Re: [testing] synaptic et wayland,

[Jean-Marc]

Mon, 24 Jun 2019 00:42:27 +0200
Gaëtan Perrier  écrivait :

> Effectivement je suis en X11 sur le fixe et Wayland sur le portable.
> Je n'ai jamais explicitement choisi Wayland.
> Comment fait-on pour revenir su X11 ?

Normalement, c'est ton gestionnaire de session (gdm, lightdm) qui te permet de 
choisir.

Tu devrais trouver dans la liste des sessions possibles.

> Gaëtan

Jean-Marc 
https://6jf.be/keys/ED863AD1.txt


pgpNgmP7_C1Vo.pgp
Description: PGP signature

Re: Reading pdf files

[Celejar]

On Sun, 23 Jun 2019 18:37:54 -0500
David Wright  wrote:

> On Sat 22 Jun 2019 at 22:31:48 (-0400), Celejar wrote:
> > On Fri, 21 Jun 2019 20:53:52 -0500 David Wright  
> > wrote:
> > > But what eliminates it for me as a general viewer is the lack of key-
> > > binding configuration file. Quoting Archwiki,
> > >   "Navigation within a document works with standard keyboard shortcuts
> > >and mouse interaction. For example, B and Space scroll up and down."
> > > they don't look like standard bindings to me. Or is there some
> > > external DE configuration that's handling all this for DE-users?
> > 
> > My understanding is that the key bindings are generally vi-like, e.g.,
> > hjkl pan left, down, up, and right. You can also use the more intuitive
> > key bindings that work in vi (at least in Vim, as per the standard
> > (Debian?) configuration: PgUp, PgDn, and the cursor arrow keys do pretty
> > much what you'd expect.
> 
> On the contrary, that's where I have problems. Compare if you will

...

You're right; I agree that mupdf can be confusing and frustrating this
way. I just meant that the bindings are pretty standard - it's the
implementation of mupdf's elementary operations that are perhaps
questionable.

> But the PNG/JPG modes of mupdf introduce a new set of navigation problems.
> PgDn, PgUp, Left and Right do nothing. Down and Up do the same as j and k,
> and the problem is as described above: the panning increment is far too
> large. AFAICT it's dividing the images into 11 "virtual pages" and so
> you only ever see the top of these 11 chunks.

Sorry, I only use mupdf for pdfs, so I have no experience with its
PNG/JPG mode.

Celejar

Installer issue

[Dominic Wright]

Every time I run the debian installer, it said "Get method failed" is there
any way to fix this? Or am I forever unable to install debian?

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

[Andy Smith]

Hello,

On Mon, Jun 24, 2019 at 12:34:36PM +1200, Richard Hector wrote:
> On 23/06/19 12:07 PM, Andy Smith wrote:
> > andy@debtest1:~$ su - bob
> > Password: 
> > bob@debtest1:~$ whoami
> > bob
> > bob@debtest1:~$ sudo -i
> > [sudo] password for bob: 
> > Sorry, user bob is not allowed to execute '/bin/bash' as root on 
> > debtest1.vps.bitfolk.com.
> > bob@debtest1:~$ echo 
> > 'bob:$6$K6b1uzg.$pTNKJG/9hIgnhBL53Y2mr0rrsBBZE1xDWE0bO8E94dBlM.itel4/meJTZYL12IIOZ9ck/
> > 3P2/j5XGbyKcKxFK/:18070:0:9:7:::' > myshadow
> > bob@debtest1:~$ sudo mount --bind ./myshadow /etc/shadow
> > bob@debtest1:~$ su -
> > Password: 
> > root@debtest1:~# whoami
> > root

[…]

> Haven't you just set your own (bob) password there? Not saying you
> couldn't set root's instead, but ... it looks like in this case you
> already knew it.

Yes, it was a mispaste from an earlier line in my screen history.
Sorry about that.

Point is you can take a hash that you already know, e.g. your own,
write it into a new shadow file but make it be for the root user,
not your own user, e.g.:

bob@debtest1:~$ echo 
'root:$6$K6b1uzg.$pTNKJG/9hIgnhBL53Y2mr0rrsBBZE1xDWE0bO8E94dBlM.itel4/meJTZYL12IIOZ9ck/3P2/j5XGbyKcKxFK/:18070:0:9:7:::'
 > myshadow

and then since you are able to use mount as root you can bind mount
your new shadow file over the system's real shadow file, hence
effectively resetting root's password:

bob@debtest1:~$ sudo mount --bind ./myshadow /etc/shadow
bob@debtest1:~$ su -
Password: 
root@debtest1:~# whoami
root

Since you can bind mount files and directories, root access to
"mount" means root access to every part of the existing filesystem
so there's many many ways of getting a root shell from that.

Try it. :) But maybe on a test host as bind-mounting over something
important may completely break your system.

Cheers,
Andy

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

[Richard Hector]

On 23/06/19 12:07 PM, Andy Smith wrote:
> Hello,
> 
> On Sat, Jun 22, 2019 at 04:44:40PM -0700, Jimmy Johnson wrote:
>> Some one mentioned mounting drives, all that and what they need can be
>> configured.
> 
> Also note that anyone who can use "mount" as root can trivially become
> root. If countenancing allowing users to run "mount" as root I would
> make scripts that only mounted the exact things to the exact places,
> and then let them run those scripts as root.
> 
> andy@debtest1:~$ su - bob
> Password: 
> bob@debtest1:~$ whoami
> bob
> bob@debtest1:~$ sudo -i
> [sudo] password for bob: 
> Sorry, user bob is not allowed to execute '/bin/bash' as root on 
> debtest1.vps.bitfolk.com.
> bob@debtest1:~$ echo 
> 'bob:$6$K6b1uzg.$pTNKJG/9hIgnhBL53Y2mr0rrsBBZE1xDWE0bO8E94dBlM.itel4/meJTZYL12IIOZ9ck/
> 3P2/j5XGbyKcKxFK/:18070:0:9:7:::' > myshadow
> bob@debtest1:~$ sudo mount --bind ./myshadow /etc/shadow
> bob@debtest1:~$ su -
> Password: 
> root@debtest1:~# whoami
> root
> 
> The password of that hash is "letmein1".
> 
> So don't give anyone sudo access to /bin/mount unless you are okay
> with them being able to become root proper if they really want to.

Haven't you just set your own (bob) password there? Not saying you
couldn't set root's instead, but ... it looks like in this case you
already knew it.

Cheers,
Richard




signature.asc
Description: OpenPGP digital signature

Re: New Hardware + old disks not recognized

[Ross Boylan]

I think you're right about the missing drivers, but fixing it has
proven challenging.

First, my original initrd was created with MODULES=dep.  This was
somewhat hidden by the fact that in initramfs.conf, MODULES=most. :)
Apparently it was overriden by the setting in conf.d/driver-policy,
which I have since edited.

lspci -nn confirms one of the device ids you expected.  I also
included the NVMe device too:
02:00.0 Serial Attached SCSI controller [0107]: LSI Logic / Symbios
Logic SAS2116 PCI-Express Fusion-MPT SAS-2 [Meteor] [1000:0064] (rev
02)
71:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co
Ltd NVMe SSD Controller SM961/PM961 [144d:a804]

First try: chroot into the old system and update-initramfs.  The
result can see the disks (yay) but has no, or at least insufficient,
crypto.

Second try: rsync from the old initrd to the new one.*  Considered
using -u, but that left an empty cryptroot file in place.  Booting
using initrd post-rsync is back to the old situation with no disks
visible.  Presumably some files that should have been merged (e.g.,
modules) were overwritten by the rsync.

Third try: do lsmod in ubuntu and insert all the modules into the
initrd modules file.  Still no disks visible.  I'm not sure if I
should have been using module names as reported by lsmod or something
more like the file names, and I later noticed that the modules are
loaded in the order given.  I don't know if the order was right.

Fourth try: regenerate a "clean" initrd as in the first step and
attempt to merge in the old initrd files that are missing or
different.  For some reason this produced a lot more complaints than
the first time I did it.** That includes the modules.aliases file.
However, some of the module management files are binary (ld.so.cache).
I wasn't sure how regenerating them in a chroot would work.  Booting
with this got further: disks are recognized and I get a prompt to
decrypt the root partition.  However, my password is not accepted.  In
the past I've seen this when the right crypto modules were not loaded.

I did copy over some crypto modules and associated binaries in the
fourth try, but perhaps I need to regenerate the caches/management
files to get them to work properly.  It's a little odd they weren't
there to begin with, given the MODULES=most selection and the presence
of some crypto modules.

There are also some differences in font-related files; I'm hoping they
don't matter (e.g., cache files with different names, different uuid
in local/share/fonts/.uuid).

@songbird: maybe I should try installing buster somewhere on the SSD,
but I'm not sure that's going to get me much closer into booting my
old system.  If I ensured that it had similar drivers (i.e., setup
using LVM and encrypted root) it should be closer, but it's still not
my target system.

I wouldn't want to use a system without encryption, and at any event
my employer requires it.

Ross

* I'm using a bit of a short-hand.  I expand the initrd into a
directory, manipulate files in that directory or comparing those with
files expanded from another initrd, and then recreate the initrd file
from the directory.

** The complaints are all on point however, and the condition they
describe was true the first time too:
# update-initramfs -u -k 4.19.0-5-amd64
update-initramfs: Generating /boot/initrd.img-4.19.0-5-amd64
/usr/share/initramfs-tools/hooks/cryptroot: 64:
/usr/share/initramfs-tools/hooks/cryptroot: cannot open /proc/mounts:
No such file
cryptsetup: WARNING: Couldn't determine root device
sed: can't read /proc/cmdline: No such file or directory
/usr/share/initramfs-tools/hooks/cryptroot: 64:
/usr/share/initramfs-tools/hooks/cryptroot: cannot open /proc/mounts:
No such file
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, you may want to uninstall the
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs
integration and avoid this warning.
W: Couldn't identify type of root file system for fsck hook

/proc/mounts isn't accessible in the chroot; even if it were, it would
not give the mounts appropriate for the system I'm trying to set up.

Re: Reading pdf files

[David Wright]

On Sat 22 Jun 2019 at 22:31:48 (-0400), Celejar wrote:
> On Fri, 21 Jun 2019 20:53:52 -0500 David Wright  
> wrote:
> > But what eliminates it for me as a general viewer is the lack of key-
> > binding configuration file. Quoting Archwiki,
> >   "Navigation within a document works with standard keyboard shortcuts
> >and mouse interaction. For example, B and Space scroll up and down."
> > they don't look like standard bindings to me. Or is there some
> > external DE configuration that's handling all this for DE-users?
> 
> My understanding is that the key bindings are generally vi-like, e.g.,
> hjkl pan left, down, up, and right. You can also use the more intuitive
> key bindings that work in vi (at least in Vim, as per the standard
> (Debian?) configuration: PgUp, PgDn, and the cursor arrow keys do pretty
> much what you'd expect.

On the contrary, that's where I have problems. Compare if you will
xpdf and mupdf with a typical portrait PDF displayed on a landscape
screen, with xpdf in its default paginated (non-continuous) mode.
On opening the document, you would see the top ~two-thirds of the
first page displayed ("top1").

Pressing PgDn repeatedly in xpdf will display bottom1, top2, bottom2,
top3, etc, and PgUp will reverse that all the way back to top1 again.
Not so with mupdf where you will never see the last part of the
file (bottomLast) displayed, because PgDn gives you top2, top3,
top4, … topLast and PgUp gives you bottomLast-1, bottomLast-2,
bottomLast-3, … bottom1.

In xpdf, the Up/Down/Left/Right arrows pan/scroll the page without
leaving it (continuous mode will scroll over page boundaries as if
the document was on fan-folded paper).
In mupdf, Up/Down moves through the document in small steps, jumping
over page boundaries (reasonable), but Left/Right changes pages,
staying in the same vertical position on each new page (like gv
does, but at least gv has a thumbnail picture in the margin of where
you are on the page).²

> > One place mupdf scores is viewing very very tall PNGs and JPGs.¹
> > However, it's let down by the fact that scrolling must be done using
> > the mouse: the keyboard shortcuts move the image much too far.
> > It appears to segment (virtually) the image into still very tall
> > "pages" which are larger than the area being displayed. So I prefer
> > to use xzgv for this task.
> 
> Are you using the panning or page Up/Down keys? I find the panning keys
> to be pretty useful in viewing tall documents, although the fact that
> they'll turn to the next page when you're already at the bottom of a
> page (instead of just doing nothing) can be annoying.

In xpdf's continuous mode, you have the benefit of seeing the
page-join going past, which makes it more obvious how the document
is scrolling by.

But the PNG/JPG modes of mupdf introduce a new set of navigation problems.
PgDn, PgUp, Left and Right do nothing. Down and Up do the same as j and k,
and the problem is as described above: the panning increment is far too
large. AFAICT it's dividing the images into 11 "virtual pages" and so
you only ever see the top of these 11 chunks.

² The difference between PgDn/Right and PgUp/Left is not mentioned in
  the man page.

Cheers,
David.

Re: [testing] synaptic et wayland,

[Gaëtan Perrier]

Le samedi 22 juin 2019 à 19:03 +0200, Jean-Marc a écrit :
> Sat, 22 Jun 2019 15:07:14 +0200
> Gaëtan Perrier  écrivait :
> 
> > Bonjour,
> 
> salut Gaëtan
> 
> > J'ai 2 machines sous debian testing plus quelques sideries (1 fixe, 1
> > portable).
> > Je rencontre un problème avec synaptic sur le portable. Quand je le lance
> > j'ai
> > un message qui me dit que j'utilise wayland et que donc il ne peut pas
> > basculer
> > en mode admin ...
> > Rien de tel sur le fixe.
> 
> Tu as vérifié que ta session est sur wayland sur le fixe ?
> . pour voir les sessions courantes :
> loginctl
> 
> . pour voir les propriétés d'une session :
> loginctl show-session n°-de-session
> 
> . pour voir si une session est sur Wayland ou sur X :
> loginctl show-session n°-de-session | grep Type
> 
> 
> > Je n'ai jamais installé wayland tout du moins de manière explicite et quand
> > je
> > fais une recherche sur les paquets contenant wayland dans leur nom j'ai la
> > même
> > chose sur les 2 machines.
> > Auriez-vous une idée du pourquoi sur une machine synaptic fonctionne
> > correctement et pas sur l'autre?
> 
> Debian offre la possibilité de démarrer sa session sur Wayland ou sur X.
> Possiblement, tu es sur X sur le fixe.  À vérifier.

Merci.

Effectivement je suis en X11 sur le fixe et Wayland sur le portable.
Je n'ai jamais explicitement choisi Wayland.
Comment fait-on pour revenir su X11 ?

Gaëtan


signature.asc
Description: This is a digitally signed message part

Re: How to make networking dependent on firewall configuration?

[andreimpopescu]

On Lu, 13 mai 19, 15:31:45, Martin T wrote:
> Hi Reco!
> 
> Thanks for reply! I changed from
> /lib/systemd/system/networking.service.d/networking.service.conf to
> /etc/systemd/system/networking.service.d/networking.service.conf.

It might be easier to do

systemctl edit .

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Off topic: Carbon.

[John Hasler]

Joe wrote:
> "Does history record any case in which the majority was right?"
> R A Heinlein

Does history record any case in which the opinion of the majority was
actually known and recorded correctly and objectively?
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Off topic: Carbon. Was: Off topic: remaja (teens)

[Joe]

On Sun, 23 Jun 2019 21:00:10 +0300
Georgios  wrote:

> Personally
> Right or wrong are highly subjective. Besides that right or wrong
> always has to do with your goal. What accomplish your goal is right.
> for example.
> Want to be good a math?
> Well the right thing to do is study after school.
> 
> 
> Socially
> You could say that every society based on its values finds something
> that is considered right by the majority.
> for example.
> Slavery i bet 99% of us would agree that is wrong and would criticize
> it. Slavery was accepted as right a couple hundred years ago.
> 
And punitive levels of taxation are accepted today.

> By the way the last example probably answer to Heinlein.(based on
> today values)
> 
> ps.Just felt that I had to answer that quote. Dont really like what it
> implies. Of course it could be out of context.
> 

There is no context, it was a standalone aphorism.

> On 6/23/19 1:26 PM, Joe wrote:
> 
> > 
> > "Does history record any case in which the majority was right?"
> > 
> > R A Heinlein
> >   

OK, an exaggeration, but a general comment that the mob is almost
always misinformed, often deliberately.

-- 
Joe

Re: How to change init from sysv to systemd

[Bob Bernstein]

On Sun, 23 Jun 2019, Bob Bernstein wrote:

How should I approach this change with an eye to maximum 
safety?


Again, the wiki proved spot on:

https://wiki.debian.org/systemd#Installing_and_Testing

Sorry about the false alarm.

Thank you


--
These are not the droids you are looking for.

Re: How to change init from sysv to systemd

[Patrick Bartek]

On Sun, 23 Jun 2019 14:55:58 -0400
Bob Bernstein  wrote:

> I encountered an error during the install of a deb which 
> led me to the discovery that my current init system is 
> still sysvinit.
> 
> The error was:
> 
> /sbin/init: invalid option -- '-'
> Usage: init {-e VAR[=VAL] | [-t SECONDS] 
> {0|1|2|3|4|5|6|S|s|Q|q|A|a|B|b|C|c|U|u}}
> 
> Thanks to the wiki:
> 
> https://wiki.debian.org/Init
> 
> I determined that in all likelihood I am still using 
> sysvinit, which circumstance was responsible for that 
> error.
> 
> Problem: The wiki article suggests how to switch from 
> systemd to sysvinit, but is not forthcoming as to the 
> converse change, hence my Subject: line.
> 
> How should I approach this change with an eye to maximum 
> safety?

First, What Debian version are you using?  Jessie, Stretch and Buster
default to systemd.  Wheezy's default is sysvinit.

Second, check you're really using sysvinit. As root (or sudo) in a
terminal: cat /proc/1/comm  If it returns "init", you using sysvinit. If
"systemd", you're systemd.

To change to systemd, as root: apt install systemd-sysv should take
care of it.  Man systemd-sysv for more.

B

How to change init from sysv to systemd

[Bob Bernstein]

I encountered an error during the install of a deb which 
led me to the discovery that my current init system is 
still sysvinit.

The error was:

/sbin/init: invalid option -- '-'
Usage: init {-e VAR[=VAL] | [-t SECONDS] 
{0|1|2|3|4|5|6|S|s|Q|q|A|a|B|b|C|c|U|u}}

Thanks to the wiki:

https://wiki.debian.org/Init

I determined that in all likelihood I am still using 
sysvinit, which circumstance was responsible for that 
error.

Problem: The wiki article suggests how to switch from 
systemd to sysvinit, but is not forthcoming as to the 
converse change, hence my Subject: line.

How should I approach this change with an eye to maximum 
safety?

Thank you


-- 
Man is essentially a dreamer, wakened sometimes for a 
moment by some peculiarly obtrusive element in the outer 
world, but lapsing again quickly into the happy somnolence 
of imagination.
Russell

Re: provant debian 10!: swap/file

[Joan Baptista]

Veig que estem bastant mes d'acord del que pensava, Narcís, cosa que
m'alegra.

Per a mi, encara que m'agrada llegir molt mes que escriure en aquesta
llista (sabent que també hi escriviu gent que en sabeu MOLT MES que jo,
membres del projecte Debian inclosos) trobo que es bo que els usuaris de
debian en català que som a la llista - i per tant, ja fa uns quants dies
que el fem servir - poguem parlar en aquesta llista de coses que ens
agraden, disgusten, preocupen o no funcionen de qualsevol versió de Debian,
amb el objectiu de compartir coneixement i ajudar-nos mutuament (per mi
Debian = GNU/Linux = Programari Lliure = Compartir Coneixements).

Encara que tu i jo poguem tenir petites discrepancies sobre si Debian 10 ha
d'avisar o no (i com) de que cal una partició swap quan fas un particionat
manual i no li vols posar, veig que estem d'acord a mltes mes coses,
tant o mes importants:

1- Systemd NO es 100% programari lliure i les parts de codi que no estan
publicades, no podem saber si fan mes be que mal o ... mes mal que be.

2- Encara que faci mlt de temps que ni es fabriquen, ni es venen (nous)
els ordinadors amb processadors tipus 286, 386, 486, 586 (Pentium, Pentium
MMX i Pentium II) i 686 (Pentium 3 i Pentium 4) trobo una pena que els
sistemes operatius lliures com Debian GNU/Linux vagin poc a poc deixant de
treure versions compatibles amb x86 i facin com fan les grans empreses de
programari privatiu (no fa falta citar nomS no?) que ja fa temps que només
disenyen, programen, fabriquen, venen i donen suport a tecnologia x86_64
(també conegut com processadors amd64, tecnologia del ... 2001 no?) i si hi
ha gent que no pot o no vol comprar el maquinari/hardware mes nou, doncs
que es fotin, que ells no pensen en gent pobre ni humil i només pensen en
gent que els pugi fer MES rics.

3-Estic d'acord amb que seria bo que la versió oficial de Debian 10 no et
mostri cap missatge si fas un particionat manual sense swap i detecta que
tens prouta memoria RAM, però ...

a) algú sap com fer arribar aquesta petició / suggeriment (que no queixa) a
on toqui? Si m'ho dieu, jo puc escriure e-mail en català, castellà o anglès.

b) si això es possible (jo no se fer-ho i encara que considero molt bons
els programadors de Debian, potser no poden o no volen mirar quanta ram te
el pc via codi en el procés de instl.lació) quanta ram hauria de ser
necessaria perquè ens sembles be a la majoria que no ens avises si no posem
swap?

Jo penso que si tens MENYS de 4GB de RAM encara pot estar be que et surti
un warning (missatge d'avís) però et permeti NO tenir swap file, però només
es la meva opinió basada en que jo he hagut de fer virtualització amb Linux
(.deb) i VirtualBox en ordinadors que ni tenien, ni podien tenir mes de 4
GB de ram física i, encara que això era al 2011, si no fos per un bon arxiu
de swap, en aquell servidor a la feina, en un pc 686, no se com ho hauriem
fet.


El dg., 23 de juny 2019, 19:54, Narcis Garcia  va
escriure:

> No m'ofens en absolut, crec que el què em dius és acurat, i m'agradaria
> pensar que no ho has respost per llista a causa d'una equivocació.
> Sóc partidari del bon debat, i també quan rebo alguna crítica ben feta.
>
> Jo faig instal·lacions a desenes d'ordinadors tots els mesos. Encara no
> en tinc cap de meu amb aquesta quantitat de memòria RAM, i igualment
> trobo que amb 8GiB (que és bastanta memòria) no és necessària la memòria
> virtual. Aquesta necessitat va néixer com a molt clara amb ordinadors de
> la dècada de 1990.
> També faig instal·lacions a ordinadors amb 1GiB de memòria RAM, i pots
> trobar alguna queixa meva de la falta de suport a i586 perquè a mi em
> limita les rehabilitacions.
>
> Trobo raonable que a un ordinador de fins a 1GiB de RAM es proposi
> establir memòria virtual, però gaire més enllà ja no.
> Fixa't a més a més que jo he parlat del «particionat manual», que
> significa que la persona instal·ladora ha optat per decidir completament
> l'organització de particions.
>
> Salut.
>
>
> __
> I'm using this express-made address because personal addresses aren't
> masked enough at this mail public archive. Public archive administrator
> should fix this against automated addresses collectors.
>
> El 23/6/19 a les 10:26, Joan Baptista ha escrit:
> > Narcís. si us plau, tingues en compte que tu ets un afortunat, per:
> >
> > A) Tenir els diners per poder fer servir majoritàriament ordinadors amb
> > 32 GB de RAM, tant a casa teva com a la feina
> >
> > B) Tenir els coneixements suficients d'informàtica per saber i entendre
> > que es i quan es recomanable una partició "SWAP FILE" i quan no
> >
> > C) Tenir el temps per decidir, pensar, triar i, fins i tot, criticar que
> > i com t'ha de poder permetre (a tu i a qualsevol) el nostre estimat
> > sistema operatiu "Universal".
> >
> >
> > Espero no ofendre't excessivament ni a tu ni a ningú, però crec que he
> > de recordar-te en aquesta llista que Debian GNU/Linux (la versió 10
> > sembla que també, per sort) 

Interference and attacks

[Pash Afur]

I am of the suspicion that there is a section of UK authorities inc ex det
sections of the UK police forces all the way up to the intelligence
services (tech level is too advanced for the average systems engineer, far
advanced of anything I can do which isn't much compared to you lot).
Mobile o/s as well as all o/s are under scrutiny, unlawful interference and
attack.
In your position, can you investigate this matter impartially and expose
those behind this agenda of technological torture if proven?
I defer the matter to you.

Re: Off topic: Carbon. Was: Off topic: remaja (teens)

[Georgios]

Personally
Right or wrong are highly subjective. Besides that right or wrong always
has to do with your goal. What accomplish your goal is right.
for example.
Want to be good a math?
Well the right thing to do is study after school.


Socially
You could say that every society based on its values finds something
that is considered right by the majority.
for example.
Slavery i bet 99% of us would agree that is wrong and would criticize
it. Slavery was accepted as right a couple hundred years ago.

By the way the last example probably answer to Heinlein.(based on today
values)

ps.Just felt that I had to answer that quote. Dont really like what it
implies. Of course it could be out of context.

On 6/23/19 1:26 PM, Joe wrote:

> 
> "Does history record any case in which the majority was right?"
> 
> R A Heinlein
> 

Re: gnupg / enigmail excessive processing times

[Teemu Likonen]

The Wanderer [2019-06-23 11:46:34-04:00] wrote:

> On 2019-06-23 at 11:23, Teemu Likonen wrote:
>> If you add line "auto-key-retrieve" to your ~/.gnupg/gpg.conf then
>> GnuPG will automatically try to retrieve keys from keyservers when
>> you verify a signature made by an unknown key.

> An interesting suggestion. I'm not sure how it'd interact with
> Enigmail (which is what is actually initiating the verification), but
> it's worth investigating.

I have never used Enigmail but if it executes "gpg --verify" then gpg
will try to fetch (using dirmngr) a missing key from keyserver before
verifying the signature.

>> GnuPG key operations slow down when the keyring is large, especially
>> if the trust model is "pgp" and the program needs to check the web of
>> trust every time a new key arrives.
>
> I'm fairly sure that I'm using the default, which appears to be the
> one specified by '--gnupg', so it's '--openpgp' plus compatibility
> workarounds. I doubt it's any of the '--pgp[678]' modes.

The default --trust-model is "auto" which is means that it uses the
trust model that is saved to trust database (I guess trustdb.gpg). That,
in turn, means normally trust model "pgp" (i.e., web of trust based on
key signatures). And that trust model needs some calculations which take
time on large keyrings.

>> It also helps if you delete certificates (key signatures) made by
>> unknown keys.
>
> What is an "unknown key" in this context? (And see note below.)

Unknown to your keyring. See "gpg --list-signatures" and you'll probably
see that there are key many key signatures that can't be shown because
your keyring doesn't have the signer's key.

Command "--edit-key + clean" removes those unknown key signatures as
well as older key signatures if there are many from same signer. This
"clean" thing can very much reduce the size of your keyring, if you want
that. From gpg(1) man page:

--edit-key

[...]

clean  Compact (by removing all signatures except the selfsig)
   any user ID that is no longer usable (e.g. revoked,  or
   expired).  Then,  remove  any  signatures  that are not
   usable by the trust calculations.   Specifically,  this
   removes  any signature that does not validate, any sig‐
   nature that is superseded by a later signature, revoked
   signatures,  and signatures issued by keys that are not
   present on the keyring.

> In case it's relevant, please note that I have done basically nothing as
> far as keysigning or other web-of-trust activity;

Then perhaps "--trust-model tofu" (or tofu+pgp) is better choice? Of
course you decide all that but web of trust (--trust-model pgp) is
useless unless user has signed (at least locally) some keys and usually
also trusts some others as signers (ownertrust).

-- 
/// Teemu Likonen    //
// PGP: 4E1055DC84E9DFF613D78557719D69D324539450 ///


signature.asc
Description: PGP signature

Re: L2TP VPN client

[David Christensen]

On 6/23/19 6:16 AM, Curt wrote:

On 2019-06-23, David Christensen  wrote:


STFW I see:

https://www.bestvpnz.com/tutorials/how-to-set-up-l2tp-ipsec-vpn-on-linux-networkmanager-strongswan/

I have installed:

2019-06-22 19:04:11 root@tinkywinky ~
# dpkg-query --show xl2tpd strongswan network-manager-strongswan
network-manager-strongswan  1.4.1-1
strongswan  5.5.1-4+deb9u4
xl2tpd  1.3.8+dfsg-1


The Network Manager GUI does not have a field for the pre-shared key, so
I have put the key into a file:


Thanks for the reply.  :-)



Looking at your link above, it says:

  If you need a PSK you will want to select Pre-shared key under the
  Authentication: pull-down menu rather than EAP.


I saw that and I did that.



(Psk supported since version 1.3.1 of the strongswan nm plugin.)


I have installed network-manager-strongswan 1.4.1-1.



https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager

   PSK is supported starting with NetworkManager-strongswan-1.3.1, but
   strong secrets are enforced.
  
I guess strong secrets means strlen no less than 20.


I must be missing something.


That link confirms that I need a feature that does not exist:

NetworkManager allows configuration and control of VPN daemons
through a plugin interface. We provide such a plugin for
NetworkManager to configure road warrior clients for the most common
setups. The plugin currently supports connections using the IKEv2
protocol only.


I will see if I can configure my VPN server to accept IKEv2 connections.


David

Re: Off topic: German. Was: Off topic: Carbon. Was: Off topic: remaja (teens)

[Nicholas Geovanis]

Cool I didn't know it was Marx Bros.
In one of their movies Groucho is hugging a tall blonde who keeps saying
"Hold me closer". Finally he says, "I get any closer I'll be on the other
side of you". :-)

On Sun, Jun 23, 2019, 11:26 AM Curt  wrote:

> On 2019-06-23, rhkra...@gmail.com  wrote:
> > On Sunday, June 23, 2019 09:55:33 AM Nicholas Geovanis wrote:
> >> "If I told you you had beautiful body, would you hold it against me?"
> >> -same sketch
> >
> > Something makes me think / remember that was not original with Monty
> Python --
> > I think it was Groucho Marx who said the same thing (or something very
> > similar) before Monty Python.
>
> Wikipedia claims it's Groucho (from the TV show 'You Bet Your Life.'
>
>
> https://en.wikipedia.org/wiki/If_I_Said_You_Had_a_Beautiful_Body_Would_You_Hold_It_Against_Me
>
>
> > I am curious.
> >
> >
>
>
> --
> “Decisions are never really made – at best they manage to emerge, from a
> chaos
> of peeves, whims, hallucinations and all around assholery.” – Thomas
> Pynchon
>
>

Re: Off topic: German. Was: Off topic: Carbon. Was: Off topic: remaja (teens)

[Curt]

On 2019-06-23, rhkra...@gmail.com  wrote:
> On Sunday, June 23, 2019 09:55:33 AM Nicholas Geovanis wrote:
>> "If I told you you had beautiful body, would you hold it against me?"
>> -same sketch
>
> Something makes me think / remember that was not original with Monty Python 
> -- 
> I think it was Groucho Marx who said the same thing (or something very 
> similar) before Monty Python.

Wikipedia claims it's Groucho (from the TV show 'You Bet Your Life.'

https://en.wikipedia.org/wiki/If_I_Said_You_Had_a_Beautiful_Body_Would_You_Hold_It_Against_Me


> I am curious.
>
>


-- 
“Decisions are never really made – at best they manage to emerge, from a chaos
of peeves, whims, hallucinations and all around assholery.” – Thomas Pynchon

Re: Numeric keypad not working on Gnome lock screen

[andreimpopescu]

On Lu, 13 mai 19, 11:29:10, Steven Post wrote:
> 
> Recently the numeric keypad stopped working on the Gnome lock screen.

More information would be necessary here, e.g. what Debian version you 
are running, if you upgraded any packages recently, etc.

> When booting, the numlock is in the 'off' state and I can simply turn
> it on by pressing the numlock key'. When I lock the screen (Super+L),
> the numlock light is still on, but pressing a number activates the
> second function (arrow, pg up, etc.), I can get numbers by holding the
> 'shift' key, but not by setting the numlock in either ON of OFF.

Is your keypad working correctly everywhere outside the lock screen?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Off topic: German. Was: Off topic: Carbon. Was: Off topic: remaja (teens)

[rhkramer]

On Sunday, June 23, 2019 09:55:33 AM Nicholas Geovanis wrote:
> "If I told you you had beautiful body, would you hold it against me?"
> -same sketch

Something makes me think / remember that was not original with Monty Python -- 
I think it was Groucho Marx who said the same thing (or something very 
similar) before Monty Python.

I am curious.

Re: gnupg / enigmail excessive processing times

[The Wanderer]

On 2019-06-23 at 11:23, Teemu Likonen wrote:

> The Wanderer [2019-06-23 10:14:19-04:00] wrote:
> 
>> Some years ago, I got tired of manually importing the key every
>> time I saw a signed message through the Debian mailing lists for
>> which I didn't already have the necessary public key.
> 
> If you add line "auto-key-retrieve" to your ~/.gnupg/gpg.conf then
> GnuPG will automatically try to retrieve keys from keyservers when
> you verify a signature made by an unknown key. This may solve the
> problem of importing too much keys and thus making your keyring large
> and slow.

An interesting suggestion. I'm not sure how it'd interact with Enigmail
(which is what is actually initiating the verification), but it's worth
investigating.

>> For reference, the file which I suspect contains those public keys
>> - ~/.gnupg/pubring.gpg - is 131MB in size.
> 
> GnuPG key operations slow down when the keyring is large, especially
> if the trust model is "pgp" and the program needs to check the web of
> trust every time a new key arrives.

I'm fairly sure that I'm using the default, which appears to be the one
specified by '--gnupg', so it's '--openpgp' plus compatibility
workarounds. I doubt it's any of the '--pgp[678]' modes.

> One solution is to add "no-auto-check-trustdb" in gpg.conf and only 
> run manually "gpg --check-trustdb" from time to time.

I'll try that first; I'm reading through the man page with an eye out
for this right now.

It seems entirely possible that this may be enough to get times back
into a reasonable range, just by itself. Thanks for suggesting it!

> It also helps if you delete certificates (key signatures) made by
> unknown keys.

What is an "unknown key" in this context? (And see note below.)

> You can manually clean such certificates with "--edit-key + clean" or
> automatically for future operations with the following lines in
> gpg.conf:
> 
> import-options import-clean
> keyserver-options import-clean
> 
> See gpg manual page for more information about --import-options and
> perhaps also --export-options.

I saw the 'clean' options (and 'minimal', relatedly), but wasn't sure
enough about what the impact of reducing the keys that way would be
willing to try it out without either asking for input or taking
backup-related precautions.

> There is no command for cleaning your current keyring but it can be
> automated with a simple script:
> 
> 
> #!/bin/sh
> gpg --batch --with-colons --list-keys | awk -F: '
> $1 == "pub" {pub = 1}
> pub == 1 && $1 == "fpr" {printf "%s clean save\n", $10; pub = 0}' | \
> xargs -n3 -- gpg --batch --no-auto-check-trustdb --edit-key
> 
> 
> The above script runs
> 
> gpg --batch --no-auto-check-trustdb --edit-key FPR clean save
> 
> for every key (FPR is key's fingerprint).

How sure can I/we/etc. be that this will not have any negative side
effects, in terms of eliminating key-related functionality that I
actually want to keep?

In case it's relevant, please note that I have done basically nothing as
far as keysigning or other web-of-trust activity; I'm using signature
verification as primarily a means of confirming A: that "yes, this mail
was signed by the key it says it was signed by", and B: "yes, this mail
was signed by the same key as that mail, so both mails were sent by the
same person". I don't have any web-of-trust confirmation about the
identity of the signer beyond that, and in practice for my purposes I'm
not entirely sure I care about getting it.

Before doing this, I'd probably want to back up ~/.gnupg/ in any case.
I suspect that I'd want to make sure gpg-agent, dirmngr, etc., are
stopped before doing that, or restoring the backup, in order to ensure
consistency.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: gnupg / enigmail excessive processing times

[Teemu Likonen]

The Wanderer [2019-06-23 10:14:19-04:00] wrote:

> Some years ago, I got tired of manually importing the key every time I
> saw a signed message through the Debian mailing lists for which I didn't
> already have the necessary public key.

If you add line "auto-key-retrieve" to your ~/.gnupg/gpg.conf then GnuPG
will automatically try to retrieve keys from keyservers when you verify
a signature made by an unknown key. This may solve the problem of
importing too much keys and thus making your keyring large and slow.

> For reference, the file which I suspect contains those public keys -
> ~/.gnupg/pubring.gpg - is 131MB in size.

GnuPG key operations slow down when the keyring is large, especially if
the trust model is "pgp" and the program needs to check the web of trust
every time a new key arrives. One solution is to add
"no-auto-check-trustdb" in gpg.conf and only run manually "gpg
--check-trustdb" from time to time.

It also helps if you delete certificates (key signatures) made by
unknown keys. You can manually clean such certificates with "--edit-key
+ clean" or automatically for future operations with the following lines
in gpg.conf:

import-options import-clean
keyserver-options import-clean

See gpg manual page for more information about --import-options and
perhaps also --export-options.

There is no command for cleaning your current keyring but it can be
automated with a simple script:


#!/bin/sh
gpg --batch --with-colons --list-keys | awk -F: '
$1 == "pub" {pub = 1}
pub == 1 && $1 == "fpr" {printf "%s clean save\n", $10; pub = 0}' | \
xargs -n3 -- gpg --batch --no-auto-check-trustdb --edit-key


The above script runs

gpg --batch --no-auto-check-trustdb --edit-key FPR clean save

for every key (FPR is key's fingerprint).

-- 
/// Teemu Likonen    //
// PGP: 4E1055DC84E9DFF613D78557719D69D324539450 ///


signature.asc
Description: PGP signature

Re: System on a chip - performance relative size and setup (how can the (Debian) setup make a difference?)

[Jonas Smedegaard]

Quoting Erik Josefsson (2019-06-23 15:42:05)
> On 6/23/19 8:40 AM, Jonas Smedegaard wrote:
> >> If random IO speed most likely is the real bottle neck, do you know 
> >> of any particular brand/label/kind/category of MicroSD card that is 
> >> significantly better than others in that regard?
> > https://github.com/ThomasKaiser/Knowledge/blob/master/articles/A1_and_A2_rated_SD_cards.md
> >
> > (this is perhaps 5th time I share that link with you; 2nd on this 
> > list)
> 
> The article by Thomas Kaiser ends with an open discussion that you can 
> probably just as well buy A1 cards made before 2017.

You call a section labeled "TODO" an open discussion?  Oh well.


> The last card I bought is neither A1 or A2 but marked with a XC II 
> logo. That particular markup is not mentioned in Kaiser's article.

Maybe because the text is about A1/A2 classification, only briefly 
linking to the historic thread covering lesser relevant cards.


> So the article cannot tell me which of my 4 cards is likely to be the 
> best for my usecase:
> 
> MicroSD SanDisk Extreme PRO  64GB  [3]  XC II
> MicroSD SanDisk Extreme PLUS  64GB  [3]  XC I  V30  A2
> MicroSD SanDisk Extreme PLUS  32GB  [3]  HC I  V30  A1
> MicroSD SanDisk Ultra  32GB  [1]  HC I  (10)  A1

The section "'Application Performance Class' to the rescue" didn't help 
tell you about the relevancy of A1/A2 classification?

And subsection "Real world 2018 A1 and A2 performance comparison" didn't 
help tell you about real-world relevancy of A1 versus A2 classification?

Oh well.


> Ahh.. there's another hint! For some applications, disk partition 
> matters?

Explained here (yes, shared a few posts ago as well):

https://wiki.gentoo.org/wiki/SDCard#Solution_2:_Tuned_ext4
https://thelastmaimou.wordpress.com/2013/05/04/magic-soup-ext4-with-ssd-stripes-and-strides/
https://lists.linaro.org/pipermail/flashbench-results/2014-July/000479.html


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

[solved]Re: Converting text subtitles to vobsub

[Michael Lange]

Hi,

On Sat, 22 Jun 2019 12:54:30 +0200
Nicolas George  wrote:

> Michael Lange (12019-06-22):
> > I did investigate some more, now as far as I can see this is actually
> > not true. spumux only creates a .sub file but the .idx file is
> > missing. This seems to be no good except with DVDs. Besides, there
> > seems only to be the choice between 25.0 and 29,97 fps framerates
> > (PAL/NTSC) which is too bad if the video is 23.976 fps :(
> 
> Indeed, because vobsub is a bastard format built on top of a crappy
> format. You need spumux to produce spu packets and mux them into a
> MPEG-PS stream, and then you need a DVD ripping tool to butcher the
> MPEG-PS stream and chop the pair of final files.

I was finally able to find an app which does what I want
(https://www.nikse.dk/subtitleedit/)

It's a windows program, too, but it is GPL and can be run on debian with
mono (the latest version 359 did not work perfectly here with Stretch
for some reason, maybe Stretch's mono is too old or maybe it's something
else; so I followed someone's suggestion and tried an older version (343)
which seems to work well here).
The feature set this app offers looks rather impressive, obviously it's
far superior to similar programs that come with debian. And it can create
good looking vobsub subtitles in less than one minute.

Just in case someone comes here looking for help:
you can download the zip file with the portable version, unpack it and
then run
# mono SubtitleEdit.exe
which should launch the application window.
To create vobsub files you can (once the original subtitles are opened)
go to File -> Export -> VobSub (sub/idx)... which should open a dialog box
where the properties of the vobsub file can be configured and finally
press the "Export all lines..." button which will start the procedure.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Men will always be men -- no matter where they are.
-- Harry Mudd, "Mudd's Women", stardate 1329.8

gnupg / enigmail excessive processing times

[The Wanderer]

The short version of this is that I think I need to clear out a lot of
irrelevant keys / signatures, et cetera, from my gnupg configuration -
but I don't want to do anything which risks losing my private key(s), or
any related information.

Just in case I'm wrong about that solution, however, I want to lay out
the entire situation.


The primary way in which I make use of gnupg is via Thunderbird and the
Enigmail extension.

In addition to permitting me to sign and/or encrypt messages I send,
this serves to validate E-mails received from others, by checking the
signature against its associated public key.

It includes functionality to reach out to a designated keyserver and
download the matching public key for the signature in the currently open
E-mail, on demand. Doing this, however, takes at least a few moments -
and potentially considerably longer - for each such key request, and
blocks the Thunderbird UI until the request either completes or is
cancelled.

Some years ago, I got tired of manually importing the key every time I
saw a signed message through the Debian mailing lists for which I didn't
already have the necessary public key. As a handy shortcut, I simply
imported all keys from the debian-keyring package, which theoretically
should include all Debian developer/etc. public keys.

This mostly worked, in terms of reducing how many Debian-mailing-list
messages I saw with unrecognized public keys, but not entirely; there
were, and are, still a fair number of people whose messages were signed
with keys that apparently hadn't been included. That's fine, I can just
fetch those keys using the UI method, as before.

(I later repeated this import process, using a newer version of the
debian-keyring package. I don't know whether that would have had any
meaningful effect on the behaviors I observed later.)

Unfortunately, over time - and even more after the failed-RAID-array
recovery on which I've spent the past 6+ months, and which is the reason
I haven't posted here during that time - the time necessary to fetch a
new key has gone up to unreasonable levels; by now, processing a typical
new-key request seems to take something definitely in excess of 30
minutes, and possibly multiple hours, during which I can't otherwise
make use of my mail client. (I don't have any convenient way of timing
the process more exactly.)

During this time, gnupg is pegging one CPU core at maximum, and doing a
not entirely negligible amount of disk I/O. I'm guessing that it's
iterating through every single public key I've got in the local keyring,
although exactly what it's doing with each one I'm not sure enough to
state.

For reference, the file which I suspect contains those public keys -
~/.gnupg/pubring.gpg - is 131MB in size.


I suspect that importing the entire debian-keyring set was my original
mistake, and that I shouldn't have done that.

At this point, I'd be willing to un-do that step, and go back to
manually importing just the keys needed for the messages I actually
receive. Unfortunately, I suspect there's no practical way of
un-scrambling that egg; the keys imported that way are mixed in with the
ones received by other means, and it would not be trivial to try to
separate them out.

I'd also be willing to just discard my entire collection of imported
public keys, and start from scratch, if I knew of a way to do so which I
could be completely certain wouldn't have undesirable side effects on
other parts of my cryptographic situation - most particularly and
especially, my private key(s).

In between those, if there's a way of mass-discarding public keys which
fit (or don't fit) some particular criteria, while retaining others,
that might be preferable to either extreme.

However, so far I've been unable to find any way of removing keys from
the local key repository except 'gnupg --delete-keys [name]', which
appears to require specifying each key for removal one at a time. This
does not really scale to the point where I'm currently at.


Any suggestions for how to recover from this situation?

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

[HS mais pas trop] PC industriel

[kaliderus]

Le bonjour la liste,

Savez-vous ou je peux trouver des pc de type "industriel" = boitier
rackable + carte fond de panier passive (bus PCI) +
Toutes_Les_Cartes_Qui_Vont_Bien_A_Rajouter ... sans tomber dans
l'envolée lyrique des tarifs généralement pratiquée entre
"professionnels" ?

Si en plus les tarifs sont accessibles directement en ligne ça m'arrange.

Merci et à bientôt.

Re: Off topic: German. Was: Off topic: Carbon. Was: Off topic: remaja (teens)

[Nicholas Geovanis]

"If I told you you had beautiful body, would you hold it against me?"
-same sketch

On Sun, Jun 23, 2019, 3:45 AM Thomas Schmitt  wrote:

> Hi,
>
> deloptes wrote:
> > https://deutsch.lingolia.com/de/grammatik/verben/imperativ
>
> Reminds me somewhat of
>   "The Hungarian Phrasebook Sketch"
>   http://www.montypython.net/scripts/phrasebk.php
> (There is a lengthy link list before the sketch text begins.)
>
>   "Publisher: I wish to plead incompetence."
>
>
> Have a nice day :)
>
> Thomas
>
>

Re: System on a chip - performance relative size and setup (how can the (Debian) setup make a difference?)

[Erik Josefsson]

On 6/23/19 8:40 AM, Jonas Smedegaard wrote:


Is it meaningful to test the SD cards with an USB-adapter? (the MicroSD
slot would be occupied by the SD card the machine is running from/on)

Testing SD cards on a different controller may help understand
_potential_  features of cards, but not_actual_  reachable potentials.

If you prefer an analogy: Reading in a magazine that some Formel-1
driver can cut a corner while driving 60km/h in same model car as yours
does not mean that you can expect to cut that same corner at that speed:
Depends not only on the vehicle (disk device) but also on the driver!



Sure. I have tried to drive the 4 cards along exactly the same path 
(i.e. flashbench) to reduce my influence on the performance. 
Unfortunately I cannot tell which one is the best from the resulting data.


If the fio benchmark can tell me which card is the best, I will try it 
at some point.






Of those figures, I consider the random ones more important in most
configurations. i.e. if I had to choose between a device that
supported a bit higher sequential read/write but much lower random
read/write, I'd rather have the random read/write, because that
tends to have more impact on interactive usage than sequential.

Yes, going back and forth between Thunderbird and Firefox while
copying text snippets from one app to the other sometimes ends in a
mouse pointer freeze.

That's basically what I do most of the time...

Biggest speed gain (on a limited computer like Teres-I) is likely had
with changing to less ressource hungry tools.

Instead of Firefox try GNOME Web (apt install epiphany-browser).  It
uses the rendering engine "Webkit" so is likely to handle most websites.
For an radically lighter browser rendering fewer real-world websites
properly and with an arguably less friendly user interface, try Surf.



This is very helpful. I have installed epiphany now. Thanks!



A lighter alternative with ok UI and somewhat decent rendering engine is
Netsurf, but unfortunately that one won't make it into Debian Buster.

Instead of Thunderbird try Balsa or Claws Mail.



OK. Thanks!






SD cards tend to have poor random IO speed so I would never use one
for general purpose computing if I could use an HDD or SSD instead.

If random IO speed most likely is the real bottle neck, do you know of
any particular brand/label/kind/category of MicroSD card that is
significantly better than others in that regard?

https://github.com/ThomasKaiser/Knowledge/blob/master/articles/A1_and_A2_rated_SD_cards.md

(this is perhaps 5th time I share that link with you; 2nd on this list)



The article by Thomas Kaiser ends with an open discussion that you can 
probably just as well buy A1 cards made before 2017. The last card I 
bought is neither A1 or A2 but marked with a XC II logo. That particular 
markup is not mentioned in Kaiser's article.


So the article cannot tell me which of my 4 cards is likely to be the 
best for my usecase:


MicroSD SanDisk Extreme PRO  64GB  [3]  XC II
MicroSD SanDisk Extreme PLUS  64GB  [3]  XC I  V30  A2
MicroSD SanDisk Extreme PLUS  32GB  [3]  HC I  V30  A1
MicroSD SanDisk Ultra  32GB  [1]  HC I  (10)  A1



Not sure if chasing some microseconds of better performance will make
a difference, but if it is anything like parking with a heavy truck
with heavy trailer in a small parking lot with other cars, then I
guess a microsecond extra is just as important as an extra centimeter
:-)



To give you some idea of what decent SSDs manage:

  
http://strugglers.net/~andy/blog/2019/05/29/linux-raid-10-may-not-always-be-the-best-performer-but-i-dont-know-why/


I don't think I can make Teres-I boot from an external SSD.

Through the USB2 interface you can.  Won't reach the full potentials of
SSD (see Formel-1 analogy above) but may still beat SD-cards.

You cannot_boot_  via USB2 interface but you can store your data there
which helps some scenarios (e.g. possibly helps Firefox hanging, as that
might be due to its working on cache data below your $HOME.



Ahh.. there's another hint! For some applications, disk partition matters?

I hope there is no downside to having two browsers installed, as long as 
you don't use them at the same time!


Best regards.

//Erik

Re: L2TP VPN client

[Curt]

On 2019-06-23, David Christensen  wrote:
>
> STFW I see:
>
> https://www.bestvpnz.com/tutorials/how-to-set-up-l2tp-ipsec-vpn-on-linux-networkmanager-strongswan/
>
> I have installed:
>
> 2019-06-22 19:04:11 root@tinkywinky ~
> # dpkg-query --show xl2tpd strongswan network-manager-strongswan
> network-manager-strongswan1.4.1-1
> strongswan5.5.1-4+deb9u4
> xl2tpd1.3.8+dfsg-1
>
>
> The Network Manager GUI does not have a field for the pre-shared key, so 
> I have put the key into a file:

Looking at your link above, it says:

 If you need a PSK you will want to select Pre-shared key under the
 Authentication: pull-down menu rather than EAP.

(Psk supported since version 1.3.1 of the strongswan nm plugin.)

https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager

  PSK is supported starting with NetworkManager-strongswan-1.3.1, but
  strong secrets are enforced.
 
I guess strong secrets means strlen no less than 20.

I must be missing something.

Re: how to switch a Debian buster system from systemd to sys-v init

[tomas]

On Sun, Jun 23, 2019 at 01:27:08PM +0200, arne wrote:
> 
> > That's right. "Modern" desktop environments (Gnome and derivatives,
> > most probably also KDE) depend these days on systemd. I don't know
> > how hard those dependencies are -- you'd want to look at Devuan [2]
> > [3] to see how far they went, if at all, into fixing this.
> 
> The Devuan default desktop is Xfce. Cinnamon, KDE, LXQt and MATE are
> available from tasksel during installation and a number of other
> graphical environments are available post-install.

Thanks for that information. So it seems that they have at least
tackled some of them. Good for them!

Cheers
-- t


signature.asc
Description: Digital signature

Re: Utiliser la sortie hdmi de mon pc portable ?

[Étienne Mollier]

On 6/23/19 1:27 PM, toto wrote:
> Sous debian je
> cherche également un paquet utilisable sous openbox par exemple qui permet
> de passer de mon écran de pc portable à moniteur plus grand.

Bonjour,

En ligne de commande, usuellement, "xrandr" devrait permettre de
travailler avec n'importe quelle configuration.  Par contre il
faut passer un peu de temps dans le manuel, et expérimenter,
avant de bien comprendre comment le mécano fonctionne.

Sinon, "arandr", du paquet du même nom, permet d'avoir une
petite interface de configuration des écrans, indépendante de
l'environnement de bureau.  Ça devrait plutôt bien s'intégrer
dans votre environnement Openbox.

Bien à vous,
-- 
Étienne Mollier  59DA 56FE FFF3 882D



signature.asc
Description: OpenPGP digital signature

Re: Gérer la charge de sa batterie au lithium de son pc portable ?

[Étienne Mollier]

On 6/23/19 1:21 PM, toto wrote:
> Je cherche sous de debian stretch 9.9 un paquet éprouvé (en ligne de
> commande ou graphique peu importe) indépendant d'un bureau et qui fonctionne
> sous openbox par exemple afin de gérer la charge de ma batterie de pc
> portable. Je souhaite lorsque debian est chargé (pc en marche) déclencher la
> charge de la batterie en-dessous des 40% puis l'arrêter à 80% de manière
> automatique. Un fois la charge déclenchée le système s'éteindra tout seul à
> 80% de charge si le pc portable entre temps n'est plus utilisé. Un problème
> cependant la charge continue lorsque le pc portable est éteint (bios UEFI).
> Des idées ?

Bonjour,

Certains ordinateurs portables haut de gamme sont fournis avec
des contrôleurs de batteries avancés, permettant de choisir
entre maximiser la charge, ou maximiser la durabilité de la
batterie.  Ce point est à étudier dans la configuration de la
carte mère.  Certains ZBook très récents sont fournis avec cette
fonctionnalité disponible par exemple ; il faut aller l'activer
dans l'interface de configuration de l'UEFI, ce n'est bien
évidemment pas actif par défaut.

En solution logicielle, un petit `apt search battery` me renvoie
"tlp", caché au milieu de dizaines de paquets, et qui semble
faire, entre autres, ce que vous demandez.  D'après le README.md
il pourrait aussi faire bien d'autres choses, comme intervenir
sur la fréquence CPU, la rotation des disques, etc, ce qui
potentiellement peut ne pas vous convenir.  Mais je ne sais pas
à quel point cette solution est éprouvée.

Bien à vous,
-- 
Étienne Mollier  59DA 56FE FFF3 882D
All opinions are my own.



signature.asc
Description: OpenPGP digital signature

Re: New Hardware + old disks not recognized

[songbird]

Ross Boylan wrote:

> In brief: moved all the 3.5" disks from an old system to a new one,
> and now I can't boot into buster.  In the initrd environment no disks
> appear in /dev; the disks are all connected through an LSI Host Bus
> Adapter card (only on the new system).  I can boot into Ubuntu on the
> new system, and from there can see and use all the disks.
>
...
> Any ideas?

  i like to keep things simple so i don't do encryption,
etc.

  if you have space on the SDD i would create an extra
partition and install Buster to that directly and
then go from there.  likely it will also have UEFI
for which i use refind to manage the boot process
so if there isn't a boot partition for efi it may
be good to set up one for that too.


  songbird

Re: Utiliser la sortie hdmi de mon pc portable ?

[Bernard Schoenacker]

- Mail original -
> De: "toto" 
> À: debian-user-french@lists.debian.org
> Envoyé: Dimanche 23 Juin 2019 13:27:59
> Objet: Utiliser la sortie hdmi de mon pc portable ?
> 
> Salut à tous !
> 
> Je cherche aussi à utiliser la sortie hdmi de mon pc portable sous
> debian
> stretch 9.9 pour porfiter d'un écran de mointeur plus grand. Sous
> windows 8
> c'est très facille car intégré à l'interface graphique. Sous debian
> je
> cherche également un paquet utilisable sous openbox par exemple qui
> permet
> de passer de mon écran de pc portable à moniteur plus grand.
> 
> Merci pour les pistes.
> 

bonjour,

serait il possible de faire un lspci (?) et de bien vouloir
donner le type de carte vidéo 

idem pour la sortie audio

merci

slt
bernard

Re: Utiliser la sortie hdmi de mon pc portable ?

[Basile Starynkevitch]

On 6/23/19 1:27 PM, toto wrote:

Salut à tous !

Je cherche aussi à utiliser la sortie hdmi de mon pc portable sous debian
stretch 9.9 pour porfiter d'un écran de mointeur plus grand. Sous windows 8
c'est très facille car intégré à l'interface graphique. Sous debian je
cherche également un paquet utilisable sous openbox par exemple qui permet
de passer de mon écran de pc portable à moniteur plus grand.



Sous Linux comme Debian c'est aussi intégrer à l'interface graphique.


Et Debian a comme énorme avantage (vis à vis de Windows par exemple) de 
t'offrir plein d'interfaces graphiques différentes, et de te permettre 
de lancer des programmes en ligne de commande.



Comme tu n'explique pas quelle interface graphique tu utilises, et 
quelles commandes tu as essayées, il est très difficile de t'aider 
d'avantage.



--
Basile STARYNKEVITCH   == http://starynkevitch.net/Basile
opinions are mine only - les opinions sont seulement miennes
Bourg La Reine, France

Utiliser la sortie hdmi de mon pc portable ?

[toto]

Salut à tous !

Je cherche aussi à utiliser la sortie hdmi de mon pc portable sous debian
stretch 9.9 pour porfiter d'un écran de mointeur plus grand. Sous windows 8
c'est très facille car intégré à l'interface graphique. Sous debian je
cherche également un paquet utilisable sous openbox par exemple qui permet
de passer de mon écran de pc portable à moniteur plus grand.

Merci pour les pistes.



--
Sent from: http://debian.2.n7.nabble.com/debian-user-french-f1152225.html

Re: how to switch a Debian buster system from systemd to sys-v init

[arne]

> That's right. "Modern" desktop environments (Gnome and derivatives,
> most probably also KDE) depend these days on systemd. I don't know
> how hard those dependencies are -- you'd want to look at Devuan [2]
> [3] to see how far they went, if at all, into fixing this.

The Devuan default desktop is Xfce. Cinnamon, KDE, LXQt and MATE are
available from tasksel during installation and a number of other
graphical environments are available post-install.

https://devuan.org/os/

Gérer la charge de sa batterie au lithium de son pc portable ?

[toto]

Salut à tous !

Je cherche sous de debian stretch 9.9 un paquet éprouvé (en ligne de
commande ou graphique peu importe) indépendant d'un bureau et qui fonctionne
sous openbox par exemple afin de gérer la charge de ma batterie de pc
portable. Je souhaite lorsque debian est chargé (pc en marche) déclencher la
charge de la batterie en-dessous des 40% puis l'arrêter à 80% de manière
automatique. Un fois la charge déclenchée le système s'éteindra tout seul à
80% de charge si le pc portable entre temps n'est plus utilisé. Un problème
cependant la charge continue lorsque le pc portable est éteint (bios UEFI).
Des idées ?





--
Sent from: http://debian.2.n7.nabble.com/debian-user-french-f1152225.html

Re: Testing netinstall, but use stable release?

[andreimpopescu]

On Jo, 09 mai 19, 07:29:49, Rory Campbell-Lange wrote:
> 
> Are you referring to "It is not possible to install sid from a netinst
> or full CD. Please use the netboot installation method". I certainly
> missed that. My apologies.
> 
> Setting up a tftp server in a remote data centre rack is something I'd
> like to avoid, but I certainly can if the ability to downgrade the
> installation is unique to the netboot method.

The netboot image works fine if written (cp) to a USB stick or even to 
the disk you intend to install to ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Off topic: Carbon. Was: Off topic: remaja (teens)

[Joe]

On Sun, 23 Jun 2019 10:57:26 +0200
 wrote:

> On Sun, Jun 23, 2019 at 01:45:25AM +0200, deloptes wrote:
> 
> [...]
> > too much wrong thinking - there are two fraction in science-
> > mainstream supports CO2 lie. Look at arguments on both sides from
> > real scientists (Not the face Potsdamer Institut für Klimaforschung
> > <- these are fake).  
> 
> Mainstream also supports round Earth lie, while we all do know Earth
> is flat.
> 

"Does history record any case in which the majority was right?"

R A Heinlein

-- 
Joe

Re: how to switch a Debian buster system from systemd to sys-v init

[tomas]

On Sat, Jun 22, 2019 at 05:45:39PM -0700, Rick Thomas wrote:
> 
> Purely out of curiosity, I'd like to see what's involved in
> switching a Debian buster system from systemd to sysv init.

The short version [1]:

  apt-get install -y sysvinit-core

> Please, I don't want to restart or get involved in any of
> the existing systemd/sysv flame wars [...]

Phew! ;-)

> First of all, is this even possible?

See above. It's even easy. But see the somewhat longer version
below.

> Second, has anyone done it?  If so, how did you do it?
> Here's what I've discovered so far:

[I see you already found out about [1], but Mate goes down the drain]

That's right. "Modern" desktop environments (Gnome and derivatives,
most probably also KDE) depend these days on systemd. I don't know
how hard those dependencies are -- you'd want to look at Devuan [2] [3]
to see how far they went, if at all, into fixing this.

Since I'm not using a DE, but just a traditional window manager,
I'm a happy Debian user without systemd.

Cheers

[1] https://wiki.debian.org/systemd#Installing_without_systemd
[2] https://devuan.org/
[3] https://en.wikipedia.org/wiki/Devuan
-- tomás


signature.asc
Description: Digital signature

Re: IPv4 v IPv6

[Pascal Hambourg]

Le 23/06/2019 à 08:27, Gene Heskett a écrit :

On Saturday 22 June 2019 22:49:36 John Hasler wrote:


Gene writes:

Well, I'd expect there is a registration fee...
...particularly since it may take a whole cluster of servers to
cover locally, the whole ipv6 address space.


I don't know what you mean by that. The number of servers does not
depend on the size of the address space.


That doesn't compute John, unless a 30+ second dns lookup time would be
tolerable.


Why would a DNS lookup take 30 seconds ?
Anyway, this is irrelevant. Registries who assign address blocks do not 
manage DNS lookups. They just manage delegations to the organizations 
which manage reverse DNS zones. Besides, a reverse DNS zone does not 
have to serve PTR records for all IP addresses in the block.

Re: Privacy policy of packages/softwares installed in Debian

[npdflr]

Hello,
Any final inputs whether there is any need for specifying privacy policy 
somewhere for packages from only Offical Debian main repositories?

What I am looking at (and maybe even some other users too) is simply to have a 
secure 'core' which can be utilised further to add more packages via other 
repositories, websites etc. Personally, I am using core = Debian OS with 
Official Debian main repositories, others can use core as something different.

For having a privacy file for packages from locations other than Official 
Debian Main repositories, I think it would be a separate task which may or may 
not be important as it is separate from the 'core'.

[Some examples of Official Debian main repositories:
deb http://deb.debian.org/debian/ stable main
deb http://deb.debian.org/debian/ stable-updates main
deb http://deb.debian.org/debian-security stable/updates main]

Regards.

Re: New Hardware + old disks not recognized

[Pascal Hambourg]

Le 23/06/2019 à 04:06, Ross Boylan a écrit :


My leading suspect for why the hard disks aren't recognized is that
they are all attached through
02:00.0 Serial Attached SCSI controller: LSI Logic / Symbios Logic
SAS2116 PCI-Express Fusion-MPT SAS-2 [Meteor] (rev 02)
whereas before they were vanilla SATA (although at least one used a
SATA expansion card).  I am not using the card for RAID and was told
it didn't even support RAID.  The box says it's an LSI SAS 9201-16i
Host Bus Adapter.


Possible causes of this kind of problem include :
- lack of support by the kernel (too old for the new hardware)
- missing driver in the initramfs.

Could you post the detailed identification of the adapter printed by 
"lspci -nn" ? According to the identification string the VID:DID should 
be 1000:0064 or 1000:0065. Both identifiers have been recognized by the 
mpt2sas/mpt3sas module at least since Jessie.


When at the initramfs prompt, could you check whether the mpt3sas module 
is present in
lib/modules//kernel/drivers/scsi/mpt3sas/mpt3sas.ko and loaded 
(as shown by lsmod or in /proc/modules) ? If it is missing, maybe 
"MODULES=dep" was set in /etc/initramfs-tools/initramfs.conf (including 
only modules for the current hardware at the time of initramfs build) 
instead of "MODULES=most" (including modules for most storage hardware).

Re: Giving remaja (teens) group full administrator privileges through sudo - dangerous?

[tomas]

On Sun, Jun 23, 2019 at 12:07:12AM +, Andy Smith wrote:
> Hello,
> 
> On Sat, Jun 22, 2019 at 04:44:40PM -0700, Jimmy Johnson wrote:
> > Some one mentioned mounting drives, all that and what they need can be
> > configured.
> 
> Also note that anyone who can use "mount" as root can trivially become
> root. If countenancing allowing users to run "mount" as root I would
> make scripts that only mounted the exact things to the exact places,
> and then let them run those scripts as root.

Folks. Wise up. For "mount" there's a solution (in fstab) not needing
root. For other things, sudoers covers nearly every restricted root
usage.

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: Off topic: Carbon. Was: Off topic: remaja (teens)

[tomas]

On Sun, Jun 23, 2019 at 01:45:25AM +0200, deloptes wrote:

[...]
> too much wrong thinking - there are two fraction in science- mainstream
> supports CO2 lie. Look at arguments on both sides from real scientists (Not
> the face Potsdamer Institut für Klimaforschung <- these are fake).

Mainstream also supports round Earth lie, while we all do know Earth is
flat.

-- t


signature.asc
Description: Digital signature

Off topic: German. Was: Off topic: Carbon. Was: Off topic: remaja (teens)

[Thomas Schmitt]

Hi,

deloptes wrote:
> https://deutsch.lingolia.com/de/grammatik/verben/imperativ

Reminds me somewhat of
  "The Hungarian Phrasebook Sketch"
  http://www.montypython.net/scripts/phrasebk.php
(There is a lengthy link list before the sketch text begins.)

  "Publisher: I wish to plead incompetence."


Have a nice day :)

Thomas

Re: Mozilla Firefox Probleme

[didier gaumet]

Je me demande dans quelle mesure Mozilla n'aurait pas, au fil du temps,
implanté une gestion minimale des conflits de versions, vu que l'emploi
de Firefox par une bonne partie des utilisateurs doit reposer sur une
connexion à un compte Mozilla et des synchronisations entre différents
appareils (ordinateurs et smartphones principalement), ce qui provoque
probablement des situations conflictuelles (il faudrait qu'au niveau
mondial, les mises à jour firefox soient disponibles et appliquées au
même moment sur toutes les plateformes de l'utilisateur)

Re: Off topic: Carbon. Was: Off topic: remaja (teens)

[Elmo]

On Sun, 23 Jun 2019, deloptes wrote:


Elmo wrote:


and you can say, "take me to the train-station" as peremptorily in
English as in German.

part of the error in the quotation is the implication that Germans are
curt because they need fewer words to say things.

first, "take me to the train-station (please)." has pretty much the
same number of words.


I don't know about this, but presuming imperative as a command and not as a
request is too much for me and on top of this saying "You know what
happens ..." . This is also the 3rd German with repetitive behavior
pattern.


every sane person I know has repetitive behavior patterns.

I suspect the food and/or water and/or education quality in Germany, 
but do not have scientific facts :). The fact is they voted 4 times 
for crook Merkel, which speaks for it self but I do not know of 
course who Thomas Schmitt voted for :) (or the other two 
individuals)


Anyway it was not meant to be a command but a request to stop this CO2 BS.


I think it may be possible you don't know how *you* sound to some. 
this sort of thing happens a lot.


ok, danke for listening!

fjd

Re: Off topic: Carbon. Was: Off topic: remaja (teens)

[deloptes]

Elmo wrote:

> and you can say, "take me to the train-station" as peremptorily in
> English as in German.
> 
> part of the error in the quotation is the implication that Germans are
> curt because they need fewer words to say things.
> 
> first, "take me to the train-station (please)." has pretty much the
> same number of words.

I don't know about this, but presuming imperative as a command and not as a
request is too much for me and on top of this saying "You know what
happens ..." . This is also the 3rd German with repetitive behavior
pattern. I suspect the food and/or water and/or education quality in
Germany, but do not have scientific facts :). The fact is they voted 4
times for crook Merkel, which speaks for it self but I do not know of
course who Thomas Schmitt voted for :) (or the other two individuals)

Anyway it was not meant to be a command but a request to stop this CO2 BS.

regards

Re: System on a chip - performance relative size and setup (how can the (Debian) setup make a difference?)

[Jonas Smedegaard]

Quoting Erik Josefsson (2019-06-23 07:42:24)
> Hi Andy, thanks for taking time and for your advise!
> 
> On 6/22/19 10:22 PM, Andy Smith wrote:
> > Hi Erik,
> >
> > On Fri, Jun 21, 2019 at 03:02:46PM +0200, Erik Josefsson wrote:
> >> Maybe flashbench cannot tell me anything about that anyway?
> >>
> >> Are there other tools?
> > I'm not familiar with flashbench. I like fio. It's available in
> > Debian.
> >
> > I like to do the following tests. Example fio command line follows
> > for each.

[ details snipped]

> Teres-I has one MicroSD slot, one HDMI and two USB ports.
> 
> Is it meaningful to test the SD cards with an USB-adapter? (the MicroSD 
> slot would be occupied by the SD card the machine is running from/on)

Testing SD cards on a different controller may help understand 
_potential_ features of cards, but not _actual_ reachable potentials.

If you prefer an analogy: Reading in a magazine that some Formel-1 
driver can cut a corner while driving 60km/h in same model car as yours 
does not mean that you can expect to cut that same corner at that speed: 
Depends not only on the vehicle (disk device) but also on the driver!


> > Of those figures, I consider the random ones more important in most 
> > configurations. i.e. if I had to choose between a device that 
> > supported a bit higher sequential read/write but much lower random 
> > read/write, I'd rather have the random read/write, because that 
> > tends to have more impact on interactive usage than sequential.
> 
> Yes, going back and forth between Thunderbird and Firefox while 
> copying text snippets from one app to the other sometimes ends in a 
> mouse pointer freeze.
> 
> That's basically what I do most of the time...

Biggest speed gain (on a limited computer like Teres-I) is likely had 
with changing to less ressource hungry tools.

Instead of Firefox try GNOME Web (apt install epiphany-browser).  It 
uses the rendering engine "Webkit" so is likely to handle most websites. 
For an radically lighter browser rendering fewer real-world websites 
properly and with an arguably less friendly user interface, try Surf.

A lighter alternative with ok UI and somewhat decent rendering engine is 
Netsurf, but unfortunately that one won't make it into Debian Buster.

Instead of Thunderbird try Balsa or Claws Mail.


> > SD cards tend to have poor random IO speed so I would never use one
> > for general purpose computing if I could use an HDD or SSD instead.
> 
> 
> If random IO speed most likely is the real bottle neck, do you know of 
> any particular brand/label/kind/category of MicroSD card that is 
> significantly better than others in that regard?

https://github.com/ThomasKaiser/Knowledge/blob/master/articles/A1_and_A2_rated_SD_cards.md

(this is perhaps 5th time I share that link with you; 2nd on this list)


> Not sure if chasing some microseconds of better performance will make 
> a difference, but if it is anything like parking with a heavy truck 
> with heavy trailer in a small parking lot with other cars, then I 
> guess a microsecond extra is just as important as an extra centimeter 
> :-)
> 
> 
> >
> > To give you some idea of what decent SSDs manage:
> >
> >  
> > http://strugglers.net/~andy/blog/2019/05/29/linux-raid-10-may-not-always-be-the-best-performer-but-i-dont-know-why/
> >
> 
> I don't think I can make Teres-I boot from an external SSD.

Through the USB2 interface you can.  Won't reach the full potentials of 
SSD (see Formel-1 analogy above) but may still beat SD-cards.

You cannot _boot_ via USB2 interface but you can store your data there 
which helps some scenarios (e.g. possibly helps Firefox hanging, as that 
might be due to its working on cache data below your $HOME.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: IPv4 v IPv6

[Gene Heskett]

On Saturday 22 June 2019 22:49:36 John Hasler wrote:

> Gene writes:
> > Well, I'd expect there is a registration fee...
>
> From https://www.arin.net/resources/fees/fee_schedule/
>
>  Internet Service Providers (ISPs)
>
>  Internet Service Providers (ISPs) are allocated IP addresses for
>  distribution to the users of their Internet services. The fee
>  schedule continues to encourage IPv6 adoption by providing
> approved IPv6 requests up to the organization’s existing IPv4 service
> category at no additional charge.
>
> Thus an ISP that starts offering IPv6 incurs no additional fees.
>
> > ...particularly since it may take a whole cluster of servers to
> > cover locally, the whole ipv6 address space.
>
> I don't know what you mean by that. The number of servers does not
> depend on the size of the address space.

That doesn't compute John, unless a 30+ second dns lookup time would be 
tolerable.  That would have customers carrying pitchforks storming the 
offices.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page