnel to the
other site.  If I am at one place for multiple weeks, it's asking too
much for the SSH tunnel to stay live that long (I've seen many
complaints of SSH connections dropping).  I want to put it on a
periodic cron job, but if I don't answer into the tunnel within 30
minutes, it becomes idle and drops off.  Every hour a new tunnel is
initiated.  The old session must either be closed or expire else I'll
have multiple SSH sessions live simultaneously.  I don't want to
travel with three laptops and 8 USB hard drives in carry on luggage
again.

My next flight is in May.  I'm doing a simulation with two VMs, but in
reality, there will be two raspberry PIs doing the gatekeeping for me.

On Mon, Apr 8, 2019 at 12:39 PM Greg Wooledge  wrote:
>
> On Mon, Apr 08, 2019 at 12:25:28PM -0500, timothylegg wrote:
> > I need to have the session expire and the ssh client terminate after
> > an idle time.
>
> Most people want the exact opposite of that.
>
> Basically, what you're asking for is directly hostile to any kind of
> sane operation of a computer.
>
> > ClientAliveInterval 5
> > ClientAliveCountMax 1
>
> Those settings are used for two purposes.  The first is to allow ssh or
> sshd to terminate when the network connection has been lost.  The second
> is to keep sending "I'm still here" messages through the network connection
> so that a NAT gateway will not drop the session due to inactivity.
>
> So, if you wanted to achieve the exact opposite of your stated goal
> (assuming a NAT is involved somewhere along the way), you've succeeded.
>
> I'm not aware of any "features" to cause ssh to terminate when idle, at
> the ssh transport level.
>
> If all you want to do is terminate the user's shell (and thus their
> ssh connection, ultimately) when the user is sitting idle at the shell
> prompt for too long, you could use the shell's TMOUT variable.
>
> Of course, that won't disconnect the user's idle vim or mutt command.
> That would result in data loss.
>
> TMOUT only works when idling at a shell prompt, and it requires the user
> to sign up for this "feature" by setting that variable (or neglecting
> to unset it, if someone tries to set it in a global shell file like
> /etc/profile).
>
> Perhaps you could reframe your question in a way that makes sense in
> a universe where the data loss from just arbitrarily killing users'
> text editors and other stateful applications is a concern.  Start by
> stating why you're trying to do this, who's making you do this, who's
> going to handle the angry users, who's going to compensate them for
> their data loss, etc.
>

Re: Simple Linux to Linux(Debian) email

[Celejar]

On Mon, 8 Apr 2019 14:14:33 +0100
Thomas Pircher  wrote:

> Mark Fletcher wrote:
> > mutt won't let me go back and edit the subject line.
> 
> Hi Mark,
> 
> FYI, mutt does allow you to change the Subject line, in the Compose
> Menu, just before sending the mail.
> 
> > Short version: Is it reasonable to expect a piece of software to exist
> > that establishes a direct connection to a "remote" MTA and delivers mail
> > there for delivery, without also offering up mail reception
> > capabilities?
> 
> Yes, have a look at the dma or nullmailer packages.  There used to be
> more of these programs in Debian (ssmtp, for example), but on my system
> (Buster) only those two seem to have survived.
> 
> You could also use one of the big MTAs and configure them to listen to
> local connections only, and/or block the SMTP ports with a firewall, but
> both dma and nullmailer do their job just fine. Besides, they are much
> simpler to configure.

The simplified SMTP agents may be simpler to configure, but their
functionality is lacking. Here are some of the issues I've run into:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917932
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662960

I don't remember why I didn't wind up using with nullmailer. I
eventually just gave up and configured postfix.

Celejar

Re: putty go slow

[mick crane]

On 2019-04-08 23:03, l...@levlaz.org wrote:

Hey Mick,

On Mon, Apr 08, 2019 at 09:38:48PM +0100, mick crane wrote:

hello,
It may not be mail list specific but maybe somebody knows ?
If I connect windows 10 to debian Buster with putty and edit a file.
Usually the little cursor beetles across the screen over the 
characters

but then sometimes it is noticeably sluggish.
This is probably something to do with the network connection.
Any idea to find out what might cause this sluggardly behavior ?
apologies for off topic but I'm unlikely to join a win10 user group.


This very much sounds like a networking problem. Could you share more
about where the sever is located that you are connecting to in relation
to where you are?


the PCs are physically adjacent connected with the RJ45 ( isn't it ) 
cables through what is supposed to be a switch I got in B several 
years ago.

but I think it might be a hub.
Perhaps that is the culprit ?
but then again it might be something to do with windows keyboard 
activity

--
Key ID4BFEBB31

Re: How to change GDM3 login screen background

[Andrew Clark]

Thanks curt, that works for me.

So the commentary in the comments in the source file supplied by the gdm3
package don't work, along with the instructions in the wiki page pointing
to them, should I log a bug?

On Sun., 7 Apr. 2019, 18:35 Curt,  wrote:

> On 2019-04-07, Andrew Clark  wrote:
> >
> > What am I missing?
> >
>
> It appears the wiki's wrong and has been wrong for quite a while now (if
> not from the very start).
>
> Maybe the following method might work (it seems like an incredible
> rigamarole for such a trivial user customization, but there you go).
>
> https://wiki.archlinux.org/index.php/GDM#Log-in_screen_background_image
>
>

Re: putty go slow

[lev]

Hey Mick, 


On Mon, Apr 08, 2019 at 09:38:48PM +0100, mick crane wrote:

hello,
It may not be mail list specific but maybe somebody knows ?
If I connect windows 10 to debian Buster with putty and edit a file.
Usually the little cursor beetles across the screen over the characters
but then sometimes it is noticeably sluggish.
This is probably something to do with the network connection.
Any idea to find out what might cause this sluggardly behavior ?
apologies for off topic but I'm unlikely to join a win10 user group.


This very much sounds like a networking problem. Could you share more
about where the sever is located that you are connecting to in relation
to where you are?



mick
--
Key ID4BFEBB31



--
Lev Lazinskiy
l...@levlaz.org
(415) 470 - 2142

Re: Tracking the next Stable release

[Peter Wiersig]

Francisco M Neto  writes:
>   Sometimes people ask me when is Debian going to release its next Stable;
> that is not an easy answer, since it is not time-based but rather based on the
> number of Release-Critical bugs. 

It's done when it's done and https://lists.debian.org/debian-announce/
get's notified.  You'd probably want to subscribe there.

Peter

Re: putty go slow

[Peter Wiersig]

You'd at least have to explain the type of connection from the putty
client to the server.  But your symptoms don't ring a bell over here
aside from a saturated uplink.

Peter

Re: retour expérience sur Buster ??

[Étienne Mollier]

Bruno Volpi, au 2019-04-08 :
> 1 - menu des applications  dans la bar du tableau de bord. il
> semblerai que seulement celles en QT sont affectées ( firefox et
> thunderbird fonctionne normalement)
>
> possibilité de changer dans configuration du système ->
> apparences des applications ->  Décoration de fenêtres (onglet)
> boutons -> add menu

Re,

N'étant un utilisateur quotidien ni de KDE, ni de Gnome, j'ai
peut-être compris le problème de travers.  Mais si je résume,
KDE dispose d'un réglage pour cacher la barre de menu d'une
application (contenant typiquement "Fichier", "Édition",
"Affichage", etc) dans un menu situé dans la barre de titre de
la fenêtre.  Ce composant fonctionne très bien avec les
applications Qt mais pas avec les autres applications, notamment
celles en GTK.

De ce que je comprends, et vu nos petits essais, ce réglage a
l'air spécifique à KDE/Qt, et les applications ne bénéficiant
pas d'une intégration KDE n'en font pas partie ; par exemple le
paquet libreoffice-kde5 fournit cette intégration à LibreOffice,
mais sans ce paquet, ce menu, ainsi que plein d'autres
fonctionnalités, n’apparaît pas.  Il est à noter que GTK a un
onglet dédié dans la fenêtre de configuration de KDE, mais ce
genre réglage n'y apparaît pas (pas encore?)

> si quelqu'un à un peu d'expérience je serai très heureux de
> savoir s'il existe un bypass, sinon retour sur gnome.

En la matière, mon expérience est limitée.  Mais étant donné les
tours de passe-passe pour intégrer les applications à KDE,
notamment LibreOffice, je crains qu'il n'y ait pas de bypass
simple actuellement pour faire de même avec les programmes en
GTK.  Peut-être dans le futur, si une demande de nouvelle
fonctionnalité est faite auprès des développeurs de KDE ?

Amicalement,
-- 
Étienne Mollier 

Tracking the next Stable release

[Francisco M Neto]

Greetings!

Sometimes people ask me when is Debian going to release its next Stable;
that is not an easy answer, since it is not time-based but rather based on the
number of Release-Critical bugs. 

So I started thinking it would be nice to have a convenient way of
knowing how far along the process is, but the only way I found to do that was to
open https://bugs.debian.org/release-critical/other/testing.html and check 
itevery time. 

Not anymore; I have concocted a small python script that retrieves the
page, parses it and posts it to twitter. Everyone is welcome to follow
(@debian_tracker), naturally; I've chosen 12:00 GMT as a standard time for daily
updates.

Here's hoping at least some people find it useful.

https://twitter.com/debian_tracker

Cheers,
Francisco
-- 
[]'s,

Francisco M Neto

GPG: 4096R/D692FBF0


signature.asc
Description: This is a digitally signed message part

Quanto falta para o Release

[Francisco M Neto]

Boa tarde!

Sempre que alguém me pergunta quanto tempo falta para o próximo release
Stable da Debian, eu fico na dúvida sobre o que responder, já que a natureza do
release não é temporal, mas sim baseada no número de bugs RC que estão abertos. 

Por isso eu criei um script python que vai buscar diariamente no site da
Debian quantos bugs RC estão em aberto, e publica isso numa conta do Twitter. 

Caso se interessem, é só seguir @debian_tracker. Ainda está meio cru e
estou pensando em outras coisas relevantes para compartilhar por ali, mas por
enquanto será apenas um tweet diário com o número atual de bugs (às 12:00 GMT).

Abraços,
Francisco
-- 
[]'s,

Francisco M Neto

GPG: 4096R/D692FBF0


signature.asc
Description: This is a digitally signed message part

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Apr 08, 2019 at 04:37:55PM -0300, Henrique Fagundes wrote:
> Prezados,
> 
> Boa tarde!
> 
> Gostaria de agradecer a todos, em especial o Sr. Gilberto da Silva, pela a 
> atenção dispensada à minha dúvida.

  Mas os meus arquivos de configuração não serviram para resolver o
  seu problema.

  Espero que sejam de alguma ajuda para começar a usar o GnuPG.
  
- -- 

Stela dato:2.458.582,353  Loka tempo:2019-04-08 17:28:59 Lundo
"-==-"
Viver é a coisa mais rara do mundo. A maioria das pessoas apenas 
existe.
   -- Oscar Wilde 
-BEGIN PGP SIGNATURE-
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEYEARECAAYFAlyrr3QACgkQJxugWtMhGw4nlwCg3ejApDORjKxSheXsqXLRWbVT
a6gAn0hCwiwap1ZnQOY84TXyK2li51lv
=88RQ
-END PGP SIGNATURE-

putty go slow

[mick crane]

hello,
It may not be mail list specific but maybe somebody knows ?
If I connect windows 10 to debian Buster with putty and edit a file.
Usually the little cursor beetles across the screen over the characters
but then sometimes it is noticeably sluggish.
This is probably something to do with the network connection.
Any idea to find out what might cause this sluggardly behavior ?
apologies for off topic but I'm unlikely to join a win10 user group.

mick
--
Key ID4BFEBB31

Re: Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Apr 08, 2019 at 01:59:13PM -0300, Paulino Kenji Sato wrote:
> Ola,
> Acredito que o gmail esta e reclamando da conexão entre o seu servidor o gmail
> que não esta usando uma conexão segura (starttls ou ssl).
> No postfix, se não me engano e necessário essas linhas no main.cf para 
> habiltar
> o starttls para envio:
> smtpd_use_tls=yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_tls_security_level = may
> #smtp_tls_security_level = encrypt
> smtp_tls_CAfile =  /etc/ssl/certs/ca-certificates.crt
> smtpd_tls_loglevel = 1

  Isso é uma coisa recente. Até, sei lá, uns meses eu enviava e
  recebia emails sem problemas com o mutt.  Depois de umas
  atualizações tive de acertar as configurações e trocar programas
  para continuar recebendo e enviando emails com o mutt.

  Claro, isso deve aumentar a segurança mas eu ainda não entendi a
  lógica de tudo isso.
  
- -- 

Stela dato:2.458.582,339  Loka tempo:2019-04-08 17:08:41 Lundo
"-==-"
Onde não são levantadas pretensões não surgem resistências.
-BEGIN PGP SIGNATURE-
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEYEARECAAYFAlyrq2kACgkQJxugWtMhGw67dACfY93t7tOO9P6hd+acP7ZCfG2H
KWwAn0UcGRySxugJLOhH2K+tK5sd10kM
=B3fL
-END PGP SIGNATURE-

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Apr 08, 2019 at 08:40:53AM -0300, Henrique Fagundes wrote:
> Oi Gilberto,
> 
> Mais uma vez, obrigado.
> Eu vou fazer testes com essas configurações, mas gostaria mesmo era de 
> entender
> o processo.
> 
> Gerar as chaves/senhas e enviar o e-mail criptografado.

  Esses dias saiu mais uma notícia sobre vazamentos de informações do
  Facebook.  Todo mundo deveria configurar o GnuPG em seus
  computadores e usar o máximo de criptografia possível.
  
- -- 

Stela dato:2.458.582,336  Loka tempo:2019-04-08 17:04:01 Lundo
"-==-"
Se você é suficientemente esperto para saber que você não é 
suficientemente esperto para ser um engenheiro, então essa é a sua 
praia.
-BEGIN PGP SIGNATURE-
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEUEARECAAYFAlyrqeEACgkQJxugWtMhGw4tIgCfV9zMAb8DfrriureJAt+UbFA9
bzwAmIekhhG/nJH+9OivHIpD/yJUAKw=
=/aNq
-END PGP SIGNATURE-

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


https://pplware.sapo.pt/tutoriais/networking/criptografia-simetrica-e-assimetrica-sabe-a-diferenca/
On Mon, Apr 08, 2019 at 08:53:55AM -0300, Henrique Fagundes wrote:
> Só mais uma pergunta...
> 
> O que tem no arquivo "~/scripts/comfrases.sh" ??

  É o meu arquivo de assinatura no Mutt.

  Se quiser, eu te envio o arquivo.
  
- -- 

Stela dato:2.458.582,334  Loka tempo:2019-04-08 17:00:49 Lundo
"-==-"
Vou emitir raios luminosos como um disco voador se você puxar mais 
uma vez, para o seu lado, o meu cobertor.
-- Alessandra de Paula Silva
-BEGIN PGP SIGNATURE-
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEYEARECAAYFAlyrqOwACgkQJxugWtMhGw7FlwCgrBrQp/8zscWhXJfpMriXi6xW
4QUAnj5tvYNm6NYD6KF6Wppk+wn+47Fx
=N4iW
-END PGP SIGNATURE-

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[rlharris]

On 2019.04.08 14:25, Dan Ritter wrote:

IBM Buckling Spring: nobody knows, but there are a lot of
keyboards still working 25-30 years later.

Cherry: 50 million.

https://www.cherrymx.de/_Resources/Persistent/e005dff11a2e406babe9e8718fec9fc8835bb9ce/EN_CHERRY_MX_BLUE_RGB.pdf

Kailh: 50 - 80 million.

http://www.kailh.com/en/Products/Mechanical_keyboard_switch/165.html

Matias ALPS: 50 million.

http://matias.ca/switches/click/

Gaterons may be as low as 20 million.

You can buy all of the above today, in keyboards ranging from
about $60 to $450.


I had in mind a boxful of Logitech and Kessington keyboards purchased 
several years ago, as well as two Cherry purchased last year.


The Cherry specifications gave me high hopes regarding Cherry, and I 
paid a good price for the Cherry; but the switches of two of the three I 
purchased new are beginning to fail.


The old IBM you mention, of course, is of the category I mentioned, a 
design of another era.


As to keystroke specifications, I must question current test procedures. 
 In years past, I have experienced key plunger binding long before 
contact failure was evident.  Plunger design does not always take into 
account the reality of lateral force on the keycap.  The application of 
lubricant is no substitute for proper material selection regarding 
plunger and tube or body.  Nowadays, contact failure seems to be the 
primary failure mode.  Many factors must be considered in the design of 
a keyswitch.


Only with a warranty which provides advance replacement with no-charge 
delivery and return would I consider paying much over a hundred dollars 
for a keyboard.  When the cost of return shipping by UPS, FEDEX, or USPS 
is taken into account, a lifetime warranty on a $25 or $50 keyboard is 
meaningless.


RLH

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Henrique Fagundes]

Prezados,

Boa tarde!

Gostaria de agradecer a todos, em especial o Sr. Gilberto da Silva, pela a 
atenção dispensada à minha dúvida.

Eu resolvi o meu problema, adicionando as seguintes linhas ao meu postfix (no 
arquivo /etc/postfix/main.cf):

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Feito isso, restartei o serviço e o mutt passou a enviar e-mails criptografados.

Mais uma vez, obrigado a todos.

Atenciosamente, 

Henrique Fagundes 
Analista de Suporte Linux 
supo...@aprendendolinux.com 
Skype: magnata-br-rj 
Linux User: 475399 

https://www.aprendendolinux.com 
https://www.facebook.com/AprendendoLinux 
https://youtube.com/AprendendoLinux 
https://twitter.com/AprendendoLinux 
https://t.me/AprendendoLinux 
https://t.me/GrupoAprendendoLinux 
__ 
Participe do Grupo Aprendendo Linux 
https://listas.aprendendolinux.com/listinfo/aprendendolinux 

Ou envie um e-mail para: 
aprendendolinux-subscr...@listas.aprendendolinux.com 


  On Mon, 08 Apr 2019 16:13:07 -0300 Gilberto F da Silva 
<2458...@gmail.com> wrote 
 > -BEGIN PGP SIGNED MESSAGE-
 > Hash: SHA1
 > 
 > On Mon, Apr 08, 2019 at 08:40:53AM -0300, Henrique Fagundes wrote:
 > > Oi Gilberto,
 > > 
 > > Mais uma vez, obrigado.
 > > Eu vou fazer testes com essas configurações, mas gostaria mesmo era de 
 > > entender
 > > o processo.
 > > 
 > > Gerar as chaves/senhas e enviar o e-mail criptografado.
 > 
 >   A ideia da criptografia assimétrica você pode obter aqui: 
 > https://pplware.sapo.pt/tutoriais/networking/criptografia-simetrica-e-assimetrica-sabe-a-diferenca/
 > 
 >   Você pode usar uma interface gráfica para gerir suas chaves.  A interface 
 > gráfica que eu mais uso é Kgpg.
 >   
 > - -- 
 > 
 > Stela dato:2.458.582,298  Loka tempo:2019-04-08 16:09:37 Lundo
 > "-==-"
 > Porque não há comida para gato com sabor de rato?
 > -BEGIN PGP SIGNATURE-
 > Comment: +-+
 > Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
 > Comment: +-+
 > 
 > iEUEARECAAYFAlyrnT8ACgkQJxugWtMhGw7vvQCYidYq8Od5HWRzh9JNJxmuq448
 > FgCfYa2IivWWv3AOAjxA36m2cDk0AUc=
 > =+4F+
 > -END PGP SIGNATURE-
 > 
 >

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Apr 08, 2019 at 08:40:53AM -0300, Henrique Fagundes wrote:
> Oi Gilberto,
> 
> Mais uma vez, obrigado.
> Eu vou fazer testes com essas configurações, mas gostaria mesmo era de 
> entender
> o processo.
> 
> Gerar as chaves/senhas e enviar o e-mail criptografado.

  A ideia da criptografia assimétrica você pode obter aqui: 
https://pplware.sapo.pt/tutoriais/networking/criptografia-simetrica-e-assimetrica-sabe-a-diferenca/

  Você pode usar uma interface gráfica para gerir suas chaves.  A interface 
gráfica que eu mais uso é Kgpg.
  
- -- 

Stela dato:2.458.582,298  Loka tempo:2019-04-08 16:09:37 Lundo
"-==-"
Porque não há comida para gato com sabor de rato?
-BEGIN PGP SIGNATURE-
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEUEARECAAYFAlyrnT8ACgkQJxugWtMhGw7vvQCYidYq8Od5HWRzh9JNJxmuq448
FgCfYa2IivWWv3AOAjxA36m2cDk0AUc=
=+4F+
-END PGP SIGNATURE-

Re: date(1) in stretch and buster

[Greg Wooledge]

I managed to build a locale with a customized LC_TIME setting under
buster.  It's not documented in a straightforward manner anywhere I
could find, so I'm going to spell it all out here.


Step 1: Start with an existing locale definition.

In my case, I am starting with Debian buster's en_US locale, and I am
only going to change one of the variables in the LC_TIME section.


Step 2: Create some directories.

mkdir -p ~/.locale/src

The ~/.locale directory is where the custom locale is going to end up when
it's all done.  In addition to that, you need a temporary working directory
where the locale definition (source) files are going to live.  In my case,
I chose to make this a permanent home rather than a temporary directory.


Step 3: Copy the existing locale definition to the work directory.

cp /usr/share/i18n/locales/en_US ~/.locale/src/

This is a text file that defines the locale's behavior.  You can edit it
with any standard text editor.  You might want to take a moment to look
through it and figure out how it's laid out.  It's pretty straightforward.


Step 4: Modify the locale definition file.

In my case, I wanted to change the date_fmt variable inside the LC_TIME
section.  So first, I logged into a stretch box and found what it was
using:

stretch:~$ locale -k LC_TIME | grep date_fmt
date_fmt="%a %b %e %H:%M:%S %Z %Y"

Next, I edited the ~/.locale/src/en_US file and replaced the date_fmt line.

BEFORE:

% Appropriate date and time representation for date(1)
date_fmt "%a %d %b %Y %r %Z"

AFTER:

% Appropriate date and time representation for date(1)
date_fmt "%a %b %e %H:%M:%S %Z %Y"


Step 5: Compile the locale.

I18NPATH=~/.locale/src/ localedef -f UTF-8 -i en_US ~/.locale/en_US.UTF-8

This creates the directory ~/.locale/en_US.UTF-8 containing several binary
files.  This is what the C library uses.


Step 6: Test it.

buster:~$ date
Mon 08 Apr 2019 02:52:34 PM EDT
buster:~$ LOCPATH=~/.locale date
Mon Apr  8 14:52:38 EDT 2019


Step 7: Set environment variables to make this your new locale upon login.

All you need (assuming you use bash) is:

export LOCPATH="$HOME/.locale"

This will be either really easy, or really hard, depending on how you
login and what kind of Desktop Environment (if any) you use.  Suggested
reading:

https://mywiki.wooledge.org/DotFiles
https://wiki.debian.org/Xsession

In particular, it would be great to hear from anyone who manages to get
this working under GNOME, which is notorious for not allowing easy
customizations of the login environment.

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[Dan Ritter]

rlhar...@oplink.net wrote: 
> On 2019.04.08 05:29, Martin wrote:
> > since a few days, my qq(´) and qq(´)¹ don't work with a single
> > press.  I have to press twice.
> 
> The problem most likely is oxidation of the electrical contacts of the key
> switch.  The silver or gold plating of the contact surfaces may be
> compromised by mechanical wear.
> 
> Back in the 1970's, keyswitches were rated in terms of tens of millions or
> hundreds of millions of keystrokes; keyswitches of today are rated in terms
> of tens of thousands or hundreds of thousands of keystrokes.  Search and
> read the manufacturer specification sheets for keyswitches.


IBM Buckling Spring: nobody knows, but there are a lot of
keyboards still working 25-30 years later.

Cherry: 50 million.

https://www.cherrymx.de/_Resources/Persistent/e005dff11a2e406babe9e8718fec9fc8835bb9ce/EN_CHERRY_MX_BLUE_RGB.pdf

Kailh: 50 - 80 million.

http://www.kailh.com/en/Products/Mechanical_keyboard_switch/165.html

Matias ALPS: 50 million.

http://matias.ca/switches/click/

Gaterons may be as low as 20 million.

You can buy all of the above today, in keyboards ranging from
about $60 to $450.

-dsr-

Re: retour expérience sur Buster ??

[Étienne Mollier]

Bruno Volpi, au 2019-04-08 :
> 2 - service  strat/stop/restart  ->   commande not found
> problème à l'install ???

Bonjour Bruno,

Normalement cette commande fait partie des utilitaires système
Debian de base :

$ dpkg -S /usr/sbin/service
init-system-helpers: /usr/sbin/service

$ apt-cache show init-system-helpers | grep ^Prio
Priority: required

Peut-être qu'il y a eu un problème à l'installation, mais pour
le moment, j'aurais plutôt une vilaine tendance à soupçonner
l'usage d'un `su` à la place d'un `su -`.  En effet, il y a eu
un changement d'implémentation, et donc de comportement entre
Stretch et Buster, notamment vis-à-vis de la prise en compte du
PATH utilisateur, qui ne comporte pas les répertoires sbin/.

Extrait du fichier NEWS du paquet `util-linux`, fournissant
désormais la commande `su` :
> The first difference is probably the most user visible one.  Doing
> plain 'su' is a really bad idea for many reasons, so using 'su -' is
> strongly recommended to always get a newly set up environment similar
> to a normal login. If you want to restore behaviour more similar to
> the previous one you can add 'ALWAYS_SET_PATH yes' in /etc/login.defs.

Apparemment, même si le mieux serait de prendre l'habitude
d'utiliser `su -` à la place de `su`, on peut revenir à l'ancien
comportement avec l'option 'ALWAYS_SET_PATH yes' dans le fichier
/etc/login.defs.

Et s'il y a eu effectivement un problème à l'installation, alors
je suis à côté de la plaque.  :)

Bien à vous,
-- 
Étienne Mollier 

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[rlharris]

On 2019.04.08 05:29, Martin wrote:

since a few days, my qq(´) and qq(´)¹ don't work with a single
press.  I have to press twice.


The problem most likely is oxidation of the electrical contacts of the 
key switch.  The silver or gold plating of the contact surfaces may be 
compromised by mechanical wear.


Back in the 1970's, keyswitches were rated in terms of tens of millions 
or hundreds of millions of keystrokes; keyswitches of today are rated in 
terms of tens of thousands or hundreds of thousands of keystrokes.  
Search and read the manufacturer specification sheets for keyswitches.


A factor which exacerbates the situation is the ongoing effort to reduce 
energy consumption; nowadays voltages across keyswitch contacts can be 
too low to break through oxidation and the currents flowing through 
contacts may be too low to burn off the oxidation.


Research years ago by Honeywell Corporation revealed that gold-plated 
contacts are not always a good approach.  Though gold does not oxidize, 
the presence of oil vapour in the atmosphere can result in formation of 
an insulating polymer on gold contact surfaces.  Silver contacts appear 
to be the proper approach; silver oxide is conductive.


Mechanic design of the contacts also is a factor; when the contacts are 
bars or rods which cross at an angle, the contact pressure is higher 
pressure than if the contacts are in the shape of buttons.  The pressure 
helps break through oxidation.


Some manufacturers offer "lifetime" keyboards; but the lifetime in view 
appears to be that of the keyboard and not of the user.  Keyboards today 
can have a useful lifetime measured in months.  Much depends upon the 
environment in which the keyboard is used, particularly the atmospheric 
humidity.


The proper approach to the problem of low voltage and low current would 
be to design keyboards in which the keyswitch contact voltage and 
current are an order-of-magnitude higher than the voltage and current of 
the logic circuitry.


RLH

Re: installation Debian 9 et Grub

[Pascal Hambourg]

Le 08/04/2019 à 18:27, sTriX a écrit :


Le message s'affiche après le menu GRUB :

Gave up waiting for root file system device. Common problems:
-Boot args (cat proc/cmdline)
  -Check rootdelay= (did the system wait long enough?)
Missing modules (cat /proc/modules; ls /dev
ALERT! /dev/sdb2 does not exist. Dropping to the shell!


Ce n'est pas GRUB mais l'initramfs, donc Linux.
La procédure ci-dessous est donc applicable.


Le menu de GRUB s'affiche-t-il ? Si oui, appuie sur "e", remplace sdb2 par
sda2 (QWERTY : touche Q pour taper A), appuie sur F10 pour démarrer et une
fois dans le système, exécute update-grub en root pour corriger
/boot/grub/grub.cfg.


Précision : la mention root=/dev/sdb2 à modifier en root=/dev/sda2 se 
trouve dans une ligne qui commence par "linux".

Re: date(1) in stretch and buster

[Étienne Mollier]

Cindy-Sue Causey, on 2019-04-08 :
> Found this over at Tecmint:
>
> https://www.tecmint.com/set-system-locales-in-linux/
>
> locale -k LC_TIME
>
> Very coo AND further implies *WHAT ELSE can that little puppy do*, but
> my brain's already cognitively sundowning so am passing the baton on
> for someone who can run that full distance. :)

Good Day Cindy,

Basically you can tune these variables to build your own
"standard" format for everything related localized information:
- language,
- numeric separators,
- time format,
- sorting order, there is a big warning about this in sort(1),
- monetary symbol,
- etc.

On the other hand, the C lang is a quite convenient setting when
you wish your systems to behave consistently whatever the
localisation of the machine is, whatever the policy of the
country about its standards is; see the move from one standard
to the next between the two versions of Debian spotted by Reco.
C.UTF-8 landed a few Debian versions earlier to give an "Unicode
aware" variant of this behaviour.

See locale(1), locale(5), and eventually locale(7), if you are
interested in the topic.  :)

Kind Regards,
-- 
Étienne Mollier 

Re: date(1) in stretch and buster

[Reco]

Hi.

On Mon, Apr 08, 2019 at 07:10:50PM +0200, Étienne Mollier wrote:
> > My question is - can anyone suggest me appropriate LC_TIME setting that
> > can show buster's date in stretch's format?
> 
>   $ LC_TIME=en_US.UTF-8 TZ=UTC date
>   Mon 08 Apr 2019 05:07:44 PM UTC
> 
>   $ LC_TIME=C.UTF-8 TZ=UTC date
>   Mon Apr  8 17:08:59 UTC 2019
> 
> If you speak C, it looks like a good bet.

Thank you, works as intended. One less problem for the future upgrade.

Reco

Re: date(1) in stretch and buster

[Thomas Schmitt]

Hi,

Cindy Sue Causey wrote:
> I'd like mine to be in the '2009.04.08' format.

  $ date +'%Y.%m.%d'
  2019.04.08


Have a nice day :)

Thomas

retour expérience sur Buster ??

[Bruno Volpi]

Bonsoir,

pour situer le contexte.

jusqu'à fin 2018 j'utilisais Gnome, je suis passé sur KDE pour deux 
petites fonctionnalités .


J'ai décider de tester buster afin de voir comment se comporte mes 
petits logiciels ( dev pyqt).



Problèmes rencontrés pour l'instant :

1 - menu des applications  dans la bar du tableau de bord. il semblerai 
que seulement celles en QT sont affectées ( firefox et thunderbird 
fonctionne normalement)


possibilité de changer dans configuration du système -> apparences des 
applications ->  Décoration de fenêtres (onglet)  boutons -> add menu


mais l'accès à ce menu et le moins qu'on puisse dire merdique ( et je 
reste poli)


2 - service  strat/stop/restart  ->   commande not found problème à 
l'install ???



si quelqu'un à un peu d'expérience je serai très heureux de savoir s'il 
existe un bypass, sinon retour sur gnome.



bruno 

Re: OpenSSH not closing idle sessions.

[Greg Wooledge]

On Mon, Apr 08, 2019 at 12:25:28PM -0500, timothylegg wrote:
> I need to have the session expire and the ssh client terminate after
> an idle time.

Most people want the exact opposite of that.

Basically, what you're asking for is directly hostile to any kind of
sane operation of a computer.

> ClientAliveInterval 5
> ClientAliveCountMax 1

Those settings are used for two purposes.  The first is to allow ssh or
sshd to terminate when the network connection has been lost.  The second
is to keep sending "I'm still here" messages through the network connection
so that a NAT gateway will not drop the session due to inactivity.

So, if you wanted to achieve the exact opposite of your stated goal
(assuming a NAT is involved somewhere along the way), you've succeeded.

I'm not aware of any "features" to cause ssh to terminate when idle, at
the ssh transport level.

If all you want to do is terminate the user's shell (and thus their
ssh connection, ultimately) when the user is sitting idle at the shell
prompt for too long, you could use the shell's TMOUT variable.

Of course, that won't disconnect the user's idle vim or mutt command.
That would result in data loss.

TMOUT only works when idling at a shell prompt, and it requires the user
to sign up for this "feature" by setting that variable (or neglecting
to unset it, if someone tries to set it in a global shell file like
/etc/profile).

Perhaps you could reframe your question in a way that makes sense in
a universe where the data loss from just arbitrarily killing users'
text editors and other stateful applications is a concern.  Start by
stating why you're trying to do this, who's making you do this, who's
going to handle the angry users, who's going to compensate them for
their data loss, etc.

OpenSSH not closing idle sessions.

[timothylegg]

Debian 9 - Installed yesterday on two 64-bit VMs

In /etc/ssh/ssh_config there are two parameters, of which I am citing
sshd_config(5) man page:

ClientAliveInterval  - Sets a timeout interval in seconds after which
if no data has been received from the client, sshd(8) will send a
message through the encrypted channel to request a response from the
client. The default is 0, indicating that these messages will not be
sent to the client. This option applies to protocol version 2 only.

ClientAliveCountMax  - Sets the number of client alive messages (see
below) which may be sent without sshd(8) receiving any messages back
from the client. If this threshold is reached while client alive
messages are being sent, sshd will disconnect the client, terminating
the session.

I need to have the session expire and the ssh client terminate after
an idle time.  For testing purposes, I assigned these to unreasonably
small values and restarted the daemon with /etc/init.d/ssh restart:

ClientAliveInterval 5
ClientAliveCountMax 1

The server is not using protocol version 1, so protocol version 2 is
used and thus ClientAliveInterval should be obeyed.  I suspected that
maybe default settings of the SSH client may be keeping the session
alive by delivering scheduled null packets, so I assigned -o
ServerAliveInterval 30, a larger value to ensure that such packets
aren't delivered in time.

But the change doesn't seem to stick, not even after rebooting the machine.

mary@mary:/etc/ssh$ w
12:06:03 up 19 min,  3 users,  load average: 0.00, 0.00, 0.00
USER TTY  FROM LOGIN@   IDLE   JCPU   PCPU WHAT
mary tty1 -11:471:38   0.20s  0.15s -bash
mary pts/0192.168.1.7  12:020.00s  0.05s  0.00s w
mary pts/1192.168.1.19 12:05   1:41  0.04s  0.04s -bash

As I write this, the session is idle 5 minutes and just won't hang up.
Ironically, it appears most people have the opposite problem of SSH
being sporadically closed, and that has really polluted my search
results in trying to resolve this.

Ideas?

Re: date(1) in stretch and buster

[Cindy Sue Causey]

On 4/8/19, Étienne Mollier  wrote:
> On 4/8/19 5:26 PM, Reco wrote:
>>  Dear list,
>>
>> the following thing got my attention recently:
>>
>> stretch$ TZ=UTC date
>> Mon Apr  8 15:22:02 UTC 2019
>> buster$ TZ=UTC date
>> Mon 08 Apr 2019 03:22:04 PM UTC
>>
>> It's not that I depend on certain date format in scripts, but I got used
>> to this 24-hour time format after all these years. And yes, I can commit
>> into my memory that I can achieve old behaviour with "date -R" or
>> "busybox date".
>>
>> My question is - can anyone suggest me appropriate LC_TIME setting that
>> can show buster's date in stretch's format?
>>
>
> Good Day Reco,
>
> >From Sid:
>
>   $ LC_TIME=en_US.UTF-8 TZ=UTC date
>   Mon 08 Apr 2019 05:07:44 PM UTC
>
>   $ LC_TIME=C.UTF-8 TZ=UTC date
>   Mon Apr  8 17:08:59 UTC 2019
>
> If you speak C, it looks like a good bet.


My half-penny's worth is that my reaction was, "Now that you said
that, I'd like mine to be in the '2009.04.08' format."

Which then brought to mind that at least some file managers, e.g.
Thunar for sure, allow us the option to alter the date format for e.g.
the "Date Modified" column.

That means those variables are buried in that package's code
somewhere. Somewhere at some point, I encountered a package that
offered a rather large selection that covers a lot more tastes in date
formatting solutions, but I can't remember where I saw that..

Found this over at Tecmint:

https://www.tecmint.com/set-system-locales-in-linux/

locale -k LC_TIME

Very coo AND further implies *WHAT ELSE can that little puppy do*, but
my brain's already cognitively sundowning so am passing the baton on
for someone who can run that full distance. :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Alexander V. Makartsev]

On 08.04.2019 19:56, rhkra...@gmail.com wrote:
> On Monday, April 08, 2019 10:18:28 AM Curt wrote:
>> On 2019-04-08, rhkra...@gmail.com  wrote:
>>> And someone would (or should) ask what does "frequently" mean, and that
>>> is what I am trying to quantify.
>> Sure. But below a certain level of granularity it becomes an exercise
>> for which the benefits remain to be established.  Large files and
>> frequent writes to disk are probably not ideal for an SSD. You can read
>> that anywhere. What else can anyone say? 
> I've seen that implied, but not explicitly stated, nor with "quantification" 
> (i.e., supporting evidence).
>
>> What are you trying to do?
>> Measure the daily byte-count of your writes and compare that to some
>> hypothetical standard or threshold above which it would be suggested to
>> employ an HDD rather than a SSD?
> As mentioned in another post, I am starting to fear for the reilability of an 
> HDD (DOAs, early failures, unwilingness of the vendor / manufacturer to 
> provide a warranty), and, therefore, I am trying to determine if an SSD could 
> be a better choice.
>
> (Someday, I expect it will be -- is that day here?)
>
>
Don't know if it is appropriate, but you should begin to treat any media
(HDD, SSD, etc) as consumables.
You can't expect some device will work for any amount of time and won't
fail. They all fail. Even tanks fail.
Any media could fail for sooo many different reasons and nobody can
predict them all. You have to be always prepared for the moment when
that happens, basically
by asking yourself this question: "What will I do if my current disk
will fail right at this moment and there will be no possibility to
recover any data from it?"
If your answer is: "I will replace it and restore my data from backup on
another device and probably loose a day worth of work." Then you're fine.
But if your answer is: "This is not happening..This is not
happening..This is not happening.." Then it's a huge problem, and it has
nothing to do with device's reliability or type.
So stop fearing and perform regular backups.

That said, personally I can't imagine a PC without a SSD or NVMe drive
nowadays. Even more if it is a laptop.
SSDs are relatively cheap, super fast and became more reliable, than
they were a few years ago. Firmwares got better, controller ICs got better.
HDDs has their uses too and they mostly used for storage capacity, in
workstations, NAS devices and servers with RAID for redundancy.
If your fear is about warranty and RMA then buy devices from well known
brands and from your local PC hardware store. Everything else is
mitigated by backups.

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: date(1) in stretch and buster

[Étienne Mollier]

On 4/8/19 5:26 PM, Reco wrote:
>   Dear list,
> 
> the following thing got my attention recently:
> 
> stretch$ TZ=UTC date
> Mon Apr  8 15:22:02 UTC 2019
> buster$ TZ=UTC date
> Mon 08 Apr 2019 03:22:04 PM UTC
> 
> It's not that I depend on certain date format in scripts, but I got used
> to this 24-hour time format after all these years. And yes, I can commit
> into my memory that I can achieve old behaviour with "date -R" or
> "busybox date".
> 
> My question is - can anyone suggest me appropriate LC_TIME setting that
> can show buster's date in stretch's format?
> 

Good Day Reco,

>From Sid:

$ LC_TIME=en_US.UTF-8 TZ=UTC date
Mon 08 Apr 2019 05:07:44 PM UTC

$ LC_TIME=C.UTF-8 TZ=UTC date
Mon Apr  8 17:08:59 UTC 2019

If you speak C, it looks like a good bet.

Kind Regards,
-- 
Étienne Mollier 

Re: Mutt não está criptografando e-mails, gmail reclama.

[Paulino Kenji Sato]

Ola,
Acredito que o gmail esta e reclamando da conexão entre o seu servidor o
gmail que não esta usando uma conexão segura (starttls ou ssl).
No postfix, se não me engano e necessário essas linhas no main.cf para
habiltar o starttls para envio:
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
#smtp_tls_security_level = encrypt
smtp_tls_CAfile =  /etc/ssl/certs/ca-certificates.crt
smtpd_tls_loglevel = 1

Caso queira selecionar somente alguns destinos, o mesmo pode ser feito
usando
smtp_tls_policy_maps = hash:/etc/postfix/envio-tls
O envio-tls contem linhas como esse:
gmail.com   encrypt

Também seria aconselhado ativar o ssl/starttls para o recebimento, quanto
para o cliente/usuário enviar. Para isso e necessário adquirir um
certificado de um órgão emissor reconhecido, ou seja, não pode ser auto
assinado ou de um CA local. Depois de ter obtido o certificado e gerado os
arquivos pertinentes e necessário as seguintes linhas no main.cf:
smtpd_tls_cert_file=/etc/ssl/certs/dominio.com.br/fullchain.pem
smtpd_tls_key_file=/etc/ssl/certs/dominio.com.br/privkey.pem

Existem vários emissores de certificados SSL gratuitos para uso não
comercial (ex.: site de compras) e ou que não necessitem do reconhecimento
do dono do certificado. Entre eles, temos o CA Cert, letsencrypt, etc.





On Sun, Apr 7, 2019 at 9:53 PM Henrique Fagundes <
supo...@aprendendolinux.com> wrote:

> Senhores, boa noite!
>
> Tenho um servidor Debian com postfix configurado completinho, com DKIM,
> SPF, tudo funcionando ok.
>
> Eu tenho também alguns scripts de backups que enviam e-mails com o
> resultado dessas ações. Só que, o e-mail vai para o spam, com um cadeado
> vermelho com a seguinte mensagem: "O domínio meudominio.com não
> criptografou esta mensagem Saiba mais".
>
> Como fazer para o mutt criptografar as mensagens?
> Sei que o problema é o mutt, pois quando envio e-mails deste servidor
> através de outras soluções (php por exemplo), o problema não ocorre.
>
> Será que alguém poderia me dar uma luz?
>
> Desde já, fico muito agradecido.
>
> Atenciosamente,
>
> Henrique Fagundes
> Analista de Suporte Linux
> supo...@aprendendolinux.com
> Skype: magnata-br-rj
> Linux User: 475399
>
> https://www.aprendendolinux.com
> https://www.facebook.com/AprendendoLinux
> https://youtube.com/AprendendoLinux
> https://twitter.com/AprendendoLinux
> https://t.me/AprendendoLinux
> https://t.me/GrupoAprendendoLinux
> __
> Participe do Grupo Aprendendo Linux
> https://listas.aprendendolinux.com/listinfo/aprendendolinux
>
> Ou envie um e-mail para:
> aprendendolinux-subscr...@listas.aprendendolinux.com
>
> BRASIL acima de tudo, DEUS acima de todos!
>
>
>

-- 
Paulino Kenji Sato

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Curt]

On 2019-04-08, rhkra...@gmail.com  wrote:
>
> As mentioned in another post, I am starting to fear for the reilability of an 
> HDD (DOAs, early failures, unwilingness of the vendor / manufacturer to 
> provide a warranty), and, therefore, I am trying to determine if an SSD could 
> be a better choice.
>
> (Someday, I expect it will be -- is that day here?)
>
>

Here's one study for you (where number of writes and enterprise-grade
drives--mentioned by someone in this thread I believe--are found not to be
determining factors for longevity or reliability):

https://www.zdnet.com/article/ssd-reliability-in-the-real-world-googles-experience/

http://0b4af6cdc2f0c5998459-c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/23105-fast16-papers-schroeder.pdf

 Two standout conclusions from the study. First, that MLC drives are as
 reliable as the more costly SLC "enteprise" drives. This mirrors hard drive
 experience, where consumer SATA drives have been found to be as reliable as
 expensive SAS and Fibre Channel drives.

 One of the major reasons that "enterprise" SSDs are more expensive is due to
 greater over-provisioning. SSDs are over-provisioned for two main reasons: to
 allow for ample bad block replacement caused by flash wearout; and, to ensure
 that garbage collection does not cause write slowdowns.

 The paper's second major conclusion, that age, not use, correlates with
 increasing error rates, means that over-provisioning for fear of flash wearout
 is not needed. None of the drives in the study came anywhere near their write
 limits, even the 3,000 writes specified for the MLC drives.

 But it isn't all good news. SSD UBER rates are higher than disk rates, which
 means that backing up SSDs is even more important than it is with disks. The
 SSD is less likely to fail during its normal life, but more likely to lose
 data.

Re: off-topic

[Fred Maranhão]

watch -n 10 wget http://sitequalquer/index.html

vai baixar de 10 em 10 segundos. o wget vai perceber que existe o
index.html e vai criar index.html.1, depois index.html.2 e por aí vai

On Mon, Apr 8, 2019 at 11:38 AM Vitor Hugo  wrote:
>
> Como fazer o wget baixar um conteúdo em loop ou seja infinitamente?
>

Re: installation Debian 9 et Grub

[sTriX]

le dimanche 07 avril 2019 à 16:36 (+0200), Pascal Hambourg a écrit:
> Le 07/04/2019 à 16:10, sTriX a écrit :
> > Bonjour,
> > Sur un ordinateur qui fonctionnait avec une distribution Crunchbang,
> > j'ai procédé à l'installation de debian-live-9.8.0-amd64-lxde.iso via
> > une clé USB.
> > 
> > La clé debian est reconnue comme sda et le disque dur sdb (swap sdb1,
> > racine sdb2, home sdb3).
> 
> Pas courant. D'habitude les support USB sont nommés après les disques
> internes (à cause d'un délai après détection prévu à cet effet).
> 
> > l'installation se passe sans problème et l'installation du GRUB me
> > propose la clé sda ou l'emplacement sdb2 du disque dur. Naïvement j'ai
> > choisi le disque dur...
> 
> sdb2 ou sdb ? Normalement on installe GRUB dans le MBR, donc sdb.

en effet c'est sdb

> > et lors du boot de l'ordinateur, le GRUB
> > m'indique que sdb2 n'existe pas ; forcement sans la clé USB, le disque
> > dur est devenu sda.
> 
> Quel est le message exact et complet ?

Le message s'affiche après le menu GRUB :

Gave up waiting for root file system device. Common problems:
-Boot args (cat proc/cmdline)
 -Check rootdelay= (did the system wait long enough?)
Missing modules (cat /proc/modules; ls /dev
ALERT! /dev/sdb2 does not exist. Dropping to the shell!

BusyBox v1.22.1 (Debian 1:1.22.0-19+b3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs)


> Tu es sûr que c'est GRUB ? sdb2 est une notation de Linux. GRUB utilise
> plutôt une notation de la forme (hd1,2).

Voici ce que la fenêtre d'installation graphique de Debian affiche :
Installer le programme de démarrage GRUB sur un disque dur
Le système nouvellement installé doit pouvoir être démarré. 
[...]
Périphérique où sera installé le programme de démarrage :
Choix manuel du périphérique
/dev/sda (usb-Verbatim_GO_000FF9-0:0)
/dev/sdb (ata-Hitaci_HT6656143C0B411)

> Le menu de GRUB s'affiche-t-il ? Si oui, appuie sur "e", remplace sdb2 par
> sda2 (QWERTY : touche Q pour taper A), appuie sur F10 pour démarrer et une
> fois dans le système, exécute update-grub en root pour corriger
> /boot/grub/grub.cfg.

L'ordinateur étant chez une amie, je vais essayer cette manip ce soir. 
> 

Re: sources.list wheezy

[Francisco M Neto]

On Sun, 2019-04-07 at 17:29 -0300, Fred Maranhão wrote:
> em 2017 a stretch assumiu o cargo de estável, e a jessie teve que
> ceder o lugar, mas foi ocupar o posto de oldstable. com isto, a wheezy
> teve que assumir o cargo de oldoldstable, mas ainda não estava morta.
> só velhinha e desatualizada.
> 
> quando a buster assumir o cargo de stable, e a stretch for para
> oldstable, e a jessie for para oldoldstable, não sei para onde vai a
> wheezy...

Provavelmente vai ser arquivada, e se não me engano não vai mais ser
possível acessar os arquivos dela a não ser em servidores mais específicos. 

Galileu, esse seu laptop é muito antigo? Não seria possível considerar
um upgrade para uma versão mais recente da Debian?
Se for o caso, eu sugiro você espelhar o repositório da wheezy em alguma
máquina local sua pra ter acesso mais fácil.

Tenha em mente que a wheezy já não recebe mais nenhum update de
segurança, então correções de bugs críticos e coisas assim não te alcançam.

HTH
Francisco

> 
> On Sat, Apr 6, 2019 at 10:15 PM galileu  wrote:
> > Caros,
> > 
> > Tenho esse excelente laptop com Debian Wheezy instalado e funcionando muito
> > bem. Meu sources. list é este:
> > deb http://ftp.br.debian.org/debian/ wheezy main contrib non-free
> > deb-src http://ftp.br.debian.org/debian/ wheezy main contrib non-free
> > deb http://security.debian.org/ wheezy/updates main contrib non-free
> > deb-src http://security.debian.org/ wheezy/updates main contrib non-free
> > 
> > 
> > Mas de um tempo para cá, um apt-get update resulta em coisas do tipo
> > 
> > Ign http://ftp.br.debian.org wheezy Release.gpg
> > Ign http://ftp.br.debian.org wheezy Release
> > Ign http://ftp.br.debian.org wheezy/main Sources/DiffIndex
> > etc., etc.
> > 
> > Err http://ftp.br.debian.org wheezy/main Sources
> >   404  Not Found [IP: 200.236.31.3 80]
> > Err http://ftp.br.debian.org wheezy/contrib Sources
> >   404  Not Found [IP: 200.236.31.3 80]
> > etc., etc.
> > 
> > W: Failed to fetch 
> > http://ftp.br.debian.org/debian/dists/wheezy/main/source/Sources  404  Not
> > Found [IP: 200.236.31.3 80]
> > 
> > W: Failed to fetch 
> > http://ftp.br.debian.org/debian/dists/wheezy/contrib/source/Sources  404  No
> > t Found [IP: 200.236.31.3 80]
> > etc., etc.
> > 
> > 
> > Ou seja, o bom e velho wheeze parece nao estar mais nesses servidores.
> > Alguém sabe o que pode estar havendo?
> > 
> > []'s
> > G.Paulo
> > 


signature.asc
Description: This is a digitally signed message part

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Gene Heskett]

On Monday 08 April 2019 10:56:33 rhkra...@gmail.com wrote:

> On Monday, April 08, 2019 10:18:28 AM Curt wrote:
> > On 2019-04-08, rhkra...@gmail.com  wrote:
> > > And someone would (or should) ask what does "frequently" mean, and
> > > that is what I am trying to quantify.
> >
> > Sure. But below a certain level of granularity it becomes an
> > exercise for which the benefits remain to be established.  Large
> > files and frequent writes to disk are probably not ideal for an SSD.
> > You can read that anywhere. What else can anyone say?
>
> I've seen that implied, but not explicitly stated, nor with
> "quantification" (i.e., supporting evidence).
>
> > What are you trying to do?
> > Measure the daily byte-count of your writes and compare that to some
> > hypothetical standard or threshold above which it would be suggested
> > to employ an HDD rather than a SSD?
>
> As mentioned in another post, I am starting to fear for the
> reilability of an HDD (DOAs, early failures, unwilingness of the
> vendor / manufacturer to provide a warranty), and, therefore, I am
> trying to determine if an SSD could be a better choice.
>
> (Someday, I expect it will be -- is that day here?)

I don't think so, so where I do use them (the speed is nice!!!), I use 
them to maybe 20% of capacity so the drive has plenty of room to 
reassign a questionable spot. So as rust fails, I'm installing 40 to 60 
GB SSD's in my machine tools as the OS and files don't exceed around 5Gb 
even after years of carving metal.  And I have been doing so for over a 
year with zero problems.

OTOH, I have a now ancient seacrate 1Tb with 80,000+ spinning hours on 
it, had 25 reallocated sectors when I updated the firmware in it, 
gaining 30 mb/second in speeds both ways when it was about a month old. 
Its had its total contents rewritten at least 500 times as its been a 
virtual tape library for amanda since it was bought.  But when it hit 
90% full, I figured it was time for a new 2Tb. Currently saving the 
virtual tapes of a 5 machine network every night.  Its a good sata-II 
drive yet, still after all that time is reporting the same 25 
re-allocated sectors, and altho its out of a job, its still spinning 
because if shut down for several days, it will probably be hard to start 
because of stiction.

I have a pair of 1Gb seagates attached to a legacy computer in the 
basement, that probably have in excess of 200,000 hours on them. If shut 
down for 2 weeks, will need a gentle sideways tap with a rubber hammer 
on a front corner to start them, but neither has dropped a single bit 
since I took them out of a dying amiga nearly 15 years ago.
Spinning rust can be very dependable.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[rhkramer]

On Monday, April 08, 2019 09:41:10 AM Alexander V. Makartsev wrote:
> There are NVMe drives and SSDs intended to be used in servers with high
> workloads like cache storage. These server grade drives must be rated
> for at least 3 DWPD (Drive Writes Per Day) or more.

Thanks!  I really hadn't encountered the acronym NVMe before.

Looking at some (e.g., by description "SAMSUNG 970 PRO M.2 2280 512GB PCIe 
Gen3. X4, NVMe 1.3 64L V-NAND 2-bit MLC Internal Solid State 
Drive (SSD) MZ-V7P512BW") seem to be the older style of SSD 
technology (V-NAND 2-bit MLC) which might be a little more 
reliable (though more expensive), than 

some others which use the 3-D NAND technology, which presumably has about the 
same longevity / reliability as devices labeled as SSDs which use the 3-D NAND 
technology -- so I guess I have to be careful in how I shop (which is always 
the case, anyway).

Two links, both in the same ballpark pricewise:

   * [[https://www.newegg.com/Product/Product.aspx?Item=N82E16820147693]
[SAMSUNG 970 PRO M.2 2280 512GB PCIe Gen3. X4, NVMe 1.3 64L V-NAND 2-bit MLC 
Internal Solid State Drive (SSD) MZ-V7P512BW]]

   * [[https://www.amazon.com/BLACK-SN750-NVMe-Internal-
Gaming/dp/B07M64QXMN?tag=pcworld02-20=1=US-001-2899351-000-1442373-
web-20][WD BLACK SN750 1TB NVMe Internal Gaming SSD - Gen3 PCIe, M.2 2280, 3D 
NAND - WDS100T3X0C]]

And thanks for the explanation / clarification on some of the terminology:

> This means, if you have a 500GB SSD rated for 3 DWPD and it has 5 year
> warranty, then you can safely write 1,5TB to it each day for next 5 years.
> That is 3 * 500 * ( 365 * 5 ) / 1000 = 2737TB in total. (TBW)
> 
> You can convert TBW to DWPD if you want.
> Let's say we have 240GB SSD rated for 768 TBW and it has 5 year warranty.
> That will be ( 768 * 1000 ) / ( 365 * 5 ) = 420GB could be written per
> day, or 420 / 240 = 1,75 DWPD
> 
> Let's say we have 256GB SSD rated for 300TBW and it has 5 year warranty.
> That will be ( 300 * 1000 ) / 1825 = 164GB could be written per day, or
> 164 / 256 =  0,64 DWPD
> 
> IMO, an average consumer grade SSD (preferably MLC NAND based, 240GB+, 5
> year warranty) should be rated at least 1 DWPD to be worth buying, so it
> could be used (without paying constant attention to it,
> implementing various tricks and restrictions to its workload, etc) for a
> very long period of time, extending far beyond its warranty period, if
> your workload is lower than 1 DWPD.
> However, in reality it is so much trouble just to find suitable device.
> This involves browsing through terribly designed manufacturer websites
> with dark marketing patterns [1] and a pile of specification datasheet
> files.
> Also keeping in mind how SSD manufacturers don't like to talk about this
> inconvenient topic for them, trying to hide TBW DWPD ratings by using
> MTBF ratings instead.
> 
> 
> 
> [1] https://darkpatterns.org/

Re: Simple Linux to Linux(Debian) email

[tomas]

On Mon, Apr 08, 2019 at 09:33:03PM +0900, Mark Fletcher wrote:
> Hello all
> 
> As I wrote this I began to consider this is slightly OT for this list; 
> my apologies for not putting OT in the subject line but mutt won't let 
> me go back and edit the subject line.

Mutt can do that, too. To send via an alternative SMTP server, I do
roughly:

  source ~/.muttrc
  set smtp_url="smtp://USER:p...@your.smtp.server:587"
  set from="tomas zerolo "

and put it in ~/.muttrc.otherserver. Then I invoke mutt with

  mutt -F .muttrc.otherserver

and mutt tries to deliver to that other server.

Substitute USER, PASS and your.smtp.server (and the "set from", if
necessary) with appropriate values.

I've assumed you deliver via the SMTP submission port, 587, as is
usual -- substitute that part if not.

About editing the subject: as others have said, as long as you haven't
sent the mail, you can edit the subject (actually all of the mail
headers). I like to have in my .muttrc:

  set edit_headers# let me edit the message header when composing

so I have the headers at the top of my mail text, separated
by an empty line. Much more convenient :-)

Cheers
-- t


signature.asc
Description: Digital signature

date(1) in stretch and buster

[Reco]

Dear list,

the following thing got my attention recently:

stretch$ TZ=UTC date
Mon Apr  8 15:22:02 UTC 2019
buster$ TZ=UTC date
Mon 08 Apr 2019 03:22:04 PM UTC

It's not that I depend on certain date format in scripts, but I got used
to this 24-hour time format after all these years. And yes, I can commit
into my memory that I can achieve old behaviour with "date -R" or
"busybox date".

My question is - can anyone suggest me appropriate LC_TIME setting that
can show buster's date in stretch's format?

Reco

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[rhkramer]

On Monday, April 08, 2019 10:18:28 AM Curt wrote:
> On 2019-04-08, rhkra...@gmail.com  wrote:
> > And someone would (or should) ask what does "frequently" mean, and that
> > is what I am trying to quantify.
> 
> Sure. But below a certain level of granularity it becomes an exercise
> for which the benefits remain to be established.  Large files and
> frequent writes to disk are probably not ideal for an SSD. You can read
> that anywhere. What else can anyone say? 

I've seen that implied, but not explicitly stated, nor with "quantification" 
(i.e., supporting evidence).

> What are you trying to do?
> Measure the daily byte-count of your writes and compare that to some
> hypothetical standard or threshold above which it would be suggested to
> employ an HDD rather than a SSD?

As mentioned in another post, I am starting to fear for the reilability of an 
HDD (DOAs, early failures, unwilingness of the vendor / manufacturer to 
provide a warranty), and, therefore, I am trying to determine if an SSD could 
be a better choice.

(Someday, I expect it will be -- is that day here?)

Fwd: off-topic

[Fábio Rabelo]

Cron ??

o wget não um modo "daemon" como rsync tem .


Fábio Rabelo

-- Forwarded message -
De: Vitor Hugo 
Date: seg, 8 de abr de 2019 às 11:38
Subject: off-topic
To: debian-user-portuguese@lists.debian.org >> debian-user-portuguese <
debian-user-portuguese@lists.debian.org>


Como fazer o wget baixar um conteúdo em loop ou seja infinitamente?

Re: [HS] GAFAM est devenu GAFA

[Yann Serre]

Bonjour,
Sans volonté particulière de raviver ce sujet, en ce moment je lis et 
j'entends 9 GAFA pour 1 GAFAM (sans doute moins encore).

Vous pouvez reprendre une activité normale...

off-topic

[Vitor Hugo]

Como fazer o wget baixar um conteúdo em loop ou seja infinitamente?

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[David]

On Mon, 8 Apr 2019 at 22:38,  wrote:
> On Sunday, April 07, 2019 04:22:41 PM Reco wrote:
> > On Sun, Apr 07, 2019 at 10:10:58PM +0200, Carles Pina i Estany wrote:
>
> > > In my SSDs I have:
> > > /sys/fs/ext4/dm-0/lifetime_write_kbytes
> > >
> > > I'm not sure if this is specific for SSD?
> >
> > No, it's not. It's filesystem-specific though.
> > Meaning - you have to use ext4 to see this attribute, but the device
> > where the ext4 filesystem resides does not matter.
>
> Well, to clarify, if you have multiple ext4  filesystems, does that represent
> the sum of lifetime_write_kbytes of all of those filesystems?

No, the device is in the path, after the filesystem type.
The device above is dm-0. Here's an example from this machine,
for device sda10:
$ cat /sys/fs/ext4/sda10/lifetime_write_kbytes
8589077

A quick search found this (it's not recent) which might give you
some things to try:
https://serverfault.com/questions/238033/measuring-total-bytes-written-under-linux

Re: Simple Linux to Linux(Debian) email

[Mark Fletcher]

On Mon, Apr 08, 2019 at 02:39:35PM +0100, Joe wrote:
> On Mon, 8 Apr 2019 21:33:03 +0900
> Mark Fletcher  wrote:
> 
> 
> > 
> > My image of an ideal solution is a piece of software that can present 
> > email to a remote MTA (ie an MTA not on the local machine) for
> > delivery, but is not itself an MTA, and certainly has no capability
> > to listen for incoming mail.
> > 
> 
> a) Sendmail. Not the full-featured MTA, but the utility.
> https://clients.javapipe.com/knowledgebase/132/How-to-Test-Sendmail-From-Command-Line-on-Linux.html
> 

Oh ah. Right, I hadn't separated the two in my mind. This may also do 
the job well I'm guessing.

> b) Write it yourself. If you can do simple scripting then you can write
> something that talks basic SMTP to a remote SMTP server.
> 
> Here's basic unencrypted SMTP:
> https://my.esecuredata.com/index.php?/knowledgebase/article/112/test-your-smtp-mail-server-via-telnet
> 



Yes, I had considered that too, and was going to script something up 
over a telnet session (inside my home LAN, albeit through a VPN to be 
able to tunnel back through a NAT'ing router) if this thread didn't turn 
up anything useful. But it did. :)

Also, I'm an engineer by training and follow the principle of re-use -- 
if there's a tool out there that does what I want I'd rather use it than 
write a new one. I admit I sometimes stray from that in the name of 
learning, but on this occasion I just want to solve a problem and move 
on.

> 
> c) Use a standard MTA and tell it not to listen to anything from
> outside your network. Use your firewall to not accept SMTP on the WAN
> port, and unless you have previously received email directly then the
> SMTP port shouldn't be open anyway. 
> 
> Use the MTA's configuration to listen only to localhost. Restart it and
> check where it's listening with netstat -tpan as root. 
> 
> That way you have two mechanisms to prevent access, even if you
> misconfigure one of them you should still be OK. After you have the MTA
> running and sending email where you want it to go, use ShieldsUp!! on
> https://grc.com to check which ports are open to the outside. Select
> 'All Service Ports' to check TCP/1-1055.
> 

Yes, agreed, this should also work. One thing I didn't mention in my 
original post is that I have to build all software for the "client" 
machine from scratch, and I'd expect a full-strength MTA to be a large 
project to build from source (many and potentially complex dependencies 
and so on), while a simple tool is likely to have a smaller and less 
complex dependency tree. Also because security is important on this box, 
every package I add needs careful consideration to make sure it doesn't 
compromise that -- again nudging me towards the smaller, simpler tool 
with fewer dependencies.

Thanks for your suggestions.

Mark

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Curt]

On 2019-04-08, rhkra...@gmail.com  wrote:
>
> And someone would (or should) ask what does "frequently" mean, and that is 
> what I am trying to quantify.  

Sure. But below a certain level of granularity it becomes an exercise
for which the benefits remain to be established.  Large files and
frequent writes to disk are probably not ideal for an SSD. You can read
that anywhere. What else can anyone say? What are you trying to do?
Measure the daily byte-count of your writes and compare that to some
hypothetical standard or threshold above which it would be suggested to
employ an HDD rather than a SSD? 

Re: Openvpn with brainpoolP256r1 works for debian clients only

[Dan Ritter]

Dominik wrote: 
> Hi all,
> 
> I'm using openvpn with certificates based on elliptic curves form the
> brainpoolP256r1 group. This works fine if the server and the clients run
> with debian as operating system.
> 
> If I try to connect with a client based on windows or centos using the
> same client.conf, the handshake fails and the server logs show the
> following:
> 
> TLS error: The server has no TLS ciphersuites in common with the client.
> Your --tls-cipher setting might be too restrictive.
> 
> If I compare the ClientHello messages, the client in debian lists the
> brainpoolP256r1 in the Supported Group section, while the client on
> windows and centos do not. (See below).
> 
> My question:
> 
> Why does debian send this extended list of supported groups compared to
> the other operating systems? Are there special compile options for
> openvpn or openssl?

There are many different options, and openssl tries to support
many so that something can be found to work.

Incompatibility across operating systems and versions is
expected. Pick something that works for your situation.

-dsr-

Re: - will the speed drop when wi-fi?,

[Dan Ritter]

Gdsi wrote: 
> Good evening.
> I  about the wireless Internet. USB modem in the tight car in the parking lot 
> suits, but on the go there is inconvenience, he stick out from laptop in 8 
> cm, it can be  in the car break it off. His manual says that if plugged he to 
> AC adapter, he can distribute Wi-Fi but I am  wishing  powered his from the 
> car`s cigarette lighter, i.e. from 12 V.  Hence the questions:
> - will the speed drop when wi-fi?,
> - a big risk to power the modem from car`s charging for mobile phone?,
> -If Wi-Fi will bad  distribute, I  make his again the modem but after 1-1.5 m 
> an extension, and his on a clip  into a convenient place?
> For any advice, offer,warn, thanks.
> 

1m USB extension cables are cheap and useful. Try one.

-dsr-

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[rhkramer]

On Monday, April 08, 2019 09:32:48 AM Curt wrote:
> On 2019-04-08, rhkra...@gmail.com  wrote:
> > On Monday, April 08, 2019 03:40:54 AM Curt wrote:
> >> Maybe an SSD is not the most appropriate
> >> storage device for frequent editing of large files.
> > 
> > That is what I'm trying to decide / determine.
> 
> It is? Sorry. I guess I was tragically thrown off the scent by your
> subject line (as well as other bytes in your body).
> 
> How about:
> 
>  Subject: SSD for frequent edits of large text files?
> 
>  Hi kids!
> 
>  I frequently edit large text files (100-200Mb) in Kwrite and Kate and
>  am in the market for a new hard drive. Would an SSD be a judicious
>  choice for this scenario? Thanks!

And someone would (or should) ask what does "frequently" mean, and that is 
what I am trying to quantify.  

(But, in paying some more attention recently, frequently I try to save every 
time I pause while editing, which is sometimes after each sentence, and I 
spend 12 or hours most days editing such files (well, maybe 2 to 4 hours 
actually editing, the other time being spent reading / researching.)

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Alexander V. Makartsev]

On 08.04.2019 17:39, rhkra...@gmail.com wrote:
> On Monday, April 08, 2019 03:40:54 AM Curt wrote:
>> Maybe an SSD is not the most appropriate
>> storage device for frequent editing of large files.
> That is what I'm trying to decide / determine.

There are NVMe drives and SSDs intended to be used in servers with high
workloads like cache storage. These server grade drives must be rated
for at least 3 DWPD (Drive Writes Per Day) or more.
This means, if you have a 500GB SSD rated for 3 DWPD and it has 5 year
warranty, then you can safely write 1,5TB to it each day for next 5 years.
That is 3 * 500 * ( 365 * 5 ) / 1000 = 2737TB in total. (TBW)

You can convert TBW to DWPD if you want.
Let's say we have 240GB SSD rated for 768 TBW and it has 5 year warranty.
That will be ( 768 * 1000 ) / ( 365 * 5 ) = 420GB could be written per
day, or 420 / 240 = 1,75 DWPD

Let's say we have 256GB SSD rated for 300TBW and it has 5 year warranty.
That will be ( 300 * 1000 ) / 1825 = 164GB could be written per day, or
164 / 256 =  0,64 DWPD

IMO, an average consumer grade SSD (preferably MLC NAND based, 240GB+, 5
year warranty) should be rated at least 1 DWPD to be worth buying, so it
could be used (without paying constant attention to it,
implementing various tricks and restrictions to its workload, etc) for a
very long period of time, extending far beyond its warranty period, if
your workload is lower than 1 DWPD.
However, in reality it is so much trouble just to find suitable device.
This involves browsing through terribly designed manufacturer websites
with dark marketing patterns [1] and a pile of specification datasheet
files.
Also keeping in mind how SSD manufacturers don't like to talk about this
inconvenient topic for them, trying to hide TBW DWPD ratings by using
MTBF ratings instead.



[1] https://darkpatterns.org/

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Simple Linux to Linux(Debian) email

[Mark Fletcher]

On Mon, Apr 08, 2019 at 02:14:33PM +0100, Thomas Pircher wrote:
> Mark Fletcher wrote:
> > mutt won't let me go back and edit the subject line.
> 
> Hi Mark,
> 
> Yes, have a look at the dma or nullmailer packages.  There used to be
> more of these programs in Debian (ssmtp, for example), but on my system
> (Buster) only those two seem to have survived.
> 

Thanks, of those dma looks like a perfect match and nullmailer also 
would work.

> You could also use one of the big MTAs and configure them to listen to
> local connections only, and/or block the SMTP ports with a firewall, but
> both dma and nullmailer do their job just fine. Besides, they are much
> simpler to configure.
> 

Yes, I could -- but I'd feel safer in the presence of my own capacity 
for stupid mistakes using a piece of software that just can't listen for 
mail, in this particular scenario. So dma or nullmailer both fit the 
bill. I will pore over their docs as well as sSMTPs and see what comes 
out the best.

Thanks a lot for your help

Mark

Re: Simple Linux to Linux(Debian) email

[Joe]

On Mon, 8 Apr 2019 21:33:03 +0900
Mark Fletcher  wrote:


> 
> My image of an ideal solution is a piece of software that can present 
> email to a remote MTA (ie an MTA not on the local machine) for
> delivery, but is not itself an MTA, and certainly has no capability
> to listen for incoming mail.
> 

a) Sendmail. Not the full-featured MTA, but the utility.
https://clients.javapipe.com/knowledgebase/132/How-to-Test-Sendmail-From-Command-Line-on-Linux.html

b) Write it yourself. If you can do simple scripting then you can write
something that talks basic SMTP to a remote SMTP server.

Here's basic unencrypted SMTP:
https://my.esecuredata.com/index.php?/knowledgebase/article/112/test-your-smtp-mail-server-via-telnet

There are many similar sites, some going into more detail including how
to find out the recipient's MX server if you don't know already.
https://www.port25.com/how-to-check-an-smtp-connection-with-a-manual-telnet-session-2/

Other sites explain how to use authenticated SMTP and TLS. If you later
get a fixed IP address and want to run your own mail server, you can
test it for relaying using the telnet technique. Or rely on numerous
websites...

c) Use a standard MTA and tell it not to listen to anything from
outside your network. Use your firewall to not accept SMTP on the WAN
port, and unless you have previously received email directly then the
SMTP port shouldn't be open anyway. 

Use the MTA's configuration to listen only to localhost. Restart it and
check where it's listening with netstat -tpan as root. 

That way you have two mechanisms to prevent access, even if you
misconfigure one of them you should still be OK. After you have the MTA
running and sending email where you want it to go, use ShieldsUp!! on
https://grc.com to check which ports are open to the outside. Select
'All Service Ports' to check TCP/1-1055.

-- 
Joe

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[rhkramer]

On Monday, April 08, 2019 08:39:58 AM rhkra...@gmail.com wrote:
> On Monday, April 08, 2019 03:40:54 AM Curt wrote:
> > Maybe an SSD is not the most appropriate
> > storage device for frequent editing of large files.
> 
> That is what I'm trying to decide / determine.

I guess I'll amplify that a little bit -- I was going to write a longer email 
that would have included some of the following points, but for now, I'll just 
hit some as bullet points:

   * Until recently, I would have gone with an HDD (i.e., spinning magnetic 
media) on the assumption that it is more reliable than an SSD, but I'm less 
sure about that these days.

   * Typically when I buy something of some consequence, I try to read the 
reviews, and, if the site provides the feature, I read the lowest reviews first 
-- I read lots of horror stories in the reviews, like DOAs, failures after a 
short life, and I see other problems in the ads:

   * I see drives being sold as OEM drives, for which most( or some?) 
manufacturers do not provide a warranty.

   * Sometimes the ads for those drives don't mention that it is an OEM drive 
-- there may be clues (like it comes with no mounting bracket, screws, cables, 
software, and / or retail packaging, or it may be described as a "bare 
drive"), but sometimes there are no clues.

   * Quite often, even though the drive is sold as OEM, those ads mention the 
manufacturer's warranty, and don't mention that it is not being provided 
(sometimes I can think of it is somewhat accidental, as (I think) they sort of 
copy and paste the manufacturer's standard description (for that drive) which 
I'd expect to mention the warranty, but, sometimes in addition to that, in the 
list of specifications they mention the warranty).

   * I've seen lots of reviews which mention DOAs or failures after a short 
life for what used to be my go to drive (Western Digital), and today I looked 
at an HGST (which, iiuc, is the successor to Hitachi) which I thought might 
become my go to drive, but see similar problems listed in reviews of those 
drives.  (The ad does mention a 3-year warranty, but I don't trust that -- I'd 
plan to write to the vendor and / or manufacturer to confirm that before I 
bought the drive.)

Two asides (well, maybe the entire email is an aside, but) (and, apparently I 
can't count): ;-) 

   * I used to watch for hard drives with really good sale prices (maybe a 
rebate), and buy them in advance of my need, and store them, expecting them to 
just work when I was ready for them.  I no longer feel safe doing that -- I 
think I have to put them in service as soon as possible, certainly within the 
vendor's money back return period (typically 30 days, afaik) (if no warranty 
is provided), or well within the warranty period  if it is under warranty.

   * I will read the ad carefully before I buy, and, certainly if I have any 
doubt about whether it is an OEM drive or not, or has a warranty or not, I 
will write to the vendor to ask.  (I may do that even if I don't think there 
is any ambiguity in the ad.)

   * I am surprised at how many people (who bother to write reviews about 
their bad experiences) apparently don't bother to use the RMA procedure to 
return a drive if it is under warranty..  But, you typically do have to pay 
for return shipping, and additional horror stories in the reviews concern new 
drives returned under warranty replaced with refurbished drives, drives that 
have (retail?) packaging torn open (leading one to infer that it is not a new 
drive), and even completely different drives, perhaps in cases where a buyer 
returned a defective drive in the wrong package (and a vendor re-shipped it 
without ever checking the contents of the package received from their customer 
(which is two wrongs which don't make a right).

   * I sometimes wonder if the problems with so many drives come from poor 
handling by either the vendor or the manufacturer -- I mean I can imagine the 
forklift driver (or equivalent) banging a pallet against a wall or pillar, or 
dropping or spilling it.

I guess I'm pretty cynical sometimes.

Re: Simple Linux to Linux(Debian) email

[Mark Fletcher]

On Mon, Apr 08, 2019 at 07:54:30AM -0500, Ryan Nowakowski wrote:
> You might check out sSMTP[1]
> 
> [1] https://wiki.debian.org/sSMTP
> 
Thanks, looks like sSMTP will do the job. As was pointed out elsewhere 
in the thread, it seems to have been dropped from Buster, but that is no 
barrier for me as I can build it myself on the LFS machine.

Thanks a lot

Mark

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Curt]

On 2019-04-08, rhkra...@gmail.com  wrote:
> On Monday, April 08, 2019 03:40:54 AM Curt wrote:
>> Maybe an SSD is not the most appropriate
>> storage device for frequent editing of large files.
>
> That is what I'm trying to decide / determine.

It is? Sorry. I guess I was tragically thrown off the scent by your
subject line (as well as other bytes in your body).

How about:

 Subject: SSD for frequent edits of large text files?

 Hi kids!

 I frequently edit large text files (100-200Mb) in Kwrite and Kate and
 am in the market for a new hard drive. Would an SSD be a judicious
 choice for this scenario? Thanks!

Re: Simple Linux to Linux(Debian) email

[Ryan Nowakowski]

You might check out sSMTP[1]

[1] https://wiki.debian.org/sSMTP

On Mon, Apr 08, 2019 at 09:33:03PM +0900, Mark Fletcher wrote:
> Hello all
> 
> As I wrote this I began to consider this is slightly OT for this list; 
> my apologies for not putting OT in the subject line but mutt won't let 
> me go back and edit the subject line.
> 
> Short version: Is it reasonable to expect a piece of software to exist 
> that establishes a direct connection to a "remote" MTA and delivers mail 
> there for delivery, without also offering up mail reception 
> capabilities? If it is, what would that software be? Or alternatively, 
> is there a failsafe way to configure one of the MTAs (I have no strong 
> allegiance to any MTA, although the only one I have experience with is 
> exim4) such that even if I miss a configuration step it won't be 
> contactable from outside? To be clear, I only wish to be able to send 
> mail in one direction in this scenario...
> 
> The more detailed background:
> 
> My ISP has recently developed the unfortunate habit of changing my IP 
> address moderately frequently. They're allowed -- I'm cheap so I haven't 
> paid for a fixed IP. I'm shortly going to be moving so now really isn't 
> a good time to reconsider that position.
> 
> They still aren't changing it crazily frequently, but I now run an 
> OpenVPN server at home and it is a bit inconvenient when they change my 
> home IP and I don't notice before going on a business trip or something.
> 
> I'd like to set up an alert that lets me know when my external IP 
> address has changed.
> 
> The box that is in a position to notice that the IP address has changed 
> is on the outer edge of my network connected directly to the internet. 
> It runs LFS.
> 
> Deeper inside my network, accessible from the LFS box via the VPN, is a 
> Debian Stretch machine where I do most of my work.
> 
> I've created a very simple script that is capable of parsing the output 
> of "ip addr" and comparing the returned ip address for the relevant 
> interface to a stored ip address, and thus being able to tell if the IP 
> address has changed. What I'd like to do now is make a means for the LFS 
> box to be able to notify me of the fact that the external-facing IP 
> address has changed. 
> 
> My Debian machine runs exim4 and has a reasonably basic setup that 
> allows it to accept mails from other machines on the network (although I 
> may need to fiddle around with getting mail to come through the VPN) and 
> deliver it either locally or using a friendly mail provider as a 
> smarthost. I've successfully sent and received mail between this machine 
> and a Buster machine on the same network, those two machines can see 
> each other without the VPN. The Buster machine was also running exim4.
> 
> The LFS machine is, by design, very sparsely configured with only 
> software I truly needed installed. I am willing to add software but wish 
> to minimise the risk of installing something that opens up 
> external-facing vulnerabilities as much as possible. What I'd really 
> like is a piece of software that can reach out to my Stretch machine 
> through the VPN to present an email for delivery without offering a 
> local MTA that, improperly configured, might end up listening to the 
> outside world and thus present a security risk.
> 
> I've looked at sendmail, postfix and of course exim4, and these are MTAs 
> which could certainly do the job but which also present the risk of 
> listening to the internet, especially if I do something stupid in the 
> configuration which is entirely feasible. And from some basic tests I 
> did on my Stretch machine I think the mail command expects there to be a 
> local MTA for it to talk to...
> 
> My image of an ideal solution is a piece of software that can present 
> email to a remote MTA (ie an MTA not on the local machine) for delivery, 
> but is not itself an MTA, and certainly has no capability to listen for 
> incoming mail.
> 
> Thanks in advance
> 
> Mark
> 

Re: Simple Linux to Linux(Debian) email

[Thomas Pircher]

Mark Fletcher wrote:
> mutt won't let me go back and edit the subject line.

Hi Mark,

FYI, mutt does allow you to change the Subject line, in the Compose
Menu, just before sending the mail.

> Short version: Is it reasonable to expect a piece of software to exist
> that establishes a direct connection to a "remote" MTA and delivers mail
> there for delivery, without also offering up mail reception
> capabilities?

Yes, have a look at the dma or nullmailer packages.  There used to be
more of these programs in Debian (ssmtp, for example), but on my system
(Buster) only those two seem to have survived.

You could also use one of the big MTAs and configure them to listen to
local connections only, and/or block the SMTP ports with a firewall, but
both dma and nullmailer do their job just fine. Besides, they are much
simpler to configure.

Thomas

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[rhkramer]

On Monday, April 08, 2019 03:40:54 AM Curt wrote:
> Maybe an SSD is not the most appropriate
> storage device for frequent editing of large files.

That is what I'm trying to decide / determine.

> (arriving as I am now at the chocolate-covered banana
> response to Euro Zone monetary integration)

I have no idea what that means (although I'm pretty sure it is not germane to 
this discussion).

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[rhkramer]

On Sunday, April 07, 2019 04:22:41 PM Reco wrote:
> On Sun, Apr 07, 2019 at 10:10:58PM +0200, Carles Pina i Estany wrote:

> > In my SSDs I have:
> > /sys/fs/ext4/dm-0/lifetime_write_kbytes
> > 
> > I'm not sure if this is specific for SSD?
> 
> No, it's not. It's filesystem-specific though.
> Meaning - you have to use ext4 to see this attribute, but the device
> where the ext4 filesystem resides does not matter.

Well, to clarify, if you have multiple ext4  filesystems, does that represent 
the sum of lifetime_write_kbytes of all of those filesystems?  

(And,iiuc, any ext2 (or others) are not included in that sum.)

Simple Linux to Linux(Debian) email

[Mark Fletcher]

Hello all

As I wrote this I began to consider this is slightly OT for this list; 
my apologies for not putting OT in the subject line but mutt won't let 
me go back and edit the subject line.

Short version: Is it reasonable to expect a piece of software to exist 
that establishes a direct connection to a "remote" MTA and delivers mail 
there for delivery, without also offering up mail reception 
capabilities? If it is, what would that software be? Or alternatively, 
is there a failsafe way to configure one of the MTAs (I have no strong 
allegiance to any MTA, although the only one I have experience with is 
exim4) such that even if I miss a configuration step it won't be 
contactable from outside? To be clear, I only wish to be able to send 
mail in one direction in this scenario...

The more detailed background:

My ISP has recently developed the unfortunate habit of changing my IP 
address moderately frequently. They're allowed -- I'm cheap so I haven't 
paid for a fixed IP. I'm shortly going to be moving so now really isn't 
a good time to reconsider that position.

They still aren't changing it crazily frequently, but I now run an 
OpenVPN server at home and it is a bit inconvenient when they change my 
home IP and I don't notice before going on a business trip or something.

I'd like to set up an alert that lets me know when my external IP 
address has changed.

The box that is in a position to notice that the IP address has changed 
is on the outer edge of my network connected directly to the internet. 
It runs LFS.

Deeper inside my network, accessible from the LFS box via the VPN, is a 
Debian Stretch machine where I do most of my work.

I've created a very simple script that is capable of parsing the output 
of "ip addr" and comparing the returned ip address for the relevant 
interface to a stored ip address, and thus being able to tell if the IP 
address has changed. What I'd like to do now is make a means for the LFS 
box to be able to notify me of the fact that the external-facing IP 
address has changed. 

My Debian machine runs exim4 and has a reasonably basic setup that 
allows it to accept mails from other machines on the network (although I 
may need to fiddle around with getting mail to come through the VPN) and 
deliver it either locally or using a friendly mail provider as a 
smarthost. I've successfully sent and received mail between this machine 
and a Buster machine on the same network, those two machines can see 
each other without the VPN. The Buster machine was also running exim4.

The LFS machine is, by design, very sparsely configured with only 
software I truly needed installed. I am willing to add software but wish 
to minimise the risk of installing something that opens up 
external-facing vulnerabilities as much as possible. What I'd really 
like is a piece of software that can reach out to my Stretch machine 
through the VPN to present an email for delivery without offering a 
local MTA that, improperly configured, might end up listening to the 
outside world and thus present a security risk.

I've looked at sendmail, postfix and of course exim4, and these are MTAs 
which could certainly do the job but which also present the risk of 
listening to the internet, especially if I do something stupid in the 
configuration which is entirely feasible. And from some basic tests I 
did on my Stretch machine I think the mail command expects there to be a 
local MTA for it to talk to...

My image of an ideal solution is a piece of software that can present 
email to a remote MTA (ie an MTA not on the local machine) for delivery, 
but is not itself an MTA, and certainly has no capability to listen for 
incoming mail.

Thanks in advance

Mark

Re: 'synaptic' removed from buster

[Greg Wooledge]

On Sat, Apr 06, 2019 at 07:56:22PM +1100, David wrote:
> I have seen this in IRC. People join there to ask questions
> about Gnome for example, but no-one providing support in the
> channel is actually using Gnome themselves, because they prefer more
> sophisticatedenvironments, even though it's the default GUI for Debian
> that all the newbie questioners are using.
> 
> Newbie asks "how do I do X in Gnome" ... and no-one there knows the answer :)

This.  I've pointed it out myself, more than once.

However, "more sophisticated" is not really the target for people like me.
It's more like "simpler", or "more traditional", or "leaner", or "what
we're used to", depending on the actual person.

I'm sure GNOME provides way more features than my chosen window
manager does.  But I don't need or want those features.  I like my WM.
I understand how it works, and I know how to customize it exactly to
my preferences.  It doesn't launch dozens of useless processes to hog
resources, it doesn't blow up if my video driver/firmware aren't perfect,
and it doesn't introduce completely new and surprising ways to screw me
over on a periodic basis.

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[Martin]

Am 08.04.19 um 14:05 schrieb Eike Lantzsch:
> On Monday, April 8, 2019 12:29:44 PM -04 Martin wrote:
>> Hi list,
>>
>> since a few days, my qq(´) and qq(´)¹ don't work with a single press. I have
>> to press twice. Who can tell me why?
>> And, ho do I get my old single press behavior back?
>> Sorry I don't get this keyboard magic in this life...
>>
>> 1) On a German keyboard, it is the key left of the backspace.
>>
>>
>> Thanks, Martin
> 
> Hi Martin,
> do I understand correctly
> a single press gave you ´ and with shift `?

No, it is like composing a letter: Typing ´ once does nothing, second time, it 
gives you the character.

> so you were not able to write á and à by pressing the qq and then a?
> Now one qq press and then a gives á?
> Double press of qq now results in ´?
> 
> The latter is the normal behaviour of my Gerrman keyboard layout. For me it's 
> useful because in a Spanish-speaking country I often need the accented 
> characters. This is with layout "German (dead grave acute)".

I use 'nodeadkeys'.

> You need to install "German (eliminate dead grave acute)" in your X-setup. I 
> don't know about xfce but for me it is enough to change this in the KDE setup.

Well, it worked since 206 with this install. It just recently changed.

> For programming and for the shell the behaviour with a single-press ´ is 
> better of course.
> 
> I have no idea why this may have changed. Maybe look through the upgrade 
> protocolls of apt, if you want to know what happened. If you have more than 
> one keyboard layout installed (as I have) then a certain key-combination 
> might 
> have changed it unadvertently.
> 
> Have success and a nice day 

Thanks.
As it is such a nice day, I will finish my work soon and go to the Biergarten a 
couple of minutes across. Cheers!

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[Eike Lantzsch]

On Monday, April 8, 2019 12:29:44 PM -04 Martin wrote:
> Hi list,
> 
> since a few days, my qq(´) and qq(´)¹ don't work with a single press. I have
> to press twice. Who can tell me why?
> And, ho do I get my old single press behavior back?
> Sorry I don't get this keyboard magic in this life...
> 
> 1) On a German keyboard, it is the key left of the backspace.
> 
> 
> Thanks, Martin

Hi Martin,
do I understand correctly
a single press gave you ´ and with shift `?
so you were not able to write á and à by pressing the qq and then a?
Now one qq press and then a gives á?
Double press of qq now results in ´?

The latter is the normal behaviour of my Gerrman keyboard layout. For me it's 
useful because in a Spanish-speaking country I often need the accented 
characters. This is with layout "German (dead grave acute)".

You need to install "German (eliminate dead grave acute)" in your X-setup. I 
don't know about xfce but for me it is enough to change this in the KDE setup.

For programming and for the shell the behaviour with a single-press ´ is 
better of course.

I have no idea why this may have changed. Maybe look through the upgrade 
protocolls of apt, if you want to know what happened. If you have more than 
one keyboard layout installed (as I have) then a certain key-combination might 
have changed it unadvertently.

Have success and a nice day 

-- 
Eike Lantzsch ZP6CGE
Agencia Shopping del Sol
Casilla de Correo 13005
1749 Asuncion / Paraguay

Yes, grey does matter - within the skull.
For the 'Mercans: gray does matter.

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Henrique Fagundes]

Só mais uma pergunta...

O que tem no arquivo "~/scripts/comfrases.sh" ??

No aguardo.

Atenciosamente, 

Henrique Fagundes 
Analista de Suporte Linux 
supo...@aprendendolinux.com 
Skype: magnata-br-rj 
Linux User: 475399 

https://www.aprendendolinux.com 
https://www.facebook.com/AprendendoLinux 
https://youtube.com/AprendendoLinux 
https://twitter.com/AprendendoLinux 
https://t.me/AprendendoLinux 
https://t.me/GrupoAprendendoLinux 
__ 
Participe do Grupo Aprendendo Linux 
https://listas.aprendendolinux.com/listinfo/aprendendolinux 

Ou envie um e-mail para: 
aprendendolinux-subscr...@listas.aprendendolinux.com 


  On Seg, 08 abr 2019 08:34:36 -0300 Gilberto F da Silva 
<2458...@gmail.com> wrote 
 > -BEGIN PGP SIGNED MESSAGE-
 > Hash: SHA1
 > 
 > On Mon, Apr 08, 2019 at 08:14:49AM -0300, Henrique Fagundes wrote:
 > > Gilberto, bom dia!
 > > 
 > > Primeiramente, obrigado por responder.
 > > 
 > > Se for o caso, que eu tenha que digitar a senha na mão, como eu faria para
 > > enviar o e-mail com a criptografia? Poderia ensinar os procedimentos?
 > 
 >   No meu .muttrc tem as seguintes linhas:
 > 
 > source ~/.mutt/mutt-colors-trans-green
 > source ~/.mutt/mutt-gnupgrc
 > source ~/.mutt/mailboxes
 > source ~/.mutt/aliases
 > source ~/.mutt/gpg.rc
 > 
 > 
 > Arquivo mutt-gnupgrc
 > 
 > # __ _  ___   ___  ___
 > #   __ _ / _|___/ |/ _ \ ( _ )/ _ \
 > #  / _` | |_/ __| | (_) |/ _ \ (_) |
 > # | (_| |  _\__ \ |\__, | (_) \__, |
 > #  \__, |_| |___/_|  /_/ \___/  /_/
 > #  |___/
 > # +---+
 > # ! gfs1...@gmx.net   !
 > # +--++
 > # ! Arquivo  ! mutt-gnupgrc   !
 > # +--++
 > # ! Data Estelar ! 2.453.928  !
 > # +--++
 > #
 > 
 > set pgp_create_traditional=yes
 > 
 > set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch 
 > --output - %f"
 > 
 > set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
 > set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output 
 > - %f"
 > 
 > set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 
 > --armor --detach-sign --textmode %?a?-u %a? %f"
 > 
 > set pgp_clearsign_command="gpg --no-verbose --batch --output - 
 > --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
 > 
 > set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose 
 > --output - --encrypt --textmode --armor --always-trust --encrypt-to 
 > 0xD3211B0E -- -r %r -- %f"
 > 
 > set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet 
 > --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor 
 > --always-trust --encrypt-to 0x73AB3459 -- -r %r -- %f"
 > 
 > set pgp_import_command="gpg --no-verbose --import -v %f"
 > 
 > set pgp_export_command="gpg --no-verbose --export --armor %r"
 > 
 > set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint 
 > --check-sigs %r"
 > 
 > set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons 
 > --list-keys %r"
 > 
 > set pgp_list_secring_command="gpg --no-verbose --batch --with-colons 
 > --list-secret-keys %r"
 > 
 > 
 > 
 > set pgp_autosign=yes
 > set pgp_sign_as=0xD3211B0E
 > set pgp_replyencrypt=yes
 > set pgp_timeout=1800
 > set pgp_good_sign="^gpg: Boa assinatura de "
 > 
 > arquivo gpg.rc
 > 
 > # -*-muttrc-*-
 > #
 > # Command formats for gpg.
 > #
 > # Some of the older commented-out versions of the commands use gpg-2comp 
 > from:
 > #   http://70t.de/download/gpg-2comp.tar.gz
 > #
 > # %pThe empty string when no passphrase is needed,
 > #   the string "PGPPASSFD=0" if one is needed.
 > #
 > #   This is mostly used in conditional % sequences.
 > #
 > # %fMost PGP commands operate on a single file or a file
 > #   containing a message.  %f expands to this file's name.
 > #
 > # %sWhen verifying signatures, there is another temporary file
 > #   containing the detached signature.  %s expands to this
 > #   file's name.
 > #
 > # %aIn "signing" contexts, this expands to the value of the
 > #   configuration variable $pgp_sign_as, if set, otherwise
 > #   $pgp_default_key.  You probably need to
 > #   use this within a conditional % sequence.
 > #
 > # %rIn many contexts, mutt passes key IDs to pgp.  %r expands to
 > #   a list of key IDs.
 > 
 > 
 > # Section A: Key Management
 > 
 > # The default key for encryption (used by $pgp_self_encrypt and
 > # $postpone_encrypt).
 > #
 > # It will also be used for signing unless $pgp_sign_as is set to a
 > # key.
 > #
 > # Unless your key does not have encryption capability, uncomment this
 > # line and replace the keyid with your own.
 > #
 >   set pgp_default_key="0xD3211B0E"
 > 
 > # If you have a separate signing key, or your key _only_ has signing
 > # 

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Apr 08, 2019 at 08:14:49AM -0300, Henrique Fagundes wrote:
> Gilberto, bom dia!
> 
> Primeiramente, obrigado por responder.
> 
> Se for o caso, que eu tenha que digitar a senha na mão, como eu faria para
> enviar o e-mail com a criptografia? Poderia ensinar os procedimentos?

  No meu .muttrc tem as seguintes linhas:

source ~/.mutt/mutt-colors-trans-green
source ~/.mutt/mutt-gnupgrc
source ~/.mutt/mailboxes
source ~/.mutt/aliases
source ~/.mutt/gpg.rc


Arquivo mutt-gnupgrc

# __ _  ___   ___  ___
#   __ _ / _|___/ |/ _ \ ( _ )/ _ \
#  / _` | |_/ __| | (_) |/ _ \ (_) |
# | (_| |  _\__ \ |\__, | (_) \__, |
#  \__, |_| |___/_|  /_/ \___/  /_/
#  |___/
# +---+
# ! gfs1...@gmx.net   !
# +--++
# ! Arquivo  ! mutt-gnupgrc   !
# +--++
# ! Data Estelar ! 2.453.928  !
# +--++
#

set pgp_create_traditional=yes

set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch 
--output - %f"

set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - 
%f"

set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 
--armor --detach-sign --textmode %?a?-u %a? %f"

set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 
0 --armor --textmode --clearsign %?a?-u %a? %f"

set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose 
--output - --encrypt --textmode --armor --always-trust --encrypt-to 0xD3211B0E 
-- -r %r -- %f"

set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet 
--no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor 
--always-trust --encrypt-to 0x73AB3459 -- -r %r -- %f"

set pgp_import_command="gpg --no-verbose --import -v %f"

set pgp_export_command="gpg --no-verbose --export --armor %r"

set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs 
%r"

set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons 
--list-keys %r"

set pgp_list_secring_command="gpg --no-verbose --batch --with-colons 
--list-secret-keys %r"



set pgp_autosign=yes
set pgp_sign_as=0xD3211B0E
set pgp_replyencrypt=yes
set pgp_timeout=1800
set pgp_good_sign="^gpg: Boa assinatura de "

arquivo gpg.rc

# -*-muttrc-*-
#
# Command formats for gpg.
#
# Some of the older commented-out versions of the commands use gpg-2comp from:
#   http://70t.de/download/gpg-2comp.tar.gz
#
# %pThe empty string when no passphrase is needed,
#   the string "PGPPASSFD=0" if one is needed.
#
#   This is mostly used in conditional % sequences.
#
# %fMost PGP commands operate on a single file or a file
#   containing a message.  %f expands to this file's name.
#
# %sWhen verifying signatures, there is another temporary file
#   containing the detached signature.  %s expands to this
#   file's name.
#
# %aIn "signing" contexts, this expands to the value of the
#   configuration variable $pgp_sign_as, if set, otherwise
#   $pgp_default_key.  You probably need to
#   use this within a conditional % sequence.
#
# %rIn many contexts, mutt passes key IDs to pgp.  %r expands to
#   a list of key IDs.


# Section A: Key Management

# The default key for encryption (used by $pgp_self_encrypt and
# $postpone_encrypt).
#
# It will also be used for signing unless $pgp_sign_as is set to a
# key.
#
# Unless your key does not have encryption capability, uncomment this
# line and replace the keyid with your own.
#
  set pgp_default_key="0xD3211B0E"

# If you have a separate signing key, or your key _only_ has signing
# capability, uncomment this line and replace the keyid with your
# signing keyid.
#
 set pgp_sign_as="0xD3211B0E"


# Section B: Commands

# Note that we explicitly set the comment armor header since GnuPG, when used
# in some localiaztion environments, generates 8bit data in that header, thereby
# breaking PGP/MIME.

# decode application/pgp
set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose 
--quiet --batch --output - %f"

# verify a pgp/mime signature
set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output 
- --verify %s %f"

# decrypt a pgp/mime attachment
set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose 
--quiet --batch --output - %f"

# create a pgp/mime signed attachment
# set pgp_sign_command="gpg-2comp --comment '' --no-verbose --batch --output - 
%?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_sign_command="gpg --no-verbose --batch --quiet --output - 
%?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"

# create a application/pgp signed (old-style) message
# set pgp_clearsign_command="gpg-2comp --comment '' 

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Henrique Fagundes]

Oi Gilberto,



Mais uma vez, obrigado.

Eu vou fazer testes com essas configurações, mas gostaria mesmo era de entender 
o processo.


Gerar as chaves/senhas e enviar o e-mail criptografado.


Estarei enviando os resultados dos meus testes em breve.


Atenciosamente,


Henrique Fagundes




 On Seg, 08 abr 2019 08:34:36 -0300 Gilberto F da Silva <2458...@gmail.com> 
wrote 



-BEGIN PGP SIGNED MESSAGE- 

Hash: SHA1 

 

On Mon, Apr 08, 2019 at 08:14:49AM -0300, Henrique Fagundes wrote: 

> Gilberto, bom dia! 

> 

> Primeiramente, obrigado por responder. 

> 

> Se for o caso, que eu tenha que digitar a senha na mão, como eu faria para 

> enviar o e-mail com a criptografia? Poderia ensinar os procedimentos? 

 

 No meu .muttrc tem as seguintes linhas: 

 

source ~/.mutt/mutt-colors-trans-green 

source ~/.mutt/mutt-gnupgrc 

source ~/.mutt/mailboxes 

source ~/.mutt/aliases 

source ~/.mutt/gpg.rc 

 

 

Arquivo mutt-gnupgrc 

 

# __ _  ___   ___  ___ 

#   __ _ / _|___/ |/ _ \ ( _ )/ _ \ 

#  / _` | |_/ __| | (_) |/ _ \ (_) | 

# | (_| |  _\__ \ |\__, | (_) \__, | 

#  \__, |_| |___/_|  /_/ \___/  /_/ 

#  |___/ 

# +---+ 

# ! mailto:gfs1...@gmx.net ! 

# +--++ 

# ! Arquivo  ! mutt-gnupgrc   ! 

# +--++ 

# ! Data Estelar ! 2.453.928  ! 

# +--++ 

# 

 

set pgp_create_traditional=yes 

 

set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch 
--output - %f" 

 

set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f" 

set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - 
%f" 

 

set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 
--armor --detach-sign --textmode %?a?-u %a? %f" 

 

set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 
0 --armor --textmode --clearsign %?a?-u %a? %f" 

 

set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose 
--output - --encrypt --textmode --armor --always-trust --encrypt-to 0xD3211B0E 
-- -r %r -- %f" 

 

set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet 
--no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor 
--always-trust --encrypt-to 0x73AB3459 -- -r %r -- %f" 

 

set pgp_import_command="gpg --no-verbose --import -v %f" 

 

set pgp_export_command="gpg --no-verbose --export --armor %r" 

 

set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs 
%r" 

 

set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons 
--list-keys %r" 

 

set pgp_list_secring_command="gpg --no-verbose --batch --with-colons 
--list-secret-keys %r" 

 

 

 

set pgp_autosign=yes 

set pgp_sign_as=0xD3211B0E 

set pgp_replyencrypt=yes 

set pgp_timeout=1800 

set pgp_good_sign="^gpg: Boa assinatura de " 

 

arquivo gpg.rc 

 

# -*-muttrc-*- 

# 

# Command formats for gpg. 

# 

# Some of the older commented-out versions of the commands use gpg-2comp from: 

# http://70t.de/download/gpg-2comp.tar.gz 

# 

# %pThe empty string when no passphrase is needed, 

#   the string "PGPPASSFD=0" if one is needed. 

# 

#   This is mostly used in conditional % sequences. 

# 

# %fMost PGP commands operate on a single file or a file 

#   containing a message.  %f expands to this file's name. 

# 

# %sWhen verifying signatures, there is another temporary file 

#   containing the detached signature.  %s expands to this 

#   file's name. 

# 

# %aIn "signing" contexts, this expands to the value of the 

#   configuration variable $pgp_sign_as, if set, otherwise 

#   $pgp_default_key.  You probably need to 

#   use this within a conditional % sequence. 

# 

# %rIn many contexts, mutt passes key IDs to pgp.  %r expands to 

#   a list of key IDs. 

 

 

# Section A: Key Management 

 

# The default key for encryption (used by $pgp_self_encrypt and 

# $postpone_encrypt). 

# 

# It will also be used for signing unless $pgp_sign_as is set to a 

# key. 

# 

# Unless your key does not have encryption capability, uncomment this 

# line and replace the keyid with your own. 

# 

 set pgp_default_key="0xD3211B0E" 

 

# If you have a separate signing key, or your key _only_ has signing 

# capability, uncomment this line and replace the keyid with your 

# signing keyid. 

# 

 set pgp_sign_as="0xD3211B0E" 

 

 

# Section B: Commands 

 

# Note that we explicitly set the comment armor header since GnuPG, when used 

# in some localiaztion environments, generates 8bit data in that header, 
thereby 

# breaking PGP/MIME. 

 

# decode application/pgp 

set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose 
--quiet --batch --output - %f" 

 

# verify a pgp/mime signature 

set pgp_verify_command="gpg --status-fd=2 --no-verbose 

[Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Gilberto F da Silva]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Apr 07, 2019 at 09:38:09PM -0300, Henrique Fagundes wrote:
> Senhores, boa noite!
> 
> Tenho um servidor Debian com postfix configurado completinho, com DKIM, SPF,
> tudo funcionando ok.
> 
> Eu tenho também alguns scripts de backups que enviam e-mails com o resultado
> dessas ações. Só que, o e-mail vai para o spam, com um cadeado vermelho com
> a seguinte mensagem: "O domínio meudominio.com não criptografou esta
> mensagem Saiba mais".
> 
> Como fazer para o mutt criptografar as mensagens?
> Sei que o problema é o mutt, pois quando envio e-mails deste servidor
> através de outras soluções (php por exemplo), o problema não ocorre.

  Eu uso o mutt com criptografia mas ele pede a senha do GnuPG antes
  de enviar.  Para você não irá funcionar porque você quer um processo
  automático.


- -- 

Gilberto F da Silva - gfs1...@gmx.net - ICQ 136.782.571
Stela dato:2.458.581,964  Loka tempo:2019-04-08 08:08:24 Lundo
- -==-
Em terra de cego, abrir cinema é bobagem...
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEYEARECAAYFAlyrLHYACgkQJxugWtMhGw4asQCeOKX6a5/CxIm9ECGEZ47VZ/Cv
45sAoO6rZyDJIqBusdPADT0J2HETJvWf
=C4PN
-END PGP SIGNATURE-

Re: [Debian-br] Mutt não está criptografando e-mails, gmail reclama.

[Henrique Fagundes]

Gilberto, bom dia!

Primeiramente, obrigado por responder.

Se for o caso, que eu tenha que digitar a senha na mão, como eu faria 
para enviar o e-mail com a criptografia? Poderia ensinar os procedimentos?


Ficaria muito grato.

Atenciosamente,

Henrique Fagundes
Analista de Suporte Linux
supo...@aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://t.me/AprendendoLinux
https://t.me/GrupoAprendendoLinux
__
Participe do Grupo Aprendendo Linux
https://listas.aprendendolinux.com/listinfo/aprendendolinux

Ou envie um e-mail para:
aprendendolinux-subscr...@listas.aprendendolinux.com

BRASIL acima de tudo, DEUS acima de todos!

Em 08/04/2019 08:11, Gilberto F da Silva escreveu:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Apr 07, 2019 at 09:38:09PM -0300, Henrique Fagundes wrote:

Senhores, boa noite!

Tenho um servidor Debian com postfix configurado completinho, com DKIM, SPF,
tudo funcionando ok.

Eu tenho também alguns scripts de backups que enviam e-mails com o resultado
dessas ações. Só que, o e-mail vai para o spam, com um cadeado vermelho com
a seguinte mensagem: "O domínio meudominio.com não criptografou esta
mensagem Saiba mais".

Como fazer para o mutt criptografar as mensagens?
Sei que o problema é o mutt, pois quando envio e-mails deste servidor
através de outras soluções (php por exemplo), o problema não ocorre.


   Eu uso o mutt com criptografia mas ele pede a senha do GnuPG antes
   de enviar.  Para você não irá funcionar porque você quer um processo
   automático.


- -- 


Gilberto F da Silva - gfs1...@gmx.net - ICQ 136.782.571
Stela dato:2.458.581,964  Loka tempo:2019-04-08 08:08:24 Lundo
- -==-
Em terra de cego, abrir cinema é bobagem...
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: +-+
Comment: !   Gilberto F da Silva - ICQ 136.782.571 !
Comment: +-+

iEYEARECAAYFAlyrLHYACgkQJxugWtMhGw4asQCeOKX6a5/CxIm9ECGEZ47VZ/Cv
45sAoO6rZyDJIqBusdPADT0J2HETJvWf
=C4PN
-END PGP SIGNATURE-

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[Martin]

Am 08.04.19 um 12:43 schrieb Markus Schönhaber:
> Martin, 8.4.2019 12:29 +0200:
> 
>> since a few days, my qq(´) and qq(´)¹ don't work with a single press. I have 
>> to press twice.
>> Who can tell me why?
>> And, ho do I get my old single press behavior back?
>> Sorry I don't get this keyboard magic in this life...
>>
>> 1) On a German keyboard, it is the key left of the backspace.
> 
> By choosing a keyboard layout with "nodeadkeys" / "ohne Akzenttasten"

That is what I do.
Well, in lightdm/xfce4-settings this was working with generic German PC 105 
keys without further options. Which I did not touch since ages.

> you'll probably get the old behaviour back where a single key press
> makes such accented characters appear.
> 

Re: May be silly question, but: Lost my qq(´) and qq(´) key

[Markus Schönhaber]

Martin, 8.4.2019 12:29 +0200:

> since a few days, my qq(´) and qq(´)¹ don't work with a single press. I have 
> to press twice.
> Who can tell me why?
> And, ho do I get my old single press behavior back?
> Sorry I don't get this keyboard magic in this life...
> 
> 1) On a German keyboard, it is the key left of the backspace.

By choosing a keyboard layout with "nodeadkeys" / "ohne Akzenttasten"
you'll probably get the old behaviour back where a single key press
makes such accented characters appear.

-- 
Regards
  mks

May be silly question, but: Lost my qq(´) and qq(´) key

[Martin]

Hi list,

since a few days, my qq(´) and qq(´)¹ don't work with a single press. I have to 
press twice.
Who can tell me why?
And, ho do I get my old single press behavior back?
Sorry I don't get this keyboard magic in this life...

1) On a German keyboard, it is the key left of the backspace.


Thanks, Martin

Re: Measuring (or calculating) how many bytes are actually written to disk when I repeatedly save a file

[Curt]

On 2019-04-07, Reco  wrote:
>> 
>> I'm not sure if this is specific for SSD?
>
> No, it's not. It's filesystem-specific though.
> Meaning - you have to use ext4 to see this attribute, but the device
> where the ext4 filesystem resides does not matter.
>
> Reco
>

Maybe an SSD (arriving as I am now at the chocolate-covered banana
response to Euro Zone monetary integration) is not the most appropriate
storage device for frequent editing of large files.

Openvpn with brainpoolP256r1 works for debian clients only

[Dominik]

Hi all,

I'm using openvpn with certificates based on elliptic curves form the
brainpoolP256r1 group. This works fine if the server and the clients run
with debian as operating system.

If I try to connect with a client based on windows or centos using the
same client.conf, the handshake fails and the server logs show the
following:

TLS error: The server has no TLS ciphersuites in common with the client.
Your --tls-cipher setting might be too restrictive.

If I compare the ClientHello messages, the client in debian lists the
brainpoolP256r1 in the Supported Group section, while the client on
windows and centos do not. (See below).

My question:

Why does debian send this extended list of supported groups compared to
the other operating systems? Are there special compile options for
openvpn or openssl?


Cient Hello from debian client:

Frame 705: 259 bytes on wire (2072 bits), 259 bytes captured (2072 bits)
on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.6.98, Dst: 85.214.151.228
User Datagram Protocol, Src Port: 34738, Dst Port: 1195
OpenVPN Protocol
    Type: 0x20 [opcode/key_id]
    Session ID: 14706474520384368533
    HMAC: 0b512424d819d4af7226e2a34ce3dc13a2cc52ba
    Packet-ID: 3
    Net Time: Apr  5, 2019 11:42:18.0 CEST
    Message Packet-ID Array Length: 0
    Message Packet-ID: 1
Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 168
    Handshake Protocol: Client Hello
    Handshake Type: Client Hello (1)
    Length: 164
    Version: TLS 1.2 (0x0303)
    Random: d73e15ad7f9e70417b5c1b9d672bfdb0091c830c52687ab1...
    Session ID Length: 0
    Cipher Suites Length: 42
    Cipher Suites (21 suites)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(0xc02c)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02b)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
(0xc024)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
(0xc023)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
    Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
    Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
    Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
    Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
    Compression Methods Length: 1
    Compression Methods (1 method)
    Compression Method: null (0)
    Extensions Length: 81
    Extension: ec_point_formats (len=4)
    Type: ec_point_formats (11)
    Length: 4
    EC point formats Length: 3
    Elliptic curves point formats (3)
    EC point format: uncompressed (0)
    EC point format: ansiX962_compressed_prime (1)
    EC point format: ansiX962_compressed_char2 (2)
    Extension: supported_groups (len=28)
    Type: supported_groups (10)
    Length: 28
    Supported Groups List Length: 26
    Supported Groups (13 groups)
    Supported Group: secp256r1 (0x0017)
    Supported Group: secp521r1 (0x0019)
    Supported Group: brainpoolP512r1 (0x001c)
    Supported Group: brainpoolP384r1 (0x001b)
    Supported Group: secp384r1 (0x0018)
    Supported Group: brainpoolP256r1 (0x001a)
    Supported Group: secp256k1 (0x0016)
    Supported Group: sect571r1 (0x000e)
    Supported Group: sect571k1 (0x000d)
    Supported Group: sect409k1 (0x000b)
    Supported Group: sect409r1 (0x000c)
    Supported Group: sect283k1 (0x0009)
    Supported Group: sect283r1 (0x000a)
    Extension: